THE NEWORK LAYER PROTOCOL

• DISTANCE VECTOR ROUTING PROTOCOL:

• Distance Vector routing protocols use frequent broadcasts 255.255.255.255
• or FF:FF:FF:FF) of their entire routing table every 30 sec. on all their
interfaces in order to communicate with their neighbours.
• The bigger the routing tables, the more broadcasts.
• This methodology limits significantly the size of network on which Distance
Vector can be used.
• Two very popular Distance Vector routing protocols are :
– Routing Information Protocol (RIP) and

– Interior Gateway Routing Protocol (IGRP).

* Distance Vector protocols view networks in terms of adjacent routers and

hop counts (15 for RIP, 16 is deemed unreachable and 255 for IGMP),
• So the router makes decisions about the way a packet will travel, based on
the amount of hops it takes to reach the destination and if it had 2 different
ways to get there, it will simply send it via the shortest path, regardless of the
connection speed.
• This is known as pinhole congestion.
• when a router is powered on, it will immediately know about the networks to
which each interface is directly connected
• The network is now converging and that means that there is no data being
passed .
• The only type of data being passed between the routers is that which allows
them to populate their routing tables and after that's done, the routers will
pass all other types of data between them.
• That's why a fast convergence time is a big advantage.
• The RIP has got slow convergence time
• When the network is converged, i.e. Populated their routing tables; computers in any
of the networks can contact each other.
• Each router will broadcast its entire routing table every 30 seconds.
• Routing based on Distance Vector can cause a lot of problems when links go up and
down,
• This could result in infinite loops counting to infinity
• Routing loops can occur when every router is not updated close to the same time.
• It is caused by gossip and wrong information being communicated between the
routers
• One way of solving this problem is to define a maximum hop count.
• Distance Vector (RIP) permits a hop count of up to 15, so anything that needs 16
hops is unreachable.
• So if a loop occurred, it would go around the network until the packet reached a hop
count of 15 and the next router would simply discard the packet
• Split Horizon
• Works on the principle that it's never useful to send information about a
router back to the destination from which the original packet came.
• Route Poisoning : Alternative to split horizon, when a router receives
information about a route from a particular network, the router advertises the
route back to that network with the metric of 16, indicating that the
destination is unreachable.
• Route poisoning, however, will certainly speed up convergence time
because the neighboring routers don't have to wait 30 seconds before
advertising the poisoned route through HOLD DOWN TIMERS.
• Hold-Down Timers
• Routers keep an entry for the network-down state, allowing time for other
routers to re-compute for this topology change,
• This way, allowing time for either the downed router to come back or the
network to stabilize somewhat before changing to the next best route.
• When a router receives an update from a neighbor indicating that a
previously accessible network is not working and is inaccessible, the hold-
down timer will start.
• If a new update arrives from a neighbor with a better metric than the original
network entry, the hold-down is removed and data is passed.
• But if an update is received from a neighbor router before the hold-down
timer expires and it has a lower metric than the previous route, the update is
ignored and the hold-down timer keeps ticking.
• This allows more time for the network to converge.
• Hold-down timers use triggered updates, which reset the hold-down timer,
to alert the neighbor's routers of a change in the network.
• There are three instances when triggered updates will reset the hold-down
timer:
• 1) The hold-down timer expires
• 2) The router received a processing task proportional to the number of links
in the internetwork.
• 3) Another update is received indicating the network status has changed.
• Routing Information Protocol - RIP
• Routing Information Protocol (RIP) is a true Distance-Vector routing
protocol.
• It sends the complete routing table out to all active interfaces every 30
seconds.
• RIP only uses hop count to determine the best way to a remote network, but
it has a maximum allowable hop count of 15, meaning that 16 is deemed
unreachable.
• RIP works well in small networks, but it is inefficient on large networks with
slow WAN links or on networks with large number of routers installed.
• RIP comes in two different versions. RIP version 1 and RIP version 2
• RIP v1 uses broadcasts (255.255.255.255).
• RIP v2 uses multicasts (224.0.0.9) to update its routing tables.
• Route Update Timer: Sets the interval, usually 30 seconds, between
periodic routing updates, in which the router sends a complete copy of its
routing table out to all neighbor routers.
• Route Invalid Timer: Determines the length of time that must expire,
usually 90 seconds, before the router determines that a route is
invalid.
• When the timer expires, the router will send out an update to its
neighbors letting them know that the route is invalid.
• Route Flush Timer: Sets the time between a route becoming invalid
and its removal from the routing table (240 secs).
• Before it's removed, the router will notify its neighbors of that route's
impending doom !
• Interior Gateway Protocol - IGRP
• Interior Gateway Routing Protocol (IGRP) is a Cisco proprietary
Distance-Vector routing protocol.
• This means that all routers must be Cisco routers in order to use
IGRP in network, (however, Windows 2000 now supports it as well
because they have bought a licence from Cisco to use the
protocol !)
• IGRP has a maximum hop count of 255 with a default of 100.
• This is helpful in larger networks and solves the problem of there being only 15 hops
maximum possible in a RIP network.
• IGRP also uses a different metric from RIP.
• IGRP uses bandwidth and delay of the line by default as a metric for determining the
best route to an internetwork.
• This is called a composite metric.
• IGRP has a set of timers to enhance its performance and functionality:
• Update Timer: These specify how frequently routing-update messages should be
sent. The default is 90 seconds.
• Invalid Timers: These specify how long a router should wait before declaring a route
invalid if it doesn't receive a specific update about it. The default is three times the
update period.
• Hold-down Timers: These specify the hold-down period. The default is three times the
update timer period plus 10 seconds.
• Route Flush Timer :These indicate how much time should pass before a route should
be flushed from the routing table. The default is seven times the routing period.
• Link State Routing Protocols
• Link State protocols, unlike Distance Vector broadcasts, use
multicast.
• In this case the updates is received by only the group of network
and rest ignore this.
• The multicast address is usually 224.0.0.5 & 224.0.0.6, this address
is defined by the IGRP (Interior Gateway Routing Protocol).
• Link State routing protocols do not view networks in terms of
adjacent routers and hop counts, but they build a comprehensive
view of the overall network which fully describes the all possible
routes along with their costs.
• Using the SPF (Shortest Path First) algorithm, the router creates a
"topological database" which is a hierarchy reflecting the network
routers it knows about.
• It then puts it's self on the top of this hierarchy, and has a complete
picture from it's own perspective.
• When a router using a Link State protocol, such a OSPF (Open Shortest Path First)
knows about a change on the network, it will multicast this change instantly.
• Therefore flooding the network with this information.
• The information routers require to build their databases is provided in the form of Link
State advertisement packets (LSAP).
• Routers do not advertise their entire routing tables, instead each router advertises
only its information regarding immediately adjacent routers.

• Thus Link State protocols in comparison to Distance Vector protocols have:

– Big memory requirements
– Shortest path computations require many CPU circles
– If network is stable little bandwidth is used; react quickly to topology changes
– Announcements cannot be “filtered”. All items in the database must be sent to
neighbors
– All neighbors must be trusted
– Authentication mechanisms can be used to avoid undesired adjacencies
– No split horizon techniques are possible
• Even though Link State protocols work more efficiently, problem can
arise.
• Usually problems occur cause of changes in the network topology
(links go up-down), and all routers don't get updated immediately
because they might be on different line speeds, therefore, routers
connected via a fast link will receive these changes faster than the
others on a slower link.
• Different techniques have been developed to deal with these
problem and these are :
• 1) Dampen update frequency
• 2) Target link-state updates to multicast
• 3) Use link-state area hierarchy for topology
• 4) Exchange route summaries at area borders
• 5) Use Time-stamps Update numbering & counters
• 6) Manage partitions using a area hierarchy
• Open Shortest Path First (OSPF) Routing Protocol
• Open Shortest Path First (OSPF) is a routing protocol developed for Internet
Protocol (IP) networks by the interior gateway protocol (IGP) working group
of the Internet Engineering Task Force (IETF).
• Similar to the Interior Gateway Routing Protocol (IGRP), OSPF was created
because in the mid-1980s, the Routing Information Protocol (RIP) was
increasingly unable to serve large, heterogeneous internetworks.
• OSPF is a classless routing protocol, which means that in its updates, it
includes the subnet of each route it knows about, thus, enabling variable-
length subnet masks.
• With variable-length subnet masks, an IP network can be broken into many
subnets of various sizes.
• This provides network administrators with extra network-configuration
flexibility.
• These updates are multicasts at specific addresses (224.0.0.5 and
224.0.0.6).
• OSPF has two primary characteristics:
• 1) The protocol is open (non proprietary), which means that its
specification is in the public domain.
• 2) The second principal characteristic is that OSPF is based on the
SPF algorithm,.
• OSPF is a Link State routing protocol that calls for the sending of
link-state advertisements (LSAs) to all other routers within the same
hierarchical area.
• Information on attached interfaces, metrics used, and other
variables is included in OSPF LSAs.
• As OSPF routers accumulate link-state information, they use the
SPF algorithm to calculate the shortest path to each node.
• OSPF supports one or more metrics
• Hybrid Routing Protocols
• Hybrid routing protocols are something in between Distance Vector
and Link State routing protocols. Type - EIGRP
– Enhanced Interior Gateway Routing Protocol - EIGRP
• Enhanced Interior Gateway Routing Protocol (EIGRP) is another
Cisco proprietary, hybrid (has feature of Distance Vector and Link
State protocols), interior gateway protocol (IGP) used by routers to
exchange routing information.
• EIGRP uses a composite metric composed of Bandwidth, Delay,
Reliability, and Loading to determine the best path between two
locations.
• EIGRP can route IP, IPX and Appletalk.
• Along with IS-IS, it is one of the few multi-protocol routing protocols.
• The Diffusing Update Algorithm (DUAL) is the heart of EIGRP.
• In essence, DUAL always keeps a backup route in mind, in case the primary
route goes down.
• DUAL also limits how many routers are affected when a change occurs to
the network.
• There is no maximum allowable number of hops.
• In a EIGRP network, each router multi-casts "hello" packs to discover its
adjacent neighbor.
• This adjacency database is shared with other router to build a topology
database.
• From the topology database the best route (Successor) and the second best
route (Feasible Successor) is found.
• EIGRP is classless, meaning it does include the subnet mask in routing
updates.
• However, by default 'auto-summary' is enable.
• The EIGRP metric can be a complex calculation, but by default it only uses
bandwidth and delay to determine the best path.
• What is Subnetting ?
• When we Subnet a network, we basically split it into
smaller networks.
• For example, when a set of IP Addresses is given to a
company, e.g 254 they might want to "break" (the correct
term is "partition") that one network into smaller ones,
one for each department.
• This way, their Technical department and Management
department can each have a small network of their own.
• By subnetting the network we can partition it to as many
smaller networks as we need and this also helps reduce
traffic and hides the complexity of the network.
 CONGESTION & CONGESTION CONTROL

• When too many packets are present in the subnet or (part of

subnet), performance degrades
• This situation is known as CONGESTION
• When the number of packets dumped into the subnet by the hosts is
within its carrying capacity, they are all delivered (except a few lost,
due to transmission error) and the number delivered is proportional
to the number sent.
• However, as traffic increases too far, the routers are no longer able
to cope, and they begin losing packets.
• At very high traffic, performance collapses completely and almost no
packets are delivered.
• Congestion is due to several reasons :
– If on incoming lines all of sudden packets start arriving and only
one o/p line is available
– Slow processors – As processor needs to perform tasks like
( queuing buffers, updating tables, etc) queue can build up even
o/p lines are more.
– Low bandwidth
– It is said that if memory size is more, congestion can be avoided,
but it is found otherwise.
ie. If router has infinite memory, due to queue packets are
approaching at the front of router might have time out and so
retransmission, this cause even worse situation.
 CONGESTION CONTROL

• GENERAL PRINCIPLES:
• There are two general principles for controlling congestion:
– OPEN LOOP
– CLOSED LOOP
OPEN LOOP : problem solving by good design, to ensure that it
should not occur, when to accept new packets, when to discard,
making scheduling decisions, etc.
No midcourse correction i.e. when happens no correction.
CLOSED LOOP :
- Monitor the system to detect when and where congestion occurs
- Pass this information to places where action can be taken
- Adjust system operation to correct the problem.
• For Monitoring :
– Percentage of all packets discarded for lack of buffers
– The average queue lengths
– The no. of packets that time out and retransmitted
– The average packet delay
– Standard deviation of packet delay
To pass Information :
- Router detected this information is to be passed to source(s)
- However, this extra packets increase the load.
- But other possibilities, a bit or a field is reserved in every packet for
routers to fill in whenever congestion gets above some threshold level
THAT IS idea is that knowledge of this information cause a preventing
action to be taken by source.
• CONGESTION CONTROL ALGORITHM :
• Many algorithms have been developed to control the congestion.
• However, they have been classified as :
– Open or Closed Loop
– In Open Loop whether acts at Source Vs Destination
– In Closed loop Explicit Feedback or Implicit Feedback
– In Explicit FB the packets are sent back to warn the source
– In Implicit FB the source deduces the existence of congestion
by making local observation i.e. time needed for
acknowledgement to come back.
• TRAFFIC SHAPING :
• One main reason of congestion is that Traffic is often bursty.
• Such situation can be overcome as is done in ATM networks, that is
by forcing the packets to be transmitted at a more predictable rate.
• This approach is known as TRAFFIC SHAPING (used in ATM)
• The traffic shaping is about regulating the average Rate of Data
Transmission.
• Traffic shaping reduces congestion and thus helps the carrier live up
to its promise
• Monitoring a traffic flow is called “TRAFFIC POLICING”
• Traffic shaping is most effective when the sender, receiver, and
subnet all agree to it.
• To get agreement, it is necessary to specify the traffic pattern in a
precise way.
• Such an agreement is called a ‘Flow Specification’
• It consists of a data structure that describes both the pattern of the
injected traffic and the quality of service desired by the applications.

Ex - Characteristics of Input Service Desired

Maximum Pkt size (bytes) Loss Sensitivity (bytes)
Token bucket rate (bytes/sec) Loss Interval (microsec)
Token bucket size(bytes) Burst Loss Sensitivity (pkts)
Max Transmission Rate(b/sec) Minimum delay noticed (msec)
Max delay variation
Quality of quarantee.
• THE LEAKY BUCKET ALGORITHM:
• This algorithm is based on a leaky buckets
• That is to say there is a bucket and packets are allowed to drop in
and at the o/p there is a small hole through which packets are
passed.
• Meaning that irrespective of speed of packet coming, the rate of
output is fixed.
• If more packets are flooded, beyond the capacity of bucket, they will
be discarded or thrown
• It is like that, each host is connected to the network by an interface
containing a leaky bucket, that is, a finite internal queue.
• If a packet arrives at the queue when it is full, the packet is
discarded.
• In fact, it is like a single-server queuing system with constant service
time.
• The host is allowed to put one packet per clock tick onto the
network.

• THE TOKEN BUCKET ALGORITHM:

• The leaky bucket algorithm enforces a rigid pattern at the average
rate, no matter how bursty the traffic is.
• However, in many applications, it is better to allow the o/p to speed
up somewhat when large bursts arrive, so a more flexible algorithm
is needed, perhaps one that never loses data.
• One such algorithm is the TOKEN BUCKET ALGORITHM
• In this the leaky bucket holds tokens, generated by a clock at the
rate of one token every ∂T sec.
• That is every ∂T sec one token is added.
• For a packet to be transmitted it must capture and destroy one
token
• Thus at any moment in case of bursty traffic, the no. of equal tokens
can be destroyed.

