How Do Packets Get Around?
Up to this point, you have seen how to classify networks; you know that networks have an architectural type, topology, and protocols; and you know that networks are built to share information and resources. You also know that information is split into packets before being shared. This brings us to the next logical question: How do packets get from point A to point B?
To tackle this question, this section looks at two different examples:
A packet destined for a system on the same local network
A packet destined for a remote system on a different network
Before proceeding with these two delivery examples, let's take a minute to talk about the two most common protocols governing packet delivery: TCP and UDP.
TCP Versus UDP
The Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are protocols that run on top of the IP network protocol. Each has its advantages, but the key difference between the two protocols is the method of packet delivery and the guarantee of reliability and transmission.
UDP is a connectionless protocol that has very few error recovery services and no real guarantee of packet delivery. UDP is very much a "fire and forget" protocol: You place packets on the network and hope they get there. For this reason, UDP is commonly used for network services that are not greatly affected by the occasional dropped or lost packet, such as network time requests and responses to name queries. In reality, the overall reliability of networks and data transmission makes UDP a good choice for many streaming network services. Because UDP is rather efficient, requiring no overhead for guaranteed delivery, it is becoming more popular with network application designers.
TCP is a connection-oriented protocol and is designed to allow two hosts to establish a reliable connection and exchange data. Contrary to UDP, TCP guarantees that packets will be delivered and processed in the same order in which they were sent. This guaranteed delivery is extremely important for many network applications, including such popular services as HTTP, FTP, and Telnet. To accomplish this, TCP uses a three-way handshake to establish connections:
The originating host (usually called the client) sends a SYN (synchronize) packet to the destination host (usually called the server). The SYN packet tells the server what port the client wants to connect to and the initial packet sequence number of the client.
The server sends a SYN/ACK packet back to the client. This SYN/ACK (synchronize/acknowledge) tells the client "I received your request" and also contains the server's initial packet sequence number.
The client responds to the server with an ACK packet to complete the connection establishment process.
Figure 3.6 provides a graphical representation of the three-way handshake.
Figure 3.6 The TCP three-way handshake.
Local Packet Delivery
Now that you're familiar with the two main methods of packet transmission, assume you want to send a packet from your workstation to another workstation on the same Ethernet segment. The first step is fairly simple: you need to know the address of the remote workstation. From the discussion of IP packets, you know that the remote workstation's address is a 32-bit binary number. Since most people don't routinely remember 32-bit binary numbers, most applications let you use a dotted decimal representation of the destination address (in this case, assume your destination address is 10.10.10.101). Unfortunately, the IP address alone will not ensure your packet is received at the remote workstation. You have to find out the remote workstation's hardware address, the Media Access Control (MAC) address. MAC addresses are used to uniquely identify each node on the network and are usually hardwired into the physical network device, such as a network interface card (NIC), used to interface with the network media. In fact, at the lower layers of the Ethernet protocol, IP addresses are not even used. All network addresses are translated into MAC addresses.
To find a remote workstation's MAC address, the Address Resolution Protocol (ARP) is used. Basically, this is the computer's way of calling out, "Who owns the tan minivan in the parking lot? (You have your lights on.)" Your workstation sends out an ARP request to find out, "Who is 10.10.10.101?" Every node on the network will examine the packet, but only the workstation with the IP address of 10.10.10.101 will respond. It will send back an ARP reply to tell your workstation, "I'm 10.10.10.101 and here's my MAC address." Your workstation will then format the packet for delivery and drop it on the network media, stamped with the MAC address of the destination workstation. Ultimately, it is the MAC address that causes your packet to be received by the destination workstation.
Remote Packet Delivery
Local packet delivery is really not that difficult, but what if you want to exchange information with a remote system halfway around the world on a totally separate network? To illustrate, let's use a favorite pastime of most office workers: Web surfing. To get information, such as a Web request, to a remote server, you still need to know the remote system's IP address. In most cases you won't know the IP address of your favorite Web site, but you do know what the Web site is called. When you enter the name of your favorite Web site into your browser and hit Enter, the computer has to figure out where that Web site is and ultimately, that Web site's IP address. To accomplish this, your computer will use the domain name service (DNS).
DNS is basically a mechanism to translate names into IP addresses. Your computer will send a DNS query to a local DNS server (a machine whose main purpose is to respond to DNS queries) to find out, "What's the IP address of this Web site?" The DNS server will then check its local records to see if it knows the IP address of the Web site. If it does, it will send a DNS reply to your system with the Web site's IP address. If it does not know the correct IP address for that Web site, it will query another, higher-level domain server, and so on until the correct IP address is returned.
When your computer gets back the correct IP address, it will look at the IP address to determine whether the remote system is on the same network. In most cases, the remote system is on another network that your workstation will not know how to reach. Your workstation will then create a packet, stamp it with the destination IP address, and forward the packet to the network gateway.
In many cases this gateway is a router. Routers are devices used to interconnect networks. Their job is to figure out how to move packets from one network to another. To accomplish this task, routers use forwarding tables to determine where a packet should go. When a packet reaches a router, it will look at the destination address to determine where to send the packet. If the router's forwarding tables know where the packet should go, the router will send the packet out along the appropriate route. If the router does not know where the destination network is, it will forward the packet to its defined gateway, which will repeat the same process. Eventually, after traversing various networks and being passed through various routers, the packet will come to the router serving the network with the Web site you are trying to reach. This router will determine the appropriate MAC address of the destination system and forward the packet accordingly.
