Presentation is loading. Please wait.

Presentation is loading. Please wait.

Layer 2 of the TCP/IP protocol stack: The art of internetworking.

Published byAbel Huckaby Modified over 9 years ago

Similar presentations

Presentation on theme: "Layer 2 of the TCP/IP protocol stack: The art of internetworking."— Presentation transcript:

1 Layer 2 of the TCP/IP protocol stack: The art of internetworking

2 The Internet Layer? It is the group of methods, protocols, and specifications which are used to transport datagrams (packets) from the originating host across network boundaries, if necessary, to the destination host specified by a network address (IP address) which is defined for this purpose by the Internet Protocol (IP) The Internet Layer derives its name from its function of forming an "internet", or facilitating "internetworking", which is the concept of connecting multiple networks with each other through gateways. The Internet Layer has three basic functions: For outgoing packets, select the "next hop" host (gateway) and transmit the packet to this host by passing it to the appropriate Link Layer implementation; for incoming packets, capture packets and pass the packet payload up to the appropriate Transport Layer protocol, if appropriate. In addition it provides error detection and diagnostic capability. In its operation, the Internet Layer is not responsible for reliable transmission. It provides only an unreliable service, and "best effort" delivery. This means that the network makes no guarantees about packets' proper arrival The function of providing reliability of service is the duty of higher level protocols, such as the Transmission Control Protocol (TCP) in the Transport Layer.

3 Internet Layer Core Protocols Internet protocol (IP), implemented in two versions, for IPv4 and IPv6 Internet Control Message Protocol (ICMP), primarily used for error and diagnostic functions, different implementations exist for IPv4 and IPv6 Internet Group Management Protocol (IGMP), used by IPv4 hosts and adjacent multicast routers to establish multicast group memberships Internet Protocol Security (IPsec), a suite of protocols for securing Internet Protocol (IP) communications by authenticating and/or encrypting each IP packet in a data stream

4 Relation to the OSI model… The Internet Layer of the TCP/IP model is often compared directly with the Network Layer (Layer 3) in the Open Systems Interconnection (OSI) protocol stack. Although they have some overlap, these layering models represent different classification methods. In particular, the allowed characteristics of protocols (e.g., whether they are connection-oriented or connection-less) placed in these layers are different between the models. OSI's Network Layer is a "catch-all" layer for all protocols that facilitate network functionality. The Internet Layer, on the other hand, is specifically a suite of protocols that facilitate internetworking using the Internet Protocol. Because of this, the OSI Network Layer is often described to include protocols such as the Address Resolution Protocol (ARP) which was placed in Link Layer by the original TCP/IP architects. Strict comparison between the TCP/IP model and the OSI model should be avoided. Layering in TCP/IP is not a principal design criterion and is in general considered to be harmful. Despite clear primary references and normative standards documents the Internet Layer is still sometimes improperly called network layer, in analogy to the OSI model.

5 Internet Protocol It is a protocol used for communicating data across a packet-switched internetwork using the Internet Protocol Suite. IP is the primary protocol in the Internet Layer of the Internet Protocol Suite and has the task of delivering distinguished protocol datagrams (packets) from the source host to the destination host solely based on their addresses. For this purpose the Internet Protocol defines addressing methods and structures for datagram encapsulation. The first major version of addressing structure, now referred to as Internet Protocol Version 4 (IPv4) is still the dominant protocol of the Internet, although the successor, Internet Protocol Version 6 (IPv6) is being deployed actively worldwide. The design principles of the Internet protocols assume that the network infrastructure is inherently unreliable at any single network element or transmission medium and that it is dynamic in terms of availability of links and nodes. No central monitoring or performance measurement facility exists that tracks or maintains the state of the network. For the benefit of reducing network complexity, the intelligence in the network is purposely mostly located in the end nodes of each data transmission, cf. end-to-end principle. Routers in the transmission path simply forward packets to next known local gateway matching the routing prefix for the destination address.

