Networking notes

From Helpful

These are primarily notes
This is probably not going to be complete in any real sense, and exists to contain bits of useful information.

Contents

[edit]

See also


[edit]

Semi-sorted


[edit]

Glossary


  • NIC - Network Interface Card. Used whenever it's not a given that a single computer has only one connection (and in documentation).
  • interface usually refers to how drivers provide (and how software uses) a NIC. Regularly used synonymously with NIC.
  • adapter - Regularly used synonymously with NIC.
  • node - an actor in a network. May have multiple NICs (that are or aren't related to each other). (Computers, routers, etc.)
  • frame, packet, segment, PDU
    • Theoretically, frame means layer 2, packet means layer 3, segment means layer 4, and the formal generalizing term is PDU)
    • In practice, the terms are fuzzy and there is no hard difference, except that 'frame' suggests lower layers (physical and link) and 'packet' suggests higher levels (layer 3 and above).
[edit]

On MACs and such


See also:


[edit]

NIC, protocol address, and name resolution

This article/section is a stub — probably a pile of half-sorted notes and assertions some of which may well be wrong, and not verified as a whole. Feel free to add or refine.

There are different things that resolve.

[edit]

Ethernet and IP; ARP

At a lower level there is hardware routing. An ethernet node, switch or router, by definition IP-aware (while a hub doesn't go higher than ethernet and just duplicates all data in all directions), will have to know over which interface to send things.

Each external interface of a node has an ethernet identifier, a MAC address, which is a unique 48-bit identifier (the first 24 identifying the company that designed the card). For the Ethernet/IP combination devices are aware of ARP, Address Resolution Protocol, in which a device broadcasts "Who has this IP?" over the local IP subnet, and the right (technically any) can go "I do", a response that because it is transmitted over Ethernet and comes in over a particular interface will inform every node that cares to record, basically, (ip,mac,whichinterface) tuples. Of course, such broadcasts do not scale, but work well on small logical subnetworks.

(Note this also allows having multiple IPs, or even claiming all unused IPs for sniffing purposes.)


[edit]

Server names; DNS

Name to IP address resolution that particularly enables you to use human-rememberable names in your browser address bar (but can potentially serve anything IP-based), is actually fairly unrelated to basic networking. IP numbers are used for actual communication, and this service simply tells you the IP(s) for a name.

In fact, there are tricks that allow one IP to have multiple names, one name to cycle though pointing to various nodes (a type of load balancing),

There are other ways to do the same resolution step, for example the hosts file on at least unices (/etc/hosts) and windows (I'm not sure the location is the same, search for it) which essentially hardcodes a name to an IP address. This can interfere when incorrectly used, though. Some protocols, such as SMB (windows sharing / CIFS / samba) also allow netbios, wins and lmhosts to provide adresses for names - IP or netbios.


[edit]

Netbios names; WINS

In some way analogous to both of the above are netbios names. Netbios was used by the early windows versions to provide naming on local networks without DNS. Netbios names work not unlike ARP, but a level higher.

Netbios could also be used on top of IPX/SPX, but is used with IP the resolution system is WINS, which resolves netbios names to IP addresses. There is an lmhosts file that allows you to hardcode these. This is used in file sharing based on UNC paths, in which you can use IP address as well as netbios names.

[edit]

Packet size, MTU and MSS, fragmenting

On the wire, the packet/frame's size is everything together, though people often list a size at the layer they are dealing with, or most commonly deal with.

For example, the maximum IP packet size is usually 1500 bytes -- because the on-wire Ethernet maximum is 1518 bytes and it needs 18 bytes for its own purposes.


The sizes themselves are perhaps not as interesting as mentioning the layer at which the size applies or the overhead to each encapsulation adds -- although it's handy to recognize the common ones.


The IP header is 20 bytes, the the TCP header 20 bytes, the UDP header 8. So TCP/IP takes 40 aside from payload, UDP/IP 28 aside from payload. This counts layers 3 and 4, because talking about the combination with lower layers is only interesting in the context of MTU and fragmenting, or looking at things at the Ethernet layer.


MTU (Maximum Transferrable Unit) and MSS (Maximum Segment Size) refer to upper limits to sizes. MTU refers to the encapsulated whole, while MSS refers to how much payload is in it.

Neither term is implicitly tied to a layer, so you usually guess. For example that 1500 refers to the MTU of IP when encapsulating in Ethernet, and that 1518 refers to Ethernet frames.

MSS just subtracts the encapsulation. For example, TCP (20 byte header) over IP (20 byte header) over Ethernet (IP MTU 1500) means TCP delivers a payload of 1460 bytes at once.


Some people abuse the terminology. IP over ethernet introduces an MTU to this use of IP, while IP itself does not strictly speaking have an MTU. Over gBit ethernet, jumbo frames tend to go up to 9000 meaning you can send things less fragmented. Technically, IPv4 has a maximum packet size of 65535, although the likeliness of carching an error with the built-in CRC if you go over about 11K (see [1]).


See also:


Fragmenting means data packets (usually network layer) are too big for a lower layer's frames (usually link and/or physical layer, since they are most likely to impose size limits) and need to be split up before they can be sent.


Usually there is a common maximum transmission unit (the MTU, for ethernet it's 1500) that cannot be exceeded at all, or can't be without all parties agreeing about it. That is, when packets are too large for a particular link, packets are automatically fragmented into smaller ones (or just rejected) and reassembled on the other end of that link. The data arrives, but more work has to be done, and transmission time is wasted.

