TCP/IP Fundamentals
Like this article? We recommend
Like this article? We recommend
Like this article? We recommend
One thing that is certain for new network administrators and engineers is that knowledge of TCP/IP will be required; this is because almost all modern networks use TCP/IP. This article takes a look at TCP/IP (version 4), how it is structured, and how it is used to route traffic from source to destination across multiple intermediary points. It also covers some of the other protocols that are directly connected into the TCP/IP suite, including TCP, UDP, and ICMP.
TCP/IP Basics
While the name TCP/IP stands for Transport Control Protocol / Internet Protocol, it is really much more than that. TCP/IP includes not only TCP and IP but also the User Datagram Protocol (UDP) and Internet Control Message Protocol, among many other higher level protocols. What also comes with TCP/IP is another networking model that many people overlook; the TCP/IP model is shown in Figure 1.
)
Figure 1 TCP/IP Model
Most new network administrators and engineers have gone through some training which typically discusses the Open Systems Interconnection (OSI) model (i.e. Layers 1 through 7); but there actually is a separate TCP/IP model that can be used. All of the layers of the TCP/IP model map relatively closely into the OSI model structure, and for the most part the OSI model is still referenced more in documentation; the OSI model structure is shown in Figure 2.
)
Figure 2 OSI Model
Because the OSI model is referenced more than the TCP/IP model itself, the rest of this article will use the OSI model layers.
As discussed, the name TCP/IP actually denotes two different protocols, each of which is at a different layer of the OSI model. IP is considered to be a Layer 3 protocol (network) while TCP (and UDP) are considered to be Layer 4 protocols (transport); these will be discussed separately below:
Internet Protocol (IP)
There are a number of things that are provided by IP, the most important of which is an address that is used for global network routing. An IP address (version 4) is a 32-bit address that is used to identify the different sources of traffic on networks; to use an analogy, the IP address would be a post office location. All of the traffic on the network has a unique IP address that is routed based on a global routing table (held and routed with Border Gateway Protocol[md]BGP).
To keep the size of the global routing table manageable, IP addresses are given out in blocks. Each block is assigned to a specific entity, be it an Internet Service Provider (ISP), organization, or small business. In the early years of IP deployment, organizations would be given very large blocks of addresses which they could assign internally in whatever way they saw fit; the ISPs would simply route all traffic destined for all of the addresses in that range to the organization as a whole (generally a single entry point). Of course, as the use of the Internet has become more and more common, the number of available addresses has gotten to a point where addresses are scarce and must be assigned much more carefully. With this scarcity has come smaller and smaller blocks of addresses that were routed and thus more individual routes that were required to be held in the global routing tables. As of this writing, there are almost 390,000 active BGP routed prefixes (blocks).
When a host device wants to send traffic to a remote destination it is typically routed through a number of different intermediary devices that make independent routing decisions. To make this clearer for those just getting into networking an example is shown in Figure 3.
)
Figure 3 IP Routing
Take a piece of IP traffic (packet) that was being sent from an organization in Chicago to another organization located in Tokyo. As shown in Figure 3, there are a number of different devices that the traffic must pass through to get from Chicago to Tokyo. Typically, the host itself is not routing protocol-aware and simply sends the traffic to the closest router (default gateway). This router must then lookup the destination traffic’s IP address; if this destination IP address is not known to the router and no default exists, the router will simply drop the traffic. For the purposes of this example, every router will have routes for both the source and destination IP addresses. The first router will look up the destination address in its routing table and send the traffic via its best path towards the destination; this happens as well at the second router, and the third router, and so on until the destination is reached. Each of these devices must make independent (relatively) decisions as to what is the best path to the destination.
Knowing the protocols that are run on these routers and how to configure them up correctly is the job of the network administrators/engineers. The specifics of the IP header and how it is used to process traffic will be covered in more detail in the forthcoming article “Anatomy of an IPv4 and IPv6 Packet.”
Transport Control Protocol (TCP)/User Datagram Protocol (UDP)
Both the TCP and UDP protocols operate on top of IP (at Layer 4); following the analogy from above, the TCP and UDP protocols would be the post office boxes. Traffic can be sent using the same destination IP address that allows it to reach the correct host, but a method of traffic differentiation is required, which is done through TCP and UDP ports. There are a number of different ports that are assigned into three different ranges: System Ports (0-1023), User Ports (1024-49151), and Dynamic and/or Private Ports (also called ephemeral ports) (49152-65535).
The difference between TCP and UDP really comes down to what traffic is being sent. TCP is a connection-based protocol that requires that a session be set up between source and destination before any user data is transmitted. Once this is set up, TCP offers a reliable session between source and destination, including support for traffic (packet) retransmission, packet reordering (making sure packets are received in order), and flow control (speeding up or slowing down traffic). TCP is much more complex than its companion, UDP. UDP is a connection-free protocol; no session is required to be set up before transmission and traffic is not verified as received by the destination host; traffic is simply sent as fast as possible from the source with the hope that the destination will receive it.
Internet Control Message Protocol (ICMP)
As the name suggests, ICMP is used to send control messages between IP devices. There are a number of different message types that can be sent, including echo and echo reply (used by the ping utility), destination unreachable, time exceeded (TTL expiration), and traceroute among others. The largest numbers of ICMP messages that are sent are related to error conditions that exist within the network. For example, if a piece of IP traffic (packet) is destined for a destination network that is unknown to an intermediary device, that device will return a destination unreachable ICMP message (there are separate codes within this message as well).
Summary
There is certainly a lot of information that can be known about TCP/IP and how it operates in everyday networks. This article offers a very high level review of TCP/IP for those just learning about its existence and wanted a simple overview of its operation.