TCP/IP Illustrated
`
`TCP/IP Illustrated,
`Volume 1
`
`The Protocols
`
`W. Richard Stevens
`
`Contents
`
`Preface
`
`Chapter 1. Introduction
`1.1 Introduction
`1.2 Layering
`1.3 TCP/IP Layering
`1.4 Internet Addresses
`1.5 The Domain Name System
`1.6 Encapsulation
`1.7 Demultiplexing
`1.8 Client-Server Model
`1.9 Port Numbers
`1.10 Standardization Process
`1.11 RFCs
`1.12 Standard, Simple Services
`1.13 The Internet
`1.14 Implementations
`1.15 Application Programming Interfaces
`1.16 Test Network
`1.17 Summary
`
`Chapter 2. Link Layer
`2.1 Introduction
`2.2 Ethernet and IEEE 802 Encapsulation
`2.3 Trailer Encapsulation
`
`file:///D|/Documents%20and%20Settings/bigini/Documenti/homenet2run/tcpip/tcp-ip-illustrated/index.htm (1 of 9) [12/09/2001 14.46.27]
`
`CISCO SYSTEMS, INC. Ex. 1028 Page 1
`
`

`
`TCP/IP Illustrated
`
`2.4 SLIP: Serial Line IP
`2.5 Compressed SLIP
`2.6 PPP: Point-to-Point Protocol
`2.7 Loopback Interface
`2.8 MTU
`2.9 Path MTU
`2.10 Serial Line Throughput Calculations
`2.11 Summary
`
`Chapter 3. IP: Internet Protocol
`3.1 Introduction
`3.2 IP Header
`3.3 IP Routing
`3.4 Subnet Addressing
`3.5 Subnet Mask
`3.6 Special Case IP Address
`3.7 A Subnet Example
`3.8 ifconfig Command
`3.9 netstat Command
`3.10 IP Futures
`3.11 Summary
`
`Chapter 4. ARP: Address Resolution Protocol
`4.1 Introduction
`4.2 An Example
`4.3 ARP Cache
`4.4 ARP Packet Format
`4.5 ARP Examples
`4.6 Proxy ARP
`4.7 Gratuitous ARP
`4.8 arp Command
`4.9 Summary
`
`Chapter 5. RARP: Reverse Address Resolution Protocol
`5.1 Introduction
`5.2 RARP Packet Format
`5.3 RARP Examples
`5.4 RARP Server design
`5.5 Summary
`
`file:///D|/Documents%20and%20Settings/bigini/Documenti/homenet2run/tcpip/tcp-ip-illustrated/index.htm (2 of 9) [12/09/2001 14.46.27]
`
`CISCO SYSTEMS, INC. Ex. 1028 Page 2
`
`

`
`TCP/IP Illustrated
`
`Chapter 6. ICMP: Internet Control Message Protocol
`6.1 Introduction
`6.2 ICMP Message Types
`6.3 ICMP Address Mask Request and Reply
`6.4 ICMP Timestamp Request and Reply
`6.5 ICMP Port Unreachable Error
`6.6 4.4BSD Processing of ICMP Messages
`6.7 Summary
`
`Chapter 7. Ping Program
`7.1 Introduction
`7.2 Ping Program
`7.3 IP Record Route Option
`7.4 IP Timestamp Option
`7.5 Summary
`
`Chapter 8. Traceroute Program
`8.1 Introduction
`8.2 Traceroute Program operation
`8.3 LAN output
`8.4 WAN output
`8.5 IP Source Routing Option
`8.6 Summary
`
`Chapter 9. IP Routing
`9.1 Introduction
`9.2 Routing Principles
`9.3 ICMP Host and Network Unreachable Errors
`9.4 To Forward or Not to Forward
`9.5 ICMP Redirect Errors
`9.6 ICMP Router Discovery Messages
`9.7 Summary
`
`Chapter 10. Dynamic Routing Protocols
`10.1 Introduction
`10.2 Dynamic Routing
`10.3 Unix Routing Daemons
`
`file:///D|/Documents%20and%20Settings/bigini/Documenti/homenet2run/tcpip/tcp-ip-illustrated/index.htm (3 of 9) [12/09/2001 14.46.27]
`
`CISCO SYSTEMS, INC. Ex. 1028 Page 3
`
`

