Article directory
foreword
Why is TCP/IP often put together? This is because the core work of the IP layer is to locate the host through the IP address, and has the ability to send a datagram from host A to host B across the network, and the strategy provided by TCP enables the IP layer to reliably send a datagram from host A to host B. Host A sends to host B across the network.
The role of the network layer:
Determine an appropriate path in a complex network environment.
The network layer is mainly responsible for address management and routing selection. For example, in the IP protocol, a host is identified by the IP address, and the data transmission line (route) between the two hosts is planned through the routing table. The router works in Network layer.
1. IP protocol
1. In path selection, the destination IP is very important, which determines how our path should be taken.
2. ip = target network + target host (first there is a concept: ip address is divided into target network and target host, and ip address supports our routing on the road.)
Host: equipped with an ip address Router: equipped with an ip address and capable of routing control Node: collectively referred to as a host and a router
1. IP protocol header
As we said before, to learn the protocol, we must first understand two issues:
1. How to separate header and payload?
2. How to deliver?
As shown in the figure above, except for the data (the data is what we often call the payload), they are all headers, and the options are generally not concerned, so the standard length header of IP is 20 bytes.
4-bit header length: The basic unit of 4-bit header length is 4 bytes, which indicates the total length of the IP header. The 4-bit header length is also present in the TCP header. Since it is a 4-digit header length, it is 0000 ~ 1111, which is [0,15] and then multiplied by 4->[0,60]
And because the standard length header is 20 bytes, the header length of the IP data packet is [20, 60] minimum 20 bytes, maximum 60 bytes, 40 bytes of which are used for IP options. Let the length of the 4-digit header be x, x*4 = 20, and the length of the 4-digit header is 5, and the binary representation is 0101.
16-bit total length: represents the total length of the IP message (that is, the header and data packet). Since it occupies 16 bits, the maximum value of the IP data packet is 65536. It is valid to subtract the header length from the 16-bit total length The length of the payload, so we separate the header from the payload.
When we have separated the payload from the header, it's time to think about how to deliver it upwards.
8-bit protocol: How do you know whether you are delivering the TCP protocol or the UDP protocol when delivering upwards? It is controlled by an 8-bit protocol, so this field indicates that IP should send this data packet to a higher-level protocol in the next step, such as 6 for TCP and 17 for UDP.
16-bit header checksum: check the entire IP header, if the check fails, the packet will be discarded directly.
8-bit survival space: the maximum number of hops for the data packet to reach the destination. This field is mainly used to prevent routing loops. Because the data packet will jump from one node to another node in the network environment, each jump will reduce the survival time, and the packet will be discarded when the time is reduced to 0 before reaching the target host.
32-bit source IP address: When the message jumps from the host to the router, how does the router know where you are coming from? So the 32-bit source IP address indicates the sender.
32-bit destination IP address: The source IP will change many times in the route, but there is only one destination IP, just like the ultimate goal of Tang Seng in Journey to the West is Xitian, which represents the destination IP. When going from Heifengling to Daughter Country, the source IP becomes Heifengling, but the destination IP is still Xitian.
4-digit version: generally IPV4.
8-bit service type: generally used to implement QoS requirements, and this value is a default value in the data packets we generally capture now.
2. Network segment division
What is network segment division? Why do we need to divide the network segment? How to divide the network segment?
Network segmentation is to divide the IP address into two parts, the network number and the host number.
Network ID: Ensure that two network segments connected to each other have different identifiers.
Host number: In the same network segment, hosts have the same network number, but must have different host numbers.
Network segment division can greatly improve the search and forwarding efficiency of data packets. For example, there are 23 provinces in China. If there is no network segment division, the data packets sent from Beijing to Xi’an will traverse the 23 provinces in turn to see which one is Xi’an. If the network segment is divided, then it can be directly found that the data packet is sent to Xi'an, and it can be directly transferred to Xi'an. It's like losing your student ID card in a university, you can tell which college, which major and which class you belong to according to your student number.
Therefore, every host in the Internet belongs to a certain subnet, which is for the convenience of locating the host. This is why there is subnetting.
