TCP/IP Illustrated, Volume 1
`
`The Protocols
`
`W. Richard Stevens
`
`A
`VV
`
`ADDISON-WESLEY
`An imprint of Addison Wesley Longman,Inc.
`Reading, Massachusetts * Harlow, England » Menlo Park, California
`Berkeley, California » Don Mills, Ontario « Sydney
`Bonn « Amsterdam * Tokyo + Mexico City
`
`Data Co Exhibit 1026
`Data Co Exhibit 1026
`Data Co v. Bright Data
`Data Co v. Bright Data
`
`

`

`UNIXis a technology trademark of X/Open Company,Ltd.
`
`The publisher offers discounts on this book when ordered in quantity for special sales.
`For more information please contact:
`Corporate & Professional Publishing Group
`Addison-Wesley Publishing Company
`One Jacob Way
`Reading, Massachusetts 01867
`
`Library of Congress Cataloging-in-Publication Data
`Stevens, W. Richard
`TCP/IP Illustrated: the protocols/W. Richard Stevens.
`p. cm. — (Addison-Wesley professional computing series)
`Includes bibliographical references and index.
`ISBN 0-201-63346-9 (v. 1)
`1.TCP/IP (Computer network protocol) I. Title. I. Series.
`TK5105.55S74 1994
`004.6’2—dc20
`
`Copyright © 1994 Addison Wesley Longman, Inc.
`
`All rights reserved. No part of this publication may be reproduced,stored in a retrieval system,
`or transmitted in any form or by any means,electronic, mechanical, photocopying, recording, or
`otherwise, without prior written permission of the publisher. Printed in the United States of
`America. Published simultaneously in Canada.
`
`Text printed on recycled and acid-free paper
`
`ISBN 0-201-63346-9
`91011 12 13 14.15 16 17-MA-99989796
`Ninth printing, December 1996
`
`

`

`Introduction
`
`1.1
`
`Introduction
`
`The TCP/IP protocol suite allows computers ofall sizes, from many different computer
`vendors, runningtotally different operating systems, to communicate with each other.
`It is quite amazing becauseits use has far exceededits original estimates. Whatstarted
`in the late 1960s as a government-financed research project into packet switching net-
`works has, in the 1990s, turned into the most widely used form of networking between
`computers.
`It is truly an open system in that the definition of the protocol suite and
`manyof its implementations are publicly available atlittle or no charge.
`It formsthe
`basis for what is called the worldwide Internet, or the Internct, a wide area network
`(WAN)of more than one million computersthat literally spans the globe.
`This chapter provides an overview of the TCP/IP protocol suite, to establish an ade-
`quate backgroundfor the remaining chapters. For a historical perspective on the early
`development of TCP/IP see [Lynch 1993].
`
`1.2
`
`Layering
`
`Networking protocols are normally developedin layers, with each layer responsible for a
`different facet of the communications. A protocol suite, such as TCP/IP, is the combina-
`tion of different protocols at various layers. TCP/IP is normally considered to be a
`4-layer system, as shownin Figure 1.1.
`
`

`

`Introduction
`
`2
`
`Chapter 1
`
`Application
`
`Telnet, FTP, e-mail, ete.
`
`IP ICMP. IGMP device driver and interface card
`
`Transport
`
`TCP, UDP
`
`Network
`
`Figure 1.1. The four layers of the TCP/IP protocol suite.
`
`Each layer has a different responsibility.
`I. The link layer, sometimescalled the data-link layer or networkinterface layer, nor-
`mally includes the device driver in the operating system and the corresponding
`network interface card in the computer. Together they handleall the hardware
`details of physically interfacing with the cable (or whatever type of media is
`being used),
`
`The network layer (sometimes called the internet layer) handles the movement of
`packets around the network. Routing of packets, for example, takes place here.
`IP (Internet Protocol), ICMP (Internet Control Message Protocol), and IGMP
`(Internet Group Management Protocol) provide the network layer in the
`TCP/IP protocolsuite.
`The transport layer provides a flow of data between twohosts, for the applica-
`tion layer above.
`In the TCP/IP protocol suite there are two vastly different
`transport protocols: TCP (Transmission Control Protocol) and UDP (User Data-
`gram Protocol).
`TCP provides a reliable flow of data between two hosts. It is concerned with
`things such as dividing the data passedtoit from the application into appropri-
`ately sized chunks for the network layer below, acknowledging received pack-
`ets, setting timeouts to make certain the other end acknowledges packets that
`are sent, and so on. Because this reliable flow of data is provided by the trans-
`portlayer, the application layer can ignoreall these details,
`UDP, on the other hand, provides a much simpler service to the application
`layer.
`It just sends packets of data called datagrams from one host to the other,
`but there is no guarantee that the datagrams reachthe other end. Any desired
`reliability must be added by the applicationlayer.
`There is a use for each type of transport protocol, which we'll see when we look
`at the different applications that use TCP and UDP.
`
`

