Chapter 2 TCP/IP (Overview)

This chapter introduces the Solaris implementation of the TCP/IP network protocol suite. The information is intended for network administrators who are unfamiliar with TCP/IP. If you are an experienced TCP/IP network administrator, consider reading chapters that cover the tasks that you want to perform.

This chapter contains the following information:

• Introducing the Internet Protocol Suite

• How the TCP/IP Protocols Handle Data Communications

• Finding Out More About TCP/IP and the Internet

Introducing the Internet Protocol Suite

This section presents an in-depth introduction to the protocols that compose TCP/IP. Although the information is conceptual, you should learn the names of the protocols and what each does.

TCP/IP is the abbreviation that is commonly used for the set of network protocols that compose the Internet Protocol suite. Many texts use the term “Internet” to describe both the protocol suite and the global wide area network. In this book, the “TCP/IP” refers specifically to the Internet protocol suite. “Internet” refers to the wide area network and the bodies that govern the Internet.

To interconnect your TCP/IP network with other networks, you must obtain a unique IP network number. At the time of this writing, the InterNIC organization assigns IP network numbers.

If hosts on your network are to participate in the Internet domain name system (DNS), you must obtain and register a unique domain name. The InterNIC also handles the registration of domain names under certain top-level domains such as .com (commercial), .edu (education), and .gov (government). Chapter 3, Planning Your TCP/IP Network (Task) contains more information about the InterNIC. For more information on DNS, refer to System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).

Protocol Layers and the OSI Model

Most network protocol suites are structured as a series of layers, sometimes referred to collectively as a protocol stack. Each layer is designed for a specific purpose. Each layer exists on both the sending and receiving hosts. A specific layer on one machine sends or receives exactly the same object that another machine's peer process sends or receives. These activities occur independently from activities in layers above or below the layer under consideration. Effectively, each layer on a host acts independently of other layers on the same machine. Each layer acts in parallel with the same layer on other hosts.

OSI Reference Model

Most network protocol suites are viewed as structured in layers. The International Organization for Standardization (ISO) designed the Open Systems Interconnection (OSI) Reference Model that uses structured layers. The OSI model describes a structure with seven layers for network activities. Each layer associates one or more protocols with the layer. The layers represent data transfer operations common to all types of data transfers among cooperating networks.

The OSI Reference Model lists the protocol layers from the top (layer 7) to the bottom (layer 1). The following table shows the model.

Table 2–1 Open Systems Interconnection Reference Model

Layer No.	Layer Name	Description
7	Application	Consists of standard communication services and applications that everyone can use.
6	Presentation	Ensures that information is delivered to the receiving machine in a form that the machine can understand.
5	Session	Manages the connections and terminations between cooperating computers.
4	Transport	Manages the transfer of data. Also assures that the received data are identical to the transmitted data.
3	Network	Manages data addressing and delivery between networks.
2	Data Link	Handles the transfer of data across the network media.
1	Physical	Defines the characteristics of the network hardware.

The OSI model defines conceptual operations that are not unique to any particular network protocol suite. For example, the OSI network protocol suite implements all seven layers of the OSI Reference Model. TCP/IP uses some of OSI model layers. TCP/IP also combines other layers. Other network protocols, such as SNA, add an eighth layer.

TCP/IP Protocol Architecture Model

The OSI model describes an idealized network communications with a family of protocols. TCP/IP does not correspond to this model directly. TCP/IP either combines several OSI layers into a single layer, or does not use certain layers at all. The following table shows the layers of the Solaris implementation of TCP/IP. The table lists the layers from the topmost layer (application) to the lowest (physical network).

Table 2–2 TCP/IP Protocol Stack

OSI Ref. Layer No.	OSI Layer Equivalent	TCP/IP Layer	TCP/IP Protocol Examples
5,6,7	Application, session, presentation	Application	NFS, NIS+, DNS, telnet, ftp, rlogin, rsh, rcp, RIP, RDISC, SNMP, and others
4	Transport	Transport	TCP, UDP
3	Network	Internet	IP, ARP, ICMP
2	Data link	Data link	PPP, IEEE 802.2
1	Physical	Physical network	Ethernet (IEEE 802.3) Token Ring, RS-232, others

The table shows the TCP/IP protocol layers. Also shown are the OSI Model equivalents with examples of the protocols that are available at each level of the TCP/IP protocol stack. Each host that is involved in a communication transaction runs a unique implementation of the protocol stack.

