Session 4:

Today, Agenda:
1-Transport Layer
2-Network Address Translation (NAT)
3-Port Address Translation (PAT)
4-Network Socket

Transport Layer
Role of the Transport Layer:
The transport layer is:
• responsible for logical communications between applications running on different hosts.
• The link between the application layer and the lower layers that are responsible for network transmission.
Transport Layer Responsibilities
The transport layer has the following responsibilities:
• Tracking individual conversations
• Segmenting data and reassembling segments
• Adds header information
• Identify, separate, and manage multiple conversations
• Uses segmentation and multiplexing to enable different communication conversations to be interleaved on the same
network
Transport Layer Protocols
• IP does not specify how the delivery or transportation of the packets takes place.
• Transport layer protocols specify how to transfer messages between hosts and are responsible for managing
reliability requirements of a conversation.
• The transport layer includes the TCP and UDP protocols.
Transmission Control Protocol
TCP provides reliability and flow control. TCP basic operations:
• Number and track data segments transmitted to a specific host from a specific application.
• Acknowledge received data.
• Retransmit any unacknowledged data after a certain amount of time.
• Sequence data that might arrive in the wrong order.
• Send data at an efficient rate that is acceptable to the receiver.
User Datagram Protocol (UDP)
UDP provides the basic functions for delivering datagrams between the appropriate applications, with very little overhead
and data checking.
• UDP is a connectionless protocol.
• UDP is known as a best-effort delivery protocol because there is no acknowledgment that the data is received at the
destination.
The Right Transport Layer Protocol for the Right Application
UDP is also used by request-and-reply applications where the data is minimal, and retransmission can be done quickly.
If it is important that all the data arrives and that it can be processed in its proper sequence, TCP is used as the transport
protocol.
TCP Overview
TCP Features
• Establishes a Session - TCP is a connection-oriented protocol that negotiates and establishes a permanent
connection (or session) between source and destination devices prior to forwarding any traffic.
• Ensures Reliable Delivery - For many reasons, it is possible for a segment to become corrupted or lost completely, as
it is transmitted over the network. TCP ensures that each segment that is sent by the source arrives at the
destination.
• Provides Same-Order Delivery - Because networks may provide multiple routes that can have different transmission
rates, data can arrive in the wrong order.
• Supports Flow Control - Network hosts have limited resources (i.e., memory and processing power). When TCP is
aware that these resources are overtaxed, it can request that the sending application reduce the rate of data flow.

TCP Header
TCP is a stateful protocol which means it keeps track of the state of the communication session.
TCP records which information it has sent, and which information has been acknowledged.
TCP Header Fields
Applications that use TCP
TCP handles all tasks associated with dividing the data stream into segments, providing reliability, controlling data flow, and
reordering segments.
UDP Overview
UDP Features
UDP features include the following:
• Data is reconstructed in the order that it is received.
• Any segments that are lost are not resent.
• There is no session establishment.
• The sending is not informed about resource availability.

UDP Header
The UDP header is far simpler than the TCP header because it only has four fields and requires 8 bytes (i.e. 64 bits).
UDP Header Fields
The table identifies and describes the four fields in a UDP header.