`
`TCP/IP Illustrated
`
`10.4 RIP: Routing Information Protocol
`10.5 RIP Version 2
`10.6 OSPF: Open Shortest Path First
`10.7 BGP: Border Gateway Protocol
`10.8 CIDR: Classless Interdomain Routing
`10.9 Summary
`
`Chapter 11. UDP: User Datagram Protocol
`11.1 Introduction
`11.2 UDP Header
`11.3 UDP Checksum
`11.4 A Simple Example
`11.5 IP Fragmentation
`11.6 ICMP Unreachable Error (Fragmentation Required)
`11.7 Determining the Path MTU Using Traceroute
`11.8 Path MTU Discovery with UDP
`11.9 Interaction Between UDP and ARP
`11.10 Maximum UDP Datagram Size
`11.11 ICMP Source Quench Error
`11.12 UDP Server Design
`11.13 Summary
`
`Chapter 12. Broadcasting and Multicasting
`12.1 Introduction
`12.2 Broadcasting
`12.3 Broadcasting Examples
`12.4 Multicasting
`12.5 Summary
`
`Chapter 13. IGMP: Internet Group Management Protocol
`13.1 Introduction
`13.2 IGMP Message
`13.3 IGMP Protocol
`13.4 An Example
`13.5 Summary
`
`Chapter 14. DNS: The Domain Name System
`14.1 Introduction
`14.2 DNS Basics
`
`file:///D|/Documents%20and%20Settings/bigini/Documenti/homenet2run/tcpip/tcp-ip-illustrated/index.htm (4 of 9) [12/09/2001 14.46.27]
`
`CISCO SYSTEMS, INC. Ex. 1028 Page 4
`
`

`
`TCP/IP Illustrated
`
`14.3 DNS Message Format
`14.4 A Simple Example
`14.5 Pointer Quiries
`14.6 Resourse Records
`14.7 Caching
`14.8 UDP or TCP
`14.9 Another Example
`14.10 Summary
`
`Chapter 15. TFTP: Trivial File Transfer Protocol
`15.1 Introduction
`15.2 Protocol
`15.3 An Example
`15.4 Security
`15.5 Summary
`
`Chapter 16. BOOTP: Bootstrap Protocol
`16.1 Introduction
`16.2 BOOTP Packet Format
`16.3 An Example
`16.4 BOOTP Server Design
`16.5 BOOTP Through a Router
`16.6 Vendor-Specific Information
`16.7 Summary
`
`Chapter 17. TCP: Transmission Control Protocol
`17.1 Introduction
`17.2 TCP Services
`17.3 TCP Header
`17.4 Summary
`
`Chapter 18. TCP Connection Establishment and Termination
`18.1 Introduction
`18.2 Connection Establishment and Termination
`18.3 Timeout of Connection Establishment
`18.4 Maximum Segment Size
`18.5 TCP Half-Close
`18.6 TCP State Transition Diagram
`18.7 Reset Segments
`
`file:///D|/Documents%20and%20Settings/bigini/Documenti/homenet2run/tcpip/tcp-ip-illustrated/index.htm (5 of 9) [12/09/2001 14.46.27]
`
`CISCO SYSTEMS, INC. Ex. 1028 Page 5
`
`

`
`TCP/IP Illustrated
`
`18.8 Simultaneous Open
`18.9 Simultaneous Close
`18.10 TCP Options
`18.11 TCP Server Design
`18.12 Summary
`
`Chapter 19. TCP Interactive Data Flow
`19.1 Introduction
`19.2 Interactive Input
`19.3 Delayed Acknoledgements
`19.4 Nagle Algorithm
`19.5 Windows Size Advertisments
`19.6 Summary
`
`Chapter 20. TCP Bulk Data Flow
`20.1 Introduction
`20.2 Normal Data Flow
`20.3 Sliding Windows
`20.4 Window Size
`20.5 PUSH Flag
`20.6 Slow Start
`20.7 Bulk Data Throughput
`20.8 Urgent Mode
`20.9 Summary
`
`Chapter 21. TCP Timeout and Retransmission
`21.1 Introduction
`21.2 Simple Timeout and Retransmission Example
`21.3 Round-Trip Time Measurement
`21.4 An RTT Example
`21.5 Congestion Example
`21.6 Congestion Avoidance Algorithm
`21.7 Fast Retransmit and Fast Recovery Algorithm
`21.8 Congestion Example (Continued)
`21.9 Per-Route Metrics
`21.10 ICMP Errors
`21.11 Repacketization
`21.12 Summary
`
`file:///D|/Documents%20and%20Settings/bigini/Documenti/homenet2run/tcpip/tcp-ip-illustrated/index.htm (6 of 9) [12/09/2001 14.46.27]
`
`CISCO SYSTEMS, INC. Ex. 1028 Page 6
`
`

