MODULE I

PART 1

Introduction: - ISO-OSI Reference Model TCP/IP Reference Model Comparison

Network hardware-Repeaters, Routers, Bridges, Gateways, Hub, Cable Modem.

The TCP/IP Reference Model

TCP/IP originated out of the investigative research into networking protocols that the US
Department of Defense (DoD) initiated in 1969. The following were seen as major design
goals:

ability to connect multiple networks together seamlessly

ability for connections to remain intact as long as the source and destination
machines were functioning

to be built on flexible architecture

All these requirements led to the choice of a packet-switching network based on a

connectionless internetwork layer. The reference model was named after two of its main
protocols, TCP (Transmission Control Protocol) and IP (Internet Protocol).
The correspondence between TCP/IP and OSI reference model is shown below.

1
 Figure1: The TCP/IP reference model.

Main layers in TCP/IP reference model are

Application layer
Transport layer
Internet layer
Host-to-host layer

The Internet Layer

This layer, called the internet layer, is the linchpin (A pin passed through the end of
an axle to keep a wheel in position.) that holds the whole architecture together. Its job is
to permit hosts to inject packets into any network and have them travel independently to
the destination (potentially on a different network). They may even arrive in a different
order than they were sent, in which case it is the job of higher layers to rearrange them, if
in-order delivery is desired.
The internet layer defines an official packet format and protocol called IP (Internet
Protocol). The job of the internet layer is to deliver IP packets where they are supposed to
go. Packet routing is clearly the major issue here, as is avoiding congestion. For these
reasons, it is reasonable to say that the TCP/IP internet layer is similar in functionality to
the OSI network layer.

The Transport Layer

The layer above the internet layer in the TCP/IP model is now usually called the
transport layer. It is designed to allow peer entities on the source and destination hosts to
carry on a conversation, just as in the OSI transport layer.
Two end-to-end transport protocols have been defined here. The first one, TCP
(Transmission Control Protocol).

2
 It is a reliable connection-oriented protocol that allows a byte stream
originating on one machine to be delivered without error on any other
machine in the internet.
It fragments the incoming byte stream into discrete messages and passes
each one on to the internet layer.
At the destination, the receiving TCP process reassembles the received
messages into the output stream.
TCP also handles flow control to make sure a fast sender cannot swamp a
slow receiver with more messages than it can handle.
The second protocol in this layer, UDP (User Datagram Protocol)
It is an unreliable, connectionless protocol for applications that do not want
TCP's sequencing or flow control and wish to provide their own.
It is also widely used for one-shot, client-server-type request-reply queries
and applications in which prompt delivery is more important than accurate
delivery, such as transmitting speech or video.
The relation of IP, TCP, and UDP is shown in figure 2.

Figure 2 . Protocols and networks in the TCP/IP model initially.

The Application Layer

On top of the transport layer is the application layer. It contains all the higher-level
protocols. The early ones included virtual terminal (TELNET), file transfer (FTP), and
electronic mail (SMTP), as shown in Figure 2.

3
 The virtual terminal protocol allows a user on one machine to log onto a distant
machine and work there.
The file transfer protocol provides a way to move data efficiently from one
machine to another.
Electronic mail was originally just a kind of file transfer, but later a specialized
protocol (SMTP) was developed for it. Many other protocols have been added to these
over the years: the Domain Name System (DNS) for mapping host names onto their
network addresses, NNTP, the protocol for moving USENET news articles around, and
HTTP, the protocol for fetching pages on the World Wide Web, and many others.

The Host-to-Network Layer

The Host-to-Network layer interfaces the TCP/IP protocol stack to the physical
network. The TCP/IP reference model does not specify in any great detail the operation
of this layer, except that the host has to connect to the network using some protocol so it
can send IP packets over it.

As it is not officially defined, it varies from implementation to implementation,

with vendors supplying their own version.

A Comparison of the OSI and TCP/IP Reference Models

The OSI and TCP/IP reference models have much in common.

Both are based on the concept of a stack of independent protocols. Also, the
functionality of the layers is roughly similar. For example, in both models the layers up
through and including the transport layer are there to provide an end-to-end, network-
independent transport service to processes wishing to communicate. These layers form
the transport provider. Again in both models, the layers above transport are application-
oriented users of the transport service.

