Top-down understanding of the network (5) - IP articles
At this point in this blog series, we've come a long way in understanding the web. You may have discovered that due to the existence of the network layered model, each layer has a clear task and purpose, making the work of each layer less complicated, and the upper layer does not need to care about the implementation of the lower layer. The entire network structure has for greater flexibility and scalability. In the last article, we introduced the TCP protocol, which is a reliable transmission protocol that ensures accurate and error-free transmission of application-layer data to the destination. From the perspective of the network model, the protocol of the TCP attribute transport layer, and the TCP protocol data of the transport layer will eventually be composed into IP datagrams, and begin to enter the real data transmission. In this article, we will enter the core part of the network world: the network layer. Introduce the IP protocol.
1. Talk about the IP protocol
IP is a protocol that defines how networks are interconnected, and is the core protocol in the TCP/IP protocol suite. Compared with the TCP protocol at the transport layer, the biggest feature of the IP protocol is that it is unreliable and connectionless. The so-called unreliable means that the IP protocol does not guarantee that the IP datagram can successfully reach the destination, and any error occurs during the data transmission, the datagram will be discarded. Connectionless means that IP does not maintain any connection information related to datagrams, each data transmission is independent, and the routing of each datagram is also independent, so the arrival order of IP datagrams is also out of order. of.
First of all, we can casually look at the datagram of the IP layer during a network communication process, as shown in the following figure:
We know that in each layer of the network model, the lower-layer protocol gets the upper-layer data, and splices the header information of the protocol of this layer as a complete datagram and then transmits it to the lower layer for processing. The example in the above figure is part of the fields of the IP layer data header. It can be seen that when we usually use application layer protocols such as HTTP/HTTPS to communicate, we process business logic according to the path in the domain name, and the TCP protocol below distinguishes applications according to the port number. When it comes to the IP protocol At this layer, there is no concept of any domain name and port number, and it provides the end-to-end network communication function.
1. Header composition of IP datagram
The structure definition of the IP protocol is shown in the following figure:
It can be seen that for IP datagram, if its header has no special configuration options, it is fixed to 20 bytes in length.
Bits 0 to 3: mark the version of the IP protocol used, if the ipv4 version is used, this value is 4, if the ipv6 version is used, this value is 6.
Bits 4 to 7: Records how many 32-bit data the length of the IP datagram header is.
Bits 8 to 15: It marks the type of service, which will indicate the minimum delay and maximum throughput information.
Bits 16 to 31: These 16 bits of data record the total length (bytes) of the entire IP datagram, including header information and data information. Since it has only 16 bits, its maximum value is 65535, an IP datagram The maximum length is 65535 bytes.
Bits 32 to 47: This 16-bit data is an identification field with a function similar to id. When a datagram fragment occurs, the value of this field is copied to all fragments to help the receiver to centrally process it.
Bits 48 to 50: These 3 bits are 3 flag bits, of which the first bit is a reserved bit and is not currently used. Bit 2 indicates whether the datagram can be fragmented. If set to 1, the machine cannot fragment the datagram. The last 1 bit indicates whether the current datagram is the last segment, if there is a next segment, this bit is set to 1, otherwise it is set to 0.
Bits 51 to 63: These 13 bits indicate the relative position of the fragmented data in the source datagram. If there is no fragmentation, this value is 0.
Bits 64 to 71: Time-to-live field, this field is a simple counter indicating the maximum number of paths the datagram can travel through. Once the datagram is processed by a router, this value will decrease by 1, and when the value is 0 , the datagram is discarded.
Bits 72 to 79: This field indicates what protocol is used to parse the data after IP has processed the data. 17 is the UDP protocol and so on.
Bits 80 to 95: This field is the checksum field, occupying 16 bits, and is used to verify the integrity of the IP datagram header.
Bits 96 to 127: These 32 bits of data record the IP address of the source host.
Bits 128 to 159: These 32 bits of data record the target host IP address.
It should be noted that the above analysis takes the ipv4 version as an example. For the ipv6 protocol, the meaning of the header information fields will be changed. For example, the source address and destination address are both extended to 128 bits.
