OSI 7 layer model. Basic networking. Everything you need to know - very high level. With an emphasis on TCP/IP

1. Basic Networking
Samuel Dratwa
Samuel.dratwa@gmail.com

2. What are we selling ?
customer satisfaction !
It’s all about
customer satisfaction

3. Agenda
 Introduction
 What is a network
 OSI 7 layer model
 The physical layer and the date link layer
 The network layer – IP
 The transport layer
 The application (and session and presentation layer)
 End to end – full stuck
 Advanced issues
 Security
 MPLS
 Signaling

4. Networking
 Communication between two or more devices.
 Parts required for Networking:
 Host
 Computer, networked printer, etc.
 Sends/receives data for network to card
 Card
 Every card on a network has to have a unique address
 Card breaks outgoing data into packets and addresses them
 Card receives packets addressed to it and re-assembles
packets to data
 Wire
 Transmits packets across network
 For this discussion includes all wires, radios and devices
between network cards (including hubs, switches, access
points, etc.)

5. 5 Basic Components
Every communication system has 5 basic requirements
•Data Source (where the data originates)
•Transmitter (device used to transmit data)
•Transmission Medium (cables or non cable)
•Receiver (device used to receive data)
•Destination (where the data will be placed)

6. NETWORKS: categorized by size
•LAN – a network that connects computers in a limited
geographical area.
•MAN – a backbone that connects LANs in a
metropolitan area such as a city and handles the bulk
of communications activity across that region.
•WAN – covers a large geographical area such as a
city or country. Communication channels include
telephone lines, Microwave, satellites, etc.
•PAN

7. What is a standard ?
 A standard specification is an explicit set of
requirements for an item, material, component, system or
service. It is often used to formalize the technical aspects
of a procurement agreement or contract.
 A technical standard is an
established norm or requirement about
technical systems. It is usually a formal document that
establishes uniform engineering or technical criteria,
methods, processes and practices. In contrast, a
custom, convention, company product, corporate standard,
etc. which becomes generally accepted and dominant is
often called a de facto standard.

8. Why do we need standards ?
Interoperability

9. Standards bodies
IMT-Advanced
802.X – LAN/WLAN

10. OSI 7 Layer Model
Application
 OSI - Open Systems
Interconnection (Basic Presentation
Reference Model)
 Each level is an independent Session
set of protocols
 Each level can be change Transport
seamlessly
Network
Data Link
Physical

11. 5 Layer model
Application
Presentation Application
Session
Transport Transport
Network Network
Data Link Data Link
Physical Physical

12. OSI Layers
OSI Model
Data unit Layer Function
7. Application Network process to application
Data representation, encryption and
Data 6. Presentation
decryption
5. Session Interhost communication
End-to-end connections and reliability,
Segments 4. Transport
Flow control
Path determination and logical
Packet 3. Network
addressing
Frame 2. Data Link Physical addressing
Bit 1. Physical Media, signal and binary transmission
Going from layer 7 to 1: All People Seem To Need Data Processing
12

13. The flow
Web server
Samuel
Browser Web Site
read(s1, dataBlock) send(s2, dataBlock)
Transport (TCP) Transport (TCP)
Router
1 2 3 4 5 1 2 3 4 5
Network (IP) Network (IP) Network (IP)
1 2 3 4 5 1 2 3 1 2 3 4 5
Link (WLAN) Link Link (WLAN)
1 2 3 4 5 1 2 3 1 2 3 4 5
Physical Physical Physical

14. 5 Layer model (TCP/IP)
 Application – Represent the
end user and the application he
Application
use (mail, browse, FTP, etc.)
 Transport - end-to-end
message transfer, along with
error control, fragmentation
and flow control.
 Network (AKA Internet) – Transport - TCP
responsible on getting packets
of data from source to Network - IP
destination.
 Link - processes of Link
transmitting receiving packets
on a given link layer

15. Layer1:
Physical Layer

16. Layer1: Physical Layer
 The Physical Layer defines the electrical and
physical specifications for devices. In particular,
it defines the relationship between a device
and a physical medium.
 This includes the layout of pin, voltages, cable
specification, hubs, repeaters, network
adapters, host bus adapters, and more.

17. Wire types
 Co-Ax
 Composed of:
 Core, insulation, shielding,
insulation
 10 Mb only
 10Base5 ―Thicknet‖
 500 meters
 10Base2 ―Thinnet‖
 200 meters
 Twisted Pair
 10/100/1000 Mb
 100 meters between devices
 CAT3, CAT5, CAT5e, CAT6, CAT6e

18. Wire Types (cont.)
 Fiber
 10/100/1000/10,000 Mb
 Multi-mode – Long Haul (20 km)
 Single-mode – ―Short Haul‖ (3 Km)
what we use
 Carries light, not electricity
 Wireless
 Speeds 11/7 Mb, 54/27Mb
 Because of encryption and connection
upkeep, available bandwidth is about
½ of stated speed
 Common ―mediums‖
 InfraRed (IR)
 Microwave, (long distances)
 Radio
 Licensed/private
 Un-licensed (802.11b/g/a)

19. Twisted Pair Cables
• Unshielded Twisted Pair Cable (UTP)
• most popular
• maximum length 100 m
• more susceptible to noise
• EIA/TIA 568 Commercial Building Wire Standard
Category 1 Voice transmission of traditional telephone
Category 2 For data up to 4 Mbps, 4 pairs full-duplex
Category 3 For data up to 10 Mbps, 4 pairs full-duplex
Category 4 For data up to 16 Mbps, 4 pairs full-duplex
Category 5 For data up to 100 Mbps, 4 pairs full-duplex
Category 6 For data up to 1000 Mbps, 4 pairs full-duplex
19

20. Shielded Twisted Pair Cable (STP)
• Shielding to reduce crosstalk
• Crosstalk: signal from one line getting mixed with signals from
another line
• Connector
• RJ-45 computer connector (8 wires)
Pin T568A T568B
1 Rx+ Tx+
2 Rx- Tx-
3 Tx+ Rx+
4 Unused Unused
5 Unused Unused
6 Tx- Rx-
7 Unused Unused
8 Unused Unused
20

