Network protocol lectures

2015
Marwa Moutaz
AL-Bani University College/
Fourth Year
1/1/2015
Network Protocol Lectures

[Type here][Type here]
1
‫الجامعة‬ ‫الباني‬ ‫كلية‬
‫الحاسبات‬ ‫تقنيات‬ ‫هندسة‬ ‫قسم‬
AL-Bani University College
Department of Computer
Technology Engineering
This series of lectures was prepared for the fourth class of computer networks
department In AL-Bani University College / Baghdad / Iraq.
I depend in make these lectures on-
1. Data_Communications_and_networking_3e_Forouzan
2. Internet
This series of lectures is not finished yet; I will complete it and update the PDF as
soon as possible.
Forgive me for any wrong by mistake.
My regards
Marwa Moutaz/ M.Sc. studies of Communication Engineering / University of
Technology/ Bagdad / Iraq

2
TCP/IP REFERENCE Model
TCP/IP is transmission control protocol and internet protocol. Protocols are set of
rules, which govern every possible communication over the internet. These protocols
describe the movement of data between the host computers or internet and offers
simple naming and addressing schemes. The TCP/IP protocol contain the first five
layers as shown below
In each communication system between two computers, there are a sender ,a receiver
and a carrier and the task of sending and receiving a message is passing through
many stages, each layer is define a step or a stage and its responsible for a given
task controlled by a specific protocol, each later have a specific protocols.

3

4
ISO/OSI Model in Communication Networks
There are n numbers of users who use computer network and are located over the
world. So to ensure national and worldwide data communication systems can be
developed and are compatible to each other. ISO has developed this. ISO stands for
International organization of Standardization. This is called a model for open system
interconnection (OSI) and is normally called as OSI model.
The ISO-OSI model consists of seven layer architecture. It defines seven layers or
levels in a complete communication system.

5
PHYSICAL Layer - OSI Model
Physical layer is the lowest layer of all. It is responsible for sending bits from one
computer to another. This layer is not concerned with the meaning of the bits and
deals with the physical connection to the network and with transmission and
reception of signals. This layer defines electrical and physical details represented as
0 or a 1.
FUNCTIONS OF PHYSICAL LAYER:
1. Representation of Bits: Data in this layer consists of stream of bits. The bits
must be encoded into signals for transmission. It defines the type of encoding
i.e. how 0’s and 1’s are changed to signal.
2. Data Rate: This layer defines the rate of transmission which is the number of
bits per second.
3. Synchronization: It deals with the synchronization of the transmitter and
receiver. The sender and receiver are synchronized at bit level.
4. Interface: The physical layer defines the transmission interface between
devices and transmission medium.
5. Line Configuration: This layer connects devices with the medium: Point to
Point configuration and Multipoint configuration.
6. Topologies: Devices must be connected using the following topologies:
Mesh, Star, Ring and Bus.
7. Transmission Modes: Physical Layer defines the direction of transmission
between two devices: Simplex, Half Duplex, Full Duplex.
8. Deals with baseband and broadband transmission.

6
DATA LINK Layer - OSI Model
Data link layer is most reliable node to node delivery of data. It forms frames from
the packets that are received from network layer and gives it to physical layer. It also
synchronizes the information which is to be transmitted over the data. Error
controlling is easily done. The encoded data are then passed to physical. Error
detection bits are used by the data link layer. It also corrects the errors. Outgoing
messages are assembled into frames. Then the system waits for the
acknowledgements to be received after the transmission. It is reliable to send
message.
FUNCTIONS OF DATA LINK LAYER:
1. Framing: Frames are the streams of bits received from the network layer into
manageable data units. This division of stream of bits is done by Data Link
Layer.

7
2. Physical Addressing: The Data Link layer adds a header to the frame in order
to define physical address of the sender or receiver of the frame, if the frames
are to be distributed to different systems on the network.
3. Flow Control: A flow control mechanism to avoid a fast transmitter from
running a slow receiver by buffering the extra bit is provided by flow control.
This prevents traffic jam at the receiver side.
4. Error Control: Error control is achieved by adding a trailer at the end of the
frame. Duplication of frames are also prevented by using this mechanism.
Data Link Layers adds mechanism to prevent duplication of frames.
5. Access Control: Protocols of this layer determine which of the devices has
control over the link at any given time, when two or more devices are
connected to the same link.

8
Network Layer - OSI Model
The main aim of this layer is to deliver packets from source to destination across
multiple links (networks). If two computers (system) are connected on the same link
then there is no need for a network layer. It routes the signal through different
channels to the other end and acts as a network controller. It also divides the outgoing
messages into packets and to assemble incoming packets into messages for higher
levels.
FUNCTIONS OF NETWORK LAYER:
1. It translates logical network address into physical address. Concerned with
circuit, message or packet switching.
2. Routers and gateways operate in the network layer. Mechanism is provided
by Network Layer for routing the packets to final destination.
3. Connection services are provided including network layer flow control,
network layer error control and packet sequence control.

