Networking notes - General
For other network related things, see:
Also: |
Layers, frames, and packets
Networking is modelled using layers.
Layer models
There are actually two model layers
- the OSI model being the formal one, and
- the one from the IP suite (quite similar to the DoD model)
- ...the practical one - for IP use
- it mostly just ignores higher layers such as OSI's 6 and 7 - which are relatively rare to see used in descriptions anyway
Layer 1 (physical layer)
- transfer units are called: symbols or bits
- whatever needs to happen on the copper, fiber, or whatnot
- for many end users this means Ethernet, or more specifically, various sections of the IEEE 802.3 standard.
- Physical is something few people ever deal with (if it's broken, replace it)
Layer 2 (data link layer):
- transfer units are called: frames
- Layer 1 and 2 are often linked because hardware and its management are often designed together for efficiency.
- Link is normally below what you'ld care about, but becomes relevant when you tunnel things, or do lower-level encryption, or both, like around VPNs.
- the maximum frame size matters to fragmentation and such, also when tunneling
Layer 3 (network layer): (in the IP suite also called 'internet layer')
- transfer units are called: packets
- usually addressed here: concepts like node addressing, and basic/local routing, possibly with some basic error control and segmentation
- protocols in the IP suite: IP (20-byte header)
- Other ptotocols: IPX, ARP (IP-address-to-Ethernet-address lookups), RARP (its reverse), IGMP (multicast support protocol), RIP and other routing-related protocols
Layer 4 (transport layer):
- transfer units are called: segments, or datagrams
- Decisions such as whether to be connection-based or not, and may introduce concepts such as ports, in-order guarantees, flow control, more error handling and such.
- protocols in the IP suite: TCP (20-byte header), UDP (8-byte), ICMP (4-byte).
- Other protocols: SPX (resembling TCP), NetBEUI, SCTP
Layer 5 is seen as 'application' in the IP suite, which there is the highest layer.
- That makes it it everything you as a coder work with, and anything higher-level is just a program doing its thing.
- UDP and particularly TCP are rather practical for networking, so applications often build what they want straight onto them, including everything from HTTP to SIP to SSH to DHCP to FTP to RTP to SMTP to SNMP to DNS to SOAP.
OSI, goes on up to seven layers. In its view:
OSI layer 5 (session, not application)
- is usually not necessary, but protocols at this level tend to be protocols that add some functionality for a program to use, dealing with concepts like that of (simultaneous) streams, or:
- describes tunneling and VPN provisions, such as in PPTP
- may provides security and sessions by SSL and SSH
- may do low-latency provisions for multimedia, such as in RTP / RTCP
- handle easier-to handle session setup (more sobust, more featured), such as in SIP
- includes NetBIOS, which adds its own host naming, name service, connectionful and connectionless transfers. (though not so much large-scale routing, so IP is categorically more interesting)
OSI layer 6 (presentation)
- Seems intended as a canonicalization step between applications on different platforms, such as in:
- NCP (Netware Core Protocol) which drives most netware applications; it provides file access, access control, printing, statistics, and more
OSI layer 7 (application)
- In the OSI view, this is all applications. That is, those that in the IP view would have been called 'layer 5, application.'
Notes:
- while technically, 'packet' and 'frame' refer to specfic layers (network/3 and data link/2, respectively), in practice both (in particularly 'packet') gets used in the vaguer meaning of 'a chunk of data'
Encapsulation
Each later is said to encapsulate the layer under it.
In terms of transmitted bytes of data, each networking layer is only really concerned with the layer directly under it.
As long as that lower layer lives up to its promises, the higher layer doesn't have to care about how it does it, and can focus entirely on fulfilling its own.
For an example of encapsulation, consider a web page is data transferred by HTTP, which is wrapped in TCP, in IP, and (at your end) most likely Ethernet or WiFi. (for delivery to your broadband modem, which may then go via DSL or DOCSIS, when then probably goes via copper and fiber at different stages, and whatnot. You don't have to care.)
Digging down a few layers, at layer layer 2 the frame can be viewed like:
Ethernet header (14 bytes) | Ethernet payload data (0-1500 bytes1), in this case:
|
Ethernet checksum (4 bytes) |
Notes:
- ...where Ethernet refers to IEEE 802.3.
- For WiFi 802.11 the link layer would look rather different.
