Which services are provided by the Internet layer of the TCP IP protocol suite?

Layer 2: Internet

The TCP/IP suite has four core protocols that work at the Internet layer, which maps to the Network layer of the OSI model. The Internet layer is responsible for packaging, addressing, and routing the data. The four core protocols used in the TCP/IP suite are:

The Internet Protocol (IP)

The Internet Control Message Protocol (ICMP)

The Internet Group Management Protocol (IGMP)

The Address Resolution Protocol (ARP)

1.1 Introduction

The Internet Protocol (IP) suite, commonly known as TCP/IP (the well-known Transmission Control Protocol/Internet Protocol), makes implicit assumptions of continuous, bi-directional end-to-end paths, short round-trip times, high transmission reliability, and symmetric data rates (Socolofsky and Kale, 1991). However, a wide range of emerging networks (outside the Internet) usually referred to as opportunistic networks, intermittently connected networks, or episodic networks violate these assumptions. These networks fall into the general category of delay/disruption-tolerant networks (DTNs) (Cerf et al., 2007). DTNs experience any combination of the following: sparse connectivity, frequent partitioning, intermittent connectivity, large or variable delays, asymmetric data rates, and low transmission reliability. More importantly, an end-to-end connection cannot be assumed to be available in these networks. Table 1.1 summarizes the main differences between traditional networks (Internet) and DTN networks.

Table 1.1. Main differences between the assumptions of traditional and delay-tolerant networks.

The TCP/IP stack does not properly handle such connectivity challenges. Firstly, the performance of TCP is severely limited by high latency and moderate to high loss rates. Secondly, the performance of the network layer is affected by the loss of fragments. Furthermore, the high latency also causes traditional routing protocols to incorrectly label links as nonoperational. This motivated the proposal of a new network architecture that was designed to enable communication under stressed and unreliable conditions.

The work on Interplanetary Internet Architecture, later generalized to the DTN architecture, began in the late 1990s (Burleigh et al., 2003). DTN is a network research topic focused on the design, construction, performance evaluation, and application of architectures, services, and protocols that intend to enable data communication among heterogeneous networks in extreme environments (Cerf et al., 2007; Scott and Burleigh, 2007; Fall and Farrell, 2008; Fall, 2003). To answer these challenges the DTN Research Group (DTNRG) (2002), which was chartered as part of the Internet Research Task Force (IRTF) (2013), proposed an architecture (i.e., RFC 4838) (Cerf et al., 2007) and a communication protocol (i.e., RFC 5050) (Scott and Burleigh, 2007) for DTNs.

This chapter provides an introduction to delay and disruption tolerant networks and it is organized as follows. Section 1.2 reviews the DTN architecture and its key concepts. Next, application scenarios for these networks are presented in Section 1.3. The most relevant well-known routing protocols for DTN-based networks are discussed in Section 1.4. Finally, Section 1.5 concludes the chapter presenting a summary of the review.

14.4 TCP/IP Suite

The TCP/IP suite (Figure 14.8) occupies the middle five layers of the 7-layer open system interconnection (OSI) model (see Figure 14.9) [30]. The TCP/IP layering scheme combines several of the OSI layers. From an implementation standpoint, the TCP/IP stack encapsulates the network layer (OSI layer 3) and transport layer (OSI layer 4). The physical layer, the data-link layer (OSI layer 1 and 2, respectively) and application layer (OSI layer 7) at the top can be considered non-TCP/IP-specific. TCP/IP can be adapted to many different physical media types.

IP is the basic protocol. This protocol operates at the network layer (layer 3) in the OSI model, and is responsible for encapsulating all upper layer transport and application protocols. The IP network layer incorporates the necessary elements for addressing and subnetting (dividing the network into subnets), which enables TCP/IP packets to be routed across the network to their destinations. At a parallel level, the ARP serves as a helper protocol, mapping physical layer addresses typically referred to as MAC-layer addresses to network layer (IP) addresses.

There are two transport layer protocols above IP: the UDP and TCP. These transport protocols provide delivery services. UDP is a connectionless delivery transport protocol and used for message-based traffic where sessions are unnecessary. TCP is a connection-oriented protocol that employs sessions for ongoing data exchange. File transfer protocol (FTP) and Telnet are examples of applications that use TCP sessions for their transport. TCP also provides the reliability of having all packets acknowledged and sequenced. If data is dropped or arrives out-of-sequence, the stack's TCP layer will retransmit and resequence. UDP is an unreliable service, and has no such provisions. Applications such as the simple mail transport protocol (SMTP) and hyper text transfer protocol (HTTP) use transport protocols to encapsulate their information and/or connections. To enable similar applications to talk to one another, TCP/IP has what are called “well-known port numbers.” These ports are used as sub-addresses within packets to identify exactly which service or protocol a packet is destined for on a particular host.

