Network protocols--overview

1.2 Stratification

Network protocols are usually developed in different layers, with each layer responsible for different communication functions. A protocol suite, such as TCP/IP, is a combination of multiple protocols at different levels. TCP/IP is usually considered a four-layer protocol system, as shown in Figure 1-1.

Each layer is responsible for different functions:
1. The link layer, sometimes called the data link layer or network interface layer, usually includes the device driver in the operating system and the corresponding network interface card in the computer. Together they handle the details of the physical interface to the cable (or any other transmission medium).
2. The network layer, sometimes called the Internet layer, handles the activities of packets in the network, such as routing of packets. In the TCP/IP protocol suite, network layer protocols include IP protocol (Internet Protocol), ICMP protocol (Internet Control Message Protocol), and IGMP protocol (Internet Group Management Protocol).
3. The transport layer mainly provides end-to-end communication for applications on two hosts. In the TCP/IP protocol suite, there are two different transmission protocols: TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). TCP provides highly reliable data communication between two hosts. The work it does includes dividing the data handed over to it by the application into appropriate small pieces and passing them to the underlying network layer, acknowledging the received packets, setting the timeout clock for sending the final acknowledgment packet, etc. Since the transport layer provides high-reliability end-to-end communication, the application layer can ignore all these details. UDP, on the other hand, provides a very simple service to the application layer. It only sends packets called datagrams from one host to another, but does not guarantee that the datagram will reach the other end. Any required reliability must be provided by the application layer. Each of these two transport layer protocols has different uses in different applications, as we will see later.
4. The application layer is responsible for handling specific application details. Almost all different TCP/IP implementations provide the following common applications:
• Telnet remote login.
• FTP file transfer protocol.
• SMTP Simple Mail Transfer Protocol.
• SNMP Simple Network Management Protocol.
There are many other applications, some of which will be described in later chapters. Assume that there are two hosts in a local area network (LAN) such as Ethernet, both running the FTP protocol. Figure 1-2 lists all the protocols involved in this process.

Here, we list an FTP client program and another FTP server program. Most network applications are designed in a client-server model. The server provides some kind of service to the client, in this case access to files on the host machine where the server is located. In the remote login application Telnet, the service provided to customers is to log in to the server host. On the same layer, both parties have one or more corresponding protocols for communication. For example, a certain protocol allows the TCP layer to communicate, while another protocol allows the two IP layers to communicate. On the right side of Figure 1-2, we note that the application is usually a user process, while the lower three layers are usually executed in the (operating system) kernel. Although this is not required, it is usually handled this way on UNIX operating systems, for example. In Figure 1-2, there is another key difference between the top layer and the three lower layers. The application layer is concerned with the details of the application rather than the transmission of data across the network. The lower three layers know nothing about the application, but they handle all the communication details.

Four protocols at different levels are listed in Figure 1-2. FTP is an application layer protocol, TCP is a transport layer protocol, IP is a network layer protocol, and the Ethernet protocol is used at the link layer. The TCP/IP protocol suite is a protocol suite composed of a group of different protocols. Although this protocol suite is often called TCP/IP, TCP and IP are just two of the protocols (another name for this protocol suite is the Internet Protocol Suite).

The purpose of the network interface layer and the application layer are obvious - the former handles the details about the communication medium (Ethernet, Token Ring, etc.), while the latter handles a specific user application (FTP, Telnet, etc.). However, on the surface, the difference between the network layer and the transport layer is less clear. Why divide them into two different levels? To understand this, we must expand our view from a single network to a set of networks.

In the 1980s, one of the reasons for the growth of the Internet was that everyone realized that an "island" composed of only one isolated computer did not make much sense, so these isolated systems were grouped together to form a network. With this development, by the 1990s, we gradually realized that this new and larger "island" composed of a single network also did not make much sense. As a result, people connected multiple networks together to form a network of networks, or called the Internet. An Internet is a group of networks interconnected through the same protocol suite.

