The TCP/IP transport layer transports data
between applications on source and destination devices. Familiarity with the
transport layer is essential to understand modern data networks. This module
will describe the functions and services of this layer.
Many of the
network applications that are found at the TCP/IP application layer are
familiar to most network users. HTTP, FTP, and SMTP are acronyms that are
commonly seen by users of Web browsers and e-mail clients. This module also
describes the function of these and other applications from the TCP/IP
networking model.
This module
covers some of the objectives for the CCNA 640-801, INTRO 640-821, and ICND
640-811 exams.
Students who
complete this module should be able to perform the following tasks:
- Describe the functions of the
TCP/IP transport layer
- Describe flow control
- Explain how a connection is
established between peer systems
- Describe windowing
- Describe acknowledgment
- Identify and describe transport
layer protocols
- Describe TCP and UDP header
formats
- Describe TCP and UDP port
numbers
- List the major protocols of the
TCP/IP application layer
- Provide a brief description of
the features and operation of well-known TCP/IP applications
11.1 TCP/IP Transport Layer
11.1.1 Introduction to the TCP/IP transport
layer
This page will
describe the functions of the transport layer.
The primary
duties of the transport layer are to transport and regulate the flow of
information from a source to a destination, reliably and accurately. End-to-end
control and reliability are provided by sliding windows, sequencing numbers,
and acknowledgments.
To understand
reliability and flow control, think of someone who studies a foreign language
for one year and then visits the country where that language is used. In
conversation, words must be repeated for reliability. People must also speak
slowly so that the conversation is understood, which relates to flow control.
The transport
layer establishes a logical connection between two endpoints of a network.
Protocols in the transport layer segment and reassemble data sent by
upper-layer applications into the same transport layer data stream. This
transport layer data stream provides end-to-end transport services.
The two primary
duties of the transport layer are to provide flow control and reliability. The
transport layer defines end-to-end connectivity between host applications. Some
basic transport services are as follows:
- Segmentation of upper-layer
application data
- Establishment of end-to-end
operations
- Transportation of segments from
one end host to another
- Flow control provided by
sliding windows
- Reliability provided by
sequence numbers and acknowledgments
TCP/IP is a combination of two
individual protocols. IP operates at Layer 3 of the OSI model and is a
connectionless protocol that provides best-effort delivery across a network.
TCP operates at the transport layer and is a connection-oriented service that
provides flow control and reliability. When these protocols are combined they
provide a wider range of services. The combined protocols are the basis for the
TCP/IP protocol suite. The Internet is built upon this TCP/IP protocol suite.
The next page
will explain how the transport layer controls the flow of data.
11.1 TCP/IP Transport Layer
11.1.2 Flow control
This page will
describe how the transport layer provides flow control.
As the transport
layer sends data segments, it tries to ensure that data is not lost. Data loss
may occur if a host cannot process data as quickly as it arrives. The host is
then forced to discard the data. Flow control ensures that a source host does
not overflow the buffers in a destination host. To provide flow control, TCP
allows the source and destination hosts to communicate. The two hosts then
establish a data-transfer rate that is agreeable to both.
The next page
will discuss data transport connections.
11.1 TCP/IP Transport Layer
11.1.3 Session establishment, maintenance, and
termination
This page discusses transport
functionality and how it is accomplished on a segment-by-segment basis.
Applications can
send data segments on a first-come, first-served basis. The segments that
arrive first will be taken care of first. These segments can be routed to the
same or different destinations. Multiple applications can share the same
transport connection in the OSI reference model. This is referred to as the
multiplexing of upper-layer conversations.
Numerous simultaneous upper-layer conversations can be multiplexed over
a single connection.
One function of
the transport layer is to establish a connection-oriented session between
similar devices at the application layer. For data transfer to begin, the
source and destination applications inform the operating systems that a
connection will be initiated. One node initiates a connection that must be
accepted by the other. Protocol software modules in the two operating systems
exchange messages across the network to verify that the transfer is authorized
and that both sides are ready.
The connection is
established and the transfer of data begins after all synchronization has
occurred. The two machines continue to communicate through their protocol
software to verify that the data is received correctly.
