Networking Basics CCNA 1
Chapter 11
www.ciscopress.com
The TCP/IP Transport Layer
• TCP/IP transport layer includes several
protocols
– Transmission Control Protocol (TCP)
– User Datagram Protocol (UDP)
– TCP has more functions
– UDP has less overhead
• Main goal of the transport layer:
– Provide the service of taking data from one
application process on one computer and delivering
that data to the correct application process on another
computer
www.ciscopress.com
The TCP/IP Transport Layer
• Comparing transport and internet layers:
– Internet layer delivers packets from one
computer to another, but is not concerned
with which application sent the data or which
application on the receiving computer needs
the data
– If multiple instances of an application are
running on the destination computer, the
transport layer works to ensure the proper
instance gets the data and not the others
www.ciscopress.com
The TCP/IP Transport Layer
Comparing TCP and UDP
www.ciscopress.com
The TCP/IP Transport Layer
Flow Control and Windowing
• When a host sends data using TCP, the
receiving host can control how fast each TCP
sender sends the data over time – this is called
flow control
• Flow control is used for many reasons
– Receiver needs time to process the data
– Receiver has finite amount of memory, so if data
keeps arriving, it could run out of memory
www.ciscopress.com
The TCP/IP Transport Layer
Flow Control Through Dynamic Sliding Windows
• Receiver tells sender how many bytes the
sending host can send before it receives an
acknowledgement – a value called a window
• When the sending host has sent an entire
window’s worth of data, it must wait for an
acknowledgement, slowing its rate of sending
data
• The window size can be increased to allow a
faster transfer rate
www.ciscopress.com
The TCP/IP Transport Layer
Dynamic Windowing
www.ciscopress.com
The TCP/IP Transport Layer
Flow Control Through Withholding
Acknowledgements
• After a sending host has sent one window worth
of bytes, it must wait to send more
• The receiver can wait to send
acknowledgements, which prevents the sender
from sending more data
• This process of withholding acknowledgements
is sometimes known as start/stop flow control
www.ciscopress.com
The TCP/IP Transport Layer
Withholding Acknowledgements
www.ciscopress.com
The TCP/IP Transport Layer
Establishing and Terminating TCP Connections
• TCP is a connection-oriented protocol
– Allows it to set initial values to the window and to
initialize sequence number values
• TCP uses a process called a three-way
handshake to create a new TCP connection
– Uses three TCP segments that use two of the TCP
flags in the TCP header
• The synchronize (SYN) flag
• The acknowledge (ACK) flag
www.ciscopress.com
The TCP/IP Transport Layer
Three-Way TCP Connection Establishment
www.ciscopress.com
The TCP/IP Transport Layer
TCP Error Recovery (Reliability)
• TCP is a reliable protocol (at least in a
networking perspective)
– Performs error recovery
– All data eventually gets to the destination,
even if some is initially lost in transport
www.ciscopress.com
The TCP/IP Transport Layer
TCP Acknowledgements with no Error Recovery
Needed
www.ciscopress.com
The TCP/IP Transport Layer
TCP Error Recovery (Reliability)
• TCP uses two header fields to signal to other
computer as to whether a segment was received
– Sequence number
• Keeps track of all the bytes sent over a TCP connection
– Acknowledgement number
• Lets the sending device know the number of the segment the
receiving device expects next
• Practice of stating the next byte expected to be received is
called a forward acknowledgement or expectational
acknowledgement
www.ciscopress.com
The TCP/IP Transport Layer
TCP Error Recovery
www.ciscopress.com
The TCP/IP Transport Layer
TCP Error Recovery (Reliability)
• If a segment is lost or destroyed during
transmission, the receiving PC requests
that it be retransmitted
• If an acknowledgement is not received by
the sending PC within a certain time (a
timer has been set), the sending PC
resends the segment
www.ciscopress.com
The TCP/IP Transport Layer
Segmentation, Reassembly, and In-Order Delivery
• TCP segmentation refers to the process of
accepting a large chunk of data from the
application protocol and breaking it into pieces
that are small enough for transmission
– The size of the segment is limited
– Ethernet limits frames to 1500 data bytes in the data
field of a frame
• IP and TCP headers are each 20 bytes long
• Maximum data portion is therefore 1460 bytes
www.ciscopress.com
The TCP/IP Transport Layer
Segmentation, Reassembly, and In-Order Delivery
