Internet protocol

Basic protocol of Internet (and intranets). The Internet Protocol (IP protocol) is a data-oriented protocol used for communicating data across a packet-switched internetwork. IP is a network layer protocol in the internet protocol suite and is encapsulated in a data link layerEthernet). As a lower layer protocol, IP provides the service of communicable unique global addressing amongst computers. No circuit setup is needed before a host tries to send packets to a host it has previously not communicated with (this is the point of a packet-switched network), thus IP (Internet protocol) is a connectionless protocol. This is quite unlike Public Switched Telephone Networks that require the setup of a circuit before a phone call may go through (a connection-oriented protocol).

Two versions currently deployed:

IPv4: by far the most common

Addresses look like 147.188.193.16

That's actually a class B address; UoB has the entire range 147.188.x.x (65,000 addresses)

American universities and large companies often have class A addresses: HP has 15.x.x.x (10M addresses)

There's a theretical maximum of 2³² (about 4.3 billion) addresses, which for historical reasons are very unevenly shared out

Originally, addressing had some kind of geographical coherence

China doesn't have any A or B addresses, but about 40M "remaining unallocated"
Routing tables get very messy

IPv6: intended successor to IPv4

Supports 2¹²⁸ addresses; this is about 10³⁸, or approximately 10²⁸ addresses for each person alive today, or 10²³ addresses per square metre of the planet
Better security (incorporates IPSec)
Very small takeup so far

BT's 21CN is a major new network for the UK -- based on IPv4!
China's Next Generation Internet project (CNGI) is a five-year plan -- IPv6
Japan, Korea have significant deployments of IPv6

Heterogeneous

IP is implemented on a variety of networks "below"

Ethernet, ATM, FDDI, Wi-fi, token ring, etc. -- it makes no difference to the upper layer protocols.
Each data link layer has its own method of addressing, with a corresponding need to resolve IP addresses to data link addresses. This address resolution is handled by the Address Resolution Protocol (ARP).

Unreliable

IP provides an unreliable service (i.e., best effort delivery). This means that the network makes no guarantees about the packet and none, some, or all of the following may apply:

data corruption
out of order (packet A may be sent before packet B, but B can arrive before A)
duplicate arrival
lost or dropped/discarded

In terms of reliability the only thing IP does is ensure the IP packet's header is error-free through the use of a checksum. This has the side-effect of discarding packets with bad headers on the spot, and with no required notification to either end.

Transport protocols

TCP

Using TCP, applications on networked hosts can create connections to one another

TCP guarantees reliable and in-order delivery of data from sender to receiver.
TCP also distinguishes data for multiple connections by concurrent applications (e.g., Web server and e-mail server) running on the same host.

TCP uses port numbers to identify sending and receiving application end-points on a host

also known as internet sockets
Each side of a TCP connection is associated with a16-bit port number (1-65535) reserved by the sending or receiving application.
A server computer can provide several clients with several services simultaneously

TCP supports many of the Internet's most popular application protocols and resulting applications,

email: IMAP (port 143), POP3 (port 110), SMTP (port 25)
Web: HTTP (port 80), HTTPS (port 143)
FTP (port 21), telnet (port 23), ssh (port 22)

TCP packet

+	Bits 0–3	4–7	8–15	16–31
0	Source Port			Destination Port
32	Sequence Number
64	Acknowledgment Number
96	Data Offset	Reserved	Flags	Window
128	Checksum			Urgent Pointer
160	Options (optional)
160/192+	Data

TCP/IP packet

+	Bits 0–3	4–7	8–15	16–31
0	Source address
32	Destination address
64	Zeros		Protocol	TCP length
96	Source Port			Destination Port
128	Sequence Number
160	Acknowledgement Number
192	Data Offset	Reserved	Flags	Window
224	Checksum			Urgent Pointer
256	Options (optional)
256/288+	Data

UDP

TCP not appropriate for some applications

Real-time applications, such as internet radio, IPTV, VoIP, online games

More important to get most of the data in a timely fashion than it is to get all of the data in order.

Simple protocols in huge volume

DNS servers

UDP is a lighter-weight alternative to TCP

Provides the application multiplexing and checksums that TCP does
but does not handle building streams or retransmission

application developer designs those in a way suitable for the situation

UDP uses port numbers like TCP, and supports application protocols

Networking protocols: DHCP (port 67), routing (513, 520)
File serving: NFS (2049), CIFS/SMB (445)
Time synchronisation: NTP (123).