For the average user, this entire process is completely transparent. The United States Postal Service serves as a good analogy. When you mail a letter, you put the appropriate address (including ZIP code) and a stamp on the letter before you drop it in a mailbox. The internal workings of the Postal Service takes care of the rest and the letter is delivered, usually without any further involvement on the part of the sender.
The remote packet delivery example is oversimplified, but you see how important IP addresses are to the packet delivery process. Let's take a minute to examine how an IP address is built. IP addresses really consist of two sections: the network section (prefix) and the host section. The network section of the IP address is usually referred to as the subnet, and the process of dividing IP addresses into networks is called subnetting.
Look at the sample IP address from the local packet delivery example: 10.10.10.101. To determine how to split this address into the network and host portions you need to know the subnet mask. A subnet mask basically tells you how much of the IP address to consider the network portion and how much to consider the host potion. In practice, to determine the subnet this address belongs to, you perform a bitwise AND operation on the mask and the IP address. Here's an example:
First you must convert the address and subnet mask to their binary representations:
Then, by performing the bitwise AND you get the subnet address. The bitwise AND operation examines each set of matching bits from the binary representation of the subnet mask and the IP address. For each set where both the mask and address bits are 1, the result is a 1. Otherwise, if either bit is a 0, the result is a 0. So for this example you get:
The subnet address and mask both tell you that the first three parts of the address are network related, which means that the last part of the address is the host portion. In this example, the network portion of the address is 10.10.10 and the host portion is 101. Please bear in mind that this is a very simple example; subnets can get fairly complicated.
Subnets are usually divided in one of three classes:
Class A addresses, supporting 16 million hosts on each of 27 networks
Subnets: 0.0.0.0 to 127.255.255.255
Class B addresses, supporting 65,000 hosts on each of 16,000 networks
Subnets: 22.214.171.124 to 126.96.36.199
Class C addresses, supporting 254 hosts on each of 2,000,000 networks
Subnets: 192.0.0.0 to 188.8.131.52
Everything above 184.108.40.206 is reserved for either multicasting or future use.
In addition, certain subnets are reserved for private use and are not routed across public networks:
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255
Finally, when determining the valid hosts that can be placed on a particular subnet, you have to keep in mind that the "all 0s" address of the host portion is reserved for the network address and the "all 1s" address of the host portion is reserved for the broadcast address of that particular subnet. Again from the earlier example:
In their forwarding tables, routers maintain lists of networks and the accompanying subnet mask. With these two pieces, the router can examine the destination address of each packet and then forward the packet on to the appropriate destination.
Assigning IP Addresses
There are two basic ways to assign an IP address to a specific device, such as a PC or server: the static method or Dynamic Host Configuration Protocol (DHCP). When you use the static method, you assign a specific IP address to a specific system. For example, 10.10.10.2 belongs to Jane's Linux workstation. No other system on that subnet can use that address; it belongs to Jane's system whether she is active on the network or not.
The second main method is DHCP, which is a dynamic addressing scheme that allows administrators to allocate IP addresses on a first come, first served basis. When a device configured to use DHCP (the client) tries to connect to the network, it will query for a DHCP server. The DHCP server will then provide the client with an IP address from a range of addresses allocated for DHCP use. These addresses cannot be used for any other purpose. Note that DHCP is an "as available" protocol. If the server runs out of IP addresses, the next requesting client will not get an IP address and will be unable to connect to the network.
Another key feature of DHCP is the ability to limit the amount of time the client can use a particular IP address. When the DHCP server grants the client an IP address, it can also specify how long the client can use that particular IP address (sometimes called a DHCP lease). At the end of that lease period, the client must ask the DHCP server if it can continue using the same IP address or must attempt to obtain a new one.
DHCP can also make configuring individual network stations easier by specifying the default name server and gateway at the same time an IP address is assigned. There is little or no interaction on the part of the individual user. This lack of user involvement makes DHCP a very popular choice for large corporate networks and Internet service providers (ISPs). Most ISPs, whether they are dial-up or broadband, use DHCP to configure user connections.
The overall process of delivering a packet from point A to point B is usually referred to as routing, and the devices primarily responsible for accomplishing this task are usually called routers. Essentially, it is a router's job to know where the packet needs to go next. You already know that routers use forwarding or routing tables to determine where to send a particular packet based on destination address. But how do routers build their routing tables?
There are a number of different ways to build routing tables, and different routing protocols have been developed to assist in the creation and maintenance of routing tables. Some of the more common protocols include
StaticRouting entries are entered once and are not updated again. Static routes are often used to define the last resort next hop. If you don't know what else to do with a packet, send it here. In some ways, static routes are more secure than other routing protocols because there is less danger of a malicious individual attempting to reroute your network traffic by manipulating your routing tables.
Routing Information Protocol (RIP)Entire routing tables are shared between routers on a periodic basis. This is a rather inefficient and insecure way of sharing routing information.
Open Shortest Path First (OSPF)The shortest and most efficient route to reach a particular destination is calculated based upon the path that must be traversed, the state of the links that must be followed, and the nodes the traffic must pass through. Although efficient in traffic delivery, this method requires a great deal of overhead.
Border Gateway Protocol (BGP)Peer routers called neighbors exchange routing information between autonomous systems. Although initially entire routing tables are exchanged, following exchanges are limited to updates and keep alive messages only. BGP is designed to ensure a loop-free route to the destination network.