Introduction to TCP/IP Network Model

TCP/IP Network Model

The TCP/IP model is the foundation of the Internet. It is the general name for a series of network protocols. These protocols can be divided into four layers: link layer, network layer, transport layer, and application layer.

• Link layer: responsible for encapsulating and decapsulating IP packets, sending and receiving ARP/RARP packets, etc.
• Network layer: responsible for routing and sending packets to the target network or host.
• Transport layer: responsible for grouping and reassembling messages and encapsulating messages in TCP or UDP protocol format.
• Application layer: responsible for providing applications to users, such as HTTP, FTP, Telnet, DNS, SMTP, etc.

In the network architecture, the establishment of network communication must be carried out at the peer layer of the communicating parties and cannot be staggered. During the entire data transmission process, the data at the sending end must be attached with the protocol header and protocol tail of the corresponding layer (only the data link layer needs to encapsulate the protocol tail) when passing through each layer, that is, the data must be encapsulated by protocol to identify the communication protocol used by the corresponding layer.

OSI seven-layer model

Of course, in theory, there is also an OSI seven-layer model: physical layer, data link layer, network layer, transport layer, session layer, presentation layer and application layer. This is an ideal model, but it is not widely adopted due to its complexity.

Link Layer

(1) Ethernet and 802 encapsulation

Ethernet encapsulation is defined in RFC894, while 802 encapsulation is defined in RFC1042. Host requirements RFC requirements: (1) MUST support Ethernet encapsulation (2) SHOULD support RFC1042 encapsulation mixed with RFC894 (3) MAY be able to send RFC1042 encapsulated packets

(2) SLIP

Applicable to RS-232 and high-speed modem access networks (1) Ends with 0xC0 (2) Escapes 0xC0 and ESC characters in the message Disadvantages: No way to notify the local IP to the other end; no type field; no checksum

(3) CSLIP

Compress the 20-byte IP header and 20-byte TCP header in the SLIP message into 3 or 5 bytes

(4) PPP

The defects of the SLIP protocol have been corrected to support multiple protocol types; with data checksum; message header compression; both parties can dynamically negotiate IP addresses (using the IP protocol); the link control protocol can set multiple link options.

(5) Loopback interface

Used for programs on the same host to communicate via TCP/IP. All data sent to the loopback interface is used as input; data sent to the host IP address is also sent to the loopback interface; broadcast and multicast data are first copied to the loopback interface and then sent to the Ethernet.

(6) MTU

The maximum limit on the data frame length. If the data packet length is greater than this value, it needs to be fragmented at the IP layer. Note: The data sent to Ethernet must take the path MTU into consideration

Internet Protocol (IP)

IP is the core protocol in TCP/IP. All TCP, UDP, ICMP and other protocols are transmitted in the format of IP datagrams. The IP protocol provides unreliable and connectionless services. It does not guarantee that datagrams can be delivered to the destination, nor does it guarantee the order of datagrams.

The IP header format is:

Note: Network byte order: The order of 32-bit transmission is 0-7bit, 8-15bit, 16-23bit, 24-31bit (i.e. big endian byte order)

IP Routing

IP routing is done hop by hop. IP does not know the complete path to any destination (except, of course, those directly connected to the host). All IP routing does is provide the IP address of the next-hop router for datagram transmission. It assumes that the next-hop router is closer to the destination than the host sending the datagram, and that the next-hop router is directly connected to the host.

IP routing mainly completes the following functions:

• The routing table is searched for an entry that completely matches the destination IP address (both the network number and the host number must match). If found, the message is sent to the next-stop router or directly connected network interface specified by the entry (depending on the value of the flag field).
• The routing table is searched for an entry that matches the destination network number. If found, the message is sent to the next-hop router or directly connected network interface specified by the entry (depending on the value of the flag field). All hosts on the destination network can be addressed by this entry. For example, all hosts on an Ethernet network are routed through this entry. This method of searching for networks must take into account possible subnet masks. We will discuss this in the next section.
• Search the routing table for an entry marked "default". If found, send the message to the next-hop router specified by that entry.

If none of the above steps succeed, the datagram cannot be delivered. If the datagram that cannot be delivered comes from the local machine, a "host unreachable" or "network unreachable" error is generally returned to the application that generated the datagram.

IP routing is done hop by hop. The destination IP address of a datagram remains the same as it travels from one station to another, but the encapsulation and destination link layer addresses can change at each station. Most hosts and many routers use the default next-hop router for datagrams destined for non-local networks.

Two characteristics of IP routing: (1) Full host address matching is performed before network address matching (2) Routes are specified for the network, not for each host.