21. Straight and Cross connections
Case 1
T568A T568B
Cross-over cable
Case 2 Case 3
Wall Cross-over cable
T568B plate
T568B Hub
Straight through cable
Straight through cable
21

22. Examples

23. Layer 2:
Data Link Layer

24. Layer 2: Data Link Layer
 The Data Link Layer provides the functional
and procedural means to transfer data
between network entities and to detect and
possibly correct errors that may occur in the
Physical Layer.
 Originally, this layer was intended for
point-to-point and point-to-multipoint media,
characteristic of wide area media in the
telephone system.
 The data link layer is divided into two
sub-layers by IEEE.
24

25. Layer 2: MAC & LLC
 Layer 2 sub-layers :
 Media Access Control (MAC)
 Logical Link Control (LLC).
 MAC is lower sub-layer, and it defines the way about the
media access transfer, such as CSMA/CD/CA(Carrier Sense
Multiple Access/Collision Detection/Collision Avoidance)
 LLC provides data transmission method in different
network. It will re-package date and add a new header.
25

26. The Channel Access Problem
 Multiple nodes share a channel
A B C
 Pairwise communication desired
 Simultaneous communication not possible
 MAC Protocols
 Suggests a scheme to schedule communication
 Maximize number of communications
 Ensure fairness among all transmitters
26

27. The Trivial Solution
A B C
collision
 Transmit and pray
 Plenty of collisions --> poor throughput at high load
27

28. The Simple Fix
Don’t
transmit
A B C
Can collisions still occur?
 Transmit and pray
 Plenty of collisions --> poor throughput at high load
 Listen before you talk
 Carrier sense multiple access (CSMA)
 Defer transmission when signal on channel
28

29. CSMA collisions
spatial layout of nodes
Collisions can still occur:
Propagation delay non-zero
between transmitters
When collision:
Entire packet transmission
time wasted
note:
Role of distance & propagation
delay in determining collision
probability
29

30. CSMA/CD (Collision Detection)
 Keep listening to channel
 While transmitting
 If (Transmitted_Signal != Sensed_Signal)
 Sender knows it’s a Collision
 ABORT
30

31. 2 Observations on CSMA/CD
 Transmitter can send/listen concurrently
 If (Transmitted - Sensed = null)? Then success
 The signal is identical at Tx and Rx
 Non-dispersive
The TRANSMITTER can detect if and
when collision occurs
31

32. Unfortunately …
Both observations do not hold for wireless
Because …
32

33. Wireless Medium Access Control
C D
A B
Signal
power
Distance
33

34. Wireless Media Disperse Energy
A cannot send and listen in parallel
C D
A B
Signal
power
Signal not same at different locations
Distance
34

35. IEEE 802.11
RTS = Request CTS = Clear
To Send To Send
M
Y
S RTS D
CTS
X
K
35

36. IEEE 802.11
silenced
M
Y
S silenced
Data D
ACK
X silenced
K
silenced
36

37. Ethernet Frame Format
Preamble Des. Add Sour. Add Type Data FCS
8 Bytes 6 Bytes 6 Bytes 2 46 - 1500 Bytes 4
Bytes Bytes
• Preamble: For synchronization
• Des. Add: Destination address
• Sour. Add: Source address
• FCS: Frame Check Sequence
37

38. Ethernet II (DIX) Framing
A frame is the unit of transmission in a link layer protocol, and consists of
a link-layer header followed by a packet.
MAC Addresses are 48-bit (6 byte) identifiers unique to each NIC.
EtherType (2 byte/16-bit) describes which protocol is encapsulated in the
frame data – IPv4, IPv6, IBoE, FCoE, etc.
(http://standards.ieee.org/regauth/ethertype/eth.txt)

39. There is a “small problem”
IEEE 802.3 Frame Format
Preamble Des. Add Sour. Add Length Data FCS
7 1 2/6 2/6 2 46 - 1500 Bytes 4
Bytes Byte Bytes Bytes Bytes Bytes

40. MAC Header, Source/Destination addresses
MAC Addresses are 48-bit (6 byte) identifiers unique to each Network Interface.
• Individual/Group Address Bit
• Universally/Locally administered address bit
• Organizationally unique identifier (OUI, a 22-bit field assigned by the IEEE)
(bits 3-24)
• NIC-specific unique address (OUA, a 24-bit number assigned by the
manufacturer)

41. NETWORK TOPOLOGIES (shape)

42. Bridge
Large networks can be separated into two or more smaller networks
using a bridge.
This is done to increase speed and efficiency. This type of network is
called a segmented LAN and has largely been superseded by the use of
switches which can transfer data straight to a computer and thus avoid
bottleneck jams which bridges were designed to fix.
Bridge

43. Gateway
Often used to connect a LAN with a WAN.
Gateways join two or more different networks together.
Gateway

44. Repeater
 Signal attenuation is corrected by repeaters that
amplify signals in physical cabling.
 Repeaters are part of the network medium (Layer 1).
 In theory, they are dumb devices functioning entirely
without human intervention. However, some
repeaters now offer higher-level services to assist
with network management and troubleshooting.
44

45. Layer 3:
Network Layer (IP)

46. Layer 3: Network Layer
 The Network Layer provides the functional
and procedural means of transferring variable
length data sequences from a source to a
destination via one or more networks, while
maintaining the quality of service requested
by the Transport Layer.
46

47. Layer 3: Network Layer
 The Network Layer performs
 network routing functions,
 perform fragmentation and reassembly,
 report delivery errors.
 Routers operate at this layer—sending
data throughout the extended network
and making the Internet possible.
47

48. IP V.4 Datagram

49. IP v.4 header
 Version (4 bits) – 6 or 4
 Hlen (4 bits) - Header length in 32 bit words, without
options (usual case) = 20
 Type of Service (TOS 8 bits): now being used for QoS
 Total length (16 bits) - length of datagram in bytes,
includes header and data
 Time to live (TTL 8bits) - specifies how long datagram is
allowed to remain in internet (how many hops)
 Protocol (8 bits) - specifies the format of the data area
 Protocol numbers administered by central authority to guarantee
agreement, e.g. TCP=6, UDP=17 …

50. IP Address
 Unique addresses in the world
 An IP address is 32 bits, noted in dotted decimal
notation: 192.78.32.2
 Host and Prefix Part
 An IP address has a prefix and a host part:
 prefix:host
 Prefix identifies a subnetwork
 used for locating a subnetwork – routing
 Prefix is usually identified in a host using a ―subnet
mask‖

51. Using a mask: address + mask
 the mask is the dotted decimal representation of
the string made of : 1 in the prefix, 0 elsewhere
 bit wise address & mask gives the prefix
 example 1: 128.178.156.13 mask 255.255.255.0
 here: prefix is 128.178.156.0
 example 2: 129.132.119.77 mask 255.255.255.192
 Q1: what is the prefix ?
 Q2: how many host ids can be allocated ?