• Differences:
• Token bucket provides or allows bursty traffic equal to the size of
bucket ‘n’ whereas leaky bucket does not
• Token bucket throws away tokens if bucket is full but not packets,
as is done by leaky bucket
• Regulating in traffic flow is better in token bucket than in leaky
bucket.
• CONGESTION CONTROL IN VIRTUAL CIRCUIT:
• One technique is widely used to keep congestion that has already
started from getting worse is ADMISSION CONTROL
• The idea is “once congestion has been signaled, no more virtual
circuits are set up until the problem has gone away.
• Therefore, attempts to set up new transport layer connections fail
• An alternative approach is to allow new virtual circuits but carefully
route all new virtual circuits around problem areas
• Another strategy relating to virtual circuits is to negotiate an
agreement between the host and subnet when a virtual circuit is set
up.
• This agreement normally specifies the volume and shape of the
traffic, quality of service required and other parameters.
• LOAD SHEDDING :
• Finally routers can bring out the heavy artillery : if all these methods
fail (Load Shedding)
• Load Shedding is ‘When routers are being inundated by packets
that they cannot handle, they just throw them away.
• A router drowning in packets can just pick packets at random to
drop, but usually depends upon application running
• Also identifying about the importance and priority of the packets.
• RSVP ( Resource reSerVation Protocol):
• CONGESTION CONTROL FOR MULTICAST
• All those discussed algorithm we have seen can handle congestion
that deal with messages from a single source to a single destination.
• But for managing multicast i.e. signals for multiple destinations and
even from multiple sources we need different technique
• One is RSVP
• It allows multiple senders to transmit to multiple groups of receivers,
permits individual receivers to switch channels freely, and optimizes
bandwidth use while at the same time eliminating congestion.
• It is the simplest form.
• The protocol uses multicast routing using Spanning Trees.
• Every network application has a basic set of requirements that the
network must meet to deliver the traffic generated by this application
in a usable form.
• These conditions, which center on bandwidth and delay
characteristics, are described as quality of service requirements.
• RSVP is a network control protocol that will allow Internet
applications to obtain special qualities-of-service (QoS's) for their
data flows.
• When an application in a host (end system) requests a specific QoS
for its data stream, RSVP carries the request through the network,
visiting each node (router or host) the network uses to carry the
stream.
• At each node, RSVP attempts to make a resource reservation for
the stream and to maintain it's state to provide the requested
service.
• The key assumption of RSVP is that resource reservation will be
needed mostly for multicast applications such as high-speed video
transmission. 
• These applications have some peculiar characteristics, like a large
number of receivers who may be experiencing very different
transmission conditions and who also belong to different domains.
• RSVP is intended to add determinism to connectionless information
flows.
• By doing so, it would enable packet-based multimedia to deliver
acceptable levels of video, audio, and real-time data quality .
• RSVP solves the resource reservation problem, leaving solutions to
other parts to the following:
• IP Datagram Transport
• IP Routing
• Internet Group Management Protocol
• Multicast Routing
• A host uses RSVP to request a specific Quality of Service (QoS)
from the network, on behalf of an application data stream.
• RSVP carries the request through the network, visiting each node
the network uses to carry the stream.
• At each node, RSVP attempts to make a resource reservation for
the stream.
• To make a resource reservation at a node, the RSVP daemon
communicates with two local decision modules, admission control
and policy control.
• Admission control determines whether the node has sufficient
available resources to supply the requested QoS
• Policy control determines whether the user has
administrative permission to make the reservation.
• If either check fails, the RSVP program returns an error notification
to the application process that originated the request.
• If both checks succeed, the RSVP daemon sets parameters in a
packet classifier and packet scheduler to obtain the desired QoS.
• The packet classifier determines the QoS class for each packet and
the scheduler orders packet transmission to achieve the promised
QoS for each stream.
• A primary feature of RSVP is its scalability.
• RSVP scales to very large multicast groups because it uses
receiver-oriented reservation requests that merge as they progress
up the multicast tree.
• The reservation for a single receiver does not need to travel to the
source of a multicast tree; rather it travels only until it reaches a
reserved branch of the tree.
• While the RSVP protocol is designed specifically for multicast
applications, it may also make unicast reservations.
• RSVP is also designed to utilize the robustness of current Internet
routing algorithms.
• RSVP does not perform its own routing; instead it uses underlying
routing protocols to determine where it should carry reservation
requests.
• As routing changes paths to adapt to topology changes, RSVP adapts
its reservation to the new paths wherever reservations are in place.
• This modularity does not rule out RSVP from using other routing
services.
• Current research within the RSVP project is focusing on designing
RSVP to use routing services that provide alternate paths and fixed
paths.
• RSVP runs over IP, both IPv4 and IPv6.
• Among RSVP's other features, it provides opaque transport of traffic
control and policy control messages, and provides transparent
operation through non-supporting regions.
 INTERNETWORKING

• So far, we have assumed that there is a single homogeneous

network, with each machine using the same protocol in each layer.
i.e. We have Open System Networking environments comprising a
single type of network ( LANs or WANs)
• But there are many different networks exist, including LAN, MAN,
WAN; Numerous protocols are in widespread use in every layer i.e.
there are networking environments that comprise an interconnected
set of networks.
• For example, Distributed community of LANs, each located in a
different university and interconnected through a country wide WAN.
• Another example – an interconnected set of WANs that enables
programs in a distributed community of bank computers to carry out
funds transfers and other transactions.
• Thus when two or more networks are involved in an application, we
normally refer to the mode of working between systems as
INTERNETWORKING.
• That is to refer a Composite Network (LAN/WAN/LAN)
• It is believed that a variety of different networks (and thus protocols)
will always be around. The reasons for this may be :
– Installed base of different networks is large and growing (nearly all UNIX
run TCP/IP), many large business still have mainframe running SNA,
DEC still developing DECnet, PC LANs often use NOVELL NCP/IPX
and AppleTalk etc)
– Since computers and networks getting cheaper, it is possible for
different departments in an organization to have different LANs, for
example – Account Dept may install ETHERNET, Engineering dept –
may install TOKEN BUS, personnel may install a TOKEN RING
– The third reason may be as ATM & Wireless have different technology
may use new hardware, software and so on.
Thus in coming years it is possible for telephone, the TV, and other
appliances all to be networked together, so they can be controlled
remotely and so this new technology will bring new protocol

THE NETWORK DIFFERENCES :

The network can differ in many ways :
Service offered - Connection oriented Vs Connectionless
protocols - IP, IPX, CLNP, AppleTalk, DECnet etc
Addressing - Flat 802 Vs Hierarchical (IP)
Multicasting - Present or Absent
Packet Size - Every network has its own max.
– Quality of Service - Many different kinds
– Error handling - Reliable, Ordered, Unordered delivery
– Congestion Control - Leaky bucket, Choke packets etc
– Security - Privacy rules, encryption etc.
– Parameters - Different timeouts, flow specification

IP ADDRESSING
* Every Host and Router on the Internet has an IP address, which encodes
its network number and host number.
* The combination is unique, no two machines have the same IP address.
* All IP addresses are 32-bits long and are used in Source Address &
Destination Address fields of IP packets.
 FORMATS
32 Bits
Class
8 bits 8 bits 8 bits 8 bits

A 0 Netid Hostid

B 10 Netid Hostid
C 110 Netid Hostid
D 1110 Multicast Address
E 11110 Reserved for future use
• Range of Host Address :
– Class A - 1.0.0.0 to 127.255.255.255
– Class B - 128.0.0.0 to 191.255.255.255
– Class C - 192.0.0.0 to 223.255.255.255
– Class D - 224.0.0.0 to 239.255.255.255
– Class E - 240.0.0.0 to 247.255.255.255

-Class A allows upto 126 (7-bit) networks with 16 millions (24-bits) host
each
-Class B allows upto 16,382 Networks with upto 64 K hosts each
-Class C allows upto 2 million networks ( LANs) with upto 254 hosts each
-Class D in which a datagram is directed to multiple hosts MULTICAST
-And addresses beginning with 11110 are reserved for future use but
already exhausted
• Tens of thousands of networks are now connected to the
INTERNET, and number doubles every year
• Network numbers are assigned by the NIC ( Network Information
Centre) to avoid conflicts.
• Usually network addresses are written in DOTTED DECIMAL
NOTATION i.e. from 0 to 255 in decimal.
• The lowest IP address is 0.0.0.0 and highest 255.255.255.255
• In addition to this some special IP addresses are : -
– Example - 1’s in all the field indicate broadcast on the local network
– 127.xx.yy.zz are reserved for loop back testing

They are used for debugging network software.

• SUBNET
• As we have seen that all the hosts in a network must have the same
network number
• But this causes problem as network grows
• Lets say a company starts with Class C network and as time goes
on it might acquire more than 254 machines and thus need second
Class C address.
• Everytime a new network is installed, the system administrator has
to contact NIC to get a new network number
• Then this number must be announced worldwide
• The solution to this problem is to allow a network to be split into
several parts for internal use but still act like a single network to the
outside world.
• This is called SUBNET.
• That is to say a 16 bit is used for Host, so leaving network address
as it is the host address can be splitted into a 6-bit SUBNET number
and 10-bit host number
• This will allow 62 LANs ( 0 and 1 reserved) each with 1022 hosts.