The simplest way to construct an Internet is to connect two or more networks through a router. It is a special hardware box used for network interconnection. The benefit of routers is to provide connections for different types of physical networks: Ethernet, Token Ring, point-to-point links, FDDI (Fibre Distributed Data Interface), etc.

这些盒子也称作IP路由器（IP Router），但我们这里使用路由器(Router)这个术语。
从历史上说，这些盒子称作网关（gateway），在很多TCP/IP文献中都使用这个术语。
现在网关这个术语只用来表示应用层网关：
一个连接两种不同协议族的进程（例如，TCP/IP和IBM的SNA），它为某个特定的应用程序服务（常常是电子邮件或文件传输）。

Figure 1-3 is an internetwork consisting of two networks: an Ethernet and a Token Ring, connected to each other through a router. Although two hosts are communicating through the router, any host on the Ethernet network can communicate with any host on the Token Ring network. In Figure 1-3, we can divide the end system (the two hosts on both sides) and the intermediate system (the router in the middle). The application layer and transport layer use end-to-end protocols. In the diagram, only the end systems require these two layers of protocols. However, the network layer provides a hop-by-hop protocol, which is used by both end systems and every intermediate system.

In the TCP/IP protocol suite, network layer IP provides an unreliable service. In other words, it just sends the packet from the source node to the destination node as quickly as possible, but does not provide any reliability guarantee. TCP, on the other hand, provides a reliable transport layer on top of the unreliable IP layer. In order to provide this reliable service, TCP uses mechanisms such as timeout retransmission, sending and receiving end-to-end acknowledgment packets. It can be seen that the transport layer and the network layer are responsible for different functions.

By definition, a router has two or more network interface layers (because it connects two or more networks). Any system with multiple interfaces is called multihomed in English. A host can also have multiple interfaces, but it is generally not called a router unless its function is simply to transmit packets from one interface to another. Likewise, a router does not necessarily refer to the special hardware box used to forward packets on the Internet. Most TCP/IP implementations also allow a multi-interface host to act as a router, but the host must be specially configured for this. In this case, we can call the system either a host (when it is running an application such as FTP or Telnet) or a router (when it forwards packets from one network to another). ). Different terms are used in different situations.

One of the purposes of the Internet is to hide all physical details from applications. Although this is not immediately obvious in the two-network Internet of Figure 1-3, the application layer cannot care (and does not care) that one host is on an Ethernet network and another host is on a Token Ring network. , they are interconnected through routers. As different types of physical networks are added, there may be 20 routers, but the application layer remains the same. The hiding of physical details makes the Internet very powerful and very useful.

Another way to connect to a network is to use a bridge. Bridges interconnect networks at the link layer, while routers interconnect networks at the network layer. Bridges allow multiple local area networks (LANs) to be grouped together so that they appear to the upper layer as one LAN. TCP/IP prefers routers rather than bridges to connect networks, so we will focus on routers. Chapter 12 of [Perlman 1992] compares routers and bridges.

1.3 TCP/IP layering

In the TCP/IP protocol suite, there are many protocols. Figure 1-4 shows other protocols discussed in this book.

TCP and UDP are the two most famous transport layer protocols, both of which use IP as the network layer protocol. Although TCP uses unreliable IP services, it provides a reliable transport layer service. Chapters 17 to 22 of this book will discuss the internal operation details of TCP in detail. Then, we will introduce some TCP applications, such as Telnet and Rlogin in Chapter 26, FTP in Chapter 27, and SMTP in Chapter 28. These applications are usually user processes.

UDP sends and receives datagrams for applications. A datagram refers to a unit of information transmitted from the sender to the receiver (for example, a certain number of bytes of information specified by the sender). But unlike TCP, UDP is unreliable, and it cannot guarantee that the datagram can reach the final destination safely and without error. This book discusses UDP in Chapter 11, and then introduces applications that use UDP in Chapter 14 (DNS: Domain Name System), Chapter 15 (TFTP: Trivial File Transfer Protocol), and Chapter 16 (BOOTP: Bootstrap Protocol) . SNMP also uses the UDP protocol, but since it has to deal with many other protocols, this book saves its discussion for Chapter 25.