52. Address + Mask (example 2)
 129.132.119.77 mask 255.255.255.192
▪ Q1: what is the prefix ? A: 129.132.119.64
129 132 119 77
1000 0001 1000 0100 0111 0111 0100 1101
255 255 255 192 64 addresses
1111 1111 1111 1111 1111 1111 1100 0000
26 6
129 132 119 64
1000 0001 1000 0100 0111 0111 0100 0000
Q2: how many host ids can be allocated ?
▪ A: 64 (minus the reserved addresses: 62)

55. Private networks

56. The maim problem
 Cisco movie

57. Major Changes and Additions in IPv6
● Larger Address Space: Addresses are 128 bits long instead of 32 bits.
● Hierarchical Assignment of Addresses: Allows for multiple levels of
network and subnetwork hierarchies both at the ISP and organizational level.
● Better Support for Non-Unicast Addressing: Support for
multicasting is improved, and new type of addressing: anycast addressing.
● Auto-configuration and Renumbering: auto-configuration of hosts
and renumbering of the IP addresses in networks and subnetworks as
needed.
● New Datagram Format: The main header of each IP datagram
has been streamlined, and support added for easily extending the
header for datagrams requiring more control information.
● Improved Support for Quality of Service and Security
● Updated Fragmentation and Reassembly Procedures:
fragmentation and reassembly of has been changed, IPv6 improve
efficiency of routing.
● Modernized Routing Support: The IPv6 protocol support modern
routing systems, and to allow expansion as the Internet grows.

58. IP V.6 vs. V.4 Datagram

59. IP v.4 header
 Version (4 bits) – 6 or 4
 Hlen (4 bits) - Header length in 32 bit words, without
options (usual case) = 20
 Type of Service (TOS 8 bits): now being used for QoS
 Total length (16 bits) - length of datagram in bytes,
includes header and data
 Time to live (TTL 8bits) - specifies how long datagram is
allowed to remain in internet (how many hops)
 Protocol (8 bits) - specifies the format of the data area
 Protocol numbers administered by central authority to guarantee
agreement, e.g. TCP=6, UDP=17 …

60. IP v.6 header
 Version (4 bits) – 6 or 4
 Traffic Class (8 bits) - traffic priority delivery value.
 Flow Label. 20 bits.
Used for specifying special router handling from source to
destination(s) for a sequence of packets.
 Payload Length (16 bits) - Specifies the length of the data
 Hop Limit (8 bits) - the same as TTL in the IPv4
 Source address. 16 bytes.
 Destination address. 16 bytes.

61. IPv6 address – 128 bit
 IPv6 address is made of two parts: prefix and suffix (I.e interface-ids)
64 bits 64 bits
and hierarchical prefix suffix
structure (that depends on format prefix, FP)
 prefix: FP – Format prefix
FP TLA NLA SLA
TLA - Top-Level Aggregators
 suffix: NLA - Next-Level Aggregators
Interface ID SLA – Service level Agreements
 Link-local address (mandatory) is unique within a "link".
1111111010 54 '0' 64 bits
bits suffix

62. IPv6 Autoconfiguration and Renumbering
 RFC 2462, IPv6 Stateless Address Autoconfiguration.
 IPv6 includes stateless address autoconfiguration feature, which allows a
host to determine its own IPv6 address from its Layer 2 address.
 The concept: A device generates a temporary address until it can
determine the characteristics of the network it is on. Then creates a
permanent address it can use based on that information.
 In the case of multi-homed devices: Autoconfiguration is performed for
each interface separately
Stateless address autoconfiguration Stateful address
No central server needed to aid in address autoconfiguration
configuration
Central server allocates full addresses
Node forms its own suffix, checks if it is unique
to nodes on request
Node obtains prefix(es) from the nearest
DHCPv6 is the current protocol for
router
stateful address autoconfiguration

63. IPv6 Extended Unique Identifier (EUI-64)
 RFC 2464
 IPv6 link-local addresses and statelessly autoconfigured addresses
on Ethernet networks
 used in Router Solicitation, Router Advertisement, Neighbor Solicitation,
Neighbor Advertisement and Redirect messages
48-bit MAC address
64-bit IPv6 EUI

64. IPv6 address Types
Unicast (1:1)
communicate specified one computer
Anycast addresses :
 nearest node of a set of nodes
RFC 4291 currently specifies the following restrictions on anycast addresses:
An anycast address must not be used as the source address of a packet.
Any anycast address can only be assigned to a router
 currently only used to address
routers
 Multicast (1:n)
communicate group of computers
No more broadcast in use

65. Representation of IPv6 addresses
 Colon hexadecimal notation -
805B:2D9D:DC28:0000:0000:FC57:D4C8:1FFF
 Leading zeroes can be suppressed in the notation
805B:2D9D:DC28:0:0:FC57:D4C8:1FFF
 Zero Compression in IPv6 Addresses
805B:2D9D:DC28::FC57:D4C8:1FFF
 The double-colon can appear only once in any IP address.
 IPv6 addresses can embed IPv4. The notation has the first 96 bits in
colon hex notation, and the last 32 bits in dotted decimal. eg
::212.200.31.255
 Prefix notation can be used as with classless IPv4 addressing with
CIDR.
Example: 805B:2D9D:DC28::FC57:D4C8:1FFF/48