`

`3
`Layering
`Section 1.2
`NeeEEE
`
`#
`
`4. The application layer handles the details of the particular application. There are
`many common TCP/IP applications that almost every implementation pro-
`vides:
`
`Telnet for remote login,
`FTP, the File Transfer Protocol,
`SMTP,the Simple Mail Transfer protocol, for electronic mail,
`SNMP,the Simple Network ManagementProtocol,
`and many more, some of which we coverin later chapters.
`
`If we have two hosts on a local area network (LAN) such as an Ethernet, both run-
`ning FTP, Figure 1.2 showsthe protocols involved.
`
`handles
`
`appieaion
`Se
`FIP
`FTPprotocol
`FTP
`a
`
`
`application dientMPSSS ase oer processes details
`
`
`|
`
`kernel
`
`Y
`
`handles
`communication
`details
`
`TCPprotocol
`
`transport
`
`TCP
`
`ee SSS ;
`
`TCP
`
`network!IP=\-—--—-—--~-—------—
`
`
`
`
`
`link
`
`
`
` Ethernet
`Ethernet
`za cbthernet Paneer
`
`driver
`
`driver
`
`
`Ethernet
`
`Figure 1.2 Two hosts on a LAN running FTP.
`
`Wehave labeled one application box the FTP client and the other the FTP server.
`Most network applications are designed so that one endis the client and the otherside
`the server. The server provides sometypeof service to clients, in this case accessto files
`on the server host.
`In the remote login application, Telnet, the service provided to the
`client is the ability to login to the server’s host.
`Each layer has one or more protocols for communicating with its peer at the same
`layer. One protocol, for example, allows the two TCP layers to communicate, and
`another protocollets the two IP layers communicate.
`Onthe right side of Figure 1.2 we have noted that normally the application layer is
`a user process while the lowerthree layers are usually implementedin the kernel (the
`operating system). Althoughthis isn’t a requirement,it’s typical and this is the wayit’s
`done under Unix.
`
`