`
`TCP/IP Illustrated
`
`Chapter 22. TCP Persist Timer
`22.1 Introduction
`22.2 An Example
`22.3 Silly Windows Syndrome
`22.4 Summary
`
`Chapter 23. TCP Keepalive Timer
`23.1 Introduction
`23.2 Description
`23.3 Keepalive Examples
`23.4 Summary
`
`Chapter 24. TCP Futures and Performance
`24.1 Introduction
`24.2 Path MTU Discovery
`24.3 Long Fat Pipes
`24.4 Windows Scale Option
`24.5 Timestamp Option
`24.6 PAWS: Protection Against Wrapped Sequence Numbers
`24.7 T/TCP: A TCP Extension for Transactions
`24.8 TCP Performance
`24.9 Summary
`
`Chapter 25. SNMP: Simple Network Management Protocol
`25.1 Introduction
`25.2 Protocol
`25.3 Structure of Management Information
`25.4 Object Identifiers
`25.5 Introduction to the Management Information Base
`25.6 Instance Identification
`25.7 Simple Examples
`25.8 Management Information Base (Continued)
`25.9 Additional Examples
`25.10 Traps
`25.11 ASN.1 and BER
`25.12 SNMP Version 2
`25.13 Summary
`
`file:///D|/Documents%20and%20Settings/bigini/Documenti/homenet2run/tcpip/tcp-ip-illustrated/index.htm (7 of 9) [12/09/2001 14.46.27]
`
`CISCO SYSTEMS, INC. Ex. 1028 Page 7
`
`

`
`TCP/IP Illustrated
`
`Chapter 26. Telnet and Rlogin: Remote Login
`26.1 Introduction
`26.2 Rlogin Protocol
`26.3 Rlogin Examples
`26.4 Telnet Protocol
`26.5 Telnet Examples
`26.6 Summary
`
`Chapter 27. FTP: File Transfer Protocol
`27.1 Introduction
`27.2 FTP Protocol
`27.3 FTP Examples
`27.4 Summary
`
`Chapter 28. SMTP: Simple Mail Transfer Protocol
`28.1 Introduction
`28.2 SMTP Protocol
`28.3 SMTP Examples
`28.4 SMTP Futures
`28.5 Summary
`
`Chapter 29. NFS: Network File System
`29.1 Introduction
`29.2 Sun Remote Procedure Call
`29.3 XDR: External Data Representation
`29.4 Port Mapper
`29.5 NFS Protocol
`29.6 NFS Examples
`29.7 NFS Version 3
`29.8 Summary
`
`Chapter 30. Other TCP/IP Applications
`30.1 Introduction
`30.2 Finger Protocol
`30.3 Whois Protocol
`30.4 Archie, WAIS, Gopher, Veronica and WWW
`30.5 X Window System
`30.6 Summary
`
`file:///D|/Documents%20and%20Settings/bigini/Documenti/homenet2run/tcpip/tcp-ip-illustrated/index.htm (8 of 9) [12/09/2001 14.46.27]
`
`CISCO SYSTEMS, INC. Ex. 1028 Page 8
`
`

`
`TCP/IP Illustrated
`
`Appendix A. The tcpdump Program
`A.1 BSD Packet Filter
`A.2 SunOS Network Interface Tap
`A.3 SVR4 Data Link Provider Interface
`A.4 tcpdump Output
`A.5 Security Considerations
`A.6 Socket Debug Option
`
`Appendix B. Computer Clocks
`
`Appendix C. The sock Program
`
`Appendix D. Solutions to Selected Exercises
`
`Appendix E. Configurable Options
`E.1 BSD/386 version 1.0
`E.2 SunOS 4.1.3
`E.3 System V Release 4
`E.4 Solaris 2.2
`E.5 AIX 3.2.2
`E.6 4.4BSD
`
`Appendix F. Source Code Availability
`
`Acronyms
`
`You can write to the designer of this page. All critics are welcome.
`
`file:///D|/Documents%20and%20Settings/bigini/Documenti/homenet2run/tcpip/tcp-ip-illustrated/index.htm (9 of 9) [12/09/2001 14.46.27]
`
`CISCO SYSTEMS, INC. Ex. 1028 Page 9
`
`