66. So why isn’t it here yet ?
 No clear move to IPv6
 Lack of smooth migration plans
 Investments in IPv4
 Software availability - Available from Microsoft Windows XP sp2
 Developments in IP v4
 Use of NAT
 CIDR
 Planning of Hierarchies and use of Autonomous Areas
 IPsec implemented in IPv4
 Other Points
 Router Upgrades to handle IPv6 – OSPFv3

67. IPv6/IPv4 Servers
Dual Server
The most important issue will be to create servers that handle both
IPv4 and IPv6
The Server Operating System will contain protocol stacks for both
IPv4 and IPv6
IPv6
IPv4 IPv6
server
client client
TCP TCP
TCP
IPv4 IPv6 IPv4 IPv6
Datalink Datalink Datalink

68. Tunneling IPv6 over IPv4
Transport
IPv6 Header Data
Header
IPv6 Dual-Stack Dual-Stack IPv6
Host Router Router Host
IPv6 IPv4 IPv6
Network Network
Tunnel: IPv6 in IPv4 packet
Transport
IPv4 Header IPv6 Header Data
Header
 IPv6 can operate within a closed or private network environment
 Currently across a public networks, such as the Internet, have to cross an
IPv4 domain
 IPv6 packets can be encapsulated within IPv4
 Encapsulated packets can then travel transparently across an IPv4 routing domain
 Tunneling can be used by routers and hosts

69. Network Address Translation (NAT)
 Possible solution to address space exhaustion
 Kludge (but useful)
 Sits between your network and the Internet
 Translates local network layer addresses to
global IP addresses
 Has a pool of global IP addresses (less than
number of hosts on your network)
 Uses special unallocated addresses (RFC 1597)
locally
 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
69

70. NAT Illustration
Pool of global IP
Destination addresses Source
G P
Global Private
Internet Network
Dg Data
Sg NAT Dg Sp Data
• Operation: Source (S) wants to talk to Destination (D):
• Create Sg-Sp mapping
• Replace Sp with Sg for outgoing packets
• Replace Sg with Sp for incoming packets
• How many hosts can have active transfers at one time?
70

71. Problems with NAT
 What if we only have few (or just one) IP address?
 Use Network Address & Port Translator (NAPT)
 NAPT translates:
 Translates addrprivate + flow info to addrglobal + new flow
info
 Uses TCP/UDP port numbers
 Potentially thousands of simultaneous connections with
one global IP address
71

72. Problems with NAT
 Hides the internal network structure
 Some consider this an advantage
 Some protocols carry addresses
 E.g., FTP carries addresses in text
 What is the problem?
 Must update transport protocol headers (port number &
checksum)
 Encryption
 No inbound connections
72

73. IP V.4 Datagram

74. Fragmentation
 IP packets can be up to 64KB
 Different link-layers have different MTUs
(Max Transfer Unit. Ethernet=1500B)
 Split IP packet into multiple fragments
 IP header on each fragment
 Intermediate router may fragment as needed
74

75. TCP/IP Fragmentation
TCP
IP

76. Reassembly
 Where to do reassembly?
 End nodes
 Avoids unnecessary work where large packets
are fragmented multiple times
 Dangerous to do at intermediate nodes
 How much buffer space required at routers?
 What if routes in network change?
 Multiple paths through network
 All fragments only required to go through
destination
76

77. IP Fragmentation and Reassembly
length ID fragflag offset
=4000 =x =0 =0
One large datagram becomes
several smaller datagrams
length ID fragflag offset
=1500 =x =1 =0
length ID fragflag offset
=1500 =x =1 =1500
length ID fragflag offset
=1000 =x =0 =3000
77

78. Fragmentation is Harmful
 Uses resources poorly
 Forwarding costs per packet
 Best if we can send large chunks of data
 Worst case: packet just bigger than MTU
 Poor end-to-end performance
 Loss of a fragment
 Reassembly is hard
 Buffering constraints
78

79. Path MTU Discovery
 Hosts dynamically discover minimum MTU of path
 Algorithm:
 Initialize MTU to MTU for first hop
 Send datagrams with Don’t Fragment bit set
 If ICMP ―pkt too big‖ msg, decrease MTU
 What happens if path changes?
 Periodically (>5mins, or >1min after previous increase),
increase MTU
 Some routers will return proper MTU
 MTU values cached in routing table
79

80. Layer 4:
Transport Layer

81. Layer 4: Transport Layer
 The Transport Layer provides transparent transfer of data
between end users, providing reliable data transfer services
to the upper layers.
 The Transport Layer controls the reliability of a given link
through flow control, segmentation/desegmentation, and
error control.
81

82. Layer 4: Transport Layer
Feature Name TP0 TP1 TP2 TP3 TP4
Connection oriented network Yes Yes Yes Yes Yes
Connectionless network No No No No Yes
Concatenation and separation No Yes Yes Yes Yes
Segmentation and reassembly Yes Yes Yes Yes Yes
Error Recovery No Yes No Yes Yes
Reinitiate connection (if an
excessive number of PDUs are No Yes No Yes No
unacknowledged)
multiplexing and demultiplexing
No No Yes Yes Yes
over a single virtual circuit
Explicit flow control No No Yes Yes Yes
Retransmission on timeout No No No No Yes
Reliable Transport Service No Yes No Yes Yes
82

83. TCP - Transmission Control Protocol
 Connection oriented - Reliable stream transport
 Conceptually, two ends communicate to agree on
details
 After agreeing application notified of connection
 During transfer, ends communicate continuously to
verify data received correctly
 When done, ends tear down the connection
 Provides buffering and flow control
 Takes care of lost packets, out of order,
duplicates, long delays
 Usually used for browsing, FTP, Mail, etc.

84. UDP- User Datagram Protocol
 Connectionless Datagram- Not Reliable transport
 Minimal overhead, high performance
 No setup/teardown, 1 datagram at a time
 Application responsible for reliability
 Includes datagram loss, duplication, delay, out-of-sequence,
multiplexing, loss of connectivity
 Usually used for Voice & Video streaming,
broadcasting, etc.