`

`4
`
`Introduction
`
`Chapter ]
`
`There is anothercritical difference between the top layer in Figure 1.2 and the lower
`three layers. The application layer is concerned with the details of the application and
`hot with the movementof data across the network. The lowerthree layers know noth-
`ing about the application but handleal] the communicationdetails,
`We show four protocols in Figure 1.2, each at a different layer. FTP is an application
`layer protocol, TCPis a transportlayer protocol, IP is a network layer protocol, and the
`Ethernetprotocols operate at the link layer. The TCP/IP protocolsuite is a combination of
`many protocols. Although the commonly used namefor the entire protocol suite is
`TCP/IP, TCP and IP are only two of the protocols,
`(An alternative nameis the Internet
`Protocol Suite.)
`The purpose of
`the network interface layer and the application layer are
`obvious—the former handles the details of the communication medja (Ethernet, token
`ring, etc.) while the latter handles one specific user application (FTP. Telnet, etc.). But on
`first glance the difference between the network layer and the transport layer is some-
`what hazy. Whyis there a distinction between the two? To understand the reason, we
`have to expand our perspective from a single network to a collection of networks.
`Oneof the reasons for the phenomenal growth in networking during the 1980s was
`the realization that an island consisting of a stand-alone computer madelittle sense, A
`few stand-alone systems were collected together into a network. While this was
`progress, during the 1990s we have cometo realize that this new, bigger island consist-
`ing of a single network doesn’t make sense either. People are combining multiple net-
`works together into an internetwork, or an internet. An internet is a collection of
`networksthat all use the same protocol suite.
`The easiest way to build an internet is to connect two or more networks with a
`router. This is often a special-purpose hardware box for connecting networks. The nice
`thing aboutrouters is that they provide connections to many different types ofphysical
`networks: Ethernet, token ring, point-to-pointlinks, FDDI (Fiber Distributed Data Inter-
`
`face), and so on.
`
`These boxes are also called IP routers, but we'll use the term router.
`Historically these boxes were called gateways, and this term is used throughout much ofthe
`TCP/IPliterature. Todaythe term Rateway is used for an application gateway: a process that
`connects two different protocol suites (say, TCP/IP and IBM’s SNA)for one particular applica-
`tion (often electronic mail orfile transfer),
`Figure 1.3 shows an internet consisting of two networks: an Ethernet and a token
`ring, connected with a router. Although we show only two hosts communicating, with
`the router connecting the two networks, any host on the Ethernet can communicate with
`any host on the token ring.
`In Figure 1.3 we can differentiate between an end system (the two hosts on either
`side) and an intermediate system (the router in the middle). The application layer and the
`transportlayer use end-to-end Protocols. In ourpicture these two layers are needed only
`on the end systems. The network Jayer, however, provides a hop-by-hop protocol andis
`used on the two end systems and every intermediate system.
`
`

`

`
`
` LayeringSection 1.2 5
`
`
`
`FTP
`FIP ee _ FTPprotocol leu tied
`server
`P°\FTt|imikimiaaaaaaaici eas
`
`
`
`|
`
`|
`TCP protocol
`TCP ~ —----+--+---+ +i YS - -
`
`- - - - -----
`
`
`
`‘
`
`router
`Se 7
`
`
`IP
`lagesmasquneleprotect
`(i
`|
`A
`¢*.
`!
`|
`
`V
`‘
`|
`]
`~
`|
`
`
`Ethernet
`token ring ||.
`tokenring
`token ring|
`
`
`driver
`driver
`protocol
`driver
`
`
`
`] 25 Sates a akeeeeSe
`
`
`
`
`
`
`IP
`
`
`
`!
`I
`1
`
`:
`
`f
`
`
`
`%
`
`
`
`
`
`Ethernet
`
`Figure 1.3 Two networks connected with a router,
`
`In the TCP/IP protocol suite the network layer, IP, provides an unreliable service.
`Thatis, it does its best job of moving a packet from its source toits final destination, but
`there are no guarantees. TCP, on the other hand, provides a reliable transport layer
`using the unreliable service of IP. To provide this service, TCP performs timeout and
`retransmission, sends and receives end-to-end acknowledgments, and so on. The trans-
`port layer and the network layer have distinct responsibilities.
`A router, by definition, has two or more networkinterface layers (since it connects
`two or more networks). Any system with multiple interfaces is called multihoined. A
`host can also be multihomed but unless it specifically forwards packets from one inter-
`face to another, it is not called a router. Also, routers need not be special hardware
`boxes that only move packets around an internet. Most TCP/IP implementations allow
`a multihomed host to act as a router also, but the host needs to be specifically config-
`ured for this to happen. In this case we can call the system either a host (when an appli-
`cation such as FTP or Telnet is being used) or a router (whenit’s forwarding packets
`from one network to another). We’ll use whichever term makes sense given the context.
`Oneof the goals of an internet is to hide all the details of the physical layout of the
`internet from the applications. Although this isn’t obvious from our two-networkinter-
`net in Figure 1.3, the application layers can’t care (and don’t care) that one host is on an
`Ethernet, the other on a token ring, with a router between. There could be 20 routers
`between, with additional types of physical interconnections, and the applications would
`run the same. This hiding of the details is what makes the concept of an internet so
`powerful and useful.
`
`

