In this lesson, we discuss two important aspects of networking. The first concerns the concept of
layering, in which the various networking protocols are separated into distinct layers, each with a specific purpose. The second is translation, in which we introduce a scheme for rewriting IP Addresses when the total number available is insufficient.
Introduction: Protocols, Services, and Utilities
There is a protocol that constrains
between aircraft and control towers
Look at the following transcripts and see if you can identify
the rules governing things like identifying yourself and the
entity you want to communicate with, acknowledging receipt
of message, and turn-taking.
BR51: "Tower, BR51 request takeoff VFR to the West."
Tower: "BR51, Tower, you are cleared for takeoff to the West."
BR51: "Tower, BR51, copy, cleared for takeoff."
This second transcript shows a different pattern in terms of turn-taking.
BR51: "Dulles Tower, this is Bay Raider 51, 35 miles to the West, final stop Dulles."
Tower: "BR51, this is Dulles, cleared to Dulles"
BR51 : "Tower, BR51, copy, cleared to Dulles."
In subsequent lessons, we will explore some of these protocols, services, and utilities. For now, though, let's take a look at different types
of protocols, and how they interact.
Tactical Voice Communications
The document ACP 125
gives a protocol for communications between Allied Forces on tactical voice nets, to
"provide a standardized way of passing speech and data traffic."
The protocol specifies such things as a
("ALFA, BRAVO, ..., ZULU"),
(e.g., "say again", "roger" ),
how to unambiguously record a message (e.g., zero written as: Ø,
letter Z written as: Ƶ), and
(e.g., the brief phrase "Birds away" means "Friendly surface-to-air missiles have been fired at the designated target").
When you pick up that VHF bridge-to-bridge radio on one of the YP's, the ACP 125 protocol tells you how you should talk!
Here's an example dialog between call signs S7 and CC:
CC: "Sierra Seven this is Charlie Charlie,
radio check, over."
S7: "This is Sierra Seven, roger, over."
CC: "Sierra Seven, Charlie Charlie, immediate execute,
turn starboard niner, I say again, turn starboard
niner, standby ... execute, over."
The different protocols that make up the Internet
are organized into what's viewed as stacked layers. Before we define this model, called the TCP/IP Stack, we will consider an analogy.
- Mail Analogy. In simple correspondence by snail mail, say you and Grandma are writing letters and cards, we can view the whole process as consisting of four layers:
You Grandma ← Correspondent Layer
mail man mail man ← Carrier Layer
post office post office ← Depot Layer
| | ← Shipping Layer
`-- trucks,trains,planes --'
- In this model, there are two important features:
As the letter travels down one side of the stack, over to the other side at the bottom layer, then up the stack on other side — these interactions are governed each by their own protocol. For example, to send a letter via the Correspondent Layer you need to follow the addressing & stamping rules and you need to know that you leave the letter sticking out of your mail slot / box. What happens after that doesn't matter to you. To receive, of course, you just have to know to check your mail slot / box. Once again, how the other layers operate is not something you need to know about. If you're operating at the carrier layer, you just need to know: where to pick up your bag of letters at the post office, how to read the addresses so you can deliver letters to mail slots / boxes, where at the post office to bring the outgoing letters you picked up from peoples' mail slots/boxes along your route. What's going on between the Correspondents, whether the letters will be sent via train or ship by the Shipping layer ... all this is irrelevant to you. And so it goes with the other layers as well. Any individual within this system can be identified as acting at one of these layers, whether it's Grandma, or George the Postman, or Jenny the Cargo Jet Pilot.
- Each layer has a concrete, well-defined role — the service it provides
- Each layer only needs to know how to interact with the layers directly above and directly below.
- Network Layers: The TCP/IP Stack. In the mail example, we started with a system we already knew all about and understood well and organized it into a layered protocol stack. Now, we'll start with the layered protocol stack organization for the Internet, and we'll learn about and try to understand the Internet based on it. The layers in the TCP/IP stack are:
- Application Layer. The Application Layer is about programs running on different hosts that want to communicate — like you and Grandma in our snail mail analogy. Our most familiar example of an application layer protocol is HTTP, the protocol that governs communication between web servers and browsers. Ideally, web servers and browsers need to know two things: the language they speak to one another (the HTTP protocol) and the protocol that governs interactions with the next layer down: the Transport Layer.
- Transport Layer. To understand the Transport Layer, we should really understand what kind of service application-layer programs need. Let's focus on the application-layer programs we're most familiar with: web-servers and web-clients. Basically, a client needs to send a bunch of bytes to the server (its request), and then waits and around and ultimately receive a bunch of bytes from the server (the server's response). The server needs the reverse. This is the service browsers and web servers need the Transport Layer to provide. In the case of HTTP, the browser specifies the host it wants to connect to, the bytes it wants sent and waits around for an answer. In order to make a connection, send all those bytes, and receive the response bytes back, the Transport Layer has to on one side break the request/response message up into small pieces and wrap each piece up with an address to form a packet, and on the other side reconstitute the received packets into a full message. Getting each individual packet from one host to the other is not the business of the Transport Layer. That's done by the next layer down: the Network Layer.
- Network Layer. the Network Layer is responsible for routing packets the Internet from the source host to the destination host through the various networks that make up the Internet. The protocol that governs it, the Internet Protocol (IP), defines what constitutes a valid address and what format the bytes that make up a packet have to follow. What's interesting is that IP makes no guarantees about delivering packets. Packets may get to their destination ... or not. A sequence of packets sent from one host to another may arrive in the proper order ... or not. The service is fundamentally unreliable. You're only guaranteed best effort delivery. (Same with MIDN. We prof's are not guaranteed that Midshipman X will learn the material, only that we'll get Midshipman X's best effort. We are guaranteed of that, right? ... right?) If some kind of guarantee of delivery and proper ordering is required, that guarantee becomes an extra duty of the Transport Layer.