IP is the main protocol at the network layer and is used by both TCP and UDP. Every set of data from TCP and UDP travels across the Internet through the IP layer in the end system and every intermediate router. In Figure 1-4, we show an application that accesses IP directly. This is rare, but possible (some older routing protocols were implemented this way. It is possible that newer transport layer protocols also use this approach). Chapter 3 mainly discusses the IP protocol, but in order to make the content more targeted, some details will be left for discussion in later chapters. Chapters 9 and 10 discuss how IP routing is performed.

ICMP is a subsidiary protocol of the IP protocol. The IP layer uses it to exchange error messages and other important information with other hosts or routers. Chapter 6 discusses the relevant details of ICMP. Although ICMP is primarily used by IP, it is possible for applications to access it. We will analyze two popular diagnostic tools, Ping and Traceroute (Chapter 7 and 8), both of which use ICMP.

IGMP is Internet Group Management Protocol. It is used to multicast a UDP datagram to multiple hosts. We describe the general characteristics of broadcast (sending a UDP datagram to all hosts on a given network) and multicast in Chapter 12, and then describe the IGMP protocol itself in Chapter 13.

ARP (Address Resolution Protocol) and RARP (Reverse Address Resolution Protocol) are special protocols used by some network interfaces (such as Ethernet and Token Ring) to translate addresses used by the IP layer and the network interface layer. We analyze and introduce these two protocols in Chapter 4 and Chapter 5 respectively.

1.4 Internet address

Every interface on the Internet must have a unique Internet address (also called an IP address). The IP address is 32 bits long. Internet addresses do not use a flat address space, such as 1, 2, 3, etc. IP addresses have a certain structure, and the five different types of Internet address formats are shown in Figure 1-5.

These 32-bit addresses are usually written as four decimal numbers, where each integer corresponds to a byte. This representation method is called "dotted decimal notation". For example, the author's system is a Class B address, which is represented as: 140.252.13.33. The easiest way to distinguish between various types of addresses is by looking at their first decimal integer. Figure 1-6 lists the starting and ending ranges of various addresses, in which the first decimal integer is shown in bold font. It should be pointed out again that a multi-interface host has multiple IP addresses, one for each interface.

Since each interface on the Internet must have a unique IP address, a management agency must assign IP addresses to networks connected to the Internet. This management organization is the Internet Network Information Center (Internet Network Information Center), called InterNIC. InterNIC only assigns network numbers. The allocation of host numbers is the responsibility of the system administrator.

Internet注册服务(IP地址和DNS域名)过去由NIC来负责，其网络地址是nic.ddn.mil。1993年4月1日，InterNIC成立。现在，NIC只负责处理国防数据网的注册请求，
所有其他的Internet用户注册请求均由InterNIC负责处理，其网址是：rs.internic.net。
事实上InterNIC由三部分组成：注册服务（rs.internic.net），目录和数据库服务（ds.internic.net），以及信息服务（is.internic.net）。
有关InterNIC的其他信息参见习题1.8。

There are three types of IP addresses: unicast addresses (destination to a single host), broadcast addresses (destination to all hosts on a given network), and multicast addresses (destination to all hosts in the same group). Chapters 12 and 13 discuss broadcast and multicast respectively in more detail. In Section 3.4, we will further introduce the concept of subnets after introducing IP routing. Figure 3-9 shows several special IP addresses: the host number and network number are all 0s or all 1s.

1.5 Domain Name System

Although the network interface on the host can be identified through the IP address and then the host can be accessed, the host name is the most popular one. In the TCP/IP world, the Domain Name System (DNS) is a distributed database that provides mapping information between IP addresses and host names. We discuss DNS in detail in Chapter 14. Now, we must understand that any application can call a standard library function to see the IP address of a host with a given name. Similarly, the system also provides an inverse function - given the IP address of a host, check its corresponding host name.

