Another alternative is periodic broadcasts of logical and physical address mappings. This method permits dynamic updates, but contributes unnecessary network traffic.
A third alternative, which the authors of the IP-over-Ethernet standard strongly recommend, is to use dynamic discovery with the Address Resolution Protocol (ARP). Node A broadcasts ARP Request packets over the network looking for a specific IP address. Node B has the matching IP address Node A is broadcasting and responds with an ARP Reply packet that contains Node B’s physical address. After Node A receives the reply, it adds the mapping to its ARP table. Node B also resolves the IP and Ethernet mapping and adds it to its ARP table. Thus, if Node B needs to communicate with Node A, Node B doesn’t need to send an ARP Request packet—it already has that information. ARP entries expire if a node doesn't use them, or when you reboot the machine. However, for frequently accessed addresses, the entries speed the process of resolving network layer addresses to data link layer addresses.
Routing Data. IP is the portion of the TCP/IP suite of protocols that’s responsible for getting data from point A to point B on the network. This protocol doesn’t initiate action, but it's called on by a transport layer protocol such as TCP to send data, after an application-level operation prompts TCP.
As a network-layer protocol, IP’s main functions are assigning software addresses to datagrams and breaking down large datagrams for transport across networks that require small packets. Network-layer transmissions are completely connectionless—IP establishes no explicit connection between sender and recipient, and packets arrive at their destination in no particular order. The only error detection implemented at the network layer is a header checksum that’s part of the IP datagram. If the checksum value doesn’t match when an IP transmission is complete, the Internet Control Message Protocol (ICMP) reports the problem back to the sender so that the sender can order another transmission.
IP addresses identify the node to which the network addresses a datagram and the segment of the network on which the node resides. The reason for this two-tiered design is simple: IP’s designers intended IP for use on WANs spread across the United States, and the designers couldn’t assume that an address was on the local segment. This two-tiered system means that the network can use the same addressing system for both local and remote addresses—the only difference is whether the network routes the datagrams.
Other protocols enable routers to determine the best path for data to take from point A to point B. Two of the protocols that NT supports are the Routing Information Protocol (RIP) and Open Shortest Path First (OSPF) protocol. RIP is mechanically simple: Routers announce their current status to the other routers every 30 seconds. The network number and subnet mask identify routes to a given network. The router assumes routes are valid for as long as 180 seconds and stores these routes in a routing table. If the router doesn’t update a route for 6 of these 180-second periods, the router removes the route from the routing table. The routing table lists only one route to each network, so lower-cost (i.e., routes with fewer hops or shorter times) routes supersede existing ones. To minimize network traffic, routers share their routing tables with the routers next to them. This setup means routers several hops away from each other must wait for routing tables to trickle through their neighbors before the information reaches them. For example, Router 5 will eventually receive the contents of Router 10’s routing table, as the updates trickle down from Router 10’s network.
OSPF announces itself with a Hello packet as each router on an internetwork starts, and at regular intervals thereafter. The routers one hop away hear this Hello and note the router’s presence. At intervals, each router announces its state to the other routers in the internetwork, which lets all the routers in the internetwork determine which routers are functioning and how busy they are.
The other routers take this router status and route table information and run algorithms on it to determine the lowest cost path to a particular network. Network number and subnet mask identify this route. After the router determines the lowest-cost path, the router lists the router leading to that path in the routing table. If more than one valid path with the same metric is available, then the router will use all available paths, distributing traffic among them to even out network use. This setup contrasts to RIP, which maintains only one path from each source to each destination. To keep from monopolizing network bandwidth, routers using OSPF share their routing tables with only the routers adjacent to them, but share their state with the entire internetwork.
Transport: Managing Application to Network Communication
Network-layer protocols such as IP and IPX decide which route is most efficient at any given time, but these protocols aren’t concerned with making sure that the data reaches its destination. That job is the responsibility of protocols operating at the transport layer. At this layer of the OSI model, the network corrects errors and resends data. Transport-layer protocols are most important when the network’s physical structure (e.g., WANs) isn’t dependable.
TCP operates mainly at the transport layer but has some session-layer properties. TCP acts as a go-between for applications and the network-layer protocol. As with other transport-layer protocols, TCP’s function is error correction for the network-layer protocols. This responsibility includes ordering IP datagram resends in case of timeouts or other errors before the network delivers the original datagrams. TCP doesn’t package and send data; it handles interprocess communications so that IP datagrams have error control. The network sends TCP packets within IP datagrams.
UDP operates at the transport layer and is another important part of the TCP/IP suite. The network uses UDP for program-to-program communication and supports applications such as NetBIOS name resolution. Like TCP, UDP depends on IP.
Session: Identifying and Connecting to Network Resources
Protocols at the session layer are responsible for communication between systems, such as remote procedure calls (RPCs), printer errors, and NetBIOS information. When hardware needs to speak with remote hardware, it communicates with a session-layer protocol.
NetBIOS is the standard API for services such as locating resources on the network, establishing connections, sending and receiving data, and breaking connections. NetBEUI, which is an extended set of NetBIOS commands with networking support built in, supports NetBIOS natively. However, to access NetBIOS services, TCP/IP requires a special protocol called NetBIOS over TCP/IP (NBT). The lower-level transport-layer protocols (i.e., UDP and TCP) support NBT.
By setting up a session-layer messaging system for communication between client and server, NetBIOS communications use Server Message Blocks (SMBs) to enable file-and-print sharing over Microsoft networks. The redirector, operating at the application level, interjects between application data requests and the OS to determine whether these requests apply to data available locally or to network-accessible resources. SMBs don’t transport data but are responsible for passing messages between client and server, so they can run atop any supported transport protocol: TCP/IP, NetBEUI, and the Microsoft implementations of IPX and SPX work with SMB-based messaging.
NT uses an upgraded version of SMB called the Common Internet File System (CIFS), which Microsoft based on SMB. CIFS works in the same way as SMB and has many of the same functions, with a few enhancements. For example, rather than resolving to NetBIOS names, CIFS can use Domain Name System (DNS) name resolution. Microsoft designed CIFS to be more secure than standard SMB: CIFS requires that a server authenticate access before contact is made.
Presentation and Application
Presentation protocols ensure that the data the network passes between systems is in a form that the recipient can understand. Compression, decompression, encryption, and decryption take place at this level. Presentation refers to the manner in which the system presents the data, rather than how the interface looks.
Application-layer protocols are responsible for all communication between user applications running on two separate machines, such as when you open a file on a file server or run an application from an application server. Client/server applications such as email operate at this layer.
A Final Map
Pull together each layer as I’ve discussed in this article, and you’ve created an OSI model applied to a TCP/IP network with thin-client networking capability and a connection to the Internet. Data transfer takes place on the physical level; so to send data, each layer passes information to the layer below it, and to receive data, each layer passes information to the layer above it.