9
4. Breaks larger packets into small packets.
Transport Layer - OSI Model
The main aim of transport layer is to be delivered the entire message from source
to destination. Transport layer ensures whole message arrives intact and in order,
ensuring both error control and flow control at the source to destination level. It
decides if data transmission should be on parallel path or single path. Transport
layer breaks the message (data) into small units so that they are handled more
efficiently by the network layer and ensures that message arrives in order by
checking error and flow control.
FUNCTIONS OF TRANSPORT LAYER:
1. Service Point Addressing : Transport Layer header includes service point
address which is port address. This layer gets the message to the correct
process (program) ,mean transfer data from specific program on the computer

10
to other specific program on other computer unlike Network Layer, which
gets each packet to the correct computer.
2. Segmentation and Reassembling : A message is divided into segments; each
segment contains sequence number, which enables this layer in reassembling
the message. Message is reassembled correctly upon arrival at the destination
and replaces packets which were lost in transmission.
3. Connection Control : It includes 2 types :
o Connectionless Transport Layer : Each segment is considered as an
independent packet and delivered to the transport layer at the
destination machine.
o Connection Oriented Transport Layer : Before delivering packets,
connection is made with transport layer at the destination machine.
4. Flow Control : In this layer, flow control is performed end to end.
5. Error Control : Error Control is performed end to end in this layer to ensure
that the complete message arrives at the receiving transport layer without any
error. Error Correction is done through retransmission.
Session Layer - OSI Model
Its main aim is to establish, maintain and synchronize the interaction between
communicating systems. Session layer manages and synchronize the conversation
between two different applications. Transfer of data from one destination to another
session layer streams of data are marked and are resynchronized properly, so that the
ends of the messages are not cut prematurely and data loss is avoided.

11
FUNCTIONS OF SESSION LAYER:
1. Dialog Control : This layer allows two systems to start communication with
each other in half-duplex or full-duplex.
2. Synchronization : This layer allows a process to add checkpoints which are
considered as synchronization points into stream of data. Example: If a system
is sending a file of 800 pages, adding checkpoints after every 50 pages is
recommended. This ensures that 50 page unit is successfully received and
acknowledged. This is beneficial at the time of crash as if a crash happens at
page number 110; there is no need to retransmit 1 to100 pages.
Presentation Layer - OSI Model
The primary goal of this layer is to take care of the syntax and semantics of the
information exchanged between two communicating systems. Presentation layer

12
Takes care that the data is sent in such a way that the receiver will understand the
information (data) and will be able to use the data. Languages (syntax) can be
different of the two communicating systems. Under this condition presentation layer
plays a role translator.
FUNCTIONS OF PRESENTATION LAYER:
1. Translation : Before being transmitted, information in the form of characters
and numbers should be changed to bit streams. The presentation layer is
responsible for interoperability between encoding methods as different
computers use different encoding methods. It translates data between the
formats the network requires and the format the computer.
2. Encryption : It carries out encryption at the transmitter and decryption at the
receiver.
3. Compression : It carries out data compression to reduce the bandwidth of the
data to be transmitted. The primary role of Data compression is to reduce the
number of bits to be 0transmitted. It is important in transmitting multimedia
such as audio, video, text etc.

13
Application Layer - OSI Model
It is the top most layer of OSI Model. Manipulation of data (information) in various
ways is done in this layer which enables user or software to get access to the network.
Some services provided by this layer includes: E-Mail, transferring of files,
distributing the results to user, directory services, network resource etc.
FUNCTIONS OF APPLICATION LAYER:
1. Mail Services: This layer provides the basis for E-mail forwarding and
storage.
2. Network Virtual Terminal: It allows a user to log on to a remote host. The
application creates software emulation of a terminal at the remote host.
User’s computer talks to the software terminal which in turn talks to the host
and vice

14
versa. Then the remote host believes it is communicating with one of its own
terminals and allows user to log on.
3. Directory Services: This layer provides access for global information about
various services.
4. File Transfer, Access and Management (FTAM) : It is a standard
mechanism to access files and manages it. Users can access files in a remote
computer and manage it. They can also retrieve files from a remote computer.

15

16

17

18

19

20

21
File Transfer Protocol
The File Transfer Protocol (FTP) is a standard network protocol used to transfer
computer files from one host to another host over a TCP-based network, such as the
Internet. FTP is built on a client-server architecture and uses separate control and
data connections between the client and the server.[1]
FTP users may authenticate
themselves using a clear-text sign-in protocol, normally in the form of a username
and password, but can connect anonymously if the server is configured to allow it.
FTP Connection Modes (Active vs. Passive)
FTP may operate in an active or a passive mode, which determines how a data
connection is established. In both cases, a client creates a TCP control connection to
an FTP server command port 21. This is a standard outgoing connection, as with any
other file transfer protocol or any other TCP client application (e.g. web browser).
So, usually there are no problems when opening the control connection.
In an Active FTP connection, the client opens a port and listens and the server
actively connects to it. In a Passive FTP connection, the server opens a port and
listens (passively) and the client connects to it.

