-------------------------
Week 05 Notes for CST8165
-------------------------
-Ian! D. Allen - idallen@idallen.ca - www.idallen.com

Remember - knowing how to find out an answer is more important than
memorizing the answer.  Learn to fish!  RTFM!  (Read The Fine Manual)

Interim submission for Lab 3 required on October 2 - see Lab #3.

Your first midterm test is this in class week (Week 05).

Review:
 - you know how EOF works from the keyboard
 - you know that network sockets may not write all the data
 - your error messages have four qualities (from programming_style.txt)
 - you write good comments (from programming_style.txt)
 - you know what goes in a header .h file
 - you know the list of functions that are prohibited in this course

References to Notes files (required reading):
-------------------------

    programming_style.txt
    deep_indentation.txt 
    buffer_overflows.txt
    header_files.txt
    makefiles.txt
    screendumps.txt
    Optional (but useful): myerror.c.txt

TCP/IP References
-----------------

    http://www.tcpipguide.com/

Encapsulation - Protocol Layering
---------------------------------

http://www.tcpipguide.com/free/t_IPDatagramEncapsulation.htm
- encapsulation as data moves down the stack, de-encapsulation moving up
- large packets may be "fragmented" by lower layers

Review the OSI network stack and Internet network stack:

  http://en.wikipedia.org/wiki/Internet_protocol_suite
  http://en.wikipedia.org/wiki/TCP/IP_model

  OSI Seven Layers
   - OSI divides into seven layers with standard names

  TCP/IP Model has Four or Five Layers
   - the Internet grew up with four layers:
   1. Process / Application Layer
      e.g. DHCP, DNS, FTP, HTTP, IMAP, IRC, NNTP, POP, SIP, SMTP, etc.
   2. Host-to-Host (Transport) Layer
      e.g. TCP, UCP, ICMP, IGMP, etc.
   3. Internet / Internetworking / IP Layer
      e.g. IPV4, IPV6, IPsec, ARP, RAPR, OSPF, BGP, etc.
   4. Network Access Layer
      e.g. 802.11, Wi-Fi, Ethernet, Token Ring, PPP, PPTP, ISDN, etc.
   - the bottom layer is now often split in two:
     4A) Network Access Layer / Data Link Layer
     4B) Physical Layer (optical fiber, coax, twisted-pair, etc.)

   "The original TCP/IP reference model consists of 4 layers, but is now
    viewed by some as a 5-layer model, even though no IETF standards-track
    document has accepted a five-layer model, and IETF documents indeed
    deprecate strict layering of all sorts. Given the lack of acceptance of
    the five-layer model by the body with technical responsibility for the
    protocol suite, it is not unreasonable to regard five-layer presentations
    as teaching aids, possibly to make the IP suite architecture more familiar
    to those students who were first exposed to OSI layering."
    -- http://en.wikipedia.org/wiki/TCP/IP_model

  "No document officially specifies the model; different names are given
   to the layers by different documents, and different numbers of layers
   are shown by different documents. There are versions of this model
   with four layers and with five layers."

  "In modern text books, the model has evolved into a five-layer
   version that splits Layer 1 into a Physical layer and a Network
   Access layer, corresponding to the physical layer and data link
   layer of the OSI model. The Internet or Internetworking layer is
   named Network layer."

   "An updated IETF architectural document [1] even contains a section
    entitled: "Layering Considered Harmful". Emphasizing layering as the
    key driver of architecture is not a feature of the TCP/IP model, but
    rather of OSI. Much confusion comes from attempts to force OSI-like
    layering onto an architecture that minimizes their use."
    -- http://en.wikipedia.org/wiki/TCP/IP_model

Comparison of OSI and TCP/IP:

  http://www.tcpipguide.com/free/t_TCPIPArchitectureandtheTCPIPModel-2.htm

  - be aware of the confusion between what TCP/IP names the layers and what
    the OSI model names the layers!

Q: Give examples of programs/protocols/methods at each layer:
    see Figure 1 in http://tools.ietf.org/html/rfc791
    see sidebar in http://en.wikipedia.org/wiki/TCP/IP_model

Q: With respect to the original four-layer Internet protocol stack, what
   is the difference between an IP router and an Ethernet switch or hub?