6 Internet Protocol (contd) IPv4 uses 32-bit (four-byte) addresses, which limits the address space to 4,294,967,296 (232) possible unique addresses. However, some are reserved for special purposes such as private networks (~18 million addresses) or multicast addresses (~270 million addresses). This reduces the number of addresses that can potentially be allocated for routing on the public Internet. As addresses are being incrementally delegated to end users, an IPv4 address shortage has been developing, however network addressing architecture redesign via classful network design, Classless Inter-Domain Routing, and network address translation (NAT) has significantly delayed the inevitable exhaustion. This limitation has stimulated the development of IPv6, which is currently in the early stages of deployment, and is the only long-term solution. Assistive Protocols: The Address Resolution Protocol (ARP) perform this IP address to hardware address (MAC address) translation for IPv4. In addition the reverse correlation is often necessary, for example, when an IP host is booted or connected to a network it needs to determine its IP address, unless an address is preconfigured by an administrator. Protocols for such inverse correlations exist in the Internet Protocol Suite. Currently used methods are Dynamic Host Configuration Protocol (DHCP) and, infrequently, inverse ARP.

7 Internet Control Message Protocol It is chiefly used by networked computers' operating systems to send error messages— indicating, for instance, that a requested service is not available or that a host or router could not be reached. ICMP relies on IP to perform its tasks, and it is an integral part of IP. It differs in purpose from transport protocols such as TCP and UDP in that it is typically not used to send and receive data between end systems. It is usually not used directly by user network applications, with some notable exceptions being the ping tool and traceroute. ICMP messages are constructed at the IP layer, usually from a normal IP datagram that has generated an ICMP response. IP encapsulates the appropriate ICMP message with a new IP header (to get the ICMP message back to the original sending host) and transmits the resulting datagram in the usual manner. For example, every machine (such as an intermediate router) that forwards an IP datagram has to decrement the time to live (TTL) field of the IP header by one; if the TTL reaches 0, an ICMP Time to live exceeded in transit message is sent to the source of the datagram. Each ICMP message is encapsulated directly within a single IP datagram, and thus, like UDP, ICMP is unreliable.

8 Internet Control Message Protocol (contd) ICMP Segment Structure: - Type - ICMP type - Code - further specification of the ICMP type; e.g. : an ICMP Destination Unreachable might have this field set to 1 through 15 each bearing different meaning. - Checksum - This field contains error checking data calculated from the ICMP header+data, with value 0 for this field. The algorithm is the same as the header checksum for IPv4. - ID - This field contains an ID value, should be returned in case of ECHO REPLY. - Sequence - This field contains a sequence value, should be returned in case of ECHO REPLY.

9 Internet Control Message Protocol Version 6 It is the implementation of the ICMP for Internet Protocol version 6 (IPv6). ICMPv6 is an integral part of IPv6 and performs error reporting, diagnostic functions (e.g., ping), neighbor discovery, and a framework for extensions to implement future Internet Protocol control aspects. ICMPv6 messages may be classified into two categories: error messages and information messages. The ICMPv6 packet consists of a header and the protocol payload. The header contains only three fields: Type (8 bits), Code (8 bits), and Checksum (16 bits). Type specifies the type of the message. Values in the range from 0 to 127 (high-order bit is 0) indicate an error message, and, when the high-order bit is 1 (128 to 255), it is an information message. The Code field value depends on the message type and provides an additional level of message granularity. The Checksum field provides a minimal level of integrity verification for the ICMP message.

10 Internet Group Management Protocol It is a communications protocol used to manage the membership of Internet Protocol multicast groups. IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships. It is an integral part of the IP multicast specification, operating above the network layer, though it does not actually act as a transport protocol. It is analogous to ICMP for unicast connections. IGMP can be used for online streaming video and gaming, and allows more efficient use of resources when supporting these types of applications. IGMP is vulnerable to some attacks, and firewalls commonly allow the user to disable it if not needed. IGMP is only needed for IPv4 networks, as multicast is handled differently in IPv6 networks. There are three versions of IGMP, as defined by RFC documents of the IETF. IGMPv3 improves over IGMPv2 mainly by adding the ability to listen to multicast originating from a set of IP addresses only. Membership Queries are sent by multicast routers to determine which multicast addresses are of interest to systems attached to its network. Routers periodically send General Queries to refresh the group membership state for all systems on its network. Group-Specific Queries are used to determine the reception state for a particular multicast address. Group-and-Source-Specific Queries allow the router to determine if any systems desire reception of messages sent to a multicast group from a source address specified in a list of unicast addresses.

