Network Models
OSI and TCP models
Networking is hard. It takes a lot of pieces, both hardware, and software, to get anything done. Just making Google appear in your Web browser requires millions of hours in research, development, and manufacturing. Whenever we encounter highly complex technologies, we need to simplify the overall process (making Google show up in your browser) by breaking it into discrete, simple, individual processes. We do this using model.
OSI: “All People Seem To Need Data Processing.”
Layer 1 of the OSI model defines the method of moving data between computers, so the cabling and central box are part of the physical layer (Layer 1). Anything that moves data from one system to another, such as copper cabling, fiber optics, even radio waves, is part of the OSI Physical layer. Layer 1 doesn’t care what data goes through; it just moves the data from one system to another system.
NICs, send and receive this binary data as pulses of electricity, light, or radio waves. The NICs that use electricity to send and receive data are the most common, so let’s consider that type of NIC. The specific process by which a NIC uses electricity to send and receive data is exceedingly complicated but, luckily for you, not necessary to understand. Instead, just think of a charge on the wire as a one and no charge as a zero. A chunk of data moving in pulses across a wire
Frames
Once you understand how data moves along the wire, the next question is how does the network get the right data to the right system? All networks transmit data by breaking whatever is moving across the Physical layer (files, print jobs, Web pages, and so forth) into discrete chunks called frames. A frame is basically a container for a chunk of data moving across a network. The NIC creates and sends, as well as receives and reads, these frames.
Here’s where the MAC address becomes important. The figure shows a representation of a generic frame. Even though a frame is a string of ones and zeroes, we often draw frames as a series of rectangles, each rectangle representing a part of the string of ones and zeroes. You will see this type of frame representation used quite often, so you should become comfortable with it (even though I still prefer to see frames as pneumatic canisters). Note that the frame begins with the MAC address of the NIC to which the data is to be sent, followed by the MAC address of the sending NIC. Next comes the Type field, which indicates the specific network technology of the frame. Then comes the Data field, followed by a special bit of checking information called the frame check sequence (FCS). The FCS uses a type of binary math called a cyclic redundancy check (CRC) that the receiving NIC uses to verify that the data arrived intact.
-Devices on a network send and receive data in discreet chunks called frames (or packets)
-Frames are a max. Of 1500 bytes in size
-Frames are created and destroyed inside the network interface card (NIC)
The NIC
To understand networks, you must understand how NICs work. The network must provide a mechanism that gives each system a unique identifier — like a telephone number — so data is delivered to the right system. That’s one of the NIC’s most important jobs. Inside every NIC, burned onto some type of ROM chip, is special firmware containing a unique identifier with a 48-bit value called the media access control address, or MAC address.
No two NICs ever share the same MAC address — ever. Any company that makes NICs must contact the Institute of Electrical and Electronics Engineers (IEEE) and request a block of MAC addresses, which the company then burns into the ROMs on its NICs. Many NIC makers also print the MAC address on the surface of each NIC,
Note that the NIC shown here displays the MAC address in hexadecimal notation. Count the number of hex characters — because each hex character represents 4 bits, it takes 12 hex characters to represent 48 bits.
MAC(MAC-48 or EUI-48) Addresses
The MAC address in Figure is 004005–607D49, although in print, we represent the MAC address as 00–40–05–60–7D–49. The first six digits, in this example 00–40–05, represent the number of the NIC manufacturer. Once the IEEE issues those six hex digits to a manufacturer — referred to as the Organizationally Unique Identifier (OUI) — no other manufacturer may use them. The last six digits, in this example 60–7D–49, are the manufacturer’s unique serial number for that NIC; this portion of the MAC is often referred to as the device ID.
Would you like to see the MAC address for your NIC? If you have a Windows system, type ipconfig/all from a command prompt to display the MAC address
Note that ipconfig calls the MAC address the “physical addres”
-A MAC address is a unique 48-bit identifier for a NIC
-Frames have destination and source MAC addresses
-NICs use MAC addresses to decide whether or not to process a frame
Broadcast vs Unicast
Using the MAC address is a great way to move data around, but this process raises an important question. How does a sending NIC know the MAC address of the NIC to which it’s sending the data? In most cases, the sending system already knows the destination MAC address because the NICs had probably communicated earlier, and each system stores that data. If it doesn’t already know the MAC address, a NIC may send a broadcast onto the network to ask for it. The MAC address of FF-FF-FF-FF-FF-FF is the broadcast address — if a NIC sends a frame using the broadcast address, every single NIC on the network will process that frame. That broadcast frame’s data will contain a request for a system’s MAC address. Without knowing the MAC address to begin with, the requesting computer will use an IP address to pick the target computer out of the crowd. The system with the MAC address your system is seeking will read the request in the broadcast packet and respond with its MAC address.