Q: Show how data from an application (e.g. TFTP) is
   encapsulated/de-encapsulated as it moves down the four-layer TCP/IP
   stack, gets shipped over an Ethernet, passes through a switch, passes
   through an IP router, and is finally delivered to another application.
  - See Figure 2 in http://tools.ietf.org/html/rfc791
  - See http://en.wikipedia.org/wiki/Image:UDP_encapsulation.svg
  - See http://en.wikipedia.org/wiki/Image:IP_stack_connections.png
  - See http://www.tcpipguide.com/free/t_IPDatagramEncapsulation.htm

Encapsulation: Your application data is passed to the computer's
TCP/IP stack, which wraps a TCP header around it (containing port
information), then an IP header around that (containing information such
as source/destination address).  That wrapped packet is passed down to
the network hardware, which wraps your packet with hardware framing bits
that will get it out your network card, onto the network, and into the
next network card.

Your Ethernet card has a unique MAC address that is used at the Ethernet
level to pass packets around.

Also: "2.2. Low level Nonsense and Network Theory" in
  http://beej.us/guide/bgnet/output/html/singlepage/bgnet.html#lowlevel

This "packetization" of your data across the Internet may be visible
to your application.  Low-level IP packets may be dropped, fragmented,
arrive late, or arrive out-of-sequence (and no amount of money can change
that on the public Internet, at least until the big telcos get their way).

Q: T/F IP packets arrive in the order in which they are sent.

Q: T/F IP packets are reliable.

-----------------------------------------------------------------------------

Dotted Quad (Dotted Decimal) structure (Review)
--------------------------------------

IP addresses are part network number and part host number depending on
how you divide up the 32 bits, e.g. address 1.2.3.4 might be host number
4 on network 1.2.3 (a /24 network), or it might be host 3.4 on network
1.2 (a /16 network), or host 2.3.4 on network 1 (a /8 network).

The division of bits doesn't have to be on an 8-bit (one-byte)
boundary, so you will find nets given as 1.2.3.0/25

Some nice properties apply to a "network" of hosts, including limiting
of traffic and being able to direct traffic to a large number of hosts
by using just the network number:

    http://www.ralphb.net/IPSubnet/ipaddr.html
    http://www.networkcomputing.com/netdesign/1122ipr-full.html

Q: Why not just put all the machines on the same network?

In traditional routing, sub-networks and hosts are not allowed to use
numbers that are either all-zeroes or all-ones.  All-ones addresses
are interpreted as broadcast addresses for their networks - packets
sent to these addresses are processed by every node on the network.
(All-zeroes used to be broadcast addresses 20 years ago.)

Q: What happens if you send an ICMP echo "ping" to a network broadcast
   address?

Q: Suppose you forged your IP source address and then sent a ping to a
   network broadcast address with a large number of hosts on it?
   http://www.webopedia.com/TERM/S/smurf.html

-----------------------------------------------------------------------------

IP Routing (Review)
----------

When an application's machine wants to send a packet on the network,
the low-level network hardware (which knows nothing about IP addresses)
needs to know "the next stop" hardware network interface for the packet.

Either the packet is destined directly for a host on one of the attached
networks (often a machine is on only one single network); or, the packet
has to be sent off to the network card of a "gateway" machine on the
local network, and the gateway machine will know where to forward it
(to another hardware network card on another network, and so on...).

http://tools.ietf.org/html/rfc950
 - Internet Standard Subnetting Procedure (August 1985)
 - introduced subnetting to the Internet
 - setion 2.2 shows code fragment used in IP routing and subnet routing
 - note that the IP address and IP mask are unique to each network interface

Either way, your system has to send the IP packet, encapsulated for
the local network hardware (e.g. Ethernet).  That encapsulation - the
finding out of the network card MAC (Media Access Control) address -
is often assisted by a low-level networking protcol such as ARP (Address
Resolution Protocol).  http://en.wikipedia.org/wiki/MAC_address
http://www.dcs.gla.ac.uk/~lewis/networkpages/m05s05IPForwarding.htm

Q: What Linux command shows you your interfaces and their IP addresses
   and network masks?  A: ifconfig (may be under /sbin or /usr/sbin)

Q; What Linux command shows you your main IP routing tables?
   A (old): route
   A (new): ip route  (or: ip route list table main)

Q: How does my computer know if an IP address is on the local network?

Q: How does my machine know what to do with an IP packet if the packet
   IP address isn't on the local network?

Q: Does my computer have routing tables for the Internet?  Does my
   machine know how a packet will travel to Google.ca ?

(...continued...)