85. TCP vs. UDP data format
0 4 8 16 24 31
Source port Destination port
0 8 16 24 31
Sequence number
Source port Destination port
Acknowledgement number
UDP message len Checksum (opt.)
Hlen Res Code Window
Data
v
Checksum Urgent ptr
…
Options (if any) Padding
Data if any
…

86. TCP data format
 Port - TCP port numbers to ID applications at both ends
of connection
 Sequence number - ID position in sender’s byte stream
 Acknowledgement - identifies the number of the byte
the sender of this segment expects to receive next
 Hlen - specifies the length of the segment header in 32 bit
multiples. If there are no options, the Hlen = 5 (20 bytes)
 Code - used to determine segment purpose, e.g. SYN,
ACK, FIN, URG

87. TCP data format (cont.)
 Window - Advertises how much data this station is willing
to accept. Can depend on buffer space remaining.
 Checksum -Verifies the integrity of the TCP header and
data. It is mandatory.
 Urgent pointer - used with the URG flag to indicate
where the urgent data starts in the data stream. Typically
used with a file transfer abort during FTP or when pressing
an interrupt key in telnet.
 Options -used for window scaling, SACK, timestamps,
maximum segment size etc.

88. Layer 5:
Session Layer

89. Layer 5: Session Layer
 The Session Layer controls the dialogues (connections)
between computers.
 It establishes, manages and terminates the connections
between the local and remote application.
 It provides for full-duplex, half-duplex, or simplex operation,
and establishes checkpointing, adjournment, termination,
and restart procedures.
89

90. Layer 6: Presentation Layer
 The Presentation Layer establishes a context
between Application Layer entities, in which the
higher-layer entities can use different syntax and
semantics, as long as the presentation service
understands both and the mapping between them.
 This layer provides independence from differences in
data representation (e.g., encryption) by translating
from application to network format, and vice versa.
 This layer formats and encrypts data to be sent
across a network, providing freedom from
compatibility problems.
 It is sometimes called the syntax layer.
90

91. Layer 7: Application Layer
 The application layer is the OSI layer
closest to the end user, which means that
both the OSI application layer and the user
interact directly with the software
application.
 Application layer functions typically include:
 identifying communication partners,
 determining resource availability,
 synchronizing communication.
91

92. URL
 A standard scheme for compactly identifying any
document on any Web server
 Components:
 A protocol name: http, rtp, rtsp
 ://
 A server domain name or server IP address
 A path to a resource ( an HTML file or a CGI script)
System Name Path Name
http://today@poly.edu:999/ee-dept/event.html
Service Type: http, telnet, Port Number: File Name
ftp, gopher, … specified if
non-default
port is used
92

93. HyperText Transfer Protocol (HTTP)
 Application layer protocol
 Distributes information in the WWW
 Based on the client/server architecture
 HTTP client (web browser): sends a request to a server for a file
 HTTP server (web server): well-known port number 80, responds
with the requested file if it is available
 A single TCP connection is used
web browser web server
request
HTTP HTTP
response
TCP TCP
IP IP
Network Network
93

94. HTTP Messages
 English-based and flexible, not code-based as
lower layer protocols
 Components of an HTTP message:
 A start-line
 Optional headers, each has a header name and a
value
 A blank line (a ―rn‖ only)
 The requested file or other data in an HTTP response.
94

95. HTTP Request Message
 Request Line:
 Request Type
 URL
 HTTP version
 Optional Headers
 Header name
 Value
 A blank line
The Request Type defines methods in messages
 GET, HEAD – retrieve a full document or some info about a document from the
server
 PUT, PATCH – provide a new/replacement document or a list of difference to
implement in an existing document to the server
 COPY, MOVE, DELETE – copy, move, or delete a document
 ……
95

96. HTTP Response Message
 Status Line:
 HTTP version
 Status Code
 Status phrase
 Optional Headers
 Header name
 Value
 A blank line
 Data Body
 The Status Code is similar to those in the FTP and the SMTP protocol with 3
digits
 The Status Phrase explains the status code such as continue, switching, OK,
accepted, no content, multiple choices, bad request, unauthorized, forbidden,
not found, internal server error, service unavailable, … …
96

97. HTTP TCP Connections
 The client first establishes a TCP connection to the
server before an HTTP request
 The server may terminate the TCP connection after the
HTTP response is sent
 For embedded objects in a HTML file
 The client sends a request for each embedded object
 In HTTP/1.0, the client establishes a TCP connection for each
request, not efficient for a file with many embedded objects
 In HTTP/1.1, persistent connections are supported
 All embedded objects are sent through the TCP connection
established for the first request
 Both the client and server have to enable the persistent connection
feature
97

98. HTTP Requests & Responses
open
web browser web server
opened
HTTP HTTP
request
TCP TCP
response
IP close IP
Network closed Network
 HTTP has four stages: Open, Request, Response, Close
 A TCP session for HTTP/1.0 does not stay open and wait for
multiple requests/responses – not efficient when HTML file has
many embedded objects like pictures
 HTTP/1.1 supports persistent connections that allow all the
embedded objects sent through the same TCP connection
98

99. HTTP Proxies
proxy
web browser request request web server
HTTP
HTTP HTTP
response TCP response
TCP TCP
IP
IP IP
Network
Network Network
Cache
 Proxy server acts as both a client and server
 receiving client’s initial requests, translating requests, passing
requests to other servers
 Proxies can be used with firewalls to block undesired traffic
 Cache feature of a Web proxy server reduces network traffic by
saving recently viewed pages on the disk driver
99

100. DHCP
 Dynamic Host Configuration Protocol (DHCP) is
designed, to dynamically configure TCP/IP hosts in a
centralized manner from DHCP server.
 DHCP server maintains a collection of configuration
parameters, such as IP addresses, subnet mask, default
gateway IP address, to make a configured host work in
the network.
 A DHCP client queries the server for the configuration
parameters.
 The DHCP server returns configuration parameters to
the client.
100