Figure shows a typical connection between two
systems. The first handshake requests synchronization. The second handshake
acknowledge the initial synchronization request, as well as synchronizing
connection parameters in the opposite direction. The third handshake segment is
an acknowledgment used to inform the destination that both sides agree that a
connection has been established. After the connection has been established,
data transfer begins.
Congestion can
occur for two reasons:
- First, a high-speed computer
might generate traffic faster than a network can transfer it.
- Second, if many computers
simultaneously need to send datagrams to a single destination, that
destination can experience congestion, although no single source caused
the problem.
When datagrams
arrive too quickly for a host or gateway to process, they are temporarily
stored in memory. If the traffic continues, the host or gateway eventually
exhausts its memory and must discard additional datagrams that arrive.
Instead of
allowing data to be lost, the TCP process on the receiving host can issue a
“not ready” indicator to the sender. This indicator signals the sender to stop
data transmission. When the receiver can handle additional data, it sends a
“ready” transport indicator. When this indicator is received, the sender can
resume the segment transmission.
At the end of
data transfer, the source host sends a signal that indicates the end of the
transmission. The destination host acknowledges the end of transmission and the
connection is terminated.
The next page will define
three-way handshakes.
11.1 TCP/IP Transport Layer
11.1.4 Three-way handshake
This page will
explain how TCP uses three-way handshakes for data transmission.
TCP is a
connection-oriented protocol. TCP requires a connection to be established
before data transfer begins. The two hosts must synchronize their initial
sequence numbers to establish a connection. Synchronization occurs through an
exchange of segments that carry a synchronize (SYN) control bit and the initial
sequence numbers. This solution requires a mechanism that picks the initial
sequence numbers and a handshake to exchange them.
The
synchronization requires each side to send its own initial sequence number
(INS) and to receive a confirmation of exchange in an acknowledgment (ACK) from
the other side. Each side must also receive the ISN from the other side and
send a confirming ACK. The sequence is as follows:
- The sending host (A) initiates
a connection by sending a SYN packet to the receiving host (B) indicating
its INS = X:
A
- > B SYN, seq of A = X
- B receives the packet, records
that the seq of A = X, replies with an ACK of X + 1, and indicates that
its INS = Y. The ACK of X + 1 means that host B has received all octets up
to and including X and is expecting X + 1 next:
B - > A ACK, seq of A = X, SYN seq of B = Y, ACK = X
+ 1
- A receives the packet from B,
it knows that the seq of B = Y, and responds with an ACK of Y + 1, which
finalizes the connection process:
A - > B ACK, seq of B = Y, ACK = Y + 1
This exchange is
called the three-way handshake.
A three-way
handshake is necessary because sequence numbers are not based on a global clock
in the network and TCP protocols may use different mechanisms to choose the
initial sequence numbers. The receiver of the first SYN would not know if the
segment was delayed unless it kept track of the last sequence number used on
the connection. If the receiver does not have this information, it must ask the
sender to verify the SYN.
The next page
will discuss the concept of windowing.
11.1 TCP/IP Transport Layer
11.1.5 Windowing
This page will
explain how windows are used to transmit data.
Data packets must
be delivered to the recipient in the same order in which they were transmitted
to have a reliable, connection-oriented data transfer. The protocol fails if
any data packets are lost, damaged, duplicated, or received in a different
order. An easy solution is to have a recipient acknowledge the receipt of each
packet before the next packet is sent.
If a sender had
to wait for an ACK after each packet was sent, throughput would be low.
Therefore, most connection-oriented, reliable protocols allow multiple packets
to be sent before an ACK is received. The time interval after the sender
transmits a data packet and before the sender processes any ACKs is used to
transmit more data. The number of data packets the sender can transmit before
it receives an ACK is known as the window size, or window.
TCP uses
expectational ACKs. This means that the ACK number refers to the next packet
that is expected.
Windowing refers
to the fact that the window size is negotiated dynamically in the TCP session.
Windowing is a flow-control mechanism. Windowing requires the source device to
receive an ACK from the destination after a certain amount of data is
transmitted. The destination host reports a window size to the source host. This
window specifies the number of packets that the destination host is prepared to
receive. The first packet is the ACK.
With a window
size of three, the source device can send three bytes to the destination. The
source device must then wait for an ACK. If the destination receives the three
bytes, it sends an acknowledgment to the source device, which can now transmit
three more bytes. If the destination does not receive the three bytes, because
of overflowing buffers, it does not send an acknowledgment. Because the source
does not receive an acknowledgment, it knows that the bytes should be
retransmitted, and that the transmission rate should be decreased.