6 10
• Subnet
10 Netid Subnet Host
• Mask

one of the ways to subnet a Class B network

 INTERNET PROTOCOL(IP)

• IPv4
• Format of an IP Data Unit is known as DATAGRAM
4 8 16
Version Header Length Type of Service

Total length
Identification
Headers D M Fragment Offset
Time-to-live Protocol
Header Checksum
Source IP Address
Destination IP Address
Option
Data <= 65536 Octets
• The Version : Field contains the version of IP used, currently
version 4 IPv4 is used
• Header : The header length specifies the actual length of the
datagram in multiples of 32-bit words
• Type of Service : Same as QoS in OSI
– Bit 9 10 11 - Precedence - Priority ( 0 – 7 )
– Bit 12 – D - Low Delay
– Bit 13 – T - High Throughput
– Bit 14 - R – High Reliability
– Bit 15,16 - Unused

Total Length : Total length of datagram including header and user

data parts. The max is 65536 bytes
• Identification : To identify different datagrams to the same user
message
• Flag Bits : D bit – Don’t Fragment – Network should be chosen that can
handle the datagram as a single entity rather than multiple smaller
datagrams called – FRAGMENTS
– M bit – More Fragments – Used during the reassembly.
Fragment Offset : Indicates position of the (data) contents of the datagram
in relation to the initial user data message.
Time-to-Live : Defines max. time for which a datagram can be in transit
across the internet.
*The value in second is set by source IP and decremented by each
gateway by a defined amount.
* When it becomes zero, datagram is discarded.
* This allows the destination IP to wait a known max time for a datagram
fragment during the reassembly.
• Protocol : More than one protocol is associated with the TCP/IP
suite.
– This field is used to enable the destination IP to pass the datagram to
the required protocol
Header Checksum : Safeguard against corrupted datagrams being
routed to incorrect destinations
Source & Destination Address : IP address of source and
destination
Options : Used in selected datagrams to carry additional
information relating to – security, source routing, route recording,
stream identification (type of data), timestamp (by gateway at
which datagram processed)
• Protocol Function:
• The IP provides a number of core functions and associated
procedures to carry out the various functions that are necessary
when interworking across dissimilar networks
• Few Important are:
– Routing
– Fragmentation and Reassembly
– Error Reporting

Fragmentation and Reassembly : As size of user data can be upto

64 K or 65536 bytes and the maximum packet size associated
with different types of network are much less than this i.e. 128
octets for some X.25 packet switching network to over 8000
octets for some LANs
• Thus the data need to be fragmented or divided into smaller
datagrams
• And once fragmented, at the destination, they need to be
reassembled.
• Either the fragmentation and reassembly functions can be
performed on a per network basis :
– INTRANET FRAGMENTATION – i.e. IP in a host knows only the
maximum packet size associated with its local network
– END-TO-END(INTERNET FRAGMENTATION) BASIS – The IP
in each gateway knows only the maximum packet sizes
associated with the two networks to which it is connected.
• Error Reporting –
• When routing or reassembling datagrams within a host or gateway,
the IP may discard some datagrams
• Therefore, error must be reported back to IP in the source host
• And there are so many such error functions.
 INTERNET PROTOCOL VERSION 6 ( IPv6)

• The rapid expansion in the number of interconnected networks i.e.

internet that use 32-bit address with IPv4 need extension in near
future
• In anticipation of this, the INTERNET ENGINEERING TASK FORCE
(IETF) has embarked upon the specification of a successor to the
current IPv4 protocol
• It is called as IP Next Generation (IPng) or (IP version 6- IPv6)
• Some of the important goals for moving to a new protocol are :
– Support billions of hosts, even with inefficient address space
allocation
– Reduce the size of the Routing Tables
– Simplify the protocol, to allow routers to process packets faster
– Provide better security (authentication & privacy) than current IP
– Pay more attention to QoS particularly for real time data
– Aid multicasting by allowing scopes to be specified
– Make it possible for a host to roam without changing it address
– Allow the protocol to evolve in the future
– Permit the old and new protocols to co-exists for years
 INTERNET PROTOCOL(IPv6)

• IPv6 : Format

0 16 24 32

Version Flow Label

Basic
Payload length Next Header Hop limit
Headers
Source
Address( 128 bit)

Destination
Address (128 bit)

Possible Extension
Header(s)

Payload
• To speed up the processing of the IP datagram header, the header
of the IPv6 has been divided into two parts:
– (i) A basic header and (ii) One or more Optional Headers

The Version number : It indicates version no. ie. 6

The Flow Label : This field enable a source to indicate the type of
information in the data – known as PAYLOAD Field
Ex - This may be speech samples and video frames etc.
The Payload Length : This indicates the number of octets in the payload
field following the header
- The default max. is 64 K octets
- But large values can be used by setting this field to zero and including
an extension field with the actual value within it.
- Additional (header) information is carried in separate extension
headers.
• The Next Header –
– This field identifies number of such headers
• The Hop Limit –
– This is used to prevent a datagram continuously circulating in a loop
– the value in this field is decremented by one by each gateway visited
and, if it falls to zero before reaching its intended destination, then the
datagram is discarded.
The Source & Destination Address : Both are 128-bit address
-To reduce the size of the routing tables held by the exterior gateways
connected to the backbone core network, a new higher-order address
that is in addition to netid and subnetid – has been introduced.
- This is known as CLUSTER ADDRESS & is used to identify the
topological region in which the network and hence host is located
• The Extension Header currently defined include the following –
– Hop-by-Hoe header – Is used to carry information that must be
examined by the gateways visited along a route.
– End-To-End Header – is used to carry information that is examined only
by the intended destination
– Routing Header – This is present when source routing is used.
• It contains a list of the addresses of the gateways that are along the
intended route.
• The destination address in the basic header is then changed as the
datagram is routed from one gateway to the next.
Fragment Header – This is required only if the course data is larger
than the max. Message transfer unit of any of the networks along
the route to the intended destination.
– Authentication Header – Authentication is used to ensure a
source cannot later repudiated that it sent some information
• Hence when present, the filed in the authentication header
are used to authenticate the source of the datagram

- Privacy Header – This is present when the data to be

transferred is to be made secure during its passage across
the internet.
- The data is first encrypted by source and is then sent in the
data protion of this header.
 THE TRANSPORT LAYER

• It provides Reliable, Efficient, Cost-effective Data Transport from the

source machine to the destination machine.
• The hardware and/or software within the transport layer that does
the work is called “Transport Entity”
• Another way of looking at the transport layer is to regard its primary
function as enhancing the Quality Of Service (QoS) provided by the
network layer.
• Few possible QoS parameters are :
– CONNECTION ESTABLISHMENT DELAY : The delay between
transport connection requested and confirmation received.
– CONNECTION ESTABLISHMENT FAILURE PROPERTY : The chance
of a connection not being established within the maximum
establishment delay time.
– THE THROUGHPUT : No. of bytes of user data transferred per second.
– THE TRANSIT DELAY : Delay or time between a message being sent
by the transport user on the source machine and its being received by
the transport user on the destination machine.
– THE RESIDAUL ERROR RATIO : No. of lost or garbled message as a
fraction of the total sent.
– THE PROTECTION : A way for transport user to specify interest in
having the transport layer provide protection against unauthorized third
parties reading or modifying and transmitted data.
– THE PRIORITY : A way to indicate that some of its connections are
more important than other ones
– RESILENCE : Probability of the transport layer itself spontaneously
terminating a connection due to internal problems or congestion.
THE QoS parameters are specified by the transport user when a
connection is requested.
• Differences between Transport layer and Data Link layer:
• As we know, in some ways transport protocols resemble the data
link protocol, as both have to deal with error control, sequencing and
flow control among other issues.
• However, there are differences :
– In the transport layer initial connection establishment is more
complicated than data link as data link directly deals with physical
channel connection
– It is not necessary for a router to specify which router it wants to talk to
each outgoing line uniquely specifies a particular router.
In transport layer, explicit addressing of destinations is required.
- In the transport layer, the existence of storage capacity in the subnet is
more than data link -so sometimes some pkt may go into hiding in some
corner and come later at inappropriate moment after 30 sec ( say)
– Buffering and flow control are needed in both layers, but
presence of a large and dynamically varying number of
connections in the transport layer may require a different
approach than we used in the data link layer.
 THE INTERNET TRANSPORT PROTOCOLS( TCP & UDP)