IP address and MAC address classification

By IP address range:

• Class A: Address range 1.0.0.1-126.255.255.25. The subnet mask of Class A IP addresses is 255.0.0.0, and the number of secure hosts supported by each network is 256 to the power of 3 - 2 = 16777214.
• Class B: The address range is 128.0.0.1-191.255.255.255. The subnet mask of the Class B IP address is 255.255.0.0. The number of maximum hosts supported by each network is 256 to the power of 2 - 2 = 65534
• Class C: The address range is 192.0.1.1-223.255.255.255. The subnet mask of the Class C IP address is 255.255.255.0. The number of maximum hosts supported by each network is 256-2=254
• Class D: Addresses starting with 1110, multicast addresses
• Class E: Addresses starting with 11110, reserved addresses

According to the communication mode:

• Unicast: The target is a specific host, such as 192.168.0.3
• Broadcast: The host portion of the target IP address is all 1s, and the destination MAC address is FF-FF-FF-FF-FF-FF. For example, the default subnet mask of the class B network 172.16.0.0 is 255.255.0.0, and the broadcast address is 172.16.255.255.
• Multicast: The target is a group of hosts with an IP address range of 224.0.0.0 to 239.255.255.255. The multicast MAC address starts with the hexadecimal value 01-00-5E, and the remaining 6 hexadecimal digits are converted from the first 23 bits of the IP multicast group address.

Unicast is the transmission of data to a specific host. For example, when sending an IP data packet to a host, the link layer header has a very specific destination address. For Ethernet, it is the MAC address of the network card. Broadcast and multicast are only applied to UDP. They are very important for applications that need to send messages to multiple receivers at the same time.

• Broadcast is to send packets to all hosts on a certain network. This network may be a network, a subnet, or all subnets. If it is a network, for example, the broadcast of a Class A URL is netid.255.255.255. If it is a subnet, it is netid.netid.subnetid.255. If it is all subnets (Class B IP), it is netid.netid.255.255. The MAC address used for broadcast is FF-FF-FF-FF-FF-FF. All hosts in the network will receive this broadcast data, and the network card only needs to pass the data with the MAC address of FF-FF-FF-FF-FF-FF to the kernel. Generally speaking, ARP or routing protocol RIP should be broadcast in the form of broadcast.
• Multicast is to send data to a specific group of hosts (multicast group), so that the data broadcast range will be smaller. The multicast MAC address is the low-order bit of the first byte is 1, for example 01-00-00-00-00-00. The address of the multicast group is Class D IP, which is specified as 224.0.0.0-239.255.255.255. The Ethernet address corresponding to IP multicast ranges from 0 1 : 0 0 : 5 e : 0 0 : 0 0 : 0 0 to 01 : 00 : 5e : 7f : ff : ff. The conversion of the multicast group address to the Ethernet address can be achieved by mapping its low-order 23 bits to the corresponding Ethernet address. Since the address mapping is not unique, other protocols are required to implement additional datagram filtering.

Subnet Mask

The subnet mask is used to determine how many bits are used for the network ID and how many bits are used for the host ID.

Given an IP address and subnet mask, a host can determine the destination of an IP datagram: (1) a host on this subnet; (2) a host on another subnet in this network; or (3) a host on another network.

If you know the IP address of the machine, you will know whether it is a class A, B or C address (you can know it from the high bits of the IP address), and you will know the dividing line between the network number and the subnet number. The dividing line between the subnet number and the host number can be known based on the subnet mask.

Encapsulation

The physical characteristic of Ethernet data frames is that their length must be between 46 and 1500 bytes, and the data frames will be encapsulated when entering each layer of the protocol stack.

The more specific Ethernet frame format is:

Use

When the destination host receives an Ethernet frame, it moves up the protocol stack from the bottom to the top, removing the message headers added by each layer of protocol. Each layer of protocol box checks the protocol identifier in the message header to determine the upper layer protocol of the received data. This process is called demultiplexing.

Fragmentation

Old kernels usually handle IP fragmentation at the IP layer, which can receive 0~64KB of data. Therefore, when the data IP packet is larger than the PMTU, the data must be divided into multiple IP fragments. In newer kernels, L4 will try to fragment: L4 will no longer pass the buffer that exceeds the PMTU directly to the IP layer, but will pass a set of buffers that match the PMTU. In this way, the IP layer only needs to add an IP header to each fragment. But this does not mean that the IP layer does not do the work of fragmentation. In some cases, the IP layer will still perform fragmentation.

• Segmentation refers to dividing an IP packet into multiple transmissions and reassembling it at the receiving IP layer.
• Whether an IP packet can be fragmented depends on its DF flag: DF bit (0 = "may fragment," 1 = "don't fragment")
• After packetization, each fragment has an MF flag bit: MF bit (0 = "last fragment," 1 = "more fragments")

In the *** table:

• IP packet length 5140, including 5120 bytes of payload
• DF = 0, subpacketization is allowed
• MF = 0, which is unpacked

In the second table:

• 0-0 *** packet: length 1500 = 1480 (payload) + 20 (IP Header). Offset (starting offset): 0
• 0-1 Second packet: Length 1500 = 1480 (payload) + 20 (IP Header). Offset: 185 = 1480 / 8
• 0-2 The third sub-packet: Length 1500 = 1480 (payload) + 20 (IP Header). Offset: 370 = 185 + 1480/8
• 0-3 The fourth packet: Length 700 = 680 (payload, = (5140 - 20) - 1480 * 3) + 20 (IP Header). Offset: 555 = 370 + 1480/8

It should be noted that only the first packet carries the complete IPv4 + TCP/UDP information of the original packet, and subsequent subpackets only have IPv4 information.