Most applications that take a hostname as a parameter can also take an IP address as a parameter. For example, in Chapter 4, when we use Telnet to log in remotely, we can specify either a host name or an IP address.

1.6 Packaging

When an application uses TCP to send data, the data is fed into the protocol stack and then passes through each layer until it is sent to the network as a stream of bits. Each layer adds some header information (and sometimes tail information) to the received data. The process is shown in Figure 1-7. The data unit transmitted by TCP to IP is called a TCP segment or simply a TCP segment. The data unit transmitted by IP to the network interface layer is called IP datagram. The bit stream transmitted through Ethernet is called a frame. The numbers marked under the frame header and frame trailer in Figure 1-7 are the byte length of the typical Ethernet frame header. In the following chapters we will discuss the specific meaning of these frame headers in detail.

The physical characteristics of the Ethernet data frame are that its length must be between 46 and 1500 bytes. We will encounter the minimum length data frame in Section 4.5 and the maximum length data frame in Section 2.8.

所有的Internet标准和大多数有关TCP/IP的书都使用octet这个术语来表示字节。
使用这个过分雕琢的术语是有历史原因的，因为TCP/IP的很多工作都是在DEC-10系统上进行的，但是它并不使用8bit的字节。
由于现在几乎所有的计算机系统都采用8bit的字节，因此我们在本书中使用字节（byte）这个术语。
更准确地说，图1-7中IP和网络接口层之间传送的数据单元应该是分组（packet）。
分组既可以是一个IP数据报，也可以是IP数据报的一个片（fragment）。我们将在11.5节讨论IP数据报分片的详细情况。

UDP data is basically the same as TCP data. The only difference is that the information unit transmitted by UDP to IP is called a UDP datagram (UDP datagram), and the UDP header is 8 bytes long. Recall Figure 1-4 in Section 1.3. Since TCP, UDP, ICMP, and IGMP all transmit data to IP, IP must add some kind of identifier to the generated IP header to indicate which layer the data belongs to. To this end, IP stores an 8-bit value in the header, called the protocol field. 1 represents the ICMP protocol, 2 represents the IGMP protocol, 6 represents the TCP protocol, and 17 represents the UDP protocol.

Similarly, many applications can use TCP or UDP to transfer data. The transport layer protocol stores an application identifier in the header when generating the message. Both TCP and UDP use a 16-bit port number to represent different applications. TCP and UDP store the source port number and destination port number in the message header respectively. The network interface sends and receives IP, ARP and RARP data respectively, so some form of identification must be added to the Ethernet frame header to indicate the network layer protocol that generated the data. For this reason, the Ethernet frame header also has a 16-bit frame type field.

1.7 points

When the destination host receives an Ethernet data frame, the data begins to rise from the bottom up in the protocol stack, and at the same time the message headers added by each layer of protocols are removed. Each layer of protocol boxes must check the protocol identifier in the message header to determine the upper layer protocol for receiving data. This process is called demultiplexing, and Figure 1-8 shows how it happens.

为协议ICMP和IGMP定位一直是一件很棘手的事情。在图1-4中，把它们与IP放在同一层上，那是因为事实上它们是IP的附属协议。
但是在这里，我们又把它们放在IP层的上面，这是因为ICMP和IGMP报文都被封装在IP数据报中。
对于ARP和RARP，我们也遇到类似的难题。
在这里把它们放在以太网设备驱动程序的上方，这是因为它们和IP数据报一样，都有各自的以太网数据帧类型。
但在图2-4中，我们又把ARP作为以太网设备驱动程序的一部分，放在IP层的下面，其原因在逻辑上是合理的。
这些分层协议盒并不都是完美的。

When describing the details of TCP further, we will see that the protocol is indeed unpacked by destination port number, source IP address and source port number.

