BGP-4 also introduces mechanisms which allow aggregation of routes, including aggregation of AS paths. These changes provide support for the proposed supernetting scheme. Protocol Structure Marker 16 bytes Length 2 bytes Type 1 byte Marker -- Message containing a value predictable by the receiver of the message.
Length -- The length of the message including the header. Type -- The message type. The format of each type of messages could be found in the reference documents. EGP is commonly used between hosts on the Internet to exchange routing table information. The routing table contains a list of known routers, the addresses they can reach, and a cost metric associated with the path to each router so that the best available route is chosen. Each router polls its neighbor at intervals between to seconds and the neighbor responds by sending its complete routing table.
This version is version 2. ICMP messages, delivered in IP packets, are used for out-of-band messages related to network operation or mis-operation. When a router begins buffering too many packets, due to an inability to transmit them as fast as they are being received, it will generate ICMP Source Quench messages.
Directed at the sender, these messages should cause the rate of packet transmission to be slowed. Of course, generating too many Source Quench messages would cause even more network congestion, so they are used sparingly. ICMP supports an Echo function, which just sends a packet on a round--trip between two hosts. Ping, a common network management tool, is based on this feature. Ping will transmit a series of packets, measuring average round--trip times and computing loss percentages.
Maybe zero. ICMPv6 messages are grouped into two classes: error messages and informational messages. Thus, error messages have message Types from 0 to ; informational messages have message Types from to It is used to create an additional level of message granularity. IP has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through a network; and providing fragmentation and reassembly of datagrams to support data links with different maximum-transmission unit MTU sizes.
The IP addressing scheme is integral to the process of routing IP datagrams through an internetwork. These IP addresses can be subdivided and used to create addresses for subnetworks. When you send or receive data for example, an e-mail note or a Web page , the message gets divided into little chunks called packets.
Because a message is divided into a number of packets, each packet can, if necessary, be sent by a different route across the Internet. Packets can arrive in a different order than the order they were sent in. The Internet Protocol just delivers them. This document describes the IPv4 details. The IPv6 details are described in a separate document.
Points to the beginning of the data. Minimum value is 5 20bytes and maximum value is 15 60 bytes. The maximum length is 65, bytes. Typically, hosts are prepared to accept datagrams up to bytes.
This keeps packets from looping endlessly. It is a network-layer Layer 3 protocol that contains addressing information and some control information enabling packets to be routed in the network. Broadcast no longer exists in IPv6, which becomes a special form of multicast. IPv6 addresses are expressed in hexadecimal format base 16 , which allows not only numerals but a few characters as well a-f. IPv6 has enhanced network layer routing in two main areas: 1 Improved support for extensions and options; 2 Flow labeling capability to differenciate the packets at network layer.
Few in the industry would argue with the principle that IPv6 represents a major leap forward for the Internet and the users. However, given the magnitude of a migration that affects so many millions of network devices, it is clear that IPv4 and IPv6 will coexist for a long period of time.
Unicast Address is applied to one network interface. It is decremented by one by each node that forwards the packet. Source address — bit address of the originator of the packet. Destination address — bit address of the intended recipient of the packet possibly not the ultimate recipient, if a Routing header is present.
Multicast Address: applied for multiple network interfaces, and communication is conducted with all hosts with the same address. It has the same format as the Unicast. Hosts must discover routers before they can send IP datagrams outside their subnet. Each router periodically multicasts a router advertisement from each of its multicast interfaces, announcing the IP address of that interface.
Hosts listen for advertisements to discover the addresses of their neighboring routers. When a host attached to a multicast link starts up, it can send a multicast router solicitation to ask for immediate advertisements, rather than waiting for the next periodic ones to arrive; if and only if no advertisements are forthcoming, the host may retransmit the solicitation a small number of times, but then must desist from sending any more solicitations.
Any routers that subsequently start up, or that were not discovered because of packet loss or temporary link partitioning, are eventually discovered by reception of their periodic unsolicited advertisements. Links that suffer high packet loss rates or frequent partitioning are accommodated by increasing the rate of advertisements, rather than increasing the number of solicitations that hosts are permitted to send.
