The TCP/IP model has become the standard on which the Internet is based.

The four layers of the TCP/IP model are the application layer, transport layer, Internet layer, and network access layer.

The present version of TCP/IP was standardized in September of 1981.

The application layer handles high-level protocols, representation, encoding, and dialog control.

TCP/IP has protocols to support file transfer, e-mail, and remote login, in addition to the following:

• File Transfer Protocol (FTP) – FTP is a reliable, connection-oriented service that uses TCP to transfer files between systems that support FTP. It supports bi-directional binary file and ASCII file transfers.
• Trivial File Transfer Protocol (TFTP) – TFTP is a connectionless service that uses the User Datagram Protocol (UDP). TFTP is used on the router to transfer configuration files and Cisco IOS images, and to transfer files between systems that support TFTP. It is useful in some LANs because it operates faster than FTP in a stable environment.
• Network File System (NFS) – NFS is a distributed file system protocol suite developed by Sun Microsystems that allows file access to a remote storage device such as a hard disk across a network.
• Simple Mail Transfer Protocol (SMTP) – SMTP administers the transmission of e-mail over computer networks. It does not provide support for transmission of data other than plain text.
• Telnet – Telnet provides the capability to remotely access another computer. It enables a user to log into an Internet host and execute commands. A Telnet client is referred to as a local host. A Telnet server is referred to as a remote host.
• Simple Network Management Protocol (SNMP) – SNMP is a protocol that provides a way to monitor and control network devices. SNMP is also used to manage configurations, statistics, performance, and security.
• Domain Name System (DNS) – DNS is a system used on the Internet to translate domain names and publicly advertised network nodes into IP addresses.

The transport layer provides a logical connection between a source host and a destination host.

Transport protocols segment and reassemble data sent by upper-layer applications into the same data stream, or logical connection, between end points.

The Internet is often represented by a cloud. The primary duty of the transport layer is to provide end-to-end control and reliability as data travels through this cloud.

This is accomplished through the use of sliding windows, sequence numbers, and acknowledgments.

The transport layer also defines end-to-end connectivity between host applications. Transport layer protocols include TCP and UDP.

The functions of TCP and UDP are as follows:

• Segment upper-layer application data
• Send segments from one end device to another

The functions of TCP are as follows:

• Establish end-to-end operations
• Provide flow control through the use of sliding windows
• Ensure reliability through the use of sequence numbers and acknowledgments

The purpose of the Internet layer is to select the best path through the network for packets to travel. The main protocol that functions at this layer is IP. Best path determination and packet switching occur at this layer.

The following protocols operate at the TCP/IP Internet layer:

• IP provides connectionless, best-effort delivery routing of packets. IP is not concerned with the content of the packets but looks for a path to the destination.
• Internet Control Message Protocol (ICMP) provides control and messaging capabilities.
• Address Resolution Protocol (ARP) determines the data link layer address, or MAC address, for known IP addresses.
• Reverse Address Resolution Protocol (RARP) determines the IP address for a known MAC address.

IP performs the following operations:

• Defines a packet and an addressing scheme
• Transfers data between the Internet layer and network access layer
• Routes packets to remote hosts

IP is sometimes referred to as an unreliable protocol. This does not mean that IP will not accurately deliver data across a network. IP is unreliable because it does not perform error checking and correction. That function is handled by upper layer protocols from the transport or application layers.

The network access layer allows an IP packet to make a physical link to the network media. It includes the LAN and WAN technology details.

Drivers for software applications, modem cards, and other devices operate at the network access layer.

The network access layer defines the procedures used to interface with the network hardware and access the transmission medium.

Modem protocol standards such as Serial Line Internet Protocol (SLIP) and Point-to-Point Protocol (PPP) provide network access through a modem connection. 

Network access layer protocols also map IP addresses to physical hardware addresses and encapsulate IP packets into frames.

The network access layer defines the physical media connection based on the hardware type and network interface.

The NIC would automatically be detected by some versions of Windows and then the proper drivers would be installed.

The OSI and TCP/IP models have many similarities:

• Both have layers.
• Both have application layers, though they include different services.
• Both have comparable transport and network layers.
• Both use packet-switched instead of circuit-switched technology.
• Networking professionals need to know both models.

Here are some differences of the OSI and TCP/IP models:

• TCP/IP combines the OSI application, presentation, and session layers into its application layer.
• TCP/IP combines the OSI data link and physical layers into its network access layer.
• TCP/IP appears simpler because it has fewer layers.
• When the TCP/IP transport layer uses UDP it does not provide reliable delivery of packets. The transport layer in the OSI model always does.