• TCP - Transmission Control Protocol

• The Internet has two main protocols in the Transport layer,
CONNECTION ORIENTED PROTOCOL AND CONNECTIONLESS
ONE
• TCP is one of the two protocols used at the Transport layer and is
used to transport (move) data from one host to another.
• What makes TCP so popular is the way it works in order to send
and receive data.
• Unlike UDP, TCP will check for errors in every packet it receives to
avoid data corruption.
• The main characteristics of this wonderful protocol.
– Reliable Transport
• It's a reliable transport because of the different techniques it uses to
ensure that the data received is error free.
• TCP is a robust protocol used for file transfers where data error is
no option.
• Connection Oriented
• What this basically means is that a connection is established
between the two hosts (computers) before any data is transferred
• This is where the famous 3-way handshake happens.
• Flow Control
• This is how the flow of data is controlled.
• Once the data transfer has started, the flow of data between the two hosts is
not constant but varies and sometimes stops for a few seconds when one of
the two hosts is busy doing other tasks as well.
• Windowing
• Data throughput (the transfer efficiency) would be low if the
transmitting machine had to wait for an acknowledgment after
sending each packet of data (segment).
• Because there is time available after the sender transmits the data
segment and before it finishes processing acknowledgments from
the receiving machine, the sender uses the break to transmit more
data.
• If we wanted to define Windowing then it would be the quantity of
data segments (in plain English, the amount of times transmitting is
allowed) the transmitting machine is allowed to send without
receiving an acknowledgment for them.
• Windowing controls how much information is transferred from one
end to the other.
• While some protocols quantify information by observing the number
of packets, TCP/IP measures it by counting the number of bytes.
• Acknowledgments
• Reliable data delivery ensures the integrity of a stream of data sent from one machine
to the other through a fully functional data link.
• This guarantees the data won't be duplicated or lost.
• The method that achieves this is known as positive acknowledgment with
retransmission.
• This technique requires a receiving machine to communicate with the transmitting
source by sending an acknowledgment message back to the sender when it receives
data.
• The sender documents each segment it sends and waits for this acknowledgment
before sending the next segment.
• When it sends a segment, the transmitting machine starts a timer and retransmits if it
expires before an acknowledgment is returned from the receiving end.
• More Overhead
• More overhead when using TCP in order to get the data transferred without errors.
Everything comes with a downside and this is TCP's.
• But since everyone has fast connections to the Internet, it really doesn't make that
much of a performance impact.
•
• UDP - User Datagram Protocol
• The second protocol used at the Transport layer is UDP.
• Application developers can use UDP in place of TCP.
• UDP is the scaled-down economy model and is considered a thin protocol.
• Like a thin person in a car, a thin protocol doesn't take up a lot of room - or
in this case, much bandwidth on a network.
• UDP as mentioned doesn't offer all the bells and whistles of TCP, but it does
a fabulous job of transporting information that doesn't require reliable
delivery and it does so using far fewer network resources.
– Unreliable Transport
• UDP is considered to be an unreliable transport protocol.
• When UDP sends segments over a network, it just sends them and forgets
about them.
• It doesn't follow through, check on them, or even allow for an
acknowledgment of safe arrival,
• This does not mean that UDP is ineffective, only that it doesn't handle
issues of reliability.
• Connection-less Oriented
• TCP, is a connection oriented protocol, but UDP isn't.
• This is because UDP doesn't create a virtual circuit (establish a
connection before data transfer), nor does it contact the destination
before delivering information to it.
• No 3-way handshake or anything like that here!
• Since UDP assumes that the application will use its own reliability
method, it doesn't use any, which obviously makes things transfer
faster.
• Less Overhead
• The very low overhead, compared to TCP, is a result of the lack of
windowing or acknowledgments.
• This certainly speeds things up but you get an unreliable (in
comparison to TCP) service.
 APPLICATION SUPPORT PROTOCOL

• Application Protocol in OSI interact through the protocol entities

associated with the intermediate session and presentation layers,
where as, in TCP/IP suite, they interact directly with the transport
layer protocols.
• The following figure shows the different points in layers.
• The application layer consists of two sets of protocols, each of
which is known as an Application Service Element (ASE)
 Application support protocol in OSI

Application Process
• Appln Specific
service
ASE ASE ASE
• Common appln
Service element ACSE ROSE RTSE CCR

• Appln Service PSAP

Protocols
Presentation Entity

SSAP

Session Entity

TSAP
Network Independent Msg
• ASE - Application Service Element
• ACSE - Association Control Service Element
• ROSE – Remote Operation Service Element
• RTSE – Reliable Transport Service Element
• CCR – Concurrency Control Recovery
• PSAP – Presentation Service Access Point
• TSAP – Transport Service Access Point
• SSAP - Session Service Access Point

• ASE performs specific application functions while other performs

more general support functions which are also known as common
application service elements (CASEs)
• The SESSION LAYER is included in the OSI primarily to minimize
the effects of Network failures during an application transaction
• If a network failure occurs toward the end of transfer then the
complete transfer or multiple such transfers may have to be
repeated
• The session layer provides services to reduce the effect of such
failures
• The session layer allows an application protocol entity through the
services offered by the presentation layer, to do the following –
– Establish a logical communication path ( Session Connection)
with another application entity, use it to exchange data (dialog
units), and release the connection in an orderly way.
– Establish synchronization points during a dialog and, in the
event of errors, resume the dialog from an agreed
synchronization point
– Interrupt (suspend) a dialog and resume it later at a prearranged
point.
– Be informed of certain exceptions that may arise from the
underlying network during a session
• PRESENTATION LAYER
• The presentation layer concerned with the representation (syntax)
of the data in the message associated with an application during its
transfer between two application processes.
• The aim of the layer is to ensure that the message exchanged
between two application processes have a common meaning –
known as SHARED SEMANTICS to both processes.
• Actually, as we have a number of types of computers, which use
different data representations and different high level language may
be used for an application
• Even data representation is same but machine representation may
be different. For example, some machine may use 16-bit , some 32-
bit to represent an integer type, the position of sign bit, character
types & so on differ in different machine.
• The representation of the different types are thus said to be in an
ABSTRACT SYNTAX form.
• The effect of this is that we can’t pass such records from one
computer to another, but we have to ensure that the receiving
computer should know the syntax of the data, and if this is different
from its local syntax, convert the data into this syntax prior to
processing
• ISO has defined a general abstract syntax that is suitable for the
definition of data types associated with most distributed
applications.
• It is known as ABSTRACT SYNTAX NOTATION NUMBER ONE
(ASN.1)
• Thus we have ASN.1 compiler for a number of language.
• Example, if two application processes are to be written, one in C and other
in Pascal, the ASN.1 type definition are first processed by each compiler
• Their output is the equivalent data type definitions in the appropriate
language together with a set of ENCODING AND DECODING
procedures/functions for each data type.
• Although a data element in ASN.1 is defined to be of a specified type, it
does not necessarily have a fixed syntax.
• Thus various data elements making up a PDU (protocol data unit) are of the
same (abstract) type, their structure (syntax) may be different.
• Thus encoding is used which converts each field in a PDU, which has been
defined in ASN.1 form, into a corresponding concreter syntax form so that
the exchanged PDU has a common meaning for two application entities.
• At the receiving end the corresponding Decoding must be done.
 DATA ENCRYPTION

• When a transmission is intercepted by any third party intentionally,

that is known as EAVESDROPPING
• Sometimes an intruder can use a recorded message sequence to
generate new sequence, known as MASQUERADING
• In any way, the effect is obvious
• To overcome data that is to be sent is ENCRYPTED and in most
general form Encryption involves ‘ Encryption key’ which is
hopefully known only by the two correspondents.
• Prior to encryption, message data is normally referred to as
PLAINTEXT and after encryption as CIPHERTEXT
• (however, the deciphering should not be too tedious)
• BASIC TECHNIQUES:
– SUBSTITUION CIPHER - The simplest encryption technique involves
substituting the plaintext alphabet (codeword) with a new alphabet
known as the ciphertext alphabet
– For example, a ciphertext alphabet can be defined which is the plaintext
alphabet simply shifted by n places where n is key.
– Hence if the key is 3, the resulting alphabet is –
– Plaintext alphabet : a b c d e f g ……….
– Ciphetext alphabet: d e f g h I j ………
– i.e. each letter of plaintext alphabet is replaced by the equivalent letter in
the ciphertext alphabet.
– This involves replacing each character with a different character, so the
order of the characters in the plaintext is preserved in the ciphertext.
• TRANSPOSTION
• Another approach could be Reorder the characters in the plaintext.
• That is cipher is keyed by a word or phrase not containing any
repeated letters
• Let us say a word MEGABUCK is the key
• The purpose of the key is to number the columns, column 1 being
under the key letter closest to the start of the alphabet, and so on.
• The plaintext is written horizontally, in rows and the ciphertext is
read out by columns starting with the column whose key letter is the
lowest.( as shown below)
• To break this cryptanalyst must first be aware that he is dealing with
a transposition cipher
• Example –
• M E G A B U C K
• 7 4 5 1 2 8 3 6 plaintext-
• p l e a s e t r pleasetransferonemillion
• a n s f e r o n dollarstomyswissbankac
• e m i l l i o n countsixtwotwo
• d o l l a r s t
• p m y s w i s s ciphertext-
• b a n k a c c o AFLLSKSOSELAWAIA
• u n t s i x t w TOOSSCTCLNMOMANT
• o t w o a b c d ESILYNTWRNNTSOWD
• PAEDOBUOERIRICXB
• Transposition and Substitution can be implemented with simple
circuits as shown:
• P-box – Permutation
• S-box – Substitution
• p-box Key - 4782356
• By appropriate internal wiring, a p-box can be made to perform any
transposition, and at faster speed.
• However, a cascade of P-box and S-box can be formed to have a
PRODUCT CIPHER (as shown)