11 Internet Protocol version 6 It is the next-generation Internet Protocol version designated as the successor to IPv4. IPv6 has a vastly larger address space than IPv4. This results from the use of a 128-bit address, whereas IPv4 uses only 32 bits. The new address space thus supports 2^128 (about 3.4×1038) addresses. This expansion provides flexibility in allocating addresses and routing traffic and eliminates the primary need for NAT, which gained widespread deployment as an effort to alleviate IPv4 address exhaustion. IPv6 also implements new features that simplify aspects of address assignment (stateless address auto configuration) and network renumbering (prefix and router announcements) when changing Internet connectivity providers. The IPv6 subnet size has been standardized by fixing the size of the host identifier portion of an address to 64 bits to facilitate an automatic mechanism for forming the host identifier from Link Layer MAC address. Network security is integrated into the design of the IPv6 architecture. Internet Protocol Security (IPsec) was originally developed for IPv6, but found widespread optional deployment first in IPv4 (into which it was back-engineered). The IPv6 specifications mandate IPsec implementation as a fundamental interoperability requirement.

12 Internet Protocol version 6 (contd) IPv6 hosts can configure themselves automatically when connected to a routed IPv6 network using ICMPv6 router discovery messages. When first connected to a network, a host sends a link-local multicast router solicitation request for its configuration parameters; if configured suitably, routers respond to such a request with a router advertisement packet that contains network-layer configuration parameters. If IPv6 stateless address autoconfiguration is unsuitable for an application, a network may use stateful configuration with the Dynamic Host Configuration Protocol for IPv6 (DHCPv6) or hosts may be configured statically. Multicast, the ability to send a single packet to multiple destinations, is part of the base specification in IPv6. This is unlike IPv4, where it is optional (although usually implemented). IPv6 does not implement broadcast, which is the ability to send a packet to all hosts on the attached link. The same effect can be achieved by sending a packet to the link-local all hosts multicast group. It therefore lacks the notion of a broadcast address—the highest address in a subnet (the broadcast address for that subnet in IPv4) is considered a normal address in IPv6. The IPv6 packet is composed of three main parts: the fixed header, optional extension headers and the payload.

13 Internet Protocol version 6 (contd) A fundamental IPv4-to-IPv6 transition technology involves the presence of two Internet Protocol software implementations in an operating system, one for IPv4 and another for IPv6. Such dual- stack IP hosts may run IPv4 and IPv6 completely independently, or they may use a hybrid implementation, which is the form commonly implemented in modern operating systems on server and end-user computers. Modern hybrid dual-stack implementations of TCP/IP allow programmers to write networking code that works transparently on IPv4 or IPv6. The software may use hybrid sockets designed to accept both IPv4 and IPv6 packets. When used in IPv4 communications, hybrid stacks use IPv6 semantics internally and represent IPv4 addresses in a special IPv6 address format, the IPv4-mapped address. Hybrid dual-stack IPv6/IPv4 implementations typically support a special class of addresses, the IPv4-mapped addresses. This address type has its first 80 bits set to zero and the next 16 set to one while its last 32 bits are filled with the IPv4 address. These addresses are commonly represented in the standard IPv6 format, but having the last 32 bits written in the customary dot-decimal notation of IPv4; for example, ::ffff:192.0.2.128 is the IPv4-mapped IPv6 address for IPv4 address 192.0.2.128. In order to reach the IPv6 Internet, an isolated host or network must use the existing IPv4 infrastructure to carry IPv6 packets. This is done using a technique known as tunneling which consists of encapsulating IPv6 packets within IPv4, in effect using IPv4 as a link layer for IPv6.

14 Internet Protocol Security It is a protocol suite for securing IP communications by authenticating and encrypting each IP packet of a data stream. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used to protect data flows between a pair of hosts (e.g. computer users or servers), between a pair of security gateways (e.g. routers or firewalls), or between a security gateway and a host. IPsec is a dual mode, end-to-end, security scheme operating at the Internet Layer of the Internet Protocol Suite or OSI model Layer 3. Some other Internet security systems in widespread use, such as SSL, TLS and SSH, operate in the upper layers of these models. Hence, IPsec can be used for protecting any application traffic across the Internet. Applications need not be specifically designed to use IPsec. The use of TLS/SSL, on the other hand, must typically be incorporated into the design of applications.