22
In the active mode, the client starts listening on a random port for incoming data
connections from the server (the client sends the FTP command PORT to inform the
server on which port it is listening). Nowadays, it is typical that the client is behind
a firewall (e.g. built-in Windows firewall), unable to accept incoming TCP
connections. For this reason the passive mode was introduced and is mostly used
nowadays.
In the passive mode, the client uses the control connection to send a PASV command
to the server and then receives a server IP address and server port number from the
server, which the client then uses to open a data connection to the server IP address
and server port number received.

23

24

25

26

27

28

29
Dynamic Host Configuration Protocol
The Dynamic Host Configuration Protocol (DHCP) is a standardized network
protocol used on Internet Protocol (IP) networks for dynamically distributing
network configuration parameters, such as IP addresses for interfaces and services.
With DHCP, computers request IP addresses and networking parameters
automatically from a DHCP server, reducing the need for a network administrator
or a user to configure these settings manually.
Operation
DHCP operations fall into four phases: server discovery, IP lease offer, IP request,
and IP lease acknowledgment. These stages are often abbreviated as discovery, offer,
request, and acknowledgment as shown in the figure below .

30
DHCP discovery
The computer will send a DHCP discover message as shown below . This is a
broadcast because it doesn’t have an IP address and it doesn’t know if there is a
DHCP server on the network. Of course in our scenario we do have a DHCP server
so it will respond to this broadcast by sending an offer message
DHCP offer
When a DHCP server receives a DHCPDISCOVER message from a client, which is
an IP address lease request, the server reserves an IP address for the client and makes
a lease offer by sending a DHCPOFFER message to the client as shown below . This
message contains the client's MAC address, the IP address that the server is offering,
the subnet mask, the lease duration, and the IP address of the DHCP server making
the offer.

31
DHCP request
In response to the DHCP offer, the client replies with a DHCP request as shown
below , broadcast to the server requesting the offered address. A client can receive
DHCP offers from multiple servers, but it will accept only one DHCP offer. Based
on required server identification option in the request and broadcast messaging,
servers are informed whose offer the client has accepted When other DHCP servers
receive this message, they withdraw any offers that they might have made to the
client and return the offered address to the pool of available addresses.
DHCP acknowledgement
When the DHCP server receives the DHCPREQUEST message from the client, the
configuration process enters its final phase. The acknowledgement phase involves
sending a DHCPACK packet to the client. This packet includes the lease duration
and any other configuration information that the client might have requested. At this
point, the IP configuration process is completed.

32

33

34

35

36

37

38

39

40

41
Simple Network Management Protocol (SNMP)
is an Internet-standard protocol for collecting and organizing information about
managed devices on IP networks and for modifying that information to change
device behavior. Devices that typically support SNMP include routers, switches,
servers, workstations, printers, modem racks and more. SNMP is widely used in
network management systems to monitor network-attached devices for conditions
that warrant administrative attention.
Overview and basic concepts
In typical uses of SNMP one or more administrative computers, called managers,
have the task of monitoring or managing a group of hosts or devices on a computer
network. Each managed system executes, at all times, a software component called
an agent which reports information via SNMP to the manager.
An SNMP-managed network consists of three key components:
 Managed device
 Agent — software which runs on managed devices
 Network management station (NMS) — software which runs on the manager
A managed device is a network node that implements an SNMP interface that allows
unidirectional (read-only) or bidirectional (read and write) access to node-specific
information. Managed devices exchange node-specific information with the NMSs.
Sometimes called network elements, the managed devices can be any type of device,
including, but not limited to, routers, access servers, switches, cable modems,
bridges, hubs, IP telephones, IP video cameras, computer hosts, and printers.
An agent is a network-management software module that resides on a managed
device. An agent has local knowledge of management information and translates that
information to or from an SNMP-specific form.
A network management station (NMS) executes applications that monitor and
control managed devices. NMSs provide the bulk of the processing and memory

42
resources required for network management. One or more NMSs may exist on any
managed network.
Protocol details
SNMP operates in the Application Layer of the Internet Protocol Suite (Layer 7 of
the OSI model). The SNMP agent receives requests on UDP port 161. The manager
may send requests from any available source port to port 161 in the agent. The agent
response will be sent back to the source port on the manager. The manager receives
notifications (Traps and InformRequests) on port 162.
When the client wants to begin monitoring sends a Get message to the Agent, which
in turn sends the desired shape of the Get-Response As we can see from the next
image

43
As for the Get-Next message when it wants to pursue the monitoring process and
wants me to get more Almtgierat
Set the message sent by the client to request from the Agent is for something to be
determined in the event of any change on the server to change the value
Trab message to be sent by the Agent in the event of something in a device controller,
for example, Port stopped working (Link Down / Up which in this case sends the
Bort 162 while the rest of the messages sent to Bort 161