• x S-box y
P-box

2 4
• A to To
4 2
De En
• B Co Co
De De
R R
Key 2413
•
• A B x y A B
• 0 0 1000 0100 0 1
• 0 1 0100 0001 0 0
• 1 0 0010 1000 1 1
• 1 1 0001 0010 1 0
• An example of Product cipher is DES ( Data Encryption Standard)
as shown :
• The DES performs a series of bit permutation, substitution, and
recombination operations on blocks containing 64 bits of data and
56 bits of key (eight 7-bit characters).
• The 64 bits of input are permuted initially, and are then input to a
function using static tables of permutations and substitutions (called
S-boxes).
• The bits are permuted in combination with 48 bits of the key in each
round.
• This process is iterated 16 times (rounds), each time with a different
set of tables and different bits from the key.
• The algorithm then performs a final permutation, and 64 bits of
output are provided.
• The algorithm is structured in such a way that changing any bit in
the input has a major effect on almost all of the output bits.
• Indeed, the output of the DES function appears so unrelated to its
input that the function is sometimes used as a random number
generator.
• The plaintext is encrypted in blocks of 64 bits, yielding 64 bits of
ciphertext.
• It has 19 different stages
• The first stage is the key independent transposition
• The stage prior to the last one exchanges the leftmost 32 bits with
the right most 32 bits
• The remaining 16 stages are functionally identical bit are
parameterized by different functions of the key.
• General Outline: 64-bit plaintext
Initial Transposition

56 bit key Iteration 1

Key
Generator Iteration 16

32 bit swap
16 subkeys
each of 48
bits
Inverse transposition

64 bit ciphertext
• The operation of one intermediate stage can be described as:

L i-1 R i-1

L i-1 (+) f (Ri-1, Kj)

32 bits Ri
32 bits Li
• Each stage takes two 32 bit inputs and produces two 32 bit outputs
• The left output is simply a copy of the right input
• The right output is the bitwise EXCLUSIVE OR of the left input and a
function of the right input and the key for this stage, Ki
• This functions are performed in 4 steps:
– A 48 bit number, E is constructed by expanding the 32 bit R i-1
according to a fixed transposition and duplication rule.
– Second E and Ki are Exclusive ORed together
– This output is then partitioned into eight groups of 6 bits each, each of
which is fed into a different S-box
– Each of the 64 possible inputs to an S-box is mapped onto a 4-bit output
– Finally, 8 x 4 bits are passed through a p-box
– In each of the 16 iterations, a different key is used
• Before the algorithm starts, a 56bit transposition is applied to the
key.

• There is a drawback, since we need different keys and the new keys
cannot be reliably sent via the network
• Thus some alternative means, as Courier may be used
• That is distribution of keys is a major problem with private key
encryption systems
• An alternative approach based on a public key rather than a private
key, is sometimes used to overcome this problem
• The best known public key method is RSA algorithm, named after
three inventors : Rivest, Shamir, and Adelman
• The RSA Algorithm:
• RSA is the most widely known algorithm for performing public key
cryptography
• The fundamental difference between a private key system and a public key
system is that the later uses a different key to decrypt the ciphertext from
the key that was used to encrypt it.
• A public key system uses a pair of keys one for the sender and the other for
the recipient
• The strength of RSA is based on the difficulty of factoring a very
large number.
• The RSA algorithm used number theory to develop a method of generating
a pair of numbers – the keys – in such a way that a message encrypted
using the first number of the pair can be decrypted only by the second
number.
• Furthermore, the second number cannot be derived from the first.
• That is to say, the first number can be made available to anyone
who wishes to send an encrypted message to the holder of the
second number since only that person can decrypt the resulting
ciphertext message
• The first number of the pair is known as the PUBLIC KEY and the
second the PRIVATE or SECRET KEY
• The algorithm to compute the two keys are as given:
• To create public key Kp :
• Example
– Select two large positive prime numbers P = 7, Q = 17
P and Q
– Compute X = ( P – 1) * ( Q – 1) X = 96
– Choose an integer E which is prime E =5
relative to X, i.e. not a prime factor of
X or a multiple of it, and which satisfies
the condition indicated below for the
computation of Ks
- Compute N = P * Q N = 119
- Kp is then N concatenated with E Kp = 119,5
• To create the secret key Ks :

– Compute D such that MOD(D*E,X) = 1 D * 5/96 = 1 D = 77

– Ks is then N concatenated with D Ks = 119, 77

To Compute the Ciphertext C of Plaintext P:

- Treat P as a numerical value P = 19

- C = MOD(PE, N) C = MOD(19 5, 119)
C = 66
To compute the Plaintext P of Ciphertext C:
- P = MOD( CD, N) P = MOD (6677, 119)
P = 19
• The choice of E and D is best seen by considering the factors of 96.
• These are 1, 2, 3, 4, 6, 8, 12, 16, 24, 32, 48
• The list of numbers which are prime relative to 96 are thus 5, 7, 11
etc
• If we try first of these, E = 5, then there is also a number D = 77
which satisfies the condition MOD (D *E, X) = 1, and hence these
are chosen
• That is to say, the crucial number associated with this algorithm are
the two prime numbers P & Q, which are kept secret
• The aim is to choose a sufficiently large N so that it is impossible to
factorize it in a realistic time.
• For example, computer factorizing times are :

• N = 100 digits ≈ 1 Week

• N = 150 digits ≈ 1000 years
• N > 200 digits ≈ 1 million years.

• RSA algorithm requires considerable computation time to compute

the exponential for both encryption and decryption operations
• However, exponential can be computed by repeative multiplication:
• C=1
• begin for i = 1 to E do
• c = MOD(c * p, N)
• end
• An Example of RSA
• P = 61 <- first prime number (destroy this after
computing E and D)
• Q = 53 <- second prime number (destroy this
after computing E and D)
• PQ = 3233 <- modulus (give this to others)
• E = 17 <- public exponent (give this to others)
• D = 2753 <- private exponent (keep this secret!)
• Your public key is (E,PQ).
• Your private key is D.
• The encryption function is:
• encrypt(T) = (T^E) mod PQ = (T^17) mod 3233
• The decryption function is:
• decrypt(C) = (C^D) mod PQ = (C^2753) mod 3233
• To encrypt the plaintext value 123, do this:
• encrypt(123) = (123^17) mod 3233 =
337587917446653715596592958817679803
mod 3233 = 855
• To decrypt the ciphertext value 855, do this:
decrypt(855) = (855^2753) mod 3233 = 123
• Although a public key system is an alternative to a private key
system to overcome the threat of eavesdropping
• But if public key is readily available, it can be used by a
masquerader to send a forged message
• The question, is then, how the recipient be sure that it was sent by a
legitimate source?
• There are number of solution to this problem of Message
Authentication such as Digital signature ( some secret number
must be known by sender and receiver), key distribution server (use
of trusted third party to act as a key distribution server),
authentication token and so on are used.
 APPLICATION SPECIFIC PROTOCOL

• TCP/IP APPLICATION PROTOCOL

• TELNET: This enables a user to log on to the operating system of a
remote machine, to initiate the running of a program/process on that
machine.
• Once logged ON, all commands and data entered at the user
terminal- or submitted by the user application process are passed
by local operating system to the client TELNET process which then
passes them, using the reliable stream service provided by TCP, to
the correspondent server TELNET.
• The server then issues the commands on behalf of the user,
through the local operating systems, to the interactive process.
• Any data output by the interactive process is returned in the same
way for display on the client terminal or for interpretation by the user
application process.
• Two TELNET protocols communicate with each other using
commands comprising single characters or strings of characters –
that are encoded in the standard format known as a Network Virtual
Terminal (NVT)
• This character set used for commands is ASCII
• Terminal User
Interactive
Program
User AP
process