Physical Network Layer

The physical network layer specifies the characteristics of the hardware to be used for the network. For example, physical network layer specifies the physical characteristics of the communications media. The physical layer of TCP/IP describes hardware standards such as IEEE 802.3, the specification for Ethernet network media, and RS-232, the specification for standard pin connectors.

Data-Link Layer

The data-link layer identifies the network protocol type of the packet, in this instance TCP/IP. The data-link layer also provides error control and “framing.” Examples of data-link layer protocols are Ethernet IEEE 802.2 framing and Point-to-Point Protocol (PPP) framing.

Internet Layer

This layer, also known as the network layer, accepts and delivers packets for the network. This layer includes the powerful Internet Protocol (IP), the Address Resolution Protocol (ARP), and the Internet Control Message Protocol (ICMP).

IP Protocol

The IP protocol and its associated routing protocols are possibly the most significant of the entire TCP/IP suite. IP is responsible for the following:

• IP addressing – The IP addressing conventions are part of the IP protocol. Chapter 3, Planning Your TCP/IP Network (Task) describes IPv4 addressing in detail and Chapter 14, IPv6 (Overview) describes IPv6 addressing in detail.

• Host-to-host communications – IP determines the path a packet must take, based on the receiving host's IP address.

• Packet formatting – IP assembles packets into units that are known as IP datagrams. Datagrams are fully described in Internet Layer.

• Fragmentation – If a packet is too large for transmission over the network media, IP on the sending host breaks the packet into smaller fragments. IP on the receiving host then reconstructs the fragments into the original packet.

Previous releases of the Solaris operating environment implement version 4 of the Internet Protocol, which is abbreviated as IPv4. However, because of the rapid growth of the Internet, a new Internet Protocol was created. The new protocol increases address space. This new version, known as version 6, is abbreviated as IPv6. The Solaris operating environment supports both versions, which are described in this book. To avoid confusion when addressing the Internet Protocol, one of the following conventions is used:

• When the term IP is used in a description, the description applies to both IPv4 and IPv6.

• When the term IPv4 is used in a description, the description applies only to IPv4.

• When the term IPv6 is used in a description, the description applies only to IPv6.

ARP Protocol

The Address Resolution Protocol (ARP) conceptually exists between the data-link and Internet layers. ARP assists IP in directing datagrams to the appropriate receiving host by mapping Ethernet addresses (48 bits long) to known IP addresses (32 bits long).

ICMP Protocol

Internet Control Message Protocol (ICMP) detects and reports network error conditions. ICMP reports on the following:

• Dropped packets – Packets that arrive too fast to be processed

• Connectivity failure – A destination host that cannot be reached)

• Redirection – Redirecting a sending host to use another router

The ping Command contains more information on the operating system commands that use ICMP for error detection.

Transport Layer

The TCP/IP transport layer protocols ensure that packets arrive in sequence and without error, by swapping acknowledgments of data reception, and retransmitting lost packets. This type of communication is known as “end-to-end.” Transport layer protocols at this level are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).

TCP Protocol

TCP enables applications to communicate with each other as though connected by a physical circuit. TCP sends data in a form that appears to be transmitted in a character-by-character fashion, rather than as discrete packets. This transmission consists of a starting point, which opens the connection, the entire transmission in byte order, and an ending point, which closes the connection.

TCP attaches a header onto the transmitted data. This header contains a large number of parameters that help processes on the sending machine connect to peer processes on the receiving machine.

TCP confirms that a packet has reached its destination by establishing an end-to-end connection between sending and receiving hosts. TCP is therefore considered a “reliable, connection-oriented” protocol.

UDP Protocol

UDP, the other transport layer protocol, provides datagram delivery service. UDP does not verify connections between receiving and sending hosts. Because UDP eliminates the processes of establishing and verifying connections, applications that send small amounts of data use UDP rather than TCP.