The Internet was developed based on the standards of the TCP/IP protocols.

The OSI model is not generally used to build networks. The OSI model is used as a guide to help students understand the communication process.

The Internet enables nearly instantaneous worldwide data communications between anyone, anywhere, at any time.

LANs are networks within limited geographic areas.

LAN technologies at Layers 1 and 2 of the OSI model and  applications at Layers 5, 6, and 7. The OSI model provides a mechanism where the details of the lower and the upper layers are separated. This allows intermediate networking devices to relay traffic without details about the LAN.

This leads to the concept of internetworks, or networks that consist of many networks. A network of networks is called an internetwork, which is indicated with the lowercase i.

The network on which the World Wide Web (www) runs is the Internet, which is indicated with a capital I. Internetworks must be scalable with regard to the number of networks and computers attached.

Figure  summarizes the connection of one physical network to another through a special purpose computer called a router. These networks are described as directly connected to the router. The router is needed to handle any path decisions required for the two networks to communicate. Many routers are needed to handle large volumes of network traffic.

Figure extends the idea to three physical networks connected by two routers. Routers make complex decisions to allow users on all the networks to communicate with each other. Not all networks are directly connected to one another. The router must have some method to handle this situation. 

One option is for a router to keep a list of all computers and all the paths to them. The router would then decide how to forward data packets based on this reference table. Packets would be forwarded based on the IP address of the destination computer.

Internet has grown so large, with more than 90,000 core routes and 300,000,000 end users, proves the effectiveness of the Internet architecture.

Two computers located anywhere in the world that follow certain hardware, software, and protocol specifications can communicate reliably. The standardization of ways to move data across networks has made the Internet possible.

For any two systems to communicate, they must be able to identify and locate each other.

A computer may be connected to more than one network. In this situation, the system must be given more than one address. Each address will identify the connection of the computer to a different network. Each connection point, or interface, on a device has an address to a network.

Each computer in a TCP/IP network must be given a unique identifier, or IP address. This address, which operates at Layer 3, allows one computer to locate another computer on a network.

All computers also have a unique physical address, which is known as a MAC address. These are assigned by the manufacturer of the NIC. MAC addresses operate at Layer 2 of the OSI model.

An IP address is a 32-bit sequence of ones and zeros.

To make the IP address easier to work with, it is usually written as four decimal numbers separated by periods. For example, an IP address of one computer is 192.168.1.2. This is called the dotted decimal format.

Each part of the address is called an octet because it is made up of eight binary digits. For example, the IP address 192.168.1.8 would be 11000000.10101000.00000001.00001000 in binary notation.

It is easy to see the relationship between the numbers 192.168.1.8 and 192.168.1.9. The binary values 11000000.10101000.00000001.00001000 and 11000000.10101000.00000001.00001001 are not as easy to recognize. It is more difficult to determine that the binary values are consecutive numbers.

The student may find other methods easier.

A router uses the IP address of the destination network to deliver a packet to the correct network. When the packet arrives at a router connected to the destination network, the router uses the IP address to locate the specific computer on the network.

This system works in much the same way as the national postal system. When the mail is routed, the zip code is used to deliver it to the post office at the destination city. That post office must use the street address to locate the final destination in the city.

Every IP address also has two parts. The first part identifies the network where the system is connected and the second part identifies the system. Each octet ranges from 0 to 255. 

This kind of address is called a hierarchical address, because it contains different levels.

An IP address combines these two identifiers into one number. This number must be a unique number, because duplicate addresses would make routing impossible. The first part identifies the system's network address. The second part, called the host part, identifies which particular machine it is on the network.

IP addresses are divided into classes to define the large, medium, and small networks.

Class A addresses are assigned to larger networks.

Class B addresses are used for medium-sized networks.

Class C for small networks.

The first step in determining which part of the address identifies the network and which part identifies the host is identifying the class of an IP address.

A:

The Class A address was designed to support extremely large networks, with more than 16 million host addresses available. 

Class A IP addresses use only the first octet to indicate the network address. The remaining three octets provide for host addresses.

The first bit of a Class A address is always 0.

With that first bit a 0, the lowest number that can be represented is 00000000, decimal 0. The highest number that can be represented is 01111111, decimal 127.