In Figure , the
sender sends three packets before it expects an ACK. If the receiver can handle
only two packets, the window drops packet three, specifies three as the next
packet, and indicates a new window size of two. The sender sends the next two
packets, but still specifies a window size of three. This means that the sender
will still expect a three-packet ACK from the receiver. The receiver replies
with a request for packet five and again specifies a window size of two.
The next page
describes the acknowledgment process.
11.1 TCP/IP Transport Layer
11.1.6 Acknowledgment
This page will
discuss acknowledgments and the sequence of segments.
Reliable delivery
guarantees that a stream of data sent from one device is delivered through a
data link to another device without duplication or data loss. Positive
acknowledgment with retransmission is one technique that guarantees reliable
delivery of data. Positive acknowledgment requires a recipient to communicate
with the source and send back an ACK when the data is received. The sender
keeps a record of each data packet, or TCP segment, that it sends and expects
an ACK. The sender also starts a timer when it sends a segment and will
retransmit a segment if the timer expires before an ACK arrives.
Figure shows a sender that transmits data packets 1,
2, and 3. The receiver acknowledges receipt of the packets with a request for
packet 4. When the sender receives the ACK, it sends packets 4, 5, and 6. If
packet 5 does not arrive at the destination, the receiver acknowledges with a
request to resend packet 5. The sender resends packet 5 and then receives an
ACK to continue with the transmission of packet 7.
TCP provides
sequencing of segments with a forward reference acknowledgment. Each segment is
numbered before transmission. At the
destination, TCP reassembles the segments into a complete message. If a
sequence number is missing in the series, that segment is retransmitted.
Segments that are not acknowledged within a given time period will result in a
retransmission.
The next page
will describe TCP in more detail.
11.1 TCP/IP Transport Layer
11.1.7 TCP
This page will
discuss the protocols that use TCP and the fields included in a TCP segment.
TCP is a
connection-oriented transport layer protocol that provides reliable full-duplex
data transmission. TCP is part of the TCP/IP protocol stack. In a
connection-oriented environment, a connection is established between both ends
before the transfer of information can begin. TCP breaks messages into
segments, reassembles them at the destination, and resends anything that is not
received. TCP supplies a virtual circuit between end-user applications.
The following
protocols use TCP:
- FTP
- HTTP
- SMTP
- Telnet
The following are
the definitions of the fields in the TCP segment:
- Source port
– Number of the port that sends data
- Destination port
– Number of the port that receives data
- Sequence number
– Number used to ensure the data arrives in the correct order
- Acknowledgment number
– Next expected TCP octet
- HLEN
– Number of 32-bit words in the header
- Reserved
– Set to zero
- Code bits
– Control functions, such as setup and termination of a session
- Window –
Number of octets that the sender will accept
- Checksum –
Calculated checksum of the header and data fields
- Urgent pointer –
Indicates the end of the urgent data
- Option
– One option currently defined, maximum TCP segment size
- Data
– Upper-layer protocol data
The next page will define UDP.
11.1 TCP/IP Transport Layer
11.1.8 UDP
This page will
discuss UDP. UDP is the connectionless transport protocol in the TCP/IP
protocol stack.
UDP is a simple
protocol that exchanges datagrams without guaranteed delivery. It relies on
higher-layer protocols to handle errors and retransmit data.
UDP does not use
windows or ACKs. Reliability is provided by application layer protocols. UDP is
designed for applications that do not need to put sequences of segments
together.
The following
protocols use UDP:
- TFTP
- SNMP
- DHCP
- DNS
The following are
the definitions of the fields in the UDP segment:
- Source port
– Number of the port that sends data
- Destination port
– Number of the port that receives data
- Length –
Number of bytes in header and data
- Checksum – Calculated checksum
of the header and data fields
- Data – Upper-layer protocol
data
The next page
discusses port numbers used by both TCP and UDP.
11.1
TCP/IP Transport Layer
11.1.9
TCP and UDP port numbers
This page
examines port numbers.
Both TCP and UDP
use port numbers to pass information to the upper layers. Port numbers are used
to keep track of different conversations that cross the network at the same
time.