4
Despite these fundamental similarities, the two models also have many differences.Three
concepts are central to the OSI model:

1. Services.

2. Interfaces.

3. Protocols.

The service definition tells what the layer does, not how entities above it access it
or how the layer works. It defines the layer's semantics.
A layer's interface tells the processes above it how to access it. It specifies what the
parameters are and what results to expect. It, too, says nothing about how the layer works
inside.
Finally, the peer protocols used in a layer are the layer's own business. It can use
any protocols it wants to, as long as it gets the job done (i.e., provides the offered
services). It can also change them at will without affecting software in higher layers.
The protocols in the OSI model are better hidden than in the TCP/IP model and can
be replaced relatively easily as the technology changes. Being able to make such changes
is one of the main purposes of having layered protocols in the first place.
The OSI reference model was devised before the corresponding protocols were invented.
This ordering means that the model was not biased toward one particular set of protocols,
a fact that made it quite general. The downside of this ordering is that the designers did
not have much experience with the subject and did not have a good idea of which
functionality to put in which layer. With TCP/IP the reverse was true: the protocols came
first, and the model was really just a description of the existing protocols. There was no
problem with the protocols fitting the model. They fit perfectly. The only trouble was that
the model did not fit any other protocol stacks.

5
 The difference between the two models is the number of layers: the OSI model has
seven layers and the TCP/IP has four layers. Both have (inter)network, transport, and
application layers, but the other layers are different.
Another difference is in the area of connectionless versus connection-oriented
communication. The OSI model supports both connectionless and connection-oriented
communication in the network layer, but only connection oriented communication in the
transport layer, where it counts (because the transport service is visible to the users). The
TCP/IP model has only one mode in the network layer (connectionless) but supports both
modes in the transport layer, giving the users a choice. This choice is especially important
for simple request-response protocols.

Network Hardware
As stations connected to different LANs and WANs want to communicate with
each other, it is necessary to provide this facility. Internetworking creates a single virtual
network over which all stations in different network can communicate seamlessly and
transparently. HILI subcommittee (IEEE802.1) of the IEEE identified the following
possible internetworking scenarios. `
A single LAN
Two LANs connected together (LAN-LAN)
A LAN connected to a WAN (LAN-WAN)
Two LANs connected through a WAN (LAN-WAN-LAN)

Various internetworking devices such as hubs, bridges, switches, routers and

gateways are required to link different networks together. These devices operate in
different layers, as illustrated in Fig. 3(a).

6
 Figure 3. (a) Which device is in which layer. (b) Frames, packets, and headers.

The layer matters because different devices use different pieces of information to
decide how to switch. In a typical scenario, the user generates some data to be sent to a
remote machine. Those data are passed to the transport layer, which then adds a header,
for example, a TCP header, and passes the resulting unit down to the network layer. The
network layer adds its own header to form a network layer packet, for example, an IP
packet. In Fig. 3(b) we see the IP packet shaded in gray. Then the packet goes to the data
link layer, which adds its own header and checksum (CRC) and gives the resulting frame
to the physical layer for transmission, for example, over a LAN.
Repeaters
The physical layer, we find the repeaters. These are analog devices that are
connected to two cable segments. A signal appearing on one of them is amplified and put
out on the other. Repeaters do not understand frames, packets, or headers. They
understand volts. Classic Ethernet, for example, was designed to allow four repeaters, in
order to extend the maximum cable length from 500 meters to 2500 meters.
To extend the length of the network, a repeater may be used as shown in Fig 4.
Functionally, a repeater can be considered as two transceivers joined together and
connected to two different segments of coaxial cable. The repeater passes the digital
signal bit-by-bit in both directions between the two segments. As the signal passes
through a repeater, it is amplified and regenerated at the other end. The repeater does not
isolate one segment from the other, if there is a collision on one segment, it is regenerated

7
on the other segment. Therefore, the two segments form a single LAN and it is
transparent to rest of the system.