2. IP routing strategy
Knowing the basic situation of IP datagram composition, let's think about the implementation of specific network communication. This will involve the relevant content of IP routing. In fact, IP routing is not as complicated as imagined, although the network itself is intricate in the world. We can think about it this way: To access the network, any device must be connected to the network through the link layer. Taking a personal PC as an example, it must be connected to the Internet in a wired or wireless way. Communicate with this PC. Therefore, if the destination host is directly connected to the source host, the IP datagram will be sent directly from the source host to the destination host, there is nothing difficult to understand. The slightly more complicated part is that if the source host and the destination host are not directly connected, the IP datagram needs to do routing logic. The process is briefly described as follows:
1. The source host searches the local routing table to find the network where the destination IP is located. If it is found, it will be sent to this network. If it is not found, it will be sent to the default address configured in the routing table.
2. The device that receives the IP datagram may be a host or a router device (in fact, the host can also configure the router function). It will first determine whether the destination address in the IP datagram is the local IP or broadcast address. , if yes, parse the datagram for processing, if not, it indicates that this datagram needs to be forwarded. If the current device is an ordinary host and has no routing function, the datagram will be discarded directly. If the currently receiving device is a router, it searches its own routing table, performs similar actions to process 1, and forwards the datagram out. Currently, it also checks whether the time-to-live of the datagram is normal before forwarding.
3. The next-hop receiving device repeats step 2 until the data reaches the destination host, or the forwarding times exceed the datagram lifetime.
The routing table is mentioned above. The routing table is a piece of routing information maintained by the IP layer. Each record in the routing table contains 4 fields, namely:
Destination IP Address: This item can be either a complete host address or a network address.
Next-hop IP address: The address to which the data is to be forwarded.
Flag field: Specifies whether the destination IP address in this record is a network address or a host address. Also used to indicate whether the next-hop IP address is a router or a directly connected interface.
Transmit Specified Network Interface: Transmit the datagram to the specified network interface.
If you are using a Mac computer, you can print the local routing table by typing the following command in the terminal:
netstat -nr
An example of output information is as follows:
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 192.168.1.1 UGScg en0
10.8/24 10.8.0.2 UGSc utun0
10.8.0.2 10.8.0.1 UH utun0
127 127.0.0.1 UCS lo0
127.0.0.1 127.0.0.1 UH lo0
169.254 link#6 UCS en0 !
192.168.1 link#6 UCS en0 !
192.168.1.1/32 link#6 UCS en0 !
192.168.1.1 8c:73:a0:ef:e8:11 UHLWIir en0 1174
192.168.1.3/32 link#6 UCS en0 !
192.168.1.3 88:66:5a:b:69:2b UHLWI lo0
224.0.0/4 link#6 UmCS en0 !
224.0.0.251 1:0:5e:0:0:fb UHmLWI en0
239.255.255.250 1:0:5e:7f:ff:fa UHmLWI en0
255.255.255.255/32 link#6 UCS en0 !
