CS3591 COMPUTER NETWORKS

UNIT I- INTRODUCTION AND APPLICATION LAYER

Data Communication - Networks – Network Types – Protocol Layering – TCP/IP

Protocol suite – OSI Model – Introduction to Sockets - Application Layer protocols:
HTTP – FTP – Email protocols (SMTP - POP3 - IMAP - MIME) – DNS – SNMP 75
 INTRODUCTION
A network is a set of devices (also referred to as nodes) connected by communication links. A node
can be a computer, printer or any other device capable of sending data and receiving data generated by other
nodes on the network.
Data communication is the exchange of data between two devices via some form of transmission
medium. The effectiveness of a data communication system depends on;
i. Delivery: Data must be delivered to the correct destination
ii. Accuracy: The system must deliver the data without any change
iii. Timeliness: The system must deliver the data in time.
COMPONENTS
A data communication system consists of five components. They are
i. Message: The message is the information or data to be communicated. Some forms of data
representations are text, number, images, audio and video.
ii. Sender: The sender is a device that sends the message.
iii. Receiver: The receiver is a device that receives the message, sent by the sender.
iv. Medium: The medium is a physical path through which the message can be passed between
the sender and the receiver.
v. Protocol: The protocol is a set of rules which governs the data communication. Without the
protocol, two systems can be connected but not communicating. The key elements of a protocol
are syntax, semantics and timing.
DIRECTION OF DATA FLOW
Line configuration refers to the attachment of communication devices to a link. There are two types
of line configurations:
i. Point-to-point: Provides a dedicated link between two devices. The entire channel capacity is
reserved for the transmission between two devices only.

Figure 1.1 Point-to-point connection

ii. Multipoint: More than two specific devices share a single link. The channel capacity is shared either
spatially or temporally.
 Figure 1.2 Multipoint connection
Communication between two devices can be of three types. They are;
1) Simple: The communication is unidirectional. Only one of the two stations on a link can transmit
and other can only receive.
2) Half-duplex: Each station can both transmit and receive, but not at the same time. The entire
capacity of the channel is taken by the station which transmits the data.
3) Full-duplex: Both stations can transmit and receive the data at the same time. The capacity of the
channel is divided between the signals traveling in opposite directions.

Figure 1.3 Data flow (simplex, half-duplex, and full-duplex)

CATEGORIES OF NETWORK
There are three primary categories of networks. They are,
(i) LAN (Local Area Network): It is normally private and will connect the computer in a small area
such as the entire computer in single company or building. The network at your business or school is
an example of a LAN.
(ii) MAN (Metropolitan Area Network): It is a "LAN" that has been extended so that it covers a larger
area such as an entire city. Your ISP is an example of a MAN.
(iii)WAN (Wide Area Network): It is a "LAN" that has been extended to cover a wider area such as
multiple sites around the world, an entire country, or even the whole world. It may be private in that
it connects all the sites within a single company or it may be public such as the network of computers
that make up the network for running all the Google related sites around the world.
PHYSICAL TOPOLOGY
 The term physical topology refers to the way in which a network is laid out physically. The topology
of a network is the geometric representation of the relationship of all the links and nodes to another. There
are five types of topologies. They are,
(i) Mesh topology
(ii) Star topology
(iii)Bus topology
(iv)Ring topology
(v) Hybrid topology
Mesh topology
In a mesh topology, every device has a dedicated point-to-point link to every other device. The term
dedicated means that the link carries traffic only between the two devices it connects. A fully connected
mesh network has n (n-1) physical channels to link n devices. To accommodate the links every device on the
network must have (n-1) I/O ports.

Figure 1.4 Mesh topology

Advantages:
a) Mesh topology is robust.
b) Better privacy and security.
c) Failure of one link will not disturb other links.
d) Helps the network manager to find the precise location of the fault and solution.
Disadvantages:
a) Large amount of cabling and I/O ports are required.
b) Installation and reconnection are difficult.
Star Topology
In a star topology, each device has a dedicated point-to-point link to a central controller (HUB) only.
If one link fails, that link is affected. All other links remain active.
 Figure 1.5 Star topology
Advantages:
a) Less expensive.
b) Star topology is robust.
c) Fault identification and fault isolation are easy.
d) Modification of star network is easy.
Disadvantages:
a) If the central hub fails, the whole network will not work.
b) Communication is possible only through the hub.
Bus topology
One long cable acts as a backbone to link all the devices in the network. Nodes are connected to the
back bone by taps and drop lines. Drop line is establishing the connection between the devices and the cable.
The taps are used as connectors. To keep the energy level of the signal the taps are placed in the limited
distance.

Figure 1.6 Bus topology

Advantages:
a) Easy installation.
b) Less cabling and less number of I/O port is required.
c) Less cost.
Disadvantages:
a) Network traffic is high.
b) Fault isolation and reconnection is difficult.
c) Adding new device is difficult.
d) A break in the bus cable stops all transmissions.
Ring topology

Figure 1.7 Ring topology

In a ring topology, each device has a dedicated point-to-point link with other devices. Each device is
linked only to its immediate neighbors. A signal is travel along the ring in only one direction from device to
device until it reaches its destination. The repeater is used to regenerate the signals during the transmission.
Advantages:
a) Easy to install and reconfigure.
b) Link failure can be easily found.
Disadvantages:
a) Maximum ring length and number of devices is limited.
b) Failure of one node on the ring affects the entire network.
c) Addition of nodes or removal of nodes disrupts the network.
d) Signal traffic is unidirectional.
`Hybrid Topology
Integration of two or more different topologies to form a resultant topology which has good points of
all the constituent basic topologies rather than having characteristics of one specific topology. This
combination of topologies is done according to the requirements of the organization.
For example, if there exists a ring topology in one office department while a bus topology in another
department, connecting these two will result in hybrid topology. Connecting two similar topologies cannot
be termed as Hybrid topology. Star-Ring and Star-Bus networks are most common examples of hybrid
network.
 Figure 1.8 Hybrid
topology PROTOCOLS AND STANDARDS
A protocol is a set of rules that governs data communications. A protocol defines what has been
communicated and when it has been communicated. The important elements of a protocol are:
a. Syntax: It represents the structure or format of the data.
b. Semantics: Gives the meaning for each section of bits, how the data is going to be interpreted and
the action to be taken based on the interpretation.
c. Timing: It indicates when the data should be sent and how fast the data can be sent.
Protocol standards provide guidelines about the kind of interconnectivity necessary in today's market
place and in international communication. Standards are of two types;
a. Defacto: The standard that have not been approved by an organization body but have been adopted
as standards through widespread use are called Defacto standard.
b. Dejure: Standards that have been approved by an organized body.

PROTOCOL LAYERING
- A protocol defines the rules that both the sender and receiver and all intermediate devices
need to follow to be able to communicate effectively.
- When communication is simple, we may need only one simple protocol. When
communication is complex, we need to divide the task b/w different layers. We need a
protocol at each layer, or protocol layering.
Scenarios
First Scenario
- In the first scenario, communication is so simple that it can occur in only
one Layer (Figure 1.9).
- Assume Maria and Ann are neighbors with a lot of common ideas.
- Communication between Maria and Ann takes place in one layer, face to face, in the same language

Figure 1.9 A single - layer protocol

 Second Scenario
- Maria and Ann communicate using regular mail through the post office (Figure 1.10).
- However, they do not want their ideas to be revealed by other people if the letters are intercepted.
- They agree on an encryption/decryption technique.
- The sender of the letter encrypts it to make it unreadable by an intruder; the receiver of the letter
decrypts it to get the original letter.

Figure 1.10 A three - layer protocol

Protocol Layering
- Protocol layering enables us to divide a complex task into several smaller and simpler tasks.
- Modularity means independent layers.
- A layer (module) can be defined as a black box with inputs and outputs, without concern about
how inputs are changed to outputs.
- If two machines provide the same outputs when given the same inputs, they can replace each other.
Advantages:
1) It allows us to separate the services from the implementation.
2) There are intermediate systems that need only some layers, but not all layers.
Disadvantage:
1) Having a single layer makes the job easier. There is no need for each layer to provide a
service to the upper layer and give service to the lower layer.
Principles of Protocol Layering
i) First Principle

→ If we want bidirectional communication, we need to make each layer able to perform 2

opposite tasks, one in each direction.

→ For example, the third layer task is to listen (in one direction) and talk (in the other
direction).
ii) Second Principle

→ The two objects under each layer at both sites should be identical.

→ For example, the object under layer 3 at both sites should be a plaintext letter.
 Logical Connections
- We have layer-to-layer communication (Figure 1.11).
- There is a logical connection at each layer through which 2 end systems can send the
object created from that layer.

Figure 1.11 Logical connections between peer layers

TCP/IP PROTOCOL SUITE

TCP/IP is a protocol-suite used in the Internet today. Protocol-suite refers a set of protocols
organized in different layers. It is a hierarchical protocol made up of interactive modules, each of which
provides a specific functionality. The term hierarchical means that each upper level protocol is supported by
the services provided by one or more lower level protocols.
Layered Architecture
Let us assume that computer A communicates with computer B as shown in Figure 1.12. As the
Figure
1.13 shows, we have five communicating devices;
i. Source host(computer A)
ii. Link-layer switch in link 1
iii. Router
iv. Link-layer switch in link 2
v. Destination host (computer B)
 Figure 1.12 Layers in the TCP/IP protocol suite

Figure 1.13 Communication through an Internet

Each device is involved with a set of layers depending on the role of the device in the internet. The
two hosts are involved in all five layers. The source host creates a message in the application layer and sends
the message down the layers so that it is physically sent to the destination host.
The destination host receives the message at the physical layer and then delivers the message through
the other layers to the application layer. The router is involved in only three layers; there is no transport or
application layer. A router is involved in n combinations of link and physical layers, where n is the number
of links the router is connected to. The reason is that each link may use its own data-link or physical
protocol. A link-layer switch is involved only in two layers namely, data-link layer and physical layer.
Layers in the TCP/IP Protocol Suite
As shown in the figure1.14, the duty of the application, transport, and network layers is end-to-end.
However, the duty of the data-link and physical layers is hop-to-hop. A hop is a host or router. The domain
of duty of the top three layers is the internet. The domain of duty of the two lower layers is the link. In top 3
layers, the data unit should not be changed by any router or link-layer switch.
 Figure 1.14 Logical connections between layers of the TCP/IP protocol suite
In bottom 2 layers, the data unit is changed only by the routers, not by the link-layer switches.
Identical objects exist between two hops. Because router may fragment the packet at the network layer and
send more packets than received (Figure 1.15). The link between two hops does not change the object.

Figure 1.15 Identical objects in the TCP/IP protocol

suite Description of Each Layer
Physical Layer
The physical layer receives bits from the data-link layer and sends through the transmission media.
The physical layer is responsible for movements of individual bits from one node to another node.
Transmission media is another hidden layer under the physical layer. Two devices are connected by a
transmission medium (cable or air). The transmission medium does not carry bits; it carries electrical or
optical signals.
Data Link Layer
Data-link-layer (DLL) is responsible for moving frames from one node to another node over a link.
The link can be wired LAN/WAN or wireless LAN/WAN. The data-link layer
• Gets the datagram from network layer
 • Encapsulates the datagram in a packet called a frame.
• Sends the frame to physical layer.
TCP/IP model does not define any specific protocol. DLL supports all the standard and proprietary
protocols. Each protocol may provide a different service. Some protocols provide complete error detection
and correction; some protocols provide only error correction.
Network Layer
The network layer is responsible for source-to-destination transmission of data. The network layer is
also responsible for routing the packet. The routers choose the best route for each packet. Why we need the
separate network layer?
• The separation of different tasks between different layers
• The routers do not need the application and transport layers.
• TCP/IP model defines 4 protocols. They are;
i. IP (Internetworking Protocol)
ii. ARP (Address Resolution Protocol)
iii. ICMP (Internet Control Message Protocol)
iv. IGMP (Internet Group Message Protocol)
i) IP (Internetworking Protocol)
• IP is the main protocol of the network layer.
• IP defines the format and the structure of addresses.
• IP is also responsible for routing a packet from its source to its destination.
• It is a connection-less & unreliable protocol.
• Connection-less means there is no connection setup b/w the sender and the receiver.
• Unreliable protocol means that IP does not make any guarantee about delivery of the data and
packets may get dropped during transmission.
• It provides a best-effort delivery service.
• Best effort means IP does its best to get the packet to its destination, but with no guarantees.
• IP does not provide flow control, error control and congestion control services.
• If an application requires above services, the application should rely only on the transport- layer
protocol.
ii) ARP
• ARP is used to find the physical-address of the node when its Internet-address is known.
• Physical address is the 48-bit address that is imprinted on the NIC or LAN card.
• Internet address (IP address) is used to uniquely & universally identify a device in the internet.
iii) ICMP
• ICMP is used to inform the sender about datagram-problems that occur during transit.
iv) IGMP
• IGMP is used to send the same message to a group of recipients.
Transport Layer
Transport Layer protocols are responsible for delivery of a message from a process to another
process. The transport layer gets the message from the application layer and encapsulates the message in a
packet called a segment then sends the segment to network layer. TCP/IP model defines 3 protocols for
transport layer;
i. TCP (Transmission Control Protocol)
ii. UDP (User Datagram Protocol)
iii. SCTP (Stream Control Transmission Protocol)
i) TCP
• TCP is a reliable connection-oriented protocol.
• A connection is established b/w the sender and receiver before the data can be transmitted.
• TCP provides flow control, error control and congestion control services.
ii) UDP
• UDP is the simplest of the 3 transport protocols.
• It is an unreliable, connectionless protocol.
• It does not provide flow, error, or congestion control.
• Each datagram is transported separately & independently.
• It is suitable for application program that needs to send short messages and cannot afford the
retransmission.
iii) SCTP
• SCTP provides support for newer applications such as voice over the Internet.
• It combines the best features of UDP and TCP.
Application Layer
The two application layers exchange messages between each other. Communication at the
application layer is between two processes (two programs running at this layer). To communicate, a process
sends a request to the other process and receives a response. Process-to-process communication is the duty
of the application layer. TCP/IP model defines following protocols;
i. FTP (File Transfer Protocol)
ii. SMTP (Simple Mail Transfer Protocol))
iii. DNS (Domain Name System)
iv. HTTP (Hyper Text Transfer Protocol)
v. SNMP (Simple NetworkManagement Protocol)
vi. TELNET (Terminal Network)
• SMTP is used to transport email between a source and destination.
• TELNET is used for accessing a site remotely.
• FTP is used for transferring files from one host to another.
• DNS is used to find the IP address of a computer.
• SNMP is used to manage the Internet at global and local levels.
 • HTTP is used for accessing the World Wide Web (WWW).
Encapsulation and Decapsulation

Figure 1.16 Encapsulation/ Decapsulation

Encapsulation at the Source Host (Figure 1.16)
• At the application layer, the data to be exchanged is referred to as a message.

⮚ A message normally does not contain any header or trailer.

⮚ The message is passed to the transport layer.

• The transport layer takes the message as the payload.

→ Transport layer adds its own header to the payload.

→ The header contains identifiers of the source and destination application programs and information
needed for flow, error control, or congestion control.

→ The transport-layer packet is called the segment (in TCP) and the user datagram (in UDP).

→ The segment is passed to the network layer.

• The network layer takes the transport-layer packet as payload.
→ NL adds its own header to the payload.

→ The header contains the addresses of the source and destination hosts, some information used for
error checking of the header and fragmentation information.

→ The network-layer packet is called a datagram.

→ The datagram is passed to the data-link layer.

• The data-link layer takes the network-layer packet as payload.
→ DLL adds its own header to the payload.

→ The header contains the physical addresses of the host or the next hop (the router).

→ The link-layer packet is called a frame.

 → The frame is passed to the physical layer for transmission

Decapsulation and Encapsulation at the Router

At the router, we have both encapsulation & encapsulation and because the router is
connected to two or more links.
 • Data-link layer

⮚ receives frame from physical layer

⮚ decapsulates the datagram from the frame and

⮚ Passes the datagram to the network layer.

• The network layer

⮚ Inspects the source and destination addresses in the datagram header and

⮚ Consults forwarding table to find next hop to which the datagram is to be delivered.

⮚ The datagram is then passed to the data-link layer of the next link.

• The data-link layer of the next link

⮚ Encapsulates the datagram in a frame and

⮚ Passes the frame to the physical layer for transmission.

Decapsulation at the Destination Host

At the destination host, each layer decapsulates the packet received from lower layer and removes the
payload then delivers the payload to the next-higher layer
Addressing
We have logical communication between pairs of layers. Any communication that involves 2 parties
needs 2 addresses: source address and destination address. We need 4 pairs of addresses as described in
Figure 1.17;
i. At the application layer, we normally use names to define

⮚ site that provides services, such as abc.com, or

⮚ e-mail address, such [email protected]

ii. At the transport layer, addresses are called port numbers.

⮚ Port numbers define the application-layer programs at the source and destination.

⮚ Port numbers are local addresses that distinguish between several programs running at

the same time.

iii. At the network-layer, addresses are called IP addresses.

⮚ IP address uniquely defines the connection of a device to the Internet.

⮚ The IP addresses are global, with the whole Internet as the scope.

iv. At the data link-layer, addresses are called MAC addresses

⮚ The MAC addresses defines a specific host or router in a network (LAN or WAN).
⮚ The MAC addresses are locally defined addresses.
 Figure 1.17 Addressing in the TCP/IP protocol suite
Multiplexing and Demultiplexing
Multiplexing means a protocol at a layer can encapsulate a packet from several next-higher layer
protocols (one at a time) as shown in Figure 1.18. Demultiplexing means a protocol can decapsulates and
deliver a packet to several next-higher layer protocols (one at a time).
i. At transport layer, either UDP or TCP can accept a message from several application-layer protocols.
ii. At network layer, IP can accept
a segment from TCP or a user datagram from UDP
a packet from ICMP or IGMP
iii. At data-link layer, a frame may carry the payload coming from IP or ARP.

Figure 1.18 Multiplexing and Demultiplexing

OSI MODEL
An ISO standard that covers all the aspects of network communication is the Open System
Interconnection Model. Open system is a set of protocols that allows any two different systems to
communicate regardless of their underlying architecture. Without changing the logic of the hardware and
software, two systems can communicate with the help of open system. OSI model consists of seven layer s.
The layers define the process of moving the information across the network. The seven layers of the OSI
model are;
(1) physical layer
 (2) data link layer
(3) network layer
(4) transport layer
(5) session layer
(6) presentation layer and
(7) application layer
Layered architecture
When a message travels from the sender to receiver, it may pass through many intermediate nodes.
Only the first three layers of the intermediate nodes are involved in all communication. Each layer calls upon
the services of the layers just below it. This is done with the help of protocols.
The processes on each machine that communicate at a given layer are called Peer-to-peer. The
passing of data and network information between the layers are carried out with the help of interfaces.
Interface is used to define the information and services to be provided by each layer.
OSI vs. TCP/IP
1) The four bottommost layers in the OSI model & the TCP/IP model are same (Figure 1.19).
However, the Application-layer of TCP/IP model corresponds to the Session, Presentation &
Application Layer of OSI model.
Two reasons for this are:
1) TCP/IP has more than one transport-layer protocol.
2) Many applications can be developed at Application layer
2) The OSI model specifies which functions belong to each of its layers. In TCP/IP model, the
layers contain relatively independent protocols that can be mixed and matched depending on
the needs of the system.

Figure 1.19 TCP/IP and OSI model

Lack of OSI Model’s Success
- OSI was completed when TCP/IP was fully in place and a lot of time and money had been spent on
 the suite; changing it would cost a lot.
- Some layers in the OSI model were never fully defined.
- When OSI was implemented by an organization in a different application, it did not show a high
enough level of performance
Organization of the Layers
The below figure 1.20 gives an overall view of the OSI layers. The seven layers are categorized into
three subgroups. Layers 1, 2, and 3-physical, data link, and network-are the network support layers. Layers
5, 6, and 7-session, presentation, and application – are the user support layers. Layer 4, the transport layer,
links the two subgroups and ensures that, what the lower layers have transmitted is in a form that the upper
layers can use.

Figure 1.20 The interaction between layers in the OSI model

Network support layers deal with the physical aspects of moving data from one device to another
such as electrical specifications, physical connections, physical addressing, and transport timing and
reliability. User support layers allow interoperability among unrelated software systems. The upper OSI
layers are always implemented in software; lower layers are a combination of hardware and software, except
for the physical layer, which is mostly hardware.
The process starts at the application layer then moves from layer to layer in descending, sequential
order. At each layer, a header, or possibly a trailer, can be added to the data unit. The trailer is added only
at layer 2. When the formatted data unit passes through the physical layer, it is changed into an
electromagnetic
signal and transported along a physical link. Upon reaching its destination, the signal passes into physical
layer and is transformed back into digital form. The data units are then moved back up through the OSI

layers.

Figure 1.21 Data exchange using the OSI model

When the block of data reaches the next higher layer, the headers and trailers attached by the sending
layer are removed. When the data unit reaches the application layer, the message is again in a form
appropriate to the application and is made available to the recipient.
LAYERS IN THE OSI MODEL
Physical Layer
The physical layer is responsible for movements of individual bits from one hop (node) to the next.
The physical layer coordinates the functions required to carry a bit stream over a physical medium. It deals
with the mechanical and electrical specifications of the interface and transmission medium. Physical layer
defines the procedures and functions that physical devices and interfaces have to perform for transmission of
data. The physical layer is also concerned with the following:
a) Physical characteristics of interfaces and medium: Defines the characteristics of the interface
between the devices and the transmission medium. It also defines the type of transmission medium.
b) Representation of bits: A stream of bits is encoded into signals (electrical or optical). It defines the
type of encoding.
c) Data rate: The number of bits sent/Sec is also defined by the physical layer.
d) Synchronization of bits: The sender and the receiver clocks must be synchronized.
e) Line configuration: The connection of devices to the media (point-to-point configuration or
multipoint configuration).
f) Physical topology: The physical topology defines how devices are connected to make a network.
g) Transmission mode: The physical layer also defines the direction of transmission between two
devices: simplex, half-duplex, or full-duplex.
Data Link Layer
 The data link layer is responsible for moving frames from one hop (node) to the next. Other
responsibilities of the data link layer include the following:
a) Framing: The data link layer divides the stream of bits received from the network layer into
manageable data units called frames.
b) Physical addressing: It adds a header to the frame to define the sender and/or receiver of the frame
c) Flow control: The data link layer imposes a flow control mechanism to avoid overwhelming the
receiver.
d) Error control: It adds reliability by adding mechanisms to detect and retransmit damaged or lost
frames. It also uses a mechanism to recognize duplicate frames by adding the trailer to the end of the
frame.
e) Access control: It determine which device has control over the link at any given time, when two or
more devices are connected to the same link.
Network Layer
The network layer is responsible for the delivery of individual packets from the source host to the
destination host. Other responsibilities of the network layer include the following;
a) Logical addressing: When a packet passes the network boundary, the network layer adds the logical
addresses of the sender and receiver.
b) Routing: When independent networks or links are connected to create internetwork, the connecting
devices (called routers or switches) route or switch the packets to their final destination.
Transport Layer
The transport layer is responsible for the delivery of a message from one process to another. Other
responsibilities of the transport layer include the following;
a) Service-point addressing: The transport layer gets the entire message to the correct process on the
destination system by adding a type of address called a service-point address (or port address).
b) Segmentation and reassembly: A message is divided into transmittable segments, with each
segment containing a sequence number. These numbers are used to reassemble the message at the
destination and to identify and replace packets that were lost in transmission.
c) Connection control: In a connectionless service each segment is treated as independent packet and
in connection oriented service each segment is treated as dependent packet. After all the data are
transferred, the connection is terminated.
d) Flow control: Flow control is performed from end to end rather than across a single link.
e) Error control: At this layer the error control is performed in a process-to-process rather than across
a single link.
Session Layer
The session layer is responsible for dialog control and synchronization. Specific responsibilities of
the session layer include the following;
 a) Dialog control: The session layer allows two systems to enter into a dialog. It allows the
communication between two processes to take place in either half-duplex or full-duplex mode.
b) Synchronization: The session layer allows a process to add checkpoints, or synchronization points,
to a stream of data. For example, if a system is sending a file of 100 pages, it is advisable to insert
checkpoints after every 10 pages to ensure that each 10-page unit is received and acknowledged
independently. In this case, if a crash happens during the transmission of page 23, the only pages that
need to be resent after system recovery are pages 21 to 30.
Presentation Layer
The presentation layer is responsible for translation, compression, and encryption. Specific
responsibilities of the presentation layer include the following:
a) Translation: The presentation layer is responsible for the interoperability between different
encoding methods.
b) Encryption: To carry sensitive information, a system must be able to ensure privacy. Encryption
means that the sender transforms the original information to another form and sends the resulting
message out over the network. Decryption reverses the original process to transform the message
back to its original form.
c) Compression: Data compression reduces the number of bits contained in the information. Data
compression is important in the transmission of multimedia such as text, audio, and video.
Application Layer
The application layer is responsible for providing services to the user. Specific services provided by
the application layer include the following:
a) Network virtual terminal: A network virtual terminal is a software version of a physical terminal
and it allows a user to log on to a remote host.
b) File transfer, access, and management: This application allows a user to access files in a remote
host, to retrieve files from a remote computer for use in the local computer, and to manage or control
files in a remote computer locally.
c) Mail services: This application provides the basis for e-mail forwarding and storage.
d) Directory services: This application provides distributed database sources and access for global
information about various objects and services.

TRANSMISSION MEDIAS
A transmission medium can be broadly defined as anything that can carry information from a source
to a destination. In data communications the definition of the information and the transmission medium is
more specific. The transmission medium is usually free space, metallic cable, or fiber-optic cable. The
information is usually a signal that is the result of a conversion of data from another form.
 Figure 1.22 Transmission medium
Transmission media can be divided into two broad categories: Guided medium and unguided
medium.

Guided Media
Guided media provide a conduit from one device to another. A signal traveling along any of these
media is directed and contained by the physical limits of the medium. Twisted-pair and coaxial cable use
metallic (copper) conductors that accept and transport signals in the form of electric current. Optical fiber is
a cable that accepts and transports signals in the form of light.
Twisted-Pair Cable
Twisting makes it probable that both wires are equally affected by external influences. The number
of twists per unit of length has some effect on the quality of the cable.

Figure 1.23 Twisted-pair cable

Unshielded Versus Shielded Twisted-Pair Cable
The most common twisted-pair cable used in communications is referred to as unshielded twisted-
pair (UTP). ICS has also produced a version of twisted-pair cable for its use called shielded twisted-pair
(STP). STP cable has a metal foil or braided mesh covering that encases each pair of insulated conductors.
Metal casing improves the quality of cable by preventing the penetration of noise or crosstalk. It is bulkier
and more expensive.
Connectors
 The most common UTP connector is RJ45 (RJ stands for registered jack). The RJ45 is a keyed
connector, meaning the connector can be inserted in only one way.

Figure 1.24 UTP connector

Categories of Unshielded Twisted-Pair Cable
The Electronic Industries Association (EIA) has developed standards to classify unshielded twisted-
pair cable into seven categories.
Categor Specificati Data U
y on Rate se
(Mbps)
1 Unshielded twisted-pair used in telephone <0.1 Telepho
ne
2 Unshielded twisted-pair originally used in T- 2 T-1
lines
lines
3 Improved CAT-2 used in LANs 10 LANs
4 Improved CAT 3 used in Token Ring 20 LANs
networks
5 Cable wire is normally 24 AWG with a jacket 100 LANs
and outside sheath
5E An extension to category 5 that includes extra 125 LANs
features to minimize the crosstalk
and
electromagnetic interference
6 A new category with matched components 200 LANs
coming from the same manufacturer. The
cable
must be tested at a 200Mbps data rate.
7 Sometimes called SSTP (shielded screen 600 LANs
twisted-pair). Each pair is individually
wrapped in a helical metallic foil followed by
a metallic foil shield in addition to the outside
sheath. The shield decreases the effect of
crosstalk and
increases the data rate.
Table 1.1 Categories of unshielded twisted-pair cables
Applications
a) Twisted-pair cables are used in telephone lines to provide voice and data channels.
b) Local-area networks, such as 10Base-T and 100Base-T, also use twisted-pair cables.
Performance
A twisted-pair cable can pass a wide range of frequencies. With increasing frequency, the
attenuation, measured in decibels per kilometer (dB/km), sharply increases with frequencies above 100 kHz.
Gauge is a measure of the thickness of the wire.

Figure 1.25 UTP Cable - Performance

Coaxial Cable
Coaxial cable carries signals of higher frequency ranges. Instead of having two wires, coax has a
central core conductor of solid or stranded wire (usually copper) enclosed in an insulating sheath, which is,
in turn, encased in an outer conductor of metal foil, braid, or a combination of the two. The outer metallic
wrapping serves both as a shield against noise and as the second conductor, which completes the circuit.
This outer conductor is also enclosed in an insulating sheath, and the whole cable is protected by a plastic

cover.

Figure 1.26 Coaxial cable

Coaxial Cable Standards
Coaxial cables are categorized by their radio government (RG) ratings. Each RG number denotes a
unique set of physical specifications, including the wire gauge of the inner conductor, the thickness and type
of the inner insulator, the construction of the shield, and the size and type of the outer casing. Each cable
defined by an RG rating is adapted for a specialized function.
Categor Impedance Use
y
 RG – 59 Cable TV
75Ω
RG – 58 Thin Ethernet
50Ω
RG – 11 Thick Ethernet
50Ω

Table 1.2 Categories of coaxial cables

Coaxial Cable Connectors
To connect coaxial cable to devices, we need coaxial connectors. The most common type of connector
used today is the Bayone-Neill-Concelman (BNe) connector. Three popular types of connectors:
a) BNC connector - used to connect the end of the cable to a device, such as a TV set.
b) BNC T connector - The BNC T connector is used in Ethernet networks to branch out a connection to
a computer or other device
c) BNC terminator - The BNC terminator is used at the end of the cable to prevent the reflection of the
signal.

(a) BNC Connector (b) BNCT Connector (c) BNC Terminator

Figure 1.27 BNC connectors
Applications of the coaxial cable
a) Cable TV
b) Telecommunication
c) Traditional Ethernet LANs
Performance of the coaxial cable
The attenuation is much higher in coaxial cables than in twisted-pair cable. Although coaxial cable
has a much higher bandwidth, the signal weakens rapidly and requires the frequent use of repeaters.
 Figure 1.28 Performance of the coaxial cable
Fiber-Optic Cable
`A fiber-optic cable is made of glass or plastic and transmits signals in the form of light. Light travels
in a straight line as long as it is moving through a single uniform substance. If a ray of light traveling
through one substance suddenly enters another substance the ray changes direction.

I < Critical angle, refraction I = Critical angle, refraction I > Critical angle, refraction
Figure 1.29 Bending of light ray
Bending Of Light
a) If the angle of incidence is less than the critical angle, the ray refracts and moves closer to the surface.
b) If the angle of incidence is equal to the critical angle, the light bends along the interface.
c) If the angle of incidence is greater than the critical angle, the ray reflects and travels again in the
denser substance.
The critical angle is a property of the substance, and its value differs from one substance to another.
Optical fibers use reflection to guide light through a channel. Glass or plastic core is surrounded by a
cladding of less dense glass or plastic. The difference in density of the two materials must be such that a
beam of light moving through the core is reflected off the cladding instead of being refracted into it.
 Figure 1.30 Optical fiber
Propagation modes
If the angle of incidence is less than the critical angle, the ray refracts and moves closer to the surface.
Propagation
(i) Multimode fiber: Multiple beams from a light source move through the core in different paths.
Multimode can be implemented in two forms step-index and graded-index.
(a) Multimode step-index fiber: The density of the core remains constant from the center to the
edges. A beam of light moves through this constant density in a straight line until it reaches
the interface of the core and the cladding.
(b) Multimode graded-index fiber: The density of the core is varying. Density is highest at the
centre of the core and decreases gradually to its lowest at the edge.
(ii) Single mode: Single-mode uses step-index fiber and a highly focused source of light that limits
beams to a small range of angles, all close to the horizontal. The single mode fiber itself is
manufactured with a much smaller diameter than that of multimode fiber.
 Figure 1.31 Optical fiber- Propagation modes
Fiber Sizes
Optical fibers are defined by the ratio of the diameter of their core to the diameter of their cladding,
both expressed in micrometers. The common sizes are
Type Mode
Core (μm) Cladding (μm)
501125 50.0 125 Multimode, graded index
62.51125 62.5 125 Multimode, graded index
100/125 100.0 125 Multimode, graded index
7/125 7.0 125 Single mode
Table 1.3 Fiber types
Cable Composition
The outer jacket is made of either PVC or Teflon. Inside the jacket are Kevlar strands to strengthen
the cable. Kevlar is a strong material used in the fabrication of bulletproof vests. Below the Kevlar is another
plastic coating to cushion the fiber. The fiber is at the center of the cable, and it consists of cladding and

core.
 Figure 1.32 Fiber construction
Fiber-Optic Cable Connectors
a) The subscriber channel (SC) connector is used for cable TV. It uses a push/pull locking system.
b) The straight-tip (ST) connector is used for connecting cable to networking devices. It uses a bayonet
locking system. It is more reliable than SC.
c) MT-RJ is a connector that is the same size as RJ45, used in fast Ethernet
Advantages of Optical Fiber
a) Higher bandwidth
b) Less signal attenuation
c) Immunity to electromagnetic interference
d) Resistance to corrosive materials
e) Light weight
f) Greater immunity to tapping
Disadvantages
a) Installation and maintenance
b) Unidirectional light propagation
c) Cost
Unguided Transmission Medias
Unguided media transport electromagnetic waves without using a physical conductor. This type of
communication is often referred to as wireless communication. Signals are normally broadcast through free
space and thus are available to anyone who has a device capable of receiving them. The part of the
electromagnetic spectrum, ranging from 3 kHz to 900 THz, is used for wireless communication. Unguided
signals can travel from the source to destination in several ways;
i) Ground propagation: Radio waves travel through the lowest portion of the atmosphere.
ii) Sky propagation: Higher frequency radio waves radiate upward into the ionosphere and they are
reflected back to earth.
iii) Line-of-sight propagation: Very high frequency signals are transmitted in straight lines directly
from antenna to antenna
We can divide wireless transmission into 3 broad groups. They are,
i) Radio waves
ii) Microwaves
iii) Infrared waves
Radio waves
Electromagnetic waves ranging in frequencies between 3 kHz and 1 GHz are normally called radio
waves. They are omnidirectional. When an antenna transmits radio waves, they are propagated in all
directions, means that the sending and receiving antennas do not have to be aligned. A sending antenna
sends waves that can be received by any receiving antenna. Radio waves with low and medium frequencies
can penetrate walls. Radio waves are used for multi-communication (TV, radio, paging systems).
Disadvantages of Radio waves
a) Penetrate the walls
b) Omnidirectional

Figure 1.33 Omnidirectional antenna

Microwaves
Electromagnetic waves having frequencies between 1 and 300 GHz are called microwaves.
Microwaves are unidirectional Microwave propagation is line-of-sight (antennas need to be in direct sight of
each other). Very high-frequency microwaves cannot penetrate walls (a disadvantage if receivers are inside
buildings). Use of certain portions of the band requires permission from authorities. Microwaves are using 2
types of antennas, they are
i) The parabolic dish: The parabolic dish focuses all incoming waves into a single point.
ii) The horn: A horn antenna looks like a gigantic scoop. Outgoing transmissions are broadcast up a
stem and deflected outward in a series of narrow parallel beams by the curved head.
Applications
a) Cellular telephones
 b) Satellite n/w
c) WLAN’s

Infrared (a) Dish antenna

(b) Horn antenna
Figure 1.34 Unidirectional
antennas
Infrared waves, with frequencies from 300 GHz to 400 THz. Infrared waves having high frequencies
cannot penetrate walls. Infrared signals can be used for short-range communication in a closed area using
line- of-sight propagation.
Differences between the guided and unguided media
Guided Unguided media
media
Signal energy propagates within the guided
Signal energy propagates through air
media
Suitable for point-to-point communication Suitable for broadcasting
Signals appears in the form
Signals appears in the form of voltage of
electromagnetic waves
Ex: Twisted pair, Co-axial, Fiber optics Ex: Radio wave, Micro wave, Infrared
APPLICATION LAYER
● The application layer is the highest layer in the protocol suite.

● The application layer provides services to the user.

● Communication is provided using a logical connection, which means that thetwo

application layers assume that there is an imaginary direct connection through
which they can send and receive messages.
● The application layer is the only layer that provides services to the Internet user

● The application layer exchange messages with their peers on other machines

● Applications need their own protocols. These applications are part of

networkprotocol.
● Types of Application Protocols:
Standard and Nonstandard Protocols

Standard Application-Layer Protocols

oThere are several application-layer protocols that have been standardizedand
documented by the Internet authority.
oEach standard protocol is a pair of computer programs that interact with theuser
and the transport layer to provide a specific service to the user.
oTwo very widely-used standardized application protocols:
SMTP : Simple Mail Transfer Protocol is used to exchange electronicmail.
HTTP : Hyper Text Transport Protocol is used to communicatebetween
Web browsers and Web servers.

Nonstandard Application-Layer Protocols

oA programmer can create a nonstandard application-layer program if they can
write two programs that provide service to the user by interacting withthe
transport layer.

APPLICATION-LAYER PARADIGMS
Two paradigms have been developed for Application Layer
1. Traditional Paradigm : Client-Server
2. New Paradigm : Peer-to-Peer

Client-Server Paradigm

oThe traditional paradigm is called the client-server paradigm.

oIt was the most popular Paradigm.
oIn this paradigm, the service provider is an application program, called theserver
process; it runs continuously, waiting for another application program, called
the client process, to make a connection through the Internet and ask for
service.
oThe server process must be running all the time; the client process is startedwhen
the client needs to receive service.
oThere are normally some server processes that can provide a specific type
of service, but there are many clients that request service from any of theseserver
 processes.

Peer-to-Peer(P2P) Paradigm
oA new paradigm, called the peer-to-peer paradigm has emerged to respond tothe
needs of some new applications.
oIn this paradigm, there is no need for a server process to be running all the timeand
waiting for the client processes to connect.
oThe responsibility is shared between peers.
oA computer connected to the Internet can provide service at one time and
receive service at another time.
oA computer can even provide and receive services at the same time.

Mixed Paradigm
oAn application may choose to use a mixture of the two paradigms by
combining the advantages of both.
oFor example, a light-load client-server communication can be used to find the
address of the peer that can offer a service.
oWhen the address of the peer is found, the actual service can be received fromthe
peer by using the peer-to-peer paradigm.

HTTP (HYPERTEXT TRANSFER PROTOCOL)

 The HyperText Transfer Protocol (HTTP) is used to define how the
client- server programs can be written to retrieve web pages from the
Web.
 It is a protocol used to access the data on the World Wide Web (WWW).
 The HTTP protocol can be used to transfer the data in the form of plain
text, hypertext, audio, video, and so on.
 HTTP is a stateless request/response protocol that governs
client/server communication.
 An HTTP client sends a request; an HTTP server returns a response.
  The server uses the port number 80; the client uses a temporary port number.
 HTTP uses the services of TCP , a connection-oriented and reliable protocol.
 HTTP is a text-oriented protocol. It contains embedded URL known as links.

 When hypertext is clicked, browser opens a new connection, retrieves file

from the server and displays the file.
 Each HTTP message has the general form
START_LINE <CRLF> MESSAGE_HEADER
<CRLF>
<CRLF> MESSAGE_BODY <CRLF>
where <CRLF> stands for carriage-return-line-feed.

Features of HTTP
oConnectionless protocol:
HTTP is a connectionless protocol. HTTP client initiates a request and waits for a
response from the server. When the server receives the request, the server
processes the request and sends back the response to the HTTP client after
which the client disconnects the connection. The connection between client
and server exist only during the current request and response time only.

oMedia independent:
HTTP protocol is a media independent as data can be sent as long asboth the client
and server know how to handle the data content. It is required for both the
client and server to specify the content type in MIME-type header.

oStateless:
HTTP is a stateless protocol as both the client and server know each other only
during the current request. Due to this nature of the protocol, both the client
and server do not retain the information between various requests of the web
pages.

HTTP REQUEST AND RESPONSE MESSAGES

 The HTTP protocol defines the format of the request and response messages.

 Request Message: The request message is sent by the

client that consists of a request line, headers, and
sometimes a body.

 Response Message: The response message is sent by the server to the client
that consists of a status line, headers, and sometimes a body.
HTTP REQUEST MESSAGE
  The first line in a request message is called a request line.
 After the request line, we can have zero or more request header lines.
 The body is an optional one. It contains the comment to be sent or the file to
be published on the website when the method is PUT or POST.

Request Line
 There are three fields in this request line - Method, URL and Version.
 The Method field defines the request types.
 The URL field defines the address and name of the corresponding web page.
 The Version field gives the version of the protocol; the most current version
of HTTP is 1.1.

 Some of the Method types are

Request Header
 Each request header line sends additional information from the client to
the server.
 Each header line has a header name, a colon, a space, and a header value.
 The value field defines the values associated with each header name.
 Headers defined for request message include
Body

● The body can be present in a request

message. It is optional.
● Usually, it contains the
comment to be sent or the file
to be published on the website
when the method is PUT or
POST.

Conditional Request
 A client can add a condition in its request.
 In this case, the server will send the requested web page if the condition is
met or inform the client otherwise.
 One of the most common conditions imposed by the client is the time and
date the web page is modified.
 The client can send the header line If-Modified-Since with the request to tell
the server that it needs the page only if it is modified after a certain point in
time.

HTTP RESPONSE MESSAGE

 The first line in a request message is called a status line.

 After the request line, we can have zero or more response header lines.
 The body is an optional one. The body is present unless the response is an
error message

Status Line
 The Status line contains three fields - HTTP version , Status code,
Status phrase
 The first field defines the version of HTTP protocol, currently 1.1.
 The status code field defines the status of the request. It classifies the
HTTP result. It consists of three digits.
1xx–Informational, 2xx– Success, 3xx–
Redirection, 4xx–Client error, 5xx–Server
error
 The Status phrase field gives brief description about status code in text form.
 Some of the Status codes are
Response Header

 Each header provides additional information to the client.

 Each header line has a header name, a colon, a space, and a header value.

 Some of the response headers are:

Body

● The body contains the document to be

sent from the server to the client.
● The body is present unless the response is
an error message.

HTTP
CONNECTIONS

● HTTP Clients and Servers

exchange multiple messages
over the same TCP
connection.
● If some of the objects are located
on the same server, we have two
choices: to retrieve each object
using a new TCP connection or to
make a TCP connection and
retrieve them all.
● The first method is referred to as a non-
persistent connection, the second as a
persistent connection.
● HTTP 1.0 uses non-persistent connections
and HTTP 1.1 uses persistent
connections .

NON-PERSISTENT CONNECTIONS

 In a non-persistent connection, one TCP

connection is made for
each request/response.
 Only one object can be sent over a
single TCP connection
 The client opens a TCP connection
and sends a request.
 The server sends the response and
closes the connection.
 The client readsthe data
until it encounters an end-of-file
marker.
 It then closes the connection.
PERSISTENT CONNECTIONS

● HTTP version 1.1 specifies a persistent

connection by default.
● Multiple objects can be sent over a single TCP
connection.
● In a persistent connection, the server leaves the
connection open for more requests after sending a
response.
● The server can close the connection at the request of
a client or if a time-out has been reached.
● Time and resources are saved using persistent
connections. Only one set of buffers and variables
needs to be set for the connection at each site.
● The round trip time for connection establishment
and connection termination is saved.

HTTP COOKIES

 An HTTP cookie (also called web cookie, Internet cookie, browser cookie,
or simply cookie) is a small piece of data sent from a website and stored on
the user's computer by the user's web browser while the user is browsing.
 HTTP is stateless , Cookies are used to add State.
 Cookies were designed to be a reliable
mechanism for websites to remember stateful
information (such as items added in the shopping cart in an online store) or to
record the user's browsing activity (including clicking particular buttons,
logging in, or recording which pages were visited in the past).
 They can also be used to remember arbitrary pieces of information that the
user previously entered into form fields such as names, addresses,
passwords, and credit card numbers.

Components of Cookie
A cookie consists of the following components:
1. Name
2. Value
3. Zero or more attributes (name/value pairs). Attributes store information such
as the cookie's expiration, domain, and flags
 Creating and Storing Cookies
The creation and storing of cookies depend on the implementation; however, the principle is the
same.
1. When a server receives a request from a client, it stores information
about the client in a file or a string. The information may include the
domain name of the client, the contents of the cookie (information the
server has gathered about the client such as name, registration number,
and so on), a timestamp, and other information depending on the
implementation.
2. The server includes the cookie in the response that it sends to the client.
3. When the client receives the response, the browser stores the cookie in
the cookie directory, which is sorted by the server domain name.

Using Cookies
 When a client sends a request to a server, the browser looks in the
cookie directory to see if it can find a cookie sent by that server.
 If found, the cookie is included in the request.
 When the server receives the request, it knows that this is an old client,
not a new one.
 The contents of the cookie are never read by the browser or disclosed to
the user. It is a cookie made by the server and eaten by the server.

Types of Cookies
1. Authentication cookies
These are the most common method used by web servers to know whether the user is
logged in or not, and which account they are logged in with. Without such a
mechanism, the site would not know whether to send a page containing sensitive
information, or require the user to authenticate themselves by logging in.
2. Tracking cookies
These are commonly used as ways to compile individuals browsing histories.
3.Session cookie
A session cookie exists only in temporary memory while the user navigates the website.
Web browsers normally delete session cookies when the user closesthe browser.
4.Persistent cookie
Instead of expiring when the web browser is closed as session cookies do, a persistent
cookie expires at a specific date or after a specific length of time. This means that, for
the cookie's entire lifespan , its information will be transmitted to the server every
time the user visits the website that it belongs to, or every time the user views a
resource belonging to that website from another website.
 HTTP CACHING

 HTTP Caching enables the client to retrieve document faster and reduces
load on the server.
 HTTP Caching is implemented at Proxy server, ISP router and Browser.

 Server sets expiration date (Expires header) for each page, beyond which it
is not cached.
 HTTP Cache document is returned to client only if it is an updated copy
by checking against If-Modified-Since header.
 If cache document is out-of-date, then request is forwarded to the server
and response is cached along the way.
 A web page will not be cached if no-cache directive is specified.

HTTP SECURITY
 HTTP does not provide security.

 However HTTP can be run over the Secure Socket Layer (SSL).

 In this case, HTTP is referred to as HTTPS.

 HTTPS provides confidentiality, client and server authentication, and

data integrity.

FTP (FILE TRANSFER PROTOCOL)

⮚ FTP stands for File transfer protocol.

⮚ FTP is a standard internet protocol provided by TCP/IP used

for transmitting the files from one host to another.
⮚ It is mainly used for transferring the web page files from their creator to
the computer that acts as a server for other computers on the internet.
⮚ It is also used for downloading the files to computer from other servers.

⮚ Although we can transfer files using HTTP, FTP is a better choice

to transfer large files or to transfer files using different formats.
FTP OBJECTIVES
⮚ It provides the sharing of files.

⮚ It is used to encourage the use of remote computers.

⮚ It transfers the data more reliably and efficiently.

FTP MECHANISM
  The above figure shows the basic model of the FTP.

 The FTP client has three components:

ouser interface, control process, and data transfer process.

 The server has two components:
oserver control process and server data transfer process.

FTP CONNECTIONS
 There are two types of connections in FTP -

Control Connection and Data Connection.

 The two connections in FTP have different lifetimes.

 The control connection remains connected during the entire interactive

FTP session.
 The data connection is opened and then closed for each file transfer
activity. When a user starts an FTP session, the control connection opens.
 While the control connection is open, the data connection can be opened
and closed multiple times if several files are transferred.
 FTP uses two well-known TCP ports:
oPort 21 is used for the control
connection oPort 20 is used for the data
connection.

 Control Connection:
oThe control connection uses very simple rules for communication.
oThrough control connection, we can transfer a line of command or lineof
response at a time.
oThe control connection is made between the control processes.
oThe control connection remains connected during the entire interactiveFTP
session.

 Data Connection:
oThe Data Connection uses very complex rules as data types may vary.
oThe data connection is made between data transfer processes.
oThe data connection opens when a command comes for transferring thefiles
and closes when the file is transferred.
FTP COMMUNICATION
 FTP Communication is achieved through commands and responses.

 FTP Commands are sent from the client to the server

 FTP responses are sent from the server to the client.

 FTP Commands are in the form of ASCII uppercase, which may or may not
be followed by an argument.
 Some of the most common commands are

 Every FTP command generates at least one response.

 A response has two parts: a three-digit number followed by text.

 The numeric part defines the code; the text part defines needed parameter.

FTP FILE TYPE

 FTP can transfer one of the following file types across the data
connection: ASCII file, EBCDIC file, or image file.
FTP DATA STRUCTURE
 FTP can transfer a file across the data connection using one of the
following data structure : file structure, record structure, or page
structure.
 The file structure format is the default one and has no structure. It is
a continuous stream of bytes.
 In the record structure, the file is divided into records. This can be used
only with text files.
 In the page structure, the file is divided into pages, with each page having
a page number and a page header. The pages can be stored and accessed
randomly or sequentially.

FTP TRANSMISSION MODE

 FTP can transfer a file across the data connection using one of the
following three transmission modes: stream mode, block mode, or
compressed mode.
 The stream mode is the default mode; data are delivered from FTP to TCP as
a continuous stream of bytes.
 In the block mode, data can be delivered from FTP to TCP in blocks.

 In the compressed mode, data can be compressed and delivered from FTP
to TCP.

FTP FILE TRANSFER

 File transfer occurs over the data connection under the control of
the commands sent over the control connection.
 File transfer in FTP means one of three
things: oretrieving a file (server to client)
ostoring a file (client to server)
odirectory listing (server to client).

FTP SECURITY
 FTP requires a password, the password is sent in plaintext which is
unencrypted. This means it can be intercepted and used by an
attacker.
 The data transfer connection also transfers data in plaintext, which is insecure.

 To be secure, one can add a Secure Socket Layer between the FTP
application layer and the TCP layer.
 In this case FTP is called SSL-FTP.

EMAIL (SMTP, MIME, IMAP, POP)

 One of the most popular Internet services is electronic mail (E-mail).

 Email is one of the oldest network applications.

 The three main components of an Email are

1. User Agent (UA)
2. Messsage Transfer Agent (MTA) – SMTP
3. Messsage Access Agent (MAA) - IMAP , POP
  When the sender and the receiver of an e-mail are on the same system, we
need only two User Agents and no Message Transfer Agent
 When the sender and the receiver of an e-mail are on different system, we
need two UA, two pairs of MTA (client and server), and two MAA (client
and server).

WORKING OF EMAIL

 When Alice needs to send a message to Bob, she runs a UA program

to prepare the message and send it to her mail server.
 The mail server at her site uses a queue (spool) to store messages waiting to be
sent. The message, however, needs to be sent through the Internet from
Alice’s site to Bob’s site using an MTA.
 Here two message transfer agents are needed: one client and one server.

 The server needs to run all the time because it does not know when a client
will ask for a connection.
 The client can be triggered by the system when there is a message in the
queue to be sent.
 The user agent at the Bob site allows Bob to read the received message.

 Bob later uses an MAA client to retrieve the message from an MAA
server running on the second server.
USER AGENT (UA)

 The first component of an electronic mail system is the user agent (UA).

 It provides service to the user to make the process of sending and receiving
a message easier.
 A user agent is a software package that composes, reads, replies to, and

forwards messages. It also handles local mailboxes on the user

computers.

 There are two types of user agents: Command-driven and GUI-based.

Command driven
oCommand driven user agents belong to the early days of electronic mail.
oA command-driven user agent normally accepts a one character command fromthe
keyboard to perform its task.
oSome examples of command driven user agents are mail, pine, and elm.

GUI-based
oModern user agents are GUI-based.
oThey allow the user to interact with the software by using both the keyboardand
the mouse.
oThey have graphical components such as icons, menu bars, and windows thatmake
the services easy to access.
oSome examples of GUI-based user agents are Eudora and Outlook.

MESSAGE TRANSFER AGENT (MTA)

 The actual mail transfer is done through message transfer agents (MTA).

 To send mail, a system must have the client MTA, and to receive mail,
a system must have a server MTA.
 The formal protocol that defines the MTA client and server in the Internet
is called Simple Mail Transfer Protocol (SMTP).

MESSAGE ACCESS AGENT (MAA)

 MAA is a software that pulls messages out of a mailbox.

 POP3 and IMAP4 are examples of MAA.

ADDRESS FORMAT OF EMAIL

 E-mail address is userid @ domain where domain is hostname of the

mail server.

MESSAGE FORMAT OF EMAIL

 Email message consists of two parts namely header and body.

 Each header line contains type and value separated by a colon (:).

 Some header contents are:

o From: identifier sender of the message.

o To: mail address of the recipient(s).
o Subject: says about purpose of the message.
o Date: timestamp of when the message was transmitted.
 Header is separated from the body by a blank line.

 Body contains the actual message.

⮚ Email was extended in 1993 to carry many different types of data:

audio, video, images, Word documents, and so on.
⮚ This extended version is known as MIME(Multipurpose Mail Extension).

SIMPLE MAIL TRANSFER PROTOCOL (SMTP)

 SMTP is the standard protocol for transferring mail between hosts in

the TCP/IP protocol suite.
 SMTP is not concerned with the format or content of messages themselves.
 SMTP uses information written on the envelope of the mail (message
header), but does not look at the contents (message body) of the envelope.
 SMTP clients and servers have two main components
oUser Agents(UA) – Prepares the message, encloses it in an envelope.
oMail Transfer Agent (MTA) – Transfers the mail across the internet

 SMTP also allows the use of Relays allowing other MTAs to relay the mail.
SMTP MAIL FLOW

 To begin, mail is created by a user-agent program in response to user input.

 Each created message consists of a header that includes the recipient's email
address and other information, and a message body containing the message
to be sent.
 These messages are then queued in some fashion and provided as input to
an SMTP Sender program.

SMTP COMMANDS AND RESPONSES

 The operation of SMTP consists of a series of commands and

responses exchanged between the SMTP sender and SMTP receiver.
 The initiative is with the SMTP sender, who establishes the TCP connection.

 Once the connection is established, the SMTP sender sends commands over
the connection to the receiver.
 The command is from an MTA client to an MTA server; the response is
from an MTA server to the MTA client.

SMTP Commands
 Commands are sent from the client to the server. It consists of a
keyword followed by zero or more arguments. SMTP defines 14
commands.
SMTP Responses

 Responses are sent from the server to the client.

 A response is a three digit code that may be followed by additional

textual information.
 SMTP OPERATIONS
Basic SMTP operation occurs in three phases:
1. Connection Setup
2. Mail Transfer
3. Connection Termination

Connection Setup

 An SMTP sender will attempt to set up a TCP connection with a target

host when it has one or more mail messages to deliver to that host.
 The sequence is quite simple:

1. The sender opens a TCP connection with the receiver.

2. Once the connection is established, the receiver identifies itself
with "Service Ready”.
3. The sender identifies itself with the HELO command.
4. The receiver accepts the sender's identification with "OK".
5. If the mail service on the destination is unavailable, the destination
host returns a "Service Not Available" reply in step 2, and the process
is terminated.

Mail Transfer

 Once a connection has been established, the SMTP sender may send one
or more messages to the SMTP receiver.
 There are three logical phases to the transfer of a message:

1. A MAIL command identifies the originator of the message.

2. One or more RCPT commands identify the recipients for
this message.
3. A DATA command transfers the message text.
Connection Termination

 The SMTP sender closes the connection in two steps.

 First, the sender sends a QUIT command and waits for a reply.

 The second step is to initiate a TCP close operation for the TCP connection.

 The receiver initiates its TCP close after sending its reply to the
QUIT command.

LIMITATIONS OF SMTP

 SMTP cannot transmit executable files or other binary objects.

 SMTP cannot transmit text data that includes national language characters, as
these are represented by 8-bit codes with values of 128 decimal or higher,
and SMTP is limited to 7-bit ASCII.
 SMTP servers may reject mail message over a certain size.

 SMTP gateways that translate between ASCII and the character code
EBCDIC do not use a consistent set of mappings, resulting in translation
problems.
 Some SMTP implementations do not adhere completely to the SMTP
standards defined.
 Common problems include the following:

1. Deletion, addition, or recording of carriage return and linefeed.

2. Truncating or wrapping lines longer than 76 characters.
3. Removal of trailing white space (tab and space characters).
4. Padding of lines in a message to the same length.
5. Conversion of tab characters into multiple-space characters.

MULTIPURPOSE INTERNET MAIL EXTENSION (MIME)

 SMTP provides a basic email service, while MIME adds multimedia capability
to SMTP.
 MIME is an extension to SMTP and is used to overcome the problems and
 limitations of SMTP.
 Email system was designed to send messages only in ASCII format.

● Languages such as French, Chinese, etc., are not supported.

● Image, audio and video files cannot be sent.

 MIME adds the following features to email service:

 ● Be able to send multiple attachments with a single message;

● Unlimited message length;

● Use of character sets other than ASCII code;

● Use of rich text (layouts, fonts, colors, etc)

● Binary attachments (executables, images, audio or video files, etc.),

which may be divided if needed.
 MIME is a protocol that converts non-ASCII data to 7-bit
NVT(Network Virtual Terminal) ASCII and vice-versa.

MIME HEADERS

 Using headers, MIME describes the type of message content and the
encoding used.
 Headers defined in MIME are:

● MIME-Version- current version, i.e., 1.1

● Content-Type - message type (text/html, image/jpeg, application/pdf)
● Content-Transfer-Encoding - message encoding scheme (eg base64).
● Content-Id - unique identifier for the message.
● Content-Description - describes type of the message body.
MIME CONTENT TYPES
 There are seven different major types of content and a total of 14 subtypes.

 In general, a content type declares the general type of data, and the
subtype specifies a particular format for that type of data.
 MIME also defines a multipart type that says how a message carrying
more than one data type is structured.
 This is like a programming language that defines both base types (e.g.,
integers and floats) and compound types (e.g., structures and arrays).
 One possible multipart subtype is mixed, which says that the message
contains a set of independent data pieces in a specified order.
 Each piece then has its own header line that describes the type of that piece.

 The table below lists the MIME content types:

ENCODING FORMATS OF MIME

 MIME uses various encoding formats to convert binary data into the
ASCII character set.
 To transfer binary data, MIME offers five encoding formats which can be
used in the header transfer-encoding:
● 7-bit : 7-bit text format (for messages without accented characters);
● 8-bit : 8-bit text format;
● quoted-printable : Quoted-Printable format, recommended for
messages which use a 7-bit alphabet (such as when there are
accent marks);
● base-64 : Base 64, for sending binary files as attachments;
 ● binary : binary format; not recommended.
 Since MIME is very open, it can use third-party encoding formats such as:

● BinHex : A proprietary format belonging to Apple

● Uuencode : for UNIX-to-UNIX encoding
● Xencode : for binary-to-text encoding
MESSAGE TRANSFER IN MIME

 MTA is a mail daemon (sendmail) active on hosts having mailbox, used

to send
an email.
 Mail passes through a sequence of gateways before it reaches the recipient
mail server.
 Each gateway stores and forwards the mail using Simple mail transfer
protocol (SMTP).
 SMTP defines communication between MTAs over TCP on port 25.

 In an SMTP session, sending MTA is client and receiver is server. In

each exchange:
 Client posts a command (HELO, MAIL, RCPT, DATA, QUIT, VRFY, etc.)

 Server responds with a code (250, 550, 354, 221, 251 etc) and an explanation.

 Client is identified using HELO command and verified by the server

 Client forwards message to server, if server is willing to accept.

 Message is terminated by a line with only single period (.) in it.

 Eventually client terminates the connection.

IMAP (INTERNET MAIL ACCESS PROTOCOL)

 IMAP is an Application Layer Internet protocol that allows an e-mail client
toaccess e-mail on a remote mail server.
 It is a method of accessing electronic mail messages that are kept on a
possibly shared mail server.
 IMAP is a more capable wire protocol.

 IMAP is similar to SMTP in many ways.

 IMAP is a client/server protocol running over TCP on port 143.

 IMAP allows multiple clients simultaneously connected to the same mailbox,

and through flags stored on the server, different clients accessing the same
mailbox at the same or different times can detect state changes made by
 other clients.
 In other words, it permits a "client" email program to access remote
message stores as if they were local.
 For example, email stored on an IMAP server can be manipulated from a
desktop computer at home, a workstation at the office, and a notebook
computer while travelling, without the need to transfer messages or files
back and forth between these computers.
 IMAP can support email serving in three modes:
  Offline

 Online Users may connect to the server, look at what

email is available,
and access
it online. This looks to the user very much like having local spool files, but they’re
on the
mail server.
  Disconnected operation
A mail client connects to the server, can make a “cache” copy of
selected messages, and disconnects from the server. The user can then
work on the messages offline, and connect to the server later and
resynchronize the server status with the cache.

OPERATION OF IMAP

 The mail transfer begins with the client authenticating the user and
identifying the mailbox they want to access.
 Client Commands
LOGIN, AUTHENTICATE, SELECT, EXAMINE, CLOSE, and LOGOUT
 Server Responses
OK, NO (no permission), BAD (incorrect command),
 When user wishes to FETCH a message, server responds in MIME format.

 Message attributes such as size are also exchanged.

 Flags are used by client to report user actions.

SEEN, ANSWERED, DELETED,
RECENT

IMAP4
 The latest version is IMAP4. IMAP4 is more powerful and more complex.

 IMAP4 provides the following extra functions:

● A user can check the e-mail header prior to downloading.

● A user can search the contents of the e-mail for a specific string
of characters prior to downloading.
● A user can partially download e-mail. This is especially useful if
bandwidth is limited and the e-mail contains multimedia with high
bandwidth requirements.
● A user can create, delete, or rename mailboxes on the mail server.
 ● A user can create a hierarchy of mailboxes in a folder for e-mail storage.

ADVANTAGES OF IMAP

 With IMAP, the primary storage is on the server, not on the local machine.

 Email being put away for storage can be foldered on local disk, or can
be foldered on the IMAP server.
 The protocol allows full user of remote folders, including a remote
folder hierarchy and multiple inboxes.
 It keeps track of explicit status of messages, and allows for user-defined status.

 Supports new mail notification explicitly.

 Extensible for non-email data, like netnews, document storage, etc.

 Selective fetching of individual MIME body parts.

 Server-based search to minimize data transfer.

 Servers may have extensions that can be negotiated.

 POST OFFICE PROTOCOL (POP3)

 Post Office Protocol (POP3) is an application-layer Internet standard

protocol used by local e-mail clients to retrieve e-mail from a remote server
over a TCP/IP connection.
 There are two versions of POP.

• The first, called POP2, became a standard in the mid-80's and

requires SMTP to send messages.
• The current version, POP3, can be used with or without SMTP.
POP3 uses TCP/IP port 110.
 POP is a much simpler protocol, making implementation easier.

 POP supports offline access to the messages, thus requires less internet
usage time
 POP does not allow search facility.

 In order to access the messages, it is necessary to download them.

 It allows only one mailbox to be created on server.

 It is not suitable for accessing non mail data.

 POP mail moves the message from the email server onto the local computer,
although there is usually an option to leave the messages on the email server
as well.
 POP treats the mailbox as one store, and has no concept of folders.

 POP works in two modes namely, delete and keep mode.

● In delete mode, mail is deleted from the mailbox after retrieval. The
delete mode is normally used when the user is working at their
permanent computer and can save and organize the received mail after
reading or replying.
● In keep mode, mail after reading is kept in mailbox for later retrieval.
The keep mode is normally used when the user accesses her mail away
from their primary computer .

 POP3 client is installed on the recipient computer and POP server on the
mail server.
 Client opens a connection to the server using TCP on port 110.

 Client sends username and password to access mailbox and to

retrieve messages.
POP3 Commands
POP commands are generally abbreviated into codes of three or four lettersThe
following describes some of the POP commands:
1. UID - This command opens the connection
2. STAT - It is used to display number of messages currently in the
mailbox 3.LIST - It is used to get the summary of messages
4.RETR -This command helps to select a mailbox to access the messages5.DELE -
It is used to delete a message
6. RSET - It is used to reset the session to its initial state7.QUIT
- It is used to log off the session

DIFFERENCE BETWEEN POP AND

IMAP
SN PO IMA
o. P P
1 Generally used to support Designed to handle multiple clients.
single client.
2 Messages are accessed offline. Messages are accessed online
although it also supports offline
mode.
3 POP does not allow search facility. IMAP offers ability to search emails.
4 All the messages have to It allows selective transfer of messages
be to
downloaded. the client.
5 Only one mailbox can be created on Multiple mailboxes can be created on
the server. the
server.
6 Not suitable for accessing non- Suitable for accessing non-mail data
mail data. i.e. attachment.
7 POP commands are generally IMAP commands are not
abbreviated into codes of three abbreviated, they are full. Eg.
or STATUS.
four letters. Eg. STAT.
8 It requires minimum use of server Clients are totally dependent on server.
 resources.
9 Mails once downloaded cannot Allows mails b accesse from
be accessed from some other to e d
location.
 multipl
e
locatio
ns.
10 The e- ar n downloaded Users can view the headings and sender
mails e ot of e-mails and then decide to download.
automatic
all y.
11 POP requires less internet usage IMAP requires more internet usage
time. time.

Advantages of IMAP over POP

 IMAP is more powerful and more complex than POP.

 User can check the e-mail header prior to downloading.

 User can search e-mail for a specific string of characters prior to downloading.

 User can download partially, very useful in case of limited bandwidth.

 User can create, delete, or rename mailboxes on the mail server.

DNS (DOMAIN NAME SYSTEM)

 Domain Name System was designed in 1984.

 DNS is used for name-to-address mapping.

 The DNS provides the protocol which allows clients and servers
to communicate with each other.
 Eg: Host name like www.yahoo.com is translated into numerical IP
addresses like 207.174.77.131
 Domain Name System (DNS) is a distributed database used by TCP/IP
applications to map between hostnames and IP addresses and to
provide electronic mail routing information.
 Each site maintains its own database of information and runs a server
program that other systems across the Internet can query.

WORKING OF DNS
The following six steps shows the working of a DNS. It maps the host name to an IPaddress:
 1. The user passes the host name to the file transfer client.
2. The file transfer client passes the host name to the DNS client.
3. Each computer, after being booted, knows the address of one DNS server.
The DNS client sends a message to a DNS server with a query that gives the
file transfer server name using the known IP address of the DNS server.
4. The DNS server responds with the IP address of the desired file transfer server.
5. The DNS server passes the IP address to the file transfer client.The file transfer client
now uses the received IP address to access the
6. file transfer server.

NAME SPACE

 To be unambiguous, the names assigned to machines must be carefully

selected from a name space with complete control over the binding between
the names and IP address.
 The names must be unique because the addresses are unique.

 A name space that maps each address to a unique name can be organized
in two ways: flat (or) hierarchical.

Flat Name Space

● In a flat name space, a name is assigned to an address.

● A name in this space is a sequence of characters without structure.
● The main disadvantage of a flat name space is that it cannot be
used in a large system such as Internet because it must be centrally
controlled to avoid ambiguity and duplication.

Hierarchical Name Space

● In a hierarchical name space, each name is made of several parts.

● The first part can define the organization, the second part can define the
name, the third part can define departments, and so on.
● In this case, the authority to assign and control the name spaces can
be decentralized.
● A central authority can assign the part of the name that defines the nature of
the organization and the name.
● The responsibility for the rest of the name can be given to the
organization itself. Suffixes can be added to the name to define host or
resources.
● The management of the organization need not worry that the prefix chosen for
a host is taken by another organization because even if part of an address is
the same, the whole address is different.
● The names are unique without the need to be assigned by a central authority.
● The central authority controls only part of the name, not the whole name.
DOMAIN NAME SPACE

 To have a hierarchical name space, a domain name space was designed. In this
design, the names are defined in an inverted-tree structure with the root at the
top.
 Each node in the tree has a label, which is a string with a maximum of
63 characters.
 The root label is a null string.

 DNS requires that children of a node have different labels, which guarantees
the uniqueness of the domain names.

 Each node in the tree has a label, which is a string with a maximum of
63 characters.
 The root label is a null string (empty string). DNS requires that children of
a node (nodes that branch from the same node) have different labels,
which guarantees the uniqueness of the domain names.

Domain Name

● Each node in the tree has a label called as domain name.

● A full domain name is a sequence of labels separated by dots (.)

● The domain names are always read from the node up to the root.

● The last label is the label of the root (null).

● This means that a full domain name always ends in a null label,
which means the last character is a dot because the null string is
nothing.
● If a label is terminated by a null string, it is called a fully qualified
domain name (FQDN).
● If a label is not terminated by a null string, it is called a partially

qualified domain name (PQDN).

Domain

● A domain is a subtree of the domain name space.

● The name of the domain is the domain name of the node at the top of the
sub- tree.
● A domain may itself be divided into domains.

DISTRIBUTION OF NAME SPACE

 The information contained in the domain name space must be stored.

 But it is very inefficient and also not reliable to have just one computer
store such a huge amount of information.
 It is inefficient because responding to requests from all over the world, places
a heavy load on the system.
 It is not reliable because any failure makes the data inaccessible.

 The solution to these problems is to distribute the information among

many computers called DNS servers.

HIERARCHY OF NAME SERVERS

 The way to distribute information among DNS servers is to divide the

whole space into many domains based on the first level.
 Let the root stand-alone and create as many domains as there are first
level nodes.
 Because a domain created this way could be very large,

 DNS allows domains to be divided further into smaller domains.

 Thus we have a hierarchy of servers in the same way that we have a

hierarchy of names.
ZONE

 What a server is responsible for, or has

authority over, is called a zone.
 The server makes a database called
a zone file and keeps all the
information for every node under
that domain.
 If a server accepts responsibility
for a domain and does not divide
the domains into smaller domains,
the domain and zone refer to the
same thing.
 But if a server divides its domain
into sub domains and delegates
parts of its authority to other
servers, domain and zone refer
to different things.
 The information about the nodes
in the sub domains is stored in
the servers at the lower levels,
with the original server keeping
some sort of references to these
lower level servers.
 But still, the original server does not free
itself from responsibility totally.
 It still has a zone, but the
detailed information is kept
by the lower level servers.

ROOT SERVER

 A root sever is a server whose zone consists of the whole tree.

 A root server usually does not store any information about domains but
delegates its authority to other servers, keeping references to those
servers.
  Currently there are more than 13 root servers, each covering the whole
domain name space.
 The servers are distributed all around the world.

PRIMARY AND SECONDARY SERVERS

 DNS defines two types of servers: primary and secondary.

 A Primary Server is a server that stores a file about the zone for which it is
an authority.
 Primary Servers are responsible for creating, maintaining, and
updating the zone file.
 Primary Server stores the zone file on a local disc.
 A secondary server is a server that transfers the complete information about a
zone from another server (Primary or Secondary) and stores the file on its
local disc.
 If updating is required, it must be done by the primary server, which sends
the updated version to the secondary.
  A primary server loads all information from the disk file; the secondary
server loads all information from the primary server.

DNS IN THE INTERNET

 DNS is a protocol that can be used in different platforms.

 In the Internet, the domain name space (tree) is divided into three
different sections - Generic domains, Country domains, and Inverse
domain.

Generic Domains

 The generic domains define registered hosts according to their

generic behavior.
 Each node in the tree defines a domain, which is an index to the domain
name space database.
 The first level in the generic domains section allows seven possible
three character levels.
 These levels describe the organization types as listed in following table.

Country Domains

 The country domains section follows the same format as the generic
domains but uses two characters for country abbreviations
 E.g.; in for India, us for United States etc) in place of the three
character organizational abbreviation at the first level.
 Second level labels can be organizational, or they can be more
specific, national designation.
 India for example, uses state abbreviations as a subdivision of the
country domain us. (e.g., ca.in.)
nverse Domains

 Mapping an address to a name is called Inverse domain.

  The client can send an IP address to a server to be mapped to a domain
name and it is called PTR(Pointer) query.
 To answer queries of this kind, DNS uses the inverse domain

DNS RESOLUTION

 Mapping a name to an address or an address to a name is called name

address resolution.
 DNS is designed as a client server application.

 A host that needs to map an address to a name or a name to an address calls

a DNS client named a Resolver.
 The Resolver accesses the closest DNS server with a mapping request.

 If the server has the information, it satisfies the resolver; otherwise, it

either refers the resolver to other servers or asks other servers to provide
the information.
 After the resolver receives the mapping, it interprets the response to see if it is
a real resolution or an error and finally delivers the result to the process that
requested it.
 A resolution can be either recursive or iterative.

Recursive Resolution

● The application program on the source host calls the DNS resolver (client) to
find the IP address of the destination host. The resolver, which does not
know this address, sends the query to the local DNS server of the source
(Event 1)
● The local server sends the query to a root DNS server (Event 2)
● The Root server sends the query to the top-level-DNS server(Event 3)
● The top-level DNS server knows only the IP address of the local DNS server at
the destination. So it forwards the query to the local server, which knows the
IP address of the destination host (Event 4)
● The IP address of the destination host is now sent back to the top-level DNS
server(Event 5) then back to the root server (Event 6), then back to the
source DNS server, which may cache it for the future queries (Event 7), and
finally back to the source host (Event 8).
Iterative Resolution

● In iterative resolution, each server that does not know the mapping, sends
the IP address of the next server back to the one that requested it.
● The iterative resolution takes place between two local servers.
● The original resolver gets the final answer from the destination local server.
● The messages shown by Events 2, 4, and 6 contain the same query.
● However, the message shown by Event 3 contains the IP address of the
top- level domain server.
● The message shown by Event 5 contains the IP address of the destination
local DNS server
● The message shown by Event 7 contains the IP address of the destination.
● When the Source local DNS server receives the IP address of the
destination, it sends it to the resolver (Event 8).

DNS CACHING
 Each time a server receives a query for a name that is not in its domain, it
needs to search its database for a server IP address.
 DNS handles this with a mechanism called caching.

 When a server asks for a mapping from another server and receives the
response, it stores this information in its cache memory before sending it to
the client.
 If the same or another client asks for the same mapping, it can check its
cache memory and resolve the problem.
 However, to inform the client that the response is coming from the cache
memory and not from an authoritative source, the server marks the response
as unauthoritative.
 Caching speeds up resolution. Reduction of this search time would
increase efficiency, but it can also be problematic.
 If a server caches a mapping for a long time, it may send an outdated
mapping to the client.
 To counter this, two techniques are used.
✔ First, the authoritative server always adds information to the mapping
called time to live (TTL). It defines the time in seconds that the
receiving server can cache the information. After that time, the
mapping is invalid and any query must be sent again to the authoritative
server.
 ✔ Second, DNS requires that each server keep a TTL counter for each
mapping it caches. The cache memory must be searched
periodically and those mappings with an expired TTL must be
purged.

DNS RESOURCE RECORDS (RR)

● The zone information associated with a server is implemented as a set of
resource records.
● In other words, a name server stores a database of resource records.
● A resource record is a 5-tuple structure :
(Domain Name, Type, Class, TTL, Value)
● The domain name identifies the resource record.
● The type defines how the value should be interpreted.
● The value defines the information kept about the domain name.
● The TTL defines the number of seconds for which the information is valid.
● The class defines the type of network

Types of Resource Records

DNS MESSAGES
 DNS has two types of messages: query and response.

 Both types have the same format.

 The query message consists of a header and question section.

 The response message consists of a header, question section, answer

section, authoritative section, and additional section .

 Header
 Both query and response messages have the same header format
with some fields set to zero for the query messages.
 The header fields are as follows:
  The identification field is used by the client to match the response
with the query.
 The flag field defines whether the message is a query or response. It
also includes status of error.
 The next four fields in the header define the number of each record
type in the message.
 Question Section

 The question section consists of one or more question records.

It is present in both query and response messages.
 Answer Section

 The answer section consists of one or more resource records.

It is present only in response messages.
 Authoritative Section

 The authoritative section gives information (domain name) about one

or more authoritative servers for the query.
 Additional Information Section

 The additional information section provides additional information

that may help the resolver.

DNS CONNECTIONS
 DNS can use either UDP or TCP.

 In both cases the well-known port used by the server is port 53.

 UDP is used when the size of the response message is less than 512
bytes because most UDP packages have a 512-byte packet size limit.
 If the size of the response message is more than 512 bytes, a TCP connection
is used.

DNS REGISTRARS
 New domains are added to DNS through a registrar. A fee is charged.

 A registrar first verifies that the requested domain name is unique and
then enters it into the DNS database.
⮚ Today, there are many registrars; their names and addresses can be found at
 http://www.intenic.net
 To register, the organization needs to give the name of its server and the
IP address of the server.
 For example, a new commercial organization named wonderful with a
server named ws and IP address 200.200.200.5, needs to give the
following information to one of the registrars:
Domain name: ws.wonderful.com IP address: 200.200.200.5
DDNS (DYNAMIC DOMAIN NAME SYSTEM)
 In DNS, when there is a change, such as adding a new host, removing a host,
or changing an IP address, the change must be made to the DNS master file.
 The DNS master file must be updated dynamically.

 The Dynamic Domain Name System (DDNS) is used for this purpose.

 In DDNS, when a binding between a name and an address is determined,

the information is sent to a primary DNS server.
 The primary server updates the zone.

 The secondary servers are notified either actively or passively.

 In active notification, the primary server sends a message to the secondary

servers about the change in the zone, whereas in passive notification, the
secondary servers periodically check for any changes.
 In either case, after being notified about the change, the secondary
server requests information about the entire zone (called the zone
transfer).
 To provide security and prevent unauthorized changes in the DNS
records, DDNS can use an authentication mechanism.

DNS SECURITY
 DNS is one of the most important systems in the Internet infrastructure;
it provides crucial services to Internet users.
 Applications such as Web access or e-mail are heavily dependent on the
proper operation of DNS.
 DNS can be attacked in several ways including:

 Attack on Confidentiality - The attacker may read the response of a

DNS server to find the nature or names of sites the user mostly
accesses. This type of information can be used to find the user’s profile.
To prevent this attack, DNS messages need to be confidential.
 Attack on authentication and integrity - The attacker may intercept the
response of a DNS server and change it or create a totally new bogus
response to direct the user to the site or domain the attacker wishes the
user to access. This type of attack can be prevented using message origin
authentication and message integrity.
 Attack on denial-of-service - The attacker may flood the DNS server to
overwhelm it or eventually crash it. This type of attack can be
prevented using the provision against denial-of-service attack.

 To protect DNS, IETF has devised a technology named DNS Security

(DNSSEC) that provides message origin authentication and message
integrity using a security service called digital signature.
 DNSSEC, however, does not provide confidentiality for the DNS messages.

 There is no specific protection against the denial-of-service attack in the

specification of DNSSEC. However, the caching system protects the
upper- level servers against this attack to some extent.
 SNMP (SIMPLE NETWORK MANAGEMENT PROTOCOL)
 The Simple Network Management Protocol (SNMP) is a framework
for managing devices in an internet using the TCP/IP protocol suite.
 SNMP is an application layer protocol that monitors and manages
routers, distributed over a network.
 It provides a set of operations for monitoring and managing the internet.

 SNMP uses services of UDP on two well-known ports: 161 (Agent) and
162 (manager).

 SNMP uses the concept of manager and agent.

SNMP MANAGER

● A manager is a host that runs the SNMP client program

● The manager has access to the values in the database kept by the agent.
● A manager checks the agent by requesting the information that reflects
the behavior of the agent.
● A manager also forces the agent to perform a certain function by
resetting values in the agent database.
● For example, a router can store in appropriate variables the number of
packets received and forwarded.
● The manager can fetch and compare the values of these two variables to
see if the router is congested or not.
SNMP AGENT

● The agent is a router that runs the SNMP server program.

● The agent is used to keep the information in a database while the
manager is used to access the values in the database.
● For example, a router can store the appropriate variables such as a number of
packets received and forwarded while the manager can compare these
variables to determine whether the router is congested or not.
● Agents can also contribute to the management process.
● A server program on the agent checks the environment, if something
goes wrong, the agent sends a warning message to the manager.

SNMP MANAGEMENT COMPONENTS

● Management of the internet is achieved through simple interaction
between a manager and agent.
● Management is achieved through the use of two protocols:
 oStructure of Management Information (SMI)
oManagement Information Base (MIB).

Structure of Management Information (SMI)

● To use SNMP, we need rules for naming objects.
● SMI is a protocol that defines these rules.
● SMI is a guideline for SNMP
● It emphasizes three attributes to handle an object: name, data type,
and encoding method.
● Its functions are:
❖ To name objects.

❖ To define the type of data that can be stored in an object.

❖ To show how to encode data for transmission over the network.

Name
✔ SMI requires that each managed
object (such as a router, a variable
in a router, a value,etc.) have a
unique name. To name objects
globally.
✔ SMI uses an object identifier,
which is a hierarchical identifier
based on a tree structure.
✔ The tree structure starts with an
unnamed root. Each object
can be defined using a
sequence of integers
separated by dots.
✔ The tree structure can also define
an object using a sequence of
textual names separated by dots.
Type of data
✔ The second attribute of an object is the type of data stored in it.

✔ To define the data type, SMI uses Abstract Syntax Notation One (ASN.1)
definitions.
✔ SMI has two broad categories of data types: simple and structured.
 ✔ The simple data types are atomic data types. Some of them are taken
directly from ASN.1; some are added by SMI.
✔ SMI defines two structured data types: sequence and sequence of.

▪ Sequence - A sequence data type is a combination of simple data

types, not necessarily of the same type.
▪ Sequence of - A sequence of data type is a combination of simple data
types all of the same type or a combination of sequence data types all
of the same type.
Encoding data
✔ SMI uses another standard, Basic Encoding Rules (BER), to encode data to
be transmitted over the network.
✔ BER specifies that each piece of data be encoded in triplet format (TLV):
tag, length, value
 Management Information Base (MIB)
The Management Information Base (MIB) is the second component used in network
management.
● Each agent has its own MIB, which is a collection of objects to be managed.
● MIB classifies objects under groups.

MIB Variables
MIB variables are of two types namely simple and table.
● Simple variables are accessed using group-id followed by variable-id and 0
● Tables are ordered as column-row rules, i.e., column by column from top
to bottom. Only leaf elements are accessible in a table type.

SNMP MESSAGES/PDU
SNMP is request/reply protocol that supports various operations using PDUs.SNMP
defines eight types of protocol data units (or PDUs):
GetRequest, GetNext-Request, GetBulkRequest, SetRequest, Response, Trap,
InformRequest, and Report

GetRequest
▪ The GetRequest PDU is sent from the manager (client) to the agent (server)
to retrieve the value of a variable or a set of variables.

GetNextRequest
▪ The GetNextRequest PDU is sent from the manager to the agent to retrieve
the value of a variable.
GetBulkRequest
▪ The GetBulkRequest PDU is sent from the manager to the agent to retrieve alarge
amount of data. It can be used instead of multiple GetRequest and GetNextRequest
PDUs.

SetRequest
▪ The SetRequest PDU is sent from the manager to the agent to set (store) avalue
in a variable.

Response
▪ The Response PDU is sent from an agent to a manager in response to GetRequest
or GetNextRequest. It contains the value(s) of the variable(s)requested by the
manager.

Trap
▪ The Trap PDU is sent from the agent to the manager to report an event. For example, if
the agent is rebooted, it informs the manager and reports the time ofrebooting.

InformRequest
▪ The InformRequest PDU is sent from one manager to another remote manager to get
the value of some variables from agents under the control of the remotemanager. The
remote manager responds with a Response PDU.

Report
▪ The Report PDU is designed to report some types of errors between managers.
CS3591 – Computer Networks Unit 2
 CS3591 – Computer Networks Unit 2

⮚ The transport layer is the fourth layer of the OSI model and is the core of the
Internet model.
⮚ It responds to service requests from the session layer and issues service requests
to the network Layer.
⮚ The transport layer provides transparent transfer of data between hosts.

⮚ It provides end-to-end control and information transfer with the quality of

service needed by the application program.
⮚ It is the first true end-to-end layer, implemented in all End Systems (ES).

TRANSPORT LAYER FUNCTIONS / SERVICES

 The transport layer is located between the network layer and the application layer.

 The transport layer is responsible for providing services to the application

layer; it receives services from the network layer.
 The services that can be provided by the transport layer are
1. Process-to-Process
Communication 2.Addressing : Port
Numbers 3.Encapsulation and
Decapsulation 4.Multiplexing and
Demultiplexing 5.Flow Control
6. Error Control
7. Congestion Control
1
 CS3591 – Computer Networks Unit 2

Process-to-Process Communication
 The Transport Layer is responsible for delivering data to the appropriate
application process on the host computers.
 This involves multiplexing of data from different application processes, i.e.
forming data packets, and adding source and destination port numbers in the
header of each Transport Layer data packet.
 Together with the source and destination IP address, the port numbers constitutes a
network socket, i.e. an identification address of the process-to-
process communication.

Addressing: Port Numbers

 Ports are the essential ways to address multiple entities in the same location.

 Using port addressing it is possible to use more than one network-based

application at the same time.
 Three types of Port numbers are used :

✔ Well-known ports - These are permanent port numbers. They range

between 0 to 1023.These port numbers are used by Server Process.
✔ Registered ports - The ports ranging from 1024 to 49,151 are not assigned
or controlled.
✔ Ephemeral ports (Dynamic Ports) – These are temporary port numbers. They
range between 49152–65535.These port numbers are used by Client
Process.

Encapsulation and Decapsulation

 To send a message from one process to another, the transport-layer
protocol encapsulates and decapsulates messages.
 Encapsulation happens at the sender site. The transport layer receives the data
and adds the transport-layer header.
 Decapsulation happens at the receiver site. When the message arrives at the
destination transport layer, the header is dropped and the transport layer delivers
the message to the process running at the application layer.

Multiplexing and Demultiplexing

 Whenever an entity accepts items from more than one source, this is referred to as
multiplexing (many to one).
 Whenever an entity delivers items to more than one source, this is referred to as
demultiplexing (one to many).
 The transport layer at the source performs multiplexing

 The transport layer at the destination performs demultiplexing

Flow Control
 Flow Control is the process of managing the rate of data transmission between
two nodes to prevent a fast sender from overwhelming a slow receiver.
 It provides a mechanism for the receiver to control the transmission speed, so that
the receiving node is not overwhelmed with data from transmitting node.
 CS3591 – Computer Networks Unit 2

Error Control
 Error control at the transport layer is responsible for
1. Detecting and discarding corrupted packets.
2. Keeping track of lost and discarded packets and resending them.
3. Recognizing duplicate packets and discarding them.
4. Buffering out-of-order packets until the missing packets arrive.

 Error Control involves Error Detection and Error Correction

Congestion Control
 Congestion in a network may occur if the load on the network (the number of
packets sent to the network) is greater than the capacity of the network (the
number of packets a network can handle).
 Congestion control refers to the mechanisms and techniques that control
the congestion and keep the load below the capacity.
 Congestion Control refers to techniques and mechanisms that can either
prevent congestion, before it happens, or remove congestion, after it has
happened
 Congestion control mechanisms are divided into two categories,
1. Open loop - prevent the congestion before it happens.
2. Closed loop - remove the congestion after it happens.

● A transport-layer protocol usually has several responsibilities.

● One is to create a process-to-process communication.
● Processes are programs that run on hosts. It could be either server or client.
● A process on the local host, called a client, needs services from a process
usually on the remote host, called a server.
● Processes are assigned a unique 16-bit port number on that host.
● Port numbers provide end-to-end addresses at the transport layer
● They also provide multiplexing and demultiplexing at this layer.
 CS3591 – Computer Networks Unit 2

● The port numbers are integers between 0 and 65,535 .

ICANN (Internet Corporation for Assigned Names and Numbers) has divided the port
numbers into three ranges:
✔ Well-known ports

✔ Registered

✔ Ephemeral ports (Dynamic Ports)

WELL-KNOWN PORTS
● These are permanent port numbers used by the servers.
● They range between 0 to 1023.
● This port number cannot be chosen randomly.
● These port numbers are universal port numbers for servers.
● Every client process knows the well-known port number of the corresponding
server process.
● For example, while the daytime client process, a well-known client program, can
use an ephemeral (temporary) port number, 52,000, to identify itself, the
daytime server process must use the well-known (permanent) port number 13.
 CS3591 – Computer Networks Unit 2

EPHEMERAL PORTS (DYNAMIC PORTS)

● The client program defines itself with a port number, called the ephemeral
port number.
● The word ephemeral means “short-lived” and is used because the life of a client is
normally short.
● An ephemeral port number is recommended to be greater than 1023.
● These port number ranges from 49,152 to 65,535 .
● They are neither controlled nor registered. They can be used as temporary or
private port numbers.

REGISTERED PORTS
● The ports ranging from 1024 to 49,151 are not assigned or controlled.

● Three protocols are associated with the Transport layer.

● They are
(1) UDP –User Datagram Protocol
(2) TCP – Transmission Control Protocol
(3) SCTP - Stream Control Transmission Protocol
● Each protocol provides a different type of service and should be used
appropriately.
 CS3591 – Computer Networks Unit 2

UDP - UDP is an unreliable connectionless transport-layer protocol used for its simplicity
and efficiency in applications where error control can be provided by the application-layer
process.

TCP - TCP is a reliable connection-oriented protocol that can be used in any application
where reliability is important.

SCTP - SCTP is a new transport-layer protocol designed to combine some features of UDP
and TCP in an effort to create a better protocol for multimedia communication.

● User Datagram Protocol (UDP) is a connectionless, unreliable transport protocol.

● UDP adds process-to-process communication to best-effort service provided by
IP.
● UDP is a very simple protocol using a minimum of overhead.
● UDP is a simple demultiplexer, which allows multiple processes on each host
to communicate.
● UDP does not provide flow control , reliable or ordered delivery.
● UDP can be used to send small message where reliability is not expected.
● Sending a small message using UDP takes much less interaction between the
sender and receiver.
● UDP allow processes to indirectly identify each other using an abstract locator
called port or mailbox

UDP PORTS
● Processes (server/client) are identified by an abstract locator known as port.
● Server accepts message at well known port.
● Some well-known UDP ports are 7–Echo, 53–DNS, 111–RPC, 161–SNMP, etc.
● < port, host > pair is used as key for demultiplexing.
● Ports are implemented as a message queue.
● When a message arrives, UDP appends it to end of the queue.
● When queue is full, the message is discarded.
● When a message is read, it is removed from the queue.
● When an application process wants to receive a message, one is removed from
the front of the queue.
● If the queue is empty, the process blocks until a message becomes available.
 CS3591 – Computer Networks Unit 2

UDP DATAGRAM (PACKET) FORMAT

● UDP packets are known as user datagrams .
● These user datagrams, have a fixed-size header of 8 bytes made of four fields,
each of 2 bytes (16 bits).

Source Port Number

⮚ Port number used by process on source host with 16 bits long.

⮚ If the source host is client (sending request) then the port number is an
temporary one requested by the process and chosen by UDP.
⮚ If the source is server (sending response) then it is well known port number.

Destination Port Number

⮚ Port number used by process on Destination host with 16 bits long.

⮚ If the destination host is the server (a client sending request) then

 the port number is a well known port number.
⮚ If the destination host is client (a server sending response) then port
number is an temporary one copied by server from the request packet.
 CS3591 – Computer Networks Unit 2

Length

⮚ This field denotes the total length of the UDP Packet (Header plus data)

⮚ The total length of any UDP datagram can be from 0 to 65,535 bytes.

Checksum

⮚ UDP computes its checksum over the UDP header, the contents of the
message body, and something called the pseudoheader.
⮚ The pseudoheader consists of three fields from the IP header—protocol
number, source IP address, destination IP address plus the UDP length field.
Data
 Data field defines tha actual payload to be
transmitted.
 Its size is variable.

UDP SERVICES
Process-to-Process Communication
● UDP provides process-to-process communication
using socket addresses, a combination of IP addresses and
port numbers.

Connectionless Services
● UDP provides a connectionless service.
● There is no connection establishment and no connection termination .
● Each user datagram sent by UDP is an independent datagram.
● There is no relationship between the different user datagrams even if they are
● coming from the same source process and going to the same destination program.
● The user datagrams are not numbered.
● Each user datagram can travel on a different path.

Flow Control
● UDP is a very simple protocol.
● There is no flow control, and hence no window mechanism.
● The receiver may overflow with incoming messages.
● The lack of flow control means that the process using UDP should provide for
this service, if needed.

Error Control
● There is no error control mechanism in UDP except for the checksum.
● This means that the sender does not know if a message has been lost or duplicated.
● When the receiver detects an error through the checksum, the user
datagram is silently discarded.
 CS3591 – Computer Networks Unit 2

● The lack of error control means that the process using UDP should provide for
this service, if needed.

Checksum
● UDP checksum calculation includes three sections: a pseudoheader, the UDP
header, and the data coming from the application layer.
● The pseudoheader is the part of the header in which the user datagram is to
be encapsulated with some fields filled with 0s.

Optional Inclusion of Checksum

⮚ The sender of a UDP packet can choose not to calculate the checksum.

⮚ In this case, the checksum field is filled with all 0s before being sent.

⮚ In the situation where the sender decides to calculate the checksum,

but it happens that the result is all 0s, the checksum is changed to all
1s before the packet is sent.
⮚ In other words, the sender complements the sum two times.

Congestion Control
● Since UDP is a connectionless protocol, it does not provide congestion control.
● UDP assumes that the packets sent are small and sporadic(occasionally or at
irregular intervals) and cannot create congestion in the network.
● This assumption may or may not be true, when UDP is used for interactive real-
time transfer of audio and video.

Encapsulation and Decapsulation

● To send a message from one process to another, the UDP protocol encapsulates
and decapsulates messages.

Queuing
● In UDP, queues are associated with ports.
● At the client site, when a process starts, it requests a port number from the
operating system.
● Some implementations create both an incoming and an outgoing queue
associated with each process.
● Other implementations create only an incoming queue associated with each
process.

Multiplexing and Demultiplexing

● In a host running a transport protocol suite, there is only one UDP but
possibly several processes that may want to use the services of UDP.
● To handle this situation, UDP multiplexes and demultiplexes.
 CS3591 – Computer Networks Unit 2

APPLICATIONS OF UDP
● UDP is used for management processes such as SNMP.
● UDP is used for route updating protocols such as RIP.
● UDP is a suitable transport protocol for multicasting. Multicasting
capability is embedded in the UDP software
● UDP is suitable for a process with internal flow and error control mechanisms
such as Trivial File Transfer Protocol (TFTP).
● UDP is suitable for a process that requires simple request-response
communication with little concern for flow and error control.
● UDP is normally used for interactive real-time applications that cannot
tolerate uneven delay between sections of a received message.

 TCP is a reliable, connection-oriented, byte-stream protocol.

 TCP guarantees the reliable, in-order delivery of a stream of bytes. It is a full-

duplex protocol, meaning that each TCP connection supports a pair of byte
streams, one flowing in each direction.
 TCP includes a flow-control mechanism for each of these byte streams that allow
the receiver to limit how much data the sender can transmit at a given time.
 TCP supports a demultiplexing mechanism that allows multiple application
programs on any given host to simultaneously carry on a conversation with their
peers.
 TCP also implements congestion-control mechanism. The idea of this mechanism
is to prevent sender from overloading the network.
 Flow control is an end to end issue, whereas congestion control is concerned
with how host and network interact.

TCP SERVICES
Process-to-Process Communication
● TCP provides process-to-process communication using port numbers.

Stream Delivery Service

● TCP is a stream-oriented protocol.
● TCP allows the sending process to deliver data as a stream of bytes and allows
the receiving process to obtain data as a stream of bytes.
● TCP creates an environment in which the two processes seem to be connected by
an imaginary “tube” that carries their bytes across the Internet.
● The sending process produces (writes to) the stream and the receiving
process consumes (reads from) it.
 CS3591 – Computer Networks Unit 2

Full-Duplex Communication
● TCP offers full-duplex service, where data can flow in both directions at the
same time.
● Each TCP endpoint then has its own sending and receiving buffer, and
segments move in both directions.

Multiplexing and Demultiplexing

TCP performs multiplexing at the sender and demultiplexing at the receiver.

Connection-Oriented Service
● TCP is a connection-oriented protocol.
● A connection needs to be established for each pair of processes.
● When a process at site A wants to send to and receive data from
another process at site B, the following three phases occur:
1. The two TCP’s establish a logical connection between them.
2. Data are exchanged in both directions.
3. The connection is terminated.

Reliable Service
● TCP is a reliable transport protocol.
● It uses an acknowledgment mechanism to check the safe and sound arrival of data.

TCP SEGMENT
● A packet in TCP is called a segment.
● Data unit exchanged between TCP peers are called segments.
● A TCP segment encapsulates the data received from the application layer.
● The TCP segment is encapsulated in an IP datagram, which in turn is encapsulated
in a frame at the data-link layer.
 CS3591 – Computer Networks Unit 2

● TCP is a byte-oriented protocol, which means that the sender writes bytes into a
TCP connection and the receiver reads bytes out of the TCP connection.
● TCP does not, itself, transmit individual bytes over the Internet.
● TCP on the source host buffers enough bytes from the sending process to fill a
reasonably sized packet and then sends this packet to its peer on the destination
host.
● TCP on the destination host then empties the contents of the packet into a
receive buffer, and the receiving process reads from this buffer at its leisure.
● TCP connection supports byte streams flowing in both directions.
● The packets exchanged between TCP peers are called segments, since each
one carries a segment of the byte stream.

TCP PACKET FORMAT

● Each TCP segment contains the header plus the data.
● The segment consists of a header of 20 to 60 bytes, followed by data from
the application program.
● The header is 20 bytes if there are no options and up to 60 bytes if it
contains options.

SrcPort and DstPort―port number of source and destination process.

SequenceNum―contains sequence number, i.e. first byte of data segment.
Acknowledgment― byte number of segment, the receiver expects next.
HdrLen―Length of TCP header as 4-byte words.
Flags― contains six control bits known as flags.
o URG — segment contains urgent
data.
oACK — value of acknowledgment field is valid.
oPUSH — sender has invoked the push operation.
oRESET — receiver wants to abort the
connection.
o SYN — synchronize sequence numbers during connection establishment.
oFIN — terminates the TCP connection.
 CS3591 – Computer Networks Unit 2

Advertised Window―defines receiver’s window size and acts as flow control.

Checksum―It is computed over TCP header, Data, and pseudo header containing IP fields
(Length, SourceAddr & DestinationAddr).
UrgPtr ― used when the segment contains urgent data. It defines a value that must
be added to the sequence number.
Options - There can be up to 40 bytes of optional information in the TCP header.

TCP CONNECTION MANAGEMENT

● TCP is connection-oriented.
● A connection-oriented transport protocol establishes a logical path between
the source and destination.
● All of the segments belonging to a message are then sent over this logical path.
● In TCP, connection-oriented transmission requires three phases:
Connection Establishment, Data Transfer and Connection
Termination.

Connection Establishment

 While opening a TCP connection the two nodes(client and server) want to agree on
a set of parameters.
 The parameters are the starting sequence numbers that is to be used for
their respective byte streams.
 Connection establishment in TCP is a three-way handshaking.

1. Client sends a SYN segment to the server containing its initial sequence number (Flags
= SYN, SequenceNum = x)
2. Server responds with a segment that acknowledges client’s segment and specifies
its initial sequence number (Flags = SYN + ACK, ACK = x + 1 SequenceNum = y).
3. Finally, client responds with a segment that acknowledges server’s sequence number
(Flags = ACK, ACK = y + 1).
 CS3591 – Computer Networks Unit 2

● The reason that each side acknowledges a sequence number that is one larger
than the one sent is that the Acknowledgment field actually identifies the
“next sequence number expected,”
● A timer is scheduled for each of the first two segments, and if the
expected response is not received, the segment is retransmitted.

Data Transfer
● After connection is established, bidirectional data transfer can take place.

● The client and server can send data and acknowledgments in both directions.

● The data traveling in the same direction as an acknowledgment are carried on

the same segment.
● The acknowledgment is piggybacked with the data.

Connection Termination

⮚ Connection termination or teardown can be done in two ways :

Three-way Close and Half-Close

Three-way Close—Both client and server close

simultaneously.

 Client sends a FIN segment.

 The FIN segment can include

last chunk of data.
 Server responds with FIN +
ACK segment to inform its
closing.
 Finally, client sends an
ACK segment

Half-Close—Client stops sending but receives data.

 Client half-closes the

connection by sending a
FIN segment.
● Server sends an ACK segment.

● Data transfer from client to

the server stops.
● After sending all data, server
sends FIN segment to client,
which is acknowledged by the
client.
 CS3591 – Computer Networks Unit 2

STATE TRANSITION DIAGRAM

 To keep track of all the different events happening during connection establishment,
connection termination, and data transfer, TCP is specified as the finite state
machine (FSM).
 The transition from one state to another is shown using directed lines.
 States involved in opening and closing a connection is shown above and
below ESTABLISHED state respectively.
 States Involved in TCP :
 CS3591 – Computer Networks Unit 2

Opening a TCP Connection

1. Server invokes a passive open on TCP, which causes TCP to move to LISTEN state
2. Client does an active open, which causes its TCP to send a SYN segment to the
server and move to SYN_SENT state.
3. When SYN segment arrives at the server, it moves to SYN_RCVD state and responds
with a SYN + ACK segment.
4. Arrival of SYN + ACK segment causes the client to move to ESTABLISHED
state and sends an ACK to the server.
5. When ACK arrives, the server finally moves to ESTABLISHED state.

Closing a TCP Connection

1.Client / Server can independently close its half of the connection or simultaneously.

Transitions from ESTABLISHED to CLOSED state are:

One side closes:
ESTABLISHED FIN_WAIT_1 FIN_WAIT_2 TIME_WAIT CLOSED
Other side closes:
ESTABLISHED CLOSE_WAIT LAST_ACK CLOSED
Simultaneous close:
ESTABLISHED FIN_WAIT_1 CLOSING TIME_WAIT CLOSED

TCP FLOW CONTROL

 TCP uses a variant of sliding window known as adaptive flow
control that: o guarantees reliable delivery of data
o ensures ordered delivery of data
oenforces flow control at the sender

 Receiver advertises its window size to the sender using AdvertisedWindow field.

 Sender thus cannot have unacknowledged data greater than AdvertisedWindow.

 CS3591 – Computer Networks Unit 2

Send Buffer
 Sending TCP maintains send buffer which contains 3 segments

(1) acknowledged data

(2) unacknowledged data
(3) data to be transmitted.

 Send buffer maintains three pointers

(1) LastByteAcked, (2) LastByteSent, and (3)

LastByteWritten such that:
LastByteAcked LastByteSent LastByteWritten
 A byte can be sent only after being written and only a sent byte can be

acknowledged.

 Bytes to the left of LastByteAcked are not kept as it had been acknowledged.

Receive Buffer
 Receiving TCP maintains receive buffer to hold data even if it arrives out-of-
order.

 Receive buffer maintains three pointers namely

(1) LastByteRead, (2) NextByteExpected, and (3)

LastByteRcvd such that:
LastByteRead NextByteExpected LastByteRcvd + 1
 A byte cannot be read until that byte and all preceding bytes have been received.

 If data is received in order, then NextByteExpected = LastByteRcvd + 1

 Bytes to the left of LastByteRead are not buffered, since it is read by the
application.

Flow Control in TCP

 Size of send and receive buffer is MaxSendBuffer and MaxRcvBuffer respectively.
 Sending TCP prevents overflowing of send buffer by maintaining

LastByteWritten LastByteAcked MaxSendBu ffer

 Receiving TCP avoids overflowing its receive buffer by maintaining

LastByteRcvd LastByteRead MaxRcvBuffer

 Receiver throttles the sender by having AdvertisedWindow based on free space
 CS3591 – Computer Networks Unit 2

available for buffering.

AdvertisedWindow = MaxRcvBuffer ((NextByteExpected 1) – LastByteRead)

 Sending TCP adheres to AdvertisedWindow by computing EffectiveWindow that

limits how much data it should send.

EffectiveWindow = AdvertisedWindow (LastByteSent LastByteAcked)

 When data arrives, LastByteRcvd moves to its right and AdvertisedWindow

shrinks.

 Receiver acknowledges only, if preceding bytes have arrived.

 AdvertisedWindow expands when data is read by the

application. o If data is read as fast as it arrives then
AdvertisedWindow = MaxRcvBuffer
o If data is read slowly, it eventually leads to a AdvertisedWindow of size 0.

 AdvertisedWindow field is designed to allow sender to keep the pipe full.

TCP TRANSMISSION
 TCP has three mechanism to trigger the transmission of a segment.
 They are
o Maximum Segment Size (MSS) - Silly Window Syndrome
o Timeout - Nagle’s Algorithm

Silly Window Syndrome

 When either the sending application program creates data slowly or the
receiving application program consumes data slowly, or both, problems arise.
 Any of these situations results in the sending of data in very small segments,
which reduces the efficiency of the operation.
 This problem is called the silly window syndrome.

 The sending TCP may create a silly window syndrome if it is serving an

 application program that creates data slowly, for example, 1 byte at a time.
 The application program writes 1 byte at a time into the buffer of the sending
TCP.
 The result is a lot of 1-byte segments that are traveling through an internet.

 The solution is to prevent the sending TCP from sending the data byte by byte.

 The sending TCP must be forced to wait and collect data to send in a larger block.
 CS3591 – Computer Networks Unit 2

Nagle’s Algorithm
▪ If there is data to send but is less than MSS, then we may want to wait some
amount of time before sending the available data

▪ If we wait too long, then it may delay the process.

▪ If we don’t wait long enough, it may end up sending small segments resulting
in Silly Window Syndrome.

▪ The solution is to introduce a timer and to transmit when the timer expires

▪ Nagle introduced an algorithm for solving this problem

TCP CONGESTION CONTROL

 Congestion occurs if load (number of packets sent) is greater than capacity of
the network (number of packets a network can handle).
 When load is less than network capacity, throughput increases proportionally.

 When load exceeds capacity, queues become full and the routers discard
some packets and throughput declines sharply.
 When too many packets are contending for the same link

oThe queue overflows

oPackets get dropped
oNetwork is congested
 Network should provide a congestion control mechanism to deal with
such a situation.
 TCP maintains a variable called CongestionWindow for each connection.

 TCP Congestion Control mechanisms are:

 CS3591 – Computer Networks Unit 2

1. Additive Increase / Multiplicative Decrease (AIMD)

2. Slow Start
3. Fast Retransmit and Fast Recovery

Additive Increase / Multiplicative Decrease (AIMD)

 TCP source initializes CongestionWindow based on congestion level in the
network.

 Source increases CongestionWindow when level of congestion goes down and

decreases the same when level of congestion goes up.

 TCP interprets timeouts as a sign of congestion and reduces the rate of

transmission.

 On timeout, source reduces its CongestionWindow by half, i.e., multiplicative

decrease. For example, if CongestionWindow = 16 packets, after timeout it is
8.

 Value of CongestionWindow is never less than maximum segment size (MSS).

 When ACK arrives CongestionWindow is incremented marginally, i.e.,

additive increase.
Increment = MSS × (MSS/CongestionWindow)
CongestionWindow += Increment

 For example, when ACK arrives for 1 packet, 2 packets are sent. When ACK for
both packets arrive, 3 packets are sent and so on.

 CongestionWindow increases and decreases throughout lifetime of the connection.

 CS3591 – Computer Networks Unit 2

 When CongestionWindow is plotted as a function of time, a saw-tooth

pattern results.

Slow Start
 Slow start is used to increase CongestionWindow exponentially from a cold start.

 Source TCP initializes CongestionWindow to one packet.

 TCP doubles the number of packets sent every RTT on successful transmission.

 When ACK arrives for first packet TCP adds 1 packet to CongestionWindow
and sends two packets.
 When two ACKs arrive, TCP increments CongestionWindow by 2 packets and

sends four packets and so on.

 Instead of sending entire permissible packets at once (bursty traffic), packets are
sent in a phased manner, i.e., slow start.
 Initially TCP has no idea about congestion, henceforth it
increases CongestionWindow rapidly until there is a timeout. On timeout:
CongestionThreshold = CongestionWindow/
2 CongestionWindow = 1

 Slow start is repeated until CongestionWindow reaches CongestionThreshold

and thereafter 1 packet per RTT.
 CS3591 – Computer Networks Unit 2

 The congestion window trace will look like

Fast Retransmit And Fast Recovery

 TCP timeouts led to long periods of time during which the connection went
dead while waiting for a timer to expire.
 Fast retransmit is a heuristic approach that triggers retransmission of a
dropped packet sooner than the regular timeout mechanism. It does not
replace regular timeouts.
 When a packet arrives out of order, receiving TCP
resends the same acknowledgment (duplicate ACK) it sent last
time.
 When three duplicate ACK arrives at the sender, it infers that corresponding
packet may be lost due to congestion and retransmits that packet. This is called
fast retransmit before regular timeout.
 When packet loss is detected using fast retransmit, the slow start phase is replaced
by additive increase, multiplicative decrease method. This is known as fast
recovery.
 Instead of setting CongestionWindow to one packet, this method uses the ACKs
that are still in pipe to clock the sending of packets.
 Slow start is only used at the beginning of a connection and after regular timeout.
At other times, it follows a pure AIMD pattern.
 CS3591 – Computer Networks Unit 2

 For example, packets 1 and 2 are received whereas packet 3 gets lost.
o Receiver sends a duplicate ACK for packet 2 when packet 4 arrives.
o Sender receives 3 duplicate ACKs after sending packet 6 retransmits packet 3.
o When packet 3 is received, receiver sends cumulative ACK up to packet 6.

 The congestion window trace will look like

TCP CONGESTION AVOIDANCE

 Congestion avoidance mechanisms prevent congestion before it actually occurs.

 These mechanisms predict when congestion is about to happen and then to reduce
the rate at which hosts send data just before packets start being discarded.

 TCP creates loss of packets in order to determine bandwidth of the connection.

 Routers help the end nodes by intimating when congestion is likely to occur.

 Congestion-avoidance mechanisms are:

o DEC bit - Destination Experiencing Congestion Bit

o RED - Random Early Detection

Dec Bit - Destination Experiencing Congestion Bit

⮚ The first mechanism developed for use on the Digital Network Architecture (DNA).

⮚ The idea is to evenly split the responsibility for congestion control between

the routers and the end nodes.

⮚ Each router monitors the load it is experiencing and explicitly notifies the end

nodes when congestion is about to occur.

⮚ This notification is implemented by setting a binary congestion bit in the packets

that flow through the router; hence the name DECbit.

 CS3591 – Computer Networks Unit 2

⮚ The destination host then copies this congestion bit into the ACK it sends back to

the source.

⮚ The Source checks how many ACK has DEC bit set for previous window packets.

⮚ If less than 50% of ACK have DEC bit set, then source increases its

congestion window by 1 packet

⮚ Otherwise, decreases the congestion window by 87.5%.

⮚ Finally, the source adjusts its sending rate so as to avoid congestion.

⮚ Increase by 1, decrease by 0.875 rule was based on AIMD for stabilization.

⮚ A single congestion bit is added to the packet header.

⮚ Using a queue length of 1 as the trigger for setting the congestion bit.

⮚ A router sets this bit in a packet if its average queue length is greater than or equal

to 1 at the time the packet arrives.

Computing average queue length at a router using DEC bit

⮚ Average queue length is measured over a time interval that includes the

last busy + last idle cycle + current busy cycle.

⮚ It calculates the average queue length by dividing the curve area with time interval.
Red - Random Early Detection

⮚ The second mechanism of congestion avoidance is called as Random

Early Detection (RED).

 CS3591 – Computer Networks Unit 2

⮚ Each router is programmed to monitor its own queue length, and when it detects
that there is congestion, it notifies the source to adjust its congestion window.

⮚ RED differs from the DEC bit scheme by two ways:

a. In DECbit, explicit notification about congestion is sent to source,

whereas RED implicitly notifies the source by dropping a few packets.

b. DECbit may lead to tail drop policy, whereas RED drops packet based on
drop probability in a random manner. Drop each arriving packet with
some drop probability whenever the queue length exceeds some drop
level. This idea is called early random drop.

Computation of average queue length using RED

⮚ AvgLen = (1 Weight) × AvgLen + Weight × SampleLen

where 0 < Weight < 1 and

SampleLen – is the length of the queue when a
sample measurement is made.

⮚ The queue length is measured every time a new packet arrives at the gateway.

⮚ RED has two queue length thresholds that trigger certain activity: MinThreshold
and MaxThreshold

⮚ When a packet arrives at a gateway it compares Avglen with these two

values according to the following rules.

 CS3591 – Computer Networks Unit 2

 Stream Control Transmission Protocol (SCTP) is a reliable, message-

oriented transport layer protocol.
 SCTP has mixed features of TCP and UDP.
 SCTP maintains the message boundaries and detects the lost data, duplicate data
as well as out-of-order data.
 SCTP provides the Congestion control as well as Flow control.
 SCTP is especially designed for internet applications as well as
multimedia communication.

SCTP SERVICES

Process-to-Process Communication
 SCTP provides process-to-process communication.

Multiple Streams
 SCTP allows multistream service in each connection, which is called association
in SCTP terminology.

 If one of the streams is blocked, the other streams can still deliver their data.
Multihoming

 An SCTP association supports multihoming service.

 The sending and receiving host can define multiple IP addresses in each end for
an association.
 In this fault-tolerant approach, when one path fails, another interface can be used
for data delivery without interruption.
 CS3591 – Computer Networks Unit 2

Full-Duplex Communication
 SCTP offers full-duplex service, where data can flow in both directions at the same
time. Each SCTP then has a sending and receiving buffer and packets are sent in
both directions.

Connection-Oriented Service
 SCTP is a connection-oriented protocol.
 In SCTP, a connection is called an association.
 If a client wants to send and receive message from server , the steps are :
Step1: The two SCTPs establish the connection with each other.
Step2: Once the connection is established, the data gets exchanged in both
the directions.
Step3: Finally, the association is terminated.

Reliable Service
 SCTP is a reliable transport protocol.
 It uses an acknowledgment mechanism to check the safe and sound arrival of data.

SCTP PACKET FORMAT

An SCTP packet has a mandatory general header and a set of blocks called chunks.

General Header
 The general header (packet header) defines the end points of each association
to which the packet belongs
 It guarantees that the packet belongs to a particular association
 It also preserves the integrity of the contents of the packet including the header
itself.
 There are four fields in the general header.
Source port
 This field identifies the sending port.

Destination port
This field identifies the receiving port that hosts use to route the packet to
the appropriate endpoint/application.
 CS3591 – Computer Networks Unit 2

Verification tag
A 32-bit random value created during initialization to distinguish stale
packets from a previous connection.
Checksum
The next field is a checksum. The size of the checksum is 32 bits. SCTP
uses CRC-32 Checksum.

Chunks
 Control information or user data are carried in chunks.
 Chunks have a common layout.
 The first three fields are common to all chunks; the information field depends on
the type of chunk.

 The type field can define up to 256 types of chunks. Only a few have been defined
so far; the rest are reserved for future use.
 The flag field defines special flags that a particular chunk may need.
 The length field defines the total size of the chunk, in bytes, including the type,
flag, and length fields.

Types of Chunks
 An SCTP association may send many packets, a packet may contain several
chunks, and chunks may belong to different streams.
 SCTP defines two types of chunks - Control chunks and Data chunks.
 A control chunk controls and maintains the association.
 A data chunk carries user data.
 CS3591 – Computer Networks Unit 2

SCTP ASSOCIATION
 SCTP is a connection-oriented protocol.
 A connection in SCTP is called an association to emphasize multihoming.
 SCTP Associations consists of three phases:
⮚ Association Establishment

⮚ Data Transfer

⮚ Association Termination

Association Establishment
 Association establishment in SCTP requires a four-way handshake.
 In this procedure, a client process wants to establish an association with a
server process using SCTP as the transport-layer protocol.
 The SCTP server needs to be prepared to receive any association (passive open).

 Association establishment, however, is initiated by the client (active open).

 The client sends the first packet, which contains an INIT chunk.
 The server sends the second packet, which contains an INIT ACK chunk. The
INIT ACK also sends a cookie that defines the state of the server at this moment.
 The client sends the third packet, which includes a COOKIE ECHO chunk. This is
a very simple chunk that echoes, without change, the cookie sent by the server.
SCTP allows the inclusion of data chunks in this packet.
 The server sends the fourth packet, which includes the COOKIE ACK chunk that
acknowledges the receipt of the COOKIE ECHO chunk. SCTP allows the
inclusion of data chunks with this packet.
Data Transfer
 The whole purpose of an association is to transfer data between two ends.

 After the association is established, bidirectional data transfer can take place.

 The client and the server can both send data.

 SCTP supports piggybacking.

 CS3591 – Computer Networks Unit 2

 Types of SCTP data Transfer :

1. Multihoming Data Transfer

⮚ Data transfer, by default, uses the primary address of the destination.

⮚ If the primary is not available, one of the alternative addresses is used.

⮚ This is called Multihoming Data Transfer.

2. Multistream Delivery
⮚ SCTP can support multiple streams, which means that the sender
process can define different streams and a message can belong to one
of these streams.
⮚ Each stream is assigned a stream identifier (SI) which uniquely
defines that stream.
⮚ SCTP supports two types of data delivery in each stream: ordered
(default) and unordered.

Association Termination
 In SCTP,either of the two parties involved in exchanging data (client or server)
can close the connection.
 SCTP does not allow a “half closed” association. If one end closes the
association, the other end must stop sending new data.
 If any data are left over in the queue of the recipient of the termination request,
they are sent and the association is closed.
 Association termination uses three packets.
SCTP FLOW CONTROL
 Flow control in SCTP is similar to that in TCP.
 Current SCTP implementations use a byte-oriented window for flow control.

Receiver Site
 The receiver has one buffer (queue) and three variables.
 CS3591 – Computer Networks Unit 2

 The queue holds the received data chunks that have not yet been read by the
process.
 The first variable holds the last TSN received, cumTSN.
 The second variable holds the available buffer size; winsize.
 The third variable holds the last accumulative acknowledgment, lastACK.
 The following figure shows the queue and variables at the receiver site.

 When the site receives a data chunk, it stores it at the end of the buffer (queue)
and subtracts the size of the chunk from winSize.
 The TSN number of the chunk is stored in the cumTSN variable.
 When the process reads a chunk, it removes it from the queue and adds the size of
the removed chunk to winSize (recycling).
 When the receiver decides to send a SACK, it checks the value of lastAck; if it is
less than cumTSN, it sends a SACK with a cumulative TSN number equal to the
cumTSN.
 It also includes the value of winSize as the advertised window size.

Sender Site
 The sender has one buffer (queue) and three variables: curTSN, rwnd, and
inTransit.
 We assume each chunk is 100 bytes long. The buffer holds the chunks produced
by the process that either have been sent or are ready to be sent.
 The first variable, curTSN, refers to the next chunk to be sent.
 All chunks in the queue with a TSN less than this value have been sent, but
not acknowledged; they are outstanding.
 The second variable, rwnd, holds the last value advertised by the receiver (in
bytes).
 The third variable, inTransit, holds the number of bytes in transit, bytes sent but
 not yet acknowledged.
 The following figure shows the queue and variables at the sender site.
 CS3591 – Computer Networks Unit 2

 A chunk pointed to by curTSN can be sent if the size of the data is less than or
equal to the quantity rwnd - inTransit.
 After sending the chunk, the value of curTSN is incremented by 1 and now points
to the next chunk to be sent.
 The value of inTransit is incremented by the size of the data in the transmitted
chunk.
 When a SACK is received, the chunks with a TSN less than or equal to the
cumulative TSN in the SACK are removed from the queue and discarded. The
sender does not have to worry about them anymore.
 The value of inTransit is reduced by the total size of the discarded chunks.
 The value of rwnd is updated with the value of the advertised window in the
SACK.

SCTP ERROR CONTROL

 SCTP is a reliable transport layer protocol.
 It uses a SACK chunk to report the state of the receiver buffer to the sender.
 Each implementation uses a different set of entities and timers for the receiver
and sender sites.

Receiver Site
 The receiver stores all chunks that have arrived in its queue including the out-
of- order ones. However, it leaves spaces for any missing chunks.
 It discards duplicate messages, but keeps track of them for reports to the sender.
 The following figure shows a typical design for the receiver site and the state of

the receiving queue at a particular point in time.

 The available window size is 1000 bytes.
 The last acknowledgment sent was for data chunk 20.
 Chunks 21 to 23 have been received in order.
 The first out-of-order block contains chunks 26 to 28.
 The second out-of-order block contains chunks 31 to 34.
 A variable holds the value of cumTSN.
 CS3591 – Computer Networks Unit 2

 An array of variables keeps track of the beginning and the end of each block
that is out of order.
 An array of variables holds the duplicate chunks received.
 There is no need for storing duplicate chunks in the queue and they will be
discarded.

Sender Site
 At the sender site, it needs two buffers (queues): a sending queue
and a retransmission queue.
 Three variables were used - rwnd, inTransit, and curTSN as described in the
previous section.
 The following figure shows a typical design.

 The sending queue holds chunks 23 to 40.

 The chunks 23 to 36 have already been sent, but not acknowledged; they
are outstanding chunks.
 The curTSN points to the next chunk to be sent (37).
 We assume that each chunk is 100 bytes, which means that 1400 bytes of
data (chunks 23 to 36) is in transit.
 The sender at this moment has a retransmission queue.
 When a packet is sent, a retransmission timer starts for that packet (all data chunks
in that packet).
 Some implementations use one single timer for the entire association, but
other implementations use one timer for each packet.
SCTP CONGESTION CONTROL

 SCTP is a transport-layer protocol with packets subject to congestion in the

network.
 The SCTP designers have used the same strategies for congestion control as
those used in TCP.
NOTE : REFER TCP CONGESTION CONTROL
Switching
A network is a set of connected devices. When multiple devices are connected, we must find
the solution how to connect them to make one-to-one communication possible. One solution is to
make a point- to-point connection between each pair of devices (a mesh topology) or between a
central device and every other device (a star topology). In this method, the number and length of the
links require too much infrastructure to be cost-efficient, and the majority of those links would be
idle most of the time.
Other topologies employing multipoint connections, such as a bus, are ruled out because the
distances between devices and the total number of devices increase beyond the capacities of the
media and equipment. A better solution is switching. A switched network consists of a series of
interlinked nodes, called switches. Switches are devices capable of creating temporary connections
between two or more devices linked to the switch.
In a switched network, some of these nodes are connected to the end systems (computers or
telephones,for example). Others are used only for routing.

The end systems (communicating devices) are labeled A, B, C, D, and so on, and the
switches are labeled I, II, III, IV, and V. Each switch is connected to multiple links. Three methods
of switching have beenimportant;
 i. Circuit switching
ii. Packet switching
iii. Message switching
We can then divide today's networks into three broad categories: circuit-switched networks,
packet- switched networks, and message-switched. Packet-switched networks can further be divided
into two subcategories-virtual-circuit networks and datagram networks.

CIRCUIT SWITCHED NETWORKS

A circuit-switched network is made of a set of switches connected by physical links, in which
each link is divided into n channels. A circuit-switched network with four switches and four links is
shown below.Each link is divided into n (n is 3 in the figure 1.37) channels by using FDM or TDM.
When end system A needs to communicate with end system M, system A needs to request a
connectionto M that must be accepted by all switches as well as by M itself. This is called the setup
phase. A circuit (channel) is reserved on each link, and the combination of circuits or channels
defines the dedicated path.
After the dedicated path made of connected circuits (channels) is established, data transfer
can take place. After all data have been transferred, the circuits are tom down. In circuit switching,
the resources need to be reserved during the setup phase; the resources remain dedicated for the
entire duration of data transfer until the teardown phase. We need to emphasize several points here:

i. Circuit switching takes place at the physical layer.

 ii. Before starting communication, the stations must make a reservation for the resources to be
used during the communication. These resources, such as channels, switch buffers, switch
processing time, and switch input/output ports, must remain dedicated during the entire
duration of data transfer until the teardown phase.

iii. Data transferred between the two stations are not packetized. There is a continuous flow of
data from the source station to receiver station.
iv. There is no addressing involved during data transfer. The switches route the data based on
their occupied band. End-to-end addressing is used during the setup phase.

Three phases
The actual communication in a circuit-switched network requires three phases: connection
setup, datatransfer, and connection teardown.
(i) Setup phase

 Before the communication, a dedicated circuit needs to be established.

 The end systems are normally connected through dedicated lines to the switches, so connection
setup means creating dedicated channels between the switches.

 In Figure1.37, when system A needs to connect to system M, it sends a setup request that

includes the address of system M, to switch I.

 Switch I find a channel between itself and switch IV that can be dedicated for this purpose.

 Switch I then sends the request to switch IV, which finds a dedicated channel between itself and
switch III.

 Switch III informs system M of system A's intention at this time.

 In the next step to making a connection, an acknowledgment from system M needs to be sent in
the opposite direction to system A.
 Only after system A receives this acknowledgment is the connection established.

 Note that end-to-end addressing is required for creating a connection between the two end systems.
 (ii) Data Transfer Phase

 After the establishment of the dedicated circuit, the two parties can transfer data.

(iii)Teardown Phase

 When one of the parties needs to disconnect, a signal is sent to each switch to release the resources.

Efficiency
It can be argued that circuit-switched networks are not as efficient as the other two types of
networks because resources are allocated during the entire duration of the connection. These
resources are unavailable to other connections. Switching at the physical layer in the traditional
telephone network uses the circuit- switching approach.

Figure 1.38 Example for circuit

switched networkDisadvantages of circuit switched network

⮚ Designed for voice communication.

⮚ Data transmission line is often idle and its facilities wasted.

⮚ Supports less data transmission rates only.

⮚ Circuit switching is inflexible.

⮚ Circuit switching sees all transmission as equal

PACKET SWITCHED NETWORK

In data communications, we need to send messages from one end system to another. The
message is divided into packets of fixed or variable size. The size of the packet is determined by the
network and the governing protocol. In packet switching, there is no resource allocation for a packet
(no reserved bandwidth on the links, and no scheduled processing time for each packet). Resources
are allocated on demand. The allocation is done on a first-come, first-served basis. When a switch
receives a packet, no matter what is the source or destination, the packet must wait if there are other
packets being processed.
Datagram approach
In a datagram network, each packet is treated independently of all others. Packets in this
approach arereferred to as datagram. Datagram switching is normally done at the network layer.
Figure 1.39 shows how the datagram approach is used to deliver four packets from station A to
station
X. The switches in a datagram network are traditionally referred to as routers.

⮚ All four packets (or datagram) belong to the same message but may travel different paths to

reach their destination.

⮚ This is so because the links may be involved in carrying packets from other sources and do not

have the necessary bandwidth available to carry all the packets from A to X.

⮚ Due to this the datagram of a transmission to arrive at their destination out of order with

different delays between the packets.

⮚ Packets may also be lost or dropped because of a lack of resources.

⮚ It is the responsibility of an upper-layer protocol to reorder the datagrams or ask for lost

datagrams before passing them on to the application.

⮚ The datagram networks are sometimes referred to as connectionless networks.

⮚ There are no setup or teardown phases.

Routing table
If there are no setup or teardown phases, how the packets are routed to their destinations. In a
datagramnetwork each switch has a routing table which is based on the destination address, and the
corresponding

forwarding output ports are recorded in the tables. The routing tables are dynamic and are updated
periodically. This is different from the table of a circuit switched network in which each entry is
created when the setup phase is completed and deleted when the teardown phase is over.
Destination Output port
address
12 1
32
2
41 .
50
.
3
91
30
 Table 3.2 Sample routing table

Destination Address

Every packet in a datagram network carries a header that contains, among other information,
the destination address of the packet. When the switch receives the packet, this destination address
is examined; the routing table is consulted to find the corresponding port through which the packet
should be forwarded. This address remains the same during the entire journey of the packet.
Efficiency
The efficiency of a datagram network is better than that of a circuit-switched network,
because resources are allocated only when there are packets to be transferred. If a source sends a
packet and there is adelay of a few minutes before another packet can be sent.
Delay
There may be greater delay in a datagram network than in a virtual-circuit network. Not all
packets ina message necessarily travel through the same switches, so the delay is not uniform for the
packets of a message.
Applications
- The Internet has chosen the datagram approach to switching at the network layer.
- It uses the universal addresses defined in the network layer to route packets from the source to
the destination.
Virtual circuit networks

A virtual-circuit network is a cross between a circuit-switched network and a datagram

network. It hassome characteristics of both. They are,
(i) As in a circuit-switched network, there are setup and teardown phases in addition to the data
transfer phase.
(ii) Resources can be allocated during the setup phase, as in a circuit-switched network, or on
demand, as in a datagram network.
(iii) As in a datagram network, data are packetized and each packet carries an address in the header
(it defines what should be the next switch and the channel on which the packet is being
carried), not end-to-end jurisdiction.
 (iv) As in a circuit-switched network, all packets follow the same path established during the
connection.
(v) A virtual-circuit network is implemented in the DLL; a circuit-switched network is
implemented in the physical layer and a datagram network in the network layer.
Classification
Virtual Circuit Networks are again classified into two types. They are,
(i) Switched VC – Different VC is provided between two users
(ii) Permanent VC – The same VC is provided between two users on a continuous basis
Addressing
Two types of addressing are involved in virtual circuit networks.
(i) Global – used to create a virtual-circuit identifier (VCI)
(ii) Local – Data transfer
Virtual-Circuit Identifier

Figure 1.40 Switch and tables in a virtual-circuit network

⮚ The identifier is a small number used by a frame between two switches.

⮚ When a frame arrives at a switch, it has a VCI; when it leaves, it has a different VCI.
 Figure 1.41 Source-to-destination data transfer in a virtual-circuit network
Three Phases
Virtual circuit networks consists of the following three phases.
(i) Setup phase: The source and destination use their global addresses to help switches make
table entries for the connection.
(ii) Data transfer phase: Data transfer occurs between these two phases.
(iii) Teardown phase: The source and destination inform the switches to delete the
corresponding entry.
Efficiency
In virtual-circuit switching, all packets belonging to the same source and destination travel the
samepath, but the packets may arrive at the destination with different delays if resource allocation is
on demand.
STRUCTURE OF A SWITCH

Crossbar Switch
A crossbar switch connects n inputs to m outputs in a grid, using electronic micro switches
(transistors) at each cross point. The major limitation of this design is the number of cross points
required. To connect n inputs to m outputs using a crossbar switch requires n x m cross points.
 Time-Division Switch

Time-division switching uses time-division multiplexing (TDM) inside a switch. The most
popular technology is called the time-slot interchange (TSI).
Figure 1.43 combines a TDM multiplexer, a TDM demultiplexer, and a TSI consisting of
random access memory (RAM) with several memory locations. The size of each location is the
same as the size of a single time slot. The number of locations is the same as the number of inputs.
The RAM fills up with incomingdata from time slots in the order received. Slots are then sent out in
an order based on the decisions of a controlunit.
Imagine that each input line wants to send data to an output line according to the following pattern:
1 32 43142

Figure 1.43 Time-division switch

Time-space-time Switch
The advantage of space-division switching is that it is instantaneous. Its disadvantage is the
number of cross points required to make space-division switching. The advantage of time-division
switching is that it needs no cross points. Its disadvantage is the TSI (Processing each delay at each
connection). To overcome these problems, we combine space-division and time-division
technologies to take advantage of the best of both.
 MESSAGE SWITCHING
⮚ Store and forward technology.

⮚ When a node receives a message stores it until the appropriate route is free. If the node finds

thatthe route is free, then it sends the message.

⮚ No direct link between the source and the destination, Routing technology is used here.

IPV4 ADDRESSES

 The identifier used in the IP layer of the TCP/IP protocol suite to identify
the connection of each device to the Internet is called the Internet address
or IP address.
 Internet Protocol version 4 (IPv4) is the fourth version in the development
of the Internet Protocol (IP) and the first version of the protocol to be
widely deployed.
 IPv4 is described in IETF publication in September 1981.

 The IP address is the address of the connection, not the host or the router.
An IPv4 address is a 32-bit address that uniquely and universally defines
the connection .
 If the device is moved to another network, the IP address may be changed.
 IPv4 addresses are unique in the sense that each address defines one, and
only one, connection to the Internet.
 If a device has two connections to the Internet, via two networks, it has
two IPv4 addresses.
 Pv4 addresses are universal in the sense that the addressing system must
be accepted by any host that wants to be connected to the Internet.

IPV4 ADDRESS SPACE

 IPv4 defines addresses has an address space.

 An address space is the total number of addresses used by the protocol.


b
If a protocol uses b bits to define an address, the address space is 2
because each bit can have two different values (0 or 1).
 IPv4 uses 32-bit addresses, which means that the address space is 2
32

or 4,294,967,296 (more than four billion).

 4 billion devices could be connected to the Internet.

IPV4 ADDRESS NOTATION

There are three common notations to show an IPv4 address:
(i) binary notation (base 2), (ii) dotted-decimal notation (base 256), and
(ii) hexadecimal notation (base 16).
In binary notation, an IPv4 address is displayed as 32 bits. To make the address more
readable, one or more spaces are usually inserted between bytes (8 bits).
In dotted-decimal notation,IPv4 addresses are usually written in decimal form with a
decimal point (dot) separating the bytes. Each number in the dotted-decimal notation
is between 0 and 255.

In hexadecimal notation, each hexadecimal digit is equivalent to four bits. This means
that a 32-bit address has 8 hexadecimal digits. This notation is often used in network
programming.

HIERARCHY IN IPV4 ADDRESSING

 In any communication network that involves delivery, the addressing
system is hierarchical.
 A 32-bit IPv4 address is also hierarchical, but divided only into two parts.

 The first part of the address, called the prefix, defines the network(Net ID);
the second part of the address, called the suffix, defines the node (Host ID).
 The prefix length is n bits and
the suffix length is (32- n) bits.

 A prefix can be fixed length or variable length.

 The network identifier in the IPv4 was first designed as a fixed-length prefix.
 This scheme is referred to as classful addressing.
 The new scheme, which is referred to as classless addressing, uses a
variable- length network prefix.

CATEGORIES OF IPV4 ADDRESSING

 There are two broad categories of IPv4 Addressing techniques.

 They are
⮚ Classful Addressing

⮚ Classless Addressing
 CLASSFUL ADDRESSING
 An IPv4 address is 32-bit long(4 bytes).
 An IPv4 address is divided into sub-classes:

Classful Network Architecture

Class A
 In Class A, an IP address is assigned to those networks that contain a
large number of hosts.
 The network ID is 8 bits long.
 The host ID is 24 bits long.
 In Class A, the first bit in higher order bits of the first octet is always set
to 0 and the remaining 7 bits determine the network ID.
 The 24 bits determine the host ID in any network.
 The total number of networks in Class A
7
=2 = 128 network address


24
The total number of hosts in Class A = 2 -
2 = 16,777,214 host address
Class B
 In Class B, an IP address is assigned to those networks that range from
small- sized to large-sized networks.
 The Network ID is 16 bits long.
 The Host ID is 16 bits long.
 In Class B, the higher order bits of the first octet is always set to 10, and
the remaining14 bits determine the network ID.
 The other 16 bits determine the Host ID.
 The total number of networks in Class B
14
=2 = 16384 network address


16
The total number of hosts in Class B = 2 -
2 = 65534 host address
Class C
 In Class C, an IP address is assigned to only small-sized networks.

 The Network ID is 24 bits long.

 The host ID is 8 bits long.
 In Class C, the higher order bits of the first octet is always set to 110, and
the remaining 21 bits determine the network ID.
  The 8 bits of the host ID determine the host in a network.

21
The total number of networks = 2 = 2097152
network address


8
The total number of hosts = 2 - 2 = 254 host address
Class D
 In Class D, an IP address is reserved for multicast addresses.

 It does not possess subnetting.

 The higher order bits of the first octet is always set to 1110, and the

remaining bits determines the host ID in any network.

Class E
 In Class E, an IP address is used for the future use or for the research
and development purposes.
 It does not possess any subnetting.

 The higher order bits of the first octet is always set to 1111, and the

remaining bits determines the host ID in any network.

Address Depletion in Classful Addressing
 The reason that classful addressing has become obsolete is address depletion.
 Since the addresses were not distributed properly, the Internet was faced
with the problem of the addresses being rapidly used up.
 This results in no more addresses available for organizations and
individuals that needed to be connected to the Internet.
 To understand the problem, let us think about class A.
 This class can be assigned to only 128 organizations in the world, but
each organization needs to have a single network with 16,777,216
nodes .
 Since there may be only a few organizations that are this large, most of
the addresses in this class were wasted (unused).
 Class B addresses were designed for midsize organizations, but many of
the addresses in this class also remained unused.
 Class C addresses have a completely different flaw in design. The number
of addresses that can be used in each network (256) was so small that
most companies were not comfortable using a block in this address class.
 Class E addresses were almost never used, wasting the whole class.

Advantage of Classful Addressing

 Although classful addressing had several problems and became obsolete, it
had one advantage.
 Given an address, we can easily find the class of the address and, since the

prefix length for each class is fixed, we can find the prefix length immediately.
 In other words, the prefix length in classful addressing is inherent in the
address; no extra information is needed to extract the prefix and the
suffix.

Subnetting and Supernetting

 To alleviate address depletion, two strategies were proposed and implemented:
(i) Subnetting and (ii) Supernetting.
Subnetting
 In subnetting, a class A or class B block is divided into several subnets.
 Each subnet has a larger prefix length than the original network.
 For example, if a network in class A is divided into four subnets, each
subnet has a prefix of nsub = 10.
 At the same time, if all of the addresses in a network are not used,
subnetting allows the addresses to be divided among several
organizations.
 CLASSLESS ADDRESSING

 In 1996, the Internet authorities announced a new architecture called

classless addressing.
 In classless addressing, variable-length blocks are used that belong to
no classes.
 We can have a block of 1 address, 2 addresses, 4 addresses, 128 addresses,
and so on.

 In classless addressing, the whole address space is divided into variable

length blocks.
 The prefix in an address defines the block (network); the suffix defines
the node (device).

0
Theoretically, we can have a block of 2 ,
21, 22, 232 addresses.
 The number of addresses in a block needs to be a power of 2. An
organization can be granted one block of addresses.

 The prefix length in classless addressing is variable.

 We can have a prefix length that ranges from 0 to 32.
 The size of the network is inversely proportional to the length of the prefix.
 A small prefix means a larger network; a large prefix means a smaller network.
 The idea of classless addressing can be easily applied to classful addressing.
 An address in class A can be thought of as a classless address in which
the prefix length is 8.
 An address in class B can be thought of as a classless address in which the
prefix is 16, and so on. In other words, classful addressing is a special case
of classless addressing.

Notation used in Classless Addressing

 The notation used in classless addressing is informally referred to as

slash notation and formally as classless interdomain routing or CIDR.

 For example , 192.168.100.14 /24 represents the IP address
192.168.100.14 and, its subnet mask 255.255.255.0, which has 24
leading 1-bits.
Address Aggregation
 One of the advantages of the CIDR strategy is address aggregation
(sometimes called address summarization or route summarization).
 When blocks of addresses are combined to create a larger block, routing can
be done based on the prefix of the larger block.
 ICANN assigns a large block of addresses to an ISP.

 Each ISP in turn divides its assigned block into smaller subblocks and
grants the subblocks to its customers.
Special Addresses in IPv4
 There are five special addresses that are used for special purposes:
this-host address, limited-broadcastaddress, loopback
address, private addresses, and multicast
addresses.
This-host Address
✔ The only address in the block 0.0.0.0/32 is called the this-host address.

✔ It is used whenever a host needs to send an IP datagram but it does not know
its own address to use as the source address.

Limited-broadcast Address
✔ The only address in the block 255.255.255.255/32 is called the
limited- broadcast address.
✔ It is used whenever a router or a host needs to send a datagram to all devices
in a network.
✔ The routers in the network, however, block the packet having this address
as the destination;the packet cannot travel outside the network.

Loopback Address
✔ The block 127.0.0.0/8 is called the loopback address.

✔ A packet with one of the addresses in this block as the destination

address never leaves the host; it will remain in the host.

Private Addresses
✔ Four blocks are assigned as private addresses: 10.0.0.0/8,
172.16.0.0/12, 192.168.0.0/16, and 169.254.0.0/16.

Multicast Addresses
✔ The block 224.0.0.0/4 is reserved for multicast addresses.

DHCP – DYNAMIC HOST CONFIGURATION PROTOCOL

⮚ The dynamic host configuration protocol is used to simplify the installation

and maintenance of networked computers.
⮚ DHCP is derived from an earlier protocol called BOOTP.

⮚ Ethernet addresses are configured into network by manufacturer and they

are unique.
⮚ IP addresses must be unique on a given internetwork but also must reflect
the structure of the internetwork
⮚ Most host Operating Systems provide a way to manually configure the
IP information for the host
⮚ Drawbacks of manual configuration :

1. A lot of work to configure all the hosts in a large network

2. Configuration process is error-prune
⮚ It is necessary to ensure that every host gets the correct network number and
that no two hosts receive the same IP address.
⮚ For these reasons, automated configuration methods are required.

⮚ The primary method uses a protocol known as the Dynamic Host

Configuration Protocol (DHCP).
⮚ The main goal of DHCP is to minimize the amount of manual
configuration required for a host.
⮚ If a new computer is connected to a network, DHCP can provide it with all
the necessary information for full system integration into the network.
⮚ DHCP is based on a client/server model.

⮚ DHCP clients send a request to a DHCP server to which the server responds
with an IP address
⮚ DHCP server is responsible for providing configuration information to hosts.

⮚ There is at least one DHCP server for an administrative domain.

⮚ The DHCP server can function just as a centralized repository for

host configuration information.
⮚ The DHCP server maintains a pool of available addresses that it hands out to
hosts on demand.

⮚ A newly booted or attached host sends a DHCPDISCOVER message to a special IP

address (255.255.255.255., which is an IP broadcast address.
⮚ This means it will be received by all hosts and routers on that network.

⮚ DHCP uses the concept of a relay agent. There is at least one relay agent on each
network.
⮚ DHCP relay agent is configured with the IP address of the DHCP server.

⮚ When a relay agent receives a DHCPDISCOVER message, it unicasts it to the

DHCP server and awaits the response, which it will then send back to the
requesting client.
DHCP Message Format

● A DHCP packet is actually sent using a protocol called the User

Datagram Protocol (UDP).

⮚ The main protocol Internet Protocol is responsible for packetizing,

forwarding, and delivery of a packet at the network layer.
⮚ The Internet Control Message Protocol version 4 (ICMPv4) helps IPv4
to handle some errors that may occur in the network-layer delivery.

⮚ The Internet Protocol is the key tool used today to build

scalable, heterogeneous internetworks.
⮚ IP runs on all the nodes (both hosts and routers) in a collection of networks

⮚ IP defines the infrastructure that allows these nodes and networks to

function as a single logical internetwork.

IP SERVICE MODEL

⮚ Service Model defines the host-to-host services that we want to provide

⮚ The main concern in defining a service model for an internetwork is that we can
provide a host-to-host service only if this service can somehow be provided over
each of the underlying physical networks.
⮚ The Internet Protocol is the key tool used today to build scalable, heterogeneous
internetworks.
⮚ The IP service model can be thought of as having two parts:

● A GLOBAL ADDRESSING SCHEME - which provides a way

to identify all hosts in the internetwork
● A DATAGRAM DELIVERY MODEL – A connectionless model of
 data delivery.
∙
IP PACKET FORMAT / IP DATAGRAM FORMAT

⮚ A key part of the IP service model is the type of packets that can be carried.
 ⮚ The IP datagram consists of a header followed by a number of bytes of data.

FIELD DESCRIPTIO
N
Version Specifies the version of IP. Two versions exists – IPv4 and IPv6.
HLen Specifies the length of the header
TOS An indication of the parameters of the quality of service
(Type of desired such as Precedence, Delay, Throughput and
Reliability.
Service)
Length Length of the entire datagram, including the header. The
maximum size of an IP datagram is 65,535(210 )bytes
Ident Uniquely identifies the packet sequence number.
(Identification) Used for fragmentation and re-assembly.

Flags Used to control whether routers are allowed to fragment a packet.

If a packet is fragmented , this flag value is 1.If not, flag value
is 0.
Offset Indicates where in the datagram, this fragment belongs.
(Fragmentation The fragment offset is measured in units of 8
offset) octets (64 bits). The first fragment has offset
zero.
TTL Indicates the maximum time the datagram is allowed to
(Time to Live) remain in the network. If this field contains the value zero,
then the datagram must be destroyed.
Protocol Indicates the next level protocol used in the data portion of
the datagram
Checksum Used to detect the processing errors introduced into the packet

Source Address The IP address of the original sender of the packet.

Destination The IP address of the final destination of the packet.
Address
Options This is optional field. These options may contain values
for options such as Security, Record Route, Time Stamp,
etc
Pad Used to ensure that the internet header ends on a 32 bit
boundary. The padding is zero.
IP DATAGRAM - FRAGMENTATION AND REASSEMBLY
Fragmentation :

⮚ Every network type has a maximum transmission unit (MTU), which is

the largest IP datagram that it can carry in a frame.

⮚ Fragmentation of a datagram will only be necessary if the path to

the destination includes a network with a smaller MTU.
⮚ When a host sends an IP datagram,it can choose any size that it wants.

⮚ Fragmentation typically occurs in a router when it receives a datagram that

it wants to forward over a network that has an MTU that is smaller than the
received datagram.
⮚ Each fragment is itself a self-contained IP datagram that is transmitted over
a sequence of physical networks, independent of the other fragments.
⮚ Each IP datagram is re-encapsulated for each physical network over which
it travels.

⮚ For example , if we consider an Ethernet network to accept packets up to

1500 bytes long.
⮚ This leaves two choices for the IP service model:

● Make sure that all IP datagrams are small enough to fit inside one
packet on any network technology
● Provide a means by which packets can be fragmented and
reassembled when they are too big to go over a given network
technology.
⮚ Fragmentation produces smaller, valid IP datagrams that can be readily
reassembled into the original datagram upon receipt, independent of the
order of their arrival.
Example:
⮚ The original packet starts at the client; the fragments are reassembled at
the server.
⮚ The value of the identification field is the same in all fragments, as is the
value of the flags field with the more bit set for all fragments except the last.
⮚ Also, the value of the offset field for each fragment is shown.

⮚ Although the fragments arrived out of order at the destination, they can be
 correctly reassembled.

⮚ The value of the offset field is always relative to the original datagram.

⮚ Even if each fragment follows a different path and arrives out of order, the

final destination host can reassemble the original datagram from the
fragments received (if none of them is lost) using the following strategy:
1) The first fragment has an offset field value of zero.
2) Divide the length of the first fragment by 8. The second fragment has
an offset value equal to that result.
3) Divide the total length of the first and second fragment by 8. The
third fragment has an offset value equal to that result.
4) Continue the process. The last fragment has its M bit set to 0.
5) Continue the process. The last fragment has a more bit value of 0.

Reassembly:
⮚ Reassembly is done at the receiving host and not at each router.

⮚ To enable these fragments to be reassembled at the receiving host, they

all carry the same identifier in the Ident field.
⮚ This identifier is chosen by the sending host and is intended to be unique
among all the datagrams that might arrive at the destination from this
source over some reasonable time period.
⮚ Since all fragments of the original datagram contain this identifier, the
reassembling host will be able to recognize those fragments that go
together.
⮚ For example, if a single fragment is lost, the receiver will still attempt to
reassemble the datagram, and it will eventually give up and have to
garbage- collect the resources that were used to perform the failed
reassembly.
⮚ Hosts are now strongly encouraged to perform “path MTU discovery,” a
process by which fragmentation is avoided by sending packets that are small
 enough to traverse the link with the smallest MTU in the path from sender
to receiver.

IP SECURITY
There are three security issues that are particularly applicable to the IP protocol:
(1) Packet Sniffing (2) Packet Modification and (3) IP Spoofing.
Packet Sniffing
⮚ An intruder may intercept an IP packet and make a copy of it.

⮚ Packet sniffing is a passive attack, in which the attacker does not change
the contents of the packet.
⮚ This type of attack is very difficult to detect because the sender and the
receiver may never know that the packet has been copied.
⮚ Although packet sniffing cannot be stopped, encryption of the packet can
make the attacker’s effort useless.
⮚ The attacker may still sniff the packet, but the content is not detectable.

Packet Modification
⮚ The second type of attack is to modify the packet.

⮚ The attacker intercepts the packet,changes its contents, and sends the
new packet to the receiver.
⮚ The receiver believes that the packet is coming from the original sender.

⮚ This type of attack can be detected using a data integrity mechanism.

⮚ The receiver, before opening and using the contents of the message, can use
this mechanism to make sure that the packet has not been changed during
the transmission.

IP Spoofing
⮚ An attacker can masquerade as somebody else and create an IP packet
that carries the source address of another computer.
⮚ An attacker can send an IP packet to a bank pretending that it is coming
from one of the customers.
⮚ This type of attack can be prevented using an origin
authentication mechanism
IP Sec
⮚ The IP packets today can be protected from the previously mentioned
attacks using a protocol called IPSec (IP Security).
⮚ This protocol is used in conjunction with the IP protocol.

⮚ IPSec protocol creates a connection-oriented service between two entities in

which they can exchange IP packets without worrying about the three
attacks such as Packet Sniffing, Packet Modification and IP Spoofing.
⮚ IP Sec provides the following four services:

1) Defining Algorithms and Keys : The two entities that want to create a
secure channel between themselves can agree on some available
 algorithms and keys to be used for security purposes.
2) Packet Encryption : The packets exchanged between two parties can be
encrypted for privacy using one of the encryption algorithms and a
shared key agreed upon in the first step. This makes the packet sniffing
attack useless.
3) Data Integrity : Data integrity guarantees that the packet is not
modified during the transmission. If the received packet does not
pass the data integrity test, it is discarded.This prevents the second
attack, packet modification.
4) Origin Authentication : IPSec can authenticate the origin of the packet
to be sure that the packet is not created by an imposter. This can
prevent IP spoofing attacks.
 ⮚ ICMP is a network-layer protocol.

⮚ It is a companion to the IP protocol.

⮚ Internet Control Message Protocol (ICMP) defines a collection of error

messages that are sent back to the source host whenever a router or host
is unable to process an IP datagram successfully.

ICMP MESSAGE TYPES

⮚ ICMP messages are divided into two broad categories: error-
reporting messages and query messages.
⮚ The error-reporting messages report problems that a router or a
host (destination) may encounter when it processes an IP packet.

⮚ The query messages help a host or a network manager get specific

information from a router or another host.

ICMP Error – Reporting Messages

⮚ Destination Unreachable―When a router cannot route a datagram, the

datagram is discarded and sends a destination unreachable message to source
host.
⮚ Source Quench―When a router or host discards a datagram due to congestion,
it sends a source-quench message to the source host. This message acts as flow
control.
⮚ Time Exceeded―Router discards a datagram when TTL field becomes 0 and
a time exceeded message is sent to the source host.
⮚ Parameter Problem―If a router discovers ambiguous or missing value in
any field of the datagram, it discards the datagram and sends parameter
problem message to source.
⮚ Redirection―Redirect messages are sent by the default router to inform the
source host to update its forwarding table when the packet is routed on a wrong
path.
ICMP Query Messages

 Echo Request & Reply―Combination of echo request and reply

messages determines whether two systems communicate or not.
 Timestamp Request & Reply―Two machines can use the timestamp
request and reply messages to determine the round-trip time (RTT).
 Address Mask Request & Reply―A host to obtain its subnet mask, sends an
address mask request message to the router, which responds with an
address mask reply message.
 Router Solicitation/Advertisement―A host broadcasts a router solicitation
message to know about the router. Router broadcasts its routing
information with router advertisement message.

ICMP MESSAGE FORMAT

 An ICMP message has an 8-byte header and a variable-size data section.

Type Defines the type of the message

Code Specifies the reason for the particular message
type
Checksum Used for error detection
Rest of the Specific for each message type
header
Data Used to carry information
Identifier Used to match the request with the reply
Sequence Sequence Number of the ICMP packet
Number
 ICMP DEBUGGING TOOLS
Two tools are used for debugging purpose. They are (1) Ping (2) Traceroute

Ping
 The ping program is used to find if a host is alive and responding.

 The source host sends ICMP echo-request messages; the destination, if

alive, responds with ICMP echo-reply messages.

 The ping program sets the identifier field in the echo-request and echo-reply
message and starts the sequence number from 0; this number is incremented
by 1 each time a new message is sent.
 The ping program can calculate the round-trip time.

 It inserts the sending time in the data section of the message.

 When the packet arrives, it subtracts the arrival time from the departure time
to get the round-trip time (RTT).
$ ping google.com

Traceroute or Tracert
 The traceroute program in UNIX or tracert in Windows can be used to
trace the path of a packet from a source to the destination.
 It can find the IP addresses of all the routers that are visited along the path.

 The program is usually set to check for the maximum of 30 hops (routers) to
be visited.
 The number of hops in the Internet is normally less than this.

$ traceroute google.com

IPV6 - NEXT GENERATION IP

● IPv6 was evolved to solve address space problem and offers rich set
of services.

● Some hosts and routers will run IPv4 only, some will run IPv4 and IPv6
and some will run IPv6 only.DRAWBACKS OF IPV4
● Despite subnetting and CIDR, address depletion is still a long-term problem.

● Internet must accommodate real-time audio and video transmission

that requires minimum delay strategies and reservation of resources.
● Internet must provide encryption and authentication of data for
some applications

FEATURES OF IPV6
1. Better header format - IPv6 uses a new header format in which options are
separated from the base header and inserted, when needed, between the base
header and the data. This simplifies and speeds up the routing process
because most of the options do not need to be checked by routers.
2. New options - IPv6 has new options to allow for additional
functionalities. 3.Allowance for extension - IPv6 is designed to allow the
extension of the
protocol if required by new technologies or applications.
4. Support for resource allocation - In IPv6, the type-of-service field has been
removed, but two new fields, traffic class and flow label, have been added
to enable the source to request special handling of the packet. This
mechanism can be used to support traffic such as real-time audio and video.
Additional Features :
1. Need to accommodate scalable routing and addressing
2. Support for real-time services
3. Security support
4.Autoconfiguration -
The ability of hosts to automatically configure themselves with
such information as their own IP address and domain name.
5. Enhanced routing functionality, including support for mobile hosts
6. Transition from ipv4 to ipv6

ADDRESS SPACE ALLOCATION OF IPV6

IPv6 provides a 128-bit address space to handle up to 3.4 × 10 38 nodes.
IPv6 uses classless addressing, but classification is based on MSBs.
The address space is subdivided in various ways based on the leading
bits. The current assignment of prefixes is listed in Table

A node may be assigned an “IPv4-compatible IPv6 address” by zero-

extending a 32-bit IPv4 addressto128 bits.
A node that is only capable of understanding IPv4 can be assigned an “IPv4-
mapped IPv6 address” by prefixing the 32-bit IPv4 address with 2 bytes of all
1s and then zero-extending the result to 128 bits.
GLOBAL UNICAST
Large chunks (87%) of address space are left unassigned for future use.
IPv6 defines two types of local addresses for private networks.
oLink local - enables a host to construct an address that need not
be
globally unique.
oSite local - allows valid local address for use in a isolated site with
several subnets.
Reserved addresses start with prefix of eight 0's.
oUnspecified address is used when a host does not know its address
oLoopback address is used for testing purposes before connecting
oCompatible address is used when IPv6 hosts uses IPv4 network
o Mapped address is used when a IPv6 host communicates with a IPv4
host IPv6 defines anycast address, assigned to a set of interfaces.
Packet with anycast address is delivered to only one of the nearest interface.

ADDRESS NOTATION OF IPV6

Standard representation of IPv6 address is x : x : x : x : x : x : x : x where x is
a 16-bit hexadecimal address separated by colon (:).
For example,
47CD : 1234 : 4422 : ACO2 : 0022 : 1234 : A456 : 0124
 IPv6 address with contiguous 0 bytes can be written
compactly. For example,
47CD : 0000 : 0000 : 0000 : 0000 : 0000 : A456 : 0124 47CD : : A456 : 0124

IPv4 address is mapped to IPv6 address by prefixing the 32-bit IPv4

address with 2 bytes of 1s and then zero-extending the result to 128 bits.
For example,
128. 96.33.81 : : FFFF : 128.96.33.81
This notation is called as CIDR notation or slash notation.

ADDRESS AGGREGATION OF IPV6

IPv6 provides aggregation of routing information to reduce the burden on
routers.
Aggregation is done by assigning prefixes at continental level.
For example, if all addresses in Europe have a common prefix, then routers in
other continents would need one routing table entry for all networks in
Europe.

❖ Prefix - All addresses in the same continent have a common prefix

❖ RegistryID ― identifies the continent

❖ ProviderID ― identifies the provider for Internet access, i.e., ISP.

❖ SubscriberID ― specifies the subscriber identifier

❖ SubnetID ― contains subnet of the subscriber.

❖ InterfaceID ―contains link level or physical address.

PACKET FORMAT OF IPV6

IPv6 base header is 40 bytes long.

❖ Version — specifies the IP version, i.e., 6.

❖ Traffic Class — defines priority of the packet with respect to traffic
congestion. It is either congestion-controlled or non-congestion
controlled
❖ Flow Label — provides special handling for a particular flow of data.
Router handles different flows with the help of a flow table.
❖ Payload Len — gives length of the packet, excluding IPv6 header.

❖ Next Header — Options are specified as a header following IP

header. NextHeader contains a pointer to optional headers.
❖ Hop Limit — Gives the TTL value of a packet.
❖ Source Address / Destination Address — 16-byte addresses of source
and destination host

Extension Headers
Extension header provides greater functionality to
IPv6. Base header may be followed by six extension
headers.
Each extension header contains a NextHeader field to identify the header
following it.

❖ Hop-by-Hop — source host passes information to all routers visited by the

packet
❖ Destination — source host information is passed to the destination only.

❖ Source Routing — routing information provided by the source host.

❖ Fragmentation — In IPv6, only the source host can fragment. Source uses a
path MTU discovery technique to find smallest MTU on the
path.
❖ Authentication — used to validate the sender and ensures data integrity.

❖ ESP (Encrypted Security Payload) — provides confidentiality against

eavesdropping.ADVANCED CAPABILITIES OF IPV6
Auto Configuration — Auto or stateless configuration of IP address to
hosts without the need for a DHCP server, i.e., plug and play.
Advanced Routing — Enhanced routing support for mobile hosts is provided.
Additional Functions ― Enhanced routing functionality with support
for mobile hosts.
Security ― Encryption and authentication options provide confidentiality
and integrity.
Resource allocation ― Flow label enables the source to request special
handling of real-time audio and video packets

ADVANTAGES OF IPV6
Address space ― IPv6 uses 128-bit address whereas IPv4 uses 32-bit
address. Hence IPv6 has huge address space whereas IPv4 faces address
shortage problem.
Header format ― Unlike IPv4, optional headers are separated from
base header in IPv6. Each router thus need not process unwanted
addition information.
Extensible ― Unassigned IPv6 addresses can accommodate needs of
future technologies.

Dual-Stack Operation and Tunneling

In dual-stack, nodes run both IPv6 and IPv4, uses Version field to decide which
 stack should process an arriving packet.
IPv6 packet is encapsulated with an IPv4 packet as it travels through an IPv4
network. This is known as tunneling and packet contains tunnel endpoint as its
destination address.
 Network Address Translation
NAT enables hosts on a network to use Internet with local addresses.
Addresses reserved for internal use range from 172.16.0.0 to 172.31.255.255
Organization must have single connection to the Internet through a router
that
runs the NAT software.
 UNICAST ROUTING

● Routing is the process of selecting best paths in a network.

● In unicast routing, a packet is routed, hop by hop, from its source to

its destination by the help of forwarding tables.
● Routing a packet from its source to its destination means routing the
packet from a source router (the default router of the source host) to a
destination router (the router connected to the destination network).
● The source host needs no forwarding table because it delivers its packet to
the default router in its local network.
● The destination host needs no forwarding table either because it receives
the packet from its default router in its local network.
● Only the intermediate routers in the networks need forwarding tables.

NETWORK AS A GRAPH

 The Figure below shows a graph representing a network.

 The nodes of the graph, labeled A through G, may be hosts, switches,

routers, or networks.
 The edges of the graph correspond to the network links.

 Each edge has an associated cost.

 The basic problem of routing is to find the lowest-cost path between any two
nodes, where the cost of a path equals the sum of the costs of all the edges
that make up the path.
 This static approach has several problems:

❖ It does not deal with node or link failures.

❖ It does not consider the addition of new nodes or links.

❖ It implies that edge costs cannot change.

 For these reasons, routing is achieved by running routing protocols among
the nodes.
  These protocols provide a distributed, dynamic way to solve the problem
of finding the lowest-cost path in the presence of link and node failures
and changing edge costs.

UNICAST ROUTING ALGORITHMS

⮚ There are three main classes of routing protocols:

1) Distance Vector Routing Algorithm – Routing Information Protocol
2) Link State Routing Algorithm – Open Shortest Path First Protocol
3) Path-Vector Routing Algorithm - Border Gateway Protocol

 Distance vector routing is distributed, i.e., algorithm is run on all nodes.

 Each node knows the distance (cost) to each of its directly connected neighbors.

 Nodes construct a vector (Destination, Cost, NextHop) and distributes to

its neighbors.
 Nodes compute routing table of minimum distance to every other node
via NextHop using information obtained from its neighbors.

Initial State

 In given network, cost of each link is 1 hop.

 Each node sets a distance of 1 (hop) to its immediate neighbor

and cost to itself as 0.
 Distance for non-neighbors is marked as unreachable with value (infinity).

 For node A, nodes B, C, E and F are reachable, whereas nodes D and G

are unreachable.

 The initial table for all the nodes are given below
 Each node sends its initial table (distance vector) to neighbors and
receives their estimate.
 Node A sends its table to nodes B, C, E & F and receives tables from nodes
B, C, E & F.
 Each node updates its routing table by comparing with each of its
neighbor's table
 For each destination, Total Cost is computed as:

▪ Total Cost = Cost (Node to Neighbor) + Cost (Neighbor to Destination)

 If Total Cost < Cost then

▪ Cost = Total Cost and NextHop = Neighbor

 Node A learns from C's table to reach node D and from F's table to
reach node G.
 Total Cost to reach node D via C = Cost (A to C) + Cost(C to D)

Cost = 1 + 1 = 2.
▪ Since 2 < , entry for destination D in A's table is changed to (D,
2, C)

▪ Total Cost to reach node G via F = Cost(A to F) + Cost(F to G) = 1 + 1 = 2

▪ Since 2 < , entry for destination G in A's table is changed to (G,

2, F)
 Each node builds complete routing table after few exchanges amongst
its neighbors.

 System stabilizes when all nodes have complete routing information, i.e.,
convergence.
 Routing tables are exchanged periodically or in case of triggered update.

 The final distances stored at each node is given below:

Updation of Routing Tables
There are two different circumstances under which a given node decides to send a
routing update to its neighbors.

Periodic Update

⮚ In this case, each node automatically sends an update message every so

often, even if nothing has changed.
⮚ The frequency of these periodic updates varies from protocol to protocol,
but it is typically on the order of several seconds to several minutes.

Triggered Update

 In this case, whenever a node notices a link failure or receives an update

from one of its neighbors that causes it to change one of the routes in its
routing table.

 Whenever a node’s routing table changes, it sends an update to its neighbors,

which may lead to a change in their tables, causing them to send an update
to their neighbors.

ROUTING INFORMATION PROTOCOL (RIP)

● RIP is an intra-domain routing protocol based on distance-vector algorithm.

Example

● Routers advertise the cost of reaching networks. Cost of reaching each link is
1 hop. For example, router C advertises to A that it can reach network 2, 3 at
cost 0 (directly connected), networks 5, 6 at cost 1 and network 4 at cost 2.
● Each router updates cost and next hop for each network number.
● Infinity is defined as 16, i.e., any route cannot have more than 15
hops. Therefore RIP can be implemented on small-sized networks
only.
 ● Advertisements are sent every 30 seconds or in case of triggered update.

 Command - It indicates the packet type.

Value 1 represents a request packet. Value 2 represents a response packet.
 Version - It indicates the RIP version number. For RIPv1, the value is 0x01.

 Address Family Identifier - When the value is 2, it represents the IP protocol.

 IP Address - It indicates the destination IP address of the route. It can be

the addresses of only the natural network segment.
 Metric - It indicates the hop count of a route to its destination.

Count-To-Infinity (or) Loop Instability Problem

● Suppose link from node A to E goes down.

❖ Node A advertises a distance of to E to its neighbors

❖ Node B receives periodic update from C before A’s

update reaches B
❖ Node B updated by C, concludes that E can be reached in 3 hops via C

❖ Node B advertises to A as 3 hops to reach E

❖ XNode A in turn updates C with a distance of 4 hops to E and so on

● Thus nodes update each other until cost to E reaches infinity, i.e.,
no convergence.
● Routing table does not stabilize.
● This problem is called loop instability or count to infinity

Solution to Count-To-Infinity (or) Loop Instability Problem :

● Infinity is redefined to a small number, say 16.

● Distance between any two nodes can be 15 hops maximum. Thus
distance vector routing cannot be used in large networks.
● When a node updates its neighbors, it does not send those routes it
learned from each neighbor back to that neighbor. This is known as split
 horizon.
● Split horizon with poison reverse allows nodes to advertise routes it
learnt from a node back to that node, but with a warning message.

● Each node knows state of link to its neighbors and cost.

● Nodes create an update packet called link-state packet (LSP) that contains:

⮚ ID of the node

⮚ List of neighbors for that node and associated cost

⮚ 64-bit Sequence number

⮚ Time to live
 ● Link-State routing protocols rely on two mechanisms:
⮚ Reliable flooding of link-state information to all other nodes

⮚ Route calculation from the accumulated link-state knowledge

Reliable Flooding
● Each node sends its LSP out on each of its directly connected links.
● When a node receives LSP of another node, checks if it has an LSP already
for that node.
● If not, it stores and forwards the LSP on all other links except the
incoming one.
● Else if the received LSP has a bigger sequence number, then it is stored
and forwarded. Older LSP for that node is discarded.
● Otherwise discard the received LSP, since it is not latest for that node.

● Thus recent LSP of a node eventually reaches all nodes, i.e., reliable flooding.

(a) (b) (c) (d)

● Flooding of LSP in a small network is as follows:

⮚ When node X receives Y’s LSP (fig a), it floods onto its neighbors A
and C (fig b)
⮚ Nodes A and C forward it to B, but does not sends it back to X (fig c).

⮚ Node B receives two copies of LSP with same sequence number.

⮚ Accepts one LSP and forwards it to D (fig d). Flooding is complete.

● LSP is generated either periodically or when there is a change in the topology.

Route Calculation
● Each node knows the entire topology, once it has LSP from every other node.
● Forward search algorithm is used to compute routing table from the
received LSPs.
● Each node maintains two lists, namely Tentative and Confirmed with entries
of the form (Destination, Cost, NextHop).

DIJKSTRA’S SHORTEST PATH

ALGORITHM (FORWARD SEARCH
ALGORITHM)
1. Each host maintains two lists, known as Tentative and Confirmed
2. Initialize the Confirmed list with an entry for the Node (Cost = 0).
3. Node just added to Confirmed list is called Next. Its LSP is examined.
4. For each neighbor of Next, calculate cost to reach each neighbor as Cost
(Node to Next) + Cost (Next to Neighbor).
a. If Neighbor is neither in Confirmed nor in Tentative list, then
add (Neighbor, Cost, NextHop) to Tentative list.
b. If Neighbor is in Tentative list, and Cost is less than existing cost,
then replace the entry with (Neighbor, Cost, NextHop).
5. If Tentative list is empty then Stop, otherwise move least cost entry
from Tentative list to Confirmed list. Go to Step 2.
Example :

OPEN SHORTEST PATH FIRST PROTOCOL (OSPF)

● OSPF is a non-proprietary widely used link-state routing protocol.
● OSPF Features are:
⮚ Authentication―Malicious host can collapse a network by advertising
to reach every host with cost 0. Such disasters are averted by
authenticating routing updates.
⮚ Additional hierarchy―Domain is partitioned into areas, i.e., OSPF is
more scalable.
⮚ Load balancing―Multiple routes to the same place are assigned same
cost. Thus traffic is distributed evenly.

Link State Packet Format

Version ― represents the current version, i.e., 2.

Type ― represents the type (1–5) of OSPF message.
Type 1 - “hello” message, Type 2 - request, Type 3 –
send , Type 4 - acknowledge the receipt of link state messages ,
Type 5 - reserved
SourceAddr ― identifies the sender
AreaId ― 32-bit identifier of the area in which the node is located
Checksum ― 16-bit internet checksum
Authentication type ― 1 (simple password), 2 (cryptographic authentication).
Authentication ― contains password or cryptographic checksum
 Difference Between Distance-Vector And Link-State Algorithms

● Path-vector routing is an asynchronous and distributed routing algorithm.

● The Path-vector routing is not based on least-cost routing.
● The best route is determined by the source using the policy it imposes on
the route.
● In other words, the source can control the path.
● Path-vector routing is not actually used in an internet, and is mostly designed
to route a packet between ISPs.

Spanning Trees
● In path-vector routing, the path from a source to all destinations is
determined by the best spanning tree.
● The best spanning tree is not the least-cost tree.
● It is the tree determined by the source when it imposes its own policy.
● If there is more than one route to a destination, the source can choose the
route that meets its policy best.
● A source may apply several policies at the same time.

● One of the common policies uses the minimum number of nodes to be

visited. Another common policy is to avoid some nodes as the middle node
in a route.
● The spanning trees are made, gradually and asynchronously, by each node.
When a node is booted, it creates a path vector based on the information it
can obtain about its immediate neighbor.
● A node sends greeting messages to its immediate neighbors to collect
these pieces of information.
● Each node, after the creation of the initial path vector, sends it to all
its immediate neighbors.
● Each node, when it receives a path vector from a neighbor, updates its

path vector using the formula

● The policy is defined by selecting the best of multiple paths.
● Path-vector routing also imposes one more condition on this equation.
● If Path (v, y) includes x, that path is discarded to avoid a loop in the path.
● In other words, x does not want to visit itself when it selects a path to y.

Example:
● The Figure below shows a small internet with only five nodes.
● Each source has created its own spanning tree that meets its policy.
● The policy imposed by all sources is to use the minimum number of nodes to
 reach a destination.
● The spanning tree selected by A and E is such that the communication does
not pass through D as a middle node.
● Similarly, the spanning tree selected by B is such that the communication
does not pass through C as a middle node.

Path Vectors made at booting time

● The Figure below shows all of these path vectors for the example.
● Not all of these tables are created simultaneously.
● They are created when each node is booted.
● The figure also shows how these path vectors are sent to immediate
neighbors after they have been created.

Updating Path Vectors

● The Figure below shows the path vector of node C after two events.
● In the first event, node C receives a copy of B’s vector, which improves
its vector: now it knows how to reach node A.
● In the second event, node C receives a copy of D’s vector, which does
not change its vector.
● The vector for node C after the first event is stabilized and serves as
its forwarding table.
BORDER GATEWAY PROTOCOL (BGP)
● The Border Gateway Protocol version (BGP) is the only interdomain
routing protocol used in the Internet today.
● BGP4 is based on the path-vector algorithm. It provides information about
the reachability of networks in the Internet.
● BGP views internet as a set of autonomous systems
interconnected arbitrarily.

● Each AS have a border router (gateway), by which packets enter and leave
that AS. In above figure, R3 and R4 are border routers.
● One of the router in each autonomous system is designated as BGP speaker.

● BGP Speaker exchange reachability information with other BGP

speakers, known as external BGP session.
● BGP advertises complete path as enumerated list of AS (path vector) to
reach a particular network.
● Paths must be without any loop, i.e., AS list is unique.
● For example, backbone network advertises that networks 128.96 and
192.4.153 can be reached along the path <AS1, AS2, AS4>.

● If there are multiple routes to a destination, BGP speaker chooses one based
on policy.
● Speakers need not advertise any route to a destination, even if one exists.

● Advertised paths can be cancelled, if a link/node on the path goes down.

This negative advertisement is known as withdrawn route.
● Routes are not repeatedly sent. If there is no change, keep alive messages
are sent.
 iBGP - interior BGP
● A Variant of
BGP
● Used by routers to update routing information learnt from other speakers
to routers inside the autonomous system.
● Each router in the AS is able to determine the appropriate next hop for
all prefixes.

UNICAST ROUTING PROTOCOLS

● A protocol is more than an algorithm.

● A protocol needs to define its domain of operation, the messages
exchanged, communication between routers, and interaction with
protocols in other domains.
● A routingprotocol specifies how routers communicate with each
other, distributing information that enables them to select routes
between any two nodes on a computer network.
● Routers perform the "traffic directing" functions
on the Internet; data packets are forwarded through the
networks of the internet from router to router until they reach their destination
computer.
● Routing algorithms determine the specific choice of route.
● Each router has a prior knowledge only of networks attached to it directly.
● A routing protocol shares this information first among immediate
neighbors, and then throughout the network. This way, routers gain
knowledge of the topology of the network.
● The ability of routing protocols to dynamically adjust to changing conditions
such as disabled data lines and computers and route data around obstructions
is what gives the Internet its survivability and reliability.
● The specific characteristics of routing protocols include the manner in
which they avoid routing loops, the manner in which they select preferred
routes, using information about hop costs, the time they require to reach
routing convergence, their scalability, and other factors.
 INTERNET STRUCTURE
● Internet has a million networks. Routing table entries per router should
be minimized.
● Link state routing protocol is used to partition domain into areas.

● An routing area is a set of routers configured to exchange link-

state information.
● Area introduces an additional level of hierarchy.
● Thus domains can grow without burdening routing protocols.

● There is one special area—the backbone area, also known as area 0.

● Routers R1, R2 and R3 are part of backbone area.
● Routers in backbone area are also part of non-backbone areas. Such routers
are known as Area Border Routers (ABR).
● Link-state advertisement is exchanged amongst routers in a non-backbone area.
● They do not see LSAs of other areas. For example, area 1 routers are not
aware of area 3 routers.
● ABR advertises routing information in their area to other ABRs.

● For example,R2 advertises area 2 routing information to R1 and R3, which

in turn pass onto their areas.
● All routers learn how to reach all networks in the domain.

● When a packet is to be sent to a network in another area, it goes

through backbone area via ABR and reaches the destination area.
● Routing Areas improve scalability but packets may not travel on the
shortest path.

INTER DOMAIN ROUTING

● Internet is organized as autonomous systems (AS) each of which is under
the control of a single administrative entity.
● A corporation’s complex internal network might be a single AS, as may
the network of a single Internet Service Provider (ISP).
● Interdomain routing shares reachability information between
autonomous systems.
● The basic idea behind autonomous systems is to provide an additional way to
hierarchically aggregate routing information in a large internet, thus
improving scalability.
● Internet has backbone networks and sites. Providers connect at a peering point.

Traffic on the internet is of two types:

 Local Traffic - Traffic within an autonomous system is called local.

 Transit Traffic - Traffic that passes through an autonomous system is called

transit.

Autonomous Systems (AS) are classified as:

 Stub AS - is connected to only one another autonomous system and
carries local traffic only (e.g. Small corporation).
 Multihomed AS - has connections to multiple autonomous systems but
refuses to carry transit traffic (e.g. Large corporation).
 Transit AS - has connections to multiple autonomous systems and is
designed to carry transit traffic (e.g. Backbone service provider).
 Policies Used By Autonomous Systems :
 Provider-Customer―Provider advertises the routes it knows, to the
customer and advertises the routes learnt from customer to everyone.
 Customer-Provider―Customers want the routes to be diverted to them. So they
advertise their own prefixes and routes learned from customers to provider and
advertise routes learned from provider to customers.
 Peer―Two providers access to each other’s customers without having to pay.

CHALLENGES IN INTER-DOMAIN ROUTING PROTOCOL

● Each autonomous system has an intra-domain routing protocol, its own
policy and metric.
● Internet backbone must be able to route packets to the destination that
complies with policies of autonomous system along a loopless path.
● Service providers have trust deficit and may not trust advertisements by
other AS, or may refuse to carry traffic from other AS.

TYPES OF ROUTING PROTOCOLS

Two types of Routing Protocols are used in the Internet:

1) Intradomain routing
⮚ Routing within a single autonomous system

⮚ Routing Information Protocol (RIP) - based on the distance-vector

algorithm - (REFER distance-vector routing
algorithm)
⮚ Open Shortest Path First (OSPF) - based on the link-state algorithm -

(REFER link-state routing algorithm)

2) Interdomain routing

⮚ Routing between autonomous systems.

⮚ Border Gateway Protocol (BGP) - based on the path-vector algorithm -
(REFER Path Vector routing algorithm)
 MULTICASTING
● In multicasting, there is one source and a group of destinations.
● Multicast supports efficient delivery to multiple destinations.
● The relationship is one to many or many-to-many.
● One-to-Many (Source Specific
Multicast) oRadio station broadcast
oTransmitting news, stock-price
oSoftware updates to multiple hosts
● Many-to-Many (Any Source Multicast)
oMultimedia
teleconferencing oOnline
multi-player games
oDistributed simulations
● In this type of communication, the source address is a unicast address, but the
destination address is a group address.
● The group address defines the members of the group.

● In multicasting, a multicast router may have to send out copies of the

same datagram through more than one interface.
● Hosts that are members of a group receive copies of any packets sent to
that group’s multicast address
● A host can be in multiple groups
● A host can join and leave groups
● A host signals its desire to join or
leave a multicast group by communicating with its local
router using a special protocol.
● In IPv4, the protocol is Internet Group Management Protocol (IGMP)
● In IPv6, the protocol is Multicast Listener Discovery (MLD)
IGMP OR MLD PROTOCOL
● Hosts communicate their desire to join / leave a multicast group to a
router using Internet Group Message Protocol (IGMP) in IPv4 or
Multicast Listener Discovery (MLD) in IPv6.
 ● Provides multicast routers with information about the membership status
of hosts connected to the network.
● Enables a multicast router to create and update list of loyal members
for each group.

MULTICAST ADDRESSING
● Multicast address is associated with a group, whose members are dynamic.
● Each group has its own IP multicast address.
● IP addresses reserved for multicasting are Class D in IPv4 (Class D
224.0.0.1 to 239.255.255.255), 1111 1111 prefix in IPv6.
o

● Hosts that are members of a group receive copy of the packet sent
when destination contains group address.

MULTICASTING VERSUS MULTIPLE UNICASTING

● Multicasting starts with a single packet from the source that is duplicated
by the routers. The destination address in each packet is the same for all
duplicates.
● Only a single copy of the packet travels between any two routers.

● In multiple unicasting, several packets start from the source.

● If there are three destinations, for example, the source sends three packets,
each with a different unicast destination address.
● There may be multiple copies traveling between two routers

NEED FOR MULTICAST

Without support for multicast
● A source needs to send a separate packet with the identical data to
each member of the group
● Source needs to keep track of the IP address of each member in the group

Using IP multicast
● Sending host does not send multiple copies of the packet
● A host sends a single copy of the packet addressed to the group’s
multicast address
● The sending host does not need to know the individual unicast IP address
of each member
 TYPES OF MULTICASTING
● Source-Specific Multicast - In source-specific multicast (one-to-many
model), receiver specifies multicast group and sender from which it is
interested to receive packets. Example: Internet radio broadcasts.

● Any Source Multicast - Supplements any source multicast (many-to-

many model).

MULTICAST APPLICATIONS
● Access to Distributed Databases
● Information Dissemination
● Teleconferencing.
● Distance Learning

MULTICAST ROUTING
● To support multicast, a router must additionally have multicast
forwarding tables that indicate, based on multicast address, which links
to use to forward the multicast packet.
● Unicast forwarding tables collectively specify a set of paths.
● Multicast forwarding tables collectively specify a set of trees -
Multicast distribution trees.
● Multicast routing is the process by which multicast distribution trees
are determined.
● To support multicasting, routers additionally build multicast
forwarding tables.
● Multicast forwarding table is a tree structure, known as
multicast distribution trees.
● Internet multicast is implemented on physical networks that
support broadcasting by extending forwarding functions.

MULTICAST DISTRIBUTION TREES

There are two types of Multicast Distribution Trees used in multicast routing.
They are
 Source-Based Tree: (DVMRP)

▪ For each combination of (source , group), there is a shortest

path spanning tree.
▪ Flood and prune

⮚ Send multicast traffic everywhere

⮚ Prune edges that are not actively subscribed to group

▪ Link-state
 ⮚ Routers flood groups they would like to receive

⮚ Compute shortest-path trees on demand

 Shared Tree (PIM)

▪ Single distributed tree shared among all sources

▪ Does not include its own topology discovery mechanism, but

instead uses routing information supplied by other routing
protocols
▪ Specify rendezvous point (RP) for group

▪ Senders send packets to RP, receivers join at RP

 ▪ RP multicasts to receivers; Fix-up tree for optimization

▪ Rendezvous-Point Tree: one router is the center of the group and

therefore the root of the tree.

MULTICAST ROUTING PROTOCOLS

● Internet multicast is implemented on
physical networks that support broadcasting by extending
forwarding functions.
● Major multicast routing protocols are:
1. Distance-Vector Multicast Routing Protocol (DVMRP)
2. Protocol Independent Multicast (PIM)

1. Distance Vector Multicast Routing Protocol

● The DVMRP, is a routing protocol used to share information
between routers to facilitate the transportation of IP multicast packets among
networks.
● It formed the basis of the Internet's historic multicast backbone.
● Distance vector routing for unicast is extended to support multicast routing.
● Each router maintains a routing table for all destination through exchange
of distance vectors.
● DVMRP is also known as flood-and-prune protocol.
● DVMRP consists of two major components:
● A conventional distance-vector routing protocol, like RIP
● A protocol for determining how to forward multicast packets, based on
the routing table
● DVMRP router forwards a packet if
● The packet arrived from the link used to reach the source of the packet
● If downstream links have not pruned the tree
● DVMRP protocol uses the basic packet types as follows:

● The forwarding table of DVMRP is as follows:

 Multicasting is added to distance-vector routing in four stages.
⮚ Flooding

⮚ Reverse Path Forwarding (RPF)

⮚ Reverse Path Broadcasting (RPB)

⮚ Reverse Path Multicast (RPM)

Flooding
Router on receiving a multicast packet from source S to a Destination from
NextHop, forwards the packet on all out-going links.
Packet is flooded and looped back to S.
The drawbacks are:
o It floods a network, even if it has no members for that group.
o Packets are forwarded by each router connected to a LAN, i.e.,
duplicate flooding

Reverse Path Forwarding (RPF)

RPF eliminates the looping problem in the flooding process.
Only one copy is forwarded and the other copies are
discarded.
RPF forces the router to forward a multicast packet from one specific interface:
the one which has come through the shortest path from the source to the router.
Packet is flooded but not looped back to S.

Reverse-Path Broadcasting (RPB)

RPB does not multicast the packet, it broadcasts it.
RPB creates a shortest path broadcast tree from the source to each destination.
It guarantees that each destination receives one and only one copy of the
packet.
We need to prevent each network from receiving more than one copy of
the packet.
If a network is connected to more than one router, it may receive a copy of
the packet from each router.
One router identified as parent called designated Router (DR).
Only parent router forwards multicast packets from source S to the attached
network.
When a router that is not the parent of the attached network receives a
multicast packet, it simply drops the packet.
 Reverse-Path Multicasting (RPM)
To increase efficiency, the multicast packet must reach only
those networks that have active members for that
particular group.
RPM adds pruning and grafting to RPB to create a multicast shortest path
tree that supports dynamic membership changes.

Pruning:
� Sent from routers receiving multicast traffic for which they have no

active group members

� “Prunes” the tree created by DVMRP

� Stops needless data from being sent

Grafting:
� Used after a branch has been pruned back

� Sent by a router that has a host that joins a multicast group

� Goes from router to router until a router active on the multicast group
is reached
� Sent for the following cases

▪ A new host member joins a group

▪ A new dependent router joins a pruned branch
▪ A dependent router restarts on a pruned branch
2. Protocol Independent Multicast (PIM)
PIM divides multicast routing problem into sparse and dense mode.
PIM sparse mode (PIM-SM) is widely used.
PIM does not rely on any type of unicast routing protocol, hence
protocol independent.
Routers explicitly join and leave multicast group using Join and Prune
messages.
One of the router is designated as rendezvous point (RP) for each group in a
domain to receive PIM messages.
Multicast forwarding tree is built as a result of routers sending Join
messages to RP.
Two types of trees to be constructed:
▪ Shared tree - used by all senders

▪ Source-specific tree - used only by a specific sending host

The normal mode of operation creates the shared tree first, followed by one or
more source-specific trees

Shared Tree
When a router sends Join message for group G to RP, it goes through a
set of routers.
Join message is wildcarded (*), i.e., it is applicable to all senders.
Routers create an entry (*, G) in its forwarding table for the shared tree.
Interface on which the Join arrived is marked to forward packets for
that group.
Forwards Join towards rendezvous router RP.
Eventually, the message arrives at RP. Thus a shared tree with RP as root is
formed.

Example
Router R4 sends Join message for group G to rendezvous router RP.
Join message is received by router R2. It makes an entry (*, G) in its table and
forwards the message to RP.
When R5 sends Join message for group G, R2 does not forwards the Join. It
adds an outgoing interface to the forwarding table created for that group.

As routers send Join message for a group, branches are added to the tree, i.e.,
shared.
Multicast packets sent from hosts are forwarded to designated router RP.
 Suppose router R1, receives a message to group G.
oR1 has no state for group G.
o Encapsulates the multicast packet in a Register message.
o Multicast packet is tunneled along the way to RP.
RP decapsulates the packet and sends multicast packet onto the shared
tree, towards R2.
R2 forwards the multicast packet to routers R4 and R5 that have members
for group G.

Source-Specific Tree
RP can force routers to know about group G, by sending Join message to the
sending host, so that tunneling can be avoided.
Intermediary routers create sender-specific entry (S, G) in their tables.
Thus a source-specific route from R1 to RP is formed.
If there is high rate of packets sent from a sender to a group G, then
shared- tree is replaced by source-specific tree with sender as
root.

Example

Rendezvous router RP sends a Join message to the host router R1.

Router R3 learns about group G through the message sent by RP.
Router R4 send a source-specific Join due to high rate of packets from
sender. Router R2 learns about group G through the message sent by R4.
Eventually a source-specific tree is formed with R1 as root.

Analysis of PIM
Protocol independent because, tree is based on Join messages via shortest path.
Shared trees are more scalable than source-specific trees.
Source-specific trees enable efficient routing than shared trees.
 UNIT V-DATA LINK AND PHYSICAL LAYERS
Data Link Layer – Framing – Flow control – Error control – Data-Link Layer Protocols – HDLC
– PPP - Media Access Control – Ethernet Basics – CSMA/CD – Virtual LAN – Wireless
LAN (802.11) - Physical Layer: Data and Signals - Performance – Transmission media-
Switching – Circuit Switching.
 INTRODUCTION TO DATA LINK LAYER
The Internet is a combination of networks attached together by connecting devices (routers or
switches). If a packet is to travel from a host to another host, it needs to pass through these networks as
shown in Figure 2.1. Communication at the data-link layer is made up of five separate logical connections
between the data-link layers in the path.

Figure 2.1 Communication at the data-link layer

The data-link layer at Alice's computer communicates with the data-link layer at router R2. The data-
link layer at router R2 communicates with the data-link layer at router R4, and so on. Finally, the data-link
layer at router R7 communicates with the data-link layer at Bob's computer. Only one data-link layer is
involved at the source or the destination, but two data-link layers are involved at each router.
The reason is that Alice's destination, Bob's computers are each connected to a single network, but
each router takes an input from one network and sends output to another network. Nodes and Links
Communication at the data-link layer is node-to-node. A data unit from one point in the Internet needs to
pass through many networks (LANs and WANs) to reach another point. Theses LANs and WANs are
connected by routers. It is customary to refer to the two end hosts and the routers as nodes and the networks
in between as links.

Figure 2.2 Nodes and Links

In figure 2.2, the first node is the source host and the last node is the destination host. The other four nodes
are four routers. The first, the third, and the fifth links represent the three LANs. The second and the fourth
links represent the two WANs.
Services
The data-link layer is located between the physical and the network layers. The data-link layer
provides services to the network layer and it receives services from the physical layer. The duty of the data-
link layer is node-to-node delivery. When a packet is traveling in the Internet, the data-link layer of a node
(host or router) is responsible for delivering a datagram to the next node in the path. In order to this job, the
data-link layer of the node needs to encapsulate the datagram received from the network in a frame, and the
data-link layer of the receiving node needs to decapsulates the datagram from the frame.
The data-link layer of the source host needs only to encapsulate, the data-link layer of the destination host
needs to decapsulate, but each intermediate node needs to both encapsulate and decapsulate. Figure 2.3
shows the encapsulation and decapsulation at the data-link layer. In figure 2.3, only one router is there
between the source and destination. The datagram received by the data-link layer of the source host is
encapsulated in a frame. The frame is logically transported from the source host to the router. The frame is
decapsulated at the data-link layer of the router and encapsulated at another frame. The new frame is
logically transported from the router to the destination host.
 Figure 2.3 Encapsulation and decapsulation at the data-link layer
Services provided by a data-link layer
i. Framing
The data-link layer at each node needs to encapsulate the datagram in a frame before sending
it to the next node. The node also needs to decapsulate datagram from the frame received on the
logical channel. Different data-link layers have different formats for framing. A packet at the data-
link layer is normally called a frame.
ii. Flow Control
The sending data-link layer at the end of a link is a producer of frames and the receiving data-
link layer at the other end of a link is a consumer. If the rate of produced frames is higher than the
rate of consumed frames, frames at the receiving end need to be buffered while waiting to be
consumed (processed). Due to limited buffer size at the receiving side, the receiving data-link layer
may drop the frames if its buffer is full otherwise the receiving data-link layer may send a
feedback to the sending data-link layer to ask it to stop or slow down. Different data-link-layer
protocols use different strategies for flow control.
iii. Error Control
At the sending node, a frame in a data-link layer needs to be changed to bits, transformed to
electromagnetic signals, and transmitted through the transmission media. At the receiving node,
electromagnetic signals are received, transformed to bits, and put together to create a frame. Since
electromagnetic signals are susceptible to error, a frame is susceptible to error. Hence, the error
needs to be detected and either corrected at the receiver node or discarded and retransmitted by the
sending node.
iv. Congestion Control
A link may be congested with frames, which may result in frame loss. Most data-link-layer
protocols do not directly use a congestion control to alleviate congestion. In general, congestion
control is considered an issue in the network layer or the transport layer because of its end-to-end
nature.
 Two Categories of Links
When two nodes are physically connected by a transmission medium such as cable or air, the data-
link layer controls how the medium is used. A data-link layer may use the whole capacity of the medium or
only part of the capacity of the link (Point-to-point link or a broadcast link).
• In a point-to-point link, the link dedicated to the two devices.
• In a broadcast link, the link is shared between several chat.
Two Sublayers
The data-link layer can be divided into two sublayers: data link control (DLC) and media access
control (MAC).
• The data link control sublayer deals with all issues common to both point-to-point and
broadcast links.
• The media access control sub-layer deals only with issues specific to broadcast links.

Figure 2.4 Two sublayers of a data-link layer

LINK-LAYER ADDRESSING
In the Internet, the source and destination IP addresses define the two ends but cannot define which
links the datagram should pass through. The IP addresses in a datagram should not be changed. When the
destination IP address in a datagram changes the packet never reaches its destination. If the source IP
address in a datagram changes the router can never communicate with the source if a response needs to be
sent back or an error needs to be reported back to the source. His issue can be solved by using the link-layer
addresses of the two nodes.
A link-layer address is called a physical address or a MAC address. When a datagram passes from
the network layer to the data-link layer, the datagram will be encapsulated in a frame and two data-link
addresses are added to the frame header. These two addresses are changed every time the frame moves from
one link to another.
 Figure 2.5 IP addresses and link-layer addresses in a small internet
In figure 2.5, we have three links, two routers and two hosts namely Alice (source) and Bob
(destination). For each host, we have two addresses called the IP addresses (N) and the link-layer addresses
(L). A router may have many pairs of addresses based on the number of links connected to that particular
router.
In figure 2.5, each link consist a frame. Each frame carries the same datagram with the same source
and destination addresses (Ni and N8), but the link-layer addresses of the frame change from link to link. In
link 1, the link-layer addresses are L1 and L2. In link 2, they are L4 and L5. In link 3, they are L7 and L8.
Here, the IP addresses and the link layer addresses are not in the same order. For IP addresses, the source
address comes before the destination address. For the link-layer address, the destination address comes
before the source.
Types of Addresses
Link-layer protocols define three types of addresses namely unicast, multicast, and broadcast.
i. Unicast Address: Each host or each interface of a router is assigned a unicast address. Unicasting
means one-to-one communication. A frame with a unicast address destination is destined only for
one entity in the link.
ii. Multicast Address: Multicasting means one-to-many communication.
iii. Broadcast Address: Broadcasting means one-to-all communication. A frame with a destination
broadcast address is sent to all entities in the link.
Address Resolution Protocol (ARP)
Anytime a node has an IP datagram to send to another node in a link, it has the IP address of the
receiving node. The source host knows the IP address of the default router. Each router except the last one in
the path gets the IP address of the next router by using its for-warding table. The last router knows the IP
address of the destination host.
Without using the link-layer address of the next node, the IP address of the next node is not helpful
in moving a frame through a link. The ARP protocol is one of the auxiliary protocols, which accepts an IP
address from the IP protocol and maps the address to the corresponding link-layer address then passes it to
the data-link layer.

Figure 2.6 Position of ARP in TCP/IP protocol suite

Anytime a host or a router needs to find the link-layer address of another host or router in its
network, it sends an ARP request packet. The packet includes the link-layer and IP addresses of the sender
and the IP address of the receiver. Because, the sender doesn’t know the link layer address of the receiver.
The query is broadcast over the link using the link-layer broadcast address.
ADDRESS TRANSLATION WITH ARPARP
Request
Argon broadcasts an ARP request to all stations on the network: “What is the hardware address of
Router137?”

Figure 2.7 ARP Request

ARP Reply

Router 137 responds with an ARP Reply which contains the hardware address.
 Figure 2.8 ARP Reply
ARP PACKET FORMAT

Figure 2.9 ARP Packet Format

The above figure 2.9 shows the packet format of ARP. It contains the following fields.
i. Hardware type

⮚ This is a 16-bit field defining the type of the network on which ARP is running.

⮚ Each LAN has been assigned an integer based on its type.

⮚ For example, Ethernet is given type 1.

⮚ ARP can be used on any physical network.

ii. Protocol type

⮚ This is a 16-bit field defining the protocol.

⮚ For example, the value of this field for the IPv4 protocol is 080016, ARP can be used with any

higher-level protocol.
iii. Hardware length

⮚ This is an 8-bit field defining the length of the physical address in bytes.

⮚ For example, for Ethernet the value is 6.

iv. Protocol length

⮚ This is an 8-bit field defining the length of the logical address in bytes.

⮚ For example, for the IPv4 protocol the value is 4.

v. Operation
 ⮚ This is a 16-bit field defining the type of packet.

⮚ Two packet types are defined: ARP request (1) and ARP reply (2).

vi. Sender hardware address

⮚ This is a variable-length field defining the physical address of the sender.

 ⮚ For example, for Ethernet this field is 6 bytes long.

vii. Sender protocol address

⮚ This is a variable-length field defining the logical (for example, IP) address of the sender.

⮚ For the IP protocol, this field is 4 bytes long.

viii. Target hardware address

⮚ This is a variable-length field defining the physical address of the target.

⮚ For an ARP request message, this field is all 0s’ because the sender does not know the physical

address of the target.

ix. Target protocol address

⮚ Defining the logical address of the target.

Example
(i) ARP Request from Argon:
Source hardware address: 00:a0:24:71:e4:44
Source protocol address: 128.143.137.144
Target hardware address: 00:00:00:00:00:00
Target protocol address: 128.143.137.1
(ii) ARP Reply from Router137:
Source hardware address: 00:e0:f9:23:a8:20
Source protocol address: 128.143.137.1
Target hardware address: 00:a0:24:71:e4:44
Target protocol address: 128.143.137.144
There are four types of ARP messages that may be sent by the ARP protocol. These are identified by
four values in the operation field of an ARP message. The types of messages are;
i. ARP request
ii. ARP reply
iii. RARP request
iv. RARP reply
ARP Cache
Since sending an ARP request/reply for each IP datagram is inefficient, hosts maintain a cache (ARP
Cache) of current entries. The entries expire after 20 minutes. Contents of the ARP Cache:
(128.143.71.37) at 00:10:4B:C5:D1:15 [ether] on eth0
(128.143.71.36) at 00:B0:D0:E1:17:D5 [ether] on eth0
(128.143.71.35) at 00:B0:D0: DE: 70:E6 [ether] on eth0
(128.143.136.90) at 00:05:3C:06:27:35 [ether] on eth1
(128.143.71.34) at 00:B0:D0:E1:17: DB [ether] on eth0
 (128.143.71.33) at 00:B0:D0:E1:17: DF [ether] on eth0
Vulnerabilities of ARP
 i. Since ARP does not authenticate requests or replies, ARP Requests and Replies can be forged
ii. ARP is stateless: ARP Replies can be sent without a corresponding ARP Request
iii. According to the ARP protocol specification, a node receiving an ARP packet (Request or Reply)
must update its local ARP cache with the information in the source fields, if the receiving node
already has an entry for the IP address of the source in its ARP cache. (This applies for ARP
Request packets and for ARP Reply packets)
Proxy ARP
Host or router responds to ARP Request that arrives from one of its connected networks for a host
that is on another of its connected networks.

Figure 2.10 Proxy ARP

OVERVIEW OF DATA LINK CONTROL

The two main functions of the data link layer are data link control and media access control. The data
link control deals with the design and procedures for communication between two adjacent nodes (node-to-
node communication). The second function of the data link layer is media access control, or how to share the
link.
Data link control functions include framing, flow and error control, and software implemented
protocols that provide smooth and reliable transmission of frames between nodes. To implement data link
control, we need protocols. Protocol is a set of rules that need to be implemented in software and run by the
two nodes involved in data exchange at the data link layer.
Data transmission in the physical layer means moving bits in the form of a signal from the source to
the destination. The physical layer provides bit synchronization to ensure that the sender and receiver use the
same bit durations and timing.
 FRAMING
The data link layer needs to pack bits into frames, so that each frame is distinguishable from another.
Framing in the data link layer separates a message from one source to a destination, or from other messages
to other destinations, by adding a sender address and a destination address. The destination address defines
where the packet is to go. The sender address helps the recipient acknowledge the receipt. Frames can be of
fixed or variable size.
i. Fixed-Size Framing
In fixed-size framing, there is no need for defining the boundaries of the frames; the size
itself can be used as a delimiter. An example of this type of framing is the ATM wide-area network,
which uses frames of fixed size called cells. ATM (Asynchronous Transfer Mode) is a connection
oriented, high-speed network technology that is used in both LAN and WAN over optical fiber and
operates up to gigabit speed.

ii. Variable-Size Framing

In variable-size framing, we need a way to define the end of the frame and the beginning of
the next. Two approaches were used for this purpose: a character-oriented approach and a bit
oriented approach.
Character-Oriented Protocols
In a character-oriented protocol, data to be carried are 8- bit characters from a coding system such as
ASCII. The header, which normally carries the source and destination addresses and other control
information, and the trailer, which carries error detection or error correction redundant bits, are also
multiples of 8 bits.

Figure 2.11 A frame in a character-oriented protocol

To separate one frame from the next, an 8-bit (1-byte) flag is added at the beginning and the end of a
frame. The flag, composed of protocol-dependent special characters, signals the start or end of a frame.
Figure 2.11 shows the format of a frame in a character-oriented protocol
Bit-Oriented Protocols
In a bit-oriented protocol, the data section of a frame is a sequence of bits to be interpreted by the
upper layer as text, graphic, audio, video, and so on. However, in addition to headers (and possible trailers),
we still need a delimiter to separate one frame from the other. Most protocols use a special 8-bit pattern flag
01111110 as the delimiter to define the beginning and the end of the frame, as shown in Figure 2.12.
 Figure 2.12A frame in a bit-oriented protocol

FLOW AND ERROR CONTROL

The most important responsibilities of the data link layer are flow control and error control.
Collectively, these functions are known as data link control. Flow control refers to a set of procedures used
to restrict the amount of data that the sender can send before waiting for acknowledgment. Each receiving
device has a block of memory, called a buffer, reserved for storing incoming data until they are processed. If
the buffer begins to fill up, the receiver must be able to tell the sender to halt transmission until it is once
again able to receive.
Error control is both error detection and error correction. It allows the receiver to tell the sender of
any frames lost or damaged in transmission and coordinates the retransmission of those frames by the
sender. Error control in the data link layer is based on automatic repeat request (ARQ), which is the
retransmission of data.

PROTOCOLS USED FOR FLOW CONTROL

All the protocols are unidirectional. The data frames travel from one node, called the sender, to
another node, called the receiver. Special frames, called acknowledgment (ACK) and negative
acknowledgment (NAK) can flow in the opposite direction.
In bidirectional data flow – the protocol includes the control information such as ACKs and NAKs
with the data frames. This technique is called piggybacking.

Simplest Stop – and – wait ARQ

Stop – and – wait Go –
Back-N
ARQ
Selective
repeat
ARQ

Figure 2.13 Taxonomy of protocols used for flow

control
Noiseless Channels
An ideal channel in which no frames are lost, duplicated, or corrupted. We introduce two protocols
for this type of channel. The first is a protocol that does not use flow control; the second is the one that does.
 Simplest Protocol
It is a unidirectional protocol in which data frames are traveling in only one direction-from the sender
to receiver. The receiver can immediately handle any frame it receives with in a processing time. The data
link layer of the receiver immediately removes the header from the frame and hands the data packet to its
network layer, which can also accept the packet immediately. Here the receiver can never be overwhelmed
with incoming frames.
Design
There is no need for flow control in this scheme. The data link layer at the sender site gets data from
its network layer, makes a frame out of the data, and sends it. The data link layer at the receiver site receives
a frame from its physical layer, extracts data from the frame, and delivers the data to its network layer. The
data link layers of the sender and receiver provide transmission services for their network layers. The data
link layers use the services provided by their physical layers (such as signaling, multiplexing, and so on) for
the physical transmission of bits.

Figure 2.14 Simplest Protocol Design

The procedure used by both data link layers
The sender site cannot send a frame until its network layer has a data packet to send. The receiver
site cannot deliver a data packet to its network layer until a frame arrives. The procedure / event of a
protocol are as follows;
i. The procedure at the sender site is constantly running; there is no action until there is a request
from the network layer.
ii. The procedure at the receiver site is also constantly running, but there is no action until
notification from the physical layer arrives.
Both procedures are constantly running because they do not know when the corresponding events
will occur.
Sender-site algorithm for the simplest protocol
1 while (true) //Repeat forever
2 {
3 WaitForEven( )I // Sleep until an event occurs
4 If(Event(RequestToSend>>// There is a packet to send
5 {
6 GetData( )i
7 MakeFrame
8 ( )i
9 sendFrame( )i // Send the frame
10 }
}
Where,
i. GetData( ) - takes a data packet from the network
layer.
ii. MakeFrame( ) - adds a header and delimiter flags
to the data packet to make a frame.
iii. SendFrame( ) - delivers the frame to the physical
layer for transmission.
Receiver-site algorithm for the simplest protocol
1 While(true) // Repeat forever
2 {
3 waitForEvent( ) I II Sleep until an event occur
4 if (Event(ArrivalNotification>>II Data frame arrived
5 {
6 ReceiverFrame(
7 )i
8 ExtractData( )i
9 DeliverData( ) I // Deliver data to network layer
1 }
0
}

Flow diagram
 Figure 2.15 Simplest Protocol – Flow diagram
Stop-and-Wait Protocol
If data frames arrive at the receiver site faster than they can be processed, the frames must be stored
until their use. The receiver does not have enough storage space, especially if it is receiving data from many
sources. This may result in either the discarding of frames or denial of service. To prevent the receiver from
becoming overwhelmed with frames, we need to tell the sender to slow down. There must be a feedback
from the receiver to the sender. In the Stop-and-Wait Protocol sender sends one frame, stops until it receives
confirmation from the receiver and then sends the next frame.
In Stop-and-Wait Protocol
i. Data frames will follow the unidirectional communication.
ii. ACK frames (simple tokens of acknowledgment) can travel from the other direction.
Design
At any time, there is either one data frame on the forward channel or one ACK frame on the reverse
channel. We therefore need a half-duplex link.

Figure 2.16 Design of Stop-and- Wait Protocol

Sender-site algorithm for Stop-and- Wait Protocol
while (true) canSend = true
II Repeat forever
{
II Allow the first frame to go
waitForEvent ( )i
II Sleep until an event occurs
if (Event(RequestToSend) AND
canSend)
Receiver-site algorithm for Stop-and-Wait Protocol

Data flow diagram for Stop and wait Protocol

 Figure 2.17 Flow diagram for Stop-and- Wait Protocol
NOISY CHANNELS
Although the Stop-and-Wait Protocol gives us an idea of how to add flow control to its predecessor,
noiseless channels are nonexistent. We discuss three protocols in this section that use error control.
Stop-and-Wait Automatic Repeat Request
The Stop-and-Wait Automatic Repeat Request protocol adds a simple error control mechanism. To
detect and correct the corrupted frames - need to add redundancy bits to our data frame. When the frame
arrives at the receiver site - it is checked and if it is corrupted, it is silently discarded. The detection of errors
is manifested by the silence of the receiver. To number the frames - handle the corrupted frames, duplicate,
or a frame out of order.
Error correction in Stop-and-Wait ARQ is done by keeping a copy of the sent frame and
retransmitting of the frame when the timer expires before receiving the ACK. In Stop-and-Wait ARQ - we
use sequence numbers to number the frames. The sequence numbers are based on modulo-2 arithmetic. In
Stop-and-Wait ARQ - the acknowledgment number always announces in modulo-2 arithmetic, the sequence
number of the next frame expected.
Flow diagram for Stop-and-Wait ARQ
 Figure 2.18 Flow diagram for Stop-and- Wait ARQ
Efficiency
The Stop-and-Wait ARQ discussed in the previous section is very inefficient if our channel is thick
and long. By thick, we mean that our channel has a large and width; by long, we mean the round-trip delay is
long.
Go-Back-N Automatic Repeat Request
To improve the efficiency of transmission (filling the pipe), multiple frames must be in transition by
the sender while waiting for acknowledgment (to keep the channel busy). The first is called Go-Back-N
ARQ – In this protocol we can send several frames before receiving acknowledgments; we keep a copy of
these frames until the acknowledgments arrive. In the Go-Back-N Protocol, the sequence numbers are
modulo 2m where m is the size of the sequence number field in bits. So the sequence numbers are 0,
1,2,3,4,5,6, 7,8,9, 10, 11, 12, 13, 14, 15,0, 1,2,3,4,5,6,7,8,9,10, 11, ...
Control Variables

❖ Sender has 3 variables: S, SF, and SL

❖ S holds the sequence number of recently sent frame

❖ SF holds the sequence number of the first frame

❖ SL holds the sequence number of the last frame

❖ Receiver only has the one variable, R that holds the sequence number of the frame it expects to

receive.
 ❖ If the seq. no. is the same as the value of R, the frame is accepted, otherwise rejected.

Figure 2.19 Go-Back-N ARQ

Normal operation of Go-Back-N ARQ
The sender keeps track of the outstanding frames and updates the variables and windows as the ACKs
arrive.

Figure 2.20 Normal operation of Go-Back-N ARQ

Go-Back-N ARQ - Lost frame
 Figure 2.21 Go-Back-N ARQ- Lost frame
Consider a situation that if frame 2 is lost and the receiver receives frame 3, it discards frame 3
as it is expecting frame 2 (according to window). After the timer for frame 2 expires at the sender site, the
sender sends frame 2 and 3. (Go back to 2)
Selective Repeat ARQ Sender
and receiver windows
Go-Back-N ARQ simplifies the process at the receiver site. Receiver only keeps track of only one
variable, and there is no need to buffer out-of-order frames, they are simply discarded. However, Go-Back-
N ARQ protocol is inefficient for noisy link. It bandwidth inefficient and slows down the transmission. In
Selective Repeat ARQ, only the damaged frame is resent. It may give more bandwidth efficiency but more
complex processing at receiver site. It defines a negative ACK (NAK) to report the sequence number of a
damaged frame before the timer expires.

Figure 2.22 Selective Repeat ARQ

Selective Repeat ARQ- Lost frame
 Figure 2.23 Selective Repeat ARQ- Lost frames
Frames 0 and 1 are accepted when received because they are in the range specified by the receiver
window. Same thing will be followed for frame 3. Receiver sends a NAK2 to show that frame 2 has not
been received and then sender resends only frame 2 and it is accepted as it is in the range of the window.
Selective Repeat ARQ - Sender window size
Size of the sender and receiver windows must be at most one-half of 2 m. If m = 2, window size
m
should be 2 /2 = 2. Fig compares a window size of 2 with a window size of 3. Window size is 3 and all
ACKs are lost, sender sends duplicate of frame 0, window of the receiver expect to receive frame 0 (part of
the window), so accepts frame 0, as the 1st frame of the next cycle – an error.

Figure 2.24 Selective Repeat ARQ – Sender window

 HIGH-LEVEL DATA LINK CONTROL (HDLC)
High-level Data Link Control (HDLC) is a bit-oriented protocol for communication over point-to-
point and multipoint links. It implements the ARQ mechanisms. The HDLC protocol embeds information in
a data frame that allows devices to control data flow and correct errors. In 1979, the ISO made HDLC the
standard as a Bit-oriented control protocol. The HDLC provides a transparent transmission service at the
data link layer of the OSI. The users of the HDLC service provide PDUs which are encapsulated to form
data link layer frames. These frames are separated by HDLC "flags" and are modified by "zero bit
insertion" to guarantee transparency.
Each piece of data is encapsulated in an HDLC frame by adding a trailer and a header. The header
contains an HDLC address and an HDLC control field. The trailer is found at the end of the frame, and
contains a (CRC) which detects any errors which may occur during transmission. The frames are separated
by HDLC flag sequences which are transmitted between each frame and whenever there is no data to be
transmitted. HDLC provides two common transfer modes that can be used in different configurations:
normal response mode (NRM) and asynchronous balanced mode (ACS).
i. Normal response mode (NRM)
In normal response mode (NRM), the station configuration is unbalanced. We have one primary
station and multiple secondary stations. A primary station can send commands and a secondary station can
only respond. The NRM is used for both point-to-point and multiple-point links, as shown in Figure 2.25.

Figure 2.25 Normal response mode

ii. Asynchronous Balanced Mode
In asynchronous balanced mode (ACS), the configuration is balanced. The link is point-to-point, and
each station can function as a primary and a secondary (acting as peers), as shown in Figure 2.26. This is the
common mode today.
 Figure 2.26 Asynchronous balanced mode

Frames

To provide the flexibility, HDLC defines three types of frames namely information frames (I-
frames), supervisory frames (S-frames), and unnumbered frames (V-frames). Each type of frame serves as
an envelope for the transmission of a different type of message.

° I-frames are used to transport user data and control information relating to user data (piggybacking).

° S-frames are used only to transport control information.

° V-frames are reserved for system management. Information carried by V-frames is intended for

managing the link itself.

Figure 2.27 HDLC frames

Frame Format
Each frame in HDLC contain up to six fields, as shown in Figure 2.27.
(a) Beginning flag field
(b) An address field
(c) A control field
(d) An information field
(e) A frame check sequence (FCS) field
(f) An ending flag field.
In multiple-frame transmissions, the ending flag of one frame can serve as the beginning flag of the
next frame.
Fields and their use in different frame types
i. Flag field: The flag field of an HDLC frame is an 8-bit sequence with the bit pattern 01111110 that
identifies both the beginning and the end of a frame and serves as a synchronization pattern for the
receiver. The ending flag of one frame can be used as the beginning flag of the next frame.
ii. Address field: The second field of an HDLC frame contains the address of the secondary station. If a
primary station created the frame, it contains a to address. If a secondary creates the frame, it
contains a from address. An address field can be 1 byte or several bytes long, depending on the
needs of the network. One byte can identify up to 128 stations.
- If the address field is only 1 byte, the last bit is always a 1.
 - If the address is more than 1 byte, all bytes but the last one will end with 0; only the last will
end with 1.
- Ending each intermediate byte with 0 indicates to the receiver that there are more address
bytes to come.
iii. Control field: The control field is a 1- or 2-byte segment of the frame used for flow and error
control. The interpretation of bits in this field depends on the frame type.
iv. Information field: The information field contains the user's data from the network layer or
management information. Its length can vary from one network to another.
v. FCS field: The frame check sequence (FCS) is the HDLC error detection field. It can contain either
a 2- or 4-byte ITU-T CRC.
5.1.1 Bit Stuffing
HDLC uses a process called Bit Stuffing. Bit stuffing is the process of adding one extra zero
whenever there are 5 consecutive 1’s in the data, so that the receiver doesn’t mistake the data for a flag.
Every time a sender wants to transmit a bit sequence having more than 6 consecutive 1’s, it inserts 1
redundant 0 after the 5th 1.
Exceptions
- When the bit sequence is really a flag.
- When transmission is being aborted.
- When the channel is being put into idle.
Example
A frame before bit stuffing
01111110 01111100 101101111 110010
After
011111010 011111000 101101111 1010010
How does the receiver identify a stuffed bit?
- Receiver reads incoming bits and counts 1’s.
- When number of consecutive 1s after a zero is 5, it checks the next bit (7th bit).

- If 7th bit = zero🡪 receiver recognizes it as a stuffed bit, discard it and resets the counter.

- If the 7th bit = 1🡪 then the receiver checks the 8th bit; If the 8th bit = 0, the sequence is recognized as

a flag.
01111010 011111000 101101111 1010010
Control Field
The control field determines the type of frame and defines its functionality. Figure 2.28 shows the
control field format for the different frame types.
 Figure 2.28 Control field format for the different frame types
Control Field forI-Frames
- I-frames are designed to carry user data from thenetwork-layer.
- In addition, they can include flow and error-control information(piggybacking).
- The subfields in the control fieldare:
(i) The first bit defines thetype. If the first bit of the control field is 0, this means the frame
is an I-frame.
(ii) The next 3 bits N(S) define the sequence-number of the frame. With 3 bits, we can
define a sequence-number between 0 and7.
(iii) The last 3 bits N(R) correspond to the acknowledgment-number when piggybacking
isused.
(iv) The single bit between N(S) and N(R) is called the P/Fbit. The P/F field is a single bit
with a dual purpose. It can mean poll or final.
a) It means poll when the frame is sent by a primary station to a secondary
(when the address field contains the address of thereceiver).
b) It means final when the frame is sent by a secondary to a primary (when the
address field contains the address of thesender).
Control Field forS-Frames
- Supervisory frames are used for flow and error-control whenever piggybacking is either impossible
or inappropriate (e.g., when the station either has no data of its own to send or needs to send a
command or response other than anacknowledgment).
- S-frames do not have informationfields.
- The subfields in the control fieldare:
(i) If the first 2 bits of the control field is 10, this means the frame is anS-frame.
(ii) The last 3 bits N(R) corresponds to the acknowledgment-number (ACK) or negative
acknowledgment-number (NAK).
(iii) The 2 bits called code is used to define the type of S-frame itself. With 2 bits, we can
have four types ofS-frames:
a) Receive Ready (RR) = 00
 ° This acknowledges the receipt of frame or group of frames.

° The value of N(R) is the acknowledgment-number.

b) Receive Not Ready (RNR) =10

° This is an RR frame with 1 additional function.

° It announces that the receiver is busy and cannot receive more frames.

° It acts as congestion control mechanism by asking the sender to slow down.

° The value of N(R) is the acknowledgment-number.

c) ReJect (REJ) =01

° It is a NAK frame used in Go-Back-N ARQ to improve the efficiency of the

process.

° It informs the sender, before the sender time expires, that the last
frame is lost or damaged.

° The value of N(R) is the negative acknowledgment-number.

d) Selective REJect (SREJ) =11

° This is a NAK frame used in Selective Repeat ARQ.

° The value of N(R) is the negative acknowledgment-number.

Control Field forU-Frames

- Unnumbered frames are used to exchange session management and control information
between connecteddevices.
- U-frames contain an information field used for system management information, but
not userdata.
- Much of the information carried by U-frames is contained in codes included in
the controlfield.
- U-frame codes are divided into 2sections:
i) A 2-bit prefix before the P/Fbit
ii) A 3-bit suffix after the P/Fbit.
- Together, these two segments (5 bits) can be used to create up to 32 different types ofU-frames.
POINT-TO-POINT PROTOCOL(PPP)
- PPP is one of the most common protocols for point-to-pointaccess.
- Today, millions of Internet users who connect their home computers to the server of an ISP usePPP.
Framing
- PPP uses a character-oriented (or byte-oriented) frame as shown in figure 2.29.
Figure 2.29 PPP frame format
Various fields of PPP frame
i. Flag
- This field has a synchronization pattern01111110.
- This field identifies both the beginning and the end of aframe.
ii. Address
- This field is set to the constant value 11111111 (broadcastaddress).
iii. Control
- This field is set to the constant value 00000011 (imitating unnumbered frames inHDLC).
- PPP does not provide any flowcontrol.
- Error control is also limited to errordetection.
iv. Protocol
- This field defines what is being carried in the payloadfield.
- Payload field carries either i) user data or ii) other controlinformation.
- By default, size of this field = 2bytes.
v. Payloadfield
- This field carries either i) user data or ii) other controlinformation.
- By default, maximum size of this field = 1500bytes.
- This field is byte-stuffed if the flag-byte pattern appears in thisfield.
- Padding is needed if the payload-size is less than the maximumsize.
vi. FCS
- This field is the PPP error-detectionfield.
- This field can contain either a 2- or 4-byte standardCRC.
Byte Stuffing
Since PPP is a byte-oriented protocol, the flag in PPP is a byte that needs to be escaped whenever it
appears in the data section of theframe. The escape byte is 01111101, which means that every time the flag
like pattern appears in the data, this extra byte is stuffed to tell the receiver that the next byte is not aflag.
Obviously, the escape byte itself should be stuffed with another escapebyte.
TransitionPhases
- The transition diagram starts with the dead state as shown in figure2.30.
a) Dead State

° In dead state, there is no active carrier and the line isquiet.

b) Establish State

° When 1 of the 2 nodes starts communication, the connection goes into the establishstate.

° In establish state, options are negotiated between the twoparties.

c) AuthenticateState

° If the 2 parties agree that they need authentication, then the system needs
to doauthentication; otherwise, the parties can simply start communication.
 d) Open State

° Data transfer takes place in the openstate.

e) TerminateState

° When 1 of the endpoints wants to terminate connection, the system goes to terminatestate.

Figure 2.30 Transition phases

MEDIA ACCESS CONTROL

The two main functions of the data link layer are data link control and media access control. The data
link control deals with the design and procedures for communication between two adjacent nodes: node-to-
node communication. The second function of the data link layer is media access control, or how to share the
link.
When nodes or stations are connected and use a common link, called a multipoint or broadcast link,
we need a multiple-access protocol to coordinate access to the link. The upper sub-layer of the DLL that is
responsible for flow and error control is called the logical link control (LLC) layer. The lower sub-layer that
is mostly responsible for multiple access resolution is called the media access control (MAC) layer. Many
formal protocols have been devised to handle access to a shared links; we categorize them into three groups.

A C
L D Reservation Polling
O C Token
H S
A M
C A/
S C
M A
A
C
S
M
A/
 A C
F T D
D D M
M M A
A

Figure 2.31 Taxonomy of multiple-access

protocols RANDOM ACCESS OR CONTENTION METHOD
 In random access no station is superior to another station and none is assigned the control over
another. A station that has data to send uses a procedure defined by the protocol to make a decision on
whether or not to send. This decision depends on the state of the medium (idle or busy). Two features of
random access are;
i. There is no scheduled time for a station to transmit. Transmission is random among the stations. That
is why these methods are called random access.
ii. No rules specify which station should send next. Stations compete with one another to access the
medium. That is why these methods are also called contention methods.
In a random access method, each station has the right to the medium without being controlled by any
other station. If more than one station tries to send, there is an access conflict-collision-and the frames will
be either destroyed or modified. To avoid access conflict or to resolve it when it happens, each station
follows a procedure that answers the following questions:
1) When can the station access the medium?
2) What can the station do if the medium is busy?
3) How can the station determine the success or failure of the transmission?
4) What can the station do if there is an access conflict?
The random access method using ALOHA protocol which used a very simple procedure called
multiple access (MA). The method was improved with the addition of a procedure that forces the station to
sense the medium before transmitting. This was called carrier sense multiple access. This method later
evolved into two parallel methods:
i. Carriers sense multiple access with collision detection (CSMA/CD) : CSMA/CD tells the station
what to do when a collision is detected
ii. Carrier sense multiple access with collision avoidance (CSMA/CA): CSMA/CA tries to avoid the
collision.
ALOHA
ALOHA, the earliest random access method was designed for a radio (wireless) LAN, but it can be
used on any shared medium. When the medium is shared between the stations, the data from the two stations
collide and become garbled.
Pure ALOHA
The original ALOHA protocol is called pure ALOHA. The idea is that each station sends a frame
whenever it has a frame to send. When the channel is shared, there is the possibility of collision between
frames from different stations. Figure 2.32 shows an example of frame collisions in pure ALOHA.
There are four stations that contend with one another for access to the shared channel. The figure
2.32 shows that each station sends two frames; there are a total of eight frames on the shared medium. Some
of these frames collide because multiple frames are in contention for the shared channel. Only two frames
survive: frame 1.1 from station 1 and frame 3.2 from station 3. The pure ALOHA protocol relies on
acknowledgments from the receiver. If the acknowledgment does not arrive after a time-out period, the station
assumes that the frame (or the acknowledgment) has been destroyed and resends the frame.

Figure 2.32 Frames in a pure ALOHA network

A collision involves two or more stations. If all these stations try to resend their frames after the
time-out, the frames will collide again. Pure ALOHA dictates that when the time-out period passes, each
station waits a random amount of time before resending its frame. The randomness will help avoid more
collisions. We call this time the back-off time TB. Pure ALOHA has a 2nd method to prevent congesting
the channel with retransmitted frames. After a maximum number of retransmission attempts Kmax' a station
must give up and try later.

Figure 2.33 Procedure for pure ALOHA protocol

The length of time, the vulnerable time, in which there is a possibility of collision. We assume that
the stations send fixed-length frames with each frame taking TfrS to send. From figure 2.34, we see that the
vulnerable time, during which a collision may occur in pure ALOHA, is 2 times the frame transmission time.
Pure ALOHA vulnerable time = 2 x Tfr
The throughput for pure ALOHA is
S =G x e-2G.
The maximum throughput
Smax =0.184 when G = (1/2)

Figure 2.34 Vulnerable time for pure ALOHA protocol

Slotted ALOHA
Pure ALOHA has a vulnerable time of 2 x Tfr .This is so because there is no rule that defines when
the station can send. A station may send soon after another station has started or soon before another station
has finished. Slotted ALOHA was invented to improve the efficiency of pure ALOHA. In slotted ALOHA
we divide the time into slots of Tfr s and force the station to send only at the beginning of the time slot.
Figure 2.35 shows an example of frame collisions in slotted ALOHA.
Because a station is allowed to send only at the beginning of the synchronized time slot, if a station
misses this moment, it must wait until the beginning of the next time slot. The vulnerable time is now
reduced to one-half, equal to Tfr.
Slotted ALOHA vulnerable time = Tfr
Throughput
It can be proved that the average number of successful transmissions for slotted ALOHA is,
S = G x e-G
The maximum throughput Smax is 0.368, when G = 1.
 Figure 2.35 Frames in a slotted ALOHA
network Carrier Sense Multiple Access (CSMA)
CSMA is based on the principle "sense before transmit" or "listen before talk." CSMA can reduce the
possibility of collision, but it cannot eliminate it. The reason for this is propagation delay (Stations are
connected to a shared channel usually a dedicated medium). The possibility of collision still exists because
of at time t1 station B senses the medium and finds it idle, so it sends a frame.

Figure 2.36 Space/time model of the collision in CSMA

At time t2 (t2> t1),station C senses the medium and finds it idle because, at this time, the first bits
from station B have not reached station C. So station C also sends a frame. The two signals collide and both
frames are destroyed.
Vulnerable Time
The vulnerable time for CSMA is the propagation time Tp. This is the time needed for a signal to
propagate from one end of the medium to the other. When a station sends a frame, and any other station tries
to send a frame during this time, a collision will result.
Persistence Methods
What should a station do if the channel is busy? What should a station do if the channel is idle?
Three persistence methods have been devised to answer these questions:
 i. 1-persistent method
ii. non-persistent method
iii. P-persistent method.
1- Persistent

In this method, after the station finds the line idle, it sends its frame immediately (with probability I).
This method has the highest chance of collision because two or more stations may find the line idle and send
their frames immediately.

Figure 2.37 Behavior of 1-Persistence methods

Non-persistent

Figure 2.38Behavior of Non-Persistence methods

In this method, a station that has a frame to send senses the line. If the line is idle, it sends
immediately. If the line is not idle, it waits a random amount of time and then senses the line again. The non-
persistent approach reduces the chance of collision. This method reduces the efficiency of the network
because the medium remains idle when there may be stations with frames to send.
The P-persistent method
Itis used if the channel has time slots with slot duration equal to or greater than the maximum
propagation time. This approach reduces the chance of collision and improves efficiency. In this method,
after the station finds the line idle it follows these steps:
1) With probability p, the station sends its frame.
2) With probability q = 1 - p, the station waits for the beginning of the next time slot and
checks the line again.
a) If the line is idle, it goes to step 1.
b) If the line is busy, it acts as though a collision has occurred and uses the back- off procedure.
 Figure 2.39 Behavior of P-Persistence methods
Flow diagram for three persistence methods

Figure 2.40 Flow diagram for three persistence

methods Carrier sense multiple access with collision detection (CSMA/CD)
CSMA/CD augments the algorithm to handle the collision. In this method, a station monitors the
medium after it sends a frame to see if the transmission was successful. If so, the station is finished. If,
however, there is a collision, the frame is sent again.
Procedure
We need to sense the channel before we start sending the frame by using one of the persistence
processes. Transmission and collision detection is a continuous process. We do not send the entire frame (bit
by bit). By sending a short jamming signal, we can enforce the collision in case other stations have not yet
sensed the collision.
Carrier sense multiple access with collision avoidance (CSMA/CA)
 CSMA/CA was invented to avoid collisions on wireless networks. Collisions are avoided through the
use of CSMA/CA's three strategies:
i. The inter frame space (used to define the priority of a station)
ii. The contention window
iii. Acknowledgments
Interframe Space (IFS)
When an idle channel is found, the station does not send immediately. It waits for a period of time
called the interframe space or IFS. Even though the channel may appear idle when it is sensed, a distant
station may have already started transmitting. The distant station's signal has not yet reached this station.
Contention Window
The contention window is an amount of time divided into slots. A station that is ready to send
chooses a random number of slots as its wait time. The station needs to sense the channel after each time
slot. However, if the station finds the channel busy, it does not restart the process; it just stops the timer and
restarts it when the channel is sensed as idle. This gives priority to the station with the longest waiting time.
Acknowledgment
With all these precautions, there still may be a collision resulting in destroyed data, and the data may
be corrupted during the transmission. The positive acknowledgment and the time-out timer can help
guarantee that the receiver has received the frame.
CONTROLLED ACCESS
In controlled access, the stations consult one another to find which station has the right to send. A
station cannot send unless it has been authorized by other stations. Three popular controlled-access methods:
i. Reservation
ii. Polling
iii. Token passing
Reservation
In the reservation method, a station needs to make a reservation before sending data. Time is divided
into intervals. In each interval, a reservation frame precedes the data frames sent in that interval. Figure 2.41
shows a situation with five stations and a five-mini slot reservation frame. In the first interval, only stations
1, 3, and 4 have made reservations. In the second interval, only station 1 has made a reservation.

Figure 2.41 Reservation process in controlled access

Polling
 Here one device is designated as a primary station and the other devices are secondary stations. All
data exchanges must be made through the primary device. The primary device controls the link; the
secondary devices follow its instructions. The primary device is always the initiator of a session. If the
primary wants to receive data it asks the secondary if they have anything to send; this is called poll function.
If the primary wants to send data, it tells the secondary to get ready to receive; this is called select function.

Figure 2.42 Polling in controlled access

Token Passing
In the token-passing method, the stations in a network are organized in a logical ring. For each
station, there is a predecessor and a successor.

Figure 2.43 Token passing methods in controlled

access CHANNELIZATION
Channelization is a multiple-access method in which the available bandwidth of a link is shared in
time, frequency, or through code, between different stations. Three Channelization protocols are used. They
are,
i. FDMA
 ii. TDMA
iii. CDMA
Frequency-division multiple access (FDMA)
In frequency-division multiple access (FDMA), the available bandwidth is divided into frequency
bands. Each station is allocated a band to send its data. Each band is reserved for a specific station, and it
belongs to the station all the time. Each station also uses a band -pass filter to confine the transmitter
frequencies.
To prevent station interferences, the allocated bands are separated from one another by small guard
bands. FDMA specifies a predetermined frequency band for the entire period of communication (a
continuous flow of data that may not be packetized).
Time-Division Multiple Access (TDMA)
In time-division multiple access (TDMA), the stations share the bandwidth of the channel in time.
Each station is allocated a time slot during which it can send data. Each station transmits its data in assigned
time slot.
The main problem with TDMA lies in achieving synchronization between the different stations. Each
station needs to know the beginning of its slot and the location of its slot. This is difficult because of
propagation delays introduced in the system if the stations are spread over a large area.
To compensate for the delays, we can insert guard times. Synchronization is normally accomplished
by having some synchronization bits (normally referred to as preamble bits) at the beginning of each slot.
Code-Division Multiple Access (CDMA)
CDMA differs from FDMA because only one channel occupies the entire bandwidth of the link. It
differs from TDMA because all stations can send data simultaneously; there is no timesharing. In CDMA,
one channel carries all transmissions simultaneously.

ETHERNET (IEEE 802.3)

A LAN can be used as an isolated network to connect computers in an organization for sharing
resources. Most of the LANs today are linked to a wide area network (WAN) or the Internet. The LAN
market has seen several technologies such as,
i. Ethernet
ii. Token Ring
iii. Token Bus
iv. FDDI
v. ATM LAN.
The IEEE Standard Project 802 is designed to regulate the manufacturing and interconnectivity
between different LANs.
IEEE STANDARDS
 The IEEE 802 standard was adopted by the American National Standards Institute (ANSI). In 1987,
the International Organization for Standardization (ISO) also approved it as an international standard. The
relationship of the 802 Standard to the traditional OSI model is shown in figure 2.44. The IEEE has
subdivided the data link layer into two sub layers:
i. Logical link control (LLC)
ii. Media access control (MAC).
The data link layer in the IEEE standard is divided into two sublayer. They are,
i. Logical Link Control (LLC)
ii. Media Access Control (MAC)

Figure 2.44 IEEE standard for LANs

Logical Link Control (LLC)
In IEEE Project 802, flow control, error control, and part of the framing duties are collected into a
sublayer called the logical link control. Framing is handled in both the LLC sublayer and the MAC sublayer.
The LLC provides a single data link control protocol for all IEEE LANs, but the MAC sublayer provides
different protocols for different LANs. A single LLC protocol can provide interconnectivity between
different LANs because it makes the MAC sublayer transparent.
Media Access Control (MAC)
IEEE Project 802 has created a sublayer called media access control that defines the specific access
method for each LAN. For example, it defines CSMA/CD as the media access method for Ethernet LANs
and the token passing method for Token Ring and Token Bus LANs. A part of the framing function is also
handled by the MAC layer. The MAC sublayer contains a number of distinct modules for defining the
access method and the framing format specific to the corresponding
MAC Sublayer
In standard Ethernet, the MAC sublayer governs the operation of the access method. It also frames
the data received from the upper layer and passes them to the physical layer.
Frame Format

Figure 2.45 Frame Format

The Ethernet frame contains the following seven fields.
i. Preamble: 8 bytes with pattern 10101010 used to synchronize receiver, sender clock rates.
ii. SD: Eighth byte is used to indicate the start of frame (10101011)
iii. Addresses: The DA field is 6 bytes and contains the physical address of the destination
station or stations to receive the packet. The Source address (SA) field is also 6 bytes and
contains the physical address of the sender of the packet.
iv. Type (DIX): Indicates the type of the Network layer protocol being carried in the payload
field (IP, IP (0800), Novell IPX (8137) and AppleTalk (809B), ARP (0806) )
v. Length: Number of bytes in the data field (Maximum 1500 bytes).
vi. CRC: Checked at receiver, if error is detected, the frame is discarded CRC-32.
vii. Data: Carries data encapsulated from the upper-layer protocols
viii. Pad: Zeros are added to the data field to make the minimum data length = 46 bytes
STANDARD ETHERNET
Ethernet data link layer protocol provides connectionless service to the network layer. (No
handshaking between sending and receiving machine). It also provides an unreliable service to the network
layer. Here the receiver doesn’t send ACK or NAK to sender. This means that the stream of datagram’s
passed to network layer can have gaps (missing data).

Figure 2.46 Ethernet evolution

 Figure 2.47Categories of traditional Ethernet
10BASE5
- Data transfer rate is10 Mbps.
- 500 meter segment length.
- Signal regeneration can be done with help of repeaters.
- Thick Coax is used as a transmission medium.
Advantages:
i. Low attenuation,
ii. Excellent noise immunity
iii. Superior mechanical strength
Disadvantages:
i. Bulky
ii. Difficult to pull
iii. Transceiver boxes are too expensive
iv. Wiring represented a significant part of total installed cost.
10BASE2 (Cheapernet)
- Data transfer rate is10 Mbps
- 185 meter segment length.
- Signal regeneration can be done with help of repeaters.
- Transceiver was integrated onto the adapter.
- Thin Coax is used as a transmission medium.
Advantages:
i. Easier to install
ii. Reduced hardware cost
iii. BNC connectors widely deployed (lower installation costs).
Disadvantages:
i. Attenuation is not good
ii. Could not support as many stations due to signal reflection caused by BNC Tee Connector.
10BaseT
- Uses twisted pair Cat3 cable.
- Star-wire topology.
- A hub functions as a repeater with additional functions.
Advantages:
 i. Fewer cable problems
ii. Easier to troubleshoot than coax.
Disadvantages:
i. Cable length at most 100 meters.
1 BASE 5 (Star LAN)
- Data transfer rate is 1 Mbps
- 250 meter segment length.
- Signal regeneration can be done with help of repeaters.
- Transceiver integrated onto the adapter.
- Implemented with the help of star topology
- Two pairs of unshielded twisted pair cable are used as a transmission media.
Advantages:
i. It is easier to use installed wiring in the walls.
10BASE - T
- Most popularly used.
- Data transfer rate is 10 Mbps.
- 100 meter segment length.
- Signal regeneration can be done with help of repeaters.
- Transceiver is integrated onto adapter.
- Two pairs of UTP cable are used as a transmission media.
- Implemented with the help of star topology (Hub in the closet).
Advantages:
i. Could be done without pulling new wires.
ii. Each hub amplifies and restores incoming signal.
Hub Concept
It is used to separate transmit and receive pair of wires. The repeater in the hub retransmits the signal
received on any input pair onto all output pairs. The hub emulates a broadcastchannel with collisions
detected by receiving nodes.
CHANGES IN THE STANDARD
Bridged Ethernet
The first step in the Ethernet evolution was the division of a LAN by bridges. Bridges have two effects
on an Ethernet LAN. They are,
i. Raise the bandwidth
ii. Separate collision domains.
Raising the Bandwidth
In an un-bridged Ethernet network, the total capacity (10 Mbps) is shared among all stations with a
frame to send. The stations share the bandwidth of the network. For example, if two stations have a lot of
frames to send, they probably alternate in usage. When one station is sending, the other one refrains from
sending.
A bridge divides the network into two or more networks. Bandwidth-wise, each network is
independent. For example, a network with 12 stations is divided into two networks, each with 6 stations.
Now each network has a capacity of 10 Mbps. The 10-Mbps capacity in each segment is now shared
between 6 stations not 12 stations.
In a network with a heavy load, each station is offered 10/6 Mbps instead of 10/12 Mbps. If we use a
four-port bridge, each station is now offered 10/3 Mbps, which is 4 times more than an un-bridged network.
Separating Collision Domains
In the bridged network, the collision domain becomes much smaller and the probability of collision
is reduced tremendously.
Switched Ethernet
The basic idea behind the switched Ethernet is to overcome the drawbacks of Hub concept. The
switch learns destination locations by remembering the ports of the associated source address in a table. The
switch may not have to broadcast to all output ports. It may be able to send the frame only to the destination
port. A big performance advantage of a switch over a hub is that, more than one frame transfer can go
through it concurrently.
The advantage comes when the switched Ethernet backplane is able to repeat more than one frame in
parallel (a separate backplane bus line for each node). The frame is relayed onto the required output port via
the port’s own backplane bus line. Under this scheme collisions are still possible when two concurrently
arriving frames are destined for the same station. Each parallel transmission can take place at 10Mbps.

Figure 2.48 Example of switched Ethernet

Fast Ethernet
- Data transmission rate is 100 Mbps.
- Using the same frame format, media access, and collision detection rules as 10 Mbps Ethernet.
- It is possible to combine 10 Mbps Ethernet and Fast Ethernet on same network using a switch.
- Twisted pair (CAT 5) or fiber optic cable (no coax) can be used as a transmission media.
 - Implemented with star-wire topology.

Figure 2.49 Fast Ethernet implementations

Gigabit Ethernet
- Data transmission rate is 1,000Mbps.
- Compatible with lower speeds.
- Uses standard framing and CSMA/CD algorithm.
- Distances are severely limited.
- Typically used for backbones and inter-router connectivity.
- Becoming cost competitive.
- Minimum frame length is 512 bytes
- Operates in full/half duplex modes mostly full duplex.
- In the full-duplex mode of Gigabit Ethernet, there is no collision.
- The maximum length of the cable is determined by the signal
attenuation in the cable.
Name Cable Max. Advantages
segment
1000Base- Fiber optics 550m Multimode fiber (50, 62.5 microns)
SX
1000Base- Fiber optics 5000m
Single (10 μ) or multimode (50, 62.5 μ)
LX
1000Base- 2 pairs of STP 25m Shielded twisted pair
CX
1000Base-T 4 pairs of UTP 100m Standard category 5 UTP
Table 2.1 Gigabit Ethernet implementations
10Gbps Ethernet
- Maximum link distances cover 300 m to 40 km.
- Operates only on full-duplex mode.
- No CSMA/CD.
- Uses optical fiber only.
EXPERIENCES WITH ETHERNET
i. Ethernets work best under light loads (Utilization over 30% is considered heavy).
ii. Network capacity is wasted by collisions
iii. Most networks are limited to about 200 hosts (Specification allows for up to 1024).
iv. Most networks are much shorter (5 to 10 microseconds RTT).
v. Transport level flow control helps reduce load (number of back to back packets)
vi. Ethernet is inexpensive, fast and easy to administer.
Ethernet Problems
- Ethernet’s peak utilization is pretty low (like Aloha)
- Peak throughput worst with
i. More hosts: More collisions needed to identify single sender.
ii. Smaller packet sizes: More frequent arbitration.
iii. Longer links: Collisions take longer to observe, more wasted bandwidth.
iv. Efficiency is improved by avoiding these conditions.
Why dose Ethernet Win?
i. There are lots of LAN protocols
ii. Price
iii. Performance
iv. Availability
v. Ease of use
vi. Scalability

WIRELESS LAN
Wireless communication is one of the fastest-growing technologies because the demand for
connecting devices without the use of cables is increasing everywhere. Wireless LANs can be found on
college campuses, in office buildings, and in many public areas. IEEE 802.11 wireless LANs sometimes
called wireless Ethernet. IEEE 802.11 operates on the physical and data link layers.
ARCHITECTURE
IEEE 802.11 defines two kinds of services. They are,
i. Basic service set (BSS)
ii. Extended service set (ESS).
Basic Service Set (BSS)
BSS - the building block of a wireless LAN. A basic service set is made of stationary or mobile
wireless stations and an optional central base station, known as the access point (AP). The BSS without an
AP is a stand-alone network and cannot send data to other BSSs. It is called an ad hoc architecture . In this
architecture, stations can form a network without the need of an AP; they can locate one another and agree to
be part of a BSS. A BSS with an AP is sometimes referred to as an infrastructure network.
 Figure 2.50 Architecture of IEEE 802.11 (BSS)
Extended Service Set (ESS)
An extended service set (ESS) is made up of two or more BSSs with APs. In this case, the BSSs are
connected through a distribution system, which is usually a wired LAN such as an Ethernet. The distribution
system connects the APs in the BSSs. The extended service set uses two types of stations. They are,
i. Mobile stations
ii. Stationary stations.
The mobile stations are normal stations inside a BSS. The stationary stations are AP stations that are
part of a wired LAN.

Figure 2.51 Architecture of IEEE 802.11 (ESS)

When BSSs are connected, the stations within reach of one another can communicate without the use
of an AP. However, communication between two stations in two different BSSs usually occurs via two APs.
Station Types
IEEE 802.11 defines three types of stations based on their mobility in a wireless LAN:
i. No-transition mobility
ii. BSS-transition mobility
iii. ESS-transition mobility.
A station with no-transition mobility is either stationary (not moving) or moving only inside a BSS.
A station with BSS-transition mobility can move from one BSS to another, but the movement is confined
inside one ESS. A station with ESS-transition mobility can move from one ESS to another. However, IEEE
802.11 does not guarantee that communication is continuous during the move.
MAC SUBLAYER
IEEE 802.11 defines two types of MAC sub-layers. They are;
i. The distributed coordination function (DCF)
ii. The point coordination function (PCF).

Figure 2.52 MAC layers in IEEE 802.11 standard

Distributed Coordination Function
One of the two protocols defined by IEEE at the MAC sublayer is called the distributed coordination
function (DCF). DCF uses CSMA/CA as the access method. Wireless LANs cannot implement CSMA/CD
for the following three reasons:
i. For collision detection, a station must be able to send data and receive collision signals at the
same time. This can mean costly stations and increased bandwidth requirements.
ii. Collision may not be detected because of the hidden station problem.
iii. The distance between stations can be great. Signal fading could prevent a station at one end
from hearing a collision at the other end.
Process Flowchart
The following figure 2.53 shows the process flowchart for CSMA/CA as used in wireless LANs. This
includes the following steps;
i. Before sending a frame, the source station senses the medium by checking the energy level at
the carrier frequency.
a) The channel uses a persistence strategy with back-off until the channel is idle.
b) After the station is found to be idle, the station waits for a period of time called the
distributed interframe space (DIFS); then the station sends a control frame called the
request to send (RTS).
 Figure 2.53 CSMA/CA flowchart
ii. After receiving the RTS and waiting a period of time called the short interframe space (SIFS),
the destination station sends a control frame, called the clear to send (CTS), to the source
station. This control frame indicates that the destination station is ready to receive data.
iii. The source station sends data after waiting an amount of time equal to SIFS.
iv. The destination station, after waiting an amount of time equal to SIFS, sends an
acknowledgment to show that the frame has been received. Acknowledgment is needed in
this protocol because the station does not have any means to check for the successful arrival
of its data at the destination.
Point Coordination Function (PCP)
The point coordination function (PCF) is an optional access method that can be implemented in an
infrastructure network (not in an ad hoc network). It is used mostly for time-sensitive transmission. PCF has
a centralized, contention-free polling access method. The AP performs polling for stations that are capable
of being polled. The stations are polled one after another, sending any data they have to the AP.
Frame Format
 Figure 2.54 Frame format
The MAC layer frame consists of nine fields.
1. Frame control (FC) - The FC field is 2 bytes long and defines the type of frame and some control
information.
2. D - In all frame types except one, this field defines the duration of the transmission. In the control
frame - this field defines the ID of the frame.
3. Addresses - There are four address fields, each 6 bytes long. The meaning of each address field
depends on the value of the To DS and From DS subfields.
4. Sequence control - This field defines the sequence number of the frame to be used in flow control.
5. Frame body - This field, which can be between 0 and 2312 bytes, contains information based on the
type and the subtype defined in the FC field.
6. FCS - The FCS field is 4 bytes long and contains a CRC-32 error detection sequence.
Below table describes the subfields of the Frame control (FC) field and the Values of subfields in control
frames.
Subty Meaning
pe
1011 Request to send (RTS)
1100 Clear to send (CTS)
1100 Acknowledgement
(ACK)
Table 2.2 Values of subfields in control frames
Field Explanati
on
Versi Current version is 0
on Type of information: management (00), control (01), or data (10)
Type Subtype of each type
Subty Defined
pe To later
DS Defined
From later
DS When set to 1, means more fragments
More When set to 1, means retransmitted
flag frame
Retry
Pwr When set to 1, means station is in power management
mgt mode When set to 1, means station has more data to send
More Wired equivalent privacy (encryption implemented)
data Reserved
WEP
Rsvd
 Table 2.3 Subfields of the Frame control (FC) field
Frame Types
IEEE 802.11 has the following three categories of frames.
i. Management frames
ii. Control frames
iii. Data frames
Management frames are used for the initial communication between stations and access points.
Control frames are used for accessing the channel and acknowledging. Data frames are used for carrying
data and control information.
ADDRESSING MECHANISM
The IEEE 802.11 addressing mechanism specifies four cases, defined by the value of the two flags in
the FC field, To DS and From DS. Each flag can be either 0 or 1, resulting in four different situations. The
interpretation of the four addresses (address 1 to address 4) in the MAC frame depends on the value of these
flags, as shown in below Table.

⮚ Address 1 is always the address of the next device.

⮚ Address 2 is always the address of the previous device.

⮚ Address 3 is the address of the final destination station, if the address is not defined by address 1.

⮚ Address 4 is the address of the original source station if it is not the same as address 2.

o DS rom DS ddress 1 ddress 2 ddress 3 dress 4

ation D
ation g AP
ing AP ation
ing AP g AP ation
Table 2.4 Addresses
Four possible cases of addressing
Case 1: 00 In this case, To DS = 0 and From DS = 0.
This means that the frame is not going to a distribution system (To DS = 0) and is not coming from a
distribution system (From DS =0). The frame is going from one station in a BSS to another without
passing through the distribution system. The ACK frame should be sent to the original sender.
Case 2: 01 In this case, To DS = 0 and From DS = 1.
This means that the frame is coming from a distribution system (From DS = 1). The frame is coming
from an AP and going to a station. The ACK should be sent to the AP. Note that address 3 contains
the original sender of the frame (in another BSS).
Case 3: 10 In this case, To DS =1 and From DS =O.
This means that the frame is going to a distribution system (To DS = 1). The frame is going from a
station to an AP. The ACK is sent to the original station. Note that address 3 contains the final
destination of the frame (in another BSS).
Case 4:11 In this case, To DS =1 and From DS =1.
In this case the frame is going from one AP to another AP in a wireless distribution system. Here, we
need four addresses to define the original sender, the final destination, and two intermediate APs.
PHYSICAL LAYER
All implementations, except the infrared, operate in the industrial, scientific, and medical (ISM)
band, which defines three unlicensed bands in the three ranges:902-928 MHz, 2.400-4.835 GHz, and 5.725-
5.850 GHz. We discuss six specifications, as shown in Below Table.
IEEE Technique Band Modulation Rate
(Mbps)
802.11 FHSS 2.4 GHz FSK 1 and 2
DSSS 2.4 GHz FSK 1 and 2
Infrared PPM 1 and 2
802.11 a OFDM 5.725 GHz PSK or QAM 6 to 54
802.11 b DSSS 2.4 GHz PSK 5.5 and 11
802.11 g OFDM 2.4 GHz Different 22 to 54
Table 2.5 Physical layers
IEEE 802.11 FHSS

⮚ It uses the frequency-hopping spread spectrum (FHSS) method.

⮚ FHSS uses the 2.4 GHz ISM band.

⮚ The band is divided into 79 sub-bands of 1 MHz (and some guard bands).

⮚ A pseudorandom number generator selects the hopping sequence.

⮚ The modulation technique in this specification is either two-level FSK or four-level FSK with 1

or 2 bits/baud, which results in a data rate of 1 or 2 Mbps,

IEEE 802.11 DSSS

⮚ DSSS uses the direct sequence spread spectrum (DSSS) method.

⮚ DSSS uses the 2.4-GHz ISM band.

⮚ The modulation technique in this specification is PSK at 1 Mbaud/s.

⮚ The system allows 1 or 2 bits/baud which results in a data rate of 1 or 2 Mbps,

IEEE 802.11 Infrared

⮚ IEEE 802.11 infrared uses infrared light in the range of 800 to 950 nm.

⮚ The modulation technique is called pulse position modulation (PPM).

⮚ For a 1-Mbps data rate, a 4-bit sequence is first mapped into a 16-bit sequence in which only one
 bit is set to 1 and the rest are set to 0.

⮚ For a 2-Mbps data rate, a 2-bit sequence is first mapped into a 4-bit sequence in which only one

bit is set to 1 and the rest are set to 0.

⮚ The mapped sequences are then converted to optical signals; the presence of light specifies 1,

the absence of light specifies 0

IEEE 802.lla – OFDM
 ⮚ IEEE 802.Ila OFDM describes the orthogonal frequency-division multiplexing (OFDM) method

for signal generation in a 5-GHz ISM band.

⮚ OFDM is similar to FDM with one major difference: All the subbands are used by one source at

a given time.

⮚ The band is divided into 52 subbands, with 48 subbands for sending 48 groups of bits at a time

and 4 subbands for control information.

⮚ OFDM uses PSK and QAM for modulation.

⮚ The common data rates are 18 Mbps (PSK) and 54 Mbps (QAM).

IEEE 802.llb DSSS

⮚ IEEE 802.11 b DSSS describes the high-rate direct sequence spread spectrum (HRDSSS)

method for signal generation in the 2.4-GHz ISM band.

⮚ HR-DSSS is similar to DSSS except for the encoding method, which is called complementary

code keying (CCK).

⮚ CCK encodes 4 or 8 bits to one CCK symbol.

⮚ HR-DSSS defines four data rates: 1, 2, 5.5, and 11 Mbps.

⮚ The first two use the same modulation techniques as DSSS.

⮚ The 5.5-Mbps version uses BPSK and transmits at 1.375 Mbaud/s with 4-bit CCK encoding.

⮚ The 11-Mbps version uses QPSK and transmits at 1.375 Mbps with 8-bit CCK encoding.

IEEE 802.11g

⮚ This new specification using the OFDM with 2.4-GHz ISM band and forward error correction

method.

⮚ The modulation technique achieves a 22- or 54-Mbps data rate.