Figure 4: Repeater connecting two LAN segments

With reference of the ISO model, a repeater is considered as a level-1 relay as

depicted in Fig. 5. It simply repeats, retimes and amplifies the bits it receives. The
repeater is merely used to extend the span of a single LAN. Important features of a
repeater are as follows:

A repeater connects different segments of a LAN

A repeater forwards every frame it receives
A repeater is a regenerator, not an amplifier
It can be used to create a single extended LAN

Figure 5: Operation of a repeater as a level-1 relay

Hub
8
 A hub has a number of input lines that it joins electrically. Frames arriving on any
of the lines are sent out on all the others. If two frames arrive at the same time, they will
collide, just as on a coaxial cable. In other words, the entire hub forms a single collision
domain. All the lines coming into a hub must operate at the same speed. Hubs differ from
repeaters in that they do not (usually) amplify the incoming signals and are designed to
hold multiple line cards each with multiple inputs, but the differences are slight. Like
repeaters, hubs do not examine the 802 addresses or use them in any way. A hub is shown
in Fig. 6(a).

Figure 6. (a) A hub. (b) A bridge. (c) A switch

Hub is a generic term, but commonly refers to a multiport repeater. It can be used
to create multiple levels of hierarchy of stations. The stations connect to the hub with RJ-
45 connector having maximum segment length is 100 meters. This type of interconnected
set of stations is easy to maintain and diagnose. Figure 7 shows how several hubs can be
connected in a hierarchical manner to realize a single LAN of bigger size with a large
number of nodes.

9
 Figure 7: Hub as a multi-port repeater can be connected in a hierarchical manner to form a single LAN with many nodes

Bridges

A bridge connects two or more LANs, as shown in Fig. 6(b). When a frame arrives,
software in the bridge extracts the destination address from the frame header 246 and
looks it up in a table to see where to send the frame. For Ethernet, this address is the 48-
bit destination address. Like a hub, a modern bridge has line cards, usually for four or
eight input lines of a certain type. A line card for Ethernet cannot handle, say, token ring
frames, because it does not know where to find the destination address in the frame
header. However, a bridge may have line cards for different network types and different
speeds. With a bridge, each line is its own collision domain, in contrast to a hub.
The bridge operates in layer 2, that is data-link layer and that is why it is called
level-2 relay with reference to the OSI model. It links similar or dissimilar LANs,
designed to store and forward frames, it is protocol independent and transparent to the
end stations. The flow of information through a bridge is shown in Fig. 8. Use of bridges
offer a number of advantages, such as higher reliability, performance, security,
convenience and larger geographic coverage. But, it is desirable that the quality of
service (QOS) offered by a bridge should match that of a single LAN. The parameters
that define the QOS include availability, frame mishaps, transit delay, frame lifetime,

10
undetected bit errors, frame size and priority. Key features of a bridge are mentioned
below:
A bridge operates both in physical and data-link layer
A bridge uses a table for filtering/routing
A bridge does not change the physical (MAC) addresses in a frame
Types of bridges:
Transparent Bridges
Source routing bridges

Figure 8: Information flow through a bridge

A bridge must contain addressing and routing capability. Two routing algorithms have
been proposed for a bridged LAN environment. The first, produced as an extension of
IEEE 802.1 and applicable to all IEEE 802 LANs, is known as transparent bridge. And
the other, developed for the IEEE 802.5 token rings, is based on source routing approach.
It applies to many types of LAN including token ring, token bus and CSMA/CD bus.

Transparent Bridges

The transparent bridge uses two processes known as bridge forwarding and bridge
learning. If the destination address is present in the forwarding database already created,
11
the packet is forwarded to the port number to which the destination host is attached. If it
is not present, forwarding is done on all parts (flooding). This process is known as bridge
forwarding. Moreover, as each frame arrives, its source address indicates where a
particular host is situated, so that the bridge learns which way to forward frames to that
address. This process is known as bridge learning. Key features of a transparent bridge
are:
1
The stations are unaware of the presence of a transparent bridge
Reconfiguration of the bridge is not necessary, it can be added/removed without
being noticed.