Internet6:
Destination Gateway Flags Netif Expire
default fe80::1%en0 UGcg en0
default fe80::%utun1 UGcIg utun1
default fe80::%utun2 UGcIg utun2
default fe80::%utun3 UGcIg utun3
default fe80::%utun4 UGcIg utun4
default fe80::%utun5 UGcIg utun5
default fe80::%utun6 UGcIg utun6
::1 ::1 UHL lo0
2409:8a1e:2147:e770::/64 link#6 UC en0
2409:8a1e:2147:e770:1e:db2d:96a4:cf35 88:66:5a:b:69:2b UHL lo0
2409:8a1e:2147:e770:a823:bf83:873f:1241 88:66:5a:b:69:2b UHL lo0
fe80::%lo0/64 fe80::1%lo0 UcI lo0
fe80::1%lo0 link#1 UHLI lo0
fe80::%en5/64 link#4 UCI en5
fe80::aede:48ff:fe00:1122%en5 ac:de:48:0:11:22 UHLI lo0
fe80::aede:48ff:fe33:4455%en5 ac:de:48:33:44:55 UHLWIi en5
fe80::%en0/64 link#6 UCI en0
fe80::1%en0 8c:73:a0:ef:e8:11 UHLWIir en0
fe80::1cb4:b83d:af72:eebe%en0 88:66:5a:b:69:2b UHLI lo0
fe80::%awdl0/64 link#7 UCI awdl0
fe80::7c27:deff:fe56:fc75%awdl0 7e:27:de:56:fc:75 UHLI lo0
fe80::%llw0/64 link#9 UCI llw0
fe80::7c27:deff:fe56:fc75%llw0 7e:27:de:56:fc:75 UHLI lo0
fe80::%utun1/64 fe80::1f51:69aa:bba3:107%utun1 UcI utun1
fe80::1f51:69aa:bba3:107%utun1 link#15 UHLI lo0
fe80::%utun2/64 fe80::d0d1:ddd2:5699:a7eb%utun2 UcI utun2
fe80::d0d1:ddd2:5699:a7eb%utun2 link#16 UHLI lo0
fe80::%utun3/64 fe80::24c9:ab2d:b06c:ee2b%utun3 UcI utun3
fe80::24c9:ab2d:b06c:ee2b%utun3 link#17 UHLI lo0
fe80::%utun4/64 fe80::aa3:5b6:85:9502%utun4 UcI utun4
fe80::aa3:5b6:85:9502%utun4 link#18 UHLI lo0
fe80::%utun5/64 fe80::383a:6846:f4a5:7d30%utun5 UcI utun5
fe80::383a:6846:f4a5:7d30%utun5 link#20 UHLI lo0
fe80::%utun6/64 fe80::7017:7a51:2293:202%utun6 UcI utun6
fe80::7017:7a51:2293:202%utun6 link#21 UHLI lo0
ff00::/8 ::1 UmCI lo0
ff00::/8 link#4 UmCI en5
ff00::/8 link#6 UmCI en0
ff00::/8 link#7 UmCI awdl0
ff00::/8 link#9 UmCI llw0
ff00::/8 fe80::1f51:69aa:bba3:107%utun1 UmCI utun1
ff00::/8 fe80::d0d1:ddd2:5699:a7eb%utun2 UmCI utun2
ff00::/8 fe80::24c9:ab2d:b06c:ee2b%utun3 UmCI utun3
ff00::/8 fe80::aa3:5b6:85:9502%utun4 UmCI utun4
ff00::/8 fe80::383a:6846:f4a5:7d30%utun5 UmCI utun5
ff00::/8 fe80::7017:7a51:2293:202%utun6 UmCI utun6
ff01::%lo0/32 ::1 UmCI lo0
ff01::%en5/32 link#4 UmCI en5
ff01::%en0/32 link#6 UmCI en0
ff01::%awdl0/32 link#7 UmCI awdl0
ff01::%llw0/32 link#9 UmCI llw0
ff01::%utun1/32 fe80::1f51:69aa:bba3:107%utun1 UmCI utun1
ff01::%utun2/32 fe80::d0d1:ddd2:5699:a7eb%utun2 UmCI utun2
ff01::%utun3/32 fe80::24c9:ab2d:b06c:ee2b%utun3 UmCI utun3
ff01::%utun4/32 fe80::aa3:5b6:85:9502%utun4 UmCI utun4
ff01::%utun5/32 fe80::383a:6846:f4a5:7d30%utun5 UmCI utun5
ff01::%utun6/32 fe80::7017:7a51:2293:202%utun6 UmCI utun6
ff02::%lo0/32 ::1 UmCI lo0
ff02::%en5/32 link#4 UmCI en5
ff02::%en0/32 link#6 UmCI en0
ff02::%awdl0/32 link#7 UmCI awdl0
ff02::%llw0/32 link#9 UmCI llw0
ff02::%utun1/32 fe80::1f51:69aa:bba3:107%utun1 UmCI utun1
ff02::%utun2/32 fe80::d0d1:ddd2:5699:a7eb%utun2 UmCI utun2
ff02::%utun3/32 fe80::24c9:ab2d:b06c:ee2b%utun3 UmCI utun3
ff02::%utun4/32 fe80::aa3:5b6:85:9502%utun4 UmCI utun4
ff02::%utun5/32 fe80::383a:6846:f4a5:7d30%utun5 UmCI utun5
ff02::%utun6/32 fe80::7017:7a51:2293:202%utun6 UmCI utun6
The above routing table contains ipv4 and ipv6 routing records, we only care about ipv4 first. It can be seen that the destination address of the first record is default. Almost all network communications on my current device will hit this routing information, and its corresponding next-hop address is 192.168.1.1, which is the address of my router. , so it can be seen that for personal computers, most of the network access is completed through the forwarding of the router (there will be different from the device directly connected to the network cable).