The numbers 0 and 127 are reserved and cannot be used as network addresses. Any address that starts with a value between 1 and 126 in the first octet is a Class A address.

The 127.0.0.0 network is reserved for loopback testing. Routers or local machines can use this address to send packets back to themselves. Therefore, this number cannot be assigned to a network.

B:

The Class B address was designed to support the needs of moderate to large-sized networks.

A Class B IP address uses the first two of the four octets to indicate the network address. The other two octets specify host addresses.

The first two bits of the first octet of a Class B address are always 10. The remaining six bits may be populated with either 1s or 0s.

The lowest number that can be represented with a Class B address is 10000000, decimal 128. The highest number that can be represented is 10111111, decimal 191. Any address that starts with a value in the range of 128 to 191 in the first octet is a Class B address.

C:

The Class C address space is the most commonly used of the original address classes.

This address space was intended to support small networks with a maximum of 254 hosts.

A Class C address begins with binary 110.

The lowest number that can be represented is 11000000, decimal 192. The highest number that can be represented is 11011111, decimal 223. If an address contains a number in the range of 192 to 223 in the first octet, it is a Class C address.

D:

The Class D address class was created to enable multicasting in an IP address.

A multicast address is a unique network address that directs packets with that destination address to predefined groups of IP addresses. Therefore, a single station can simultaneously transmit a single stream of data to multiple recipients.

The first four bits of a Class D address must be 1110. Therefore, the first octet range for Class D addresses is 11100000 to 11101111, or 224 to 239. An IP address that starts with a value in the range of 224 to 239 in the first octet is a Class D address.

E:

A Class E address has been defined. However, the Internet Engineering Task Force (IETF) reserves these addresses for its own research. Therefore, no Class E addresses have been released for use in the Internet.

The first four bits of a Class E address are always set to 1s. Therefore, the first octet range for Class E addresses is 11110000 to 11111111, or 240 to 255.

Certain host addresses are reserved and cannot be assigned to devices on a network. These reserved host addresses include the following:

• Network address – Used to identify the network itself

In Figure, the section that is identified by the upper box represents the 198.150.11.0 network. Data that is sent to any host on that network (198.150.11.1- 198.150.11.254) will be seen outside of the local area network as 198.159.11.0. The only time that the host numbers matter is when the data is on the local area network.

• Broadcast address – Used for broadcasting packets to all the devices on a network

In Figure, the section that is identified by the upper box represents the 198.150.11.255 broadcast address. Data that is sent to the broadcast address will be read by all hosts on that network (198.150.11.1- 198.150.11.254).

An IP address that has binary 0s in all host bit positions is reserved for the network address.

In a Class A network example, 113.0.0.0 is the IP address of the network, known as the network ID, containing the host 113.1.2.3.

To send data to all the devices on a network, a broadcast address is needed. A broadcast occurs when a source sends data to all devices on a network.

The sender must use a destination IP address that they can recognize and process. Broadcast IP addresses end with binary 1s in the entire host part of the address.

In the example, 176.10.0.0, the last 16 bits make up the host field of the address. The broadcast on that network would include a destination address of 176.10.255.255. This is because 255 is the decimal value of an octet containing 11111111.

Unique addresses are required for each device on a network. 

A procedure was needed to make sure that addresses were in fact unique.

Originally, an organization known as the Internet Network Information Center (InterNIC) handled this procedure.

InterNIC no longer exists and has been succeeded by the Internet Assigned Numbers Authority (IANA). IANA carefully manages the remaining supply of IP addresses to ensure that duplication of publicly used addresses does not occur.

Public IP addresses are unique. No two machines that connect to a public network can have the same IP address.

Public IP addresses must be obtained from an Internet service provider (ISP) or a registry at some expense.

With the rapid growth of the Internet, public IP addresses were beginning to run out. New addressing schemes, such as classless interdomain routing (CIDR) and IPv6 were developed to help solve the problem.

Private IP addresses are another solution to the problem of the impending exhaustion of public IP addresses.

Private networks that are not connected to the Internet may use any host addresses, as long as each host within the private network is unique.

RFC 1918 sets three blocks of IP addresses for private, internal use. These three blocks consist of one Class A, a range of Class B addresses, and a range of Class C addresses. Addresses that fall within these ranges are not routed on the Internet backbone. Internet routers immediately discard private addresses.

Private IP addresses can be intermixed, as shown in the graphic, with public IP addresses. This will conserve the number of addresses used for internal connections.