101. DHCP
 DHCP can provide persistent storage of network
parameters for the clients
 A client can be assigned with same set of parameters whenever
it bootstraps, or is moved to another subnet
 The DHCP server keeps a key-value entry for each client and
uses the entries to match queries from the clients
 The entry could be a combination of a subnet address and the
MAC address (or domain name) of a client
 DHCP can also assign configuration parameters
dynamically
 The DHCP server maintains a pool of parameters and assigns an
unused set of parameters to a querying client
 A DHCP client leases an IP address for a period of time. When
the lease expires, the client may renew the lease, or the IP
address is put back to the pool for future assignments
101

102. DHCP Operations
 When two DHCP servers are used
1) A client first broadcasts a DHCPDISCOVERY message on its local
physical network during bootstrapping.
 The message may be forwarded by relay agents to servers in
other physical networks.
2) Each server may respond with a DHCPOFFER message with an
available network address in the Your IP Address field.
102

103. DHCP Operations
 When two DHCP servers are used
3) The client may receives more than one DHCPOFFER messages.
 It chooses one server from all responding servers based on the
configuration parameters offered.
 The client then broadcasts a DHCPREQUEST message with the
Server Identifier option to indicated the selected server.
103

104. DHCP Operations
 When two DHCP servers are used
4) When the DHCPREQUEST message is received, only the chosen
server responds with a DHCPACK message carrying a full set of
configuration parameters to the client.
 When the client receives, it checks the parameters and configures
its TCP/IP modules using the parameters.
 The message specifies the duration of the lease. When the lease
expires, the client may ask the server to renew it. Otherwise, the
address will be put back in the pool or assigned to other hosts.
104

105. DHCP Operations
 When two DHCP servers are used
5) The client may send a DHCPRELEASE message to the server to
relinquish the lease on the network address.
105

106. DHCP Message Format
106

107. DHCP Message Fields
 Opcode
 1 means a boot request from client
 2 means a boot reply from server
 Hardware Address Type
 The values are defined in the ―Assigned Numbers‖ RFC
 The value is 1 for an Ethernet MAC address
 HW address length
 The length of the hardware address
 Hop count
 Optionally used by relay agents
 A relay agent is a host or router that forwards DHCP messages
between DHCP clients and servers
107

108. DHCP Message Fields
 Transaction ID
 Randomly assigned to link requests and replies between a client
and a server
 Number of seconds
 Elapsed time in seconds since the client began an address
acquisition or renewal process
 Flags
 Broadcast flag, the leftmost bit. Used when a client cannot
receive a unicast IP datagram before its interface is configured
 Remaining 15 bits must be 0 (reserved for future use)
108

109. DHCP Message Fields
 Client IP address
 Use when the client is in BOUND, RENEW, and REBINDING
state and can respond to ARP requests
 Your IP address
 client’s IP address from DHCP server
 Server IP address
 the IP address of the next server to use in bootstrap
 Relay agent IP address
 used when booting via a relay agent
109

110. DHCP Message Fields
 Client Hw address
 The hardware address of the client
 For an Ethernet address, the first 6 bytes are filled and the
remaining bytes are set to 0
 Server hostname
 Hostname of the DHCP server
 Boot filename:
 Use in a DHCPOFFER message to specify the fully qualified, null
terminated path name of a file to bootstrap from
 Options
 optional vendor specific field
110

111. DHCP Configuration
 An example of a DHCP server configuration file
111

112. MPLS

113. Motivation
• IP
o The first defined and used protocol
o De facto the only protocol for global
Internet working
 … but there are disadvantages

114. Motivation (cont.)
• IP Routing disadvantages
o Connectionless
- e.g. no QoS
o Large IP Header
- At least 20 bytes
o Routing in Network Layer
- Slower than Switching
o Usually designed to obtain shortest path
- Do not take into account additional metrics

115. Motivation (cont.)
• ATM
o connection oriented
- Supports QoS
o fast packet switching with fixed length
packets (cells)
o integration of different traffic types (voice,
data, video)
 … but there are also disadvantages

116. Motivation (cont.)
• ATM disadvantages
o Complex
o Expensive
o Not widely adopted

117. Motivation (cont.)
• Idea: Combine the forwarding
algorithm used in ATM with IP.

118. MPLS Basics
• Multi Protocol Label Switching is
arranged between Layer 2 and Layer 3

119. MPLS Basics (cont.)
• MPLS Characteristics
o Mechanisms to manage traffic flows of
various granularities (Flow Management)
o Is independent of Layer-2 and Layer-3
protocols
o Maps IP-addresses to fixed length labels
o Supports ATM, Frame-Relay and Ethernet

120. Label
• Generic label format

121. Label Edge Router - LER
• Resides at the edge of an MPLS
network and assigns and removes
the labels from the packets.
• Support multiple ports connected to
dissimilar networks (such as frame
relay, ATM, and Ethernet).

122. Label Switching Router - LSR
• Is a high speed router in the core on
an MPLS network.
• ATM switches can be used as LSRs
without changing their hardware.
Label switching is equivalent to
VP/VC switching.

123. Positions of LERs & LSRs

124. Label Distribution Protocol - LDP
• An application layer protocol for the
distribution of label binding
information to LSRs.
o It is used to map FECs to labels, which, in
turn, create LSPs.
o LDP sessions are established between LDP
peers in the MPLS network (not
necessarily adjacent).
o Sometimes employs OSPF or BGP.

125. Traffic Engineering
• In MPLS, traffic engineering is inherently
provided using explicitly routed paths.
• The LSPs are created independently,
specifying different paths that are based
on user-defined policies. However, this
may require extensive operator
intervention.
• RSVP-TE and CR-LDP are two possible
approaches to supply dynamic traffic
engineering and QoS in MPLS.

126. MPLS Operation
• The following steps must be taken
for a data packet to travel through
an MPLS domain.
o label creation and distribution
o table creation at each router
o label-switched path creation
o label insertion/table lookup
o packet forwarding

127. MPLS Operation Example

128. Tunneling in MPLS
• Control the entire path of a packet
without explicitly specifying the
intermediate routers.
o Creating tunnels through the intermediary
routers that can span multiple segments.
• MPLS based VPNs.

