In-depth study of "TCP/IP details volume 1" Article 2-network layer (I)

One day, when I was restricted by many secular rules and could not do what many normal people could do, I suddenly felt: people should not have come to this world! Since we fell into the ground, we have been destined to suffer a lot in our life... There is always no proper balance between breaking rules and conforming rules. I will still choose to stick to the rules when I think that fox, the female killer in the movie "Assassin's League" (also known as the wanted order), will eventually end the life of all the assassin's (include herself. Maybe we can find this balance when we're lucky! But it depends on the days when my heart is so good that I am lucky. However, I still have a lot to do. continue! The IP, ARP, and RARP protocols are written in three chapters. However, as for my own notes-taking blog posts, there is no need to take a closer look at each point. However, I try to explain all the knowledge points in the shortest possible terms. I will cover all these three protocols in this blog, because they belong to the same network layer protocol in TCP/IP.
As mentioned in volume 1, the IP protocol is the most core protocol of TCP/IP, because all TCP, UDP, ICMP, and IGMP protocols transmit data using IP datagram. IP is often called an unreliable, connectionless protocol. I have been confused about the terms "unreliable" and "connectionless" for a long time, because, literally, "unreliable" means that the IP protocol often Transmits some wrong messages, no connection seems to mean that IP transmission can be completed without network connection. This misunderstanding is a mess. In fact, I am even more confused about why I should translate the original English unreliable and connectionless terms into unreliable and connectionless terms that are easy to understand. In fact, it may be better to translate it into "cannot guarantee successful communication" and "cannot guarantee the continuity of data transmission. It is hard to doubt that the first translator was translated for translation purposes. Because these two words are constantly explained by teachers in many Chinese university classrooms to prevent ambiguity. At this point, we should also explain the intention of these two words: unreliable means that the IP protocol transmission does not guarantee that every datagram can be transmitted to the destination; no connection means that IP protocol transmission does not guarantee the continuity of data transmission, that is, it is very likely that the first transmission will reach this scenario.
The IP address and MAC address IP address are also logical addresses, because they appear only to encapsulate the complexity of the underlying physical address. The physical address of each host is actually fixed in the ROM of the hardware Nic. Because physical addresses are often used as the destination address and source address for data transmission in data frames (also called MAC frames) at the link layer, physical addresses are also called MAC addresses.
The IP Address Resolution Protocol (ARP) is always used in protocol stacks at and above the network layer. Data Transmission still relies on physical addresses to identify specific locations, this creates a ing between physical addresses and IP addresses on each host. For a host, it is easier to obtain its own IP address and MAC address, but how to map the IP address to the MAC address of other hosts managed in the LAN becomes a tricky problem. In fact, each host has its own ARP high-speed cache, which stores the ing between IP addresses and MAC addresses of other hosts in the connected LAN. When an IP datagram is sent from the link layer to another host:
1. check whether the MAC address corresponding to this IP address exists in the ARP cache. If yes, it is sent. If no, It is 2: 2. the ARP process sends an ARP request Group in the form of a broadcast on the local LAN. The content of the group is as follows );
 
3. the ARP process of other hosts in the LAN will receive this request, and then check whether the IP address in this request is its own IP address. If yes, save the IP address and MAC address in the request to your ARP cache for later use, and send your address information back. If not, no response is returned. In this way, the hardware address of the IP datagram to be sent is obtained and the content is normally sent. It can be seen that the ARP request group is sent in the form of broadcast and responds in the form of unicast. All these processes are generally performed automatically by the hardware address resolution (NIC or vro), and the user process does not know these processes. The retention period of each MAC ing address is generally set to 10-20 minutes, that is, the ing is not used when the time interval is exceeded, and the ARP process automatically deletes the ing. The following is the ARP cache information on my computer:
 
The reverse address parsing protocol RARPRARP is usually written in Chinese textbooks. It is written in many languages. In the past, its layer played a very important role, but now basically no one will use this Protocol independently. Its principle is similar to ARP, but it only requires special data frames for encapsulation and response. Some earlier diskless systems used this Protocol to obtain their own IP addresses. The current DHCP protocol (application layer protocol) includes this protocol. IP datagram header the IP datagram header is generally 20 bytes. The approximate information is as follows (Figure 1 ):
 