`

`6=Introduction Chapter1
`
`Another wayto connect networks is with a bridge. These connect networks at the
`link layer, while routers connect networks at the network layer. Bridges makes multiple
`LANsappearto the upperlayers as a single LAN.
`TCP/IP internets tend to be built using routers instead of bridges, so we'll focus on
`routers. Chapter 12 of [Perlman 1992] compares routers and bridges.
`TCP/IP Layering
`There are more protocols in the TCP/IP protocol suite. Figure 1.4 shows some of the
`additional protocols that we talk aboutin this text,
`Pee nr Se SI a oCa “i
`|
`;
`\
`
`1
`!
`
`| application
`|
`User
`User
`User
`User
`
`
`:
`Process
`Process
`Process
`| Process
`PP
`
`
`
`|
`|
`
`SS Seiteena (Pee S|
`
`1.3.
`
`7 network
`
`Figure 1.4 Various Protocols at the different layers in the TCP/IPProtocolsuite.
`TCP and UDPare the two predominant transport layer protocols. Both use IP as
`the network layer.
`TCPprovidesa reliable transport layer, even though the serviceit uses (IP) is unreli-
`able. Chapters 17 through 22 provide a detailed look at the operation of TCP. We then
`look at some TCP applications: Telnet and Rlogin in Chapter 26, FTP in Chapter 27, and
`SMTP in Chapter 28. The applications are normally user processes.
`
`

`

`
`
`Internet Addresses 7
`
`a S
`
`ection 1.4a
`
`UDPsends andreceives datagrams for applications. A datagram is a unit of infor-
`mation (i.e., a certain number of bytes of information that is specified by the sender)
`that travels from the sender to the receiver. Unlike TCP, however, UDPis unreliable.
`There is no guarantee that the datagram ever gets to its final destination. Chapter 11
`looks at UDP, and then Chapter 14 (the Domain Name System), Chapter 15 (the Trivial
`File Transfer Protocol), and Chapter 16 (the Bootstrap Protocol) look at some applica-
`tions that use UDP. SNMP(the Simple Network Management Protocol) also uses UDP,
`but since it deals with many of the other protocols, we save a discussion of it until
`Chapter 25.
`IP is the main protocol at the networklayer. It is used by both TCP and UDP. Every
`piece of TCP and UDPdatathat gets transferred aroundan internet goes through the IP
`layer at both end systems and at every intermediate router. In Figure 1.4 we also show
`an application accessing IP directly. This is rare, but possible. (Some older routing pro-
`tocols were implemented this way. Also, it is possible to experiment with new transport
`layer protocols using this feature.) Chapter 3 looks at IP, but we save someofthe details
`for later chapters where their discussion makes more sense. Chapters 9 and 10 look at
`how IP performs routing.
`ICMPis an adjunct to IP. It is used by the IP layer to exchange error messages and
`other vital information with the IP layer in another host or router. Chapter 6 looks at
`ICMPin more detail. Although ICMPis used primarily byIP, it is possible for an appli-
`cation to also access it.
`Indeed we'll see that two popular diagnostic tools, Ping and
`Traceroute (Chapters 7 and 8), both use ICMP.
`It is used with multicasting:
`IGMPis the Internet Group Management Protocol.
`sending a UDP datagram to multiple hosts. We describe the general properties of
`broadcasting (sending a UDP datagram to every host on a specified network) and
`multicasting in Chapter 12, and then describe IGMPitself in Chapter 13.
`ARP (Address Resolution Protocol) and RARP (Reverse Address Resolution
`Protocol) are specialized protocols used only with certain types of network interfaces
`(such as Ethernet and token ring) to convert between the addresses used by the IP layer
`and the addresses used by the network interface. We examine these protocols in Chap-
`ters 4 and 5, respectively.
`
`1.4
`
`Internet Addresses
`
`Every interface on an internet must have a unique Internet address (also called an IP
`address). These addresses are 32-bit numbers. Instead of using a flat address space such
`as 1, 2,3, and so on, thereis a structure to Internet addresses. Figure 1.5 showsthefive
`different classes of Internet addresses.
`These 32-bit addresses are normally written as four decimal numbers, one for each
`byte of the address. This is called dotted-decimal notation. For example, the class B
`address of the author’s primary system is 140.252.13.33.
`The easiest way to differentiate between the different classes of addresses is to look
`at the first number of a dotted-decimal address. Figure 1.6 showsthe different classes,
`with the first numberin boldface.
`
`