It performs two functions:

Forwarding of frames
Learning to create the forwarding table

Source Routing Bridges

The second approach, known as source routing, where the routing operation is
performed by the source host and the frame specifies which route the frame is to follow.
A host can discover a route by sending a discovery frame, which spreads through the
entire network using all possible paths to the destination. Each frame gradually gathers
addresses as it goes. The destination responds to each frame and the source host chooses
an appropriate route from these responses. For example, a route with minimum hop-count
can be chosen. Whereas transparent bridges do not modify a frame, a source routing
bridge adds a routing information field to the frame. Source routing approach provides a
shortest path at the cost of the proliferation of discovery frames, which can put a serious
extra burden on the network.

Switches

12
 A switch is essentially a fast bridge having additional sophistication that allows
faster processing of frames. Switches are similar to bridges in that both route on frame
addresses. In fact, many people use the terms interchangeably. The main difference is that
a switch is most often used to connect individual computers, as shown in Fig. 6(c). As a
consequence, when host A in Fig. 6(b) wants to send a frame to host B, the bridge gets
the frame but just discards it. In contrast, in Fig. 6(c), the switch must actively forward
the frame from A to B because there is no other way for the frame to get there. Since each
switch port usually goes to a single computer, switches must have space for many more
line cards than do bridges intended to connect only LANs. Each line card provides buffer
space for frames arriving on its ports. Since each port is its own collision domain,
switches never lose frames to collisions. However, if frames come in faster than they can
be retransmitted, the switch may run out of buffer space and have to start discarding
frames.
To alleviate this problem slightly, modern switches start forwarding frames as soon
as the destination header field has come in, but before the rest of the frame has arrived
(provided the output line is available, of course). These switches do not use store-and-
forward switching. Sometimes they are referred to as cut-through switches. Usually, cut-
through is handled entirely in hardware, whereas bridges traditionally contained an actual
CPU that did store-and forward switching in software. But since all modern bridges and
switches contain special integrated circuits for switching, the difference between a switch
and bridge is more a marketing issue than a technical one.
Some of important functionalities are:
Ports are provided with buffer
Switch maintains a directory: #address - port#
Each frame is forwarded after examining the #address and forwarded to the proper
port#
Three possible forwarding approaches: Cut-through, Collision-free and Fully-
buffered as briefly explained below.
13
Cut-through: A switch forwards a frame immediately after receiving the destination
address. As a consequence, the switch forwards the frame without collision and error
detection.
Collision-free: In this case, the switch forwards the frame after receiving 64 bytes, which
allows detection of collision. However, error detection is not possible because switch is
yet to receive the entire frame.
Fully buffered: In this case, the switch forwards the frame only after receiving the entire
frame. So, the switch can detect both collision and error free frames are forwarded.

Comparison between a switch and a hub

Although a hub and a switch apparently look similar, they have significant
differences. As shown in Fig. 9, both can be used to realize physical star topology, the
hubs works like a logical bus, because the same signal is repeated on all the ports. On the
other hand, a switch functions like a logical star with the possibility of the
communication of separate signals between any pair of port lines. As a consequence, all
the ports of a hub belong to the same collision domain, and in case of a switch each port
operates on separate collision domain. Moreover, in case of a hub, the bandwidth is
shared by all the stations connected to all the ports. On the other hand, in case of a
switch, each port has dedicated bandwidth. Therefore, switches can be used to increase
the bandwidth of a hub-based network by replacing the hubs by switches.

14
 Figure 9: Difference between a switch and a bridge

Routers
A router is considered as a layer-3 relay that operates in the network layer, that is it
acts on network layer frames. It can be used to link two dissimilar LANs. A router
isolates LANs in to subnets to manage and control network traffic. However, unlike
bridges it is not transparent to end stations. A schematic diagram of the router is shown
on Fig. 10. A router has four basic components: Input ports, output ports, the routing
processor and the switching fabric. The functions of the four components are briefly
mentioned below.
1 Input port performs physical and data-link layer functions of the router. As shown
in Fig. 11(a), the ports are also provided with buffer to hold the packet before
forwarding to the switching fabric.