44
Secure Shell
Secure Shell, or SSH, is a cryptographic (encrypted) network protocol to allow
remote login and other network services to operate securely over an unsecured
network
SSH provides a secure channel over an unsecured network in a client-server
architecture, connecting an SSH client application with an SSH server.[2]
Common
applications include remote command-line login and remote command execution,
but any network service can be secured with SSH.
SSH service supports different ways of documenting Authentication:
First: Host-Key Authentication
This is how prevailing when everyone else is working through your use his user
name and secret on the server to communicate with that server. Any will to
communicate through the use of a user name, for example, binary and used the secret
word for the user to enter this server. The device Host-Key encrypts the line between
you and the server private key. Of course I know that many of the owners of private
servers using this method although it is a normal way and there is the strongest of
them (we'll see through the explanation) and also in users may use them for their
lack of knowledge to other.
Secondly: Public-Key Authentication
Instead of your use of confidential user and his speech on the server contact, we
are using your private key contact to server through this key. And have a key word
Passphrase passage. Two keys will work one year and the other special Public
Private All you need is to put the public key on the server to be called while
retaining the private key and not to make one up for him. This method is the best
way, but frankly, you need a little work on your part to be working properly, on the
whole do not worry targeting this specific objective way so read only.

45
Third: Passphrase-Less Authentication
This method is the same as the previous method, but we just do not put Passphrase
on the key that we do and why it is to be used in automatic Automated operations or
in scripts or functions in the cron. But the drawback of this method is if one of them
got on your key, it can do whatever he wants on the server.
Telnet
Telnet provided access to a command-line interface (usually, of an operating system)
on a remote host. Most network equipment and operating systems with a
configuration (including systems based on Windows NT). However, because of
serious security concerns when using Telnet over an open network such as the
Internet, its use for this purpose has waned significantly in favor of SSH.
The term telnet is also used to refer to the software that implements the client part
of the protocol. Telnet client applications are available for virtually all computer
platforms. Telnet is also used as a verb. To telnet means to establish a connection
with the Telnet protocol, either with command line client or with a programmatic
interface. For example, a common directive might be: "To change your password,
telnet to the server, log in and run the passwd command." Most often, a user will be
telnetting to a Unix-like server system or a network device (such as a router) and
obtaining a login prompt to a command line text interface or a character-based full-
screen manager.
for accessingprotocolTCP/IPTelnet is a user command and an underlying
remote computers. Through Telnet, an administrator or another user can
and FTPHTTPsomeone else's computer remotely. On the Web,access
protocols allow you to request specific files from remote computers, but not to
actually be logged on as a user of that computer. With Telnet, you log on as a

46
regular user with whatever privileges you may have been granted to the specific
on that computer.dataandapplication
ROUTING INFORMATION PROTOCOL RIP
vector-distance) is one of the oldestRIP(Routing Information ProtocolThe
as a routing metric The maximumhop countwhich employ therouting protocols
number of hops allowed for RIP is 15. Each RIP router maintains a routing table,
which is a list of all the destinations (networks) it knows how to reach, along with
the distance to that destination. RIP uses a distance vector algorithm to decide which
path to put a packet on to get to its destination. It stores in its routing table the
distance for each network it knows how to reach, along with the address of the "next
hop" router -- another router that is on one of the same networks -- through which a
packet has to travel to get to that destination. If it receives an update on a route, and
the new path is shorter, it will update its table entry with the length and next-hop
address of the shorter path; if the new path is longer, it will wait through a "hold-
down" period to see if later updates reflect the higher value as well, and only update
the table entry if the new, longer path is stable, Using RIP, each router sends its
entire routing table to its closest neighbors every 30 seconds.
BGP (Border Gateway Protocol)
for exchanging routing informationprotocolBGP (Border Gateway Protocol) is a
autonomous) in a network ofrouters (each with its ownhostgatewaybetween
s. BGP is often the protocol used between gateway hosts on the Internet. Thesystem
d arouting table contains a list of known routers, the addresses they can reach, an
associated with the path to each router so that the best available route ismetriccost
Hosts using BGP communicate using the Transmission Control Protocolchosen.
) and send updated router table information only when one host has detected aTCP(
change. Only the affected part of the routing table is sent.

47
The Border Gateway Protocol makes routing decisions based on paths, network
and is involved innetwork administratorsets configured by a-policies, or rule
decisions.routingmaking core
DATA LINK LAYER PROTOCOLS
Detections methods
1-

48

49
2-

50

51

52

53

54
MAC Media access control
In the reference model of computer networking, the medium access control or
media access control (MAC) layer is the lower sublayer of the data link layer (layer
2) of the seven-layer OSI model. The MAC sublayer provides addressing and
channel access control mechanisms that make it possible for several terminals or
network nodes to communicate within a multiple access network that incorporates a
shared medium, e.g. an Ethernet network. The hardware that implements the MAC
is referred to as a media access controller.
The MAC sublayer acts as an interface between the logical link control (LLC)
sublayer and the network's physical layer. The MAC layer emulates a full-duplex
logical communication channel in a multi-point network. This channel may provide
unicast, multicast or broadcast communication service.