Application Layer

The application layer defines standard Internet services and network applications that anyone can use. These services work with the transport layer to send and receive data. Many application layer protocols exist. The following list shows examples of application layer protocols:

• Standard TCP/IP services such as the ftp, tftp, and telnet commands

• UNIX “r” commands, such as rlogin and rsh

• Name services, such as NIS+ and domain name system (DNS)

• File services, such as the NFS service

• Simple Network Management Protocol (SNMP), which enables network management

• RIP and RDISC routing protocols

Standard TCP/IP Services

• FTP and Anonymous FTP – The File Transfer Protocol (FTP) transfers files to and from a remote network. The protocol includes the ftp command (local machine) and the in.ftpd daemon (remote machine). FTP enables a user to specify the name of the remote host and file transfer command options on the local host's command line. The in.ftpd daemon on the remote host then handles the requests from the local host. Unlike rcp, ftp works even when the remote computer does not run a UNIX-based operating system. A user must log in to the remote computer to make an ftp connection unless the remote computer has been configured to allow anonymous FTP.

  You can now obtain an enormous amount of materials from anonymous FTP servers that are connected to the Internet. Universities and other institutions set up these servers to offer software, research papers, and other information to the public domain. When you log in to this type of server, you use the login name anonymous, hence the term “anonymous FTP servers.”

  Using anonymous FTP and setting up anonymous FTP servers is outside the scope of this manual. However, many books, such as The Whole Internet User's Guide & Catalog, discuss anonymous FTP in detail. Instructions for using FTP to reach standard machines are in System Administration Guide: Resource Management and Network Services. The ftp(1) man page describes all ftp command options that are invoked through the command interpreter. The ftpd(1M) man page describes the services that are provided by the daemon in.ftpd.

• Telnet – The Telnet protocol enables terminals and terminal-oriented processes to communicate on a network that runs TCP/IP. This protocol is implemented as the program telnet (on local machines) and the daemon in.telnetd (on remote machines). Telnet provides a user interface through which two hosts can communicate on a character-by-character or line-by-line basis. The application includes a set of commands that are fully documented in the telnet(1) man page.

• TFTP – The Trivial File Transfer Protocol (tftp) provides functions that are similar to ftp, but the protocol does not establish ftp's interactive connection. As a result, users cannot list the contents of a directory or change directories. A user must know the full name of the file to be copied. The telnet(1) man page describes the tftp command set.

UNIX “r” Commands

The UNIX “r” commands enable users to issue commands on their local machines that run on the remote host. These commands include the following:

• rcp

• rlogin

• rsh

Instructions for using these commands are in rcp(1), rlogin(1), and rsh(1) man pages.

Name Services

The Solaris operating environment provides the following naming services:

• DNS – The domain name system (DNS) is the naming service provided by the Internet for TCP/IP networks. DNS provides host names to the IP address service. DNS also serves as a database for mail administration. For a complete description of this service, see System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP). See also the resolver(3RESOLV) man page.

• /etc files – The original host-based UNIX™ naming system was developed for standalone UNIX™ machines and then adapted for network use. Many old UNIX™ operating systems and machines still use this system, but it is not well suited for large complex networks.

• NIS – Network Information Service (NIS) was developed independently of DNS and has a slightly different focus. Whereas DNS focuses on making communication simpler by using machine names instead of numerical IP addresses, NIS focuses on making network administration more manageable by providing centralized control over a variety of network information. NIS stores information about machine names and addresses, users, the network itself, and network services. NIS namespace information is stored in NIS maps. For more information on NIS Architecture and NIS Administration, see System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).

• NIS+ – NIS+ provides centralized control over network administration services, such as mapping host names to IP and Ethernet addresses, verifying passwords, and so on. See System Administration Guide: Naming and Directory Services (FNS and NIS+).

• FNS – Federated Naming Service (FNS), supports the use of different autonomous naming systems in a single Solaris operating environment. FNS allows you to use a single, simple naming system interface for all of the different name services on your network. FNS conforms to the X/Open federated naming (XFN) specification. FNS is not a replacement for NIS+, NIS, DNS, or /etc files. Rather, FNS is implemented on top of these services and allows you to use a set of common names with desktop applications. See System Administration Guide: Naming and Directory Services (FNS and NIS+).