The ICMP router discovery messages do not constitute a routing protocol. They enable hosts to discover the existence of neighboring routers but do not determine which router is best to reach a particular destination. Num Addrs interface from which this message is sent. Num Addrs as a default router address, relative to other router addresses on the same subnet.
When the mobile moves to a new location, it must send its new address to an agent at home so that the agent can tunnel all communications to its new address timely. The association of a home address with a care-of address for a mobile node is known as a binding. A correspondent node does not have to be Mobile IPv6-capable.
Currently this value is 1. If an authoritative answer is desired, then code 2. The NHS selection procedure typically involves applying a destination protocol layer address to the protocol layer routing table which causes a routing decision to be returned.
Note that even though a protocol layer address was used to acquire a routing decision, NHRP packets are not encapsulated within a protocol layer header but rather are carried at the NBMA layer using the encapsulation described in its own header. OSPF uses link-state technology in which routers send each other information about the direct connections and links which they have to other routers. From this database, a routing table is calculated by constructing a shortest- path tree.
OSPF provides support for equal-cost multi-path. In addition, all OSPF routing protocol exchanges are authenticated. OSPF allows sets of networks to be grouped together.
Such a grouping is called an area. The topology of an area is hidden from the rest of the Autonomous System. Each route distributed by OSPF has a destination and mask. Two different subnets of the same IP network number may have different sizes i. This is commonly referred to as variable length subnetting. A packet is routed to the best i. This length includes the standard OSPF header. In OSPF, the source and destination of a routing protocol packet are the two ends of a potential adjacency.
All OSPF packets are associated with a single area. Most travel a single hop only. In a nationwide network such as the current Internet, there are many routing protocols used for the whole network. Each autonomous system will have its own routing technology, which may well be different for different autonomous systems. A separate protocol is used to interface among the autonomous systems.
Such protocols are now usually referred to as inter-AS routing protocols. RIP is designed to work with moderate-size networks using reasonably homogeneous technology. Thus it is suitable as an IGP for many campuses and for regional networks using serial lines whose speeds do not vary widely. It is not intended for use in more complex environments.
The current version is 2. This is used because RIP2 may carry routing information for several different protocols. If zero, then no subnet mask has been included for this entry. This metric is the sum of the costs associated with the networks that would be traversed in getting to the destination. In an international network, such as the Internet, there are many routing protocols used for the entire network.
The network will be organized as a collection of Autonomous Systems AS. RIPng is one of a class of algorithms known as Distance Vector algorithms. Protocol Structure Command 1 byte Version 1 byte 0 2 bytes Route table entry 1 20 bytes.. The current version is version 1. RSVP requests will generally result in resources being reserved in each node along the data path. RSVP requests resources in only one direction.
Therefore, RSVP treats a sender as logically distinct from a receiver, although the same application process may act as both a sender and a receiver at the same time. Like the implementations of routing and management protocols, an implementation of RSVP will typically execute in the background, not in the data forwarding path.
An RSVP process consults the local routing database s to obtain routes. In the multicast case, for example, a host sends IGMP messages to join a multicast group and then sends RSVP messages to reserve resources along the delivery path s of that group.
Routing protocols determine where packets get forwarded; RSVP is only concerned with the QoS of those packets that are forwarded in accordance with routing. The election process provides dynamic fail over in the forwarding responsibility should the Master become unavailable.
A virtual IP address is shared among the routers, with one designated as the master router and the others as backups. This backup becomes the master router. VRRP can also be used for load balancing. It is up to 8 characters of plain text. However, in BGMP, the root is an entire exchange or domain, rather than a single router. Each such domain then becomes the root of the shared domain-trees for all groups in its range. This eliminates the need to implement message fragmentation, retransmission, acknowledgement, and sequencing.
BGMP does not require periodic refresh of individual entries. KeepAlive messages are sent periodically to ensure the liveness of the connection. It allows one to locate in the transport-level stream the start of the next message.
DVMRP is not currently developed for use in routing non-multicast datagrams, so a router that routes both multicast and unicast datagrams must run two separate routing processes. In addition, to allow experiments to traverse networks that do not support multicasting, a mechanism called tunneling was developed.