First of all, an IP address has 32 bits. We use the first 8 bits to identify each country. Each country has an international router, so each country has its own set of representations. For example, 8 bits are used to represent each country in China. Province, so the IP address is like our ID card.
As shown in the figure above, we can see that a device like a router must bridge at least two subnets, so the router must belong to both network segment 1 and network segment 2, and the router is also a host. Since it must belong to two network segments, Then there must be an ip address in each network segment. Generally, the ip of the router is the network segment identifier .1. In the above figure, we can call a network composed of routers a subnet. When there are many such routers and we connect many such routers, we can call it a public network.
CIDR
Generally in a subnet, the device that manages the IP in the subnet is usually a router. The destination network and subnet mask, and the hosts in the subnet, will be managed by the router. The destination network and subnet mask are actually configured within the router. As can be seen from the above figure, the network number is generally the result of the bitwise AND of the IP address and the subnet mask. Generally, all 0s (.0) are the network number, and all 1s (.255) are the broadcast number.
The example can be seen at a glance. Let's count Example 2 below:
Why are the first 24 bits of the subnet mask all 1? Because the first 24 bits are the network number, if you modify the network number, how can you find it? From .65~.78 are all available host numbers.
special IP address
That is to say, not all 2 to 32 IPs are used on the public network, and there are some special IP addresses, such as 127.0.0.1 is the local loopback.
Limitation on the number of IP addresses
Private IP address and public IP address
routing
The routing process is to obtain the subnet where the target host is located through the target ip, so there must be a routing table for us to search when searching, as shown in the following figure:
The routing table can be viewed using the route command
If the destination IP hits the routing table , just forward it directly ;
Let's take a look at the routing table:
First, destination represents the target network, GateWay represents the next-hop router, Genmask represents the subnet mask (as mentioned earlier, each subnet must have a target network number and a matching subnet mask), Flags is the flag, and the U behind G means that the default gateway is also called the default route. When the destination ip cannot be found in the routing table, it will enter the default route. Iface means which interface of the server is connected to the router.
There are not enough examples of this destination address, so we use one more example to demonstrate:
When a data packet enters the router, first take the destination address in the data packet and the subnet mask of the first network number in the routing table by bitwise AND, and then determine the destination network for the packet , assuming that the second 192.168.56.0 is the target network, when we match the result of the bitwise AND with the Destination, we find that the second is the target network we are looking for. At this time, the data packet is directly forwarded to 192.168 through the eth1 interface. The router with the network number 56.0, this is the actual process of one hop in the routing in the above figure.
If the data packet entering the router is 202.10.1.2, after traversing the routing table and the subnet mask of each network number, it is found that there is no matching network number. At this time, the data packet will be transferred to default, which is the default Gateway 192.168.10.1, sent through the eth0 interface.
Let's explain the remaining three parts of the IP header:
To understand these three signs, we need to understand the data link layer. What we transmit between routers is indeed IP packets, but running in the network cable is indeed the MAC frame of the data link layer, and it is specified in the MAC frame protocol , its own payload cannot exceed 1500 bytes (MTU maximum transmission unit, can be modified). And it is the IP layer that sends the data packet to the data link layer, that is to say, the IP layer must control the size of the data sent to the MAC frame within 1500 bytes. This 1500 bytes includes the IP header, so how to control it? In fact, it is fragmentation and assembly. After fragmenting the original message of more than 1500 bytes, does not control each message within 1500 bytes, so the three parts in the above figure are the fragmentation that supports IP Assembled, below we demonstrate the process:
First of all, the fragmentation and assembly are completed by the IP layer protocol, so the TCP protocol and the MAC frame protocol will not care whether the original message is fragmented, which is the behavior of the IP layer protocol itself. Note: Fragmentation and assembly are not mainstream!!!
