Network hierarchy Analysis (5 layer parsing)

1, the physical layer: connect the network equipment, the electrical characteristics of the network: responsible for the transmission of 0 and 1 of the electrical signal

?

2. Connection layer: Specify the combination of 0 and 1 electrical signals and how to interpret them

???? Protocol: Ethernet Protocol????

???? The agreement stipulates that a set of electrical signals constitutes a packet called "frame". Each frame is divided into two parts: header (head) and data

????

"Header" contains some description items of the packet, such as sender, recipient, data type, etc.; "Data" is the specific content of the packet.

The length of the "header", fixed to 18 bytes. The length of the "data" is as short as 46 bytes and up to 1500 bytes. Therefore, the entire "frame" is a minimum of 64 bytes and a maximum of 1518 bytes. If the data is long, it must be split into multiple frames for sending.

?

MAC Address: Each network card has a unique MAC address, the length of 48 bits, usually in 12 hexadecimal digits, identifying the sender and recipient of data (the first 6 hexadecimal number is the manufacturer number, the last 6 is the manufacturer's network card serial number)

?

Broadcast :

???? The MAC address of another NIC is learned through the ARP protocol.

With the MAC address, Ethernet uses a very "raw" way, to all the computers within the network to send, so that each computer to determine whether it is the receiver.

????

?

In the picture, computer 1th sends a packet to computer number 2nd, and Computers 3rd, 4th, and 5th of the same subnet receive the packet. They read the "header" of the packet, find the receiver's MAC address, and then compare it to their MAC address, and if the two are the same, accept the package, do further processing, or discard the package. This type of transmission is called "broadcast" (broadcasting).

With the definition of the packet, the MAC address of the NIC, the way the broadcast is sent, the link layer can transfer data between multiple computers.

?

3 Network Layer

The origin of the network layer

Ethernet protocol that relies on MAC addresses to send data. Theoretically, relying solely on the MAC address, Shanghai's network card can find the network card in Los Angeles, technically can be achieved.

However, there is a major drawback to doing so. Ethernet uses broadcast to send packets, all members of a "package", not only inefficient, but also confined to the sub-network of the sender. In other words, if two computers are not on the same subnet, the broadcast is not passed. This design is reasonable, otherwise every computer on the Internet will receive all the packages, which will cause disaster.

The internet is a huge network of countless sub-networks, and the computers in Shanghai and Los Angeles are in the same sub-network, which is almost impossible.

Therefore, you must find a way to differentiate which MAC addresses belong to the same subnet and which are not. If it is the same subnet, it is sent by broadcast, otherwise it is sent by "route" mode. ("Routing" means the distribution of packets to different sub-networks, which is a large topic that is not covered in this article.) Unfortunately, the MAC address itself cannot do this. It is only relevant to the vendor, regardless of the network in which it is located.

???? IP Protocol

The protocol that specifies the network address is called the IP protocol. The address that it defines is called an IP address.

At present, the widely used is the fourth edition of IP protocol, referred to as IPV4. This version stipulates that the network address consists of 32 bits.

?????

?

????

Each computer on the Internet will be assigned an IP address. This address is divided into two parts, the previous part represents the network, and the latter part represents the host.

For example, the IP address 172.16.254.1, which is a 32-bit address, assuming that its network portion is the first 24 bits (172.16.254), then the host part is the last 8 bits (the final 1). computers in the same sub-network, their IP address must be the same network part , that is, 172.16.254.2 should be in the same subnet as 172.16.254.1.

However, the problem is that we cannot judge the network part simply from the IP address. 172.16.254.1 For example, its network part, in the end is the first 24 bits, or the first 16 bits, or even the first 28 bits, from the IP address is not visible.

So, how can you tell whether two computers belong to the same subnet from an IP address? This will use another parameter, " subnet mask"(subnet mask).

The so-called "subnet mask" is a parameter that represents the characteristics of a sub-network . It is formally equivalent to an IP address, is also a 32-bit binary number, its network portion is all 1, the host part is all 0. For example, IP address 172.16.254.1, if the network portion is known as the first 24 bits, the host part is the last 8 bits, then the subnet mask is 11111111.11111111.11111111.00000000, written in decimal is 255.255.255.0.

Knowing the "subnet mask", we can determine whether any two IP addresses are in the same sub-network.

The method is to use the two IP address and the subnet mask for each and operation (two digits are 1, the result of the operation is 1, otherwise 0), and then compare the results are the same, if so, it indicates that they are in the same sub-network, otherwise it is not.

For example, the subnet masks for known IP addresses 172.16.254.1 and 172.16.254.233 are 255.255.255.0, are they on the same subnet? Both and operations are performed separately with the subnet mask, and the results are 172.16.254.0, so they are on the same subnet.

Summary: The IP protocol has two main functions, one is to assign an IP address to each computer, and the other is to determine which addresses are in the same sub-network.

?

IP packets

?????

The data that is sent according to the IP protocol is called an IP packet. This must include IP address information.

But as mentioned earlier, the Ethernet packet contains only the MAC address, and there is no field for the IP address.