`

`8
`
`Introduction
`
`Chapter 1
`
`cows [nets[pote
`
`Class B [2]0]netid hostid |
`
`
`7 bits
`
`24 bits
`
`14 bits
`
`16 bits
`
`Class C
`
`dil
`
`lo
`
`21 bits
`
`netid
`
`|
`
`8 bits
`
`hostid
`
`|
`
`
`
`Class D al|©|multicast group ID
`
`28 bits
`
`Class E
`
`0
`
`27bits
`
`{reserved for future use)
`
`Figure 1.5 Thefive different classes of Internet addresses.
`
`interface.
`
`
`
` 0.0.0.0 to 127.255.255.255
`
`
`128.0.0.0 to 191.255.255.255
`192.0.0.0 to 223.255.255.255
`224.0.0.0 to 239.255.255.255
`
`
`240.0.0.0 to 247.255.255.255
`Figure 1.6 Rangesfor differentclasses of IP addresses.
`It is worth reiterating that a multihomed hostwill have multiple IP addresses: one per
`Since every interface on an internet must have a unique IP address, there must be
`one central authority for allocating these addresses for networks connected to the
`worldwide Internet. That authority is the Internet Network Information Center, called the
`InterNIC. The InterNIC assigns only network IDs. The assignment of host IDsis up to
`the system administrator.
`Registration services for the Internet (IP addresses and DNS domain names) used to be han-
`dled by the NIC, atnic.ddn.mii. On April 1, 1993, the InterNIC was created. Now the NIC
`handles these requests only for the Deferise Data Network (DDN). All other Internet users now
`use the InterNIC tegistration services, at rs.internic. net,
`There are actually three parts to the InterNIC: registration services (rs -internic.net),
`directory
`and
`database
`services
`(ds.internic.net),
`and
`information
`services
`(is.internic. net). See Exercise 1.8 for additional information on the InterNIC.
`There are three types of IP addresses: unicast (destined for a single host), broadcast
`(destined forall hosts on a given network), and multicast (destined for a set of hosts that
`belong to a multicast group), Chapters 12 and 13 look at broadcasting and multicasting
`
`in moredetail.
`
`

`

`Section 1.6
`
`
`9
`Encapsulation
`
`
`In Section 3.4 we'll extend our description of IP addresses to include subnetting,
`after describing IP routing. Figure 3.9 showsthe special case IP addresses: host [Ds and
`networkIDsofall zero bits or all one bits.
`
`1.5
`
`The Domain Name System
`
`Although the network interfaces on a host, and therefore the hostitself, are known by IP
`addresses, humans work best using the name of a host. In the TCP/IP world the Domain
`Name System (DNS) is a distributed database that provides the mapping between IP
`addresses and hostnames. Chapter 14 looks into the DNSin detail.
`For now we must be aware that any application can call a standard library function
`to look up the IP address (or addresses) corresponding to a given hostname. Similarly a
`function is provided to do the reverse lookup—given an IP address, look up the corre-
`sponding hostname.
`Most applications that take a hostname as an argumentalso take an IP address.
`When we use the Telnet client in Chapter 4, for example, one time we specify a host-
`nameand anothertime we specify an IP address.
`
`1.6
`
`Encapsulation
`
`Whenan application sends data using TCP, the data is sent down the protocolstack,
`through each layer, until it is sent as a stream of bits across the network. Each layer
`adds information to the data by prepending headers (and sometimes adding trailer
`information) to the data that it receives. Figure 1.7 showsthis process. The unit of data
`that TCP sendsto IP is called a TCP segment. The unit of data that IP sends to the net-
`work interface is called an IP datagram. The stream of bits that flows across the Ethernet
`is called a frame.
`The numbers at the bottom of the headers andtrailer of the Ethernet frame in Fig-
`ure 1.7 are the typical sizes of the headers in bytes. We'll have more to say about each of
`these headersin later sections.
`A physical property of an Ethernet frameis that the size of its data must be between
`46 and 1500 bytes. We'll encounter this minimum in Section 4.5 and we cover the maxi-
`mum in Section 2.8.
`
`All the Internet standards and most books on TCP/IP use the term octet instead of byte. The
`use of this cute, but baroque term is historical, since much of the early work on TCP/IP was
`done on systems such as the DEC-10, which did not use 8-bit bytes, Since almost every current
`computer system uses 8-bit bytes, we'll use the term byte in this text.
`
`To be completely accurate in Figure 1.7 we should say that the unit of data passed between IP
`and the network interface is a packet. This packet can be either an IP datagram or a fragmentof
`an IP datagram, Wediscuss fragmentation in detail in Section 11.5
`Wecould draw a nearly identical picture for UDP data. The only changesare that
`the unit of information that UDP passes to IP is called a UDP datagram, and thesize of
`the UDP headeris 8 bytes.
`
`