1.8 Client-Server Model

Most network applications are written with the assumption that one end is the client and the other end is the server, with the goal of having the server provide some specific service to the client. This type of service can be divided into two types: recurring or concurrent. Repetitive servers interact through the following steps:
I1. Wait for a client request to arrive.
I2. Process customer requests.
I3. Send a response to the client who sent the request.
I4. Return to step I1.
The main problem with duplicate servers occurs in the I2 state. At this time, it cannot provide services to other clients. Accordingly, the concurrent server takes the following steps:
C1. Wait for the arrival of a client request.
C2. Start a new server to handle this customer's request. During this period, a new process, task or thread may be generated and depends on the support of the underlying operating system. How this step is performed depends on the operating system. The new server generated handles all requests from customers. After processing is complete, terminate the new server.
C3. Return to step C1. The advantage of a concurrent server is that it uses the method of generating other servers to handle client requests. That is, each client has its own corresponding server. If the operating system allows multitasking, then multiple customers can be served simultaneously. The reason for classifying servers rather than clients is that it is usually not possible for a client to tell whether it is talking to a repeating server or a concurrent server. Generally speaking, TCP servers are concurrent and UDP servers are duplicated, but there are some exceptions. We will discuss the impact of UDP on its servers in detail in Section 11.12, and the impact of TCP on its servers in Section 18.11.

1.9 Port number

As pointed out earlier, TCP and UDP use 16-bit port numbers to identify applications. So how are these port numbers chosen? Servers are generally identified by well-known port numbers. For example, for every TCP/IP implementation, the TCP port number for every FTP server is 21, for every Telnet server the TCP port number is 23, and for every TFTP (Trivial File Transfer Protocol) server the UDP port number is 69. The services provided by any TCP/IP implementation use well-known port numbers between 1 and 1023. These well-known port numbers are managed by the Internet Assigned Numbers Authority (IANA).

到1992年为止，知名端口号介于1～255之间。
256～1023之间的端口号通常都是由Unix系统占用，以提供一些特定的Unix服务—也就是说，提供一些只有Unix系统才有的、而其他操作系统可能不提供的服务。
现在IANA管理1～1023之间所有的端口号。
Internet扩展服务与Unix特定服务之间的一个差别就是Telnet和Rlogin。
它们二者都允许通过计算机网络登录到其他主机上。
Telnet是采用端口号为23的TCP/IP标准且几乎可以在所有操作系统上进行实现。
相反，Rlogin最开始时只是为Unix系统设计的（尽管许多非Unix系统现在也提供该服务），因此在80年代初，它的有名端口号为513。

The client usually doesn't care about the port number it uses, as long as the port number is unique on the machine. The client port number is also called a temporary port number (that is, it exists for a short period of time). This is because it usually only exists when the user runs the client program, while the server's service runs as long as the host is turned on. Most TCP/IP implementations assign port numbers between 1024 and 5000 to ephemeral ports. Port numbers greater than 5000 are reserved for other servers (services that are not commonly used on the Internet). We can see many such examples of assigning port numbers to ephemeral ports later.

Solaris 2.2是一个很有名的例外。通常TCP和UDP的缺省临时端口号从32768开始。

In Section E.4, we describe in detail how system administrators can modify configuration options to change these defaults. The file /etc/services on most Unix systems contains well-known port numbers. In order to find the port number of the Telnet server and domain name system, you can run the following statement:

Unix systems have the concept of reserved port numbers. Only a process with superuser privileges is allowed to assign itself a reserved port number. These port numbers range from 1 to 1023, and some applications (such as the famous Rlogin, Section 26.2) use them as part of the authentication between the client and the server.