Next, we will explain the functions of the three parts in the above figure according to the four problems of assembly and fragmentation:
1. How to know that a packet is fragmented?
2. How to identify fragments of the same message?
3. Which shard is the first and which is the last? Is it all collected or lost?
4. Which one comes first? Which is behind? How to assemble it correctly?
5. How to ensure that the combined message is correct?
16-bit identifier: the unique identifier of the message sent by the host. If the IP message is fragmented when it is sent to the data link layer, the 16-bit identifier ID of each fragment is the same.
That is to say, if a message is divided into 3 pieces, the 16-bit identifiers in the 3 pieces of messages are all the same. This solves the second problem of how to identify the fragmentation of a packet.
3-bit flag field: the first bit is reserved (reserved means that the first bit is not used yet). If the second bit is 1, fragmentation is prohibited. At this time, if the length of the packet exceeds the MTU, the IP module will directly discard the packet. The third bit indicates more fragments. For example, if a message is divided into 3 pieces, the third flag bit of the first slice is 1, the other flag bits are 0, the third flag bit of the second slice is 1, and the others are 0, the third flag of the third slice is 0, and the other flags are 1, and the third slice is similar to an end marker, which means that the end of the fragmented message can be known. That is to say, the meaning of the third flag is: if there are fragments behind the current message, then the third flag is 1, if the current message is the last fragment, then the third flag is 0 as an end position. Note: Each fragmented packet will be preceded by an IP header.
From the third field in the 3-bit flag field, you can know whether a message is fragmented (if the third field is 1, it means it is fragmented), and the third field can know which message is the last of the fragment one.
13-bit fragment offset: the offset of the fragment relative to the beginning of the original IP packet, which can also be understood as the position of the current fragment in the original IP packet. The actual number of bytes offset is obtained by this value*8. Therefore, except for the last message, the length of other messages must be an integer multiple of 8 (otherwise the messages are not continuous).
It is very simple to determine the first slice, you only need to see if the third bit in the 3-bit flag field is 1, and the offset of the 13-bit slice is 0, if the third bit is 1 and the offset is 0, then The first shard.
To determine the last slice, you only need to see if the third bit of the 3-bit flag field is 0, and the 13-bit slice offset is greater than 0.
It is also very simple for us to assemble this message. We only need to sort in ascending order according to the photo offset, and then we can assemble the fragmented messages.
As for the third question, how do we know whether the fragmented packets are received or lost? In fact, we can’t guarantee that, but we can make a simple judgment after assembly. We only need to traverse each packet to see the current starting position + itself Whether the length is equal to the offset size filled in the next message.
How to ensure that the combined message is correct? Remember the 16-bit checksum in our IP header and the 16-bit checksum in the TCP header? The 16-bit header checksum uses CRC checks to identify whether the header is corrupted. After verification, if the header of the packet is found to be damaged, it will be discarded directly.
Fragmentation is not good, because a packet is split into multiple pieces, and the loss of any one packet will cause splicing and assembly failure. Once the assembly fails, the entire message will be resent (for TCP, it does not know how IP is fragmented, so only the entire message can only be resent when resending).
Let's break it down for ourselves:
First, the transport layer TCP sends a 3000-byte message to the IP layer, and the IP layer adds a header to the data to become 3020 bytes, and then we divide it into pieces of 1500 bytes, and add the header of the IP layer to each piece:
As shown in the figure above, the first 1500-byte slice is directly fragmented because it has a header, the second time it can only take 1480 bytes of data, because there are still 20 bytes as the IP header, and the third time it takes the last 40 bytes of data , plus the 20-byte IP header is 60 bytes, and the header is removed during final assembly, which is 1480 + 1480 +40, which is exactly the 3000-byte message sent by TCP.
Two, MAC frame protocol
As we said before, because IP is at the network layer, IP packets run in the router. When we want to use the destination IP to find the network number in the router, it is the IP packet that is used, and the transmission in the network cable is in The data link layer actually runs MAC frames. We said before that IP provides the ability to transmit data from host A to host B across the network. This capability is achieved through destination IP + subnetting + routing, but to transmit data across the network to host B, you have to First hand over the data to the next-hop host (also called node) connected to host A, as shown in the figure below:
If host A wants to send a message to host B, it must first send the data to the next hop node (router A) connected to host A, and the prerequisite for host A to send data to router A must be that host A and router A are in The same network segment, so the essence of the cross-network transmission we see is the result of forwarding by countless LANs (subnets).