`

`10
`
`Introduction
`
`Sa
`
`
`
`|
`Chapter ]
`
`user datai
`
`Appl
`header
`
`T
`
`
`
`user data
`
`—
`application data
`
`=
`
`=—
`
`
`
`[TCP
`header
`
`| —
`
`i
`header
`
`SG
`header
`
`application data
`ore
`.
`
`
`
`———— TCP segment ———sm,IP
`v
`
`t
`
`
`——§$§———____ jp datagram=—___ Ethernet
`'
`driver
`y
`Ethernet
`IP
`TCP
`saeieateadaia
`| Ethernet
`|
`| header
`header
`header
`“ppicarton
`cats
`Ethernet
`trailer
`[4
`20
`20
`4
`Se Ethernet frame SH
`aldto 1500 bytes a.
`
`Figure 1.7 Encapsulation of data asit goes downthe protocolstack.
`
`Recall from Figure 1.4 (p. 6) that TCP, UDP, ICMP, and IGMPall send data to IP. IP
`must add sometype of identifier to the IP headerthatit generates, to indicate the layer
`to which the data belongs. IP handlesthis bystoring an 8-bit value in its headercalled
`the protocol field. A walue of 1 is for ICMP, 2 is for IGMP, 6 indicates TCP. and 17is for
`UDP.
`Similarly, manydifferent applications can be using TCP or UDP at any one time.
`The transportlayer protocols store an identifier in the headers they generate to identify
`the application. Both TCP and UDP use 16-bit port numbers to identify applications.
`TCP and UDPstore the source port number and the destination port numberin their
`respective headers.
`The network interface sends and receives frames on behalf of IP, ARP, and RARP.
`There must be some form ofidentification in the Ethernet header indicating which net-
`worklayer protocol generated the data. To handle this there is a 16-bit frame typefield
`in the Ethernet header.
`
`

`

`
`
`DemultiplexingSection 1.7 11
`
`
`
`1.7
`
`Demultiplexing
`
`When an Ethernet frameis received at the destination hostit starts its way up the proto-
`col stack and all the headers are removed by the appropriate protocol box. Each proto-
`col box looks at certain identifiers in its header to determine which box in the next
`upper layer receives the data. This is called demultiplexing. Figure 1.8 shows how this
`takes place.
`
`
`
`
`
`...
`
`
`
`
`
`
`application :
`/
`demultiplexing based on
`» destination port number
`| in TCP or UDP header
`
`ff
`
`| demultiplexing based on
`| protocol value in IP header
`
`= |, demultiplexing based on
`
`
`
`application
`Japplication
`application)
`x
`ff
`¥
`\
`/
`\
`\
`\ 2
`
`TCP |
`
`f
`
`IGMP
`
`f
`
`IP
`
`|
`
`
`ICMP
`
`
` Ethernet
`
`driver
`
`
`J frame type in Ethernet header
`
`incoming frame
`
`Figure 1.8 The demultiplexing of a received Ethernet frame.
`
`In Fig-
`Positioning the protocol boxes labeled “ICMP” and “IGMP” is always a challenge.
`ure 1.4 we showed them at the same layeras IP, because they really are adjuncts to IP. But here
`we showthem aboveIP, to reiterate that ICMP messages and IGMP messages are encapsulated
`in IP datagrams.
`
`We have a similar problem with the boxes “ARP” and “RARP.” Here we show them abovethe
`Ethernet device driver because they both have their own Ethernet frame types, like IP data-
`grams, But in Figure 2.4 we'll show ARP as part of the Ethernet device driver, beneath IP,
`because that’s whereit logicallyfits,
`
`Realize that these pictures of layered protocol boxes are not perfect.
`When we describe TCP in detail we'll see that it really demultiplexes incoming seg-
`ments using the destination port number, the source IP address, and the source port
`number.
`
`