1.10 Standardization process

Who actually controls the TCP/IP protocol suite, and who is defining new standards and other similar things? In fact, there are four groups responsible for Internet technology.
1. The Internet Society (ISOC, Internet Society) is a professional organization that promotes, supports and promotes the continuous growth and development of the Internet. It regards the Internet as the infrastructure for global research communications.
2. The Internet Architecture Board (IAB, Internet Architecture Board) is a technical supervision and coordination organization. It is composed of 15 international volunteers from different professions, and its function is to be responsible for the final editing and technical review of Internet standards. IAB is affiliated with ISOC.
3. The Internet Engineering Task Force (IETF, Internet Engineering Task Force) is an organization oriented to recent standards. It is divided into 9 areas (application, routing and addressing, security, etc.). The IETF develops specifications that become Internet standards. To help the IETF Chairman, the Internet Engineering Steering Group (IESG) was established.
4. The Internet Research Task Force (IRIF, Internet Research Task Force) mainly conducts research on long-term projects. Both IRTF and IETF are affiliated with IAB. [Crocker 1993] provides more detailed information on the standardization process within the Internet and also describes its early history.

1.11 RFC

All formal standards on the Internet are published in RFC (Request for Comment) documents. In addition, a large number of RFCs are not formal standards and are published for informational purposes only. RFCs range in length from 1 to 200 pages. Each item is identified by a number, such as RFC 1122. The larger the number, the more recent the content of the RFC. All RFCs are freely available on the Internet via e-mail or FTP. If you send the following email, you will receive a list of ways to obtain RFCs: The

latest RFC index is always the starting point for searching for information. This index lists when an RFC was replaced or partially updated. The following are some important RFC documents:
1. Assigned Numbers RFC (Assigned Numbers RFC) lists the numbers and constants used in all Internet protocols. As of this publication, the latest RFC number is 1340 [Reynolds and Postel 1992]. All famous Internet port numbers are listed here. When this RFC is updated (usually at least once a year), the index listing lists when RFC 1340 was replaced.
2. Internet formal protocol standard, currently RFC 1600 [Postel 1994]. This RFC describes the current state of standardization of various Internet protocols. Each protocol is in one of several standardization states: standard, draft standard, proposed standard, experimental standard, informational standard, and historical standard. Additionally, each protocol has a level of requirements, required, recommended, optional, restricted use, or not recommended. Like the assigned RFC, this RFC is updated regularly. Please feel free to check out the latest version.
3. Host Requirements RFC, 1122 and 1123 [Braden 1989a, 1989b]. RFC 1122 targets the link layer, network layer, and transport layer; RFC 1123 targets the application layer. These two RFCs provide numerous corrections and explanations to important earlier RFC documents. They are often an entry point if you want to see the finer details about the protocol. They list the features of the protocol that "must", "should", "may", "should not" or "must not" and their implementation details. The literature [Borman 1993b] provides useful information on these two RFCs. RFC 1127 [Braden 1989c] provides an informal summary of the working group's discussions and conclusions during the development of the Host Requirements RFC.
4. Router requirements RFC, the current official version is RFC 1009 [Braden and Postel 1987], but a new version is nearly completed [Almquist 1993]. It is similar to the Host Requirements RFC, but only describes the router requirements separately.

1.12 Standard simple service

There are some standard simple services that almost every implementation provides. In this book we will use some of these service programs, and the client program usually chooses Telnet. Figure 1-9 describes these services. As can be seen from the figure, when using TCP and UDP to provide the same service, the same port number is generally selected.

如果仔细检查这些标准的简单服务以及其他标准的TCP/IP服务（如Telnet、FTP、SMTP等）的端口号时，我们发现它们都是奇数。
这是有历史原因的，因为这些端口号都是从NCP端口号派生出来的（NCP，即网络控制协议，是ARPANET的运输层协议，是TCP的前身）。
NCP是单工的，不是全双工的，因此每个应用程序需要两个连接，需预留一对奇数和偶数端口号。
当TCP和UDP成为标准的运输层协议时，每个应用程序只需要一个端口号，因此就使用了NCP中的奇数。

1.13 Internet

In Figure 1-3, we illustrate an Internet consisting of two networks—an Ethernet and a Token Ring. In Sections 1.4 and 1.9, we discussed the worldwide Internet—the Internet—and the need for centralized allocation of IP addresses (InterNIC), and also discussed well-known port numbers (IANA). Whether the first letter of the word internet is capitalized determines whether it has different meanings. Internet means connecting multiple networks together using a common protocol suite. The Internet refers to the collection of all hosts worldwide (more than 1 million) that communicate with each other through TCP/IP. The Internet is an internet, but internet is not the same as the Internet.