Application
software developers agree to use well-known port numbers that are issued by the
Internet Assigned Numbers Authority (IANA).
Any conversation bound for the FTP application uses the standard port
numbers 20 and 21. Port 20 is used for the data portion and Port 21 is used for
control. Conversations that do not involve an application with a well-known
port number are assigned port numbers randomly from within a specific range
above 1023. Some ports are reserved in both TCP and UDP. However, applications
might not be written to support them.
Port numbers have the following assigned ranges:
- Numbers below 1024 are
considered well-known ports numbers.
- Numbers above 1023 are
dynamically-assigned ports numbers.
- Registered port numbers are for
vendor-specific applications. Most of these are above 1024.
End systems use port numbers to
select the proper application. The source host dynamically assigns source port
numbers. These numbers are always greater than 1023.
This page
concludes this lesson. The next lesson will focus on the application layer. The
first page provides an introduction.
11.2
The Application Layer
11.2.1 Introduction to the TCP/IP application
layer
This page will
introduce some TCP/IP application layer protocols.
The session,
presentation, and application layers of the OSI model are bundled into the
application layer of the TCP/IP model. This means that representation,
encoding, and dialog control are all handled in the TCP/IP application layer.
This design ensures that the TCP/IP model provides maximum flexibility at the
application layer for software developers.
The TCP/IP
protocols that support file transfer, e-mail, and remote login are probably the
most familiar to users of the Internet.
These protocols include the following applications:
- DNS
- FTP
- HTTP
- SMTP
- SNMP
Telnet
The next page will discuss DNS.
11.2 The Application Layer
11.2.2 DNS
This page will
describe DNS.
The Internet is
built on a hierarchical addressing scheme. This scheme allows for routing to be
based on classes of addresses rather than based on individual addresses. The
problem this creates for the user is associating the correct address with the
Internet site. It is very easy to forget an IP address to a particular site
because there is nothing to associate the contents of the site with the
address. Imagine the difficulty of remembering the IP addresses of tens,
hundreds, or even thousands of Internet sites.
A domain naming
system was developed in order to associate the contents of the site with the
address of that site. The Domain Name System (DNS) is a system used on the
Internet for translating names of domains and their publicly advertised network
nodes into IP addresses. A domain is a group of computers that are associated
by their geographical location or their business type. A domain name is a
string of characters, number, or both. Usually a name or abbreviation that
represents the numeric address of an Internet site will make up the domain
name. There are more than 200 top-level domains on the Internet, examples of
which include the following:
.us – United
States
.uk – United
Kingdom
There are also
generic names, which examples include the following:
.edu –
educational sites
.com – commercial
sites
.gov – government
sites
.org – non-profit
sites
.net – network
service
See Figure for a detailed explanation of these domains.
The next page
will discuss FTP and TFTP.
11.2 The Application Layer
11.2.3 FTP and TFTP
This page will
describe the features of FTP and TFPT.
FTP is a
reliable, connection-oriented service that uses TCP to transfer files between
systems that support FTP. The main purpose of FTP is to transfer files from one
computer to another by copying and moving files from servers to clients, and
from clients to servers. When files are copied from a server, FTP first
establishes a control connection between the client and the server. Then a
second connection is established, which is a link between the computers through
which the data is transferred. Data transfer can occur in ASCII mode or in
binary mode. These modes determine the encoding used for data file, which in
the OSI model is a presentation layer task. After the file transfer has ended,
the data connection terminates automatically. When the entire session of
copying and moving files is complete, the command link is closed when the user
logs off and ends the session.
TFTP is a
connectionless service that uses User Datagram Protocol (UDP). TFTP is used on
the router to transfer configuration files and Cisco IOS images and to transfer
files between systems that support TFTP. TFTP is designed to be small and easy
to implement. Therefore, it lacks most of the features of FTP. TFTP can read or
write files to or from a remote server but it cannot list directories and
currently has no provisions for user authentication. It is useful in some LANs
because it operates faster than FTP and in a stable environment it works
reliably.
The next page
will discuss HTTP.
11.2 The Application Layer
11.2.4 HTTP
This page will
describe the features of HTTP.