130. MPLS Advantages
• Improves packet-forwarding
performance in the network
• Supports QoS and CoS for service
differentiation
• Supports network scalability
• Integrates IP and ATM in the
network
• Builds interoperable networks

131. MPLS Disadvantages
• An additional layer is added
• The router has to understand MPLS

132. Security - IPsec

133. IP is not Secure!
 IP protocol was designed in the late 70s to early 80s
 Part of DARPA Internet Project
 Very small network
 All hosts are known!
 So are the users!
 Therefore, security was not an issue
133

134. Security Issues in IP
 source spoofing
 replay packets • DOS attacks
• Replay attacks
 no data integrity or • Spying
confidentiality • and more…
Fundamental Issue:
Networks are not (and will never be)
fully secure
134

135. Goals of IPSec
 to verify sources of IP packets
 authentication
 to prevent replaying of old packets
 to protect integrity and/or confidentiality of
packets
 data Integrity/Data Encryption
135

136. IPSec Architecture
ESP AH
Encapsulating Security Authentication Header
Payload
IPSec Security Policy
IKE
The Internet Key Exchange
136

137. IPSec Architecture
 IPSec provides security in three situations:
 Host-to-host, host-to-gateway and gateway-to-gateway
 IPSec operates in two modes:
 Transport mode (for end-to-end)
 Tunnel mode (for VPN)
137

138. IPsec Architecture
Transport Mode
Router Router
Tunnel Mode
138

139. Various Packets
Original IP header TCP header data
Transport IP header IPSec header TCP header data
mode
Tunnel
IP header IPSec header IP header TCP header data
mode
139

140. Authentication Header (AH)
 Provides source authentication
 Protects against source spoofing
 Provides data integrity
 Protects against replay attacks
 Use monotonically increasing sequence numbers
 Protects against denial of service attacks
 NO protection for confidentiality!
 Use cryptographically strong hash algorithms to protect
data integrity (96-bit)
 Use symmetric key cryptography
 HMAC-SHA-96, HMAC-MD5-96
140

141. AH Packet Details
New IP header
Next Payload
Reserved
header length
Security Parameters Index (SPI)
Authenticated Encapsulated
Sequence Number
TCP or IP packet
Old IP header (only in Tunnel mode)
TCP header
Hash of everything
else Data
Authentication Data
141

142. Encapsulating Security Payload (ESP)
 Provides all that AH offers, and
 in addition provides data confidentiality
 Uses symmetric key encryption
142

143. ESP Details
 Same as AH:
 Use 32-bit sequence number to counter replaying attacks
 Use integrity check algorithms
 Only in ESP:
 Data confidentiality:
 Uses symmetric key encryption algorithms to encrypt packets
143

144. ESP Packet Details
IP header
Next Payload
Reserved
header length
Security Parameters Index (SPI)
Sequence Number
Authenticated
Initialization vector
TCP header
Data Encrypted TCP
packet
Pad Pad length Next
Authentication Data
144

145. Question?
1. Why have both AH and ESP?
2. Both AH and ESP use symmetric key based algorithms
 Why not public-key cryptography?
 How are the keys being exchanged?
 What algorithms should we use?
 Similar to deciding on the ciphersuite in SSL
145

146. Internet Key Exchange (IKE)
 Exchange and negotiate security policies
 Establish security sessions
 Identified as Security Associations
 Key exchange
 Key management
 Can be used outside IPsec as well
146

147. IPsec/IKE Acronyms
 Security Association (SA)
 Collection of attribute associated with a connection
 Is asymmetric!
 One SA for inbound traffic, another SA for outbound traffic
 Similar to ciphersuites in SSL
 Security Association Database (SADB)
 A database of SAs
147

148. IPsec/IKE Acronyms
 Security Parameter Index (SPI)
 A unique index for each entry in the SADB
 Identifies the SA associated with a packet
 Security Policy Database (SPD)
 Store policies used to establish SAs
148

149. How They Fit Together
SPD
SA-1
SA-2
SADB SPI
SPI
149

150. SPD and SADB Example
Transport Mode A’s SPD
From To Protocol Port Policy
A B
C D A B Any Any AH[HMAC-MD5]
Tunnel Mode
From To Protocol SPI SA Record
A’s SADB
A B AH 12 HMAC-MD5 key
From To Protocol Port Policy Tunnel Dest
Asub Bsub Any Any ESP[3DES] D C’s SPD
From To Protocol SPI SA Record
C’s SADB
Asub Bsub ESP 14 3DES key
150

151. How It Works
 IKE operates in two phases
 Phase 1: negotiate and establish an auxiliary end-to-end
secure channel
 Used by subsequent phase 2 negotiations
 Only established once between two end points!
 Phase 2: negotiate and establish custom secure
channels
 Occurs multiple times
 Both phases use Diffie-Hellman key exchange to
establish a shared key
151

152. IKE Phase 1
 Goal: to establish a secure channel between two end points
 This channel provides basic security features:
 Source authentication
 Data integrity and data confidentiality
 Protection against replay attacks
152

153. IKE Phase 1
 Rationale: each application has different security
requirements
 But they all need to negotiate policies and exchange keys!
 So, provide the basic security features and allow
application to establish custom sessions
153

154. Examples
 All packets sent to address mybank.com must be encrypted
using 3DES with HMAC-MD5 integrity check
 All packets sent to address www.forum.com must use
integrity check with HMAC-SHA1 (no encryption is required)
154

155. Phase 1 Exchange
 Can operate in two modes:
 Main mode
 Six messages in three round trips
 More options
 Quick mode
 Four messages in two round trips
 Less options
155

156. Phase 1 (Main Mode)
Initiator Responder
[Header, SA1]
156

157. Phase 1 (Main Mode)
Initiator Responder
[Header, SA1]
[Header, SA2]
Establish vocabulary for further communication
157

158. Phase 1 (Main Mode)
Initiator Responder
[Header, SA1]
[Header, SA2]
[Header, KE, Ni, {Cert_Reg} ]
158

159. Phase 1 (Main Mode)
Initiator Responder
Header, SA1
[Header, SA1]
[Header, KE, Ni { , Cert_Req} ]
[Header, KE, Nr {, Cert_Req}]
Establish secret key using Diffie-Hellman key exchange
Use nonces to prevent replay attacks
159