Problems caused by subcontracting:

• Sender overhead: It takes CPU to split packets, including calculation and data copying.
• Receiver overhead: Reassembly of multiple packets. Reassembly on a router is very inefficient, so reassembly is often done on the receiving host.
• Retransmission overhead: If a subpacket is lost, the entire packet needs to be retransmitted.
• When multiple packets appear out of order, the firewall may treat them as invalid packets and discard them.

MTU

The MTU of a network interface is the maximum size of a block of data that it can transmit at one time. Any data block that exceeds the MTU will be divided into smaller transmission units before transmission. MTU is measured at two levels: the network layer and the link layer. For example, the standard Internet MTU at the network layer is 1500 bytes, and at the link layer it is 1518 bytes. When not specifically mentioned, the MTU of the network layer is usually referred to.

A common reason to increase a network interface's MTU is to increase throughput on high-speed Internet. The standard Internet MTU uses 1500 bytes for backward compatibility with 10M and 100M networks, but it is far from enough for current 1G and 10G networks. New network equipment can handle larger MTUs, but the MTU needs to be set explicitly. Frames with this larger MTU are called "jumbo frames", and 9000 bytes are common.

Conversely, some reasons why you might want to reduce the MTU:

• Meet the MTU of another network (to eliminate UDP packetization, and TCP PMTU discover is required)
• Meet the requirements of ATM cell
• Improve throughput on high error rate lines

MTU cannot be mixed with any current Internet network protocol, however, a router can be used to connect network segments with different MTUs.

TCP fragmentation

The size of each TCP data packet (segment) is limited by the MSS (TCP_MAXSEG option). The maximum segment size (MSS) indicates the length of the first block of data that TCP transmits to the other end. When a connection is established (SYN packet), both parties of the connection must notify their respective MSS.

Generally speaking, if no fragmentation occurs, the larger the MSS, the better. Larger segments allow more data to be carried in each segment, which results in higher network utilization relative to the IP and TCP headers. When TCP sends a SYN, either because a local application wants to initiate a connection or because the host at the other end receives a connection request, it can set the MSS value to the MTU length on the outgoing interface minus the fixed IP header (20 bytes) and TCP header length (20 bytes). For an Ethernet, the MSS value can be up to 1460 bytes (see tcp_sendmsg for details).

TCP/SCTP will slice the data according to MTU, and then the work of layer 3 only needs to add the IP header to the passed slices (that is, when this function is called, layer 4 has actually sliced ​​the data).

Segmentation offload

Now many network cards support data fragmentation. In this way, the upper layer L4/L3 does not need to be fragmented (maximum 64KB), but is completed by the NIC, thereby improving network performance.

• Large Segment Offload (LSO): Enables the network protocol stack to push packets exceeding PMTU to the network card, which then performs the fragmentation work, thus reducing the CPU load.
• TCP Segmentation Offload (TSO): Similar to LSO, for TCP protocol packets
• UDP Fragmentation Offload (UFO): Similar to TSO, for UDP packets
• Large Receive Offload (LRO): Aggregates received packets into a large data packet and then sends it to the protocol stack for processing
• Generic Segmentation Offload (GSO): An enhancement of TSO/LSO, supporting both TCP and UDP protocols, responsible for fragmenting packets exceeding the MTU
• Generic Receive Offload (GRO): An enhancement of LRO, responsible for aggregating multiple received packets into a large data packet and then sending it to the protocol stack for processing

PMTU (Path Maximum Transmission Unit Discovery)

The purpose of PMTU is to dynamically determine the minimum MTU on the entire path from the sender to the receiver, thereby avoiding packet fragmentation. Note that PMTU only supports TCP and is invalid for other protocols such as UDP. In addition, if the sender has enabled PMTU, the DF flag of all TCP/IP packets it sends is set to 1, which means that packet fragmentation is no longer allowed. When a router on the network path finds that the sender's packet cannot be sent because it exceeds the MTU of the previous forwarding path, it returns an ICMP "Destination Unreachable" message to the sender, which contains the MTU. The sender then saves the MTU value in its routing table and resends a new smaller packet using a smaller MTU.

Example 1: Exceeding MTU, DF = 0 => Router splits and sends, receiving host reassembles

Example 2: Exceeded, DF = 1 => PMTU, the sender resends in a small packet