Applications that use UDP

• Live video and multimedia applications – These applications can tolerate some data loss but require little or no
delay. Examples include VoIP and live-streaming video.
• Simple request and reply to applications - Applications with simple transactions where a host sends a request and
may or may not receive a reply. Examples include DNS and DHCP.
• Applications that handle reliability themselves -Unidirectional communications where flow control, error detection,
acknowledgments, and error recovery are not required or can be handled by the application. Examples include
SNMP and TFTP.
Port Numbers
Multiple Separate Communications
TCP and UDP transport layer protocols use port numbers to manage multiple, simultaneous conversations.
The source port number is associated with the originating application on the local host whereas the destination port
number is associated with the destination application on the remote host.
Port Number Groups
Port Number Groups
TCP Communication Process
TCP Server Processes
• Each application process running on a server is configured to use a port number.
• An individual server cannot have two services assigned to the same port number within the same transport layer
services.
• An active server application assigned to a specific port is considered open, which means that the transport layer
accepts, and processes segments addressed to that port.
• Any incoming client request addressed to the correct socket is accepted, and the data is passed to the server
application.
TCP Three-Way Handshake
The process of communication between devices over the internet happens according to the current TCP/IP suite
model(stripped-out version of OSI reference model). The Application layer is a top pile of a stack of TCP/IP models from
where network-referenced applications like web browsers on the client side establish a connection with the server. From
the application layer, the information is transferred to the transport layer where our topic comes into the picture. The two
important protocols of this layer are – TCP, and UDP(User Datagram Protocol) out of which TCP is prevalent(since it
provides reliability for the connection established). However, you can find an application of UDP in querying the DNS server
to get the binary equivalent of the Domain Name used for the website.
TCP provides reliable communication with something called Positive Acknowledgement with Re-transmission
(PAR). The Protocol Data Unit (PDU) of the transport layer is called a segment. Now a device using PAR resends the
data unit until it receives an acknowledgement. If the data unit received at the receiver’s end is damaged (It checks the
data with the checksum functionality of the transport layer that is used for Error Detection), the receiver discards the
segment. So the sender has to resend the data unit for which positive acknowledgement is not received. You can
realize from the above mechanism that three segments are exchanged between the sender(client) and
receiver(server) for a reliable TCP connection to be established. Let us delve into how this mechanism works:
• Step 1 (SYN): In the first step, the client wants to establish a connection with a server, so it sends a segment with SYN
(Synchronize Sequence Number) which informs the server that the client is likely to start communication and with what
sequence number it starts segments with
• Step 2 (SYN + ACK): Server responds to the client request with SYN-ACK signal bits set. Acknowledgement (ACK)
signifies the response of the segment it received and SYN signifies with what sequence number it is likely to start the
segments with
• Step 3 (ACK): In the final part client acknowledges the response of the server and they both establish a reliable
connection with which they will start the actual data transfer.

Session Termination
• Step 1: When the client has no more data to send in the stream, it sends a segment with the FIN flag set.
• Step 2: The server sends an ACK to acknowledge the receipt of the FIN to terminate the session from client to server.
• Step 3: The server sends a FIN to the client to terminate the server-to-client session. Step 4: The client responds with an
ACK to acknowledge the FIN from the server.

TCP Flags
The six control bit flags are as follows:
• URG - Urgent pointer field significant.
• ACK - Acknowledgment flag used in connection establishment and session termination.
• PSH - Push function.
• RST - Reset the connection when an error or timeout occurs.
• SYN - Synchronize sequence numbers used in connection establishment.
• FIN - No more data from the sender and used in session termination.
Reliability and Flow Control
TCP Reliability- Guaranteed and Ordered Delivery
• TCP can also help maintain the flow of packets so that devices do not become overloaded.
• There may be times when TCP segments do not arrive at their destination or arrive out of order.
• All the data must be received and the data in these segments must be reassembled into the original order.
• Sequence numbers are assigned in the header of each packet to achieve this goal.
TCP Reliability – Data Loss and Retransmission
No matter how well-designed a network is, data loss occasionally occurs. TCP provides methods of managing these
segment losses. Among these is a mechanism to retransmit segments for unacknowledged data.
Host operating systems today typically employ an optional TCP feature called selective acknowledgment (SACK),
negotiated during the three-way handshake. If both hosts support SACK, the receiver can explicitly acknowledge which
segments (bytes) were received including any discontinuous segments.
TCP Flow Control – Window Size and Acknowledgments

TCP also provides mechanisms for flow control as follows:

• Flow control is the amount of data that the destination can receive and process reliably.
• Flow control helps maintain the reliability of TCP transmission by adjusting the rate of data flow between source and
destination for a given session.
TCP Flow Control – Maximum Segment Size

Maximum Segment Size (MSS) is the maximum amount of data that the destination device can receive.
• A common MSS is 1,460 bytes when using IPv4.
• A host determines the value of its MSS field by subtracting the IP and TCP headers from the Ethernet maximum
transmission unit (MTU), which is 1500 bytes be default.
• 1500 minus 40 (20 bytes for the IPv4 header and 20 bytes for the TCP header) leaves 1460 bytes.
TCP Flow Control – Congestion Avoidance
When congestion occurs on a network, it results in packets being discarded by the overloaded router.
To avoid and control congestion, TCP employs several congestion handling mechanisms, timers, and algorithms.
UDP Communication