Directory Service

The Solaris operating environment supports LDAP (Lightweight Directory Access Protocol) in conjunction with the iPlanet Directory Server 5.x, as well as other LDAP Directory Servers. The distinction between a Naming Service and a Directory Service is in the differing extent of functionality. A directory service provides the same functionality of a naming service, but provides additional functionalities as well. See System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).

File Services

The NFS application layer protocol provides file services for the Solaris operating environment. You can find complete information about the NFS service in System Administration Guide: Resource Management and Network Services.

Network Administration

The Simple Network Management Protocol (SNMP) enables you to view the layout of your network and view the status of key machines. SNMP also enables you to obtain complex network statistics from software that is based on a graphical user interface. Many companies offer network management packages that implement SNMP. SunNet Manager^TM software is an example.

Routing Protocols

The Routing Information Protocol (RIP) and the Router Discovery Protocol (RDISC) are two routing protocols for TCP/IP networks. They are described in Routing Protocols.

How the TCP/IP Protocols Handle Data Communications

When a user issues a command that uses a TCP/IP application layer protocol, a series of events is initiated. The user's command or message passes through the TCP/IP protocol stack on the local machine. Then the command or message passes across the network media to the protocols on the recipient. The protocols at each layer on the sending host add information to the original data.

Protocols on each layer of the sending host also interact with their peers on the receiving host. Figure 2–1 shows this interaction.

Data Encapsulation and the TCP/IP Protocol Stack

The packet is the basic unit of information that is transferred across a network. The packet consists, at a minimum, of a header with the sending and receiving hosts' addresses, and a body with the data to be transferred. As the packet travels through the TCP/IP protocol stack, the protocols at each layer either add or remove fields from the basic header. When a protocol on the sending host adds data to the packet header, the process is called data encapsulation. Moreover, each layer has a different term for the altered packet, as shown in the following figure.

Figure 2–1 How a Packet Travels Through the TCP/IP Stack

This section summarizes the life cycle of a packet. The life cycle starts when you issue a command or send a message. The life cycle finishes when the appropriate application on the receiving host receives the packet.

Application Layer—User Initiates Communication

The packet's history begins when a user on one host sends a message or issues a command that must access a remote host. The application protocol formats the packet so that the appropriate transport layer protocol, TCP or UDP, can handle the packet.

Suppose the user issues an rlogin command to log in to the remote host, as shown in Figure 2–1. The rlogin command uses the TCP transport layer protocol. TCP expects to receive data in the form of a stream of bytes that contain the information in the command. Therefore, rlogin sends this data as a TCP stream.

Not all application layer protocols use TCP, however. Suppose a user wants to mount a file system on a remote host, thus initiating the NIS+ application layer protocol. NIS+ uses the UDP transport layer protocol. Therefore, the packet that contains the command must be formatted in a manner that UDP expects. This type of packet is referred to as a message.

Transport Layer—Data Encapsulation Begins

When the data arrives at the transport layer, the protocols at the layer start the process of data encapsulation. The end result depends on whether TCP or UDP handles the information.

TCP Segmentation

TCP is often called a “connection-oriented” protocol because TCP ensures the successful delivery of data to the receiving host. Figure 2–1 shows how the TCP protocol receives the stream from the rlogin command. TCP divides the data that is received from the application layer into segments and attaches a header to each segment.

Segment headers contain sender and recipient ports, segment ordering information, and a data field that is known as a checksum. The TCP protocols on both hosts use the checksum data to determine if the data transfers without error.

Establishing a TCP Connection

TCP uses segments to determine whether the receiving host is ready to receive the data. When the sending TCP wants to establish connections, TCP sends a segment that is called a SYN to the TCP protocol on the receiving host. The receiving TCP returns a segment that is called an ACK to acknowledge the successful receipt of the segment. The sending TCP sends another ACK segment, then proceeds to send the data. This exchange of control information is referred to as a three-way handshake.

UDP Packets

UDP is a “connectionless” protocol. Unlike TCP, UDP does not check that data arrived at the receiving host. Instead, UDP formats the message that is received from the application layer into UDP packets. UDP attaches a header to each packet. The header contains the sending and receiving host ports, a field with the length of the packet, and a checksum.

