The OSI Standard Model of ISO

2.7

Figure 2.3 The interaction between layers in the OSI model

2.8

Figure 2.4 An exchange using the OSI model

-- 7 layers proto stack, with 7 corresponding protocols.

-- Peer to peer processes at each layer in different machines.

-- What is a "layer"? What is a layer's "protocol"?

--Why do we need the OSI stack of layered protocols, i.e., Network Software?

1) Physical Layer: PDU N/A, bit stream.

2.10

Figure 2.5 Physical layer

** The Physical Layer moves bit sequence over a physical link.

** Links/Media high quality/reliability play a major

factor of the design complexity of upper layers'

protocols, some layers might be significantly

reduced or even finished.

Defines the following: a) Physical characteristics of EIA (Electronic Industries Alliances) 422/485

balanced mode interfaces and medium.

b) Bit representation: encoding/decoding, electrical/optical.

c) Data rate: (b/s) bit TX duration.

d) Bits synch: sender and receiver clock synch and same data rate.

e) Line configuration: Point-to-point, Multipoint

f) Physical Topology: Mesh, ring, bus, and hybrid.

g) Transfer mode: Simplex, F/D, and H/D.

h) Physical Media: Coaxial, TP, Fiber, Wireless.

2) Data Link Layer: PDU frame with header/trailer ,

Address Physical MAC address

2.12

Figure 2.6 Data link layer

Two Sublayers:

1) Logic Link Control (LLC):

**Source-Destination DL-PDUs (frames) delivery.

a. Framing/Deframing.

b. Physical Addressing: Sender/receiver addresses in

the frame header.

c. Flow Control: To prevent fast sender from

flooding a slower receiver with frames.

d. Error Control: To Increase physical layer

reliability by adding mechanism to detect and

ReTx damages and lost frames. (Trailer)

2) Medium Access Control (MAC): **Control the access to the shared and limited physical

medium among all connected devices.(Ethernet, FDDI,

802.11, TR,TB, ...).

[?] Inter-LANing (Bridging)- **Moving frames between different LANs with different

MACs' protocols, resolving all conflicts due to the different

protocol syntax (frame format) and semantics (frame

interpretation and control procedure/steps).

2.14

Figure 2.7 Hop-to-hop delivery

3) Network Layer: PDUpacket

Address logical address (IP)

2.15

Figure 2.8 Network layer

2.17

Figure 2.9 Source-to-destination delivery

Two Major Functions:(Sublayers??? not yet!!?)

1- Routing: To route packets over the subnet (cloud of routers and

switches), makes the optimal routing decisions (src/destination).

Source to destination host system delivery, utilizing the data link

layer for peer-to-peer delivery.

Physical addresses at the D.L are not enough; we need to add

logical addressing in the packet header, of the sender and receiver.

2- Internetworking: resolve any Network protocol conflicts while

moving in the subnet. (IPX-Netware, IP, X.25, AFP-Apple talk, etc)

4) Transport Layer: PDUsegment , Addressing "Service Access Point (SAP)"

2.18

Figure 2.10 Transport layer

The most important layer since it abstracts the complicated details of

the subnet to the user, allowing for QoS over the Network protocol.

It communicates a meaningful data unit called message (group of related

packets) between users over the subnet trying for the most optimal

utilization of the subnet.

Responsibilities (ISO TP-4):

a) Service Access Point Addressing: (SAP)

The network logical address (i.e., IP) is for src_system to dest_system

not src_user_process to destination_user_process, hence we need

another addressing mechanism => SAP addresses (port numbers) within

the same system for message delivery between user's processes, where

each process assigned to do specific service is tied to certain port

number.

b) Segmentation and Reassembly: segment <=> packets

A process (user) message is divided, at the sender side into segments (if

needed), each with a segment sequence number to aid in assembly (in a

correct order) of related segments into the original user’s message, at

the receiver side.

c) Connection Control:

1) Connection reliable service.

"Connection oriented" TP guarantees delivery in order with

ACK'ment of segments back from the receiver to the sender.

2) Connectionless unreliable service (no ACK, no safe arrival guarantee)

d) Flow Control: same mechanism as in the Data-Link Layer (DLL), but

applied at the message level between “end-users” processes.

e) Error Control: Like the DLL, but process_to_process delivery of

messages. Errors(damaged, lost or duplicate) cause retransmission of

messages.

We should state that there is another major TL functions remains such

as Gatewaying to resolve conflicts when moving between different TL

protocols.