UDP Low Overhead versus Reliability

UDP does not establish a connection. UDP provides low-overhead data transport because it has a small datagram header
and no network management traffic.
UDP Datagram Reassembly
• UDP does not track sequence numbers the way TCP does.
• UDP has no way to reorder the datagrams into their transmission order.
• UDP simply reassembles the data in the order that it was received and forwards it to the application.
UDP Server Processes and Requests
UDP-based server applications are assigned well-known or registered port numbers.
UDP receives a datagram destined for one of these ports, it forwards the application data to the appropriate application-
based on its port number.
UDP Client Processes
The UDP client process dynamically selects a port number from the range of port numbers and uses this as the source port
for the conversation.
• The destination port is usually the well-known or registered port number assigned to the server process.
• After a client has selected the source and destination ports, the same pair of ports are used in the header of all
datagrams in the transaction.
Network socket
A network socket is a software structure within a network node of a computer network that serves as an endpoint for
sending and receiving data across the network. The structure and properties of a socket are defined by an application
programming interface (API) for the networking architecture. Sockets are created only during the lifetime of a process of
an application running in the node.

Because of the standardization of the TCP/IP protocols in the development of the Internet, the term network socket is
most commonly used in the context of the Internet protocol suite, and is therefore often also referred to as Internet
socket. In this context, a socket is externally identified to other hosts by its socket address, which is the triad of transport
protocol, IP address, and port number.

The term socket is also used for the software endpoint of node-internal inter-process communication (IPC), which often
uses the same API as a network socket.
Socket Pairs
The source and destination ports are placed within the segment.
• The segments are then encapsulated within an IP packet.
• The combination of the source IP address and source port number, or the destination IP address and destination
port number is known as a socket.
• Sockets enable multiple processes, running on a client, to distinguish themselves from each other, and multiple
connections to a server process to be distinguished from each other.
Uses of Socket
The use of the term socket in software is analogous to the function of an electrical female connector, a device in hardware
for communication between nodes interconnected with an electrical cable. Similarly, the term port is used for external
physical endpoints at a node or device.

The application programming interface (API) for the network protocol stack creates a handle for each socket created by an
application, commonly referred to as a socket descriptor. In Unix-like operating systems, this descriptor is a type of file
descriptor. It is stored by the application process for use with every read and write operation on the communication
channel.

At the time of creation with the API, a network socket is bound to the combination of a type of network protocol to be
used for transmissions, a network address of the host, and a port number. Ports are numbered resources that represent
another type of software structure of the node. They are used as service types, and, once created by a process, serve as an
externally (from the network) addressable location component, so that other hosts may establish connections.

Network sockets may be dedicated for persistent connections for communication between two nodes, or they may
participate in connectionless and multicast communications.
NOTE: In practice, due to the proliferation of the TCP/IP protocols in use on the Internet, the term network socket usually
refers to use with the Internet Protocol (IP). It is therefore often also called an Internet socket.
Socket addresses
An application can communicate with a remote process by exchanging data with TCP/IP by knowing the combination of
protocol type, IP address, and port number. This combination is often known as a socket address. It is the network-facing
access handle to the network socket. The remote process establishes a network socket in its own instance of the protocol
stack and uses the networking API to connect to the application, presenting its own socket address for use by the
application.

Network Address Translation

Network address translation (NAT) is a method of mapping an IP address space into another by modifying network
address information in the IP header of packets while they are in transit across a traffic routing device. The technique was
originally used to bypass the need to assign a new address to every host when a network was moved, or when the
upstream Internet service provider was replaced, but could not route the network's address space. It has become a
popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable
IP address of a NAT gateway can be used for an entire private network.

One-to-many
across 4 hosts. Each host had a unique address for online communication.
The majority of network address translators map multiple private hosts to one publicly exposed IP address.

Here is a typical configuration:

1. A local network uses one of the designated private IP address subnets (RFC 1918 is an IP address that is assigned by
an enterprise organization to an internal host).
2. The network has a router having both a private and a public address. The private address is used by the router for
communicating with other devices in the private local network. The public address (typically assigned by an
Internet service provider) is used by the router for communicating with the rest of the Internet.
3. As traffic passes from the network to the Internet, the router translates the source address in each packet from a
private address to the router's own public address. The router tracks basic data about each active connection
(particularly the destination address and port). When the router receives inbound traffic from the Internet, it uses
the connection tracking data it stored during the outbound phase to determine to which private address (if any) it
should forward the reply.
All IP packets have a source IP address and a destination IP address. Typically, packets passing from the private network to
the public network will have their source address modified, while packets passing from the public network back to the
private network will have their destination address modified. Further modifications to the packets are required to avoid
ambiguity in how replies are translated. The vast bulk of Internet traffic uses Transmission Control Protocol (TCP) or User
Datagram Protocol (UDP). For these protocols, the port numbers are changed so that the combination of IP address
(within the IP header) and port number (within the Transport Layer header) on the returned packet can be unambiguously
mapped to the corresponding private network destination. RFC 2663(refers to this type of NAT as basic NAT, also called a
one-to-one NAT. In this type of NAT, only the IP addresses, IP header checksum, and any higher-level checksums that
include the IP address are changed.) uses the term network address and port translation (NAPT) for this type of NAT.
NOTE: Other names include port address translation (PAT), IP masquerading, NAT overload, and many-to-one NAT. This is
the most common type of NAT and has become synonymous with the term "NAT" in common usage.