Operating System Operating System

Client Server
TELNET TELNET

TCP/IP TCP/IP

Message in NVT format

• FILE TRANSFER PROTOCOL (FTP)
• Access to a remote file server is a fundamental requirement in many
distributed applications
• In some instance a single file server may be accessed by multiple
clients, while in others multiple copies of the same file may be held
in a number of servers
• A user can list directories, create new files, obtain (read) the
contents of existing files, perform update operations on them, delete
files and so on.
• Similarly, a server FTP can respond to requests from multiple clients
concurrently
• One receipt of each request, the server FTP interacts with its local
file system to carry out the request as if it had been generated
locally.
• Terminal User
•
File server

Operating System Operating System

Client Server
FTP FTP

TCP/IP TCP/IP

Message in NVT format

• The client FTP allows a user to specify the structure of the file
involved and the type of data in the file (file structure – unstructured,
structured, random access and data types – 8bit binary, text (ASCII
and EBCDIC and variable length binary)
• The FTP server access each file from its local file system and
transfers it to the client FTP in an appropriate way according to its
defined structure
• Unstructured file – contains any type of data – binary or text
• Structured Files – contains a sequence of fixed sized records of a
defined type
• Random Access Files – comprised of records of variable size ie. As
pages and file as paged file
• In the case of compressed & block mode transfers, the two FTP
protocol entities perform check pointing to allow large files to be
transferred in a controlled way.
• SIMPLE MAIL TRANSFER PROTOCOL (SMTP)
• Electronic Mail or e-mail is probably the most widely used service
associated with computer N/Ws
• Local mail systems are available with each computers
• The SMTP manages the transfer of mail from one host computer
mail system to another
• It is not responsible for accepting mail from local users or for
distributing received mail to its intended recipients
• These are taken care by Local Mail System
• SMTP interacts with Local Mail System and not the user
• It is masked from any mail transfer local to that machine.
• Only when an item of mail is to be sent to a different machine or is
received from a remote machine is the SMTP scheduled to run.
• Terminal User
•

Operating System Operating System

Local Mail Local Mail

System System
Client Server Client Server
SMTP SMTP SMTP SMTP

TCP/IP TCP/IP

Internetwork
• The local mail system retains a mailbox for each user into which the user
can deposit or retrieve mail
• While transfer of mail the format of the mail – to ensure that it is interpreted
in the same way in each system - and the SMTP used to transfer it from
one machine to another – to be considered
• The mail format consists of a Header and a Body separated by a blank line
and lines in ASCII text.
• Each line in the header comprises a key word followed by text string with a
colon separating the two
– TO : name of recipient
– FROM: name of sender
– CC: copies to
– --
– --
– The format defined in RFC 822
• After an item of mail has been created in the standard format, the
local mail system determines from the name of recipient whether to
be deposited in local mail box or in the output queue ready for
forwarding
• To send the mail, the client SMTP first ascertains the IP address of
the destination host from the directory service known as DOMAIN
NAME SYSTEM – and then uses this with SMTP port address (25)
to initiate setting up of transport connection with server SMTP
• Transferring the mail involves the exchange of SMTP PDUs known
as commands
• Through a series of exchanged commands between client and
server SMTP mail is transferred
• The mail transfer phase is terminated when the client sends a QUIT
command and the server returns 221 command following which the
transport connection is cleared.
• MIME ( MULTIPURPOSE INTERNET MAIL EXTENSION)
• As today email does not consists only text msg written in English
and expressed in ASCII
• But we have msg in languages, in Nonlatin alphabets, without
alphabet (chinese, Japanese), audio, video (without text)
• The solution of all this is known as MIME
• Basic idea is to continue the RFC 822, but add structure of msg
body and define encoding rules for NON ASCII msg.
• Therefore, different encodings are used.
• SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP)
• The TELNET, FTP, SMTP are all concerned with providing
networkwide user application services
• However, the SNMP is concern with management of all the
communication protocols within each host and the various items of
networking equipment that provide these services i.e total
networking environment
• POSSIBILITIES
• Fault develops and service interrupts – required to resume services
with minimal delay : known as FAULT MANAGEMENT
• Performance of N/W deteriorate, may be due to increase traffic in
selected parts of N/W – immediate remedial action required –
known as PERFORMANCE MANAGEMENT
• Protocol Associated Parameter such as time-to-live, retransmission
timer required to be changed due to expansion in N/W while N/W is
still operational – known a LAYER MANAGEMENT
• Similarly, we have Name Management, Security Management,
Accounting Management function etc.
• The SNMP helps a network manager to carry out the Faulty &
Performance Management function.
• The role of the SNMP to allow the Manager Process in the manager
station to exchange management related messages with the
management processes running in the various managed elements;
HOST, GATEWAY etc.
• The management process in these elements is written to perform the
defined management functions associated with that element i.e.
receiving updated operational variables, generating and sending
faulty report etc.
• Network Manager
Manager Process MIB
SNMP
UDP
IP
N/W dependent
Protocol

Internetwork
N/W dependent N/W dependent N/W dependent
Protocol Protocol Protocol
IP IP IP
TCP UDP UDP TCP
UDP
FTP etc SNMP SNMP
SNMP FTP etc
User Management
Management User
process process Management
process process
process

HOST Gateway HOST

• Management information associated with a network/internet is kept
at the network manager station (host) in a Management Information
Base (MIB)
• This manager station can be considered as the NURVE center of
the complete network, so strict security & authentication
mechanisms are implemented.
• In large internetworks, multiple manager stations may be used, each
responsible for a particular part of the internet
• OSI Equivalent Application Protocols
• Virtual Terminal (VT) - TELNET
• MOTIS (Message Oriented Text Interchange Standard) – SMTP
• CMISE ( Common Management Information Service Element) –
• with more features -- SNMP
 DOMAIN NAME SYSTEM (SERVER) DNS

• Domain Name System (or Service or Server),

• An Internet service that translates domain names into IP addresses.
• Because domain names are alphabetic, they're easier to remember.
• The Internet however, is really based on IP addresses.
• Every time we use a domain name, therefore, a DNS service must
translate the name into the corresponding IP address.
• For example, the domain name www.example.com might translate
to 198.105.232.4.
• The DNS system is, in fact, its own network.
• If one DNS server doesn't know how to translate a particular domain
name, it asks another one, and so on, until the correct IP address is
returned.
• DNS is the Domain Name System, a set of protocols for a
distributed database that was originally designed to replace
/etc/hosts files.
• DNS is most commonly used by applications to translate domain
names of hosts to IP addresses.
• A client of the DNS is called a resolver; resolvers are typically
located in the application layer of the networking software of each
TCP/IP capable machine.
• Users typically do not interact directly with the resolver.
• Resolvers query the DNS by directing queries at name servers that
contain parts of the distributed database that is accessed by using
the DNS protocols.
• In common usage, `the DNS' usually refers just to the data in the
database.
• The domain name microsoft.com represents about a dozen IP addresses.
• Domain names are used in URLs to identify particular Web pages.
• For example, in the URL http://www.pcwebopedia.com/index.html, the domain name
is pcwebopedia.com.
• Every domain name has a suffix that indicates which top level domain (TLD) it
belongs to.
• There are only a limited number of such domains. For example:
• gov - Government agencies
• edu - Educational institutions
• org - Organizations (nonprofit)
• mil - Military
• com - commercial business
• net - Network organizations
• ca - Canada
• th - Thailand
• Because the Internet is based on IP addresses, not domain names, every Web server
requires a Domain Name System (DNS) server to translate domain names into IP
addresses.
• A domain name is a meaningful and easy-to-
remember "handle" for an Internet address.
• Because maintaining a central list of domain
name/IP address correspondences would be
impractical, the lists of domain names and IP
addresses are distributed throughout the Internet
in a hierarchy of authority.
• There is probably a DNS server within close
geographic proximity to access provider that
maps the domain names in Internet requests or
forwards them to other servers in the Internet.
• How does a DNS server work?
• The domain name system is a global network of servers that translate
host names like www.hotwired.com into numerical IP (Internet Protocol)
addresses, like 204.62.131.129, which computers on the Net use to
communicate with each other.
• Without DNS, we'd all be memorizing long numbers instead of intuitive
URLs or email addresses.
• The domain name space
• In order to understand how a DNS server works, we must be familiar
with what is called the domain name space.
• In fact, it is represented by an inverted tree that looks something like
this:
• Each node on the tree represents a domain.
• Everything below a node falls into its domain.
• One domain can be part of another domain.
• For example, the machine chichi is part of the .us domain as well as
the .com domain.
• The three letter codes are
• code meaning
• com - Commercial. Now international.
• edu - Educational.
• gov - Government.
• int - International Organisiation.
• mil - Military.
• net - Network related.
• org - Miscellaneous Organisation.
• Two letter codes
• The final two letter codes indicate the country of origin
• The two letter code us is used by some sites in the
United States of America.
• In some countries there are sub-domains indicating the
type of organisation such as ac.uk, co.uk, sch.uk in the
United Kingdom and edu.au and com.au in Australia.
• How it works
• A DNS server is just a computer that's running DNS software.
• Since most servers are Unix machines, the most popular program is
BIND (Berkeley Internet Name Domain), but software for the Mac
and the PC as well.
• DNS software is generally made up of two elements: the actual
name server, and something called a resolver.
• The name server responds to browser requests by supplying name-
to-address conversions.
• When it doesn't know the answer, the resolver will ask another
name server for the information.
• To see how it works, let's go back to the domain-name-space
inverted tree.
• When you type in a URL, your browser sends a request to the
closest name server.
• If that server has ever fielded a request for the same
host name (within a time period set by the administrator
to prevent passing old information), it will locate the
information in its cache and reply.
• If the name server is unfamiliar with the domain name,
the resolver will attempt to "solve" the problem by asking
a server farther up the tree.
• If that doesn't work, the second server will ask yet
another - until it finds one that knows.
• (When a server can supply an answer without asking
another, it's known as an authoritative server.)
• Once the information is located, it's passed back to browser.
• Usually this process occurs quickly, but occasionally it can take an
excruciatingly long time (like 15 seconds).
• In the worst cases, a dialog box appears that says the domain name
doesn't exist - even though we know damn well it does.
• This happens because the authoritative server is slow replying to
the first, and your computer gets tired of waiting so it times-out
(drops the connection).
• But if you try again, there's a good chance it will work, because the
authoritative server has had enough time to reply, and your name
server has stored the information in its cache.
 ANALYSIS, DESIGN, MODELING - NETWORK