`
`Preface
`
`Preface
`
`Introduction
`
`This book describes the TCP/IP protocol suite, but from a different perspective than other
`texts on TCP/IP. Instead of just describing the protocols and what they do, we'll use a
`popular diagnostic tool to watch the protocols in action. Seeing how the protocols operate in
`varying circumstances provides a greater understanding of how they work and why certain
`design decisions were made. It also provides a look into the implementation of the protocols,
`without having to wade through thousands of lines of source code.
`
`When networking protocols were being developed in the 1960s through the 1980s,
`expensive, dedicated hardware was required to see the packets going "across the wire."
`Extreme familiarity with the protocols was also required to comprehend the packets
`displayed by the hardware. Functionality of the hardware analyzers was limited to that built
`in by the hardware designers.
`
`Today this has changed dramatically with the ability of the ubiquitous workstation to
`monitor a local area network [Mogul 1990]. Just attach a workstation to your network, run
`some publicly available software (described in Appendix A), and watch what goes by on the
`wire. While many people consider this a tool to be used for diagnosing network problems, it
`is also a powerful tool for understanding how the network protocols operate, which is the
`goal of this book.
`
`This book is intended for anyone wishing to understand how the TCP/IP protocols operate:
`programmers writing network applications, system administrators responsible for
`maintaining computer systems and networks utilizing TCP/IP, and users who deal with
`TCP/IP applications on a daily basis.
`
`Organization of the Book
`
`The following figure shows the various protocols and applications that are covered. The
`italic number by each box indicates the chapter in which that protocol or application is
`described.
`
`file:///D|/Documents%20and%20Settings/bigini/Docum...i/homenet2run/tcpip/tcp-ip-illustrated/preface.htm (1 of 6) [12/09/2001 14.46.28]
`
`CISCO SYSTEMS, INC. Ex. 1028 Page 10
`
`

`
`Preface
`
`
`
`(Numerous fine points are missing from this figure that will be discussed in the appropriate
`chapter. For example, both the DNS and RPC use TCP, which we don't show.)
`
`We take a bottom-up approach to the TCP/IP protocol suite. After providing a basic
`introduction to TCP/IP in Chapter 1, we will start at the link layer in Chapter 2 and work our
`way up the protocol stack. This provides the required background for later chapters for
`readers who aren't familiar with TCP/IP or networking in general.
`
`This book also uses a functional approach instead of following a strict bottom-to-top order.
`For example, Chapter 3 describes the IP layer and the IP header. But there are numerous
`fields in the IP header that are best described in the context of an application that uses or is
`affected by a particular field. Fragmentation, for example, is best understood in terms of
`UDP (Chapter 11), the protocol often affected by it. The time-to-live field is fully described
`when we look at the Traceroute program in Chapter 8, because this field is the basis for the
`operation of the program. Similarly, many features of ICMP are described in the later
`chapters, in terms of how a particular ICMP message is used by a protocol or an application.
`
`We also don't want to save all the good stuff until the end, so we describe TCP/IP
`applications as soon as we have the foundation to understand them. Ping and Trace-route are
`described after IP and ICMP have been discussed. The applications built on UDP
`(multicasting, the DNS, TFTP, and BOOTP) are described after UDP has been examined.
`The TCP applications, however, along with network management, must be saved until the
`end, after we've thoroughly described TCP. This text focuses on how these applications use
`the TCP/IP protocols. We do not provide all the details on running these applications.
`
`file:///D|/Documents%20and%20Settings/bigini/Docum...i/homenet2run/tcpip/tcp-ip-illustrated/preface.htm (2 of 6) [12/09/2001 14.46.28]
`
`CISCO SYSTEMS, INC. Ex. 1028 Page 11
`
`

