Janet the previous chapter on the "TIP/IP of the agreement layer", this chapter mainly talk about IP protocol, this is the most concerned about the
First, the concept:
IP is the most important protocol in the family of TCP/IP protocols. All TCP, UDP, ICM p, and IGMP data are transmitted in an IP datagram format. Many people who are just beginning to contact TCP/IP are surprised by the unreliable, non-connected datagram delivery services provided by IPs, especially those with X. or SNA background knowledge. unreliable (unreliable) means that it does not guarantee that IP datagrams will successfully reach their destination. IP only provides the best transport service. In the event of an error, such as a router temporarily running out of buffers, IP has a simple error-handling algorithm: Discards the datagram and sends an ICMP message to the source end. The reliability of any requirement must be provided by the upper layer (for example, TCP). The term " no Connection" (connectionless) means that IP does not maintain any status information about subsequent datagrams. The processing of each datagram is independent of each other. This also means that IP datagrams can be received in the order they are sent. If a source sends two consecutive datagrams (first A, then B) to the same beacon, each datagram is routed independently and may choose a different route, so B may arrive before a arrives.
Second, the principle:
1. IP header
format of IP datagram: The protocol defines a packet that is transmitted over the Internet, called an IP packet (IP DATAGRAM), and here, for your understanding, I used two images (two references respectively) Represents the true meaning of the IP packet format, some of which do not understand the place want to communicate more.
(as shown in 3-1). The general IP header is 20 bytes unless it contains an option field.
As shown in the following:
IP header : Highest on the left, recorded as 0 Bi T ; the lowest bit is on the right and is recorded as a bit; 4 bytes of 32 The bit values are transferred in the following order: first 0~7 bit, followed by 8~15 bit, and then 16~23 bit, and finally the 24~31 bit This transmission order is in big endian byte order. due to all binary integers in TCP/IP header is required in this order for transmission in the network, so it is also known as the network byte order . A machine that stores binary integers
Remarks:
A) bit: The Chinese name is a bit, transliteration" bit ", is the smallest unit used to describe the amount of computer data.
Each 0 or 1 is a bit (bit) in binary number system.
bit from binary digit (binary number) for the following purposes: Data Rate---is the data transmission rate, in bits per second (meaning how many binary digits per second "1 or 0")
usually recorded as: bit/s b/S kb/s MB/s tb/s bps (bit per second) and the source of these letters: K:kilo (Thousand) M:mega (m) G:giga (Kat) T: Tera (Tai)
Unit Conversions
1byte=8bit
1kb=1024byte (bytes) =8*1024bit
1mb=1024kb
1GB=1024MB
1TB=1024GB
B) eNdian: Big-endian and Little-endian byte ordering
byte sort meaningBig-endian a high-level byte in Word in memory at the low address of this word region.Little-endian a low-level byte in Word is placed in memory at the lower address of this word region.It is important to note that the length of one word in the table is 16 bits, and the length of a byte is 8 bits. If a number exceeds the length of a word, you must first break into sections of word, and then each part (that is, inside each word) to handle the bytes by Big-endian or Little-endian different actions.An example:If we write 0X1234ABCD to memory starting with 0x0000, the result isBig-endian Little-endian0x0000 0x12 0xCD0x0001 0x34 0xAB0x0002 0xAB 0x340x0003 0xCD 0x12(Note: 0xAB is converted to 2 binary is 10101011, is a number of 8bit.) )Detailed descriptions are as follows:There are often differences in memory data storage between CPUs in different systems. For example, Intel's x86 series processors store low-order bytes at the start address, while some RISC-architecture processors, such as those used by IBM's 370 hosts, PowerPC or Motorola-produced CPUs, store high-order bytes in the starting position. These two different storage methods are called Little-endian and Big-endian.
version: The current protocol version number is 4, so IP is sometimes referred to as IPV4.