Therefore, if we want to thoroughly understand cross-network forwarding, we must first understand the message forwarding principle in the LAN, and the communication between two hosts in the LAN must understand the Ethernet protocol of the data link layer.
1. Ethernet
When we talked about the LAN before, we said that the hosts in the same LAN can communicate directly, and each host in the same LAN must have its own unique identifier.
2. Ethernet frame (MAC frame) format header
First of all, the header of the MAC frame protocol is circled in blue, which are 6-bit destination address, 6-bit source address, 2-bit type, and 4-bit CRC checksum.
As we said earlier, the learning agreement first understands two points:
1. How does the MAC frame protocol separate the header and payload?
The MAC frame protocol adopts a fixed-length strategy, and the first 14 bits and the last 4 bits are fixed, so the header and payload can be separated directly.
2. How to deliver up?
Remember the 8-bit protocol in the IP header? The 8-bit protocol can know whether the upper layer delivered TCP or UDP, and our MAC frame protocol is also solved in this way. In the 2-bit frame protocol type of the header, it can be determined what type the upper layer delivered. For example, 0800 means that the upper layer is an IP datagram, followed by ARP and RARP datagrams.
Remember we just said that the host in the LAN must have a unique identifier? Each of our hosts has a network card, and each network card has a unique SN code, which is the MAC address of the network card, and this MAC address is unique globally.
So how do we query our own mac address? Via the ifconfig command:
The translation of ether means ether, followed by the MAC address.
3. Explain the principle of LAN forwarding based on the protocol
First, the host m1 sends a data to m8. This data is added from the application layer to the transport layer to add the header, to the network layer to add the header to the IP, and finally to add the MAC frame header to the data link layer, and then in the header of the MAC frame The destination address of the message is the MAC address of host m8. Because it is sent from host m1, the source address is the mac address of host m1. When it is delivered, the upper layer protocol is IP, so the type is 0800. After this message is sent, all hosts in the entire LAN will receive This message, but each host will separate the header and payload of this message. After getting the header, compare its own MAC address with the MAC address of the header. If it is sent to itself, it will deliver the payload upwards. If it is not your own, it will be discarded directly, and the upper layer does not know that the host has received this message and discards the message.
When the m8 host receives the message sent by the m1 host, it then responds to the m1 host. During the period, it is encapsulated from the application layer to the data link layer and finally becomes a MAC frame, but the destination address in the MAC frame becomes m1. The source address becomes m8 (because it is sent from the m8 host). After the message is sent, every host in the same LAN will receive the response sent by the m8 host to the m1 host, but in the end only the m1 host retains this message.
After understanding the above principles, we should be able to realize that the essence of the LAN is actually a critical resource. This resource is shared by all hosts in the LAN. In the LAN, only one host is allowed to send messages at any time. If multiple messages are sent at the same time Sending, it will cause the data in the LAN to collide. So a LAN is a collision domain. So how to allow only one host to send messages at any time? This depends on the implementation of network policies. For example, in a token ring network, only hosts that have obtained tokens can send messages in a local area network, which is like a lock. The Ethernet is realized by the collision detection and collision avoidance algorithm of the host, and because the photoelectric propagation is very fast, the probability of a collision at a time is not high, unless there are many hosts in a LAN, but we all know a LAN There are not many hosts in the LAN, just like the WiFi at home, if many people connect to use it, it will be very slow, and only two or three people will use it without worrying about the freeze problem.
Of course, another effective way to solve the collision problem is the switch:
The function of the switch is that when m1 sends a message to m6, m2 sends a message to m1 to cause a collision. At this time, the switch detects a collision on the left side, then it will not forward the message on the left side to the right side and discard the message directly (if Sending a left collision message to the right will affect the right host, and the right host will trigger the collision detection and collision avoidance algorithm). If there is no collision on the left side and m1 wants to send a message to m8, when the message arrives at the switch, the switch will forward the message to the right side.