Output ports, as shown in Fig. 11 (b), perform the same functions as the input
ports, but in the reverse order.
The routing processor performs the function of the network layer. The process
involves table lookup.

15
 The switching fabric, shown in Fig. 12, moves the packet from the input queue to
the output queue by using specialized mechanisms. The switching fabric is realized
with the help of multistage interconnection networks.
Communication of a frame through a router is shown in Fig.10.

Figure 10: Schematic diagram of a router

(a)

(b)
Figure 11: Schematic diagram of a router

16
 Figure 12: Switching fabric of a router

Figure 13: Communication through a router

Routers are different from all of the above. When a packet comes into a router, the
frame header and trailer are stripped off and the packet located in the frame's payload
field is passed to the routing software. This software uses the packet header to choose an
output line. For an IP packet, the packet header will contain a 32-bit (IPv4) or 128-bit
(IPv6) address, but not a 48-bit 802 address. The routing software does not see the frame

17
addresses and does not even know whether the packet came in on a LAN or a point-to-
point line.

Gateways
A gateway works above the network layer, such as application layer as shown in
Fig. 14. As a consequence, it is known as a Layer-7 relay. The application level gateways
can look into the content application layer packets such as email before forwarding it to
the other side. This property has made it suitable for use in Firewalls discussed in the
next module.

Figure 14: Communication through a gateway

Up another layer we find transport gateways. These connect two computers that
use different connection-oriented transport protocols. For example, suppose a computer
using the connection-oriented TCP/IP protocol needs to talk to a computer using the
connection-oriented ATM transport protocol. The transport gateway can copy the packets
from one connection to the other, reformatting them as need be.
Finally, application gateways understand the format and contents of the data and translate
messages from one format to another. An e-mail gateway could translate Internet
messages into SMS messages for mobile phones, for example.
18
Cable Modem
Cable TV Networks

The cable TV network started as a video service provider, but it has moved to the
business of Internet access.

Traditional Cable Networks

Cable TV started to distribute broadcast video signals to locations with poor or no

reception in the late 1940s. It was called community antenna TV (CATV) because an
antenna at the top of a tall hill or building received the signals from the TV stations and
distributed them, via coaxial cables, to the community. Figure shows a schematic diagram
of a traditional cable TV network.

Fig 15: Traditional cable TV network

The cable TV office, called the head end, receives video signals from
broadcasting stations and feeds the signals into coaxial cables. The signals became
weaker and weaker with distance, so amplifiers were installed through the network to
renew the signals. There could be up to 35 amplifiers between the head end and the

19
subscriber premises. At the other end, splitters split the cable, and taps and drop cables
make the connections to the subscriber premises.

The traditional cable TV system used coaxial cable end to end. Due to attenuation
of the signals and the use of a large number of amplifiers, communication in the
traditional network was unidirectional (one-way). Video signals were transmitted
downstream, from the head end to the subscriber premises. Communication in the
traditional cable TV network is unidirectional.

Hybrid Fiber-Coaxial (HFC) Network

The second generation of cable networks is called a hybrid fiber-coaxial (HFC)

network. The network uses a combination of fiber-optic and coaxial cable. The
transmission medium from the cable TV office to a box, called the fiber node, is optical
fiber; from the fiber node through the neighborhood and into the house is still coaxial
cable. Figure shows a schematic diagram of an HFC network.

Fig 16: Hybridfiber-coaxial (HFC) network

20
 The regional cable head (RCH) normally serves up to 400,000 subscribers. The
RCHs feed the distribution hubs, each of which serves up to 40,000 subscribers. The
distribution hub plays an important role in the new infrastructure. Modulation and
distribution of signals are done here; the signals are then fed to the fiber nodes through
fiber-optic cables. The fiber node splits the analog signals so that the same signal is sent
to each coaxial cable. Each coaxial cable serves up to 1000 subscribers. The use of fiber-
optic cable reduces the need for amplifiers down to eight or less. One reason for moving
from traditional to hybrid infrastructure is to make the cable network bidirectional (two-
way).