The checksum must be calculated upon transmission and must be validated on reception of a packet. There are no leave messages. Routers use a time-out based mechanism to discover the groups that are of no interest to the members. In all other messages, it is set to 0 by the sender and ignored by the receiver. In a membership report of a leave group message, it holds the IP multicast group address of the group being reported or left. The MARS supports multicast through multicast messages of overlaid point-to-multipoint connections or through multicast servers.
Clusters of endpoints share a MARS and use it to track and disseminate information identifying the nodes listed as receivers for given multicast groups. Endpoint address resolution entities query the MARS when a layer 3 address needs to be resolved to the set of ATM endpoints making up the group at any one time.
Endpoints keep the MARS informed when they need to join or leave particular layer 3 groups. BGP carries two sets of routes, one set for unicast routing and one set for multicast routing.
The routes associated with multicast routing are used by the Protocol Independent Multicast PIM to build data distribution trees. Multiprotocol BGP allows a unicast routing topology different from a multicast routing topology. To enable BGP-4 to support routing for multiple Network Layer protocols, the only two things that have to be added to BGP-4 are: a the ability to associate a particular Network Layer protocol with the next hop information; and b the ability to associate a particular Network Layer protocol with NLRI.
Both of these attributes are optional and nontransitive. The value 0 may be used to indicate that no SNPAs are listed in this attribute. The tree state is cached, and trees must be recomputed when a link state change occurs or when the cache times out. By adding a new type of link state advertisement, the group-membership-LSA, the location of all multicast group members is pinpointed in the database.
All branches not containing multicast members are pruned from the tree. The results of the shortest path calculation are then cached for use by subsequent datagrams having the same source and destination. The presence of this new option is ignored by all non-multicast routers. When set, the router is an area border router. When set, the router is an AS boundary router.
When set, the router is an endpoint of an active virtual link which uses the described area as its Transit area. These routers receive all multicast datagrams, regardless of destination. Inter-area multicast forwarders and inter-AS multicast forwarders are sometimes wild-card multicast receivers.
A new link state advertisement, called the group-membershipLSA, has been added to pinpoint multicast group members in the link state database. Receiver only Domains: Domains with only receivers get data without globally advertising group membership. The peering relationship is made up of a TCP connection in which control information is exchanged.
Each domain has one or more connections to this virtual topology. The purpose of this topology is to allow domains to discover multicast sources from other domains. If the multicast sources are of interest to a domain which has receivers, the normal source-tree building mechanism in PIM-SM will be used to deliver multicast data over an inter-domain distribution tree.
Minimum length required is 4 octets, except for Keepalive messages. The maximum TLV length is The range of administratively-scoped addresses can be subdivided by administrators so that multiple levels of administrative boundaries can be simultaneously supported. Typically servers will cache the information learned from MZAP and can then provide this information to applications in a timely fashion upon request using other means, e. If 1, address allocators should not use the entire range, but should learn an appropriate subrange via another mechanism.
The count may be zero. For example, if the zone is a boundary for PGM has no notion of group membership. It simply provides reliable multicast data delivery within a transmit window advanced by a source according to a purely local strategy. PGM guarantees that a receiver in the group either receives all data packets from transmissions and repairs, or is able to detect unrecoverable data packet loss.
Rather, PGM is best suited to those applications in which members may join and leave at any time, and that are either insensitive to unrecoverable data packet loss or are prepared to resort to application recovery in the event.
T -- Packet is a parity packet for a transmission group of variable sized packets. P -- Packet is a parity packet. All PIM protocols share a common control message format. We focus on the Dense Mode in this document. ISPs typically appreciate the ability to use any underlying unicast routing protocol with PIM-DM because they need not introduce and manage a separate routing protocol just for RPF checks.
We focus on the Sparse Mode in this document. The protocol is not dependent on any particular unicast routing protocol, and is designed to support sparse groups. It uses the traditional IP multicast model of receiver-initiated membership, supports both shared and shortest-path trees, and uses soft-state mechanisms to adapt to changing network conditions.
Receivers signal to routers in order to join the multicast group that will receive the data. Source trees directly connect sources to receivers. There is a separate tree for every source. Source trees are considered shortest-path trees from the perspective of the unicast routing tables. PIM-SM can use either type of tree or both simultaneously. We focus on version 2, which is widely deployed. LSPs are virtual tunnels that are formed by a sequence of labels at each and every node along the path from the source to the destination.
