My Ramblings

If you are reading this you must be pretty bored…

Internet Core Protocols

23 September 2006

http://ecx.images-amazon.com/images/I/51tnRheeDFL._SL160_.jpgThis is the book that I cut my teeth on when I decided to transition from application development to operations.  It is a great intro into the core protocols used on the Internet and was very helpful in getting me up to speed on TCP/IP, multicasting, etc. which is what I deal with every day at the office.  This book doesn't cover all the protocols as it is missing some pretty major ones such as DNS, HTTP, etc. but it is a good starting point.  Here are some of the notes I took while reading.

 

 

  • When two devices on a network communicate they don't use IP but rather they use the protocols that are specific to the wire (data-link) itself such as electrical impulses for Ethernet
  • Data can be ant to an IP address, and the data will be encapsulated and transmitted according to the rules of each of the intermediary networks.
  • Routing occurs at the network layer (IP) while delivery occurs at the data-link layer (Ethernet)
  • The only thing that IP does is move data (datagram) from one host to another, one network at a time; provides relaying and delivery decisions
  • IP provides a virtual network onto of the physical network and uses IP datagrams to allow a host to send whatever data needs to be sent and IP packets to send this data according to the characteristic of each intermediary network
  • When a system has to send a datagram it looks at the routing table to find the appropriate network interface to send the outbound traffic through
  • RIP and OSPF are used to build routing tables but they are generally only run on routers so that not to add overhead on all hosts; then a routing table would only need the IP of the default gateway to get to a router which knows where to send the data
  • IP datagrams are unique entities which can travel across whichever route is best at that time; IP doesn't care if it gets lost, arrives out of sequence, etc.
  • Every IP datagram that is received must have its header against its checksum; no data is verified
  • The TTL of an IP packet is decremented by 1 before forwarding the packet and if the value reaches 0 it is destroyed; used to prevent undeliverable loops from occurring
  • MTU is the maximum amount of data the network can carry in a single frame; if the size of the datagram is bigger than the MTU then it needs to be fragmented to into multiple packets for transmission
  • Local networks use the same MTU so packets should not be fragmented
  • Fragments are not reassembled until they reach the destination system
  • IP offers direct support for prioritization of packets
  • 0.0.0.0 is the default route which is used when the host does not know how to route the data
  • ARP is used to identify the hardware addresses of other dives on the same network
  • ARP issues broadcasts onto the network asking for a host with the specific IP address to respond with its hardware address; if it exists the response is sent directly to the requestor and added to the ARP cache to eliminate repeat broadcasts
  • If ARP cache timeouts are too high they can cause issues when IP addresses are changed
  • Inverse ARP is used to find the IP address of a hardware address
  • Gratuitous ARP is used when a device issues an ARP broadcast for the sole reason of keeping devices informed of its presence on the network; devices won't add but only update cache
  • Broadcasts are meant for every host on the network
  • Multicast allows for a system to send data to a group address; hosts can choose what network streams they want to monitor
  • Multicast allows for broadcast-like activity while providing support for remote hosts and networks on a selective basis
  • IGMP is not a transport protocol it is a control protocol useful for informing devices of network events and changes
  • The default TTL for a multicast datagram is 1; IGMP packets should only every have a TTL of 1 as they are only for the local network and should never be forwarded
  • Multicast group addresses are in class D (224.0.0.0. - 239.255.255.255)
  • Any host can send data to a multicast address; if it wants to participate in the group as a listener it must notify the local IP stack
  • The primary rule of a multicast router is to only forward multicast traffic to networks that have expressed interest in it
  • ICMP membership reports are sent by the host to the multicast address whenever a host wishes to participate in a multicast group
  • ICMP leave reports are used to announce that a particular host is no longer interested in receiving messages from the group
  • ICMP membership queries are used by routers to determine if ANY hosts are still listening to the group
  • Multicast routers are required for multicast across networks
  • Multicast datagrams are basically indistinguishable from IP datagrams so one way to test for basic multicast functionality is to ping the group address to determine which hosts are currently listening
  • ICMP is not a transport protocol but rather a control protocol used for informing devices of network events and changes
  • Semipermanent failures need to be reported to the sender immediately since these kinds of failures indicate that there is a problem in the way that the sender is trying to use the network
  • ICMP is used to send failure message back to a system when a semipermanent delver problem has been detected
  • Ping allows you to verify connectivity between devices using ICMP Echo Request and Echo Reply
  • Traceroute allows you to identify the route that datagrams are taking on their war to a remote device; this is achieved by sending a services of packets with incrementally larger TTL values and monitoring ICMP Time Exceeded error messages as the packets expire on the their way to the destination
  • UDP provides a stateless, lightweight, and unreliable transport service which is appropriate for any application that has to issue frequent update messages or that doesn't require that every message gets delivered
  • Performance can be gained by removing the overhead associated with reliability and therefore applications that use it must implement their own error checking and fault management
  • Steaming applications benefit greatly from UDP because the individual messages are not as important as the overall stream
  • A socket is used to identify a IP address and port combination; socket pairs consist of both endpoints