1.14 Implementation

The de facto standard TCP/IP software implementation comes from the Computer Systems Research Group at the University of California, Berkeley. Historically, software was released with the network version of the 4.x BSD system (Berkeley Software Distribution). Its source code is the basis for many other implementations. Figure 1-10 lists the release dates of various BSD versions and notes important TCP/IP features. For the BSD network version listed on the left, all of its network source code is publicly available: including the protocol itself and many applications and tools (such as Telnet and FTP).

In this book, we will use "Berkeley-derived systems" to refer to systems such as SunOS 4.x, SVR4, and AIX 3.2 that are developed based on Berkeley source code. These systems have a lot in common and often contain the same bugs. Much of the original research on the Internet is still applied in the Berkeley system - new congestion control algorithms (Section 21.7), multicast (Section 12.4), "long fat pipe" modifications (Section 24.3), and other similar research.

1.15 Application Programming Interface

Applications using the TCP/IP protocol usually use two application programming interfaces (API): socket and TLI (Transport Layer Interface: Transport Layer Interface). The former is sometimes called the "Berkeley socket", indicating that it was developed from the Berkeley version. The latter was originally developed by AT&T and is sometimes called XTI (X/Open Transport Layer Interface) in recognition of the work done by X/Open, an international computer manufacturer that defines its own standards. XTI is actually a superset of TLI. This book is not a programming book, but there are occasional references to illustrate TCP/IP features, whether or not most APIs (sockets) provide them. All programming details regarding sockets and TLI are provided in [Stevens 1990].

1.16 Test network

Figure 1-11 is the test network on which all the examples in this book are run. For easy reference when reading, this figure is also reproduced in the insert before the title page of this book.
In this diagram (author's subnet), most of the examples run on the following four systems. All IP addresses in the figure belong to class B addresses, and the network number is 140.252. All hostnames belong to the domain .tuc.noao.edu (noao stands for National Optical Astronomy Observatories, tuc stands for Tu cson). For example, the system on the lower right has a complete name: svr4.tuc.noao.edu, and its IP address is: 140.252.13.34. The name above each box is the operating system that the host is running. This group of systems and hosts and routers on the network run different TCP/IP implementations.

It should be pointed out that the noao.edu domain has many more networks and hosts than those in Figure 1-11. Listed here are only the systems that will be used in this book. In Section 3.4, we will describe the form of subnets used in this network. Section 4.6 will introduce the relevant details of dial-up SLIP between sun and netb. Section 2.4 will discuss SLIP in detail.

1.17 Summary

This chapter provides a quick overview of the TCP/IP protocol suite, introducing many of the terms and protocols that will be discussed in detail in later chapters. The TCP/IP protocol suite is divided into four layers: link layer, network layer, transport layer and application layer. Each layer has different responsibilities. In TCP/IP, the distinction between the network layer and the transport layer is the most critical: the network layer (IP) provides point-to-point services, while the transport layer (TCP and UDP) provides end-to-end services. An Internet is a network of networks. The common building blocks of the Internet are routers, which connect networks together at the IP layer. The Internet with the first capital letter refers to the large-scale Internet distributed around the world, which includes more than 10,000 networks and more than 1 million hosts. On an Internet, each interface is identified by an IP address, although users are accustomed to using hostnames rather than IP addresses. The Domain Name System provides dynamic mapping between host names and IP addresses. Port numbers are used to identify applications that communicate with each other. The server uses a well-known port number, while the client uses a temporarily set port number.