15 Internet Protocol Security (contd) The IPsec suite is a framework of open standards. IPsec uses the following protocols to perform various functions: - Internet key exchange (IKE and IKEv2) to set up a security association (SA) by handling negotiation of protocols and algorithms and to generate the encryption and authentication keys to be used by IPsec. - Authentication Header (AH) to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replay attacks. - Encapsulating Security Payload (ESP) to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality. Cryptographic algorithms defined for use with IPsec include: - HMAC-SHA1 for integrity protection and authenticity - TripleDES-CBC for confidentiality - AES-CBC for confidentiality.

16 Internet Protocol Security (contd) IPsec can be implemented in a host-to-host transport mode, as well as in a network tunnel mode: - In transport mode, only the payload (the data you transfer) of the IP packet is encrypted and/or authenticated. The routing is intact, since the IP header is neither modified nor encrypted; however, when the authentication header is used, the IP addresses cannot be translated, as this will invalidate the hash value. The transport and application layers are always secured by hash, so they cannot be modified in any way (for example by translating the port numbers). Transport mode is used for host-to-host communications. - In tunnel mode, the entire IP packet (data and IP header) is encrypted and/or authenticated. It is then encapsulated into a new IP packet with a new IP header. Tunnel mode is used to create Virtual Private Networks for network-to-network communications (e.g. between routers to link sites), host-to-network communications (e.g. remote user access), and host-to-host communications (e.g. private chat).

Download ppt "Layer 2 of the TCP/IP protocol stack: The art of internetworking."

Similar presentations

TCP/IP Protocol Suite 1 Chapter 27 Upon completion you will be able to: Next Generation: IPv6 and ICMPv6 Understand the shortcomings of IPv4 Know the IPv6.

TCP/IP Protocol Suite 1 Chapter 27 Upon completion you will be able to: Next Generation: IPv6 and ICMPv6 Understand the shortcomings of IPv4 Know the IPv6.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv4 20.3 IPv6.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
CE363 Data Communications & Networking Chapter 7 Network Layer: Internet Protocol.

CE363 Data Communications & Networking Chapter 7 Network Layer: Internet Protocol.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Limited address space The most visible and urgent problem with using IPv4 on the modern Internet is the rapid depletion of public addresses. Due to the.

Limited address space The most visible and urgent problem with using IPv4 on the modern Internet is the rapid depletion of public addresses. Due to the.
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.

Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.
IPv6 Network Security.

IPv6 Network Security.
2: Comparing IPv4 and IPv6 Rick Graziani Cabrillo College

2: Comparing IPv4 and IPv6 Rick Graziani Cabrillo College
Umut Girit 200535027.  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
Chapter 2 Network Models.

Chapter 2 Network Models.
The Network Layer Chapter 5. The IP Protocol The IPv4 (Internet Protocol) header.

The Network Layer Chapter 5. The IP Protocol The IPv4 (Internet Protocol) header.
Chapter 5 The Network Layer.

Chapter 5 The Network Layer.
Networking Theory (part 2). Internet Architecture The Internet is a worldwide collection of smaller networks that share a common suite of communication.

Networking Theory (part 2). Internet Architecture The Internet is a worldwide collection of smaller networks that share a common suite of communication.
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
1 CCNA 2 v3.1 Module 8. 2 TCP/IP Suite Error and Control Messages CCNA 2 Module 8.

1 CCNA 2 v3.1 Module 8. 2 TCP/IP Suite Error and Control Messages CCNA 2 Module 8.
IP/ICMP Translation Algorithm (IIT) Xing Li, Congxiao Bao, Fred Baker 2008-11-17.

IP/ICMP Translation Algorithm (IIT) Xing Li, Congxiao Bao, Fred Baker
Gursharan Singh Tatla Transport Layer 16-May-2011 1

Gursharan Singh Tatla Transport Layer 16-May
Chapter Overview TCP/IP Protocols IP Addressing.

Chapter Overview TCP/IP Protocols IP Addressing.

Similar presentations

Ads by Google