55
ETHERNET
Ethernet is a family of computer networking technologies commonly used in local
area networks (LANs) and metropolitan area networks (MANs). It was
commercially introduced in 1980 and first standardized in 1983. and has since been
refined to support higher bit rates and longer link distances. Over time, Ethernet has
largely replaced competing wired LAN technologies such as token ring, FDDI ..etc
The original Ethernet uses coaxial cable as a shared medium, while the newer
Ethernet variants use twisted pair and fiber optic links in conjunction with hubs or
switches. Over the course of its history, Ethernet data transfer rates have been
increased from the original 2.94 megabits per second (Mbit/s) to the latest
100 gigabits per second (Gbit/s), with 400 Gbit/s expected by late 2017. The
Ethernet standards comprise several wiring and signaling variants of the OSI
physical layer in use with Ethernet.
Systems communicating over Ethernet divide a stream of data into shorter pieces
called frames. Each frame contains source and destination addresses, and error-
checking data so that damaged frames can be detected and discarded; most often,
higher-layer protocols trigger retransmission of lost frames. As per the OSI model,
Ethernet provides services up to and including the data link layer.

56
Evolution
 Shared media
 Repeaters and hubs
 Bridging and switching
 Advanced networking
DSL TECHNOLOGY

57

58

59
ISDN
ISDN is a circuit-switched telephone network system, which also provides access to
packet switched networks, designed to allow digital transmission of voice and data
over ordinary telephone copper wires, resulting in potentially better voice quality
than an analog phone can provide. The key feature of ISDN is that it integrates
speech and data on the same lines, adding features that were not available in the

60
classic telephone system. It offers circuit-switched connections (for either voice or
data), and packet-switched connections (for data), in increments of 64 kilobit/s. A
major market application for ISDN in some countries is Internet access, where ISDN
typically provides a maximum of 128 kbit/s in both upstream and downstream
directions ISDN is employed as the network, data-link and physical layers in the
context of the OSI model. which are a set of protocols for establishing and breaking
circuit switched connections, and for advanced calling features for the user. They
were introduced in 1986.[2]
In a videoconference, ISDN provides simultaneous voice, video, and text
transmission between individual desktop videoconferencing systems and group
(room) videoconferencing systems.
Basic Rate Interface
The entry level interface to ISDN is the Basic Rate Interface (BRI), a 128 kbit/s
service delivered over a pair of standard telephone copper wires. The 144 kbit/s
payload rate is broken down into two 64 kbit/s bearer channels ('B' channels) and
one 16 kbit/s signaling channel ('D' channel or data channel). This is sometimes
referred to as 2B+D.
The interface specifies the following network interfaces:
 The U interface is a two-wire interface between the exchange and a network
terminating unit, which is usually the demarcation point in non-North
American networks.
 The T interface is a serial interface between a computing device and a
terminal adapter, which is the digital equivalent of a modem.
 The S interface is a four-wire bus that ISDN consumer devices plug into; the
S & T reference points are commonly implemented as a single interface
labeled 'S/T' on an Network termination 1 (NT1).
 The R interface defines the point between a non-ISDN device and a terminal
adapter (TA) which provides translation to and from such a device.

61
FDDI
in adata transmission) is a standard forFDDI(Fiber Distributed Data Interface
as its standard underlying physical medium,optical fiber. It useslocal area network
ich case it may becable, in whcopperalthough it was also later specified to use
called CDDI (Copper Distributed Data Interface), standardized as TP-PMD
(Twisted-Pair Physical Medium-Dependent), also referred to as TP-DDI (Twisted-
Pair Distributed Data Interface).
Topology
Designers normally constructed FDDI rings in a network topology such as a "dual
ring of trees". A small number of devices, typically infrastructure devices such as
routers and concentrators rather than host computers, were "dual-attached" to both
rings. Host computers then connect as single-attached devices to the routers or
concentrators. The dual ring in its most degenerate form simply collapses into a
single device. Typically, a computer-room contained the whole dual ring, although
some implementations deployed FDDI as a metropolitan area network.[4]
FDDI requires this network topology because the dual ring actually passes through
each connected device and requires each such device to remain continuously
operational. The standard actually allows for optical bypasses, but network engineers
consider these unreliable and error-prone. Devices such as workstations and
minicomputers that might not come under the control of the network managers are
not suitable for connection to the dual ring.
As an alternative to using a dual-attached connection, a workstation can obtain the
same degree of resilience through a dual-homed connection made simultaneously to
two separate devices in the same FDDI ring. One of the connections becomes active
while the other one is automatically blocked. If the first connection fails, the backup
link takes over with no perceptible delay.

62
ARP
The Address Resolution Protocol (ARP) is a telecommunication protocol used for
resolution of network layer addresses into link layer addresses, a critical function in
multiple-access networks. ARP is used for mapping a network address (e.g. an IPv4
address) to a physical address like an Ethernet address (also named a MAC address).
Packet structure
he Address Resolution Protocol uses a simple message format containing one
address resolution request or response. The size of the ARP message depends on the
upper layer and lower layer address sizes, which are given by the type of networking
protocol (usually IPv4) in use and the type of hardware or virtual link layer that the
upper layer protocol is running on. The message header specifies these types, as well
as the size of addresses of each. The message header is completed with the operation
code for request (1) and reply (2). The payload of the packet consists of four
addresses, the hardware and protocol address of the sender and receiver hosts.
The principal packet structure of ARP packets is shown in the following table which
illustrates the case of IPv4 networks running on Ethernet. In this scenario, the packet
has 48-bit fields for the sender hardware address (SHA) and target hardware address
(THA), and 32-bit fields for the corresponding sender and target protocol addresses
(SPA and TPA). Thus, the ARP packet size in this case is 28 bytes.