Fast Ethernet can be set up to 1546, gBit ethernet up to 9000. The internet used to have 576 in the modem days, but is mostly at 1500 now(verify). And, frankly, all of those are rather low for anything faster than slow broadband. (But unless raising it is standardized across the board, it is pointless as it would just lead to fragmentation) Incidentally, the overhead involved in decoding and ACKing more small frames rather than fewer big frames has been shown to be considerable; one of the reasons for larger MTUs. See e.g. [2]


Fragmenting also happens when you tunnel protocols via higher level layers: what you do is wrap lower-layer packets into a higher layer packets, adding some extra size through the encapsulation. If the packet was exactly right for the MTU before, it will now fragment into one fully used frame and one almost empty frame.

In this sort of situation, it's best to set the MTU for the interface that is in reality tunneled lower (say, 1450), to avoid that inefficiency.


[edit]

On congestion

This article/section is a stub — probably a pile of half-sorted notes and assertions some of which may well be wrong, and not verified as a whole. Feel free to add or refine.


[edit]

QoS

In a broad sense, Quality of Service (QoS) is the concept of trying for certain types of guarantees, in telephony as well as in data networking.

Apparently the term QoS was first used in ITU X.902, but the term is used in various standards now, with varying and sometimes broad definitions.


The guarantees are often something like low latency, low latency jitter (e.g. for VoIP, videoconferencing), guaranteed bandwidth (e.g. for TV over IP), and such.


[edit]

Approaches

This article/section is a stub — probably a pile of half-sorted notes and assertions some of which may well be wrong, and not verified as a whole. Feel free to add or refine.


[edit]

TOS

A common trick when using IPv4 is to use the TOS byte in its header, which was never used much. It is now used to encode data to support:

  • Differentiated services (also 'DiffServ'); the QoS needs map onto this fairly decently
  • Explicit Congestion Notification (ECN)

Fancy(-ish) routers support this, as do modern unices and some recent windows implementations.


[edit]

See also


TODO: read:


[edit]

Spanning trees

This article/section is a stub — probably a pile of half-sorted notes and assertions some of which may well be wrong, and not verified as a whole. Feel free to add or refine.

The spanning Tree Protocol (STP) is a (layer-2) protocol that ensures a loop-free network.

The idea behind this protocol and its variants is to collect and update information about all all the links in the (mesh) network, generate a spanning tree, and disable the links that are not part of that spanning tree.

Spanning tree management is regularly necessary because switches will disable ports that seem to send back everything they get, as that strongly signals an infinite loop that would be a self-DoS.

Spanning tree allows a network to have physically spare/redundant links and have automatic fallbacks if one link fails. (Because of this, it can also help data centers (re)organize their links without causing downtime).

Variants include the Rapid Spanning Tree Protocol (RSTP), Per-VLAN Spanning Tree (PVST), Multiple Spanning Tree Protocol (MSTP), Rapid Per-VLAN Spanning Tree (R-PVST), and others.

See also:

[edit]

Multicast

This article/section is a stub — probably a pile of half-sorted notes and assertions some of which may well be wrong, and not verified as a whole. Feel free to add or refine.

Multicast refers to the delivery of information to multiple endpoints using a specific strategy that is efficient/easy for the particular network protocol and/or layout.

See also:

[edit]

On encryption

Things like encryption can be done at every level above physical. TLS/SSL security, in the IP sense, is snuck in between layer 4 and layer 5 by making it part of the layer 5 protocol, under the real protocol. This usually means there is often a non-secure and a secure version of the same protocol defined at layer 5. In the 7-layer view on IP, this can be said to be in multiple cooperating layers, mostly layer 6.



[edit]

IPX, SPX, NWLink

This article/section is a stub — probably a pile of half-sorted notes and assertions some of which may well be wrong, and not verified as a whole. Feel free to add or refine.

IPX (Internetwork Packet Exchange) was a layer 3 protocol fairly commonly used up to the mid-nineties, when the IP stack replaced it, partly because of convenience. (Note that while IP has a similar role to IPX, the two names and technologies are not particularly related).

SPX is a layer 4 protocol used on top of IPX.


IPX/SPX was commonly used for and associated with Netware, but was not heavily entagled with it; it was also used by many games.

Windows later added NWLink, which was an implementation of IPX/SPX and also NetBIOS on top of that.

NetBIOS was often transferred over IPX/SPX, and later over TCP/IP (and more recently used primarily for SMB file sharing).


These days, IPX mostly matters to people wishing to play old games. IPX in DOS was a somewhat complex matter. NWLink was supported from Win95 to WinXP, and dropped in Vista.

People report that in 32-bit vista, you can copy in XP's (32-bit) drivers (see things like [3])

the case of 64-bit Vista is harder, but it doesn't seem clear to me whether this is impossible period, or just requires some trickery (see e.g. [4]).


This article/section is a stub — probably a pile of half-sorted notes and assertions some of which may well be wrong, and not verified as a whole. Feel free to add or refine.
[edit]

Unsorted


Where to find nice images like: http://www.javvin.com/links.html ?


An IP-stack socket is effectively a 5-tuple: (protocol, local_address, local_port, remote_address, remote_port)

Retrieved from "http://helpful.knobs-dials.com/index.php/Networking_notes"