For the Flags field in the routing table, we can take a deeper look. There are 5 types of tags that can be configured and aggregated. The tags are listed as follows:
U: This mark indicates that this routing record is available.
G: Indicates that the route is connected to a gateway (router), if there is no such mark, it indicates a direct connection.
H: Indicates that the destination address of the route is a host. Without this flag, the destination address is a network.
D: Indicates that the route is created by redirection packets.
M: Indicates that the route is created by redirected packets.
From the way of routing and forwarding, we can also understand that IP routing is carried out hop-by-hop. No matter which process device it is on, the IP layer cannot know the complete routing path (unless the source host is directly connected to the destination host). of). When forwarding IP datagrams, we can only determine that the next route is closer to the destination host than the current host.
3. About IP encoding
Now, let's review how IP addresses are encoded. First of all, we are talking about ipv4 this time, each IP address contains a network number and a host number, and all hosts on the same network have the same network number. In order to facilitate adaptation to networks of different capacities, IP addresses are divided into five categories.
Class A: IP address range from 1.0.0.1 - 127.255.255.254
For a class A address, the first segment of the number is the network, and the next three segments are the host number, so the number of networks that can be assigned is very small, only 126, and the number of hosts that can be assigned to each network is very large. There are 16777214.
Class B: IP address range from 128.0.0.1 - 191.255.255.254
The first two segments of a class B address are the network number, and the last two segments are the host number. Class B addresses can be assigned 16,384 networks, and each network can be assigned 65,534 hosts.
Class C: IP address range from 192.0.0.1 - 223.255.255.254
The first three segments of a class C address are the network number, and the last segment is the host number. Therefore, the number of networks that can be assigned is 2,097,152, and the number of hosts that can be assigned to each network is 254.
Class D: IP address range from 224.0.0.0 - 239.255.255.255
Class D IP addresses are multicast addresses.
Class E: IP addresses in the range 240.0.0.0 - 255.255.255.255
This class is reserved for special purposes.
If you enter the IP address in Baidu, you can see the IP assigned to the network currently connected to the computer, as shown in the following figure:
In addition to the IP addresses mentioned above, there are also some special IP addresses, such as 0.0.0.0 corresponding to the current host. 255.255.255.255 is the broadcast address of the current subnet. The addresses from 127.0.0.1 to 127.255.255.255.255 are used for loopback testing. For example, 127.0.0.1 can also represent the local IP.
In fact, for the host number, it can also be split into a subnet number and a host number during application. Therefore, by adding a subnet mask to the IP address, the IP address can be divided into network number, subnet number and host number. No.
2. About the ICMP protocol
Through the previous introduction, we know that the IP protocol sends data to the destination hop by hop through routing, but not all the sending process is problem-free. In fact, the probability of abnormality is not small. At this time, the router or host in which the problem occurs will return important information to the source host through the ICMP protocol.
The ICMP protocol is considered as one of the components of the IP layer, and we still understand it as a protocol at the network layer. The ICMP protocol is based on the IP protocol. The full name of the ICMP protocol is the Internet Control Message Protocol, which is the Internet Control Message Protocol. It transmits control messages before IP hosts, routers and other devices, mainly including information such as whether the network is connected, whether the host is reachable, and whether the route is available.