So we put the IP packets directly into the "Data" section of the Ethernet packet, so we don't have to modify the Ethernet specifications at all.

This is the benefit of the hierarchical structure of the Internet: changes in the upper layers do not involve the underlying structure at all.

Specifically, IP packets are also classified as "header" and "data" two parts.

????????

The "header" section mainly includes the version, length, IP address and other information, the "Data" section is the specific content of IP packets.

?

When it is placed in an Ethernet packet, the Ethernet packet becomes the following.

????

The "header" portion of an IP packet is 20 to 60 bytes long, and the total length of the packet is up to 65,535 bytes. Therefore, in theory, the "data" portion of an IP packet is up to 65,515 bytes in length. As mentioned earlier, the "data" portion of an Ethernet packet is only 1500 bytes long. Therefore, if the IP packet exceeds 1500 bytes, it needs to be split into several Ethernet packets, which are sent separately.

?

ARP Protocol

There is one last point you need to explain about the network layer.

Because the IP packet is sent in the Ethernet packet, we must also know two addresses, one is the other's MAC address, the other is the other's IP address. Normally, the IP address of the other party is known (explained later), but we do not know its MAC address.

So, we need a mechanism to get the MAC address from an IP address .

This can be divided into two different situations:

In the first case, if the two hosts are not in the same sub-network, then in fact there is no way to get the other's MAC address, only the packet to the two sub-network connection " Gateway ", let the gateway to handle.

In the second case, if the two hosts are on the same subnet, then we can use the ARP protocol to get the MAC address of each other.

The ARP protocol also emits a packet (contained in an Ethernet packet) that contains the IP address of the host to which it is queried, in the other's MAC address column, filled with FF:FF:FF:FF:FF:FF, indicating that this is a "broadcast" address. Each host of its subnet receives the packet, which takes the IP address and compares it to its own IP address. If the two are the same, make a reply, report their MAC address to each other, or discard the package.

In short, with the ARP protocol, we can get the host MAC address of the same sub-network, can send packets to any host.

?

4. Transport Layer

The origin of the transport layer

?

With the MAC address and IP address, we can already establish communication on any two hosts on the Internet.

The next problem is that there are many programs on the same host that need to use the network, for example, while you're browsing the web and chatting with your friends online.

When a packet is sent from the Internet, does it represent the content of the Web page or the content of an online chat?

In other words, we also need a parameter that indicates which program (process) The packet is intended to use.

This parameter is called "Port", which is actually the number of each program that uses the NIC. Each packet is sent to a specific port on the host, so different programs can take the data they need.

The "Port" is an integer between 0 and 65535, exactly 16 bits. 0 to 1023 of the ports are system-occupied, users can only choose a port greater than 1023. Whether you are browsing the Web or chatting online, the application randomly selects a port and then contacts the appropriate port on the server.

The function of the "Transport layer" is to establish "port-to-port" communication. In contrast, the function of the "network layer" is to establish "host-to-host" communication.

As long as the host and Port are determined, we can communicate between the programs. Therefore, the UNIX system puts the host + port, called the socket. With it, you can develop Web applications.

?

UDP Protocol

Now we have to include the port information in the packet, which requires a new protocol. The simplest implementation is called the UDP protocol, and its format is almost in front of the data, plus the port number.

UDP packets, which are also made up of "header" and "data" two parts

?

The "header" section mainly defines the issuing port and the receive port, and the "Data" section is the specific content.

Put the entire UDP packet into the "Data" section of the IP packet, and the entire Ethernet packet now becomes the following:

?

TCP Protocol

?

The advantages of the UDP protocol are relatively simple and easy to implement, but the disadvantage is that the reliability is poor, once the packet is sent, it is impossible to know whether the other party received.

In order to solve this problem and improve the network reliability, the TCP protocol was born. This protocol is very complex, but it can be approximated that it is a UDP protocol with a confirmation mechanism, each sending a packet requires confirmation. If a packet is lost, the acknowledgement is not received and the sender knows it is necessary to re-send the packet.

Therefore, the TCP protocol ensures that data is not lost. Its disadvantage is the complexity of the process, the implementation of difficult, more expensive resources.

TCP packets, like UDP packets, are embedded in the "Data" section of the IP packet.

TCP packets have no length limit and can theoretically be infinitely long, but in order to ensure the efficiency of the network, the TCP packet length does not exceed the length of the IP packet, to ensure that a single TCP packet does not have to be split again. (not understand properly)

?

5. Application Layer

The application receives data from the "Transport Layer", which is then interpreted. Since the Internet is an open architecture, data sources are varied and must be well-defined in advance, otherwise they cannot be interpreted at all.

The role of the "Application layer" is to specify the data format of the application.

For example, the TCP protocol can pass data to a variety of programs, such as email, WWW, FTP, and so on. Then there must be different protocols for the format of e-mail, Web pages, FTP data, and these application protocols constitute the "Application layer".

This is the highest level, directly facing the user. Its data is placed in the "Data" section of the TCP packet. As a result, the current Ethernet packet becomes this way.

????????

?

?

?

?

?

?

?

?

?

?

Network hierarchy Analysis (5 layer parsing)