• TCP on the receiving computer reassembles
data into its original form
• The data is put in the correct order
– If segments of a file are assembled out-of-
order, the file is useless
– TCP provides a guarantee of in-order delivery
www.ciscopress.com
The TCP/IP Transport Layer
Segmentation, Reassembly, and In-Order Delivery
• Due to IP routing, a TCP receiver can receive
data out of order
• If multiple routes exist between a source and a
destination, routers can load-balance over
several routes
• Packets can arrive out of order
www.ciscopress.com
The TCP/IP Transport Layer
TCP Providing In-Order Delivery
www.ciscopress.com
The TCP/IP Transport Layer
TCP and UDP Header Reference
• TCP and UDP use a header to hold information
for performing tasks
– TCP needs ACK and SYN flags
• First two fields in TCP and UDP are identical
– Both use port numbers to identify application
processes
• TCP has a longer header (20 bytes vs. 8 bytes)
www.ciscopress.com
The TCP/IP Transport Layer
TCP and UDP Headers
www.ciscopress.com
The TCP/IP Transport Layer
TCP Header Fields
www.ciscopress.com
The TCP/IP Transport Layer
TCP Header Fields
www.ciscopress.com
The TCP/IP Transport Layer
UDP Header Fields
www.ciscopress.com
The TCP/IP Transport Layer
Identifying Application Processes Using Port
Numbers
• Both TCP and UDP identify the specific
application process that sends the data and the
application process that needs to receive the
data
– To make this determination, TCP and UDP use port
numbers
– Each application uses a different local port number
www.ciscopress.com
The TCP/IP Transport Layer
Using Port Numbers to Identify the Correct
Application Process
www.ciscopress.com
The TCP/IP Transport Layer
Identifying Application Processes Using Port
Numbers
• In previous slide, the application was assigned a
dynamic port number by the host computer
– A host typically dynamically allocates port numbers of
value 1024 (210) through 65,535 (216 - 1)
– When a host starts a new application process, it
allocates a dynamic port number that is not already in
use by another process
– By each process having its own port number, a PC
can have multiple conversations with other PCs
(sometimes called multiplexing)
www.ciscopress.com
The TCP/IP Transport Layer
Identifying Application Processes Using Port
Numbers
• Connection to Servers: Well-Known Ports
– Most TCP/IP applications use a client/server
model for communications
– Servers cannot use dynamic port numbers
because clients must know ahead of time
what port numbers servers use
– Servers must wait and listen on certain port
numbers for client requests
www.ciscopress.com
The TCP/IP Transport Layer
Identifying Application Processes Using Port
Numbers
• Connection to Servers: Well-Known Ports (continued)
– For servers to work well, TCP/IP defines one or more
well-known ports, each reserved for use by a specific
application protocol
• For example, HTTP connects to a server listening on port 80
– A server might be a single, high-powered computer;
in this chapter it means “TCP/IP software application,”
one that uses port numbers
– Multiple software server applications could be running
on one physical server
www.ciscopress.com
The TCP/IP Transport Layer
Client Connecting to Well-Known Port of a Web
Server (80)
www.ciscopress.com
The TCP/IP Transport Layer
Popular Applications and Their Well-Known Port Numbers
www.ciscopress.com
The TCP/IP Transport Layer
Identifying Application Processes Using Port
Numbers
• Comparing Well-Known, Dynamic, and
Registered Ports
– IANA assigns the values for well-known ports and for
registered port numbers
• Registered ports are assigned to servers that the average
end-user can start, such as instant-messaging applications
• Well-known ports are started by IT staff for applications such
as web servers, email, FTP servers
www.ciscopress.com
The TCP/IP Transport Layer
Uses of Port Numbers
www.ciscopress.com
The TCP/IP Transport Layer
Identifying Application Processes Using
Port Numbers
• Comparing Well-Known, Dynamic, and
Registered Ports (continued)
– Both TCP and UDP use port numbers
– To see the port numbers used on a
computers running a Microsoft OS, use the
netstat –an command
www.ciscopress.com
The TCP/IP Application Layer
• The TCP/IP application layer performs the same
functions as the top three layers of the OSI
model
– Defines format of data being transferred
– Performs encryption
– Sets protocol rules for transferring data
– Sets up combinations of messages, called dialogs or
sessions, that must be sent before a transaction can
be considered complete
• Do not confuse the application layer with the
applications themselves!