With its powerful new features and abilities to interface with legacy technologies, MPLS has become a solution for the next generation backbone networks for multiple services such as data, voice and video over the same network.
In this section, we focus on the MPLS framework. When a labeled packet is received, the label value at the top of the stack is looked up and the system learns: a the next hop to which the packet is to be forwarded; b the operation to be performed on the label stack before forwarding; this operation may be to replace the top label stack entry with another, or to pop an entry off the label stack, or to replace the top label stack entry and then to push one or more additional entries on the label stack.
The common control plane promises to simplify network operation and management by automating end-to-end provisioning of connections, managing network resources, and providing the level of QoS that is expected in the new applications. In a single session, each peer is able to learn about the others label mappings, in other words, the protocol is bi-directional. It contains extensions for LDP to extend its capabilities such as setup paths beyond what is available for the routing protocol.
The LSR uses this protocol to establish label switched paths through a network by mapping network layer routing information directly to data-link layer switched paths.
The present number is 1. The lst 2 indicate a label space within the LSR. There are both mandatory and optional parameters. Some messages have no mandatory parameters, and some have no optional parameters.
It also supports smooth rerouting of LSPs, preemption, and loop detection. The ingress node of an LSP Label Switched Path uses a number of methods to determine which packets are assigned a particular label. In fact, the IPv4 v6 that appears in the object name only denotes that the destination address is an IPv4 v6 address. A tunnel ID is part of the Session object. For example, in IP Version 4, an address is 32 bits long. In an Ethernet local area network, however, addresses for attached devices are 48 bits long.
ARP provides the rules for making this correlation and providing address conversion in both directions. Details of RARP are presented in a separate document. IPCP packets received before this phase is reached should be silently discarded. Each end of the link must separately request this option if bidirectional compression is desired. IPv6CP packets received before this phase is reached should be silently discarded. Assuming that an entry has been set up in the router table, the RARP server will return the IP address to the machine, which can store it for future use.
SLIP is commonly used on dedicated serial links and sometimes for dialup purposes, and is usually used with line speeds between bps and To send a packet, a SLIP host simply starts sending the data in the packet. If a data byte is the same code as the END character, a two byte sequence of ESC and octal decimal is sent instead.
When the last byte in the packet has been sent, an END character is then transmitted. This compression improves throughput for interactive sessions noticeably. To address these issues, various network and information security technologies have been developed by various organizations and technology vendors. Here is a summary of the technologies: AAA: Authorization, Authentication and Accounting is a technology for intelligently controlling access to network resources, enforcing policies, auditing usage, and providing the information necessary to bill for services.
Authentication provides a way of identifying a user, typically by having the user enter a valid user name and valid password before access is granted. The authorization process determines whether the user has the authority to access certain information or some network sub-domains.
A dedicated AAA server or a program that performs these functions often provides authentication, authorization, and accounting services. VPN: Virtual Private Network is a technology allowing private communications by business and individuals, such as remote access to a corporate network or using a public telecommunication infrastructure, such as the Internet. Various network-tunneling technologies such as L2TP have been developed to reach this goal. Using encryption technologies such as IPsec could further enhance information privacy over network and virtual private networks.
If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded. Kerberos performs authentication under these conditions as a trusted third-party authentication service by using conventional cryptography, i.
The session key now shared by the client and server is used to authenticate the client, and may optionally be used to authenticate the server. It may also be used to encrypt further communication between the two parties or to exchange a separate sub-session key to be used to encrypt further communication.
The authentication exchanges mentioned above require readonly access to the Kerberos database. The administration protocol is not described in this document. There is also a protocol for maintaining multiple copies of the Kerberos database, but this can be considered an implementation detail and may vary to support different database technologies.
The client is responsible for passing user information to designated RADIUS servers, and then acting on the response which is returned. Extensible Protocol: All transactions are comprised of variable length Attribute-Length-Value 3-tuples. New attribute values can be added without disturbing existing implementations of the protocol. It may optionally also provide compression. SSH-Trans provides strong encryption, cryptographic host authentication, and integrity protection.