Connecting a network using private addresses to the Internet requires translation of the private addresses to public addresses. This translation process is referred to as Network Address Translation (NAT). A router usually is the device that performs NAT. NAT, along with CIDR and IPv6 are covered in more depth later in the curriculum.

Subnetting is another method of managing IP addresses. This method of dividing full network address classes into smaller pieces has prevented complete IP address exhaustion.

Subnetting a network means to use the subnet mask to divide the network into smaller, more efficient and manageable segments, or subnets.

With subnetting, the network is not limited to the default Class A, B, or C network masks and there is more flexibility in the network design.

The subnet field and the host field are created from the original host portion for the entire network.

To create a subnet address, a network administrator borrows bits from the host field and designates them as the subnet field. 

The minimum number of bits that can be borrowed is two. When creating a subnet, where only one bit was borrowed the network number would be the .0 network. The broadcast number would then be the .255 network. The maximum number of bits that can be borrowed can be any number that leaves at least two bits remaining, for the host number.

Over twenty years ago, IP Version 4 (IPv4) offered an addressing strategy that, although scalable for a time, resulted in an inefficient allocation of addresses.

The Class A and B addresses make up 75 percent of the IPv4 address space, however fewer than 17,000 organizations can be assigned a Class A or B network number.

Class C addresses are limited to 254 usable hosts. This does not meet the needs of larger organizations that cannot acquire a Class A or B address.

These extensions are specifically designed to improve the efficiency with which the 32-bit address space can be used. Two of the more important of these are subnet masks and classless interdomain routing (CIDR),

IPv6:

IP Version 6 (IPv6) uses 128 bits rather than the 32 bits currently used in IPv4. IPv6 uses hexadecimal numbers to represent the 128 bits. IPv6 provides 640 sextrillion addresses. This version of IP should provide enough addresses for future communication needs.

IPv6 addresses are identifiers for individual interfaces and sets of interfaces. IPv6 addresses are assigned to interfaces, not nodes. Since each interface belongs to a single node, any of the unicast addresses assigned to the interfaces of the node may be used as an identifier for the node.

IPv6 addresses are written in hexadecimal, and separated by colons. IPv6 fields are 16 bits long.

To make the addresses easier to read, leading zeros can be omitted from each field. The field :0003: is written :3:.

IPv6 shorthand representation of the 128 bits uses eight 16-bit numbers, shown as four hexadecimal digits.

IPv6 is slowly being implemented in select networks. Eventually, IPv6 may replace IPv4 as the dominant Internet protocol.

This protocol is a hierarchical addressing scheme that allows individual addresses to be associated together and treated as groups. These groups of addresses allow efficient transfer of data across the Internet.

Network administrators use two methods to assign IP addresses. These methods are static and dynamic.

Static assignment works best on small, infrequently changing networks.

The system administrator manually assigns and tracks IP addresses for each computer, printer, or server on the intranet.

Good recordkeeping is critical to prevent problems which occur with duplicate IP addresses. This is possible only when there are a small number of devices to track.

Servers should be assigned a static IP address so workstations and other devices will always know how to access needed services.

Other devices that should be assigned static IP addresses are network printers, application servers, and routers.

Reverse Address Resolution Protocol (RARP) associates a known MAC addresses with an IP addresses.

A network device, such as a diskless workstation, might know its MAC address but not its IP address. RARP allows the device to make a request to learn its IP address. Devices using RARP require that a RARP server be present on the network to answer RARP requests.

The source device must include both its MAC address and IP address in order for the destination device to retrieve data, pass it to higher layers of the OSI model, and respond to the originating device.

The source initiates a process called a RARP request. This request helps the source device detect its own IP address. RARP requests are broadcast onto the LAN and are responded to by the RARP server which is usually a router.

RARP uses the same packet format as ARP.

In a RARP request, the MAC headers and operation code are different from an ARP request. The RARP packet format contains places for MAC addresses of both the destination and source devices. The source IP address field is empty. The broadcast goes to all devices on the network. Figures depict the destination MAC address as FF:FF:FF:FF:FF:FF. Workstations running RARP have codes in ROM that direct them to start the RARP process.

A step-by-step layout of the RARP process is illustrated in Figures.

The bootstrap protocol (BOOTP) operates in a client-server environment and only requires a single packet exchange to obtain IP information.

Unlike RARP, BOOTP packets can include the IP address, as well as the address of a router, the address of a server, and vendor-specific information.

