next up previous
Next: Chapter 2 Up: Notes on ``TCP/IP Illustrated'' Previous: Preface

Chapter 1

Figs. 1.1/1.2
These figures display the traditional TCP/IP 4-layer model. In the international standards world it is also common to meet the ISO2 7-layer model. The diagram below shows how the two are related, and gives, analogously to Figure 1.2, an example of each layer in the 7-layer model.

Example ISO layer ISO name TCP/IP name NFS

We will come back to this example in the conclusions, but for the moment let us say that

  1. The physical layer describes what passes electrically down the cables, and any physical requirements on plugs/sockets/cables. As we will see, this can differ in different implementations of the Ethernet suite: 10base5 versus 10base2 versus 10baseT etc. The TCP/IP model wraps this in with the next layer. This can matter because the physical layer (wires and hubs) has length limits (500m for 10baseT, 205m for 100baseT), whereas the link layer (switches) in theory does not.
  2. The link layer specifies the digital interface: which bits in the Ethernet frame mean what. The link layer can be of varying complexity, from a modem link to a large ATM3network, as we will see in chapter 2.
  3. Much the same in the two models.
  4. Much the same in the two models. Despite the name, TCP/IP supports two major transport protocols, TCP4 and UDP5, as well as many more specialised ones. The existence of two major transport protocols is really a matter of ``horses for courses'', as we will see in the conclusions.
  5. In the various functions that the TCP/IP model lumps under ``Application'', one concerns the connection of one application and function, typically from client to server. In the example above, this is performed by RPC6 (see also section 29.2), which connects, say, a ``read'' request on the client to the procedure to perform this on the server. Since UDP is unreliable, RPC has to build in a re-transmission/time-out system at this level, equivalent to the one that TCP provides at level 4.
  6. TCP/IP, and other networking systems, concern themselves with the transmission of bytes (known as `octets' in RFC terminology), and not with the interpretation of these octets. Since there are several representations of integers (``big-endian'' versus ``little-endian''; sign-and-magnitude versus two's-complement versus unsigned), floating-point numbers (IEEE, VAX and IBM) etc., conveying information in these formats between heterogeneous hosts requires a neutral standard. XDR7 (see also section 29.3) is one such. ANS.1/BER8, as used in SNMP (see pages 386-7), is another one, as is MIME (section 28.4 and III chapter 13). This point is taken up in the conclusion to these notes.
  7. NFS9 (see also chapter 29, especially 29.5) provides for one (client) computer to read/write files, and generally access a UNIX-like model of a filing system, on a remote file server. It uses XDR to transmit 32-bit integers (length of files; modification times etc.), and RPC to indicate which action (read, write, delete etc.) should be performed.
Of course, these diagrams and the associated notes were written from the point of view of a TCP/IP implementor, who would view ATM as one possible level-2 medium10. An ATM engineer would view various parts of ATM as providing ISO levels 1-4 (in particular, ATM itself proving layer 3, and the ATM Adaptation Layer providing level 4), and TCP and IP together as providing level 5: the connection between one TCP/IP application session and another.
Fig. 1.3
This figure shows a router as a box which can take in IP packets and forward them appropriately. There can be similar functionality at other levels.
Hubs
These are at the Ethernet physical level, and forward packets between two Ethernet segments of the same technology.
Bridges
These are often seen with Ethernet, and from the point of view of higher layers, operate at the Link level. They connect two (or more) different Ethernets, and pass Ethernet frames from one net to another as necessary to ensure than any two hosts on the bridged set of Ethernets can communicate as if they were on the same Ethernet. Bridges can be used to connect two Ethernets of the same technology to extend length limitations (e.g. 500m to 1500m for ``thick'' Ethernet), or to bridge networks of different technology, e.g. a ``thick'' backbone with various ``thin'' spurs, or, quite common these days, a 1Gb Ethernet with 10Mb or 100Mb spurs.
Switches
These, sometimes also called bridge/routers, operate with Ethernet at level 2. They will re-broadcast packets from one net to another if required, either if programmed, of if they have learnt that the destination is on another segment (so-called ``learning bridges''). The hubs required for twisted pair Ethernet fall into the same category.

ATM switches fall into the same category as far as IP is concerned, though not from the ATM point of view.

However, it is worth noting that some devices break this layering, e.g. the CISCO 2950:

The 2950 is a multilayer switch, it supports layers 2-4 for some services. It can do filtering based on source/destination IP address or port. It also supports QOS based on port number.

It can not do forwarding based on IP address therefore it is not considered a router (layer 3 switch).