Authentication in this protocol level is host-based; this protocol does not perform user authentication. A higher level protocol for user authentication can be designed on top of this protocol. It runs over the user authentication protocol. The client sends a service request once a secure transport layer connection has been established. A second service request is sent after user authentication is complete. The connection protocol provides channels that can be used for a wide range of purposes.
For details of the message formats, please refer to the Reference documents listed below. Layer Two Forwarding protocol L2F permits the tunneling of the link layer i. Using such tunnels, it is possible to divorce the location of the initial dial-up server from the location at which the dial-up protocol connection is terminated and access to the network provided. This is part of the authentication process.
With L2TP, a user has an L2 connection to an access concentrator e. This allows the actual processing of PPP packets to be divorced from the termination of the L2 circuit.
Because L2TP makes a PPP session appear at a location other than the physical point at which the session was physically received, it can be used to make all channels appear at a single NAS, allowing for a multilink operation even when the physical calls are spread across distinct physical NASs.
L2TP utilizes two types of messages, control messages and data messages. Control messages are used in the establishment, maintenance and clearing of tunnels and calls. Data messages are used to encapsulate PPP frames being carried through the tunnel.
Data messages are not retransmitted when packet loss occurs. It is set to 0 for data messages and 1 for control messages. Must be set for control messages. All reserved bits are set to 0 on outgoing messages and are ignored on incoming messages. S must be set for control messages. This bit is set to 0 for control messages. This indicates a version 1 L2TP message. No other systems need to be aware of PPTP. Its basic purpose is to allow the receiver to ensure that it is properly synchronized with the TCP data stream.
Service differentiation is desired to accommodate heterogeneous application requirements and user expectations, and to permit differentiated pricing of Internet service. Within the core of the network, packets are forwarded according to the per-hop behavior associated with the DS codepoint. In the most general case, a system has a packet, namely a payload, which needs to be encapsulated and delivered to some destination.
The resulting GRE packet can then be encapsulated in some other protocol and then forwarded. This outer protocol is called the delivery protocol. Care should be taken when forwarding such a packet, since if the destination address of the payload packet is the encapsulator of the packet i. In this case, the packet MUST be discarded. Because these services are provided at the IP layer, they can be used by any higher layer protocol, e.
These mechanisms also are designed to be algorithm-independent. This modularity permits selection of different sets of algorithms without affecting the other parts of the implementation. For example, different user communities may select different sets of algorithms creating cliques if required. Protocol Structure IPsec Architecture includes many protocols and algorithms. This protection service against replay is an optional service to be selected by the receiver when a Security Association is established.
AH provides authentication for as much of the IP header as possible, as well as for upper level protocol data. Thus the protection provided to the IP header by AH is only partial in some cases. Security services can be provided between a pair of communicating hosts, between a pair of communicating security gateways, or between a security gateway and a host. The primary difference between the authentications provided by ESP and by AH is the extent of the coverage.
For more details on how to use AH and ESP in various network environments, see the reference documents. The ESP header is inserted after the IP header and before the upper layer protocol header transport mode or before an encapsulated IP header tunnel mode.
ESP consists of an unencrypted header followed by encrypted data. The set of services provided depends on options selected at the time of Security Association establishment and on the placement of the implementation.
The anti-replay service may be selected only if data origin authentication is selected, and its election is solely at the discretion of the receiver. IKE processes can be used for negotiating virtual private networks VPNs and also for providing a remote user from a remote site whose IP address need not be known beforehand access to a secure host or network.
Client negotiation is supported. Client mode is where the negotiating parties are not the endpoints for which security association negotiation is taking place. When used in client mode, the identities of the end parties remain hidden.
For more details, see the reference documents. These formats provide a consistent framework for transferring key and authentication data independent of the key generation technique, encryption algorithm and authentication mechanism.
ISAKMP is distinct from key exchange protocols in order to clearly separate the details of security association management and key management from the details of key exchange. There may be many different key exchange protocols, each with different security properties. However, a common framework is required for agreeing to the format of SA attributes, and for negotiating, modifying, and deleting SAs.
Separating the functionality into three parts adds complexity to the security analysis of a complete ISAKMP implementation.
However, the separation is critical for interoperability between systems with differing security requirements, and should also simplify the analysis of further evolution of an ISAKMP server. By centralizing the management of the security associations, ISAKMP reduces the amount of duplicated functionality within each security protocol.