First Ministerial degree : refers to the number of words in the header, including any options. Since it is a 4-bit field, the header is a maximum of 60 bytes.
is 4 bits, the maximum decimal value that can be represented is 15. Note that the unit of the number represented in this field is 32 bits in length (a 32-bit word length is 4 bytes), so when the IP header length is 1111 (that is, the decimal 15), the header length reaches 60 bytes. When the header length of an IP packet is not an integer multiple of 4 bytes, it must be populated with the last fill field. Therefore, the data part will always start at 4-byte integer multiples, which makes it more convenient to implement the IP protocol. The disadvantage of a header length limit of 60 bytes is sometimes not enough. However, this is done in the hope that users will minimize overhead. The most commonly used header length is 20 bytes (that is, the header length is 0101), and no options are used. (# We generally see the version and header length two fields are hexadecimal 45, which is the version number Version=4,he adlength=5, i.e. the first length is 60 bytes)
Differentiated Services: 8-bit for better service. This field is called the service type in the old standard, but it has not been used in practice. 1998 the IETF renamed this field to differentiate Service DS (differentiated Services). This field only works if you are using differentiated services.
The service type (TOS) field includes a 3 bit priority subfield (now ignored), a 4 bit TOS subfield, and a 1 bit unused bit but must be set to 0. The 4 bit TOS represents: Minimum delay, maximum throughput, maximum reliability, and minimum cost. Only 1 bits can be placed in 4 bit. If all
4 bit is 0, then it means General Service.
The below diagram lists the recommended TOS values for different applications. The hexadecimal value is given in the last column, because this is the output of the tcpdump command that will be seen later.
Note: as shown in:
The two interactive applications, telnet and rlogin , require minimal transmission latency because they are used primarily to transmit small amounts of interactive data. FTP file transfers, on the other hand, require maximum throughput. Maximum reliability is indicated to network management (SNMP) and routing protocols. User Network News (Usenet News, NNTP) is the only application that requires minimal cost. Most TCP/IP implementations now do not support the to S feature, but the new system has been set up since the 4.3BSD Reno. In addition, new routing protocols such as OSPF and Is-is are able to route decisions based on the values of these fields.
Total Length: total length refers to the length of the header and the sum of the data, in bytes. The total Length field is 16 bits, so the maximum length of the datagram is 2 of 16-1 Parties = 65535 bytes.
Each data link layer below the IP layer has its own frame format, which includes the maximum length of the data field in the frame format, which is called the Maximum Transfer Unit MTU (Maximum Transfer unit). When a datagram is encapsulated into a link-layer frame, the total length of the datagram (that is, the header plus the data portion) must not exceed the MTU value of the data link layer below.
Identification (identification): 16 bits. The IP software maintains a counter in memory, each generating a datagram, the counter adds 1, and assigns this value to the identity field. However, this "identity" is not an ordinal, because IP is a no-connect service, the datagram does not exist in order to receive problems. When a datagram must be fragmented because it is longer than the MTU of the network, the value of the identity field is copied to the identity field of all datagrams. The same value of the identity field causes the fragmented datagram to be correctly re-installed as the original datagram.
⑥ Flag: 3-bit, but at present only 2 bits are meaningful.
- The lowest bit in the Flag field is recorded as MF (more Fragment). Mf=1 is a datagram that says "There are shards" later. Mf=0 says this is the last of several datagrams.
- The one in the middle of the flag field is recorded as DF (Don ' t Fragment), meaning "cannot shard." Shards are allowed only when df=0.
⑦
chip Offset: 13 bits. The slice offset indicates the relative position of a piece in the original group after a long grouping in the Shard. That is, relative to the starting point of the User data field, the slice starts from where. The slice offset is offset in 8 bytes. This means that the length of each shard must be an integer multiple of 8 bytes (64 bits).
Time-To- live: 8-bit, the time-to-live abbreviation used in the Lifetime field is the TTL, which indicates the lifetime of the datagram in the network. This field is set by the source point at which the datagram is emitted. The aim is to prevent the inability to deliver data in a way that is unrestrained in the Internet and thus consumes network resources in vain. The original design was in seconds as the TTL unit. Each time a router is passed, the TTL is subtracted from the datagram when it is consumed by the router. If the datagram consumes less than 1 seconds on the router, the TTL value is reduced by 1. When the TTL value is 0 o'clock, the datagram is discarded.
protocol: 8-bit, the Protocol field indicates what protocol is used for the data that this datagram carries, so that the IP layer of the destination host knows which process should be handed over to the data part. (in the scapy, the lower
Protocol generally can inherit from the above, auto-fill, we can generally omit this item)
Department of Inspection and: accounted for 16 people. This field only examines the header of the datagram, but does not include the data section. This is because the router has to recalculate the first check and (some fields, such as lifetime, flag, slice offset, and so on) every time a router is passed. Do not test the data section to reduce the amount of computational effort.