www.ciscopress.com
The TCP/IP Application Layer
Distinction
Between an
E-Mail
Application
and E-Mail
Application
Layer
Protocols
www.ciscopress.com
The TCP/IP Application Layer
Application Protocols Used by End Users
• Domain Name System (DNS) – resolves names
into IP addresses
• Hypertext Transfer Protocol (HTTP) – transfers
files from web servers to web browsers
• Simple Mail Transfer Protocol (SMTP) and Post
Office Protocol version 3 (POP3) –send and
receive e-mail, respectively
• File Transfer Protocol (FTP) – stores and
retrieves files
www.ciscopress.com
The TCP/IP Application Layer
Application Protocols Used by End Users
• Name Resolution Using DNS
– Easier to remember names than IP addresses
– A name like www.cisco.com is generically
called a hostname
– The cisco.com part is the domain name
– The last part (.com) is a top-level domain
www.ciscopress.com
The TCP/IP Application Layer
DNS Resolution After Inserting a URL into a Web
Browser
www.ciscopress.com
The TCP/IP Application Layer
Common High-Level DNS Domains
www.ciscopress.com
The TCP/IP Application Layer
Application Protocols Used by End Users
• World Wide Web and HTTP
– Web server software stores information that
the web server wants to make available to
web browsers such as Internet Explorer and
Firefox
– Web servers use HTTP to transfer the files
that make up a web page
www.ciscopress.com
The TCP/IP Application Layer
Application Protocols Used by End Users
• World Wide Web and HTTP (continued)
– HTTP transfer process:
• The browser asks the web server to send one file that
contains instructions and displayable content
• The browser displays the file’s contents
• The browser looks for instructions inside the first file, which
might tell it to get more files
• The browser asks the web server for additional files
• The browser displays the additional content, which might
include instructions to download additional files
• The process continues until all files are downloaded and
displayed
• HTTP uses a GET request to ask for a file
www.ciscopress.com
The TCP/IP Application Layer
HTTP Transfers Three Files
www.ciscopress.com
The TCP/IP Application Layer
Application Protocols Used by End Users
• World Wide Web and HTTP (continued)
– The term HTTP is from the first type of file supported
by a web browser
• Hyper Text Markup Language (HTML)
– Web browsers needed to download files of this type,
so HTTP was created as a protocol to handle HTML
files
– Universal Resource Locators (URLs), commonly
referred to as web addresses, identify web pages that
need to be displayed, or a hyperlink can be clicked on
www.ciscopress.com
The TCP/IP Application Layer
Application Protocols Used by End Users
• E-Mail Protocols: SMTP and POP3
– A PC sends mail to its SMTP server using its
e-mail client software
– The SMTP server forwards the e-mail to the
destination SMTP server
– The destination PC retrieves the e-mail with
the POP3 protocol used by its e-mail client
www.ciscopress.com
The TCP/IP Application Layer
Process of Sending an E-Mail
www.ciscopress.com
The TCP/IP Application Layer
Application Protocols Used by End Users
• E-Mail Protocols: SMTP and POP3 (continued)
– In some cases, the physical server sending the e-mail
is a different server than the one used for checking e-
mail
– POP3 is the most common protocol for an incoming
e-mail server, but IMAP4 is sometimes used
– Most SMTP servers are configured to only accept e-
mail from inside the same internetwork, due to
security reasons
www.ciscopress.com
The TCP/IP Application Layer
Application Protocols Used by End Users
• E-Mail Protocols: File Transfer Protocol
– File Transfer Protocol (FTP) supports file transfers
• FTP clients store files on FTP servers and can retrieve files
from them
www.ciscopress.com
The TCP/IP Application Layer
Application Protocols Used by End Users
• E-Mail Protocols: File Transfer Protocol
(continued)
– FTP uses two separate TCP connections
• Control connection uses well-known port 21 on the
FTP server and sends control information such as
data transfer mode
• Connection on well-known port 20 is used for
actual data transfer
www.ciscopress.com
The TCP/IP Application Layer
Application Protocols Often Used for
Network Management
• Three primary network management protocols:
1. Trivial File Transfer Protocol (TFTP): works similar to FTP, but
with some benefits when used on networking devices
2. Simple Network Management Protocol (SNMP): Allows
management software (the client) to query networking devices
(the server) to manage and control the networking devices
3. Telnet: allows a client to emulate a terminal; allows a user to