1. ICMP message format
The packet format of ICMP is shown in the following figure:
It can be seen that the first 4 bytes of the ICMP packet are fixed.
Bits 0 to 15: Identifies the ICMP type and the corresponding code. The first 8 digits identify the type, and the last 8 digits identify the code.
Bits 16 to 31: Contains the checksum of the Zhengge ICMP datagram, which is the same as the checksum of the IP header.
The data format of other bits is not uniform and will vary according to the type of ICPM message. In short, type and code will eventually determine the complete format of the ICMP message.
2. The type of ICMP protocol
The following figure fully enumerates the types defined by ICMP packets:
It can be seen that the ICMP packet will send the exception information to the source host when an error occurs in the IP service. However, in order to avoid network storms, not all exceptions will generate an ICMP receipt. The following scenarios will not send ICMP datagrams :
1. The IP layer of ICMP itself is wrong.
2. The destination address is an IP packet of a broadcast or multicast address.
3. As a datagram broadcast by the link layer.
4. A datagram that is not the first fragment of an IP fragment.
5. A datagram whose source address is a zero address, a loopback address, a broadcast address, or a multicast address.
3. Application of ICMP
ICMP is an essential functional protocol of the IP layer. It is not only used to assist the IP layer in processing related logic, but also has great applications in network sniffing.
1.Ping tool
In the previous ICMP type table, there is an ICMP type whose type is 8 and code is 0, which means that an echo request is made, that is, after we send an ICMP message in this format to the destination host, the host is required to re-transmit the sent data. Send it back to us. This feature is very useful, we can use it to test whether the destination host is reachable. The commonly used Ping tool is based on this principle.
We can experience it first. We can enter the following command in the terminal to initiate a ping request:
ping huishao.cc
The function of the above command is to ping the domain name huishao.cc. A complete ping test will generate two ICMP packets, one for the request and one for the echo, as shown in the following figure:
Through the timestamp of the request and receipt, we can calculate the time-consuming situation in the network transmission, so as to analyze the network stability.
2.traceroute tool
As we mentioned earlier, any intermediate device in the IP layer, including the initiating device, does not know the complete routing link. Sometimes in order to analyze the problem, we need to obtain an IP data packet in the network communication during the transmission process. The processing of each hop can also be completed through the ICMP protocol at this time. You should remember that there is a field marking the time of life in the IP protocol header. After each intermediate router processes the IP datagram, it will decrement the value of this field by 1. When it is 0, the router will no longer forward it and return directly. An ICMP datagram with type 11 and code 0. We can detect all routing processes from the source host to the destination host by sending IP packets with increasing TTL to the target host in turn by using this new feature.
For example, enter the following command in the terminal:
traceroute huishao.cc
Through the packet capture of the Wireshark tool, you can see the IP packets with increasing TTL and the corresponding ICMP receipts, as shown below:
It can be seen that the probe packet initiated by the traceroute program is actually data in UDP format, and the corresponding ICMP data packet will contain the current corresponding IP header and UDP data.
3. Ending
The core purpose of this series of blogs is to be able to understand the network intuitively from the top down. Starting with the most commonly used website visits, we learned about the DNS protocol for domain name resolution, HTTP for processing application data and the more secure HTTPS protocol, the TCP protocol for reliable data transmission, and the network layer involved in this article is responsible for routing IP protocol. Of course, the content introduced in the article is only for the purpose of attracting new ideas, and the technology involved in each detail point can be expanded and learned. At present, for us, the structure of the entire Internet is gradually becoming clear, but it is not complete. In the final analysis, the communication of the network must be carried out on the real physical machine, and the IP address is only an abstract network address, then the network device How to find the corresponding physical machine based on the IP address? More protocols of the network layer and how it works under the network layer, we will talk about it later!
Focus on technology, love life, exchange technology, and be friends.
——Hunshao QQ: 316045346
At the same time, if this article is useful to you, please share it with more friends, please indicate the source.