63

64
L2TP
In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling
protocol used to support virtual private networks (VPNs) or as part of the delivery
of services by ISPs. It does not provide any encryption or confidentiality by itself.
Rather, it relies on an encryption protocol that it passes within the tunnel to provide
privacy
Description
The entire L2TP packet, including payload and L2TP header, is sent within a User
Datagram Protocol (UDP) datagram. It is common to carry PPP sessions within an
L2TP tunnel. L2TP does not provide confidentiality or strong authentication by
itself. IPsec is often used to secure L2TP packets by providing confidentiality,
authentication and integrity. The combination of these two protocols is generally
known as L2TP/IPsec (discussed below).
The two endpoints of an L2TP tunnel are called the LAC (L2TP Access
Concentrator) and the LNS (L2TP Network Server). The L2TP waits for new tunnels.
Once a tunnel is established, the network traffic between the peers is bidirectional.
To be useful for networking, higher-level protocols are then run through the L2TP
tunnel. To facilitate this, an L2TP session (or 'call') is established within the tunnel
for each higher-level protocol such as PPP. Either the LAC or LNS may initiate
sessions. The traffic for each session is isolated by L2TP, so it is possible to set up
multiple virtual networks across a single tunnel. MTU should be considered when
implementing L2TP.
The packets exchanged within an L2TP tunnel are categorized as either control
packets or data packets. L2TP provides reliability features for the control packets,
but no reliability for data packets. Reliability, if desired, must be provided by the
nested protocols running within each session of the L2TP tunnel.

65
PPP
In computer networking, Point-to-Point Protocol (PPP) is a data link protocol used
to establish a direct connection between two nodes. It can provide connection
authentication, transmission encryption and compression.
PPP is a full-duplex protocol that can be used on various physical media, including
twisted pair or fiber optic lines or satellite transmission. It uses a variation of High
Speed Data Link Control (HDLC) for packet encapsulation.
PPP is usually preferred over the earlier de facto standard Serial Line Internet
Protocol (SLIP) because it can handle synchronous as well as asynchronous
communication. PPP can share a line with other users and it has error detection that
SLIP lacks. Where a choice is possible, PPP is preferred.
PPP line activation and phases
Link Dead
This phase occurs when the link fails, or one side has been told to disconnect
(e.g. a user has finished his or her dialup connection.)
Link Establishment Phase
This phase is where Link Control Protocol negotiation is attempted. If
successful, control goes either to the authentication phase or the Network-
Layer Protocol phase, depending on whether authentication is desired.
Authentication Phase
This phase is optional. It allows the sides to authenticate each other before a
connection is established. If successful, control goes to the network-layer
protocol phase.
Network-Layer Protocol Phase
This phase is where each desired protocols' Network Control Protocols are
invoked. For example, IPCP is used in establishing IP service over the line.
Data transport for all protocols which are successfully started with their
network control protocols also occurs in this phase. Closing down of network
protocols also occur in this phase.
Link Termination Phase
This phase closes down this connection. This can happen if there is an authentication
failure, if there are so many checksum errors that the two parties decide to tear down

66
the link automatically, if the link suddenly fails, or if the user decides to hang up his
connection.
Spanning tree protocol (STP)
The Spanning Tree Protocol (STP) is a network protocol that ensures a loop-free
topology for Ethernet networks. The basic function of STP is to prevent bridge loops
and the broadcast radiation that results from them. Spanning tree also allows a
network design to include spare (redundant) links to provide automatic backup paths
if an active link fails, without the danger of bridge loops, or the need for manual
enabling or disabling of these backup links.
Where two bridges are used to interconnect the same two computer network
segments, spanning tree is a protocol that allows the bridges to exchange information
so that only one of them will handle a given message that is being sent between two
computers within the network. The spanning tree protocol prevents the condition
known as a bridge loop.

