Presentation on theme: "Lecture 2: IP addresses, TCP and UDP This lecture will cover: The “whole thing” (how your email gets to you) More about IP addresses. How names."— Presentation transcript:
Lecture 2: IP addresses, TCP and UDP This lecture will cover: The “whole thing” (how your email gets to you) More about IP addresses. How names become IP addresses. TCP and UDP ICMP More Information Bertsekas/Gallager: Section 2.8-2.9 Tanenbaum: Section 6.1-6.4
Reminder from last lecture IP sends data from place to place. TCP or UDP sit above it at either end. When you use the internet you use addresses like http://manor.york.ac.uk or firstname.lastname@example.org These addresses must then be converted to an IP address e.g. 220.127.116.11 This means that data (packets) can get from A to B. But what happens if data is lost, how do we know where they are going to and how can we put packets back together into data?
The Internet - emailing a friend your computer G/169 router university of york JANET transatlantic cable US backbone LAN your friend's computer
Domain Name System (DNS) DNS takes the human readable name and converts it to octets. On a unix machine you can try this using nslookup. (Linux users may prefer dig). manor.york.ac.uk 1% nslookup www.ntk.net Server: castle2.york.ac.uk Address: 18.104.22.168 Non-authoritative answer: Name: vwww.flirble.org Address: 22.214.171.124 Aliases: www.ntk.net Answer Question
DNS(2) comorggovmil jpuknl sun eng vnvnation www ac co org york www manor ic doc src net generic/US national musicnonstop www TLDs (Top Level Domains)
Routing Tables How do packets know where to go? This problem is known as routing. The oldest (and easiest) solution is static routing. Each computer has a table saying where to go to get to each other computer. On a Local Area Network (LAN) list all machines on your subnet and the address of the external router for everything else. Most machines only need to know how to get to their nearest router. Much more will be said about routing later in the course
TCP and UDP Once we’ve got our IP packet safely to its destination what happens next? Having stripped off the header, the first thing we find is another header. The second header provides information on which port to enter the machine on and where to send the reply. It also provides a checksum to check the data is valid. UDP will do nothing else. TCP will ensure that the connection is lossless.
What are ports? Ports are conceptual “points of entry” into a host computer. They do not correspond with real hardware but are an abstraction for convenience. Usually a service is associated with a port (e.g. http on port 80). Servers “listen on a port” for connection attempts. Ports provide one level of internet security. Generally, low number ports (< 100) are reserved for special services.
Common Services and Ports ServiceListens on Port ftp21 telnet23 smtp (mail)25 finger79 http80 User configured services (your Half-Life server?) will listen on high numbered ports which are usually left open to all users.
UDP data User Datagram Protocol – the header is shown below. Length and checksum are as for IP.
About UDP Provides a lossy connection (data may vanish). Does not guarantee packets are delivered in order. Useful for real time applications. (It is no use having your Quake III information arriving correctly but ten seconds late). UDP applications can implement their own packet loss checking but it is best to use TCP for this.
About the TCP header Sequence number (what is the “order” of this packet) incremented by 1 for every packet. Acknowledgement number (what packet sequence number does this acknowledge). Header length (how many 32 bit words are in options). Flags: SYN = start connection, ACK = acknowledge packet, FIN= finish connection. (Three other flags, URG, RST, PSH).
TCP header (2) Window size will be described in more detail later (it sets how many unacknowledged packets may exist). Checksum – is as for IP and UDP. Urgent Pointer – points to part of the data that must be looked at by the receiver before the TCP session (rarely used). Offsets says how long the options field is (the options field can contain “other things” – extra facilities that TCP might implement).
About TCP TCP provides a lossless connection (or flags an error when losses occur). Data packets are given an order and can be reassembled. TCP provides some limited congestion control. TCP is most useful for applications where data validity is important but real-time is not critical (email, www, ftp). TCP packets are part of a TCP session.
TCP connections This diagram shows the start of a TCP connection. A sends packet X with SYN. “Hello I would like to talk”. B sends a SYN, ACK pair “I got your message. I would also like to talk” A sends an ACK (and some data) “I got your message, here is some data.”
TCP mechanisms The window size is the number of outstanding (unacknowledged) packets that that a TCP session can send. The window size provides a crude method for congestion control. The window size increases to allow more packets to be sent (it increases throughput). If a packet is lost then the window is reduced again.
TCP lost packets When a packet is received out of sequence the receiver sends an ACK with the same number as the previous. If the sender receives three duplicate ACKs then it assumes the packet has been lost and resends. If the sender has not received an ACK for a packet within a certain amount of time then it times out and assumes the packet lost. Packet loss causes the packet to be resent and the congestion window to be reduced.