The keys for this symmetric encryption are generated uniquely for each connection and are based on a secret negotiated by another protocol such as the TLS Handshake Protocol. The Record Protocol can also be used without encryption. The Record Protocol can operate without a MAC, but is generally only used in this mode while another protocol is using the Record Protocol as a transport for negotiating security parameters.
This authentication can be made optional, but is generally required for at least one of the peers. One advantage of TLS is that it is application protocol independent. Because SSL is a transportlayer service, an SSL VPN has the advantage of being able to apply this access control at transport- and application-layers, providing greater granularity of control.
We only summarize the protocols here without details, which can be found in the reference documents. TLS Record Protocol is a layered protocol. The Record Protocol takes messages to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, and transmits the result.
TLS Record Layer receives uninterrupted data from higher layers in non-empty blocks of arbitrary size. Key calculation: The Record Protocol requires an algorithm to generate keys, IVs, and MAC secrets from the security parameters provided by the handshake protocol. TLS Handshake Protocol: consists of a suite of three sub-protocols which are used to allow peers to agree upon security parameters for the record layer, authenticate themselves, instantiate negotiated security parameters, and report error conditions to each other.
It also adapts the addressing scheme to encompass domainname and IPv6 addresses. VOIP signaling protocols are used to set up and tear down calls, carry information required to locate users and negotiate capabilities. There are a few VOIP protocol stacks which are derived by various standard bodies and vendors, namely H. The standard encompasses both point to point communications and multipoint conferences. Terminals, gateways and MCUs are known as endpoints.
SIP is an application layer control protocol for creating, modifying and terminating sessions with one or more participants. Requests are generated by the client and sent to the server.
The server processes the requests and then sends a response to the client. A request and the responses for that request make a transaction. In the MGCP architecture, the call control intelligence is located outside the gateways and is handled by the call control elements the Call Agent.
Also, the call control elements Call Agents will synchronize with each other to send coherent commands to the gateways under their control. For voice communications over IP to become acceptable to users, the packet delay and getter needs to be less than a threshold value. Gateway technologies are being developed to bridge the two networks. Many network management and user management technologies and products are being developed to address the issue. In addition to voice applications, H.
The components under H. Terminal represents the end device of every connection. It provides real time two way communications with another H. This communication consists of speech, speech and data, speech, and video, or a combination of speech, data and video.
Gateways establish the connection between the terminals in the H. Gatekeepers are responsible for translating between telephone number and IP addresses. They also manage the bandwidth and provide a mechanism for terminal registration and authentication.
Gatekeepers also provide services such as call transfer, call forwarding etc. MCUs take care of establishing multipoint conferences. Protocol Structure The protocols in the H. The top layers T. Details of each protocols will be discussed in separate documents. This is achieved by exchanging H.
The callsignaling channel is opened between two H. The ITU H. This port initiates the Q. When a gateway is present in the network zone, H. The gatekeeper decides the method chosen during the RAS admission message exchange. If no gatekeeper is present, H. An invaluable timesaver for programmers and communication engineers, the book minimizes search time by indicating the precise RFC numbers for given specifications.
With numerous illustrations ideal. It includes specifications for all current official DARPA Internet protocols plus auxiliary inforamtion needed to implement the protocols. The review process for acceptance of a new protocol for use by the DARPA Internet research community is described, as.
A relative newcomer to the field of wireless communications, ad hoc networking is growing quickly, both in its importance and its applications. With rapid advances in hardware, software, and protocols, ad hoc networks are now coming of age, and the time has come to bring together into one reference their. This Handbook offers an unparalleled view of wireless personal area networking technologies and their associated protocols. It lifts the lid on their growing adoption within the consumer electronics, home automation, sports, health and well-being markets.
Network Protocol Handbook. Network Protocol Handbook by Matthew G. Video Audio icon An illustration of an audio speaker.
Audio Software icon An illustration of a 3. Software Images icon An illustration of two photographs. Images Donate icon An illustration of a heart shape Donate Ellipses icon An illustration of text ellipses. Network protocol handbook Item Preview. EMBED for wordpress. Want more? Advanced embedding details, examples, and help! Includes bibliographical references pages and index Ch.
0コメント