67
In a local area network (LAN) such as an Ethernet or token ring network, computers
compete for the ability to use the shared telecommunications path at any given time.
If too many computers try to send at the same time, the overall performance of the
network can be affected, even to the point of bringing all traffic to a near halt. To
make this possibility less likely, the local area network can be divided into two or
more network segments with a device called a bridge connecting any two segments.
Each message (called a frame) goes through the bridge before being sent to the
intended destination. The bridge determines whether the message is for a destination
within the same segment as the sender's or for the other segment, and forwards it
accordingly.
A bridge does nothing more than look at the destination address and, based on its
understanding of the two segments (which computers are on which segments),
forwards it on the right path (which means to the correct outgoing port).
The program in each bridge that allows it to determine how to use the protocol is
known as the spanning tree algorithm. The algorithm is specifically constructed to
avoid bridge loops (multiple paths linking one segment to another, resulting in an
infinite loop situation). The algorithm is responsible for a bridge using only the most
efficient path when faced with multiple paths. If the best path fails, the algorithm
recalculates the network and finds the next best route.
The spanning tree algorithm determines the network (which computer hosts are in
which segment) and this data is exchanged using Bridge Protocol Data Units
(BPDUs). It is broken down into two steps:
Step 1: The algorithm determines the best message a bridge can send by evaluating
the configuration messages it has received and choosing the best option.
Step 2: Once it selects the top message for a particular bridge to send, it compares
its choice with possible configuration messages from the non-root-connections it
has. If the best option from step 1 isn't better than what it receives from the non-root-
connections, it will prune that port.
The spanning tree protocol and algorithm were developed by a committe of the
IEEE. Currently, the IEEE is attempting to institute enhancements to the spanning
tree algorithm that will reduce network recovery time. The goal is to go from 30 to

68
60 seconds after a failure or change in link status to less than 10 seconds. The
enhancement, called Rapid Reconfiguration or Fast Spanning Tree, would cut down
on data loss and session timeouts when large, Ethernet networks recover after a
topology change or a device failure.
Transport Layer Protocols
Congestion Control
• When one part of the subnet (e.g. one or more routers in an area) becomes
overloaded, congestion results.
• Because routers are receiving packets faster than they can forward them, one
of two things must happen:
– The subnet must prevent additional packets from entering the congested
region until those already present can be processed.
– The congested routers can discard queued packets to make room for
those that are arriving.
Factors that Cause Congestion
• Packet arrival rate exceeds the outgoing link capacity.
• Insufficient memory to store arriving packets
• Bursty traffic
• Slow processor
• Congestion Control is concerned with efficiently using a network at high load.
• Several techniques can be employed. Two of them include:
– Warning bit
– Choke packets

69
Warning Bit
• A special bit in the packet header is set by the router to warn the source when
congestion is detected.
• The bit is copied and piggy-backed on the ACK and sent to the sender.
• The sender monitors the number of ACK packets it receives with the warning
bit set and adjusts its transmission rate accordingly.
Choke Packets
• A more direct way of telling the source to slow down.
• A choke packet is a control packet generated at a congested node and
transmitted to restrict traffic flow.
• The source, on receiving the choke packet must reduce its transmission
rate by a certain percentage.
An example of a choke packet is the ICMP Source Quench Packet
Flow control
is the process of managing the rate of dataflow control,data communicationsIn
transmission between two nodes to prevent a fast sender from overwhelming a slow
receiver. It provides a mechanism for the receiver to control the transmission speed,
so that the receiving node is not overwhelmed with data from transmitting node.
, which is used forcongestion controlFlow control should be distinguished from
controlling the flow of data when congestion has actually occurred.

70
(ARQ)requestAutomatic Repeat
 Automatic Repeat Request
 Receiver sends acknowledgment (ACK) when it receives packet
 Sender waits for ACK and timeouts if it does not arrive within some
time period
 Simplest ARQ protocol
 Stop and wait
 Send a packet, stop and wait until ACK arrives

71
User Datagram Protocol UDP
The User Datagram Protocol (UDP) is one of the core members of the Internet
protocol suite, UDP uses a simple connectionless transmission model with a
minimum of protocol mechanism. It has no handshaking dialogues, and thus exposes
the user's program to any unreliability of the underlying network protocol. There is
no guarantee of delivery, ordering, or duplicate protection. UDP provides checksums

72
for data integrity, and port numbers for addressing different functions at the source
and destination of the datagram.
With UDP, computer applications can send messages, in this case referred to as
datagrams, to other hosts on an Internet Protocol (IP) network without prior
communications to set up special transmission channels or data paths. UDP is
suitable for purposes where error checking and correction is either not necessary or
is performed in the application, avoiding the overhead of such processing at the
network interface level. Time-sensitive applications often use UDP because
dropping packets is preferable to waiting for delayed packets, which may not be an
option in a real-time system.[1]
If error correction facilities are needed at the network
interface level, an application may use the Transmission Control Protocol (TCP) or
Stream Control Transmission Protocol (SCTP) which are designed for this purpose.
Transmission Control Protocol TCP
TCP is a connection-oriented protocol, which means a connection is established and
maintained until the application programs at each end have finished exchanging
messages. It determines how to break application data into packets that networks can
deliver, sends packets to and accepts packets from the network layer, manages flow
control, and—because it is meant to provide error-free data transmission—handles
retransmission of dropped or garbled packets as well as acknowledgement of all
packets that arrive. In the Open Systems Interconnection (OSI) communication
model, TCP covers parts of Layer 4, the Transport Layer, and parts of Layer 5, the
Session Layer.