One problem with BOOTP, however, is that it was not designed to provide dynamic address assignment. With BOOTP, a network administrator creates a configuration file that specifies the parameters for each device. The administrator must add hosts and maintain the BOOTP database. Even though the addresses are dynamically assigned, there is still a one to one relationship between the number of IP addresses and the number of hosts. This means that for every host on the network there must be a BOOTP profile with an IP address assignment in it. No two profiles can have the same IP address. Those profiles might be used at the same time and that would mean that two hosts have the same IP address.

A device uses BOOTP to obtain an IP address when starting up. BOOTP uses UDP to carry messages.

The UDP message is encapsulated in an IP packet.

A computer uses BOOTP to send a broadcast IP packet using a destination IP address of all 1s, 255.255.255.255 in dotted decimal notation. A BOOTP server receives the broadcast and then sends back a broadcast. The client receives a frame and checks the MAC address. If the client finds its own MAC address in the destination address field and a broadcast in the IP destination field, it takes and stores the IP address and other information supplied in the BOOTP reply message.

A step-by-step description of the process is shown in Figures.

Dynamic host configuration protocol (DHCP) is the successor to BOOTP.

Unlike BOOTP, DHCP allows a host to obtain an IP address dynamically without the network administrator having to set up an individual profile for each device.

All that is required when using DHCP is a defined range of IP addresses on a DHCP server.

As hosts come online, they contact the DHCP server and request an address. The DHCP server chooses an address and leases it to that host.

With DHCP, the entire network configuration of a computer can be obtained in one message. This includes all of the data supplied by the BOOTP message, plus a leased IP address and a subnet mask.

The major advantage that DHCP has over BOOTP is that it allows users to be mobile. This mobility allows the users to freely change network connections from location to location.

It is no longer required to keep a fixed profile for every device attached to the network as was required with the BOOTP system.

The importance to this DHCP advancement is its ability to lease an IP address to a device and then reclaim that IP address for another user after the first user releases it.

A step-by-step description of the process is shown in Figures.

The TCP/IP suite has a protocol, called Address Resolution Protocol (ARP), which can automatically obtain MAC addresses for local transmission.

Communications between two LAN segments have an additional task. Both the IP and MAC addresses are needed for both the destination host and the intermediate routing device.

Some devices will keep tables that contain MAC addresses and IP addresses of other devices that are connected to the same LAN. These are called Address Resolution Protocol (ARP) tables. ARP tables are stored in RAM memory, where the cached information is maintained automatically on each of the devices.

It is very unusual for a user to have to make an ARP table entry manually.

Each device on a network maintains its own ARP table.

When a source determines the IP address for a destination, it then consults the ARP table in order to locate the MAC address for the destination. If the source locates an entry in its table, destination IP address to destination MAC address, it will associate the IP address to the MAC address and then uses it to encapsulate the data.

There are two ways that devices can gather MAC addresses:

One way is to monitor the traffic that occurs on the local network segment. All stations on an Ethernet network will analyze all traffic to determine if the data is for them. Part of this process is to record the source IP and MAC address of the datagram to an ARP table. So as data is transmitted on the network, the address pairs populate the ARP table.

Another way to get an address pair for data transmission is to broadcast an ARP request.

The computer that requires an IP and MAC address pair broadcasts an ARP request. All the other devices on the local area network analyze this request. If one of the local devices matches the IP address of the request, it sends back an ARP reply that contains its IP-MAC pair. If the IP address is for the local area network and the computer does not exist or is turned off, there is no response to the ARP request. In this situation, the source device reports an error.

Routers do not forward broadcast packets.

Proxy ARP is a variation of the ARP protocol. In this variation, a router sends an ARP response with the MAC address of the interface on which the request was received, to the requesting host. The router responds with the MAC addresses for those requests in which the IP address is not in the range of addresses of the local subnet.

Another method to send data to the address of a device that is on another network segment is to set up a default gateway.

The default gateway is a host option where the IP address of the router interface is stored in the network configuration of the host. The source host compares the destination IP address and its own IP address to determine if the two IP addresses are located on the same segment. If the receiving host is not on the same segment, the source host sends the data using the actual IP address of the destination and the MAC address of the router. The MAC address for the router was learned from the ARP table by using the IP address of that router.

If the default gateway on the host or the proxy ARP feature on the router is not configured, no traffic can leave the local area network.

The Lab Activity will introduce the arp -a command.