`

`EEEEEEEIIIE-CCS~SS
`12.
`Introduction
`Chapter 1
`
`
`
`1.8
`
`Client~Server Model
`
`vice forclients.
`
`Most networking applications are written assuming onesideis the client and the other
`the server. The purposeof the application is for the server to provide some defined ser-
`We can categorize servers into two classes: iterative or concurrent. An iterative
`server iterates through the following steps.
`1. Waitfor a client requestto arrive.
`I2.
`Process the client request.
`I3.
`Send the response back to the client that sent the request.
`I4. Go back to step I].
`The problem with aniterative server is when step [2 takes a while. During this time no
`otherclients are serviced.
`A concurrent server, on the other hand, performsthe following steps.
`Cl. Wait for a client requestto arrive,
`C2. Start a new serverto handle this client’s request. This mayinvolve creating a
`new process, task, or thread, dependin§ on whatthe underlying operating sys-
`tem supports. How this step is performed depends onthe operating system.
`This new server handles this client’s entire request. When complete, this new
`Server terminates.
`C3. Go back to step C1.
`The advantage of a concurrent serveris that the server just spawnsotherservers to han-
`dle the client requests. Each client has, in essence, its own server. Assuming the operat-
`ing systemallows multiprogramming, multiple clients are serviced concurrently,
`The reason we categorize servers, and not clients, is because a client normally can’t
`tell whetherit’s talking to aniterative server or a concurrent server.
`Asa general rule, TCP servers are concurrent, and UDP servers are iterative, but
`there are a few exceptions. We'll look in detail at the impact of UDPonits servers in
`Section 11.12, and the impact of TCP onits servers in Section 18.11,
`
`1.9
`
`Port Numbers
`Wesaid that TCP and UDP identify applications using 16-bit port numbers. How are
`these port numbers chosen?
`Servers are normally known by their well-known port number, For example, every
`TCP/IP implementation that provides an FTP server provides that service on TCP port
`
`

`

`Section 1.9
`
`
`
`Port Numbers 13
`
`21. Every Telnet server is on TCP port 23. Every implementation of TFTP (the Trivial
`File Transfer Protocol) is on UDP port 69. Those services that can be provided by any
`implementation of TCP/IP have well-known port numbers between 1 and 1023. The
`well-knownports are managed by the Internet Assigned Numbers Authority (LANA).
`
`Until 1992 the well-known ports were between 1 and 255, Ports between 256 and 1023 were
`normally used by Unix systems for Unix-specific services—that is, services found on a Unix
`system, but probably not found on other operating systems. The IANA now managesthe
`ports between 1 and 1023.
`An example of the difference between an Internet-wide service and a Unix-specific service is
`the difference between Telnet and Rlogin. Both allow us to login across a network to another
`host. Telnet is a TCP/IP standard with a well-known port number of 23 and can be imple-
`mented on almost any operating system, Rlogin, on the other hand, was originally designed
`for Unix systems (although many non-Unix systems now provide it also) so its well-known
`port was chosenin the early 1980s as 513.
`
`A client usually doesn’t care what port numberit uses on its end. All it needs to be
`certain of is that whatever port numberit uses be unique on its host. Client port num-
`bers are called ephemeral ports (i.e., short lived). This is because a client typically exists
`only as long as the user running the client needsits service, while servers typically run
`as long as the hostis up.
`Most TCP/IP implementations allocate ephemeral port numbers between 1024 and
`5000. The port numbers above 5000 are intended for other servers (those that aren’t
`well knownacross the Internet). We’ll see many examples of how ephemeral ports are
`allocated in the examples throughoutthetext.
`
`Solaris 2.2 is a notable exception. By default the ephemeral ports for TCP and UDPstart at
`32768. Section E.4 details the configuration options that can be modified by the system admin-
`istrator to change these defaults.
`
`The well-known port numbers are contained in the file /etc/services on most
`Unix systems. To find the port numbers for the Telnet server and the Domain Name
`System, we can execute
`
`sun % grep telnet /etc/services
`telnet
`23/tep
`
`sun | grep domain /etc/services
`domain
`53/udp
`domain
`53/tep
`
`says it uses TCP port 23
`
`says it uses UDP port 53
`aud TCP port 53
`
`Reserved Ports
`
`Unix systems have the concept of reserved ports. Only a process with superuser privi-
`leges can assignitself a reserved port.
`These port numbersare in the range of 1 to 1023, and are used by some applications
`(notably Rlogin, Section 26.2), as part of the authentication between the client and
`server.
`
`