`
`Preface
`
`Readers
`
`This book is self-contained and assumes no specific knowledge of networking or TCP/IP.
`Numerous references are provided for readers interested in additional details on specific
`topics.
`
`This book can be used in many ways. It can be used as a self-study reference and covered
`from start to finish by someone interested in all the details on the TCP/IP protocol suite.
`Readers with some TCP/IP background might want to skip ahead and start with Chapter 7,
`and then focus on the specific chapters in which they're interested. Exercises are provided at
`the end of the chapters, and most solutions are in Appendix D. This is to maximize the
`usefulness of the text as a self-study reference.
`
`When used as part of a one- or two-semester course in computer networking, the focus
`should be on IP (Chapters 3 and 9), UDP (Chapter 11), and TCP (Chapters 17-24), along
`with some of the application chapters.
`
`Many forward and backward references are provided throughout the text, along with a
`thorough index, to allow individual chapters to be studied by themselves. A list of all the
`acronyms used throughout the text, along with the compound term for the acronym, appears
`on the inside back covers.
`
`If you have access to a network you are encouraged to obtain the software used in this book
`(Appendix F) and experiment on your own. Hands-on experimentation with the protocols
`will provide the greatest knowledge (and make it more fun).
`
`Systems Used for Testing
`
`Every example in the book was run on an actual network and the resulting output saved in a
`file for inclusion in the text. Figure 1.11 shows a diagram of the different hosts, routers, and
`networks that are used. (This figure is also duplicated on the inside front cover for easy
`reference while reading the book.) This collection of networks is simple enough that the
`topology doesn't confuse the examples, and with four systems acting as routers, we can see
`the error messages generated by routers.
`
`Most of the systems have a name that indicates the type of software being used: bsdi,
`svr4, sun, solaris, aix, slip, and so on. In this way we can identify the type of
`software that we're dealing with by looking at the system name in the printed output.
`
`A wide range of different operating systems and TCP/IP implementations are used:
`
`l BSD/386 Version 1.0 from Berkeley Software Design, Inc., on the hosts named
`bsdi and slip. This system is derived from the BSD Networking Software,
`Release 2.0. (We show the lineage of the various BSD releases in Figure 1.10.)
`
`file:///D|/Documents%20and%20Settings/bigini/Docum...i/homenet2run/tcpip/tcp-ip-illustrated/preface.htm (3 of 6) [12/09/2001 14.46.28]
`
`CISCO SYSTEMS, INC. Ex. 1028 Page 12
`
`

`
`Preface
`
`l Unix System V/386 Release 4.0 Version 2.0 from U.H. Corporation, on the host
`named svr4. This is vanilla SVR4 and contains the standard implementation of
`TCP/IP from Lachman Associates used with most versions of SVR4.
`l SunOS 4.1.3 from Sun Microsystems, on the host named sun. The SunOS 4.1.x
`systems are probably the most widely used TCP/IP implementations. The TCP/IP
`code is derived from 4.2BSD and 4.3BSD.
`l Solaris 2.2 from Sun Microsystems, on the host named solaris. The Solaris 2.x
`systems have a different implementation of TCP/IP from the earlier SunOS 4.1.x
`systems, and from SVR4. (This operating system is really SunOS 5.2, but is
`commonly called Solaris 2.2.)
`l AIX 3.2.2 from IBM on the host named aix. The TCP/IP implementation is based on
`the 4.3BSD Reno release.
`l 4.4BSD from the Computer Systems Research Group at the University of California
`at Berkeley, on the host vangogh. cs.berkeley.edu. This system has the
`latest release of TCP/IP from Berkeley. (This system isn't shown in the figure on the
`inside front cover, but is reachable across the Internet.)
`
`Although these are all Unix systems, TCP/IP is operating system independent, and is
`available on almost every popular non-Unix system. Most of this text also applies to these
`non-Unix implementations, although some programs (such as Traceroute) may not be
`provided on all systems.
`
`Typographical Conventions
`
`When we display interactive input and output we'll show our typed input in a bold font,
`and the computer output like this. Comments are added in italics.
`bsdi % telnet svr4 discard
`connect to the discard server
`Trying 140.252.13.34...
`this line and next output by Telnet client
`Connected to svr4.
`Also, we always include the name of the system as part of the shell prompt (bsdi in this
`example) to show on which host the command was run.
`
`Throughout the text we'll use indented, parenthetical notes such as this to describe historical points or
`implementation details.
`
`We sometimes refer to the complete description of a command in the Unix manual as in
`ifconfig(8). This notation, the name of the command followed by a number in
`parentheses, is the normal way of referring to Unix commands. The number in parentheses is
`the section number in the Unix manual of the "manual page" for the command, where
`additional information can be located. Unfortunately not all Unix systems organize their
`manuals the same, with regard to the section numbers used for various groupings of
`commands. We'll use the BSD-style section numbers (which is the same for BSD-derived
`systems such as SunOS 4.1.3), but your manuals may be organized differently.
`
`Acknowledgments
`
`file:///D|/Documents%20and%20Settings/bigini/Docum...i/homenet2run/tcpip/tcp-ip-illustrated/preface.htm (4 of 6) [12/09/2001 14.46.28]
`
`CISCO SYSTEMS, INC. Ex. 1028 Page 13
`
`