Hypertext
Transfer Protocol (HTTP) works with the World Wide Web, which is the fastest
growing and most used part of the Internet. One of the main reasons for the
extraordinary growth of the Web is the ease with which it allows access to
information. A Web browser is a client-server application, which means that it
requires both a client and a server component in order to function. A Web
browser presents data in multimedia formats on Web pages that use text,
graphics, sound, and video. The Web pages are created with a format language
called Hypertext Markup Language (HTML). HTML directs a Web browser on a
particular Web page to produce the appearance of the page in a specific manner.
In addition, HTML specifies locations for the placement of text, files, and
objects that are to be transferred from the Web server to the Web browser.
Hyperlinks make
the World Wide Web easy to navigate. A hyperlink is an object, word, phrase, or
picture, on a Web page. When that hyperlink is clicked, it directs the browser
to a new Web page. The Web page contains, often hidden within its HTML
description, an address location known as a Uniform Resource Locator (URL).
In the URL
http://www.cisco.com/edu/, the "http://" tells the browser which
protocol to use. The second part, "www", is the hostname or name of a
specific machine with a specific IP address. The last part, /edu/ identifies
the specific folder location on the server that contains the default web page.
A Web browser
usually opens to a starting or "home" page. The URL of the home page
has already been stored in the configuration area of the Web browser and can be
changed at any time. From the starting page, click on one of the Web page
hyperlinks, or type a URL in the address bar of the browser. The Web browser
examines the protocol to determine if it needs to open another program, and
then determines the IP address of the Web server using DNS. Then the transport
layer, network layer, data link layer, and physical layer work together to
initiate a session with the Web server. The data that is transferred to the
HTTP server contains the folder name of the Web page location. The data can
also contain a specific file name for an HTML page. If no name is given, then
the default name as specified in the configuration on the server is used.
The server
responds to the request by sending to the Web client all of the text, audio,
video, and graphic files specified in the HTML instructions. The client browser
reassembles all the files to create a view of the Web page, and then terminates
the session. If another page that is located on the same or a different server
is clicked, the whole process begins again.
The Lab Activity
will help students become familiar with TCP and HTTP.
The next page
will describe the protocol used to send e-mail.
11.2
The Application Layer
11.2.5 SMTP
This page will
discuss the features of SMTP.
Email servers
communicate with each other using the Simple Mail Transfer Protocol (SMTP) to
send and receive mail. The SMTP protocol transports email messages in ASCII
format using TCP.
When a mail
server receives a message destined for a local client, it stores that message
and waits for the client to collect the mail.
There are several ways for mail clients to collect their mail. They can
use programs that access the mail server files directly or collect their mail
using one of many network protocols. The most popular mail client protocols are
POP3 and IMAP4, which both use TCP to transport data. Even though mail clients
use these special protocols to collect mail, they almost always use SMTP to
send mail. Since two different protocols, and possibly two different servers,
are used to send and receive mail, it is possible that mail clients can perform
one task and not the other. Therefore, it is usually a good idea to
troubleshoot e-mail sending problems separately from e-mail receiving problems.
When checking the
configuration of a mail client, verify that the SMTP and POP or IMAP settings
are correctly configured. A good way to test if a mail server is reachable is
to Telnet to the SMTP port (25) or to the POP3 port (110). The following
command format is used at the Windows command line to test the ability to reach
the SMTP service on the mail server at IP address 192.168.10.5:
C:\>telnet
192.168.10.5 25
The SMTP protocol
does not offer much in the way of security and does not require any authentication.
Administrators often do not allow hosts that are not part of their network to
use their SMTP server to send or relay mail. This is to prevent unauthorized
users from using their servers as mail relays.
The next page
will describe the features of SNMP.
11.2
The Application Layer
11.2.6 SNMP
This page will
define SNMP.
The Simple
Network Management Protocol (SNMP) is an application layer protocol that
facilitates the exchange of management information between network devices.
SNMP enables network administrators to manage network performance, find and
solve network problems, and plan for network growth. SNMP uses UDP as its
transport layer protocol.
An SNMP managed
network consists of the following three key components:
- Network management system (NMS)
– NMS executes applications that monitor and control managed devices. The
bulk of the processing and memory resources required for network
management are provided by NMS. One or more NMSs must exist on any managed
network.