160. Phase 1 (Main Mode)
Initiator Responder
[Header, SA1]
[Header, SA1]
[Header, KE, Ni {,Cert_Req} ]
[Header, KE, Nr {,Cert_Req}]
[Header, IDi, {CERT} sig]
160

161. Phase 1 (Main Mode)
Initiator Responder
[Header, SA1]
[Header, SA1]
[Header, KE, Ni {, Cert_req}]
[Header, KE, Nr {, Cert_req}]
[Header, IDi, {CERT} sig]
[Header, IDr, {CERT} sig]
Signed hash of IDi (without Cert_req , just send the hash)
161

162. Phase 1 (Aggressive Mode)
Initiator Responder
[Header, SA1, KE, Ni, IDi]
162

163. Phase 1 (Aggressive Mode)
Initiator Responder
[Header, SA1, KE, Ni, IDi]
[Header, SA2, KE, Nr,
IDr, [Cert]sig]
[Header, [Cert]sig]
First two messages combined into one
(combine Hello and DH key exchange)
163

164. IPSec (Phase 1)
 Four different way to authenticate (either mode)
 Digital signature
 Two forms of authentication with public key encryption
 Pre-shared key
 NOTE: IKE does use public-key based cryptography for
encryption
164

165. IPSec (Phase 2)
 Goal: to establish custom secure channels between two end
points
 End points are identified by <IP, port>:
 e.g. <www.mybank.com, 8000>
 Or by packet:
 e.g. All packets going to 128.124.100.0/24
 Use the secure channel established in Phase 1 for communication
165

166. IPSec (Phase 2)
 Only one mode: Quick Mode
 Multiple quick mode exchanges can be multiplexed
 Generate SAs for two end points
 Can use secure channel established in phase 1
166

167. IP Payload Compression
 Used for compression
 Can be specified as part of the IPSec policy
 Will not cover!
167

168. Outline
 Why IPsec?
 IPsec Architecture
 Internet Key Exchange (IKE)
 IPSec Policy
 Discussion
168

169. IPsec Policy
 Phase 1 policies are defined in terms of protection
suites
 Each protection suite
 Must contain the following:
 Encryption algorithm
 Hash algorithm
 Authentication method
 Diffie-Hellman Group
 May optionally contain the following:
 Lifetime
 …
169

170. IPSec Policy
 Phase 2 policies are defined in terms of proposals
 Each proposal:
 May contain one or more of the following
 AH sub-proposals
 ESP sub-proposals
 IPComp sub-proposals
 Along with necessary attributes such as
 Key length, life time, etc
170

171. IPSec Policy Example
 In English:
 All traffic to 128.104.120.0/24 must be:
 Use pre-hashed key authentication
 DH group is MODP with 1024-bit modulus
 Hash algorithm is HMAC-SHA (128 bit key)
 Encryption using 3DES
 In IPSec:
 [Auth=Pre-Hash;
DH=MODP(1024-bit);
HASH=HMAC-SHA;
ENC=3DES]
171

172. IPsec Policy Example
 In English:
 All traffic to 128.104.120.0/24 must use one of the
following:
 AH with HMAC-SHA or,
 ESP with 3DES as encryption algorithm and
(HMAC-MD5 or HMAC-SHA as hashing algorithm)
 In IPsec:
 [AH: HMAC-SHA] or,
 [ESP: (3DES and HMAC-MD5) or
(3DES and HMAC-SHA)]
172

173. IP protocol suite
HTML RT Data
Signalling
SMTP POP, Protocols
IMAP FTP HTTP DNS RTP (e.g. ISUP)
TCP UDP SCTP
IP ICMP RIP OSPF BGP
SLIP PPP ARP
LAN-protocols, ATM, PSTN/ISDN, PLMN …

174. SCTP is used for signalling transport
Signalling Protocol (e.g. ISUP)
SCCP Adapt. pr. Sigtran
Protocol
conversion in SCTP protocols
MTP signalling
gateway (SGW) IP
Phys.
Transport of SS7 type Transport of SS7 type
application protocols application protocols (e.g.
(e.g. ISUP) in SS7 ISUP) over IP network
network using MTP (+ using Sigtran protocols
SCCP)

175. Example: downloading HTML page (1)
User HTML page
Send me
terminal source
HTML page
(Client) (Server)
HTTP Internet service HTTP
TCP provider’s PoP TCP
IP IP IP
PPP PPP ATM ATM
Modem connection and PPP link between user terminal and
ISP’s Point of Presence (PoP) is established. User terminal is
given IP address (dynamic allocation).

176. Example: downloading HTML page (2)
User DNS replies ... HTML page
terminal UDP source
(Client) IP (Server)
Contact DNS ... HTTP
UDP UDP TCP
IP IP IP
PPP PPP ATM ATM
DNS performs translation between URL and IP address of
server (only the latter is used for routing IP packets to the
server).

177. Example: downloading HTML page (3)
User HTML page
terminal source
(Client) (Server)
HTTP Three-way handshaking HTTP
TCP TCP
IP IP IP
PPP PPP ATM ATM
TCP connection is set up. Note that IP packets can be routed
over different bearer networks (like ATM as above) and do not
necessarily follow the same path.

178. Example: downloading HTML page (4)
User HTML page
terminal source
(Client) (Server)
Request
HTTP Reply HTTP
TCP TCP
IP IP IP
PPP PPP ATM ATM
HTTP request (get HTML page) is sent to server. HTTP reply
(including HTML page) is returned in a “200 ok” message.

179. Example: downloading HTML page (5)
User HTML page
terminal source
(Client) (Server)
HTTP Two-way handshaking HTTP
TCP TCP
IP IP IP
PPP PPP ATM ATM
If the client has no more requests, the TCP connection is
cleared.

180. Example: downloading HTML page (6)
User HTML page
terminal source
(Client) (Server)
HTTP HTTP
TCP TCP
IP IP IP
PPP PPP ATM ATM
When requested by the client, the PPP and modem
connections are cleared. (Bearer connections within the
Internet backbone are naturally not cleared.)