`
`Preface
`
`Although the author's name is the only one to appear on the cover, the combined effort of
`many people is required to produce a quality text book. First and foremost is the author's
`family, who put up with the long and weird hours that go into writing a book. Thank you
`once again, Sally, Bill, Ellen, and David.
`
`The consulting editor, Brian Kernighan, is undoubtedly the best in the business. He was the
`first one to read various drafts of the manuscript and mark it up with his infinite supply of
`red pens. His attention to detail, his continual prodding for readable prose, and his thorough
`reviews of the manuscript are an immense resource to a writer.
`
`Technical reviewers provide a different point of view and keep the author honest by catching
`technical mistakes. Their comments, suggestions, and (most importantly) criticisms add
`greatly to the final product. My thanks to Steve Bellovin, Jon Crowcroft, Pete Haverlock,
`and Doug Schmidt for comments on the entire manuscript. Equally valuable comments were
`provided on portions of the manuscript by Dave Borman, Tony DeSimone, Bob Gilligan,
`Jeff Gitlin, John Gulbenkian, Tom Herbert, Mukesh Kacker, Barry Margolin, Paul
`Mockapetris, Burr Nelson, Steve Rago, James Risner, Chris Walquist, Phil Winterbottom,
`and Gary Wright. A special thanks to Dave Borman for his thorough review of all the TCP
`chapters, and to Bob Gilligan who should be listed as a coauthor for Appendix E.
`
`An author cannot work in isolation, so I would like to thank the following persons for lots of
`small favors, especially by answering my numerous e-mail questions: Joe Godsil, Jim
`Hogue, Mike Karels, Paul Lucchina, Craig Partridge, Thomas Skibo, and Jerry Toporek.
`
`This book is the result of my being asked lots of questions on TCP/IP for which I could find
`no quick, immediate answer. It was then that I realized that the easiest way to obtain the
`answers was to run small tests, forcing certain conditions to occur, and just watch what
`happens. I thank Pete Haverlock for asking the probing questions and Van Jacobson for
`providing so much of the publicly available software that is used in this book to answer the
`questions.
`
`A book on networking needs a real network to work with along with access to the Internet.
`My thanks to the National Optical Astronomy Observatories (NOAO), especially Sidney
`Wolff, Richard Wolff, and Steve Grandi, for providing access to their networks and hosts. A
`special thanks to Steve Grandi for answering lots of questions and providing accounts on
`various hosts. My thanks also to Keith Bostic and Kirk McKu-sick at the U.C. Berkeley
`CSRG for access to the latest 4.4BSD system.
`
`Finally, it is the publisher that pulls everything together and does whatever is required to
`deliver the final product to the readers. This all revolves around the editor, and John Wait is
`simply the best there is. Working with John and the rest of the professionals at Addison-
`Wesley is a pleasure. Their professionalism and attention to detail show in the end result.
`
`Camera-ready copy of the book was produced by the author, a Troff die-hard, using the
`
`file:///D|/Documents%20and%20Settings/bigini/Docum...i/homenet2run/tcpip/tcp-ip-illustrated/preface.htm (5 of 6) [12/09/2001 14.46.28]
`
`CISCO SYSTEMS, INC. Ex. 1028 Page 14
`
`

`
`Preface
`
`Groff package written by James Clark. I welcome electronic mail from any readers with
`comments, suggestions, or bug fixes.
`
`Tucson, Arizona
`October 1993
`
`W. Richard Stevens
`rstevens@noao.edu
`http://www.noao.edu/~rstevens
`
`file:///D|/Documents%20and%20Settings/bigini/Docum...i/homenet2run/tcpip/tcp-ip-illustrated/preface.htm (6 of 6) [12/09/2001 14.46.28]
`
`CISCO SYSTEMS, INC. Ex. 1028 Page 15
`
`

