What is the TCP/IP protocol.
first, the TCP/IP model
The TCP/IP protocol model (transmission Control protocol/internet Protocol) contains a series of network protocols that form the basis of the Internet and is the core protocol of the Internet.
The TCP/IP-based Reference model divides the protocol into four tiers, namely the link layer, the network layer, the transport layer, and the application layer. The following figure shows the correlation between the TCP/IP model and the layers of the OSI model.
The TCP/IP protocol family is packaged in layers from top to bottom. The top is the application layer, which has http,ftp, and so on we are familiar with the protocol. The second layer is the transport layer, and the famous TCP and UDP protocols are at this level. The third layer is the network layer, where the IP protocol is, which is responsible for adding IP addresses and other data to the data to determine the destination of the transmission. The fourth layer is the data link layer, which adds an Ethernet protocol header to the data to be transmitted, and the CRC encodes it to prepare for the final data transfer.
The above diagram clearly indicates the role of each layer in the TCP/IP protocol, and the process of TCP/IP protocol communication corresponds to the process of data loading and stacking. The process of the stack, the data sender each layer continues to encapsulate the header and tail, add some transmitted information to ensure that can be transferred to the destination. The process of the stack, the data receiver each layer constantly removed the header and tail, the final transmission of data.
The image above is described in the HTTP protocol as an example. Second, data link layer
The physical layer is responsible for the interchange between 0, 1 bitstream and the voltage of the physical device, and the flash of the light. The data link layer is responsible for dividing 0, 1 sequences into data frames from one node to another adjacent node, which is uniquely identified by the Mac (Mac, physical address, one host will have a MAC address).
Encapsulated into frames: The network layer datagram header and tail, encapsulated into frames, the frame header includes the source MAC address and the destination MAC address.
Transparent transfer: 0-bit padding, escape characters.
Reliable transmission: Rarely used on links with low error rates, but Wireless Link WLANs guarantee reliable transmission.
Error detection (CRC): Receiver detects errors and discards the frame if errors are found. Third, the network layer 1.IP Protocol
The IP protocol is the core of the IP protocol, and all TCP,UDP,IMCP,IGMP data is transmitted in the IP data format. It is important to note that IP is not a reliable protocol, which means that the IP protocol does not provide a mechanism for the processing of data that is not communicated later, which is considered to be the upper layer protocol: What TCP or UDP should do. 1.1 IP Address
In the data link layer we generally identify different nodes through the MAC address, and at the IP layer we also have a similar address identifier, which is the IP address.
32-bit IP address is divided into network bit and address bit, this can reduce the number of routers in the middle of the table records, with the network address, you can limit the same network address of the terminal is in the same range, then the routing table only need to maintain a network address of the direction, you can find the corresponding terminal.
Class A IP address: 0.0.0.0~127.255.255.255
Class B IP Address: 128.0.0.0~191.255.255.255
Class C IP Address: 192.0.0.0~239.255.255.255 1.2 IP protocol Header
This is only: eight-bit TTL field. This field specifies how many routes the packet will pass through before it is discarded. Each time an IP packet passes through a router, the TTL value of the packet is reduced by 1, and when the TTL of the packet becomes 0, it is automatically discarded.
The maximum value of this field is 255, that is, a protocol package is also in the router through 255 times will be discarded, depending on the system, this number is different, usually 32 or 64. 2.ARP and Rarp protocol
ARP is a protocol that obtains a MAC address based on an IP address.
ARP (Address Resolution) protocol is a kind of resolution Protocol, originally the host is completely do not know which host the IP corresponds to which interface, when the host to send an IP packet, will first check their own ARP cache (is a IP-MAC Address table cache).
If the Ip-mac value of the query does not exist, then the host sends an ARP protocol broadcast packet to the network, the broadcast packet inside the IP address to be queried, and directly received the broadcast packet of all hosts will query their IP address, if a host received a broadcast packet found themselves eligible, Then prepare an ARP packet with its own MAC address to transmit to the host that sent the ARP broadcast.
When the broadcast host gets the ARP packet, it updates its own ARP cache (where the Ip-mac table is stored). The host sending the broadcast will use the new ARP cache data to prepare the data link layer for the packet to send work.