TCP Window Increase/Decrease Transmission no Threshold Congestion window The initial doubling of the window size is called “slow start”. Timeout
Closing a TCP/session – an interesting dilemma (aside) How can we close a TCP session and stop listening?
ICMP Internet Control Message Protocol packets are used for various control purposes. Here are some common ones: Time exceeded: TTL hit 0. Echo request: Can you hear me out there? Echo reply: Yes I can hear you. Source Quench: Stop sending so much data. Timestamp request/reply (as echo but with times).
The story of ping Ping is a handy utility for checking if a computer is alive using ICMP echo request/reply (or timestamp if we want). Ping is a first test if a computer is networked. We can even measure the speed of light using ping. http://xxx.lanl.gov/abs/physics/0201053 Hacking makes it increasingly unused. manor.york.ac.uk 20% ping -s castle.york.ac.uk PING castle2.york.ac.uk: 56 data bytes 64 bytes from castle2.york.ac.uk (126.96.36.199): icmp_seq=0. time=1. ms 64 bytes from castle2.york.ac.uk (188.8.131.52): icmp_seq=1. time=1. ms 64 bytes from castle2.york.ac.uk (184.108.40.206): icmp_seq=2. time=1. ms 64 bytes from castle2.york.ac.uk (220.127.116.11): icmp_seq=3. time=1. ms
Traceroute Traceroute neatly combines ping and the TTL flag to get a “route” to a computer. If the TTL is one the the packet will “die” after one hop. ICMP will return a Time exceeded flag. This will tell us where the first “hop” of our journey is. Increase the TTL by one to find the next “hop”.
ICMP tourism (with traceroute) traceroute to host213-121-67-224: (18.104.22.168): 2-20 hops, 38 byte packets 2 22.214.171.124 tondi-CR.online.ee 1.62 ms (ttl=127) 3 126.96.36.199 liiva-CR.online.ee 1.82 ms (ttl=126) 4 188.8.131.52 tix-CR.online.ee 2.16 ms (ttl=125) 5 184.108.40.206 r1-Fa4-0-80-Tln-TIX.EE.KPNQwest.net 2.28 ms (ttl=251) 6 220.127.116.11 r5-AT3-1.105.sthm-KPN1.SE.kpnqwest.net 12.2 ms (ttl=250) 7 18.104.22.168 r2-Ge0-2-0-0.Sthm-KQ1.SE.KPNQwest.net 34.3 ms (ttl=246!) 8 22.214.171.124 r2-Se0-3-0.hmbg-KQ2.DE.KPNQwest.net 33.4 ms (ttl=247!) 9 126.96.36.199 r2-Se0-2-0.0.ffm-KQ1.DE.kpnqwest.net 34.1 ms (ttl=249!) 10 188.8.131.52 r2-Se0-3-0.0.ledn-KQ1.NL.kpnqwest.net 39.6 ms (ttl=248!) 11 184.108.40.206 r1-Se0-0-0.0.ldn-KQ1.UK.kpnqwest.net 43.7 ms (ttl=246!) 12 220.127.116.11 r1-Se0-0-0.0.Ldn-KQ4.UK.KPNQwest.net 44.9 ms (ttl=245!) 13 18.104.22.168 r13-Gi5-0.200.ldn-KQ4.UK.kpnqwest.net 45.4 ms (ttl=245!) 14 22.214.171.124 linx-l1.ukcore.bt.net 45.2 ms (ttl=244!) 15 126.96.36.199 core2-pos14-0.ilford.ukcore.bt.net 45.3 ms (ttl=243!) 16 188.8.131.52 core2-pos5-0.reading.ukcore.bt.net 46.7 ms (ttl=242!) 17 184.108.40.206 core2-pos8-0.birmingham.ukcore.bt.net 54.3 ms (ttl=241!) 18 220.127.116.11 core2-pos9-0.rochdale.ukcore.bt.net 51.0 ms (ttl=240!) 19 18.104.22.168 vhsaccess1-gig1-0.rochdale.fixed.bt.net 51.1 ms (ttl=239!) 20 22.214.171.124 ugint0066-p.vhsaccess1.rochdale.fixed-nte.bt.net 51.3 ms (ttl=238!) This shows the trip from Estonia to my flat in Fulford via my Internet Service Provider (ISP) – V21 in Rochdale
The journey of email To: email@example.com From: richard@manor Dave, Great to see you the other day... Look up IP name for distant.com Dav e, Gr eatto s Packetise the data Dav Add TCP header to first packet Dav Add IP header to front of that Get first hop from routing table SYN SYN,ACK ACK Set up the TCP connection Send the first packet to its first hop And so on for further hops. Destination gets packet and returns ACK Start sending rest of data