Type of NAT and NAT traversal, role of port preservation for TCP
The NAT traversal problem arises when peers behind different NATs try to communicate. One way to solve this problem is
to use port forwarding. Another way is to use various NAT traversal techniques. The most popular technique for TCP NAT
traversal is TCP hole punching.

TCP hole punching requires the NAT to follow the port preservation design for TCP. For a given outgoing TCP
communication, the same port numbers are used on both sides of the NAT. NAT port preservation for outgoing TCP
connections is crucial for TCP NAT traversal because, under TCP, one port can only be used for one communication at a
time, so programs bind distinct TCP sockets to ephemeral ports for each TCP communication, rendering NAT port
prediction impossible for TCP.
On the other hand, for UDP, NATs do not need port preservation. Indeed, multiple UDP communications (each with a
distinct endpoint) can occur on the same source port, and applications usually reuse the same UDP socket to send packets
to distinct hosts. This makes port prediction straightforward, as it is the same source port for each packet.

Furthermore, port preservation in NAT for TCP allows P2P protocols to offer less complexity and less latency because there
is no need to use a third party (like STUN) to discover the NAT port since the application itself already knows the NAT port.

However, if two internal hosts attempt to communicate with the same external host using the same port number, the NAT
may attempt to use a different external IP address for the second connection or may need to forgo port preservation and
remap the port.

As of 2006, roughly 70% of the clients in P2P networks employed some form of NAT.

Implementation
Establishing two-way communication
Every TCP and UDP packet contains a source port number and a destination port number. Each of those packets is
encapsulated in an IP packet, whose IP header contains a source IP address and a destination IP address. The IP
address/protocol/port number triple defines an association with a network socket.
For publicly accessible services such as web and mail servers, the port number is important. For example, port 80
connects through a socket to the web server software and port 25 to a mail server's SMTP daemon. The IP address of a
public server is also important, similar in global uniqueness to a postal address or telephone number. Both IP address and
port number must be correctly known by all hosts wishing to successfully communicate.
Private IP addresses as described in RFC 1918 are usable only on private networks not directly connected to the internet.
Ports are endpoints of communication unique to that host, so a connection through the NAT device is maintained by the
combined mapping of port and IP address. A private address on the inside of the NAT is mapped to an external public
address. Port address translation (PAT) resolves conflicts that arise when multiple hosts happen to use the same source
port number to establish different external connections at the same time.

Fragmentation and checksums

Pure NAT, operating on IP alone, may or may not correctly parse protocols with payloads containing information about IP,
such as ICMP. This depends on whether the payload is interpreted by a host on the inside or outside of the translation.
Basic protocols such as TCP and UDP cannot function properly unless NAT takes action beyond the network layer.

IP packets have a checksum in each packet header, which provides error detection only for the header. IP datagrams may
become fragmented, and it is necessary for a NAT to reassemble these fragments to allow correct recalculation of higher-
level checksums and correct tracking of which packets belong to which connection.

TCP and UDP, have a checksum that covers all the data they carry, as well as the TCP or UDP header, plus a pseudo-header
that contains the source and destination IP addresses of the packet carrying the TCP or UDP header. For an originating NAT
to pass TCP or UDP successfully, it must recompute the TCP or UDP header checksum based on the translated IP addresses,
not the original ones, and put that checksum into the TCP or UDP header of the first packet of the fragmented set of
packets.
Alternatively, the originating host may perform path MTU (Maximum Transmission Unit) Discovery to determine the
packet size that can be transmitted without fragmentation and then set the don't fragment (DF) bit in the appropriate
packet header field. This is only a one-way solution because the responding host can send packets of any size, which may
be fragmented before reaching the NAT.