-Unicast transmission is addressed to a single device on a network
-A broadcast transmission is sent to every device in a broadcast domain
-A broadcast address looks like: FF-FF-FF-FF-FF-FF
Packets and Ports
Getting data from one system to another in a simple network (defined as one in which all the computers connect to one switch) takes relatively little effort on the part of the NICs. But one problem with simple networks is that computers need to broadcast to get MAC addresses. It works for small networks, but what happens when the network gets big, like the size of the entire Internet? Can you imagine millions of computers all broadcasting? No data could get through.
Equally important, data flows over the Internet using many technologies, not just Ethernet. These technologies, such as SONET, ATM, and others, don’t know what to do with Ethernet MAC addresses. When networks get large, you can’t use the MAC addresses anymore. Large networks need a logical addressing method (IP), like a postal code or telephone numbering scheme, that ignores the hardware and enables you to break up the entire large network into smaller networks called subnets.
At the Network layer, Layer 3, containers called packets get created and addressed so they can go from one network to another. The Internet Protocol is the primary logical addressing protocol for TCP/IP. IP makes sure that a piece of data gets to where it needs to go on the network. It does this by giving each device on the network a unique numeric identifier called an IP address. An IP address is known as a logical address to distinguish it from the physical address, the MAC address of the NIC.
What makes logical addressing powerful is the magic box — called a router — that connects each of the subnets. Routers use the IP address, not the MAC address, to forward data. This enables networks to connect across data lines that don’t use Ethernet, like the telephone network. Each network type (such as Ethernet, SONET, ATM) uses a unique frame.
-An IPv4 address looks like: — 31.44.17.231 or IPv6–2001:0D8B8:FE01::
-A router connects multiple local area networks
-The IP packet within the frame never changes
For a TCP/IP network to send data successfully, the data must be wrapped up in two distinct containers. A frame of some type enables the data to move from one device to another. Inside that frame is both an IP-specific container that enables routers to determine where to send data — regardless of the physical connection type — and the data itself. In TCP/IP, that inner container is called a packet.
Segments Within Packets
To see the Transport layer in action, strip away the IP addresses from an IP packet. What’s left is a chunk of data in yet another container called a TCP segment. TCP segments have many other fields that ensure the data gets to its destination in good order. These fields have names such as Checksum, Flags, and Acknowledgement. for now, just know that TCP segments have fields that ensure the connection-oriented communication works properly. The figure shows a typical (although simplified) TCP segment.
Data comes from the Application layer. The Transport layer breaks that data into chunks, adding port numbers and sequence numbers, creating the TCP segment. The Transport layer then hands the TCP segment to the Internet layer, which, in turn, creates the IP packet.
Although a lot of traffic on a TCP/IP network uses TCP at the Transport layer, like Yoda said in The Empire Strikes Back, “There is another,” and that’s UDP. UDP also gets data from the Application layer and adds port and length numbers plus a checksum to create a container called a UDP datagram. A UDP datagram lacks most of the extra fields found in TCP segments, simply because UDP doesn’t care if the receiving computer gets its data. The figure shows a UDP datagram.
Ports
TCP/IP uses a unique port numbering system that gives each application a unique number between 1 and 65535. Some of these port numbers are very well known. The protocol that makes Web pages work, HTTP, uses port 80, for example. Although we can say that the OSI model’s Presentation layer fits inside the TCP/IP model’s Application layer, no application requires any particular form of presentation as seen in the OSI model. Standard formats are part and parcel with TCP/IP protocols. For example, all e-mail messages use an extremely strict format called MIME. All e-mail servers and clients read MIME without exception.
Need to know how TCP/IP uses port numbers and you have to memorize a substantial number of common port numbers.
A port number is a 16-bit value between 0 and 65535. Web servers, for example, use port number 80. Port numbers from 0 to 1023 are called well-known port numbers and are reserved for specific TCP/IP applications.
-Port numbers help direct packet traffic between the source and destination
-Packets have sequence numbers so the network software can reassemble the file correctly
-TCP is connection-oriented, UDP is connectionless