`

`ee eee
`14~—sIntroduction Chapter 1
`
`
`tered
`
`1.10 Standardization Process
`
`Whocontrols the TCP/IP protocolsuite, approves new standards, and the like? There
`are four groupsresponsible for Internet technology.
`
`1. The Internet Society (ISOC) is a professional society to facilitate, support, and
`promote the evolution and growthofthe Internet as a global research communi-
`cations infrastructure.
`2. The Internet Architecture Board (LAB)is the technical oversight and coordination
`body.
`It is composed of about 15 international volunteers from various disci-
`plines and servesasthe final editorial and technical review board for the quality
`of Internet standards. The IAB falls under the ISOC.
`3. The Internet Engineering Task Force (IETF) is the near-term, standards-oriented
`group, divided into nine areas (applications, routing and addressing, security,
`etc.). The IETF develops the specifications that become Internet standards. An
`additional Internet Engineering Steering Group (IESG) was formed to help the
`
`IETFchair.
`4. The Internet Research Task Force (IRTF) pursues long-term research projects.
`Both the IRTF and the IETF fall under the IAB.
`[Crocker 1993] provides additional
`details on the standardization process within the Internet, as well as someofits early
`history.
`
`1.11 RFCs
`
`newer RFCs.
`
`All the official standards in the internet community are published as a Request for Com-
`ment, or RFC. Additionally there are lots of RFCs that are notofficial standards, but are
`published for informational purposes. The RFCs range in size from 1 page to almost
`200 pages. Eachis identified by a number, such as RFC 1122, with higher numbers for
`All the RFCs are available at no charge throughelectronic mail or using FTP across
`the Internet. Sending electronic mail as shown here:
`To:
`rfc-info@ISI.EDU
`Subject: getting rfes
`help: ways_to_get_rfcs
`returnsa detailedlisting of various ways to obtain the RFCs.
`The latest RFC indexis alwaysa starting point when looking for something. This
`index specifies when a certain RFC has been replaced by a newer RFC, and if a newer
`RFC updates someof the information in that RFC.
`. There are a few important RFCs.
`
`1. The Assigned Numbers RFC specities all the magic numbers and constants that
`are used in the Internet protocols. At the timeofthis writing the latest version
`
`

`

`Section 1.12
`
`
`
`Standard, Simple Services 15
`
`of this RFC is 1340 [Reynolds and Postel 1992]. All the Internet-wide well-
`knownports are listed here.
`Whenthis RFC is updated(it is normally updatedat least yearly) the indexlist-
`ing for 1340 will indicate which RFC hasreplacedit.
`9. The Internet Official Protocol Standards, currently RFC 1600 [Postel 1994]. This
`RFC specifies the state of standardization of the various Internet protocols. Each
`protocol hasoneof the following states of standardization: standard, draft stan-
`dard, proposed standard, experimental, informational, or historic. Additionally
`each protocol has a requirementlevel: required, recommended,elective, limited
`use, or not recommended.
`Like the Assigned Numbers RFC, this RFC is also reissued regularly. Be sure
`you're reading the current copy.
`3. The Host Requirements RFCs, 1122 and 1123 [Braden 1989a, 1989b]. RFC 1122
`handles the link layer, network layer, and transport layer, while RFC 1123 han-
`dles the application layer. These two RFCs make nume