`
`Chapter 1. Introduction
`
`Introduction
`
`1.1 Introduction
`
`The TCP/IP protocol suite allows computers of all sizes, from many different computer vendors,
`running totally different operating systems, to communicate with each other. It is quite amazing
`because its use has far exceeded its original estimates. What started in the late 1960s as a
`government-financed research project into packet switching networks has, in the 1990s, turned
`into the most widely used form of networking between computerrs. It is truly an open system in
`that the definition of the protocol suite and many of its implementations are publicly available at
`little or no charge. It forms the basis for what is called the worldwide Internet, or the Internet, a
`wide area network (WAN) of more than one million computers that literally spans the globe.
`
`This chapter provides an overview of the TCP/IP protocol suite, to establish an adequate
`background for the remaining chapters. For a historical perspective on the early development of
`TCP/IP see [Lynch 1993].
`
`1.2 Layering
`
`Networking protocols are normally developed in layers, with each layer responsible for a
`different facet of the communications. A protocol suite, such as TCP/IP, is the combination of
`different protocols at various layers. TCP/IP is normally considered to be a 4-layer system, as
`shown in Figure 1.1.
`
`Telnet, FTP, e-mail, etc.
`Application
`TCP, UDP
`Transport
`IP, ICMP, IGMP
`Network
`device driver and interface card
`Link
`Figure 1.1 The four layers of the TCP/IP protocol suite.
`
`Each layer has a different responsibility.
`
`1. The link layer, sometimes called the data-link layer or network interface layer, normally
`includes the device driver in the operating system and the corresponding network
`interface card in the computer. Together they handle all the hardware details of physically
`interfacing with the cable (or whatever type of media is being used).
`2. The network layer (sometimes called the internet layer) handles the movement of packets
`around the network. Routing of packets, for example, takes place here. IP (Internet
`Protocol), ICMP (Internet Control Message Protocol), and IGMP (Internet Group
`Management Protocol) provide the network layer in the TCP/IP protocol suite.
`3. The transport layer provides a flow of data between two hosts, for the application layer
`above. In the TCP/IP protocol suite there are two vastly different transport protocols:
`TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).
`
`file:///D|/Documents%20and%20Settings/bigini/Docu...homenet2run/tcpip/tcp-ip-illustrated/introduc.htm (1 of 20) [12/09/2001 14.46.31]
`
`CISCO SYSTEMS, INC. Ex. 1028 Page 16
`
`

`
`Chapter 1. Introduction
`
`TCP provides a reliable flow of data between two hosts. It is concerned with things such
`as dividing the data passed to it from the application into appropriately sized chunks for
`the network layer below, acknowledging received packets, setting timeouts to make
`certain the other end acknowledges packets that are sent, and so on. Because this reliable
`flow of data is provided by the transport layer, the application layer can ignore all these
`details.
`
`UDP, on the other hand, provides a much simpler service to the application layer. It just
`sends packets of data called datagrams from one host to the other, but there is no
`guarantee that the datagrams reach the other end. Any desired reliability must be added
`by the application layer.
`
`There is a use for each type of transport protocol, which we'll see when we look at the
`different applications that use TCP and UDP.
`4. The application layer handles the details of the particular application. There are many
`common TCP/IP applications that almost every implementation provides:
`m Telnet for remote login,
`m FTP, the File Transfer Protocol,
`m SMTP, the Simple Mail Transfer protocol, for electronic mail,
`m SNMP, the Simple Network Management Protocol,
`
`and many more, some of which we cover in later chapters.
`
`If we have two hosts on a local area network (LAN) such as an Ethernet, both running FTP,
`Figure 1.2 shows the protocols involved.
`
`Figure 1.2 Two hosts on a LAN running FTP.
`
`We have labeled one application box the FTP client and the other the FTP server. Most network
`
`file:///D|/Documents%20and%20Settings/bigini/Docu...homenet2run/tcpip/tcp-ip-illustrated/introduc.htm (2 of 20) [12/09/2001 14.46.31]
`
`CISCO SYSTEMS, INC. Ex. 1028 Page 17
`
`

