Fundamentals of computer Networks

I. Physical Layer

The physical layer defines the size of the network port RJ45, the mode of voltage on the network cable, and so on. The binary data streams that propagate in the network cable are the concrete appearances of this layer. That is to say, there is no agreement on this layer, and even if it does, it will be the Manchester Code calculation protocol. We connect the two machines with a network cable, or connect the machines with hubs, which is the work of the physical layer.
There are 2 devices belonging to the physical layer, one is the repeater, and the other is the hub. As you know, the distance between the wires on the physical line will cause the attenuation of electrical signals. To re-strengthen the signal, we need to add a signal amplifier after a certain distance, which is the Repeater (Repeater).
　　1. the repeater is connected between two network cables, and no processing is done on the signal.
　　2. The essence of hub is actually a multi-port relay (Multi-port Repeater), which is a physical device that connects multiple wires.
Since the physical layer transmits electrical signals. So if I have two machines generating signals together, is the signal chaotic?
Very correct. This problem in the network becomes a "collision", so the agreement stipulates that if you need to send data, you must first look at the cable inside there is no other signal. If not, then you can send it. If both are sent at the same time, after the collision is detected, the two wait for a random time, and then resend. This is the important "collision detection".
If more and more computers are connected to the network, collisions will become more frequent. The efficiency must be very low. Well, here's another important concept, "conflict domain." All devices on the same physically connected network belong to the same conflict domain. So the device connected with the repeater or hub is on a conflicting domain.
Then we need to introduce our two-tier device to split the conflict domain.

two. Data Link layer

The thing above this level is no longer an electrical signal, but a data. Since it is data, it has a logical relationship. The basic unit above this level is the frame. He converts the current from the network cable into a combination of 0 and 1.
The physical layer is just a network card to send or accept a variety of level signals, that is to say that the physical layer is unable to determine the source and target of the current. Then after the current is played in 0 and 1 frames, there is logic data in it. With the data, you can judge where the data came from and where to go. So you can really form link, the second layer of equipment has two:
　　1. Bridge is a connection to 2 different physical networks. The main function is to forward a frame between 2 networks. Because in practice we can know that, in fact, many times not the whole network is communicating with each other. A group of computers that communicate with each other at most we can be divided into a small conflict domain. Such segmentation can reduce conflicts later. Because the communication on both sides of the bridge is not very frequent, use the bridge to make the "spokesperson" for both sides.
　　2. switch, which is essentially a multi-port bridge (Multi-port Bridge). Each port behind the switch is a conflict domain. The switch is faster than the hub because the switch splits all the conflicting domains. The main function of the switch is "store and forward", according to the MAC address of the frame, decide which port the frame goes out from.
Bridge connection mode (hub at red dot):

Switch Connection mode:

As you can see, the bridge has only 2 input/output ports, and the switch has 8. Well, yes, at the beginning (then only hub this device), because the hardware level is not very developed, people in order to improve the efficiency of the LAN, reduce the emergence of broadcast storms, they produced a bridge (a two input/output port of the link layer equipment, then the bridge is a relatively advanced equipment), Then they put a LAN into 2, in the middle with a bridge connection, so that a to BCD data will not be broadcast to EFGH (the bridge found that if the packet is not forwarded to the following subnet, it will automatically discard the packet), only from a to EFGH packets to the bridge, to another subnet ( The bridge found that if the packet was forwarded to the following subnet, it would forward the packet to the subnet.
As a result, unnecessary transmissions are reduced, and the efficiency of the entire network increases. People find that the bridge is really a good thing ah, with the development of hardware, there have been 4, 8 ports of the link layer equipment, which is the switch, because the switch can make the network more secure, more efficient network, the switch gradually replaced the hub, become the important equipment to build LAN.
Ethernet is currently the most widely used local area network, and other local area networks like ATM, have slowly disappeared. Ethernet mainly describes the two-tier structure. The frame structure of Ethernet is as follows:

　　 1.The leading field of Ethernet and SFD is 0xAAAAAAAAAAAAAAAB (8Byte, timing in front--time series behind), where SFD is 0xAB (10101011), where 11 differs from the leading field, indicating that this is the frame delimiter, followed by the data section.
　　 2.Da/sa refers to the MAC address, 6Byte.
If the least significant bit of the first byte in the MAC address is 1, the address is the multicast destination address. For example, 01-00-00-00-f0-00. Packets with the multicast destination address will be delivered to a selected set of Ethernet nodes.
If the destination Address field is a reserved multicast address ff-ff-ff-ff-ff-ff, the packet is a broadcast packet and it is sent to each node that shares the network.
If the least significant bit of the first byte in the MAC address is 0, the address is a unicast address and the packet is used only by nodes that have that address.
It is important to note that these three kinds of broadcasts differ in the IP address and MAC address.
　　 3.The Type/Length field defines what protocol the following packet belongs to, and if the field is less than or equal to 0X05DCH (1500), the field is the Length field. If we use the IP or ARP protocol, this field is the Type field: IP (0x0800), ARP (0x0806).
　　 4.Data and fill the two parts of the minimum is 46Byte, the maximum is 1500Byte, if the data portion is less than 46Byte, then you need to use the fill portion to fill 0x00, so that the two parts is 46Byte. This section puts the upper-level information, such as the IP packet, in the data segment of the Ethernet frame.
　　 5.The last part is the CRC check code.
　　

three. Network Layer

The basic unit of this layer is the package (Packet). All packages have an IP header, and IP is used to identify the source and destination address of the packet on this layer.
One of the main concepts of this layer is "routing", which is, like a switch, forwarding packets to other places. However, there is a different place where the switch can send to the specified computer only if it knows where the specific Mac is, and the route does not need to know where the final IP is located, as long as it knows that the path can be used to work.
The IP address is essentially the endpoint address, it does not change when skipping the router (hop), and the MAC address is the address of the next hop, the router will change every time it skips.
The IP address is on layer three and the MAC address is on layer two. When the information is still in the two layer, not to three layers of unpacking, the IP address is actually only two layers of data part.

　　 1.Version number: 4bit. Identifies the version number of the IP protocol currently in use. The general value is 0100 (IPV4), 0110 (IPV6)
　　 2.IP header Length (header lengths): 4bit. The purpose of this field is to describe the length of the IP header. The unit is 32bit (4 bytes), and the length of an IP header is "1111", which is 15*4=60 bytes. The minimum IP header length is 20 bytes.
　　 3.Service type (Type a service): 1Byte. The bitwise is defined as follows: PPP DTRC0
PPP: Defines the priority of the package, and the larger the value, the more important the data.
000 Normal (Routine)
001 Preferred (priority)
010 immediate Send (Immediate)
011 Lightning-BOLT (Flash)
100 more lightning-bolt than Lightning (Flash Override)
101 CRI/TIC/ECP (Cannot find the translation of the word)
110 Inter-network controls (internetwork control)
111 Network control
D delay: 0: Normal 1: Delay as small as possible
T Throughput: 0: Normal 1: Traffic as large as possible
R Reliability: 0: Normal 1: Reliability as large as possible
M transfer cost: 0: Normal 1: The cost is as small as possible
0 The last one is kept, constant for 0
　　 4.IP packet Length (total length): 2Byte. The length of the IP packet, including the header and data, is computed in bytes, so the IP packet has a maximum length of 65535 bytes.
　　 5.Identifier (Identifier): 2Byte. This field is used in conjunction with the flags, Fragment offest fields to fragment (Fragment) operations on larger upper-layer packets. After a router splits a package, all the split packets are tagged with the same value so that the destination device can differentiate which package belongs to the part of the split package.
　　 6.Tag (Flags): 3bit. The first bit of the field is not used. The second bit is the DF (Don ' t Fragment) bit, and the DF bit is set to 1 o'clock to indicate that the router cannot fragment the upper layer packet. If an upper-layer packet cannot be forwarded without fragmentation, the router discards the upper-layer packet and returns an error message. The third bit is the MF (more fragments) bit, and when the router segments a top-level packet, the router sets the MF bit to 1 in the header of the IP packet except for the last fragment.
　　 7.Chip offset (Fragment offset): 13bit. Represents the location of the IP packet in the group's Shard package, which the receiving side relies on to assemble the restored IP packet.
　　 8.Time to Live (TTL): 1Byte. When an IP packet is transferred, a specific value is assigned to the field first. When the IP packets pass through each router along the route, each router along the way will reduce the TTL value of the IP packet by 1. If the TTL is reduced to 0, the IP packet is discarded. This field prevents IP packets from being forwarded over the network due to routing loops.
　　 9.Protocol (PROTOCOL): 1Byte. Identifies the protocol used by the upper layer.
The following are the more commonly used protocol numbers:
1 ICMP
2 IGMP
6 TCP
+ UDP
The IGRP
The in-the-OSPF
　　 .Head check (header Checksum): 2Byte. Used for the correctness of IP header detection, does not contain data parts. The router recalculates this value for each passing packet because each router changes the value of the TTL.
　　 One by one .Origin and Destination address (Source and Destination Addresses): Both fields are 4Byte. Identifies the origin and destination address of this IP packet. It is important to note that these two addresses do not change during the entire transfer process unless NAT is used.
At this point, the basic 20 bytes of the IP header have been introduced, after which part of the optional, not a necessary part.
　　 .Optional: This is a variable-length field. This field is optional, primarily for testing, and is rewritten by the originating device as needed. Optional items include the following:
Loose source Routing (Loose source routing): gives the IP address of a series of router interfaces. IP packets must be routed along these IP addresses, but allow multiple routers to be skipped between successive two IP addresses.
Strict source Routing (Strict source routing): gives the IP address of a series of router interfaces. IP packets must be routed along these IP addresses, indicating an error occurs if the next hop is not in the IP Address table.
Routing record (record route): The IP address of the router's outbound interface is recorded when the IP packet leaves each router.
Timestamp (timestamps): Records the time when the IP packet leaves each router.
Padding (Padding): The IP header length must be an integer multiple of 32bit because the IP header length (header length) is in the unit 32bit. Therefore, after the optional option, the IP protocol populates several 0 to achieve an integer multiple of 32bit.

