The OSI Standard Model of ISO
Figure 2.3 The interaction between layers in the OSI model
2.7
Figure 2.4 An exchange using the OSI model
2.8 -- 7 layers proto stack, with 7 corresponding protocols. -- Peer to peer processes at each layer in different machines. -- What is a "layer"? What is a layer's "protocol"? --Why do we need the OSI stack of layered protocols, i.e., Network Software?
1) Physical Layer: PDU N/A, bit stream.
Figure 2.5 Physical layer
2.10
** The Physical Layer moves bit sequence over a physical link.
** Links/Media high quality/reliability play a major factor of the design complexity of upper layers' protocols, some layers might be significantly reduced or even finished.
Defines the following: a) Physical characteristics of EIA (Electronic Industries Alliances) 422/485 balanced mode interfaces and medium. b) Bit representation: encoding/decoding, electrical/optical. c) Data rate: (b/s) bit TX duration. d) Bits synch: sender and receiver clock synch and same data rate. e) Line configuration: Point-to-point, Multipoint f) Physical Topology: Mesh, ring, bus, and hybrid. g) Transfer mode: Simplex, F/D, and H/D. h) Physical Media: Coaxial, TP, Fiber, Wireless.
2) Data Link Layer: PDU frame with header/trailer , Address Physical MAC address
Figure 2.6 Data link layer
2.12
Two Sublayers:
1) Logic Link Control (LLC):
**Source-Destination DL-PDUs (frames) delivery. a. Framing/Deframing. b. Physical Addressing: Sender/receiver addresses in the frame header. c. Flow Control: To prevent fast sender from flooding a slower receiver with frames. d. Error Control: To Increase physical layer reliability by adding mechanism to detect and ReTx damages and lost frames. (Trailer)
2) Medium Access Control (MAC): **Control the access to the shared and limited physical medium among all connected devices.(Ethernet, FDDI, 802.11, TR,TB, ...).
[?] Inter-LANing (Bridging)- **Moving frames between different LANs with different MACs' protocols, resolving all conflicts due to the different protocol syntax (frame format) and semantics (frame interpretation and control procedure/steps).
Figure 2.7 Hop-to-hop delivery
2.14
3) Network Layer: PDUpacket Address logical address (IP)
Figure 2.8 Network layer
2.15
Figure 2.9 Source-to-destination delivery
2.17
Two Major Functions:(Sublayers??? not yet!!?)
1- Routing: To route packets over the subnet (cloud of routers and switches), makes the optimal routing decisions (src/destination).
Source to destination host system delivery, utilizing the data link layer for peer-to-peer delivery.
Physical addresses at the D.L are not enough; we need to add logical addressing in the packet header, of the sender and receiver.
2- Internetworking: resolve any Network protocol conflicts while moving in the subnet. (IPX-Netware, IP, X.25, AFP-Apple talk, etc)
4) Transport Layer: PDUsegment , Addressing "Service Access Point (SAP)"
Figure 2.10 Transport layer
2.18 The most important layer since it abstracts the complicated details of the subnet to the user, allowing for QoS over the Network protocol.
It communicates a meaningful data unit called message (group of related packets) between users over the subnet trying for the most optimal utilization of the subnet.
Responsibilities (ISO TP-4): a) Service Access Point Addressing: (SAP) The network logical address (i.e., IP) is for src_system to dest_system not src_user_process to destination_user_process, hence we need another addressing mechanism => SAP addresses (port numbers) within the same system for message delivery between user's processes, where each process assigned to do specific service is tied to certain port number. b) Segmentation and Reassembly: segment <=> packets A process (user) message is divided, at the sender side into segments (if needed), each with a segment sequence number to aid in assembly (in a correct order) of related segments into the original user’s message, at the receiver side. c) Connection Control: 1) Connection reliable service. "Connection oriented" TP guarantees delivery in order with ACK'ment of segments back from the receiver to the sender. 2) Connectionless unreliable service (no ACK, no safe arrival guarantee) d) Flow Control: same mechanism as in the Data-Link Layer (DLL), but applied at the message level between “end-users” processes. e) Error Control: Like the DLL, but process_to_process delivery of messages. Errors(damaged, lost or duplicate) cause retransmission of messages.
We should state that there is another major TL functions remains such as Gatewaying to resolve conflicts when moving between different TL protocols.