UDP packet

+	Bits 0 - 15	16 - 31
0	Source Port	Destination Port
32	Length	Checksum
64	Data

UDP/IP packet

+	Bits 0 - 7	8 - 15	16 - 23
0	Source address
32	Destination address
64	Zeros	Protocol	UDP length
96	Source Port		Destination Port
128	Length		Checksum
160	Data

Protocol stacks

The IP stack

The protocols that run on IP networks are often arranged in five layers.

Internet protocol suite
5. Application layer
DHCP • DNS • FTP • HTTP • IMAP4 • IRC • MIME • POP3 • SIP • SMTP • SNMP • SSH • TELNET • TLS/SSL • BGP • RPC • RTP • RTCP • SDP • SOAP • BitTorrent • …
4. Transport layer
TCP • UDP • DCCP • SCTP • …
3. Network layer
IP (IPv4 • IPv6) • ARP • IPSec • ICMP • IGMP • RSVP • IGP • RARP • …
2. Data link layer
ATM • Bluetooth (PAN-Profile) • DTM • Ethernet • FDDI • Frame Relay • GPRS • Modems • PPP • Wi-Fi • …
1. Physical layer
Bluetooth RF • Ethernet physical layer • ISDN • Modems • RS232 • SONET/SDH • USB • Wi-Fi • Power line communication • …

The idea:

Each layer solves a set of problems involving the transmission of data

A layer provides a well-defined service to the upper layers protocols. . .
. . . based on using services from some lower layers.

Upper layers are logically closer to the user and deal with more abstract data.

Lower layers take charge of nitty-gritty of physical transmission.

In practice

It's a bit more messed up than that. E.g.,

Where to put DHCP?
Where to put TLS/SSL?

The OSI model

OSI Model
	Data unit	Layer	Function
Host layers	Data	Application	Network process to application
		Presentation	Data representation and encryption
		Session	Interhost communication
	Segments	Transport	End-to-end connections and reliability
Media layers	Packets	Network	Path determination and logical addressing (IP)
	Frames	Data link	Physical addressing (MAC & LLC)
	Bits	Physical	Media, signal and binary transmission

The Open Systems Interconnect Basic Reference Model (OSI Model) is also a layered, abstract description for network protocol design, developed by the International Organization for Standardization (ISO).

It adds two layers between "application" and "network" -- which provides a proper space for TLS.

The idea of encapsulation

Network address translation (NAT)

popular a way to deal with the IPv4 address shortage

standard feature in routers for home and small-office Internet connections

Typically, use one of the designated "private" IP address subnets (192.168.x.x, 172.16.x.x through 172.31.x.x, and 10.x.x.x)

router maps between those addresses and the single "public" address
as traffic passes from the local network to the Internet, the source address in each packet is translated on the fly from the private addresses to the public address.
The router tracks basic data about each active connection (particularly the destination address and port).

When reply returns to the router, it uses the connection tracking data it stored during the outbound phase to determine where on the internal network to forward the reply
the TCP or UDP client port numbers are used to demultiplex the packets

Problems of NAT

Hosts behind a NAT-enabled router do not have true end-to-end connectivity

Cannot offer services

Incompatible with IPSec

NAT modifies values in the headers which interfere with the integrity checks done by IPsec and other tunneling protocols.

Slows the acceptance of IPv6,

Benefits of NAT

Interim solution to IPv4 address shortage
NAT router acts like a firewall

Network security approaches

At which layer should we provide security?
Quite a difficult question.

Layer	Advantages	Disadvantages
Application	Least general, but most flexible Fine-grained security under control of application Can work with proxies and application-layer firewalls proxy simply acts as a server and a client	Application specific Only protects payload Traffic analysis possible
Transport TLS	Not transparent to applications, but provides uniform security across applications More fine-grained than IPSec works at transport level Works fine with NAT	Only applicable to secure TCP applications Doesn't work with UDP Only protects payload Traffic analysis possible Doesn't work with proxies and application-layer firewalls Designed to resist man-in-middle Web proxies just pass https connections on
Network IPSec	Most general but least flexible Transparent to applications No need to change applications if deploy IPSec on firewall or router No need to train users, issuing/revoking keys on user-basis Flexible policy framework Can provide security for particular apps or particular users Provides routing security authentication or redirects In some modes, source/destination addresses protected as well as the message content	Complicated to administrate Designed for IPv6 Doesn't work with NAT apparently one of its design goals Doesn't work with proxies and application-layer firewalls
Datalink Wifi	Secures specific link protocols (e.g., wireless)