73
For example, when a Web server sends an HTML file to a client, it uses the HTTP
protocol to do so. The HTTP program layer asks the TCP layer to set up the
connection and send the file. The TCP stack divides the file into packets, numbers
them and then forwards them individually to the IP layer for delivery. Although each
packet in the transmission will have the same source and destination IP addresses,
packets may be sent along multiple routes. The TCP program layer in the client
computer waits until all of the packets have arrived, then acknowledges those it
receives and asks for the retransmission on any it does not (based on missing packet
numbers), then assembles them into a file and delivers the file to the receiving
application.
Remote Procedure Call (RPC)
Remote Procedure Call (RPC) is a protocol that one program can use to request a
service from a program located in another computer in a network without having to
understand network details. (A procedure call is also sometimes known as a function
call or a subroutine call.) RPC uses the client/server model. The requesting program
is a client and the service-providing program is the server. Like a regular or local
procedure call, an RPC is a synchronous operation requiring the requesting program
to be suspended until the results of the remote procedure are returned. However, the
use of lightweight processes or threads that share the same address space allows
multiple RPCs to be performed concurrently.
When program statements that use RPC are compiled into an executable program, a
stub is included in the compiled code that acts as the representative of the remote
procedure code. When the program is run and the procedure call is issued, the stub
receives the request and forwards it to a client runtime program in the local
computer. The client runtime program has the knowledge of how to address the

74
remote computer and server application and sends the message across the network
that requests the remote procedure. Similarly, the server includes a runtime program
and stub that interface with the remote procedure itself. Results are returned the same
way.
RPC spans the Transport layer and the Application layer in the Open Systems
Interconnection (OSI) model of network communication. RPC makes it easier to
develop an application that includes multiple programs distributed in a network.
Network Layer Protocols
Routing is the process of selecting best paths in a network. In the past, the term routing also meant
networks. However, that latter function is better described asforwarding network traffic among
.forwarding

75
Distance vector algorithms
Distance vector algorithms use the Bellman–Ford algorithm. This approach assigns
a cost number to each of the links between each node in the network. Nodes send
information from point A to point B via the path that results in the lowest total cost
(i.e. the sum of the costs of the links between the nodes used).
The algorithm operates in a very simple manner. When a node first starts, it only
knows of its immediate neighbors, and the direct cost involved in reaching them.
(This information — the list of destinations, the total cost to each, and the next hop
to send data to get there — makes up the routing table, or distance table.) Each node,
on a regular basis, sends to each neighbor node its own current assessment of the

76
Total cost to get to all the destinations it knows of. The neighboring nodes examine
this information and compare it to what they already 'know'; anything that represents
an improvement on what they already have, they insert in their own routing table(s).
Over time, all the nodes in the network discover the best next hop for all destinations,
and the best total cost.
When one network node goes down, any nodes that used it as their next hop discard
the entry, and create new routing-table information. These nodes convey the updated
routing information to all adjacent nodes, which in turn repeat the process.
Eventually all the nodes in the network receive the updates, and discover new paths
to all the destinations they can still "reach".
Link-state algorithms
When applying link-state algorithms, a graphical map of the network is the
fundamental data used for each node. To produce its map, each node floods the entire
network with information about the other nodes it can connect to. Each node then
independently assembles this information into a map. Using this map, each router
independently determines the least-cost path from itself to every other node using a
standard shortest paths algorithm such as Dijkstra's algorithm. The result is a tree
graph rooted at the current node, such that the path through the tree from the root to
any other node is the least-cost path to that node. This tree then serves to construct
the routing table, which specifies the best next hop to get from the current node to
any other node.

77
Flooding
Flooding is a simple routing technique in computer networks where a source or node
sends packets through every outgoing link. Flooding, which is similar to
broadcasting, occurs when source packets (without routing data) are transmitted to
all attached network nodes.
Types
There are generally two types of flooding available, Uncontrolled Flooding and
Controlled Flooding.
Uncontrolled Flooding is the fatal law of flooding. All nodes have neighbors and
route packets indefinitely. More than two neighbors creates a broadcast storm.
Controlled Flooding has its own two algorithms to make it reliable, SNCF (Sequence
Number Controlled Flooding) and RPF (Reverse Path Flooding). In SNCF, the node
attaches its own address and sequence number to the packet, since every node has a
memory of addresses and sequence numbers. If it receives a packet in memory, it
drops it immediately while in RPF, the node will only send the packet forward. If it
is received from the next node, it sends it back to the sender.
Algorithm
There are several variants of flooding algorithms. Most work roughly as follows:
1. Each node acts as both a transmitter and a receiver.

78
2. Each node tries to forward every message to every one of its neighbors except
the source node.
This results in every message eventually being delivered to all reachable parts of the
network. Algorithms may need to be more complex than this, since, in some case,
precautions have to be taken to avoid wasted duplicate deliveries and infinite loops,
and to allow messages to eventually expire from the system. A variant of flooding
called selective flooding partially addresses these issues by only sending packets to
routers in the same direction. In selective flooding the routers don't send every
incoming packet on every line but only on those lines which are going approximately
in the right direction.

Network protocol lectures

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Network protocol lectures

Similar to Network protocol lectures (20)

Recently uploaded

Recently uploaded (20)

Network protocol lectures