Software Defined Networking

Unit 1 : Introduction to Computer

Networking
• LAN (Local Area Network)
- A local area network (LAN) is a collection of devices
connected together in one physical location, such as a building,
office, or home.
- A LAN can be small or large, ranging from a home network
with one user to an enterprise network with thousands of users
and devices in an office or school.
- LANs are typically used in private households or in companies
to set up home or corporate networks.
- Home WiFi networks and small business networks are
common examples of LANs.
• MAN (Metropolitan Area Network)
- A metropolitan area network (MAN) is a computer network that connects
computers within a metropolitan area, which could be a single large city,
multiple cities and towns, or any given large area with multiple buildings.
- A MAN is larger than a local area network (LAN) but smaller than a wide
area network (WAN).
- MAN is made up of interconnected LANs. MANs typically combine the
networks of multiple organizations, instead of being managed by a single
organization.
- Devices used for transmission of data through MAN are Modem and
Wire/Cable.
- Examples of a MAN are the part of the telephone company network that
can provide a high-speed DSL line to the customer or the cable TV network
in a city.
• WAN (Wide Area Network)
- A wide area network (also known as WAN), is a large network of
information that is not tied to a single location.
- WANs can facilitate communication, the sharing of information and much
more between devices from around the world through a WAN provider.
- WANs can be vital for international businesses, but they are also essential
for everyday use, as the internet is considered the largest WAN in the
world.
- WANs are the largest and most expansive forms of computer networks
available
• Wireless Network
- Wireless networks are computer networks that are not
connected by cables of any kind.
- A wireless network is a computer network that uses wireless
data connections between network nodes.
- Wireless networking is a method by which
homes, telecommunications networks and business
installations avoid the costly process of introducing cables into
a building, or as a connection between various equipment
locations.
- Examples of Wireless network could be Wireless LAN,
Wireless ad hoc network, Wireless MAN, Wireless WAN,
Cellular network,
• Ad hoc Network
- An ad hoc network is one that is spontaneously formed when
devices connect and communicate with each other.
- The devices communicate with each other directly instead of
relying on a base station or access points as in wireless LANs
for data transfer co-ordination.
- Ad hoc networks are mostly wireless local area networks
(LANs).
- Ad hoc networks can be classified into several types
depending upon the nature of their applications.
 • Layered architecture:
1. OSI/RM: (Open Systems Interconnection model)
The International Standards Organization's OSI model serves as a standard
template for describing a network protocol stack
 • Layers of OSI

1. Physical Layer:
- The physical layer co-ordinates the function required to carry a bit stream
over a physical medium.
- Characteristics of Physical layer:
1. Physical characteristics of interface and medium.
2. Representation of bits.
3. Data rate
4. Synchronization of bits.
5. Line configuration.
6. Physical topology.
7. Transmission mode.
2. Data Link Layer:
- Data link layer transforms the physical layer,a raw transmission facility, to
a reliable link.
- Characteristics of Data Link Layer:
1. Framing.
2. Physical addressing.
3. Flow control.
4. Access control.
5. Error control.

3. Network Layer:
- Network layer is responsible for source-to-destination delivery of packet
possibly across multiple network.
- Characteristics of Network Layer:
1. Logical addressing.
2. Routing.
4. Transport Layer:
- Transport layer is responsible for the delivery of message from one process
to another.
- Characteristics of Transport layer:
1. Service point addressing.
2. Segmentation and reassembly.
3. Connection control.
4. Flow control.
5. Error control

5. Session Layer:
- Session layer establishes, maintains and synchronizes interaction between
communication system.
- Characteristics of Session layer:
1. Dialog control.
2. Synchronization.
6. Presentation Layer:
- Characteristics of Presentation layer:
1. Translation.
2. Encryption.
3. Compression.

7. Application Layer:
- Application layer is responsible for providing services to the user.
- Characteristics of Application layer:
1. Network Virtual Terminal.
2. File transfer, access and management.
3. Mail service.
4. Directory service.
2. TCP/IP Protocol Suite:
 • Physical and Data Link Layer:
At physical and data link layer, TCP/IP does not define any specific
protocol. It supports all standards and proprietary protocol.

• Network Layer:
At network layer TCP/IP supports Internetworking Protocol(IP).
IP in turn supports 4 protocol: ARP, RARP, ICMP and IGMP.
1. Internetworking Protocol (IP):
-It is unreliable and connectionless protocol, also known as best effort
service.
-It does not provide error checking or tracking.
-It transports data in form of packets known as datagrams, each
transported separately.
2. Address Resolution Protocol(ARP):
- It is used to associate logical address to physical address.
3. Reverse Address Resolution Protocol(RARP):
- It is used to find logical address when its physical address is known.
4. Internet Control Message Protocol(ICMP):
- It sends query and error reporting messages back to the sender.
5. Internet Group Message Protocol(IGMP):
- It is used to transmit messages to group of recipients.
 • Transport Layer:
- Transport layer was represented in TCP/IP by two protocols: TCP and
UDP.
- TCP and UDP are transport level protocol responsible for process to
process delivery of message.
- SCTP protocol was introduce to meet requirements of some newer
application.
1. User Defined Protocol (UDP):
-It is a process to process protocol that adds only port no. , checksum
error control and length of information that comes from upper layer.
2. Transmission Control Protocol(TCP):
-It is a reliable, connection oriented protocol.
-It divides stream of data into smaller units known as segments.
3. Stream Control Transmission Protocol(SCTP):
-Provides support to newer application such as voice over internet.
• Application Layer:
-It is combination of session, presentation and application layer.
 IPv4
• Addresses:
- IPv4 address is a 32-bit number.
- It is unique and universal.
- They are unique in the sense that each address defines one
and only one connection to internet. Two devices on
internet can never have same address at the same time.
Address are assigned to a device for a period of time and
then taken away and assigned to another device.
- They are universal in the sense that the addressing system
must be accepted by any host that wants to be connected
to the Internet.
 • Address Space:
- IPv4 that defines addresses has an address space.
- An address space is the total number of address used
by the protocol.
• Notation:
1. Binary Notation:
- It is a 32 bit number that is represented in 4 different
octet.
- E.g. 01110101 10010101 00011101 00000010
2. Dotted-Decimal Notation:
- It is written in decimal form with a decimal point
(dot) separating the bytes.
- E.g. 117.149.29.2
• Classful Addressing:
- IPv4 addressing used the concept of classes. This
architecture is called classful addressing.
- In classful addressing the address space is divided
into five classes A,B,C,D and E. Each occupies some
part of address space.
▪ Classes and Blocks:
- In classful addressing each class is divided into a
fixed number of blocks with each block having fixed
size.
▪ Netid and Hostid:
- In classful addressing an IP address in class A,B and C is divided into netid
and hostid.
- In class A one byte defines the netid and three byte defines the hostid.
- In class B two byte defines the netid and two byte defines the hostid.
- In class C three byte defines the netid and one byte defines the hostid.
▪ Mask:
- It is a 32-bit number made of contiguous 1s followed by contiguous 0s.
Also known as default mask.
- It is used to find netid and hostid.
- Mask is represented in form of /n and this notation is called as Classless
Interdomain Routing (CIDR).
▪ Subnetting:
- Large blocks of class A and B was divided into
several contiguous group and assign each
group to smaller network called subnet.
▪ Supernetting:
- In supernetting an organization can combine
several class C block to create a large range of
addreses. Several network are combined to
create a super network or supernet.
 • Classless Addressing:
- In this there are no classes, but the addresses still granted in
blocks.
- In this scheme block (range) of addresses was granted. The
size of block varies based on the nature and size of entity.
- Restriction:
1. The address in a block must be contiguous one after
another.
2. The number of addresses in a block must be a power of 2.
3. The first address must be evenly divisible by number of
addresses.
▪ Mask:
- It is a 32-bit number in which n leftmost bits are 1s and 32-n
rightmost bits are 0s.
▪ First Address:
- First address is found by setting 32-n rightmost bits in binary
notation of address to 0s.
▪ Last Address:
- Last address is found by setting 32-n rightmost bits in binary
notation of address to 1s.
▪ Number of Addresses:
- Number of addresses in the block is the difference between the
last and first address.
▪ Network Addresses:
- The first address is called the network address and defines the
organization network. It defines the organization itself to the
rest of the world.
• Datagram:
- Packets in IPv4 are called datagrams.
▪ Version (VER)- This is 4-bit field defines the version
of the IPv4 protocol. All fields must be interpreted as
specified in the fourth version of the protocol.
▪ Header Length(HLEN)- This is a 4-bit field defines
the total length of the datagram header.
▪ Services- Previously called service type and now is
called differentiated service.
- Service Type:
• The first 3 bit are precedence bits ranging from
0(000) to 7(111).
It defines the priority of the datagram in issues of
congestion.
• The next 4-bit are called TOS (Type of Service).
- D: Minimum Delay
- T: Maximum Throughput
- R: Maximum Reliability
- C: Minimum Cost
• The last bit is never used.
- Differentiated Service:
• The first 6 bits make up codepoint and last 2 bits are
not used.
• When 3 rightmost bit are 0s, the leftmost bits are
interpreted the same as precedence bits.
• When the 3 rightmost bits are not all 0s, the 6 bits
defines services based on the priority assigned by the
Internet.
▪ Total Length: It is a 16-bit field that defines the total
length of IPv4 datagram in bytes.
Length of data= total length – header length
▪ Identification: It is a 16 bit field used in
fragmentation. All the fragments have same
identification number. The identification number
helps the destination in reassembling the datagram.
▪ Flags: D- means do not fragment.
M- more fragments.

▪ Fragmentation Offset: This is a 13-bit field shows the

relative position of the fragment with respect to the
whole datagram.
▪ Time to live: A datagram has a limited lifetime. It
controls the maximum numbers of hops. Each router
that processes the datagram decrement this number by
1.
▪ Protocol: This is a 8-bit field defines higher level
protocol.
▪ Checksum
▪ Source address: This is 32-bit field defines IPv4
address of the source.
▪ Destination address: This is 32-bit field defines IPv4
address of the destination.
▪ Option: As the name implies that are not require for
datagram. They can be used for testing and
debugging.
1. No operation: It is used as filler between option.
2. End of option: It is used for padding at the end of
the option field.
3. Record Route: It is used to record the routers that
handle the datagram.
4. Strict Source Route: It is used by the source to
predetermine a route for the datagram. The datagram
should follow the same rout that is predefined.
5. Loose Source Route: It is similar to strict source
route but less rigid.
6. Timestamp: It is used to record the time of datagram
processing by a router.
 IPv6
• An IPv6 address consist of 16 bytes; it is 128 bits
long.
• It is also known as IPng (Internetworking Protocol,
next version).
• It specifies hexadecimal colon notation.
• Abbreviation
• Address Space:
IPv6 has much larger address space.
First few most bits, called type prefix in each address
defines its category.
• Unicast Address:
- It defines a single computer.
- The packet sent to a unicast address must be delivered
to specific computer.
• Multicast Address.
- It defines group of host instead of just one.
- A packet sent to multicast address must be delivered to each
member of group.
- A flag defines the group as either permanent or transient.
Permanent group address are defined by Internet authorities
and can be accessed at all times.
Transient group address is used only temporary; eg
teleconference.
- The next field defines the scope of group address.
• Anycast Addressess:
- An anycast address is like multicast address ;
defines a group of nodes.
- However, a packet destined for anycast address
is delivered to only one of the anycast group,
the nearest one.
 • Reserved Address:
- These address start with 8 0’s.
- It defines subcategories:
1. Unspecified address:
It is used when host does not know it own address and sends an
inquiry to find its address.
2. Loopback address:
It is used by a host to test itself without going into the network.
3. Compatible address:
It is used when a computer using IPv6 wants to sent message to
another computer using IPv6 but the message needs to pass
through a part of network that still operates in IPv4.
4. Mapped address:
It is used when a computer that has migrated to IPv6 wants to send
a packet to a computer still using IPv4.
• Local Address:
- These address are used when an organization
wants to use IPv6 protocol without being
connected to global Internet.
- Nobody outside the organization can send a
message to the nodes using these addresses.
 • Advantages:
1. Larger address space.
2. Better Header format.
3. New options.
4. Allowance for extension.
5. Support for new resources.
6. Support for more security.
• Packet Format
• Version:
This 4-bit field defines the version number of
the IP.
• Priority:
This 4-bit field defines the priority of the
packet with respect to traffic congestion.
Congestion controlled Traffic: If the source
adapts itself to traffic slowdown when there is
congestion, the traffic is refered to as
congestion controlled traffic.
Congestion controlled data are assigned
priorities from 0 to 7.
1. No specific traffic: prioity 0, assigned to packet
when process does not define a priority.
2. Background data: priority 1, defined data that are
usually delivered in the background.
3. Unattended data traffic: priority 2, defines when the
user is not waiting for the data to be received.
4. Attended bulk data traffic: priority 4, defines when
the user is waiting to receive the data.
5. Interactive traffic: priority 6, used when user
interaction is needed.
6. Control traffic: priority 7, used as management
control protocol.
 Non congestion controlled traffic: Source does not
adapts itself for congestion. Priority numbers from 8
to 15 are assigned to non congestion controlled
traffic.
• Flow label:
It is a 3-byte field that is designed to provide special
handling for a particular flow of data.
A sequence of packets, sent from a particular source
to particular destination that needs special handling
by routers is called flow of packets. The combination
of the source address and value of the flow label
defines a flow of packets.
In the simplest form, a flow label can be used to
speed up the processing of a packet by a router.
• Next Header:
It is a 8-bit field that defines the header that follows the base
header in the datagram.
• Hop limit:
This 8-bit field serves the same purpose as the TTL.
• Source address
• Destination address
• Extension Header:
1. Hop by Hop Option:
It is used when the source needs to pass information to all
routers visited by the datagram.
2. Source Routing:
It follows the concept of the strict source route and loose
source route.
3. Fragmentation:
4. Authentication:
It has dual purpose: it validates the message sender and
ensures the integrity of data.
5. Encrypted Security Payload:
It is an extension that provides confidentiality and guards
against eavesdropping.
6. Destination Option:
It is used when source needs to pass information to the
destination only.
• Routing Protocol:
- A routing protocol is a combination of rules and
procedure that lets routers in internet inform each
other of changes.
- It allows router to share whatever they know about
the internet or their neighbourhood.
 Optimization:
- It is process to find optimum pathway.
- One approach is to assign a cost for passing through
network. Thos cost is known as metric.
- Metric assigned to each network depends on the type of
protocol.
- Some simple protocol like RIP treats all network as equals.
The cost of passing through network is the same.
- Other protocol like OSPF allows administrator to assign a
cost for passing through a network based on the type of
service required.
- In BGP the criteria is the policy which can be set by
administrator. The policy defines what path should be
chosen.
 Intra and Inter Domain:
- Internet is divided into autonomous system.
- Autonomous System (AS) is a group of networks and
routers under the authority of single administrator.
- Routing inside an autonomous system reffered to as
intradomain routing.
- Routing between autonomous system reffered to as
interdomain routing.
- Each AS can choose one or more intra domain routing
protocol but only a single inter domain routing
protocol is selected.
 • Distance Vector Routing:
- In distance vector routing the least cost route between any two
nodes is the route with minimum distance.
- In this each node maintains vector(table) of minimum distance to
every node.
- The table at each node also guides the packet to the desired node
by showing the next stop in the route.
- Initialization:
. Each node can know only the distance between itself and its
intermediate neighbors, those directly connected to it.
. At this step, each node can send a message to the immediate
neighbors and find the distance between itself and these neighbors.
- Sharing:
. In this idea is to share the information between neighbors.
. Although node A does not know about node E, node C knows.
. So if node C shares its routing table with node A, node A can also
know how to reach node E.
• Fig 22.14 & 22.15
Initialization
 Updating:
1. The receiving node needs to add the cost between
itself and the sending node to each value in
second column.
2. The receiving node needs to add the name of the
sending node to each row as the third column.
3. The receiving node needs to compare each row of
its old table with the corresponding row of the
modified version of the received table.
a. If the next node entry is different, the receiving
node chooses the row with the smaller cost.
b. If the next hop entry is same, the receiving node
chooses the new row.
 When to share:
- The table is sent both periodically and when there is a
change in the table.
1. Periodic Update: A node sends its routing table,
after 30 s, in a periodic update.
2. Triggered Update: A node sends its two column
routing table to its neighbors anytime there is a
change in its routing table. This is called a triggered
update
 • RIP :
- Routing Information Protocol (RIP) is an intradomain routing
protocol used inside an autonomous system.
- It is based on Distance Vector Routing.
1. In an autonomous system we deal with routers and network.
2. The destination in a routing table is a network, which means the
first column defines network address.
3. The metric used by RIP is very simple, the metric in RIP is called
hop count.
4. Infinity is defined as 16.
5. The next node column defines the address of the router to which
the packet is to be sent to reach its destination.
• Link State Routing:
- In link state routing, if each node in the domain has
the entire topology of the domain- the list of nodes
and link, how they are connected including the type,
cost and condition of link- the node can use Dijkstra’s
algorithm to build routing table.
 - Building Routing Table:
1. Creation of the states of the link by each node,
called the link state packet (LSP).
2. Dissemination of LSP’s to every other router, called
flooding, in an efficient and reliable way.
3. Formation of a shortest path tree for each node.
4. Calculation of a routing table based on the shortest
path tree.
 • Creation of Link State Packet (LSP):
- LSP contains data: the node identity, the list of links,
a sequence number and age.
- Node identity and list of link are needed to make
topology.
- Sequence number facilitates flooding and
distingusihes new LSPs from old ones.
- Age prevents old LSPs from remaining in domain for
a long time.
- LSPs are generated on two occasions:
1. When there is a change in the topology of the
domain.
2. On the periodic basis.
 • Flooding of LSPs:
- After a node has prepared an LSP, it must be disseminated to all
other nodes, not only to its neighbors.
- The process is called flooding and based on the following:
1. The creating node sends a copy of the LSP out of each interface.
2. A node that receives an LSP compares it with the copy it may
already have.
If the newly arrived LSP is older than the one it has, it discards
the LSP.
If it is newer, the node does the following:
a. It discards the old LSP and keeps the new one.
b. It sends a copy of it out of each interface except the one from
which the packet arrived.
• Formation of Shortest Path Tree: Dijkstra Algorithm
- LSP received from all the nodes gives the whole topology.
However it is not sufficient to find shortest path to every other
node, a shortest path tree is needed.
- A tree is a graph of nodes and links; one node is called the
root.
- All the other node can be reached from the root through only
one single route.
- A shortest path tree is a tree in which the path between the root
and every other node is the shortest.
- The Dijkstra algorithm creates the shortest path tree from a
graph.
- The algorithm divides the node into two sets: tentative and
permanent.
- It finds the neighbors of a current node, make them tentative,
examines them, and if they pass the criteria makes them
permanent.
1. We make node A the root of the tree and move it to
the tentative list.
2. Node A has the shortest cumulative cost from all
nodes in the tentative list. We move A to the
permanent list and add all neighbors of A to the
tentative list.
3. Node C has the shortest cumulative cost from all node
in the tentative list. Node C moves to the permanent
list.
4. Node D has the shortest cumulative cost from all node
in the tentative list. It has no unprocessed neighbor to
be added to the tentative list.
5. Node B has the shortest cumulative cost from all node
in the tentative list.
6. Node E has the shortest cumulative cost from all node
in the tentative list.
• Calculating of Routing Table from Shortest Path
Tree:
- Each node uses the shortest path tree protocol to
construct its routing table. The routing table shows
the cost of reaching each node from the root.
• OSPF (Open Shortest Path First):
- It is an intradomain routing protocol based on the link state routing.
- Its domain are also known as autonomous system.
- Area: OSPF divides the system into autonomous system called areas.
-> Area is a collection of networks, hosts and routers, all connected within an autonomous
system.
-> Autonomous system can be divided into many different areas. All networks inside an
area must be connected.
-> Routers inside an area flood the area with routing information.
-> At the border of an area special router called area border routers summarize the
information about area and send it to other area.
-> Among the area inside the autonomous system is a special area called the backbone.
All the area within an autonomous system must be connected to the backbone.
The router inside the backbone are called the backbone routers.
Backbone router can also be the area router.
-> If the connectivity between a backbone and an area is broken, a virtual link between
routers must be created by an administrator.
- Metric: The OSPF protocol allows the administrator to assign a cost called metric to
each route.
The metric is based on a type of service (minimum delay, maximum throughput, and
so on).
 - Types of links:
1. Point-to-point: It connects two routers without any other
host or router in between.
2. Transient: It is a network with several routers attached to
it. The data can enter through any of the router and leave
through any router.
3. Stub: It is a network that is connected to only one router.
The data enter the network through this single router and
leave the network through the same router.
4. Virtual: When the link between two routers is broken, the
administrator may create a virtual link between them.
• Path Vector Routing:
- It is useful for interdomain routing.
- In this, assumption is made that there is one node that
acts on behalf of the entire AS.
This node is known as Speaker node.
- The speaker node in an AS creates a routing table and
advertises it to speaker node in the neighboring Ass.
Only the speaker node can communicate with each
other.
- Speaker node advertises the path and not the metric of
the node, in its AS or other AS.
• BGP (Border Gateway Protocol):
- BGP is an interdomain routing protocol using path vector routing.
- Types of Autonomous System:
1.Stub AS: It has only one connection to another AS. The
interdomain data traffic in a stub AS can be either created or
terminated in the AS. The hosts in the AS can send as well as
receive data traffic from other ASs.
Data traffic, however, cannot pass through a stub AS. A stub AS is
either a source or a sink.
2. Multihomed AS: A multihomed AS has more than one
connection to other ASs but it is still only a source or sink for
data traffic. It can receive data traffic from more than one AS. It
can send data traffic to more than one AS, but there is no transient
traffic. It does not allow data coming from one AS and going to
another AS to pass through.
3. Transient AS: A transient AS is a multihomed AS that allows
transient traffic.
 - BGP Session:
->The exchange of routing information between two
routers using BGP takes place in a session.
->A session is a connection that is established between
two BGP routers only for the sake of exchanging
routing information.
->To create a reliable environment BGP uses the
services of TCP.
->When a TCP connection is created for BGP it can last
for long time. BGP sessions are sometimes reffered to
as semi-permanent connections.
 - External and Internal BGP:
->The E-BGP session is used to exchange information
between two speakers nodes belonging to two
different autonomous systems.
-> The I-BGP session is used to exchange information
between two routers inside an autonomous systems.
• Address Mapping:
- The hosts and routers are recognized at the
network level by their logical (IP) addresses.
- Packet pass through physical network to reach
these hosts and routers.
- At the physical level, the hosts and routers are
recognized by their physical addresses.
- A physical address is local address.
- It is called physical address because it is usually
implemented in hardware, which is imprinted on
the NIC installed in the host or router.
- The physical address and the logical address are
two different identifiers.
- A packet that needs to be delivered to a host or
router requires two level of addressing: logical
and physical.
- Mapping of logical to physical address and
vise versa is needed.
- This can be done by using either static or
dynamic mapping.
1. Static Mapping:
- It involves in creation of table that associates logical
address with physical address.
- This table is stored in each machine on the network.
- Each machine that knows the IP address of another
machine but not its not physical address can look up
in the table.
- Limitation:-
a. A machine could change its NIC, resulting in new
physical address.
b. A mobile computer can move from one physical
network to another resulting in a change in its
physical address.
2. Dynamic Mapping:
- In this each time a machine knows one of the
two addresses, it can use a protocol to find the
other one.
• Mapping Logical to Physical Address: ARP
- Anytime a host or a router has an IP datagram to send to
another host or router, it has the logical (IP) address of the
receiver.
- But the IP datagram must be encapsulated in a frame to be
able to pass through physical network. Sender needs to know
physical address of the receiver.
- The host or router sends ARP query packet. Packet includes
the physical and IP address of sender and IP address of
receiver.
- Because the sender does not know the physical address of
receiver the query is broadcasted over the network.
- Every host or router on the network receives and processes
the ARP query packet but only the intended recipient
recognizes its IP address and send back an ARP response
packet.
- This response packet contains recipient IP and physical
address and it is unicast.
• Cache Memory:
- ARP reply is cached because a system
normally sends several packets to the same
destination.
- A system that receives ARP reply stores the
mapping in cache memory and keeps it for 20
to 30 min. unless the space in cache is
exhausted.
- Before sending an ARP request, the system
first checks its cache to see if it can find the
mapping.
 • Operation:
1. The sender know the IP address of the target.
2. IP asks ARP to create an ARP request message, filling the physical
and IP address of sender; IP address of target. The target physical
address field is filled with 0s.
3. The message is passed to the DLL where it is encapsulated in a
frame by using the physical address of the sender as the source
address and the physical broadcast address as the destination
address.
4. Every host or router receives the frame, removes the message and
pass it to ARP. All machine except the target one drop the packet.
5. The target machine replies with an ARP reply message that
contains its physical address. Message is unicast.
6. Sender receives the reply message and knows the physical address
of the target machine.
7. The IP datagram which carries data for the target machine is now
encapsulated to a frame and is unicast to the destination.
• Proxy ARP:
- A technique called proxy ARP is used to create a subnetting
effect.
- A proxy ARP is an ARP that acts on behalf of a set of hosts.
- Whenever a router running a proxy ARP receives an ARP
request looking for the IP address of one of these hosts, the
router sends an ARP reply announcing its own hardware
address.
- After the router receives the actual IP packet, it sends the
packet to the appropriate host or router.
 • Mapping Physical to Logical Address:
1. RARP (Reverse Address Resolution Protocol):
- It finds the logical address for a machine that knows only its
physical address.
- The IP address of a machine is usually read from its
configuration file stored on a disk file.
- The machine can get its physical address from NIC. It can
then use the physical address to get the logical address by
using RARP protocol.
- A RARP request is created and broadcast on the local
network.
- Another machine on the local network that knows all IP
addresses will respond with a RARP reply.
- The requesting machine must be running a RARP client
program; the responding machine must be running a RARP
server program.
Transport Layer
 • The transport layer is responsible for
process-to-process delivery- the delivery of packet,
part of a message, from one process to another.
• Two process communicate in a client/server
relationship.
• A process on the local host called a client, needs
services from a process usually on the remote host
called the server.
• For communication following things must define:
1. Local host.
2. Local process.
3. Remote host.
4. Remote process.
• Transport layer addresses are called a port numbers,
are used to choose multiple processes running on the
destination host
• The destination port number is needed for delivery;
the source port number is needed for the reply.
• Port numbers are 16-bit integers between 0 and
65,535.
 • The IANA (Internet Assigned Number Authority) has
divided the port number:
1. Well-known port: The ports ranging from 0 to 1023
are assigned and controlled by IANA. These are the
well-known port and are generally used by server.
2. Registered port: The ports ranging from 1024 to
49151 are not assigned or controlled by IANA. They
are only registered with IANA to prevent
duplication.
3. Dynamic port: The port ranging from 49152 to
65535 are neither controlled nor registered. They
can be used by any process. These are the ephemeral
ports and are generally used by client.
• Socket Address:
- Process-to-process delivery needs two identifier, IP
address and port number, at each end to make
connection.
- The combination of an IP address and a port number
is called socket address.
- The transport layer protocol needs pair of socket
addresses: the client socket address and the server
socket address.
- These four piece of information are part of the IP
header and the transport layer protocol header.
- The IP header contains the IP addresses; the UDP or
TCP header contains the port number.
• Multiplexing and Demultiplexing:
- Multiplexing: Sender site wants to send packets to
several application. But there is a single transport
layer protocol at time. This to many-to-one
relationship and requires multiplexing. The protocol
accepts the message from different processes,
differentiated by their assigned port number, and after
adding header, transport layer passes the packet to the
n/w layer.
- Demultiplexing: At receiver site relationship is
many-to-one and require demultiplexing. Transport
layer delivers each message to the appropriate
processes based on port number.
• Connectionless versus Connection oriented:
- Connectionless Service: The packet are sent from one
party to another with no need for connection
establishment or connection release. The packets are
not numbered; may be delayed or lost or may arrive
out of sequence, with no acknowledgement.
- Connection Service: In this, a connection is first
established between the sender and the receiver. Data
are transferred and at the end the connection is
released.
• Reliable Versus Unreliable
• USER DATAGRAM PROTOCOL (UDP)
- It is connectionless, unreliable transport protocol.
- It is very simple protocol.
1. Source port number: This is the port number used by the process
running on the source host. It is 16 bit long.
2. Destination port number: This is the port number used by the process
running on the destination host. It is 16 bit long.
3. Length: This is a 16-bit field that defines the total length of user
datagram header plus the data.
4. Checksum: This field is used to detect errors over the entire user
datagram.
Checksum includes three section: a pseudoheader, the UDP header and
the data coming from application layer.
 • UDP Operation:
1. Connectionless Service.
2. Flow and Error Control.
3. Encapsulation and Decapsulation.
4. Queuing: In UDP queues are associated with ports.
- When a process starts, it request a port number from the operating
system.
- Incoming and outgoing queue associated with process are created.
- Even if a process wants to communicate with multiple processes, it
obtains only one port number and eventually only one outgoing and one
incoming queue.
• TRANSMISSION CONTROL PROTOCOL (TCP)

- It is connection oriented, reliable protocol, that create

a virtual connection between two TCPs to send data.

- TCP uses flow and error control mechanisms.

 • TCP Service:
1. Process to process communication: TCP provides
process to process communication using port
number.
2. Stream Delivery Service: TCP is stream oriented
protocol.
- It allows the sending process to deliver data as a
stream of bytes and allows the receiving process to
obtain data as a stream of bytes.
- The sending process produce (writes to) the stream
of bytes and the receiving process consumes (reads
from) them.
3. Sending and Receiving Buffer:
- Because the sending and receiving processes may not write or read data at
the same speed, TCP needs buffer for storage.
- These are two buffers, the sending buffer and receiving buffer, one for
each direction.
- One way to implement a buffer is to use a circular array of 1-byte
location.
- At the sending site, the buffer has three types of chambers. The white
section chamber that can be filled by the sending process. The gray area
holds bytes that have been sent but not yet ack. The colored area contains
bytes to be sent by the sending TCP.
- After the bytes in the gray area are ack the chambers are recycled and
available for use of sending process.
- The operation at receiver site is simpler. The circular buffer is divided
into two areas. The white area contains empty chamber to be filled by
bytes received from the network. The colored section contain received
bytes, that can be read by the receiving process. When a byte is read by
the receiving process the chamber is recycled and added to the pool of
empty chambers.
4. Segments:
- The IP layer, as a service provider for TCP, needs to send data in a
packet, not as a stream of bytes.
- At transport layer TCP groups number of bytes together into packet called
segment.
- TCP adds header to each segment and delivers the segment to the IP layer
for transmission.
- The segment are encapsulated in IP datagram and transmitted.
5. Full-Duplex Communication:
- TCP offers full duplex service, in which data can flow
in both direction at the same time. Each TCP then has
a sending and receiving buffer, and segments move in
both direction.
6. Connection oriented service:
- TCP is connection oriented protocol.
- The two TCP establish a connection between them.
- Data are exchanged in both direction.
- The connection is terminated.
7. Reliable Service:
- TCP is a reliable transport protocol. It uses an
acknowledgment mechanism to check the safe and
sound arrival of data.
 • TCP Features:
1. Numbering System:
- TCP keeps track of segment being transmitted or received but
there is no field for segment number value in the segment header.
- Instead there are two field called sequence number and
acknowledgement number.
- These two refer to the byte number and not the segment number.
2. Byte Number:
- TCP numbers all data bytes that are transmitted in a connection.
- Numbering is independent in each direction.
- When TCP receives bytes of data from a process, it stores them in
sending buffer and numbers them.
- The numbering does not necessarily start from 0.
3. Sequence number:
- After the bytes are being numbered TCP assigns a sequence
number to each segment that is being sent. The sequence number
for each segment is the number of the first byte carried in that
segment.
4. Acknowledgement Number:
- The sequence number in each direction shows the number of the
first byte carried by the segment. Each party also uses an
acknowledgement number to confirm the bytes it has received.
5. Flow Control:
- The receiver of the data controls the amount of data that are to be
sent by the sender.
- This is done to prevent the receiver from being overwhelmed with
data.
6. Error control:
- To provide a reliable service TCP implements an error control
mechanism.
7. Congestion Control:
- The amount of data sent by the sender is not only controlled by
the receiver but is also determined by the level of congestion in
the network.
• Segment:
- Format:
1. Source port address.
2. Destination port address.
3. Sequence number: Number assigned to the first
byte of data contained in this segment.
4. Acknowledgment number: Defines the byte
number that the receiver of the segment is
expecting to receive from the other party.
5. Header Length.
6. Reserved.
7. Control: This field defines 6 different control
bits or flags.
 8. Window size: This field defines the size of the
window that the other party must maintain.
9. Checksum.
10. Urgent pointer: The 16-bit field is valid only if the
urgent flag is set, is used when the segment contains
urgent data.
11. Options
1. TCP Connection:
- A connection oriented transport protocol establishes a
virtual path between source and destination.
- In TCP, connection oriented transmission requires
three phases: connection establishment, data transfer
and connection termination.
 • Connection Establishment:
- TCP transmits data in full duplex mode.
- When two TCPs in two machines are connected, they are able to send segments to
each other simultaneously.
- This implies that each party must initialize communication and get approval from
other party before any data are transferred.
- Three-way Handshaking: Connection establishment in TCP is called three-way
handshaking.
- The process starts with server. The server program tells its TCP that is ready to accept
a connection. This is called a request for a passive open. Although the server TCP is
ready to accept any connection it cannot make the connection itself.
- The client program issues a request for an active open. A client that wishes to connect
to an open server tells its TCP that it needs to be connected to that particular server.
- TCP can now start the three-way handshaking process.
- Three steps in this phase are:
1. A SYN segment cannot carry data, but it consumes one sequence number. When
data transfer starts, the sequence number is incremented by 1.
2. A SYN + ACK segment cannot carry data, but does consume one sequence number.
3. An ACK segment, if carrying no data, consumes no sequence number.
• Simultaneous open:
- This occur when both the process issue an active open. In
this case both TCPs transmit a SYN + ACK segment to
each other and one single connection is established
between them.
• SYN flooding attack:
- This happens when a malicious attacker sends a large
number of SYN segment to a server, pretending that each
of them coming from a different client by taking the source
IP addresses in the datagram. The server allocates
necessary resources.
- TCP server then sends SYN + ACK segments to the fake
client, which is lost. During this, lot of resource are
occupied without being used. If during this time the
number of SYN segments is large, the server eventually
runs out of resources and may crash.
2. Data Transfer:
- After the connection is established, bidirectional data transfer can take place.
- The client and server can both send data and acknowledgements.
• Pushing Data:
- In some application, delayed transmission and delayed delivery of data may not
be acceptable.
- TCP handles this situation. The application program at the sending site can
request the push operation.
- This means that sending TCP must not wait for the window to be filled. It must
create a segment and send it immediately. The sending TCP must also set the
push bit (PSH) to let the receiving TCP know that the segment includes data that
must be delivered to the receiving application program as soon as possible and not
wait for more data to come.
• Urgent Data:
- Data are presented from application program to TCP as a stream of bytes. Each
byte of data has a position in the stream.
- On some occasion an application program needs to send urgent bytes.
- This means that the sending application program wants a piece of data to be read
out of order by the receiving application program.
- E.g : abort process.
• Connection Termination:
-> Three-way Handshaking:
- The FIN segment consumes one sequence number if it does
not carry data.
- The FIN + ACK segment consumes one sequence number if it
does not carry data.
- The client sends the last segment, an ACK segment to confirm
the receipt of the FIN segment from TCP server.
• Half-Close:
- In TCP, one end can stop sending data while still
receiving data. This is called half-close.
• Flow Control:
- This method uses the concept of sliding window.
- A sliding window is used to make transmission more
efficient as well as to control the flow of data so that
the destination does not become overwhelmed with
data.
- TCP sliding window are byte oriented.
 • Error Control:
- Error detection and correction in TCP is achieved through the use of three
simple tools: checksum, acknowledgement and time out.
1. Checksum:
- Each segment includes a checksum field which is used to check for
corrupted segment.
- If the segment is corrupted, it is discarded by the destination TCP and is
considered as lost.
- TCP uses a 16-bit checksum fro each segment.
2. Acknowledgement:
- TCP uses acknowledgement to confirm the receipt of data segments.
- ACK segment are never acknowledged.
3. Retransmission:
- When a segment is corrupted, lost or delayed, it is retransmitted.
- Retransmission occurs if the retransmission timer expires or three
duplicate ACK segment have arrived.
-> Retransmission After RTO:
- A recent implementation of TCP maintains one retransmission
time-out (RTO) timer for all outstanding segments.
- When the timer matures the earliest outstanding segment is
retransmitted.
- The value of RTO is dynamic in TCP and is updated based on
round trip time (RTT) of segments. An RTT is the time needed for
a segment to reach a destination and for an acknowledgement to be
received.
-> Retransmission After Three Duplicate ACK Segment:
- Sometimes one segment is lost and the receiver receives so many
out-of-order segments that they cannot saved.
- To alleviate this situation most implementation follows the
three-duplicate ACKs rule and retransmit the missing segment
immediately. This feature is referred to as fast retransmission.
-> Out-Of-Order:
- Data may arrive out of order and be temporarily stored by the
receiving TCP but TCP guarantees that no out-of-order segment is
delivered to the process.
 • Scenarios:
1. Normal Operation:
2. Lost Segment:
3. Fast Retransmission:
Congestion Control and
Quality of Service
• Data Traffic:
- In congestion control, traffic congestion is
controlled.
- In quality of service, an appropriate
environment for the traffic is created.
 ▪ Traffic Descriptor
- Traffic descriptor are qualitative values that represent a data flow.
1. Average Data Rate:
- It is the number of bits sent during a period of time, divided by
the number of seconds in that periods.
- Average data rate=amount of data/time.
2. Peak Data Rate:
- It defines the maximum data rate of the traffic.
3. Maximum Burst Size:
- It refers to the maximum length of time the traffic is generated
at the peak rate.
4. Effective Bandwidth:
- It is the bandwidth that the network needs to allocate for the
flow of traffic.
 ▪ Traffic Profiles:
1. Constant bit rate:
- CBR or fixed rate, traffic model has a data rate that does not change.
- In this type of flow, the average data rate and peak data rate are the
same.
2. Variable Bit Rate:
- In VBR, the rate of data flow changes in time, with the changes smooth
instead of sudden and sharp.
- In this type of flow, the average data rate and peak data rate are the
different.
3. Bursty:
- In this, data rate changes suddenly in very short time.
• Congestion:
- Congestion in a network may occur if the load on the
network is greater than the capacity of the network.
- Congestion control refers to the mechanism and techniques
to control the congestion and keep the load below the
capacity.
- Delay versus load:- When the load is much less than the
capacity of the network, the delay is minimum. Delay
becomes infinite when the load is greater than the capacity.
- Throughput versus load:- Throughput in a network is the
number of packets passing through the network in a unit of
time. When the load is below capacity of the network, the
throughput increases proportionally with the load.
• Congestion Control:
 ▪ Open Loop Congestion Control:
- This policy is applied to prevent the congestion before it
happens.
1. Retransmission policy:-
- The retransmission policy and retransmission timer must
be designed to optimize efficiency and at same time must
prevent congestion.
2. Window policy:-
- The type of window at the sender side also affect
congestion.
- Selective Repeat window is better than Go-Back-N window
for congestion control.
3. Acknowledge policy:-
- A receiver may decide to acknowledge only N packets
at a time. Acknowledgement are part of load in a
network. Sending fewer acknowledgement means
imposing less load on the network.
4. Discarding policy:-
- This policy by the routers may prevent congestion
and at same time may not harm the integrity of the
transmission.
5. Admission policy:-
- It prevents congestion in virtual-circuit networks.
 ▪ Closed Loop Congestion Control:
- This mechanism try to alleviate congestion after it
happens.
1. Backpressure:-
- It is node-to-node congestion control that starts
with a node and propagates in the opposite
direction of the data flow, to the source.
2. Choke packet:-
- A choke packet is the packet sent by node to source to
inform it of congestion.

3. Implicit Signaling:-
- In this, there is no communication between the congested
node or nodes and the source. The source guesses that
there is a congestion somewhere in the network from other
symptoms.
4. Explicit Signaling:-
- The node that experiences congestion can explicitly send a signal to the
source or destination.
- It is different from choke packet.
- Unlike choke packet where separate packet is used to send this signal, in
this method signal is included in the packet that carry data.
5. Backward Signaling:-
- A bit can be set in a packet moving in the direction opposite to the
congestion. This bit can warn the source that there is congestion and
that it needs to slow down to avoid the discarding of packets.
6. Forward Signaling:-
- A bit can be set in a packet moving in the direction to the congestion.
This bit can warn the destination that there is congestion. The receiver in
this case can use policy such as slowing down the acknowledement
❑ Congestion control in TCP:
1. Congestion Window:
- The sender window size is determined by the
available buffer space in the receiver (rwnd).
- If the network cannot deliver the data as fast as
they are created by the sender, it must tell the
sender to slow down.
- In other words, in addition to the receiver the
network is a second entity that determine that
size of the sender’s window.
2. Congestion policy:-
- TCP’s general policy for handling congestion is based on
three phases: slow start, congestion avoidance and
congestion detection.
-> Slow Start: Exponential Increase:
- This algorithm is based on the idea that the size of the
congestion window (cwnd) starts with one maximum
segment size (MSS).
- The MSS is determined during connection establishment.
- The size of the window increases one MSS each time
acknowledgement is received.
- The window starts slowly, but grows exponentially.
- Slow start cannot continue indefinitely. There must
be a threshold to stop this phase.
- The sender keeps track of a variable name ssthresh.
- When the size of window reaches this threshold,
slow start stops and the next phase starts.
-> Congestion Avoidance: Additive Increase:-
- TCP defines algo called congestion avoidance,
which undergoes an additive increase instead of
exponential one.
- When the size of the congestion window reaches
the slow-start threshold, the slow start phase
stops and additive phase begins.
- In this each time the whole window of segment is
acknowledged the size of the congestion window
is increased by 1.
 -> Congestion Detection: Multiplicative Decrease:-
- Retransmission can occur in two cases- when a timer times out or when
three ACK’s are received. In both case the size of the threshold is dropped
to one-half, a multiplicative decreases.
- TCP implementation have two reactions:
1. If a time-out there is possibility of congestion; a segment has been
dropped in the network and there is no news about the sent segment.
a. TCP sets the value of threshold to one-half of the current window size.
b. It sets cwnd to the size of one segment.
c. It starts the slow-down phase again.
2. If three ACK’s are received there is a congestion; a segment has been
dropped. This is called fast transmission and fast recovery.
a. TCP sets the value of threshold to one-half of the current window size.
b. It sets cwnd to the value of the threshold.
c. It starts the congestion avoidance phase.
• Quality Of Service
1. Reliability:
- It is a characteristic that a flow needs.
- Lack of reliability means losing packet or
acknowledgement which is entails retransmission.
2. Delay.
3. Jitter:
- Jitter is the variation in delay for packets belonging to
the same flow.
4. Bandwidth:
- Different application need different bandwidths.
Application Layer
• Remote Logging:
- Users may want to run application program at a
remote site and create results that can be transferred
to their local site.
- Eg: Students at university.
- A general-purpose client/server program lets a user
access any application program on a remote
computer; in other words, allow the user to log on to a
remote computer.
- After logging on, a user can use the services available
on the remote computer and transfer the result back
to the local computer.
• TELNET (TErminal NETwork):
- It is a general purpose client/server
application program.
- It operates in a timesharing environment.
 Logging:
- Two types of log-in: local and remote.
a. Local log-in:
- When a user logs into a local timesharing system,
it is called local log-in.
- As a user types at a terminal or at a workstation
running a terminal emulator, the keystrokes are
accepted by a terminal driver.
- The terminal driver passes the character to the
operating system.
- The operating system, in turn, interprets the
combination of character and invokes the desired
application program or utility.
b. Remote log-in:
- When a user wants to access an application program or utility located on a
remote machine, it performs remote log-in.
- User sends keystroke to terminal driver, local operating system accepts
character but does not interpret.
- The character are send to the TELNET client, which transforms the
character to a universal character set called network virtual terminal (NVT)
and delivers them to the local TCP/IP protocol stack.
- NVT travel through Internet and arrive at the TCP/IP stack at the remote
machine.
- Then it is delivered to the operating system and passed to the TELNET
server, which changes the character to the corresponding character
understandable by the remote computer.
- However the character cannot be passed directly to the operating system
because the remote operating system is not designed to receive
characters from TELNET server. It receives from terminal driver.
- A pseudorandom driver is a piece of software that accepts the character
from TELNET server, which pretends that the character are coming from a
terminal.
- The operating system then passes the character to the appropriate
application program.
 Network Virtual Terminal:
- We are dealing with a heterogeneous systems, if we want
to access any remote computer, we must know what type
of computer we will be connected to, and we must also
install the specific terminal emulator used by that
computer.
- TELNET defines a universal interface called the network
virtual terminal (NVT) character set.
- Via this interface, the client TELNET translates character
that come from the local terminal into NVT from and
delivers them to the network.
- The server TELNET translates data and command from NVT
form into the form acceptable by the remote computer.
 • Electronic Mail:
Architecture:
- There are four scenarios:
i. First Scenario:
- Sender and receiver of email are user on the same
system; they are directly connected to a shared
system.
- Administrator has created one mailbox for each
user where received message are stored with
permission restriction.
- When sender wants to send message, User Agent
(UA) program prepare the message and store it to
receiver mailbox.
- Receiver can retrieve and read the content of his
mailbox at his convenience using UA.
ii. Second Scenario:
- The sender and the receiver of the email are user on two different
systems.
- Message needs to be sent on the internet.
- Host A need UA to send message to system at her own site.
- System at her site uses a queue to store message waiting to be sent.
- Host B need UA to retrieve message stored in mailbox to system site.
- Here two message transfer agents (MTA) are needed: one client and one
server.
iii. Third Scenario:
- Here receiver may be directly connected to his system but sender is
seperated from her system.
- It may be connected either by LAN or WAN connection
- For this we require two pair of MTA client/server program.
iv. Fourth Scenario:
- Here both sender and receiver are connected to their mail server by a
WAN or LAN.
- After the message arrives at receiver, to retrieve message, a client/server
agent is needed called message access agent (MAA).
 User Agent:
i. Services provided by User Agent:
a. Composing message – creating message.
b. Reading message – to read incoming message. It
shows one line summary; a number field, flag that
shows the status (new, already read, read and replied
etc.), size of message, sender, and optional subject
field.
c. Replying to message.
d. Forwarding message.
e. Handling Mailbox – Inbox and Outbox.
 ii. Types of User Agent:
a. Command Driven
b. GUI based.
iii. Sending Mail:
- It has an envelope and a message.
- Envelope contains the sender and receiver address.
- Message contains header and body.
- Header defines the sender, receiver and subject.
- Body defines actual information.
iv. Receiving Mail:
- UA informs the user with a notice.
- If a user is ready to read the mail, a list is
displayed in which each line contains
summary of the information about a particular
message in the mailbox.
v. Addresses:
- Consist of two parts local and domain
seperated by @ sign.
 MIME (Multipurpose Internet Mail Extension):
- Email can send message only in NVT 7-bit ASCII format.
- It has some limitation i.e. it cannot be used for languages that are not
supported by 7-bit ASCII character.
- MIME is a supplementary protocol that allows non-ASCII data to be send
through email.
- MIME transforms non ASCII data to NVT ASCII data and delivers them to
the client MTA to be sent through the Internet.
- The message at the receiving side is transformed back to the original data.
- MIME as a set of software functions that transforms non-ASCII data to
ASCII data and vice versa
- MIME defines five headers that can be added to the original email header
section.
i. MIME-Version
ii. Content-Type : type of data.
iii. Content-Transfer-Encoding : method used to encode the message into
0s and 1s
iv. Content-Id : unique identification of message in multiple message
environment
v. Content-Description : defines message is image, audio or video.
 Message Transfer Agent (MTA):
- To send mail, a system must have client MTA, and to receive mail, a
system must have server MTA.
- The formal protocol that defines the MTA client and server in Internet is
called Simple Mail Transfer Protocol (SMTP).
- SMTP defines how command and responses must be sent back and forth.
- SMTP is used two times, between the sender and the sender’s mail server
and between the two mail servers.
 Mail Transfer Phases:
- The process of transferring a mail message
occurs in three phases: connection
establishment, mail transfer and connection
termination.
 Message Access Agent: POP & IMAP:
i. Post Office Protocol, Version 3 (POP3):
- It is simple with limited functionality.
- Software is installed both at client and server side.
- Mail access starts with client when user needs to download email from mailbox on
mail server.
- Client opens a connection to the server on TCP port 110.
- It then sends its user name and password to access mailbox.
- The user can then list and retrieve the mail message.
- It has two modes : delete and keep.
delete: mail is deleted from mailbox after each retrieval.
keep : mail remains in mailbox after retrieval.
 ii. IMAP4 – Internet Mail Access Protocol, version
4:
- It has more features than POP3.
- Extra features:
i. user can check email header prior to
downloading.
ii. User can search content of email for specific
string of character prior to downloading.
iii. Add, delete or remove mailboxes on mail server.
iv. A user can create hierarchy of mailboxes.
• File Transfer Protocol (FTP):
- It is provided by TCP/IP for copying file from one host to another.
- It needs two TCP connection.
- The well known port 21 is used for control connection and well known
port 20 for data communication.
- Control connection remains connected during entire interactive FTP
session.
- Data connection is opened and then closed for each file transferred.
- It uses 7-bit ASCII character.
- Communication is achieved through command and responses.
Domain Name System
- The client/server programs can be divided into two
categories: those that can be directly used by the user,
and those that support other application programs.
- The Domain Name System (DNS) is a supporting
program that is used by other programs.
- Example:
- DNS client/server program can support an e-mail program to
find the IP address of an e-mail recipient.
- A user of an e-mail program may know the e-mail address of
recipient; however, the IP protocol needs the IP address. The
DNS client program sends a request to a DNS server to map
the e-mail address to corresponding IP address.
• Name Space:
- The names assigned to a machine must be carefully
selected from a name space with complete control
over the binding between the names and IP addresses.
- The name must be unique because address are unique.
Unique names can be organized in two ways: flat or
hierarchical.
▪ Flat Name Space:
- In this name is assigned to an address.
- A name in this space is a sequence of characters without
structure.
- Disadvantage: It cannot be used in large system because it
must be centrally controlled to avoid ambiguity and
duplication.
▪ Hierarchical Name Space:
- In this name is made up of several parts.
- The first part define nature of organization; second part
can define the name of organization; third part may define
the department and so on.
- The central authority to assign and control the name
spaces can be decentralized.
• Domain Name Space:
- To have hierarchical name space a domain name space was
designed.
- In this the name are defined in an inverted-tree structure with
root at the top.
- Tree can have 128 level; 0 (root) to 127(level).
▪ Label:
- Each node in the tree has a label which is a string with a maximum
of 63 characters.
- Each children node has a different name which guarantees the
uniqueness of the domain names.
▪ Domain Name:
- Each node in the tree has a domain name.
- A full domain name is a sequence of labels separated by dot (.)
-> Fully Qualified Domain Name: If a label is terminated by a null
string, it is called fully qualified domain name (FQDN).
e.g abc.pqr.xyz.edu.
-> Partially Qualified Domain Name: If a label is not terminated by a
null string, it is called partially qualified domain name (PQDN).
e.g. Abc
▪ Domain:
- A domain is a subtree of a domain name space.
• Distribution of Name Space:
- The information contained in the domain name space must be stored.
- It is inefficient and unreliable to store large amount of information on
single system.
▪ Hierarchy of Name Server:
- In this information is distributed among many computers called DNS
Server.
- Each server can be responsible for either a large or a small domain.
Hierarchy of server is similar as hierarchy of names
▪ Zone:
- Domain name hierarchy cannot be stored on a single server, it
is divided among many servers.
- What a server is responsible for or has authority over is zone.
Zone can be defined as contiguous part of entire tree.
- The server makes a database called zone file and keeps all the
information for every node under that domain.
▪ Root Server:
- It is a server whose zone consists of the whole tree.
- Root server does not store any information about domain but
delegates its authority to other server keeping references to
those servers.
▪ Primary and Secondary Servers:
- Primary server is a server that stores a file about the zone for
which it is an authority. It is responsible for creating,
maintaining, and updating the zone file on a local disk.
- Secondary server is a server that transfer the complete
information about a zone from another server and stores the
file on its local disk. It does not create or update the zone files.
 • DNS in the Internet:
- In internet the domain space is divided into three sections:
generic domains, country domains, and inverse domain.
1. Generic Domain: It defines registered hosts according to
their behavior.
2. Country Domain: It uses two-character abbreviation.
Second label can be organizational, or national
designations.
3. Inverse Domain: It is used to map address to a name.
- When a server has received a request from client; although
the server has a file that contains a list of authorized clients,
only the IP address of the client is listed. The server asks its
resolver to send a query to the DNS server to map an
address to a name to determine if the client is on the
authorized list. This type of query is called an inverse or
pointer (PTR) query.
• Resolution:
- Mapping a name to an address or an address to a name
is called name-address resolution.
▪ Resolver:
- A host that needs to map an address to a name or a
name to an address calls a DNS client called a resolver.
- The resolver accesses the closest DNS server with a
mapping request.
- If the server has the information it satisfies the
resolver; otherwise it either refers the resolver to other
servers or ask other servers to provide the information.
- After the resolver receives the mapping, it interprets
the response to see if it is a resolution or an error and
finally delivers the result to the process that requested
it.
▪ Mapping Name to Addresses:
- The resolver gives a domain name to the server and
asks for the corresponding address.
- Server checks the generic domains or the country
domains to find the mapping.
▪ Mapping Addresses to Name:
- A client can send an IP address to a server to be
mapped to a domain name; this is called a PTR query.
To answer queries DNS uses the inverse domain.
▪ Recursive Resolution:
- The client can ask for a recursive answer from a name server.
This means that a resolver expects the server to supply the
final answer.
- If the parent is the authority it responds; otherwise, it sends the
query to another server.
- When query is finally resolved, the response travels back until
it finally reaches the requesting client. This is called recursive
resolution.
▪ Iterative Resolution:
- If the server is an authority for the name, it sends the answer,
or return the IP address of the server that it thinks can resolve
the query.
- The client must repeat the same query to multiple server and
so it is known as Iterative resolution.
▪ Caching:
- DNS handles mechanism called cashing.
- When a server asks for a mapping from another server and
receives the response, it stores this information in its cache
memory before sending it to the client.
- If the same or another client asks for the same mapping it can
check its cache memory and solve the problem.
• DNS Messages:
- DNS has two types of messages: query and response.
- The query message consists of a header and question
records; the response message consists of a header,
question records, answer records, authoritative
record, and additional records
• Header:
- Both query and response messages have same header format with some
fields set to zero for the query messages.
- Identification:- it is used by client to match the response with the query.
- Flags:-it is a collection of subfields that defines the type of message, the
type of answer requested, the type of desired resolution and so on.
- Number of question records:- It contains number of queries in the question
section of the message.
- Number of answer records:- It contains number of answer records in the
answer section of the response message.
- Number of authoritative records:- It contains the number of authoritative
records in the authoritative section of a response message.
- Number of additional records:- It contains the number additional records in
addition section of response message.
▪ Question Section:
- It contains one or more question records.
- It is present on both query and response.
▪ Answer Section:
- It consist of one or more resource records.
- It is present only on response messages.
▪ Authoritative Section:
- It consist of one or more resource records.
- It is present only on the response messages.
▪ Additional Information Section:
- It consist of one or more resource records.
- Provides additional information that may help the resolver.
 • Types of Records:
1. Question Record:
- It is used by the client to get information from a server. This
contains the domain name.
2. Resource Record:
- Each domain name is associated with a record called the
resource record. The server database consists of resource
records. Resource records are also what is returned by the
server to the client.