Figure 2.11 Reliable process-to-process delivery of a message
2.20
5) Session Layer: a. Dialog Controls H/D or F/D. b. Synchronization: Checkpoints are added to data streams for dividing into units of independent ACK. Communication robustness in case of crashes.
6) Presentation Layer: a. Translation: ASCII,--.EBCDIC. Abstract syntax notation (ASN). b. Encryption: To secure information Tx for privacy c. Compression: For efficient utilization of bandwidth.
7) Application Layer: 1) Virtual terminal”putty”to allow remote logins (emulations) 2) File transfer 3) Mail Service, 4) Directory service. SMTP, HTTP, DNS, SNMP, TELNET. TCP/IP Protocol Suite (Stack)
Figure 2.16 TCP/IP and OSI model
2.29
Application STMP FTP HTTP DNS SNMP TELNET Presentation Session SCTP TCP UDP Transport ICMP IGMP
Network (internet) IP RARP/ARP
DataLink
Physical Host-to-network (LAN/MAN/WAN)
Figure 2.17 Addresses in TCP/IP
2.31
Figure 2.18 Relationship of layers and addresses in TCP/IP
2.32
1) Physical Layer: Intentionally left very vague!?! It can be a LAN, MAN, or WAN with Synchronous Optical NETork (SONET), Asynchronous Transfer Mode (ATM), all-fiber Ultra Dense Wave Division Muxing (UDWDM) physical carriers technologies.
2) Network Layer: Best-Effort-Delivery
Internet Protocol (IP) Unreliable connectionless datagram protocol (no end control flow). At the network layer there are other companion protocols to help the poor performance IP: A) Internet Control Message Protocol (ICMP): It is an IP companion that helps in reporting any failure/congestion in subnet, via host-management queries which is not part of the IP protocol, hence alleviating the IP deficiencies. With the ICMP, a host/admin can enquire the status of another host or router in the subnet cloud. Such knowledge can aid in the efficient management of the subnet utilization, identifying subnet problems via the ICMP query messages. Ping and traceroute (UNIX)/tracert (Windows) utilize ICMP. traceroute & tracert - print the route packets take to network host destination.
ICMPv6: (IPv6-- 128 bit address): (Reference: http://www.tcpipguide.com/free/t_ICMPv6RouterRenumberingMessages.htm)
ICMPv6 informational messages of which are used in matching pairs.
Echo Request and Echo Reply messages-- used for network connectivity testing.
Router Advertisement and Router Solicitation messages-- used to let hosts discover local routers and learn necessary parameters from them.
Neighbor Advertisement and Neighbor Solicitation messages-- used for various communications between hosts on a local network, including IPv6 address resolution.
Redirect messages-- which let routers inform hosts of better first-hop routers, and
Router Renumbering messages-- With the huge 12-bit addressing, a network administrator (NA) has the potential to make large network migrations and merges much simpler. A NA selects a machine to generate one or more Router Renumbering Command messages. These messages provide a list of prefixes of routers that are to be renumbered. Each router processes these messages to see if the addresses on any of their interfaces match the specified prefixes. If so, they change the matched prefixes to the new ones specified in the message.
B) Internet Group Message Protocol (IGMP): It is an IP companion that aids in expanding the IP to have multicasting capability to a group of destinations, by managing group membership to help routing at the network's multicast routers.
Address Resolutions:
C) Address Resolution Protocol (ARP): Logical to Physical The destination IP address (known at a sender from the DNS) is not enough to get to the destination machine (physical at the MAC).
Hence the sender will seek the help of ARP (via query packet) to get the destination's MAC physical address (needed to form the MAC frame's destination address), i.e., to map:
IP (logical) MAC (physical) destination address.
ARP proxy -- It represents a set of hosts, providing its own MAC for any of those hosts’ query, i.e., temporary destination, then when receiving any of the hosts’ actual IP packets, it directs it to the intended host MAC sublayer, via a mapping table, IPMAC.