sit at one computer (the Telnet client) and to use a remote
computer (the Telnet server) through a text-based interface
www.ciscopress.com
The TCP/IP Application Layer
• Three primary network management
protocols (continued):
1. TFTP
• Performs some of the same functions as FTP
• TFTP has some advantages: server software is small,
allows routers and switches to transfer files without
consuming too much permanent storage space
• Most network engineers use a TFTP client package
and a TFTP server package on their PCs
www.ciscopress.com
The TCP/IP Application Layer
• Three primary network management protocols
(continued):
2. SNMP
• Allows a network engineer to monitor an internetwork’s
status
• The Network Management System (NMS) software can
perform this function
• Uses SNMP GET requests
• The managed device (router, switch) must run an
SNMP agent to be able to reply to the GET requests
www.ciscopress.com
The TCP/IP Application Layer
NMS Using SNMP GETs to Retrieve
Information from SNMP Agents
www.ciscopress.com
The TCP/IP Application Layer
• Three primary network management protocols
(continued):
3. Telnet
• Allows a user to sit at one computer and access another IP host
by using Telnet client software (the other host must run Telnet
server software)
• After connecting, the user at the Telnet client (called the local
host) can issue commands that are executed on the other IP host
(called the remote host)
• Telnet is the primary tool for remotely accessing routers and
switches
• Cisco routers and switches come with built-in Telnet servers
www.ciscopress.com
The TCP/IP Application Layer
Telnet Client Accessing a Router
www.ciscopress.com
The TCP/IP Application Layer
Application Protocol Summary
• Many other application protocols exist, but the ones
mentioned in this chapter are the mainstream
• The protocols all share a common feature:
– They use a TCP transport layer protocol (either TCP or UDP
– TCP: HTTP, SMTP, POP3, FTP, and Telnet
– UDP: DNS, TFTP, SNMP
• UDP does not do error recovery; implements error
recovery at the application layer
• DNS and SNMP use a timeout mechanism that allows
them to resend a request or allows the user to repeat the
action
www.ciscopress.com
Summary
• Primary duty of the transport layer (OSI Layer 4), is to
take data from the application process on one computer
and deliver the data to the correct application process on
another computer
• Both TCP and UDP identify data from upper-layer
applications based on port number
• UDP provides only basic delivery of data and
identification of applications by port number
• TCP provides additional functions, including error
recovery (reliability), flow control, segmentation and re-
assembly, and in-order data delivery
• TCP uses connection-oriented logic, connecting
dynamically with a three-way handshake
www.ciscopress.com
Summary
• TCP numbers the first byte of each segment with
a sequence number
• TCP acknowledges the receipt of data by using
an acknowledgement number
• This process allows a receiving host to tell the
sender to resend data
• The sequence numbers allow the receiving host
to put data in the correct order before giving it to
the application
www.ciscopress.com
Summary
• Flow control ensures a transmitting node does
not overwhelm a receiving node
• The simplest method of flow control is when a
receiving host sends a “not ready” signal by
withholding acknowledgements
• TCP also uses dynamic windowing, which is a
more efficient process
• Dynamic windowing allows the receiving host to
vary the amount of data a sender can send
before it has to receive an acknowledgement
www.ciscopress.com
Summary
• Positive acknowledgement with retransmission
refers to the process of explicitly acknowledging
received data, with the sender resending any
unacknowledged segments
• Connection-oriented TCP provides a wide range
of functions, but UDP has some advantages
– UDP has less overhead (an 8-byte header versus a
20-byte header for TCP)
– UDP does not slow down because of flow control
www.ciscopress.com
Summary
• Popular application layer protocols:
– DNS: Used in IP networks to translate names of network nodes
into IP addresses
– FTP: Transfers files between networks
– HTTP: Delivers HTML documents to a client application, such as
a web browser
– SMTP: Provides e-mail services
– SNMP: Monitors and controls network devices and manages
configurations, statistics collection, performance and security
– Telnet: Used to log in to a remote host that runs a Telnet server
application and then to execute commands from the command
line
www.ciscopress.com