Four. Transport Layer

TCP/IP represents a protocol family, which, because of the most famous TCP and IP protocols in these protocols, represents this family of protocols with both protocols. Here, for example, TCP is the TCP frame structure:

TCP connection:

Three-time handshake steps:
1. A TCP sends a connection request message segment to B, the synchronization bit in its header syn=1, and selects the ordinal seq=x, indicating that the ordinal of the first data byte to transmit the data is X
2. b after TCP receives the connection request message segment, if agreed, then send back the acknowledgment (b in the confirmation message section should make Syn=1, make ack=1, its confirmation number ack=x+1, its own selected ordinal seq = y)
3. A after receiving this message segment to the B to confirm that its ack=1, confirmation number ack=y+1 (a TCP notification upper application process, the connection has been established, B TCP received a confirmation of host A, also notify its upper application process: TCP connection has been established)
TCP release:

three times Handshake Step:
1. After the data transfer is complete, both sides of the communication can release the connection. The application process of a now sends a connection release segment to its TCP and stops sending the data, actively shutting down the TCP connection (a connects the fin=1 that releases the packet header, its ordinal seq=u, and waits for the confirmation of B)
2. B Issue confirmation, confirmation number ack=u+1, and this message segment own serial number SEQ=V (TCP server process notifies the high-level application process. The connection from A to B is released, and the TCP connection is in a semi-closed state. b If you send the data, a still receives it
3. If B has no data to send to a, its application process notifies TCP to release the connection
4. A after receiving the Connection Release message section, must issue the confirmation, ack=1 in the confirmation message section, the confirmation number ack=w+1, the own serial number seq=u+1
is the Wireshark crawl TCP packet, where 1-3 is the TCP connection, number 156-158 is the TCP release, Numbers 4-6 and 7-9 are data transmissions two times respectively.
The SEQ and ACK numbers represent the number of bytes that have been sent and the number of bytes received, respectively, for the calculation of the sliding window for sending and receiving segments.

"Reference"
Baidu Library
Other Blogs
(After all, basic knowledge, too much information)

Fundamentals of computer Networks