2.20

Figure 2.11 Reliable process-to-process delivery of a message

5) Session Layer:

a. Dialog Controls H/D or F/D.

b. Synchronization: Checkpoints are added to data streams for

dividing into units of independent ACK. Communication

robustness in case of crashes.

6) Presentation Layer:

a. Translation: ASCII,--.EBCDIC. Abstract syntax notation (ASN).

b. Encryption: To secure information Tx for privacy

c. Compression: For efficient utilization of bandwidth.

7) Application Layer:

1) Virtual terminal”putty”to allow remote logins (emulations)

2) File transfer

3) Mail Service, 4) Directory service. SMTP, HTTP, DNS, SNMP,

TELNET.

TCP/IP Protocol Suite (Stack)

2.29

Figure 2.16 TCP/IP and OSI model

Application

Presentation

Session

Transport

Network

(internet) DataLink

Physical

STMP FTP HTTP DNS SNMP TELNET

SCTP TCP UDP

ICMP IGMP

IP

RARP/ARP

Host-to-network (LAN/MAN/WAN)

2.31

Figure 2.17 Addresses in TCP/IP

2.32

Figure 2.18 Relationship of layers and addresses in TCP/IP

1) Physical Layer: Intentionally left very vague!?!

It can be a LAN, MAN, or WAN with Synchronous Optical NETork

(SONET), Asynchronous Transfer Mode (ATM), all-fiber Ultra

Dense Wave Division Muxing (UDWDM) physical carriers technologies.

2) Network Layer: Best-Effort-Delivery

Internet Protocol (IP)

Unreliable connectionless datagram protocol (no end control flow).

At the network layer there are other companion protocols to help the

poor performance IP:

A) Internet Control Message Protocol (ICMP):

It is an IP companion that helps in reporting any

failure/congestion in subnet, via host-management queries

which is not part of the IP protocol, hence alleviating the IP

deficiencies.

With the ICMP, a host/admin can enquire the status of another

host or router in the subnet cloud. Such knowledge can aid in

the efficient management of the subnet utilization, identifying

subnet problems via the ICMP query messages.

Ping and traceroute (UNIX)/tracert (Windows) utilize ICMP.

traceroute & tracert - print the route packets take to network

host destination.

ICMPv6: (IPv6-- 128 bit address): (Reference: http://www.tcpipguide.com/free/t_ICMPv6RouterRenumberingMessages.htm)

ICMPv6 informational messages of which are used in matching

pairs.

Echo Request and Echo Reply messages-- used for network

connectivity testing.

Router Advertisement and Router Solicitation messages--

used to let hosts discover local routers and learn necessary

parameters from them.

Neighbor Advertisement and Neighbor Solicitation

messages-- used for various communications between

hosts on a local network, including IPv6 address

resolution.

Redirect messages-- which let routers inform hosts of

better first-hop routers, and

Router Renumbering messages-- With the huge 12-bit

addressing, a network administrator (NA) has the potential

to make large network migrations and merges much

simpler. A NA selects a machine to generate one or more

Router Renumbering Command messages. These messages

provide a list of prefixes of routers that are to be

renumbered. Each router processes these messages to see if

the addresses on any of their interfaces match the specified

prefixes. If so, they change the matched prefixes to the

new ones specified in the message.

B) Internet Group Message Protocol (IGMP):

It is an IP companion that aids in expanding the IP to have

multicasting capability to a group of destinations, by managing

group membership to help routing at the network's multicast routers.

Address Resolutions:

C) Address Resolution Protocol (ARP): Logical to Physical

The destination IP address (known at a sender from the DNS) is not

enough to get to the destination machine (physical at the MAC).

Hence the sender will seek the help of ARP (via query packet) to

get the destination's MAC physical address (needed to form the

MAC frame's destination address), i.e., to map:

IP (logical) MAC (physical) destination address.

ARP proxy -- It represents a set of hosts, providing its own MAC

for any of those hosts’ query, i.e., temporary destination, then

when receiving any of the hosts’ actual IP packets, it directs it to

the intended host MAC sublayer, via a mapping table, IPMAC.

Security Issue: Read about ARP Spoofing (Poisoning) & Mitigation

Techniques.

Attacks: (stemmed from the fact that ARP DOES NOT authenticate)

(Reference: http://www.watchguard.com/infocenter/editorial/135324.asp)

Denial of Service-- Falsely associating your network's router (NR)

IP address to the intruder machine MAC address (IMAC); hence

all of the attacked network users' traffic is gone into a black hole

sink machine!,

Man in the Middle-- 1) The attacker issues an ARP reply (with no

previous ARP request) to your NR, falsely associating the IMAC

to your IP address, i.e., playing you to the NR!