Each field information is as follows: 4-bit version: used to identify the IP protocol version. Only versions can communicate with each other. Generally, the four-bit Header Length indicates the length of the IP datagram header, the maximum value is 15, and the header length is 15 32-bit characters long (60 bytes). The total length of 16 bits: the total length of IP datagram. Theoretically, the maximum length is 65535, in fact, there are few more than 1500 bytes. 16-bit identifier: the implementation of the IP protocol maintains a count value in the memory. Each time a new IP datagram is generated, the count value is added to 1, if the length of a datagram exceeds the MTU value of the link layer (see the first link layer), the ID field of the datagram is copied to all the data frames that are partitioned, in this way, the receiver can correctly assemble an IP datagram after receiving the datagram;
Three-digit flag: this field is not described in detail in Volume 1. In fact, it is used only for the second and third places, and whether the second-digit mark allows sharding, the third digit identifies whether the IP datagram is the last datagram; the 8-bit TTL value is important to specify the maximum number of routers that the IP datagram can pass, when the number of routers exceeds this value, the datagram is discarded. 8-bit Protocol: used to identify which Protocol the IP datagram belongs, the following table is specified (the source is from a Chinese Textbook ):
16-bit header check: similar to the CRC check code in the link layer, it is used to check whether the datagram has any error changes during transmission. The IP datagram header description is almost the same now;
IP Route Selection When the IP layer encapsulates a frame, the rest of the work is to transfer. The most direct case for sending an IP datagram to the target host is that the target host is directly connected to the source host (the same licensing ring network or Ethernet), you only need to send it directly, generally, the destination host is not in the same network as the source host, so many routers are required for communication. Selecting the next vro becomes the main focus. The IP layer protocol implementation of each host has an IP route table in the memory. If the destination host is not in the same network as the source host, search the route table to send it to the next vro, the structure of the route table is usually the network number of the target host and the KEY-VALUE Pair consisting of the next hop address. If the TTL of a datagram is 0 before it is sent, It is discarded. Otherwise, the route table is searched. The search process is generally as follows: 1. search for the destination IP address in the routing table. If the destination IP address exists, the IP datagram is directly sent to this address. Otherwise, perform (2 );
2. search for the subnet address (subnet addressing, which will be discussed later) corresponding to the target network. If yes, send the IP datagram to the next hop address corresponding to this subnet number. Otherwise, (3); 3. search for the network number corresponding to the target network. If yes, the IP datagram will be sent to the next hop corresponding to the network number. Otherwise, perform (4); 4. find the default route address. If yes, the IP datagram will be sent to this default route address. Otherwise (5); 5. discards the IP datagram;
Subnet addressing basically all routers now support subnet addressing. In fact, both Class A addresses and Class B addresses allocate too much space to host numbers (2 ^ 24 and 2 ^ 16), which makes the available network numbers limited, the available host numbers are wasted, so the host numbers are divided into two parts: the seat network number and the host number. For example, a Class B address divides the first eight digits of the previous 16-bit host number into subnet numbers, and the last eight digits into host numbers, so the obtained subnet has 2 ^ 8, there are so many allocable host numbers 2 ^ 8 (255.
To identify the network number and host number of the IP address after dividing the subnet, a subnet mask is displayed. For example, the subnet mask of my computer is 255.255.255.0 and the IP address is 192.168.1.105. After the subnet mask and IP address are in the same phase, the result 192.168.1.0 is my network number and the host number is 105. This IP address is a class C address. Its host number defaults to 8 bits. After 105 is used as the host number, there will be no available subnet numbers, so my computer has no subnet division. If my IP address is 128.96.32.32, This is a class B address, and the host number is as many as 2 ^ 16 when no subnet is divided, the obtained network number is 128.96.32.0; the host number is the last 32, and the default network number of the B-type address is the first 16 bits, that is, 128.96.0.0, which is now 192.96.32.0, so the extra 32 is the subnet number.
After RFC 950 is released, the router must send its own subnet mask to the peer when forwarding messages to the adjacent router. If a host is not assigned a subnet number, then, the default subnet mask number is sent to the adjacent router. The default subnet mask of all kinds of addresses is as follows (in fact, the result of assigning all the network numbers that are not divided into subnets to 1): Class: 255.0.0.0; B class: 255.255.0.0; C Class: 255.255.255.0; in this way, after the IP addresses are connected to these subnet masks, the network number is obtained when no subnet is divided.
Run the netstat command and ifconfig command to view the IP address, subnet mask, and hardware address information of my computer (result obtained using ifconfig-)
 
Eth0 is a multicast address (which will be discussed later), lo is a local loopback address (introduced in the first article), and wlan is an address connected to the WAN; is the route table of my computer (obtained using netstat-r ):
 

If the destination address is 192.168.1.0 and the local loopback address, it will be sent directly. Otherwise, it will be sent to the default gateway 192.168.1.1, which is the router in the LAN and sent to the wlan through it.