Basic Networking

Basic Networking Concepts

=Vocabulary=

A network may be thought of as a collection of nodes and links between those nodes. Technically a network requires 3 or more nodes; a link between 2 nodes is just called a link, and a link between fewer than 2 nodes is nonsensical.

Nodes
A node is any endpoint of a link. It can be a computer, a switch, a hub, or any other device which can be attached to a link.

Links
A link is any connection between nodes. It can be a wire, a radio transmission, a laser beam, or something else which transmits signals between nodes. Nodes on a link have link-layer addresses that identify them to one another. A link may have 2 or more endpoints.

Duplex
A link that can both transmit and receive is a duplex link. If it can transmit and receive at the same time then it's a full-duplex link. If it can either transmit or receive (but not both) at a given time, it is a half-duplex link.

Hosts
Some nodes are called hosts. A host is a computer with a name. This name is the computers hostname. The hostname is the name by which the computer is meant to be identified on the network. It does not always work that way, but that's what it's for.

Routes
With only two nodes, there can be only one link. If there is only one link, then it's obvious how to send data between the nodes. If Host A and Host B are endpoints of Link 1, then Host A is a neighbor to Host B. As soon as there are more than 2 nodes, then there must be 2 or more links- depending on the network's topology. Neighbors can "see" each other over their link. When there are multiple links, it is no longer obvious how to send data between nodes. If Host C is on the other end of Link 2 from Host B, then B and C are neighbors but A and C are not. Thus A cannot send any data to C unless B co-operates. The way B abets A in sending data to C is called routing. A has a piece of information called a route that tells it that if it wants to send data to C, it should send it to B. These routes are typically maintained in a routing table. A gateway is a special route that has information about other networks or subnets.

Subnets
Some networking protocols (notably IP) have the ability to define subnets. A subnet is a logical network defined within a larger network.

For example, 10.0.1.0/24 can be a subnet of 10.0.0.0/16

IP
The Internetworking Protocol. There are two main versions: IPv4 and IPv6. IP sends information in packets. IP identifies nodes with unique IP addresses. IP addresses have two parts: a "host part" and a "network part". The parts are distinguished by a netmask. For example: IP address 10.0.0.1 with netmask 255.255.255.0 gives host number 0.0.0.1 on network number 10.0.0.0 This is also expressed as 10.0.0.1/24

IPv4
IPv4 is the protocol version used by most of the Internet and nearly all SOHO (Small Office or HOme) networking equipment. IPv4 uses 32-bit IP addresses. It uses ARP to resolve link-layer addresses to network addresses. The 32-bit address size means IPv4 can have just over 4 billion unique addresses. This is called its address space. The IPv4 address space is nearly exhausted, meaning that almost all the addresses are already in use.

ARP
Address Resolution Protocol. Used in IPv4 to map IP addresses to link-layer addresses. ARP information is stored in an ARP table or ARP cache.

IPv6
IPv6 is the "new" (since 1996) version of IP. It uses 128-bit addresses, for something over 11 decillion (but who's counting?) unique addresses. It does not use ARP. IPv6 instead uses a special address scope called link-local address for mapping link-layer addresses to network addresses.

Address scope
IPv6 addresses are different from IPv4 addresses in that they have "scope". Scope means that some IPv6 address ranges can be routed only in certain ways. Scopes include link-local, site-local, and global. Global addresses are globally routable (reachable from anywhere); site-local addresses are routable only from within the same network; link-local addresses are not routable.

TCP
Transmission Control Protocol. TCP sends information over a network (usually over IP) in segments, after first establishing a connection via a handshake (technically a three-way handshake). Thus TCP is called a connection-oriented protocol. TCP ensures reliable transmission of information- the receiver acknowledges each segment as it's received. Thus TCP is called a reliable protocol. The number of bytes that TCP can send in a segment is called the window size. The window size changes according to various factors via scaling.