- Managed devices
– Managed devices are network nodes that contain an SNMP agent and that
reside on a managed network. Managed devices collect and store management
information and make this information available to NMSs using SNMP.
Managed devices, sometimes called network elements, can be routers, access
servers, switches, and bridges, hubs, computer hosts, or printers.
- Agents –
Agents are network-management software modules that reside in managed
devices. An agent has local knowledge of management information and translates
that information into a form compatible with SNMP.
The next page
will describe Telnet.
11.2
The Application Layer
11.2.7 Telnet
This page will
explain the features of Telnet.
Telnet client
software provides the ability to login to a remote Internet host that is
running a Telnet server application and then to execute commands from the
command line. A Telnet client is referred to as a local host. Telnet server,
which uses special software called a daemon, is referred to as a remote host.
To make a
connection from a Telnet client, the connection option must be selected. A
dialog box typically prompts for a host name and terminal type. The host name
is the IP address or DNS name of the remote computer. The terminal type
describes the type of terminal emulation that the Telnet client should perform.
The Telnet operation uses none of the processing power from the transmitting
computer. Instead, it transmits the keystrokes to the remote host and sends the
resulting screen output back to the local monitor. All processing and storage
take place on the remote computer.
Telnet works at
the application layer of the TCP/IP model. Therefore, Telnet works at the top
three layers of the OSI model. The application layer deals with commands. The
presentation layer handles formatting, usually ASCII. The session layer
transmits. In the TCP/IP model, all of these functions are considered to be
part of the application layer.
This page
concludes this lesson. The next page will summarize the main points from the
module.
Summary
This page
summarizes the topics discussed in this module.
The primary
duties of the transport layer, Layer 4 of the OSI model, are to transport and
regulate the flow of information from the source to the destination reliably
and accurately.
The transport
layer multiplexes data from upper layer applications into a stream of data
packets. It uses port (socket) numbers to identify different conversations and
delivers the data to the correct application.
The Transmission
Control Protocol (TCP) is a connection-oriented transport protocol that
provides flow control as well as reliability. TCP uses a three-way handshake to
establish a synchronized circuit between end-user applications. Each datagram
is numbered before transmission. At the receiving station, TCP reassembles the
segments into a complete message. If a sequence number is missing in the
series, that segment is retransmitted.
Flow control
ensures that a transmitting node does not overwhelm a receiving node with data.
The simplest method of flow control used by TCP involves a “not ready” signal
that notifies the transmitting device that the buffers on the receiving device
are full. When the receiver can handle additional data, the receiver sends a
“ready” transport indicator.
Positive
acknowledgment with retransmission is another TCP protocol technique that
guarantees reliable delivery of data. Because having to wait for an
acknowledgment after sending each packet would negatively impact throughput,
windowing is used to allow multiple packets to be transmitted before an
acknowledgment is received. TCP window sizes are variable during the lifetime
of a connection.
Positive
acknowledgment with retransmission is another TCP protocol technique that
guarantees reliable delivery of data. Because having to wait for an
acknowledgment after sending each packet would negatively impact throughput,
windowing is used to allow multiple packets to be transmitted before an
acknowledgment is received. TCP window sizes are variable during the lifetime
of a connection.
If an application
does not require flow control or an acknowledgment, as in the case of a
broadcast transmission, User Datagram Protocol (UDP) can be used instead of
TCP. UDP is a connectionless transport protocol in the TCP/IP protocol stack
that allows multiple conversations to occur simultaneously but does not provide
acknowledgments or guaranteed delivery. A UDP header is much smaller than a TCP
header because of the lack of control information it must contain.
Some of the
protocols and applications that function at the application level are well
known to Internet users:
- Domain Name System (DNS)
- Used in IP networks to translate names of network nodes into IP
addresses
- File Transfer Protocol (FTP)
- Used for transferring files between networks
- Hypertext Transfer Protocol
(HTTP) - Used to deliver hypertext markup
language (HTML) documents to a client application, such as a WWW browser
- Simple Mail Transfer Protocol
(SMTP) - Used to provide electronic mail
services
- Simple Network Management
Protocol (SNMP) - Used to monitor and control
network devices and to manage configurations, statistics collection,
performance and security
- Telnet -
Used to login to a remote host that is running a Telnet server application
and then to execute commands from the command line
No comments:
Post a Comment