`
`Chapter 1. Introduction
`
`applications are designed so that one end is the client and the other side the server. The server
`provides some type of service to clients, in this case access to files on the server host. In the
`remote login application, Telnet, the service provided to the client is the ability to login to the
`server's host.
`
`Each layer has one or more protocols for communicating with its peer at the same layer. One
`protocol, for example, allows the two TCP layers to communicate, and another protocol lets the
`two IP layers communicate.
`
`On the right side of Figure 1.2 we have noted that normally the application layer is a user
`process while the lower three layers are usually implemented in the kernel (the operating
`system). Although this isn't a requirement, it's typical and this is the way it's done under Unix.
`
`There is another critical difference between the top layer in Figure 1.2 and the lower three
`layers. The application layer is concerned with the details of the application and not with the
`movement of data across the network. The lower three layers know nothing about the application
`but handle all the communication details.
`
`We show four protocols in Figure 1.2, each at a different layer. FTP is an application layer
`protocol, TCP is a transport layer protocol, IP is a network layer protocol, and the Ethernet
`protocols operate at the link layer. The TCP/IP protocol suite is a combination of many
`protocols. Although the commonly used name for the entire protocol suite is TCP/IP, TCP and
`IP are only two of the protocols. (An alternative name is the Internet Protocol Suite.)
`
`The purpose of the network interface layer and the application layer are obvious-the former
`handles the details of the communication media (Ethernet, token ring, etc.) while the latter
`handles one specific user application (FTP, Telnet, etc.). But on first glance the difference
`between the network layer and the transport layer is somewhat hazy. Why is there a distinction
`between the two? To understand the reason, we have to expand our perspective from a single
`network to a collection of networks.
`
`One of the reasons for the phenomenal growth in networking during the 1980s was the
`realization that an island consisting of a stand-alone computer made little sense. A few stand-
`alone systems were collected together into a network. While this was progress, during the 1990s
`we have come to realize that this new, bigger island consisting of a single network doesn't make
`sense either. People are combining multiple networks together into an internetwork, or an
`internet. An internet is a collection of networks that all use the same protocol suite.
`
`The easiest way to build an internet is to connect two or more networks with a router. This is
`often a special-purpose hardware box for connecting networks. The nice thing about routers is
`that they provide connections to many different types of physical networks: Ethernet, token ring,
`point-to-point links, FDDI (Fiber Distributed Data Interface), and so on.
`
`These boxes are also called IP routers, but we'll use the term router.
`
`Historically these boxes were called gateways, and this term is used throughout much of the TCP/IP literature.
`Today the term gateway is used for an application gateway: a process that connects two different protocol suites
`
`file:///D|/Documents%20and%20Settings/bigini/Docu...homenet2run/tcpip/tcp-ip-illustrated/introduc.htm (3 of 20) [12/09/2001 14.46.31]
`
`CISCO SYSTEMS, INC. Ex. 1028 Page 18
`
`

`
`Chapter 1. Introduction
`
`(say, TCP/IP and IBM's SNA) for one particular application (often electronic mail or file transfer).
`
`Figure 1.3 shows an internet consisting of two networks: an Ethernet and a token ring, connected
`with a router. Although we show only two hosts communicating, with the router connecting the
`two networks, any host on the Ethernet can communicate with any host on the token ring.
`
`In Figure 1.3 we can differentiate between an end system (the two hosts on either side) and an
`intermediate system (the router in the middle). The application layer and the transport layer use
`end-to-end protocols. In our picture these two layers are needed only on the end systems. The
`network layer, however, provides a hop-by-hop protocol and is used on the two end systems and
`every intermediate system.
`
`Figure 1.3 Two networks connected with a router.
`
`In the TCP/IP protocol suite the network layer, IP, provides an unreliable service. That is, it does
`its best job of moving a packet from its source to its final destination, but there are no
`guarantees. TCP, on the other hand, provides a reliable transport layer using the unreliable
`service of IP To provide this service, TCP performs timeout and retransmission, sends and
`receives end-to-end acknowledgments, and so on. The transport layer and the network layer have
`distinct responsibilities.
`
`A router, by definition, has two or more network interface layers (since it connects two or more
`networks). Any system with multiple interfaces is called multihomed. A host can also be
`multihomed but unless it specifically forwards packets from one interface to another, it is not
`called a router. Also, routers need not be special hardware boxes that only move packets around
`an internet. Most TCP/IP implementations allow a multihomed host to act as a router also, but
`the host needs to be specifically configured for this to happen. In this case we can call the system
`either a host (when an application such as FTP or Telnet is being used) or a router (when it's
`
`file:///D|/Documents%20and%20Settings/bigini/Docu...homenet2run/tcpip/tcp-ip-illustrated/introduc.htm (4 of 20) [12/09/2001 14.46.31]
`
`CISCO SYSTEMS, INC. Ex. 1028 Page 19
`
`

`
`Chapter 1. Introduction
`
`forwarding packets from one network to another). We'll use whichever term makes sense given
`the context.
`
`One of the