2.IP route selection
IP routing is a fundamental knowledge that Cisco network engineers must understand. In fact, IP routing is not as complex as everyone thinks. A case study will be done to help you understand the IP routing selection process in depth. I hope this article will help you clear some of the wrong IP routing options.
Like, now such a network. Host A and Host B respectively on two different network segments, the middle through the router connection. Now assume that host A to communicate with the Host B, then host a how can I find the location of Host B? The author now, through this example, explained in detail the whole process of IP routing. Here, the author takes Cisco's router as an example to introduce.
Suppose now the user of host a Use ping command to confirm the connectivity problem of Host B. Although this network architecture is relatively simple, the steps of its routing process are not missing. Mainly through the following steps:The first step:When the user enters Ping 172.168.80.8 on host A, there is an Internet Control Message protocol in the host armor, which is known in EnglishICMP。 This protocol creates a response request packet that contains only the letters in its data field.Step Two:Internet Control Message ProtocolThis payload (that is, the packet you just created) is given to theInternet Protocol(English abbreviationIP)。 The Internet Protocol will then create a packet. In the packet created by this Internet protocol, the content is much richer than the packets created by the Internet Control Message protocol. This package includes the IP address of host A, the IP address of the destination host, and the Protocol field with a value of 01h. When the packet arrives at Host B, the content tells the other party that the payload should be handed over to the Internet Control Message protocol for processing.Step Three:The IP protocol determines whether the destination IP address belongs to a remote network or to a local network. Due to the IP address planning rules, host A and host are already different networks. At this point, the packet created by the Internet Protocol (IP) will be sent to the default gateway. In the Network property configuration of Host A, there is a default gateway address in addition to its own logical IP address. A gateway address is a door used to communicate between hosts in different networks. Only through the gateway, the host a packet can be sent to different network Host B.Fourth Step:Confirm the MAC address of the router's corresponding interface. Assume that the default gateway for host a (IP address 172.168.60.6) is configured to 172.168.60.1. If the packet of host A is to be sent to this default gateway, you must know the physical address of the corresponding router interface, that is, the MAC address. Because this is the only way, packets can be passed to the next layer of data link layer and generate frames based on certain rules. The host can then send the data packets to the router interface of the 172.168.60.0 network connection. On the local area network, the host can communicate with each other only through the hardware address. So when host A to send data packets to a specific gateway, you must know the corresponding MAC address of the gateway. This process is unavoidable. To achieve this, host a first checks its own ARP cache to see if the IP address of a default gateway has been resolved to the corresponding interface's hardware address. If there is already a corresponding record in the ARP cache table, the representation has been successfully resolved. At this point, the packet is freed and passed to the data link layer and the frame is generated. The hardware address of the destination is also uploaded to the data link layer along with the packet. Typically, on host a, the ARP command can be used to view the host's current IP address and the corresponding table of the MAC address. Such as. I now set the default gateway for the computer is 192.168.0.254, the following 16-bit character is the default gateway corresponding to the hardware address.
Fifth step: generate frames. After the packet and the destination's hardware address are passed to the data link layer, the LAN drive is used to provide the media Access service to transmit data over Ethernet. A data frame is about to be generated, using some control information to encapsulate the packet. This data frame contains the hardware addresses of the destination and source parties. and the Ethernet Type field. This Ethernet Type field is primarily used to describe the network layer protocol that delivers this packet island data link layer. At the end of this frame is a field called the frame check sequence, which is the area that loads the computed value of the cyclic redundancy check. That is, in this frame, mainly includes the destination MAC address (corresponding to the Router interface MAC address), the source MAC address (host a Mac), Ethernet Type field, packet, frame check sequence five parts of the content. Note that the destination address here is not the address of Host B, but the nearest default gateway address for host armor. During the first communication, host A does not know the MAC address of Host B. Once the frame has been encapsulated, the frame will be delivered to the physical layer. If the enterprise network is built using twisted pair, it will be sent to the physical media in one-time way.
Cond...
Janet: See TCP/IP two (IPs: Internet Protocol)