Security Issue: Read about ARP Spoofing (Poisoning) & Mitigation Techniques. Attacks: (stemmed from the fact that ARP DOES NOT authenticate) (Reference: http://www.watchguard.com/infocenter/editorial/135324.asp) Denial of Service-- Falsely associating your network's router (NR) IP address to the intruder machine MAC address (IMAC); hence all of the attacked network users' traffic is gone into a black hole sink machine!, Man in the Middle-- 1) The attacker issues an ARP reply (with no previous ARP request) to your NR, falsely associating the IMAC to your IP address, i.e., playing you to the NR! 2) The hacker then sends a false ARP reply to your machine associating the IMAC to the NR's IP address, playing NR to you. 3) The hacker uses the IP forwarding OS utility to forward your traffic (after sniffing/hijacking it) to the NR! MAC Flooding-- By flooding a switch's ARP table with a ton of spoofed ARP replies, a hacker can overload many vendor's (smart) switches and then packet sniff all your network traffic, while the flooded switch is forced to go into a (dumb) "hub" mode, i.e., NOT enforcing any appropriate directing of traffic to its "correct" port, and just broadcasting all of its traffic to all networks' nodes at all ports, including the sniffing intruding node!
Mitigation Techniques-- (Left for you explore as a reading assignment) (Remember that an intruder must be part of your local network, in order to issue an ARP attacks! Good! Hence network admin can keep an eye on all nodes in the network and identify/isolate and intruding nodes)
D) Reverse Address Resolution Protocol (RARP): Physical to Logical (ancient diskless machines) When a diskless machine does not know its own IP address, to form an IP packet, it requests it from its host network (via RARP client program), where a server RARP machine responds with the target IP. Static address mapping tables are utilized. Dynamic Host Configuration Protocol (DHCP) is used to replace the RARP.
Address Resolution Protocol (ARP)& Domain Name System (DNS)& ARP Proxy: (http://www.tonypickett.com/arp_dns_dhcp/)
Host A needs to send data to host B Host A sends a DNS request for Host B’s IP number Host A receives the IP number from the DNS server Host A sends an ARP packet to the IP address of host B (with the MAC broadcast address: ff:ff:ff:ff:ff:ff:ff:ff
Host B sends an ARP packet in response containing its MAC address ARP data is cached at the host(s) to speed up processing. If host B is not on the same network as host A, the ROUTER will respond to the ARP request with its own MAC address, the IP address does not change. (the router is an ARP Proxy). 3) Transport Layer: Proc-to-Proc client/server.
A) User Datagram Protocol: UDP (message oriented)
--- Connectionless unreliable Transport Protocol, with very limited error checking (checksum). --- No error/ flow control, hence no ACK or guarantee of message arrival!
B) Transmission Control Protocol: TCP (byte oriented) ---Reliable connection oriented (stream) transport protocol. ---Establishes connection src_dest, before data transmission. ---Guarantees the Ordered/ ACKed of segments' transmission with segment numbers. --- Generally, Slower than UDP, security vulnerability (DOS sync attack).
C) Stream Control Tx Protocol: SCTP (message oriented) The future protocol to replace TCP!
Connection oriented reliable (error & flow control) transport protocol to supports voice over IP (Internet telephony) combining the best of UDP and TCP, and adds more.
Without SCTP’s capabilities the IMS (the IP Multimedia Subsystem) would not have the capability to reliably pass call control signaling to the various systems and it would not be possible to use TCP/UDP, except for few (e.g., twenty) simultaneous sessions, which is inconsequential as most Service Providers count their subscribers in millions. (Reference: https://www.f5.com/pdf/white-papers/sctp-introduction-wp.pdf)
It has most of the good TCP features (better than the UDP) and extra as follows: 1) Multi-homing (allows for an alternate destination if the original is not reachable). It also allows streaming over the same session (connection). 2) Preserve message boundaries (good UDP feature), less overhead to recover the original messages from the TCP Byte-stream! 3) Protects against DOS "SYN flooding attack" (good UDP feature), (INIT, INIT-ACK with Cookie, Cookie-Echo, Cookie-ACK). Hence, the server (under attack will not commit to the connection until the client sends a Cookie Echo where clients must commit some resources to be able to send Cookie-Echo back to the server! 4) No enforcement of ordered delivery (good UDP feature), multi streaming allow to block only the unordered stream, until being cleared/repaired, avoiding the constant overhead of reordering of arriving messages.
5) Selective acknowledgements: SCTP has the ability to selectively acknowledge receipt of missing, disordered, or duplicated messages.
For 4&5 above: In multimedia traffic we can tolerate some losses in order to save the very costly retransmission of the large transport message (i.e., transport PDU).