The difference is that a layer 3 device normally can also do other functions (NAT) and can do intelligent forwarding base on the IP address. The 2950 can filter at layer 3 and 4, but forwards are based on the MAC addresses only.
Routers
These, as we have seen, operate at ISO level 3. The higher layers do not see them, and from the point of view of level 2, they are just more nodes.
Firewalls
These are generally routers (though they may also be switches or even bridges) which may decide not to forward certain IP packets (or Ethernet datagrams if they are level 1/2 objects) because they are in breach of some security policy. Though they essentially operate at one ISO level (normally 3), they may look at level 4 (or higher) information to decide whether the packet should, or should not, be routed. For a good description of firewalls and their rôles, see [4].
Application gateways
These operate at ISO levels 5-7. The classic example today is that of a web cache, which reads the full application-layer request, and either satisfies the request itself, or sends the query on to another machine, collects the response, possibly caches it, and then responds to the original requester. Mail relays (Figure 28.3) are another example.
RFC 3234 provides a taxonomy of these and many other ``middleboxes'' -- a growing phenomenon on the Internet. RFCs 3303 and 3304 address the architecture of middleboxes. One kind in particular are Network Address Translators -- see RFC 2663 and Appendix B. RFC 3234 says that the growth of this phenomenon is a matter on concern for several reasons.
p. 6
It is important to note that while layering, as described in figure 1.4, is critical to the description of protocols and protocol families, it is not necessary for implementation, and indeed may be harmful to a high-performance implementation. The reason for this can be seen in figure 1.7, describing the additions to a piece of data as it passes down the protocol stack. If the implementation is strictly layered, then the user data has to be copied three times in the process: a truly efficient implementation can generally get by with one copy (in UNIX terms, this should also be the copy from user to kernel space). See [5] or the seminal RFC 817 for an explanation. In a special-purpose router (e.g. Cisco, 3Com), it is normal to arrange that most packet data is never copied, at least for straight-forward cases.

Another example of the violation of layering for performance, in this case overhead minimisation, is given in the discussion on header compression (see the notes to page 31). Firewalls also tend to violate layering, as do some routers (see these notes on Stevens p. 244). Network Address Translators (Appendix B and RFC 2663) also violate layering.

Fig. 1.6
While this shows the ranges of numbers available, there is more that could be said.

Class Networks Hosts/Network Total Hosts A

(The reason for the $-2$ is that networks and hosts of all 0s or all 1s (in binary) are special -- see p. 45.) Thus, although more than half the host numbers are on Class A networks, over 99% of networks are Class C networks. This point is discussed further under CIDR (p. 140).

p. 8
Since a router is merely a specialised host, it also follows that the router in figure 1.3 will have two IP addresses: one for the Ethernet and one for the token ring.
p. 8
Things have moved on in the IP network number allocation business since Stevens wrote this book. IP networks in Europe are allocated by RIPE11and in the Asian-Pacific region by AP-NIC from blocks originally sub-allocated to them by the InterNIC. Allocations in the Americas are made by ARIN. See www.{arin,ripe,apnic}.net. This allocation method has the additional advantage that networks in a whole range will have a single trans-atlantic route, in general -- see the discussion later on CIDR (p. 140). The allocation process is described in RFC 2050. See also http://www.iana.org/assignments/ipv4-address-space.
p. 8
Some IP addresses are reserved for private internets (see RFC 1918): From the point of view of CIDR (see page 140), these can be regarded as1410/8 (network 10, with 8 bits of network ID and 24 bits of subnet/host information), 172.16/12 and 192.168/16.

The use of private internets and their connection to the public Internet via various interfaces has changed the interpretation of IP addresses -- see RFC 2101 for an analysis.

p. 12
One half-way house which is used by some Web servers is to create some fixed (but probably configurable) number of threads, and then place new incoming requests on the queue of one thread. This avoids the cost of creating a new process/thread for each request, and limits the maximum load on the system's resources. This is particularly relevant when, as in the case of the Web, the requests are fairly short, but too short to block for.

Conversely, the inetd solution, common in UNIX, is to have one concurrent server handling many types of requests, forking not a copy of itself, but the appropriate program, e.g. a mail listener or an FTP server. This cuts down on the number of processes and the occupancy of memory by unused servers.

p. 14
Since the publication of this book, RFC 2119 has been published, which clarifies the meaning of words such as MUST in RFCs.
pp. 14-15
The latest version of the Assigned Numbers RFC is RFC 1700 (October 1994), but in fact it is now necessary to go to the various files mentioned in it to get the latest status. For example, 5 new IP options and 4 new ICMP types have been added since RFC1700 was published. RFC 3232 describes this database.