The sending UDP process attempts to send the packet to its peer UDP process on the receiving host. The application layer determines whether the receiving UDP process acknowledges the reception of the packet. UDP requires no notification of receipt. UDP does not use the three-way handshake.

Internet Layer

As shown in Figure 2–1, both TCP and UDP pass their segments and packets down to the Internet layer, where the IP protocol handles the segments and packets. IP prepares them for delivery by formatting them into units called IP datagrams. IP then determines the IP addresses for the datagrams, so that they can be delivered effectively to the receiving host.

IP Datagrams

IP attaches an IP header to the segment or packet's header in addition to the information that is added by TCP or UDP. Information in the IP header includes the IP addresses of the sending and receiving hosts, datagram length, and datagram sequence order. This information is provided if the datagram exceeds the allowable byte size for network packets and must be fragmented.

Data-Link Layer—Framing Takes Place

Data-link layer protocols, such as PPP, format the IP datagram into a frame. These protocols attach a third header and a footer to “frame” the datagram. The frame header includes a cyclic redundancy check (CRC) field that checks for errors as the frame travels over the network media. Then the data-link layer passes the frame to the physical layer.

Physical Network Layer—Preparing the Frame for Transmission

The physical network layer on the sending host receives the frames and converts the IP addresses into the hardware addresses appropriate to the network media. The physical network layer then sends the frame out over the network media.

How the Receiving Host Handles the Packet

When the packet arrives on the receiving host, the packet travels through the TCP/IP protocol stack in the reverse order from that which the packet travels on the sender. Figure 2–1 illustrates this path. Moreover, each protocol on the receiving host strips off header information that is attached to the packet by its peer on the sending host. The following process occurs:

1. The physical network layer receives the packet in its frame form. The physical network layer computes the CRC of the packet, then sends the frame to the data link layer.

2. The data-link layer verifies that the CRC for the frame is correct and strips off the frame header and CRC. Finally, the data link protocol sends the frame to the Internet layer.

3. The Internet layer reads information in the header to identify the transmission. Then Internet layer determines if the packet is a fragment. If the transmission is fragmented, IP reassembles the fragments into the original datagram. IP then strips off the IP header and passes the datagram on to transport layer protocols.

4. The transport layer (TCP and UDP) reads the header to determine which application layer protocol must receive the data. Then TCP or UDP strips off its related header. TCP or UDP sends the message or stream up to the receiving application.

5. The application layer receives the message. The application layer then performs the operation that the sending host requested.

TCP/IP Internal Trace Support

TCP/IP provides internal trace support by logging TCP communication when an RST packet terminates a connection. When an RST packet is transmitted or received, information on as many as 10 packets, which were just transmitted is logged with the connection information.

Finding Out More About TCP/IP and the Internet

Information about TCP/IP and the Internet is widely available. If you require specific information that is not covered in this text, you can probably find what you need in the sources cited next.

Computer Books

Many books about TCP/IP and the Internet are available from your local library or computer bookstore. The following three books are recommended:

• Craig Hunt. TCP/IP Network Administration – This book contains some theory and much practical information for managing a heterogeneous TCP/IP network.

• W. Richard Stevens. TCP/IP Illustrated, Volume I – This book is an in-depth explanation of the TCP/IP protocols. This book is ideal for network administrators who require a technical background in TCP/IP and for network programmers.

• Ed Krol. The Whole Internet User's Guide & Catalog – This book is ideal for anyone interested in using the many tools that are available for retrieving information over the Internet.

RFCs and FYIs

The Internet Architecture Board (IAB) must approve all RFCs before they are placed in the public domain. Typically, the information in RFCs is designed for developers and other highly technical readers.

Generally, for your information (FYI) documents appear as a subset of the RFCs. FYIs contain information that does not deal with Internet standards. FYIs contain Internet information of a more general nature. For example, FYI documents include a bibliography that list introductory TCP/IP books and papers. FYI documents provide an exhaustive compendium of Internet-related software tools. Finally, FYI documents include a glossary of Internet and general networking terms.

You'll find references to relevant RFCs throughout this guide and other books in the Solaris System Administrator set.