- 1 three details to that range:
- there is a a minimum size for Ethernet frames: 64 bytes. If smaller, the frame will be considered a framing error called a runt, and discarded
- Because Ethernet takes 14+4 bytes, its payload should be at least 46 bytes
- protocols like ARP are so compact that they have to pad their frames with nonsense data to avoid this
- the maximum of 1500 comes from Ethernet's maximum frame size of 1518 (and it using 14+4 for header and checksum)
- Jumbo frames[1] means the maximum size can be larger than that, though they are technically not 802.3 (Ethernet) conformant.
Analogies
Cooperation
Multicast, anycast, broadcast
Unicast means data should go to one specific target.
- from and to a specific address
- often combined with a name service
Broadcast means addressing of all local endpoints
- usually a layer 2 thing, because doing this at layer 3 would be very spammy
- from host, to broadcast address
- assume broadcast is quite local - in that it's typically a very bad idea to route broadcasts very far, so switches will typically not route them between subnets (and sometimes not even to all of a subnet)
- Things like DHCP are broadcast at layer 2 because it's intended to be specific to just a subnet at a time
- Easy for truly local things - but a lot of real applications, this is too limited in a way you can't widen.
- Also not great for bandwidth when used for anything bulky
Multicast means one transmission of data should go to multiple endpoints
- Multicast is a general concept. People often mean multicast on IP (or sometimes multicast on ATM, multicast on infiniband).
- Most have some concept of virtual networks.
- usually a layer 3 thing(verify), digging into layer 2(verify)
- e.g. IPv4 multicast over ethernet uses both special IP addresses and special MAC addresses
- IP multicast could be thought of as a pub-sub system, roughly:
- specific hosts register with a specific multicast address
- a host sends to a specific multicast address
- "You put packets in at one end, and the network conspires to deliver them to anyone who asks." - i.e. it's a best-effort system
- can work across subnet boundaries (unlike broadcast, which is subnet-only)
- may e.g. be LAN, ~campus, ~internet level, and different supporting protocols may apply
- for this to work / be efficient you need supporting switches
- often fits a specific goal, like 'helps SSDP / UPnP discovery work' or perhaps 'service discovery of all printers in my home' or 'delivery of messages with a specific network protocol and/or layout'
- which can be more efficient and/or more practical than broadcast and/or unicast connections, depending on situation and use.
- doesn't really apply to connection-oriented protocols, so in the context of IP means UDP, not TCP (though research into something like the latter is ongoing)
- in IPv4 multicast
- Many hosts can join a specific multicast IP (in 224/4, 224.0.0.0-239.255.255.255) using IGMP (Internet Group Management Protocol).
- Such a join means an interest in packets sent to that address. For each such multicast group, a distribution tree is calculated
- for some existing multicast nets, see https://www.iana.org/assignments/multicast-addresses/multicast-addresses.xhtml not least of which 224.0.0.251 for mDNS
- local IP multicast (e.g. in LANs) is special-cased and often usable regardless of your LAN subnet details, making it potentially useful for
- service discovery
- e.g. MDNS, the thing that is probably giving you those .local addresses, works via (local) multicast
- device setup, e.g. using MDNS, because you can get to it before you configure it for unicast on your subnet
- service discovery
- Many hosts can join a specific multicast IP (in 224/4, 224.0.0.0-239.255.255.255) using IGMP (Internet Group Management Protocol).
Geocast is a specific type of multicast that tries to be clever at country/world scale
Anycast means getting route to the (topologically) closest net with the target address
- regularly works out as a "any node who listen to this specific (so yes, shared) address" thing
- often works out as a same content at distinct geographical places, as that's great for load balancing, decentralized servicing, redundancy
- anycast implementation of this idea varies.
- For example, with IPv4 you can have multiple hosts with the same IP and use BGP. While BGP is intended to a good select route to a single destination, in this case it will effectively choosing a destination. (This trick works mainly with stateless protocols like UDP, because when BGP changes route it will in this case change destination host)
- e.g. there may be 13 root DNS servers with a fixed IP (though they do change, if rarely), there may be many more physical root servers, with the intent of routing you to the closest one via anycast (this is a trick we generally avoid, but useful exactly because it's about DNS)
- IPv6 more directly supports anycast -- within a subnet(verify)
- (note that this is similar to the round-robin DNS trick, but distinct: anycast works at IP addressing / routing level, round-robin works purely in name resolution before that)
See also: