The illustrated network : how TCP/IP works in a ... - GBV
Transcript of The illustrated network : how TCP/IP works in a ... - GBV
The IllustratedNetwork
How TCP/IP Works
in a Modern Network
Second Edition
Walter Goralski
M<MORGAN KAUFMANN PUBLISHERS
AN IMPRINT OF ELSEVIER
Contents
About the Author xxi
Foreword xxl*i
Preface xxv
Acknowledgments xxxv
PART I NETWORKING BASICS
CHAPTER 1 Protocols and Layers 3
The Illustrated Network 7
Remote Access to Network Devices 8
File Transfer to a Router 10
CLI and GUI 12
Wireshark and Packet Capture 13
First Explorations in Networking 14
Protocols 15
Standards and Organizations 16
Request for Comment and the Internet EngineeringTask Force 19
Internet Administration 21
Layers 23
Simple Networking 23
Protocol Layers 25
The TCP/IP Protocol Suite 25
The TCP/IP Layers 26
Protocols and Interfaces 28
Encapsulation 28
The Layers of TCP/IP 30
The Physical Layer 31
The Data Link Layer 32
The Network Layer 36
The Transport Layer 38
The Application Layer 41
Session Support 42
Internal Representation Conversion 42
Applications in TCP/IP 43
The TCP/IP Protocol Suite 45
Questions for Readers 45
vi Contents
CHAPTER 2 TCP/IP Protocols and Devices 47
Protocol Stacks on the Illustrated Network 50
Layers, Protocols, Ports, and Sockets 51
The TCP/IP Protocol Stack 54
The Client-Server Model 55
TCP/IP Layers and Client-Server 55
The IP Layer 57
The Transport Layer 59
Transmission Control Protocol 59
User Datagram Protocol 59
The Application Layer 60
Bridges, Routers, and Switches 60
Segmenting LANs 61
Bridges 63
Routers 64
LAN Switches 65
Virtual LANs 66
VLAN Frame Tagging 67
Questions for Readers 69
CHAPTER 3 Network Link Technologies n
Illustrated Network Connections 74
Displaying Ethernet Traffic 74
Displaying SONET Links 76
Displaying DSL Links 79
Displaying Wireless Links 81
Frames and the Link Layer 84
The Data Link Layer 84
The Evolution of Ethernet 85
Ethernet II and IEEE 802.3 Frames 86
MAC Addresses 87
The Evolution of DSL 89
PPPand DSL 90
PPP Framing for Packets 91
DSL Encapsulation 92
Forms of DSL 93
The Evolution of SONET 94
A Note about Network Errors 95
Packet over SONET/SDH 96
Wireless LANs and IEEE 802.11 97
Wi-Fi 99
Contents vii
IEEE 802.11 MAC Layer Protocol 100
The IEEE 802.11 Frame 102
Questions for Readers 104
CHAPTER 4 Packet Optical Networks and Forward Error
Correction 107
Packet Optical Networks and Error Correction 108
Packet Optical Networks and the Optical Transport
Network 110
Standards for Packet Optical Networks and Forward
Error Correction Ill
Handling Single Bit Errors and Burst Errors Ill
Hamming Distance and Hamming Codes 113
A Better Hamming Code Method 115
Hamming Code in Action 117
Hamming Code Implementation 121
Burst Errors and Interleaving 123
Modern FEC Operation 124
FEC and SONET/SDH 126
FEC and OTN 129
The OTN Frame and FEC 131
Generic Framing Procedure 131
FEC Research and Development 132
OTN for the Illustrated Network 133
Questions for Readers 135
PART 11 CORE PROTOCOLS
CHAPTER 5 IPv4 and IPv6 Addressing 139
IP Addressing 139
The Network/Host Boundary 147
The IPv4 Address 147
Private IPv4 Addresses 152
Understanding IPv4 Addresses 152
The IPv6 Address 154
Features of IPv6 Addressing 154
IPv6 Address Types and Notation 155
IPv6 Address Prefixes 156
Subnetting and Supernetting 157
Subnetting in IPv4 157
Subnetting Basics 158
CIDR and VLSM 162
viii Contents
IPv6 Addressing Details 166
IP Address Assignment 168
Complete IPv4 and IPv6 Address Ranges 170
Questions for Readers 173
CHAPTER 6 Address Resolution Protocol 175
ARP and LANs 178
ARP Packets 185
Example ARP Operation 187
ARP Variations 188
Proxy ARP 189
Reverse ARP 190
ARPs on WANs 190
ARP and IPv6 191
Neighbor Discovery Protocol 192
ND Address Resolution 193
Questions for Readers 195
CHAPTER 7 IPv4 and IPv6 Headers 197
Packet Headers and Addresses 200
The IPv4 Packet Header 202
Fragmentation and IPv4 204
Fragmentation and MTU 206
Fragmentation and Reassembly 208
Path MTU Determination 208
A Fragmentation Example 209
Limitations of IPv4 211
The IPv6 Header Structure 211
IPv4 and IPv6 Headers Compared 214
IPv6 Header Changes 214
IPv6 and Fragmentation 216
Questions for Readers 219
CHAPTER 8 Internet Control Message Protocol 221
ICMP and Ping 224
The ICMP Message Format 227
ICMP Message Fields 228
ICMP Types and Codes 229
Sending ICMP Messages 235
When ICMP Must Be Sent 235
When ICMP Must Not Be Sent 236
Contents ix
Ping 236
Traceroute 237
Path MTU 239
ICMPv6 241
Basic ICMPv6 Messages 241
Time Exceeded 243
Neighbor Discovery and Autoconfiguration 243
Routers and Neighbor Discovery 244
Interface Addresses 245
Neighbor Solicitation and Advertisement 245
Questions for Readers 246
CHAPTER 9 Routing 247
Routers and Routing Tables 250
Hosts and Routing Tables 252
Direct and Indirect Delivery 256
Routing 260
Direct Delivery Without Routing 260
Indirect Delivery and the Router 262
Questions for Readers 266
CHAPTER 10 Forwarding IP Packets 267
Router Architectures 273
Basic Router Architectures 274
Another Router Architecture 276
Router Access 278
The Console Port 279
The Auxiliary Port 279
The Network 279
Forwarding Table Lookups 280
Dual Stacks, Tunneling, and IPv6 282
Dual Protocol Stacks 282
Tunneling 283
Tunneling Mechanisms 285
Transition Considerations 287
Questions for Readers 288
CHAPTER 11 User Datagram Protocol 289
UDP Ports and Sockets 292
WhatUDP Is For 296
x Contents
The UDP Header 297
IPv4 and IPv6 Notes 299
Port Numbers 300
Well-Known Ports .....301
The Socket 304
UDP Operation 304
UDP Overflows 304
Questions for Readers 306
CHAPTER 12 Transmission Control Protocol 307
TCP and Connections 310
The TCP Header 310
TCP Mechanisms 313
Connections and the Three-Way Handshake 314
Connection Establishment 316
Data Transfer 317
Closing the Connection 319
Flow Control 320
TCP Windows 321
Flow Control and Congestion Control 322
Performance Algorithms 323
TCP Behaving Badly? 324
TCP and FTP 326
Questions for Readers 329
CHAPTER 13 Multiplexing and Sockets 331
Layers and Applications 331
The Socket Interface 334
Socket Libraries 335
TCP Stream Service Calls 336
The Socket Interface: Good or Bad? 337
The "Threat" of Raw Sockets 338
Socket Libraries 339
The Windows Socket Interface 340
TCP/IP and Windows 340
Sockets for Windows 341
Sockets on Linux 341
Questions for Readers 348
Contents xi
PART HI ROUTING AND ROUTING PROTOCOLS
CHAPTER 14 Routing and Peering 351
Network Layer Routing and Switching 354
Connection-Oriented and Connectionless Networks 355
Quality of Service 356
Host Routing Tables 358
Routing Tables and FreeBSD 359
Routing Tables and RedHat Linux 360
Routing and Windows 361
The Internet and the Autonomous System 363
The Internet Today 364
The Role of Routing Policies 367
Peering 368
Picking a Peer 371
Questions for Readers 373
CHAPTER 15 IGPs: RIP, OSPF, and IS-IS 375
Interior Routing Protocols 383
The Three Major IGPs 384
Routing Information Protocol 385
Distance-Vector Routing 385
Broken Links 387
Distance-Vector Consequences 387
RIPvl 388
RIPv2 389
RIPng for IPv6 393
A Note on IGRP and EIGRP 395
Open Shortest Path First 395
Link States and Shortest Paths 396
What OSPF Can Do 397
OSPF Router Types and Areas 399
Non-backbone, Non-stub Areas 400
OSPF Designated Router and Backup DesignatedRouter 401
OSPF Packets 401
OSPFv3 for IPv6 402
Intermediate System-Intermediate System 403
The IS-IS Attraction 404
IS-IS and OSPF 404
Contents
Similarities of OSPF and IS-IS 405
Differences between OSPF and IS-IS 405
IS-IS for IPv6 406
Questions for Readers 407
CHAPTER 16 Border Gateway Protocol 409
BGP as a Routing Protocol 409
Configuring BGP 412
The Power of Routing Policy 414
BGP and the Internet 416
EGP and the Early Internet 416
The Birth of BGP 417
BGP as a Path-Vector Protocol 418
IBPG and EBGP 419
IGP Next Hops and BGP Next Hops 420
BGP and the IGP 420
Other Types of BGP 421
BGP Attributes 423
BGP and Routing Policy 425
BGP Scaling 425
BGP Message Types 426
BGP Message Formats 427
The Open Message 427
The Update Message 427
The Notification Message 429
Questions for Readers 430
CHAPTER 17 Expanded Uses for BGP 431
Introduction 431
Optimal Route Reflection (ORR) 432
"Regular" Route Reflection 433
ORR Considered 434
BGP and Flow Specification 435
BGP and DDoS 436
BGP Flow Spec Details 439
BGP in the Very Large Data Center 441
Data Centers as CLOS Networks 441
Layer 2 and Layer 3 in a Folded CLOS Network
Data Center 444
Use iBGP or eBGP? 445
Contents xiii
Let Data Center Use eBGP, Not an IGP 446
Example of BGP Use in the Data Center 447
Distributing Link-State Information with BGP 450
The IGP Limitations 451
The BGP Solution 451
Implementing BGP for Link-State Protocols 452
Juniper Network's Implementation Details 454
Summary of Supported and Unsupported Features 455
Configuring BGP-LS on the Illustrated Network 455
Questions for Readers 458
CHAPTER 18 Multicast 459
A First Look at IPv4 Multicast 463
Multicast Terminology 465
Dense and Sparse Multicast 466
Dense-Mode Multicast 467
Sparse-Mode Multicast 467
Multicast Notation 467
Multicast Concepts 468
Reverse-Path Forwarding 468
The RPF Table 469
Populating the RPF Table 469
Shortest-Path Tree 470
Rendezvous Point and Rendezvous-Point
Shared Trees 471
Protocols for Multicast 471
Multicast Hosts and Routers 472
Multicast Group Membership Protocols 473
Multicast Routing Protocols 474
Any-Source Multicast and SSM 475
Multicast Source Discovery Protocol 476
Frames and Multicast 477
IPv4 Multicast Addressing 478
IPv6 Multicast Addressing 480
PIM-SM 482
The Resource Reservation Protocol and PGM 483
Multicast Routing Protocols 483
IPv6 Multicast 484
Questions for Readers 486
xiv Contents
PART IV IP SWITCHING AND VPNs
CHAPTER 19 MPLS and IP Switching 489
Converging What? 493
Fast Packet Switching 493
Frame Relay 494
Asynchronous Transfer Mode 497
Why Converge on TCP/IP? 499
MPLS 500
Basic MPLS Terminology 504
Signaling and MPLS 505
Label Stacking 506
MPLS and VPNs.
507
MPLS Tables.. 508
Configuring MPLS Using Static LSPS 508
The Ingress Router 508
The Transit Routers 509
The Egress Router 509
Traceroute and LSPs 510
Questions for Readers 512
CHAPTER 20 MPLS-Based Virtual Private Networks 513
PPTP for Privacy 516
Types of VPNs 518
Security and VPNs 519
VPNs and Protocols 520
PPTP 520
L2TP 521
PPTP and L2TP Compared 522
Types of MPLS-Based VPNs 523
Layer 3 VPNs 523
Layer 2 VPNs 525
VPLS: An MPLS-Based L2VPN 527
Router-by-Router VPLS Configuration 527
P Router (P9) 530
CE6 Router 532
Does it Really Work? 532
Questions for Readers 533
CHAPTER 21 EVPN and VXLAN 535
EVPN Overview 536
L2VPNs and EVPN Compared 540
Contents xv
EVPN Services Overview 541
EVPN Control Plane Operation 542
Layer 2 and Layer 3 and EVPN 547
VXLAN and EVPN Data Planes 549
Configuring an EVPN with VXLAN on the Illustrated
Network 557
Questions for Readers 560
PART V APPLICATION LEVEL
CHAPTER 22 Dynamic Host Configuration Protocol 563
DHCP and Addressing 566
DHCP Server Configuration 566
Router Relay Agent Configuration 569
Getting Addresses on LAN2 569
Using DHCP on a Network 570
BOOTP 572
BOOTP Implementation 573
BOOTP Messages 574
BOOTP Relay Agents 575
BOOTP "Vendor-Specific Area" Options 575
Trivial File Transfer Protocol 576
TFTP Messages 577
TFTP Download 578
DHCP 578
DHCP Operation 580
DHCP Message Type Options 582
DHCP and Routers 582
DHCPv6 583
DHCPv6 and Router Advertisements 584
DHCPv6 Operation 585
Questions for Readers 585
CHAPTER 23 The Domain Name System 587
DNS Basics 590
The DNS Hierarchy 591
Root Name Servers 592
Root Server Operation 592
Root Server Details 592
DNS in Theory: Name Server, Database, and Resolver 593
Adding a New Host 594
Recursive and Iterative Queries 595
xvi Contents
Delegation and Referral 595
Glue Records 597
DNS in Practice: Resource Records and Message Formats....598
DNS Message Header 600
DNSSec 601
DNS Tools: nslookup, dig, and drill 602
DNS in Action 602
Questions for Readers 611
CHAPTER 24 File Transfer Protocol 613
Overview 613
PORT andPASV 617
FTP and GUIS 619
FTP Basics 621
FTP Commands and Reply Codes 623
FTP Data Transfers 625
Passive and Port 626
File Transfer Types 629
When Things Go Wrong 630
FTP Commands 631
Variations on a Theme 633
A Note on NFS 634
Questions for Readers 635
CHAPTER 25 SMTP and Email 637
Architectures for Email 640
Sending Email Today 642
The Evolution of Email in Brief 646
SMTP Authentication 647
Simple Mail Transfer Protocol 647
Multipurpose Internet Mail Extensions 650
MIME Media Types 650
MIME Encoding 651
An Example of a MIME Message 652
Using POP3 to Access Email 652
Headers and Email 654
Home Office Email 658
Questions for Readers 659
CHAPTER 26 Hypertext Transfer Protocol 661
HTTP in Action 661
Uniform Resources 667
URIs 667
Contents
URLs 668
URNs 670
HTTP 671
The Evolution of HTTP 672
HTTP Model 674
HTTP Messages 675
Trailers and Dynamic Web Pages 675
HTTP Requests and Responses 675
HTTP Methods 677
HTTP Status Codes 678
HTTP Headers 679
General Headers 679
Request Headers 680
Response Headers 680
Entity Headers 681
Cookies 682
Questions for Readers 684
CHAPTER 27 Securing Sockets with SSL 685
SSL and Web Sites 685
The Lock 689
Secure Socket Layer 690
Privacy, Integrity, and Authentication 691
Privacy 691
Integrity 692
Authentication 693
Public Key Encryption 694
Pocket Calculator Encryption at the Client 694
Example 695
Pocket Calculator Decryption at the Server 695
Public Keys and Symmetrical Encryption 696
SSL as a Protocol 697
SSL Protocol Stack 697
SSL Session Establishment 698
SSL Data Transfer 699
SSL Implementation 700
SSL Issues and Problems 701
SSL and Certificates 702
Questions for Readers 703
xviii Contents
PART VI NETWORK MANAGEMENT
CHAPTER 28 Simple Network Management Protocol 707
SNMP Capabilities 710
The SNMP Model 714
The MIB and SMI 716
The SMI 716
The MIB 718
RMON 720
The Private MIB 721
SNMP Operation 722
SNMPv2 Enhancements 726
SNMPv3 727
Questions for Readers 729
CHAPTER 29 Cloud, SDN, and NFV 731
Cloud Computing and Networking Defined 732
Cloud Computing Service Models 734
Infrastructure as a Service (IaaS) 735
Platform as a Service (PaaS) 736
Software as a Service (SaaS) 737
Cloud Computing Models 738
SDNs 740
Service Chaining 742
Implementing SDNs 744
Contrail: An Example SDN Architecture 746
NFV 748
Virtio and SR-IOV 749
NFV and Service Chaining 752
Cloud Networking and TCP/IP 753
Clouds and Security 755
Questions for Readers 757
PART Vli SECURITY
CHAPTER 30 Secure Shell (Remote Access) 761
Using SSH 761
SSH Basics 764
SSH Features 765
SSH Architecture 766
SSH Keys 767
Contents xix
SSH Protocol Operation 768
Transport Layer Protocol. 770
Authentication Protocol 772
The Connection Protocol 773
The File Transfer Protocol 774
SSH in Action 776
Questions For Readers 784
CHAPTER 31 Network Address Translation 785
Using NAT 788
Advantages and Disadvantages of NAT 788
Four Types of NAT 789
NAT in Action 795
Questions For Readers 798
CHAPTER 32 Firewalls 799
What Firewalls Do 802
A Router Packet Filter 802
Stateful Inspection on a Router 803
Types of Firewalls 807
Packet Filters 807
Application Proxy 808
Stateful Inspection 808
DMZ 810
Questions for Readers 812
CHAPTER 33 IP Security 813
IPSEC in Action 816
CEO 817
CE6 818
Introduction to IPSec 819
IPSec RFCs 819
IPSec Implementation 819
IPSec Transport and Tunnel Mode 821
Security Associations and More 822
Security Policies 822
Authentication Header 823
Encapsulating Security Payload 825
Internet Key Exchange 828
Questions for Readers 829
xx Contents
PART VIII MEDIA
CHAPTER 34 Voice over Internet Protocol 833
VoIP in Action 836
The Attraction of VoIP 838
What Is "Voice"? 839
The Problem of Delay 840
Packetized Voice 842
Protocols for VoIP 843
RTP for VoIP Transport 843
Signaling 846
H.323, the International Standard 847
SIP, the Internet Standard 849
MGCP and Megaco/H.248 851
Putting It All Together 852
Questions for Readers 853
List of Acronyms 855
Bibliography 867
Index 869