- Link Layer. The Network Layer routes packets between different networks. Actually getting the packet between hosts within the same network is the job of the Link Layer. You'll learn more about the Link Layer when you build wired and wireless networks later on.
- Physical Layer. The lowest layer is the easiest of these to understand: The Physical layer is wires and radio waves. Relatively little of what goes on in this course deals with this layer directly, so we won't say too much about it. In Cyber II, you'll learn a lot more about it.
At the source, the process is known as "encapsulation". The application-layer protocol has data that it wants to send. The Transport Layer protocol, TCP or UDP in this course, adds TCP/UDP header info (importantly, source port and destination port) to the data and sends it to the Network Layer. There, the packet receives a source and destination IP Address, among other things, in the IP header. Next, in the case of Ethernet-based communications, which we'll discuss later, information relating to the connection devices is added (including the source and destination MAC address, which will also be discussed later). In the diagram below, the link-layer information is in the Frame Header and Frame Footer, which bound an Ethernet "frame". The mechanics of the physical layer vary significantly by connection type.
At the destination, the process is reversed, and is known as "de-encapsulation". When the packet arrives from the physical layer, its Ethernet information is stripped, and it's passed to the Network Layer. There, the IP header is stripped, and the packet goes to the Transport Layer. The TCP/UDP header is stripped, and the data is passed to the Application Layer software.
- Layers Summary. To summarize the upper three layers, which are most important to us in this course:
- Processes, programs in execution, that communicate via the Internet to provide services directly to users (web, video-conferencing, file sharing, etc) operate at the Application Layer. The Application Layer includes protocols, like HTTP, that govern the way the processes communicate.
- The Transport Layer is responsible for getting data from a process on Host A to a process on Host B. One important way this is accomplished is through the packet's source and destination port numbers. The Transport Layer includes protocols like TCP and UDP.
- The Network Layer is responsible for getting packets from Host A to Host B. One way it does this is by specifying the source and destination IP Addresses in the packet. The IP protocols (IPv4 and IPv6) operate at the Network Layer.
We've learned that each host on the Internet has an IP Address, and that network packets get routed based on the destination host's IP Address. In general, that's true. We've also learned that the IPv4 address space is essentially all allocated. There are plenty of IPv6 addresses, but we won't discuss the details of IPv6 in this course. However, there is another workaround for the limited IPv4 address space, called Network Address Translation, or NAT
. We discuss the operation of NAT in this course because it's very widely used, and because it has some security relevance.
- Private IP Addresses. Although a network packet's destination IP Address determines how an intermediate host (like a router) forwards the packet, it turns out there are some IP Addresses that are called "non-routable", or "private". Such IP Addresses are determined by convention, and include the following blocks:
So what happens when a router out on the big public internet receives a packet whose destination IP Address is in one of these blocks? The router simply "drops" the packet. Why, then, would such addresses be useful?
- 10.0.0.0 - 10.255.255.255
- 172.16.0.0 - 172.31.255.255
- 192.168.0.0 - 192.168.255.255
- Private IP Addresses are used in local networks, like the network in a house, or a network inside a school or business. Hosts within the local network are assigned a private IP Address. Routers inside the local network are configured to forward the packets around the internal network. Once a packet gets to the perimeter, or gateway, of the local network, though, it must be assigned a "routable" IP Address (i.e., one not in the list above). These routable IP Addresses will usually come from your Internet Service Provider, or ISP.
- Why it helps. Thanks to private IP Addresses, local networks can contain thousands or even millions of hosts, even though an organization only has a much smaller number of "public" assigned IP Addresses through its ISP. When packets leave the local network and enter the public internet, they must receive a routable IP Address. What we need is a process by which the internal (non-routable, or private) IP Address can be mapped to its equivalent external, or public IP Address. This mapping has to remain consistent for "conversations" between hosts, like the TCP connections we discussed previously.
- Network Address Translation Mechanics. The way NAT works is as follows. When Host A (local) sends a packet to Site B (remote), the network packet is constructed with Site B's IP Address as the destination, and host A's address as the source. However, Host A's address is local-only. The packet goes through an intermediary host (a router or computer) at the local network perimeter, where NAT occurs. In NAT, Host A's IP Address is replaced with one of the local network's available public IP Addresses as the source. In addition, the source port number on the packet is reassigned to a number that uniquely identifies the connection with Host A. The mapping between Host A's local IP Address and port number (for this connection) and the source IP Address and port number in the packet are stored in a table by the intermediary. When packets return from Site B, the same mapping has to happen in reverse, since Site B does not know the real IP/port for Host A. This process works because there are a large number of port numbers (0-65535) we can use to fill the translation table.
For a demo, check out this link.
- See It On Your Laptop.
- View your internal IP Address. Open a command shell on Windows and issue the command
- Check your IPv4 address against the list above. Is it routable?
- View what the Internet thinks your IP Address is. There are a few websites that tell you what your IP Address appears to be. One example is ipchicken.com. Visit this web site and jot down the IP Address. Is it the same as what
ipconfig told you?
- Security Relevance. From a security standpoint, the key impact is that potential attackers on the Internet can't easily scan private IP space for vulnerable hosts. Any host with an IP Address that's public can be scanned, and some of the host's vulnerabilities potentially discovered. With NAT, your host is "hidden", in a way, behind the translation. Although NAT came about primarily to address the shortage of assignable public IPv4 addresses, one reason it remains popular is the security benefit. Even with the rise of IPv6 deployment all around the world, IPv4 with NAT remains a very popular implementation choice in commercial, educational, and home networks.