UDP
User Datagram Protocol. A connectionless, unreliable protocol used instead of TCP when data need not be verified in transit but needs to travel fast. UDP is used in situations which are sensitive to latency, as in interactive media or networked games.

Latency
Latency is the delay between the time a packet is sent and the time it is received. Latency is often measured using the ping tool. It is one way of measuring the speed of a network connection.

Bandwidth
Bandwidth is the difference between the lowest frequency and highest frequency signals a physical layer can support. It also refers to the amount of data a link can transport in a given time, usually measured in some multiple of bits per second.

ICMP
Internet Control Message Protocol. ICMP messages are used to set up, control and get information about network connections. The ping tool works by sending an ICMP Echo Request message and timing the delay before the corresponding Echo Reply message is received. IPv6 uses ICMP for stateless autoconfiguration, neighbor discovery, and router discovery among other things.

=OSI and TCP/IP Models=

Networking takes place in a "stack" of semi-independent 'layers'. Data links work basically the same regardless of the physical medium used; similarly, networks don't care about the nature of the data links that make them up- otherwise internetworking across different link types wouldn't be possible.

There are two main "models" of network layering. They are the OSI model (7 layers, yumm) and the TCP/IP model (4 layers- simpler but just as tasty). The TCP/IP model is a simplified version of the OSI model which is specifically relevant to TCP/IP networks; the OSI model is more general, though pure implementations of layers 5 and 6 are rarely seen in the wild. Both models are theoretical and don't necessarily map to real layers of real networks, but they are helpful tools for understanding and for diagnosis.

Layer 1: Physical
The physical layer refers to the physical means of signaling, whether wire, radio, laser, microwaves, cans-n-string, or what have you.

Layer 1 components include cables, transmitters, hubs, bridges, repeaters, antennae, splitters, splices, punch-downs, modems and other fun things.

- Repeaters

- Hubs

Layer 2: Data Link
The data link layer is the layer responsible for signaling between neighboring nodes.

MAC addresses
LLC and MAC sublayers, ethernet frame structure, header and footer fields, frame check sequence.

- Bridge

- Switch

Layer 3: IP
The network layer is responsible for routing information among nodes that need not share a link. The IP network layer can also route information among nodes on different networks.

IPv4 - IP address structure, classless vs. classful

IPv6

IPv4 Subnetting

Routing basics

Related services/protocols: DHCP, DNS, ARP, ICMP

Layer 4: Transport
TCP vs. UDP

Ports, sockets

NAT and port forwarding

Common port numbers for protocols

Physical
Same as in TCP/IP model.

Link
Same as in TCP/IP model.

Network
Same as in TCP/IP model, except embracing network protocols other than IP.

Transport
Same as in TCP/IP model, except embracing transport protocols other than UDP or TCP.

Application
Common protocols, FTP, HTTP, SSH, HTTPS, POP3, SMTP, IMAP4, etc.

=Protocols= Protocols are sets of rules that devices use to communicate with each other for different purposes. They can function at one or several layers of the OSI model, and can call on other protocols to perform services. For example, HTTP is an application layer protocol that defines how web browsers and web servers communicate, and it also uses TCP protocol at the transport layer to provide a reliable transfer of data. TCP/IP refers to a suite of protocols that most networked devices commonly use for communication between LANs.

=Data Encapsulation= The protocols used to move data from one host to another on a LAN, between LANs, and finally to a particular program on the machine on the recieving end all use layers of encapsulation. We'll start with the way data is encapsulated on a LAN. A network card takes the data it is given by the operating system, and adds a header with address information for another device on the LAN. The data, and the header that was added are together called a frame. A frame is the protocol data unit (PDU) used by ethernet. Next, within that frame is another PDU called an IP packet with its own header, and more data inside that. When that frame reaches a router, the router strips off the ethernet header, and looks at the IP header. It then chooses an interface to forward the IP packet out of based on the information in its routing table. If the other interface is an ethernet jack leading to a different LAN, it will encapsulate the packet again into a new frame with a new header.