The work of the Rarp agreement, in contrast, does not repeat. 3. ICMP protocol
IP protocol is not a reliable protocol, it does not guarantee that the data will be delivered, then, naturally, to ensure that the data delivery work should be done by other modules. One of the important modules is the ICMP (Network control Message) protocol. ICMP is not a high-level protocol, but an IP-layer protocol.
An error occurred while transmitting the IP packet. For example, the host unreachable, routing unreachable, and so on, the ICMP protocol will be the error message packet, and then sent back to the host. Give the host a chance to handle the error, which is why it is possible to say that the protocol built above the IP layer is likely to be secure. Four, Ping
Ping can be said to be the most famous application of ICMP and is part of the TCP/IP protocol. The ping command allows you to check if the network is connected and helps us to analyze and determine network failures.
For example, when we don't go on one of our websites. This site is usually ping. Ping will show back some useful information. General information is as follows:
Ping this word originates from sonar positioning, and this program does the same, and it uses the ICMP protocol packet to detect whether another host is up or down. The principle is to use an ICMP request with a type code of 0, and the requested host uses an ICMP response of type Code 8.
The ping program calculates the interval time and calculates how many packets are delivered. Users can determine the approximate situation of the network. We can see that the ping gives out the data for the time and TTL transmitted. Wu, Traceroute
Traceroute is an important tool to detect the routing between host and destination hosts, and is also the most convenient tool.
Traceroute principle is very very interesting, it received the IP of the destination host, first send a ttl=1 UDP packet to the destination host, and after the first router received this packet, the TTL is automatically reduced by 1, and TTL becomes 0, The router discards the packet and produces an ICMP datagram to the host that the host cannot reach. The host receives this datagram and sends a ttl=2 UDP datagram to the destination host, then stimulates the second router to send ICMP datagrams to the host. This is repeated until the destination host is reached. In this way, traceroute gets all the router IPs.
Liu, Tcp/udp
TCP/UDP are all transport layer protocols, but they have different characteristics and different application scenarios, which are compared and analyzed in the form of graphs.
Message oriented
Message-oriented transmission mode is the application layer to the UDP long message, UDP is sent, that is, one message sent at a time. Therefore, the application must select the appropriate size of the message. If the message is too long, the IP layer needs to be fragmented, reducing efficiency. If it is too short, the IP will be too small.
byte stream oriented
For byte-stream, although the interaction between the application and TCP is a block of data at a time (varying in size), TCP sees the application as a series of unstructured byte streams. TCP has a buffer, and when the data block that the application transmits is too long, TCP can divide it short and then transmit it.
About congestion control, flow control, is the focus of TCP, explained later.
Some applications of TCP and UDP protocols
when should TCP be used.
When the quality of the network communication requirements, such as: the entire data to be accurate to the other side, which is often used for some reliable applications, such as HTTP, HTTPS, FTP, such as the transfer of files protocol, POP, SMTP and other mail transmission protocol. when you should use UDP.
When the network communication quality requirements are not high, the need for network communication speed as fast as possible, then you can use UDP. Vii. DNS
DNS (domain Name System), a distributed database of domain names and IP addresses that are mapped to each other on the Internet, makes it easier for users to access the Internet without remembering the number of IP strings that can be read directly by the machine. The process of obtaining the IP address of the host name through the hostname is called Domain name resolution (or hostname resolution). The DNS protocol runs on top of the UDP protocol, using the port number 53. Viii. establishment and termination of TCP connections 1. Three-time handshake
TCP is connection-oriented, and you must first establish a connection between the two parties in either direction before the other party sends the data. In the TCP/IP protocol, the TCP protocol provides a reliable connection service, which is initialized by a three-time handshake. The purpose of the three-time handshake is to synchronize the serial number and confirmation number of both parties and Exchange TCP window size information.
First handshake: establishes the connection. The client sends the connection request message segment, the SYN position is 1,sequence number x, and then the client enters the Syn_send state, waiting for the server to confirm;
Second handshake: The server receives a SYN message segment. The server receives the SYN message segment of the client, needs to confirm this SYN segment, set acknowledgment number to x+1 (Sequence number+1), and send the SYN request information yourself, with the SYN position at 1 Sequence number is Y; the server will put all of the above information into a message segment (that is, the Syn+ack message segment), a concurrent send to the client, when the server entered the SYN_RECV state;
Third handshake: The client receives the server's Syn+ack message segment. Then the acknowledgment number is set to Y+1, send an ACK message to the server segment, after the message segment is sent, the client and server side both enter the established state, complete the TCP three handshake.