RFC 3233 provides an up-to-date definition of the IETF. See also RFCs 2026, 2028 and 2727.

p. 15
The Internet Official Protocol Standards RFC is now RFC 3000 (November 2001).
p. 15
The revision of RFC 1009 appeared as RFC 1716, but was in turn obsoleted by RFC 1812 (itself updated by RFC 2644).
p. 16
Various terms are common to describe flavours of networks: Stevens correctly distinguishes any old internet from The Internet. Other common terms are given below.
intranet
There is no precise definition, but generally it consists of a variety of TCP/IP based services (Web, mailing lists, news groups etc.) running on an internet (generally connected to the Internet via a firewall and/or application gateways) belonging to some organisation, but these services are not visible outside the organisation. Very common in large companies. Such an intranet may well use the ``private'' IP addresses mentioned under page 8 above.
extranet
Confusingly, this word seems to have two different, almost contradictory, meanings.
extranet (1)
In opposition to intranet, to mean those Web pages etc. that the organisation does want to be visible outside. Often used as in ``webmaster'' to customer: ``Do you want this information just on the intranet, or on the extranet as well''?
extranet (2)
Like an intranet, except that the network no longer belongs to a single organisation, but rather to several co-operating institutions. The large car companies, in particular, often have these, which can incorporate the dealers at one end, and suppliers (often going several deep in the supply chain) at the other. Again, the key is that the information is private to the organisations belonging (but greater concern needs to be paid to internal issues of privacy etc.).
LAN
=Local Area Network. Originally meaning just a single network (e.g. an Ethernet), but now meaning a collection of inter-connected Ethernets etc. spread across a relatively small area, and under the control of one organisation. A typical example would be the Bath campus LAN: over 30 Ethernets of various kinds (10Mbps, 100Mbps; co-axial, UTP and optical fibre) connected by bridges, routers and an ATM backbone.
MAN
=Metropolitan Area Network. The original hyperbole was that there would be ``wired cities'', with an all-pervasive network, which was a utility like electricity or water. This has not happened (except in a few cases), but in the UK the term is heavily used within academia, as universities are being pushed into regional consortia. Bath is in the BWEMAN15. The term ``Metropolis'' is somewhat stretched: Glasgow and Aberdeen universities are both in the ``Scottish MAN''. These networks are (relatively) geographically compact, and are normally under the control of a small consortium.
WAN
=Wide Area Network. The UK's national academic network JANET is one example, and large company or government networks are others. The US military's MILNET covers about as wide an area as possible. The management of these, at least up to IP level 3, is often sub-contracted to a specialist company, e.g. SuperJANET 3 (the current incarnation of JANET) is contracted out to Cable & Wireless PLC, and the ``Fat Pipes''16 are contracted out to Teleglobe.
p. 19
Estimating the size of the Internet is even more difficult now than it was for Stevens. The number of allocated networks is unmeasurable without knowing the InterNIC's allocation policy (see notes for page 8). Estimating the number of machines is also harder, with the spread of dial-up services, free ISPs, and the fact that many such machines may be registered with several such ISPs. However, they are unlikely to have dedicated IP numbers: RFC 2050 strongly discourages this, and recommends DHCP or equivalent technology. An estimate published in the Financial Times was that, at the end of 1998, there were 90 million machines with Internet access.

The Internet has also been growing in diameter, i.e. the number of routers between two typical points. This has an effect on the ``Time-To-Live'' field -- see the discussion on page 36. However, in 1997-99, the diameter actually decreased, as lengthy IP-IP paths in networks such as JANET or other backbones were replaced by WANs, often by ATM-based WANs, which only count as one IP hop, irrespective of the number of ATM (Level 2 as far as IP is concerned) switches that are traversed. For example, UUNET, one of the geographically largest ISPs, is ATM-based, and always ``one hop'' as seen at level 3.

The growth in the Internet, the variety and number of machines (particularly routers) running it, and the widely-distributed nature of its management, all mean that evolution is slow. The Appendix to these notes gives an example of how this affected the University of Bath. The discussion on page 50 about a new generation of IP represents probably the biggest incompatible transition that the Internet will need to make, and the magnitude of that transition is worrying many people.

next up previous
Next: Chapter 2 Up: Notes on ``TCP/IP Illustrated'' Previous: Preface
James Davenport 2004-03-09