Cable companies are now competing with telephone companies for the residential
customer who wants high-speed data transfer. DSL technology provides high-data-rate
connections for residential subscribers over the local loop. However, DSL uses the
existing unshielded twisted-pair cable, which is very susceptible to interference. This
imposes an upper limit on the data rate. Another solution is the use of the cable TV
network.

Internet access requires a cable modem, a device that has two interfaces on it: one
to the computer and one to the cable network. In the early years of cable Internet, each
operator had a proprietary cable modem, which was installed by a cable company
technician. However, it soon became apparent that an open standard would create a
competitive cable modem market and drive down prices, thus encouraging use of the
service. Furthermore, having the customers buy cable modems in stores and install them
themselves (as they do with V.9x telephone modems) would eliminate the dreaded truck
rolls.
Consequently, the larger cable operators teamed up with a company called Cable
Labs to produce a cable modem standard and to test products for compliance. This
standard, called DOCSIS (Data Over Cable Service Interface Specification) is just
21
starting to replace proprietary modems. Not all cable operators like the idea of a standard,
however, since many of them were making good money leasing their modems to their
captive customers.
The modem-to-computer interface is straightforward. It is normally 10-Mbps
Ethernet (or occasionally USB) at present. In the future, the entire modem might be a
small card plugged into the computer, just as with V.9x internal modems.
The modem scans the downstream channels looking for a special packet
periodically put out by the headend to provide system parameters to modems that have
just come on-line. Upon finding this packet, the new modem announces its presence on
one of the upstream channels. The headend responds by assigning the modem to its
upstream and downstream channels. These assignments can be changed later if the
headend deems it necessary to balance the load.
The modem then determines its distance from the headend by sending it a special
packet and seeing how long it takes to get the response. This process is called ranging. It
is important for the modem to know its distance to accommodate the way the upstream
channels operate and to get the timing right. They are divided in time in minislots. Each
upstream packet must fit in one or more consecutive minislots. The headend announces
the start of a new round of minislots periodically, but the starting gun is not heard at all
modems simultaneously due to the propagation time down the cable. By knowing how far
it is from the headend, each modem can compute how long ago the first minislot really
started. Minislot length is network dependent. A typical payload is 8 bytes.

During initialization, the headend also assigns each modem to a minislot to use for
requesting upstream bandwidth. As a rule, multiple modems will be assigned the same
minislot, which leads to contention. When a computer wants to send a packet, it transfers
the packet to the modem, which then requests the necessary number of minislots for it. If
the request is accepted, the headend puts an acknowledgement on the downstream
channel telling the modem which minislots have been reserved for its packet. The packet
22
is then sent, starting in the minislot allocated to it. Additional packets can be requested
using a field in the header.
On the other hand, if there is contention for the request minislot, there will be no
acknowledgement and the modem just waits a random time and tries again. After each
successive failure, the randomization time is doubled. he downstream channels are
managed differently from the upstream channels. For one thing, there is only one sender
(the headend) so there is no contention and no need for minislots, which is actually just
time division statistical multiplexing. For another, the traffic downstream is usually much
larger than upstream, so a fixed packet size of 204 bytes is used. Part of that is a Reed-
Solomon error-correcting code and some other overhead, leaving a user payload of 184
bytes. These numbers were chosen for compatibility with digital television using MPEG-
2, so the TV and downstream data channels are formatted the same way. Logically, the
connections are as depicted in Fig 17.

Fig 17: Typical details of the upstream and downstream channels in North America.

Once the modem has completed ranging and gotten its upstream channel,
downstream channel, and minislot assignments, it is free to start sending packets. The
first packet it sends is one to the ISP requesting an IP address, which is dynamically
assigned using a protocol called DHCP. The next step involves security. Since cable is a
shared medium, anybody who wants to go to the trouble to do so can read all the traffic
going past him. To prevent everyone from snooping on their neighbors (literally), all

23
traffic is encrypted in both directions. Part of the initialization procedure involves
establishing encryption keys. At first one might think that having two strangers, the
headend and the modem, establish a secret key in broad daylight with thousands of
people watching would be impossible.
Finally, the modem has to log in and provide its unique identifier over the secure
channel. At this point the initialization is complete. The user can now log in to the ISP
and get to work.

24