Dynamic network address translation

Dynamic NAT, just like static NAT, is not common in smaller networks but is found within larger corporations with complex
networks. Where static NAT provides a one-to-one internal to public static IP address mapping, dynamic NAT uses a group
of public IP addresses.
Static NAT
Static NAT maps network traffic from a static external IP address to an internal IP address or network. It creates a static
translation of real addresses to mapped addresses. Static NAT provides internet connectivity to networking devices
through a private LAN with an unregistered private IP address.

Understanding Static NAT

Static NAT defines a one-to-one mapping from one IP subnet to another IP subnet. The mapping includes destination IP
address translation in one direction and source IP address translation in the reverse direction. From the NAT device, the
original destination address is the virtual host IP address while the mapped-to address is the real host IP address.

Static NAT allows connections to originate from either side of the network, but translation is limited to one-to-one or
between blocks of addresses of the same size. For each private address, a public address must be allocated. No address
pools are necessary.

Static NAT also supports the following types of translation:

• To map multiple IP addresses and specified ranges of ports to the same IP address and different ranges of ports
• To map a specific IP address and port to a different IP address and port
The port address translation (PAT) is also supported by giving static mapping between the destination port (range) and the
mapped port (range).
NOTE: The original destination address, along with other addresses in source and destination NAT pools, must not overlap
within the same routing instance.

NAT in IPv6
Network address translation is not commonly used in IPv6 because one of the design goals of IPv6 is to restore end-to-end
network connectivity. The large addressing space of IPv6 obviates the need to conserve addresses and every device can be
given a unique globally routable address. Use of unique local addresses in combination with network prefix translation can
achieve results similar to NAT.

The large addressing space of IPv6 can still be defeated depending on the actual prefix length given by the carrier. It is not
uncommon to be handed a /64 prefix – the smallest recommended subnet – for an entire home network, requiring a
variety of techniques to be used to manually subdivide the range for all devices to remain reachable. Even actual IPv6-to-
IPv6 NAT, NAT66, can turn out useful at times: the APNIC blog outlines a case where the author was only provided a single
address (/128).

Port Address Translation (PAT)

What is port address translation (PAT)?
Port address translation (PAT) is a type of network address translation (NAT) that maps a network's private internal IPv4
addresses to a single public IP address. NAT is a process that routers use to translate internal, nonregistered IP addresses to
external, registered IP addresses. PAT differs from other forms of NAT because it uses port numbers when mapping private
IP addresses to a public IP address, which is the address seen by external systems.
PAT was introduced to conserve IPv4 addresses until a more permanent solution could be implemented. This solution
eventually came in the form of IPv6. However, IPv4 is still used extensively in network communications, so PAT continues to
be relevant. PAT also helps to provide better security on the local network by hiding the internal IP addresses from public
view.

How does port address translation work?

Like other types of NAT deployments, PAT is implemented by positioning a PAT-enabled router between the inside and
outside network, as shown in the following figure. The inside network is the internal network, such as an organization's
local area network or an individual's home network. Everything else is considered the outside network. For example, when
you view a webpage on your computer, you are connecting from your inside network to the outside network where the
web server resides.
Explain the Figure above:
Each device connected to the inside network receives a private IPv4 address, which is referred to as the inside local
address. In the figure above, three computers have been assigned inside local addresses: 10.0.1.2, 10.0.1.3 and 10.0.1.4.
The addresses are used for communications on the inside network, whether between the computers themselves or
between the computers and the router.
The router is configured with an inside local IP address, 10.0.1.1, and an inside global address, 192.168.35.4. The global
address is what the outside network sees when communicating with devices on the inside network. The figure also shows
an outside global address, 34.120.117.196, which is the public-facing address used to connect to a server on the outer
network.

For example
The first inside computer in the figure above is assigned an inside local address of 10.0.1.2. The computer has two opened
connections, which are assigned ports 1487 and 1488. As a result, communications to that computer are through the
inside global address 192.168.35.4:1487 or 192.168.35.4:1487. In some cases, the router will assign different port numbers
to an inside local address and its associated inside global address, as in the table's final entry, but this too can be easily
accommodated.
Note: This process is repeated for each device on the inside network, whether a laptop, tablet, smartphone, or other type
of smart device. In this way, all devices on the inside network can share the same public IP address even if they access the
internet at the same time. The router knows exactly which device to send specific packets to because of the unique port
number that has been assigned to each connection.