• As system complexity is increasing with advancement in technology

and as system design incorporates multiple processors networked
together, the performance of these networks is becoming more
important to the overall system development
• When a system is being developed, it is of utmost importance that
the network selected be capable of meeting the performance
requirements of the system
• Performance prediction and evaluation of a network depend on the
system, the system’s state of development, and the objective of the
analysis being performed.
• There are many techniques or modeling technique which may be
used in performance evaluation of network system
• Few important are:
– Analytical
– Simulation
– Empirical

All these three methods can extract common quantitative

parameters
ANALYTICAL MODELING:
* Very popular, cost effective technique
• In this Queuing Model allows greater detail to be used in
describing network systems.
• Typical design parameters –
– The interarrival rate of events
– Service times of these events
– Number of servers being modeled
– System capacity
– Queuing discipline employed ( i.e. FIFO, LIFO etc)

Generally, Queuing Model provides us –

- Average Queue Lengths
- Average Waiting Time in Queue
- Utilization Statistics
- Average Response Time.
• Limitations-
• This models assume the system has reached a steady state or
equilibrium, peak or transients conditions are not modeled
• Limited to the complexity of the problems to be solved
• Without actually measuring various design parameters, it is difficult
to determine whether the characteristics of the data used will
represent the system under investigation
• SIMULATION MODELING –
• When complexity increases analytical technique does not give all
the details
• This method overcomes the drawback of peak load and transient
behavior investigation
• A number of computer languages such as GPSS, GASP,
SIMSCRIPT, etc, have been developed
• In addition to handling varying levels of complexity analytic
techniques i.e. peak loads and transient behavior can be
investigated
• By varying the design parameters, sources of performance
fluctuations can be identified.
• Limitations-
• Simulation is costly or more expensive that analytical
• Apart from understanding, analyzing and developing a network
system model, simulation software is also to be developed.

• EMPIRICAL METHODS-
• Empirical methods are the most accurate performance
determination approaches for network system as they evaluate
measured data extracted from running hardware
• The evaluation can be done both dynamically, where performance
parameters are determined and provided to the evaluator while the
network system is running or statistically, where the network is
monitored and raw data is extracted while running but the evaluation
of the data is performed after the monitoring period
• The raw data is collected during test run in which the eorkload is
controlled to determine the performance of the network, given
specific workload requirements
• A prototype design need to be developed

• Advantages-
• the evaluation is performed on an actual running network system
• There is no need to validate the system configuration of actual
network implementation
• Disadvantage-
• The cost of developing a prototype is normally beyond the budget of
most programs
• By the time the actual network system is implemented the financial
& time investments are too great to make any major design changes
 ANALYTICAL MODELING

• Analytical modeling is a mathematical representations of the system

through which the system input and output variable are related in a
closed form of expression
• In developing such model, however, certain unimportant features of
the system must be ignored
• A data communication network can be simplified as shown below
that can be viewed as basically consisting of communication
channel and processors
• The processors are usually thought of as nodes and channels as
links connecting the nodes.
• A most important performance measures of a data network is the
average delay required to deliver a packet from origin to destination.
• Data Communication Model -
• Queuing theory is the primary methodological framework for
analyzing network delay.
• The results from a single queue model can be extended to model a
network of queues
• A single queue is comprised of one or more servers and customers
waiting for service ( as shown)

• Queue
• Server
• Arrival Departure
• Arrival Rate (λ)

• FIFO Service Rate

• Queuing models are often represented by diagrams.
• A source (much like the source in Systems Dynamics diagrams) generates
new customers which arrive in the system, join the queue in front of a server
where they wait until they are served by the server.
• After being served they leave the system at the sink.

• Diagram of a simple queuing model

• Classification of Queues:
• Single Line Single Server: This kind of queue consists of one line and one server.
• The packets come at end of the line and are served by only one server.
• The chief disadvantage of this kind of queue is that often the queue becomes longer and
waiting time becomes enormous.
• Single Line Multiple Server: This kind of queue is a solution to long waiting times of
single line.
• Each arriving packets are served by multiple servers to reduce the length of queue and
waiting time.
• Multiple Line Multiple Server: This is the common kind of queues found in computer
systems.
• It consists of multiple queues and multiple servers.
• One way to make an efficient servicing system is to assign batches of customers or
packets to one server, wait in line for processing and then proceed to another station.
• The advantage of this system is that a constant service in first server will make constant
arrival time in the second one and hence improving the model's overall service time.  
• The Queue is characterized by three quantities –
– The Input Process
– The Service Mechanism, and
– The Queue Discipline

The input process is expressed in terms of probability distribution

of interarrival times of packets
The service mechanism describes the statistical properties of the
service process
The queue discipline is the rule used to determine how the
customers waiting get served.
To clearly specifies these characteristics, a Queue is described in
some notation devised by D G Kendall
• In this notation, a Queue is characterized by six parameters –

• A/B/C/k/m/z
• Where A : Arrival Process
• B : Service Process
• C : No. of Servers
• k : Maximum capacity of Queue ( default ∞)
• m : Population of customers (default ∞)
• z : Service Discipline (default ∞)
• A & B depend on which probability distribution law is adopted –

– D : Constant (deterministic Law)

– M : Morkov Or Exponential Law) also called Memoryless
– G : General law
– GI : G=Independent law
– Ek : Erlang’s law of order k
– Hk : Hyper exponential law of order k.

Generally, a Queue is specified by representing first three symbols, where

k = ∞, m = ∞ and z = FIFO
• For example –
• M/M/1 represents – A queue in which arrival times are exponentially
distributed, service times are exponentially distributed, there is one
server, the queue length is infinite, the customer population is
infinite, and the service discipline is FIFO

• Little’s Theorem –
• The theorem gives the relation between the average number of
customers in a queue to the average customer arrival rate and th
average delay or waiting time.
• That is the average number of customer in queue (in system) N and
the average delay T is given as
• N = λT
• Where λ is average customer arrival rate.
• And is given by

• Expected number of arrivals in the interval [0,t]

• λ = lim ----------------------------------------------------------------
• t∞ t

• Ex - If λ is the arrival rate in a transmission line, NQ is the average number

of packets waiting in queue (not under transmission) and W is the average
time spent by a packet waiting in queue (not including transmission time),
then Little’s theorem gives
• _ NQ = λ W
• And also, of X is average transmission tine, then the average number of
packets under transmission is
• _
• ρ=λX
• Since at most one packet can be under transmission, ρ is also the
lines Utilization Factor i,e. proportion of time that the line is busy
transmitting a packet.
• Ex- 2
• A packet arrives at a transmission line every k seconds with the first
packet arriving at time 0. All packets have equal length and require
• ∞ k seconds for transmission where ∞ < 1.
• The processing & propagation delay per packet is P sec.
• The arrival rate here is λ = 1/k because