2) The hacker then sends a false ARP reply to your machine

associating the IMAC to the NR's IP address, playing NR to you.

3) The hacker uses the IP forwarding OS utility to forward your

traffic (after sniffing/hijacking it) to the NR!

MAC Flooding-- By flooding a switch's ARP table with a ton of

spoofed ARP replies, a hacker can overload many vendor's (smart)

switches and then packet sniff all your network traffic, while the

flooded switch is forced to go into a (dumb) "hub" mode, i.e., NOT

enforcing any appropriate directing of traffic to its "correct" port,

and just broadcasting all of its traffic to all networks' nodes at all

ports, including the sniffing intruding node!

Mitigation Techniques-- (Left for you explore as a reading assignment)

(Remember that an intruder must be part of your local network, in order

to issue an ARP attacks! Good! Hence network admin can keep an eye

on all nodes in the network and identify/isolate and intruding nodes)

D) Reverse Address Resolution Protocol (RARP): Physical to Logical

(ancient diskless machines)

When a diskless machine does not know its own IP address, to form

an IP packet, it requests it from its host network (via RARP client

program), where a server RARP machine responds with the target

IP. Static address mapping tables are utilized.

Dynamic Host Configuration Protocol (DHCP) is used to replace

the RARP.

Address Resolution Protocol (ARP)& Domain Name System (DNS)& ARP

Proxy: (http://www.tonypickett.com/arp_dns_dhcp/)

Host A needs to send data to host B

Host A sends a DNS request for Host B’s IP number

Host A receives the IP number from the DNS server

Host A sends an ARP packet to the IP address of host B (with the MAC

broadcast address: ff:ff:ff:ff:ff:ff:ff:ff

Host B sends an ARP packet in response containing its MAC address

ARP data is cached at the host(s) to speed up processing.

If host B is not on the same network as host A, the ROUTER will respond to the

ARP request with its own MAC address, the IP address does not change. (the

router is an ARP Proxy).

3) Transport Layer:

Proc-to-Proc client/server.

A) User Datagram Protocol: UDP (message oriented)

--- Connectionless unreliable Transport Protocol, with very limited error

checking (checksum).

--- No error/ flow control, hence no ACK or guarantee of message arrival!

B) Transmission Control Protocol: TCP (byte oriented)

---Reliable connection oriented (stream) transport protocol.

---Establishes connection src_dest, before data transmission.

---Guarantees the Ordered/ ACKed of segments' transmission with segment

numbers.

--- Generally, Slower than UDP, security vulnerability (DOS sync attack).

C) Stream Control Tx Protocol: SCTP (message oriented) The future protocol to replace TCP!

Connection oriented reliable (error & flow control) transport protocol to supports

voice over IP (Internet telephony) combining the best of UDP and TCP, and adds more.

Without SCTP’s capabilities the IMS (the IP Multimedia Subsystem) would not have the

capability to reliably pass call control signaling to the various systems and it would not

be possible to use TCP/UDP, except for few (e.g., twenty) simultaneous sessions, which

is inconsequential as most Service Providers count their subscribers in millions. (Reference: https://www.f5.com/pdf/white-papers/sctp-introduction-wp.pdf)

It has most of the good TCP features (better than the UDP) and extra as

follows:

1) Multi-homing (allows for an alternate destination if the original is not

reachable). It also allows streaming over the same session (connection).

2) Preserve message boundaries (good UDP feature), less overhead to

recover the original messages from the TCP Byte-stream!

3) Protects against DOS "SYN flooding attack" (good UDP feature),

(INIT, INIT-ACK with Cookie, Cookie-Echo, Cookie-ACK). Hence,

the server (under attack will not commit to the connection until the

client sends a Cookie Echo where clients must commit some resources

to be able to send Cookie-Echo back to the server!

4) No enforcement of ordered delivery (good UDP feature), multi

streaming allow to block only the unordered stream, until being

cleared/repaired, avoiding the constant overhead of reordering of

arriving messages.

5) Selective acknowledgements: SCTP has the ability to selectively

acknowledge receipt of missing, disordered, or duplicated messages.

For 4&5 above: In multimedia traffic we can tolerate some losses in

order to save the very costly retransmission of the large transport

message (i.e., transport PDU).