Why do you have to shake hands three times.
In order to prevent the failed connection request packet suddenly transmitted to the service side, resulting in an error.
Specific example: "Invalid connection request message segment" is generated in such a case: The client sends the first connection request message segment is not lost, but in a network node for a long time stranded, so that the connection is delayed until after the release of the server at some time. Originally this is a message segment that has already expired. However, after the server receives this failed connection request message segment, it is mistaken for a new connection request from the client. The client is then sent a confirmation message segment, agreeing to establish a connection. Assuming that the "three-time handshake" is not used, the new connection is established as soon as the server issues a confirmation. Because the client is now not making a connection request, the server acknowledgement is ignored and data is not sent to the server. But the server thought the new transport connection had been established and waited for the client to send the data. In this way, many of the server's resources are wasted. The use of "three-time handshake" method can prevent the above phenomenon. For example, in that case, the client does not issue confirmation to the server's confirmation. The server knows that the client does not require a connection because it cannot receive a confirmation. " 2. Wave four times
After the client and server have established a TCP connection through three handshake, when the data transfer is complete, it is bound to disconnect the TCP connection. For the disconnection of TCP, there is a mysterious "four breakup".
The first breakup: Host 1 (Can make the client, can also be the server side), set sequence number, to host 2 to send a fin segment; At this time, the host 1 into the fin_wait_1 state; This means that the host 1 has no data to be sent to host 2;
Second breakup: Host 2 received the Host 1 sent fin message segment, to the host 1 back an ACK message segment, acknowledgment number is sequence number plus 1; Host 1 enters Fin_wait_2 state; Host 2 tells host 1, I "agree" Your request for closure;
Third breakup: Host 2 to the host 1 send fin message segment, request to close the connection, while the host 2 into the Last_ack State;
Fourth break: Host 1 received the Host 2 sends the FIN message segment, sends the ACK message segment to the host 2, then the Host 1 enters the TIME_WAIT state, the host 2 receives the host 1 ACK message segment, closes the connection, at this time, the host 1 waits for 2MSL to still not receive the reply, This proves that the server side has shut down properly, so the host 1 can also shut down the connection.
Why to break up four times.
TCP protocol is a connection-oriented, reliable, byte-stream-based Transport layer communication protocol. TCP is full-duplex mode, which means that when the host 1 is issued fin segment, only indicates that the host 1 has no data to send, Host 1 tells the host 2, its data has all been sent, but this time the host 1 can still accept data from host 2, when Host 2 returns an ACK segment, It is known that the Host 1 no data sent, but host 2 can still send data to host 1, when the host 2 also sent fin segment, this time indicates that the host 2 also no data to send, will tell the host 1, I have no data to send, and then each other will happily interrupt this TCP connection.
Why wait for 2MSL.
MSL: Maximum lifetime of the packet segment, which is the longest time in the network before any message segment is discarded.
There are two reasons:
Guaranteed full-duplex connection of TCP protocol can be closed reliably
Ensure that the duplicate data segment for this connection disappears from the network
1th: If the host 1 directly closed, then due to the IP protocol is not reliable or other network reasons, resulting in host 2 did not receive the Host 1 final reply ack. Then the host 2 will continue to send fin after the timeout, at this time because the host 1 has been closed, can not find a connection with the re-issued fin corresponding. Therefore, the host 1 is not directly into the closed, but to maintain the time_wait, when the fin is received again, can ensure that the other side received an ACK, and finally close the connection correctly.
2nd: If Host 1 is closed directly and then initiates a new connection to host 2, we cannot guarantee that the new connection will be different from the port number of the newly-closed connection. That is, it is possible that the port number of the new connection and the old connection is the same. In general, there is no problem, but there is a special case: assuming that the new connection and the old connection port number is closed, if some data of the previous connection is still stranded in the network, the delay data after the establishment of a new connection to host 2, because the new connection and the old connection port number is the same, The TCP protocol thinks that the deferred data belongs to the new connection, which is confused with the actual packet of the new connection. So the TCP connection also waits twice times the MSL in the TIME_WAIT state, which ensures that all data for this connection disappears from the network.