TCP/IP serves as a conduit to and from devices, enabling the sharing, monitoring, or controlling those devices. A TCP/IP stack can have a tremendous effect on a device's memory resources and CPU utilization. Interactions with other parts of the system may be highly undesirable and unpredictable. Problems in TCP/IP stacks can render a system inoperable.

XX. Simple Mail Transfer Protocol

The standard mail protocol in the TCP/IP suite (Internet) is the SMTP. It runs above TCP/IP and below any local mail service. Its primary responsibility is to make sure mail is transferred between different hosts. By contrast, the local service is responsible for distributing mail to specific recipients.

Figure 11 shows the interaction between local mail, SMTP, and TCP. When a user sends mail, the local mail facility determines whether the address is local or requires a connection to a remote site. In the latter case, the local mail facility stores the mail (much as you would put a letter in a mailbox), where it waits for the client SMTP. When the client SMTP delivers the mail, it first calls the TCP to establish a connection with the remote site. When the connection is made, the client and server SMTPs exchange packets and eventually deliver the mail. At the remote end the local mail facility gets the mail and delivers it to the intended recipient.

7.14 History notes

The Internet is a global network based on the Internet Protocol Suite (TCP/IP); its origins can be traced back to 1965, when Ivan Sutherland, the head of the Information Processing Technology Office (IPTO) at the Advanced Research Projects Agency (ARPA), encouraged Lawrence Roberts, who had worked previously at MIT’s Lincoln Laboratories, to become the chief scientist at ISTO Technologies and to initiate a networking project based on packet switching rather than circuit switching.

In the early 1960s Leonard Kleinrock at the University of California at Los Angeles (UCLA) developed the theoretical foundations of packet networks and, in the early 1970s, for hierarchical routing in packet-switching networks. Kleinrock published the first paper on packet-switching theory in 1961 and the first book on the subject in 1964.

In August 1968 DARPA released a request for quotation (RFQ) for the development of packet switches called interface message processors (IMPs). A group from Bolt Beranek and Newman (BBN) won the contract. Several researchers and their teams including Robert Kahn from BBN, Lawrence Roberts from DARPA, Howard Frank from Network Analysis Corporation, and Leonard Kleinrock from UCLA, played a major role in the overall ARPANET architectural design. The idea of open-architecture networking was first introduced by Kahn in 1972, and his collaboration with Vint Cerf from Stanford led to the design of TCP/IP. Three groups, one at Stanford, one at BBN, and one at UCLA, won the DARPA contract to implement TCP/IP.

In 1969 BBN installed the first IMP at UCLA. The first two nodes the ARPANET interconnected were the Network Measurement Center at UCLA’s School of Engineering and Applied Science and SRI International in Menlo Park, California. Two more nodes were added at UC Santa Barbara and the University of Utah. By the end of 1971 there were 15 sites interconnected by ARPANET.

Ethernet technology, developed by Bob Metcalfe at Xerox PARC in 1973, and other local area network technologies, such as token-passing rings, allowed the personal computers and workstations to be connected to the Internet in the 1980s. As the number of Internet hosts increased, it was no longer feasible to have a single table of all hosts and their addresses. The Domain Name System (DNS) was invented by Paul Mockapetris of USC/ISI. The DNS permitted a scalable distributed mechanism for resolving hierarchical host names into an Internet address.

UC Berkeley, with support from DARPA, rewrote the TCP/IP code developed at BBN and incorporated it into the Unix BSD system. In 1985 Dennis Jennings started the NSFNET program at NSF to support the general research and academic communities.

Transmission Control Protocol/Internet Protocol – TCP/IP

The TCP/IP is two interrelated protocols that are part of the Internet protocol suite. TCP operates on the OSI Transport Layer and breaks data into packets, controls host-to-host transmissions over packet-switched communication networks.

Internet protocol (IP) was designed for use in interconnected systems of packet-switched computer communication networks. IP operates on the OSI Network Layer and routes packets. The Internet protocol provides for transmitting blocks of data called datagrams from sources to destinations, where sources and destinations are hosts identified by fixed-length addresses. The Internet protocol also provides for fragmentation and reassembly of long datagrams, if necessary, for transmission through small-packet networks.

3.7 Summary

We’ve given a brief summary of the different layers of the IP suite. There are shelves full of books that cover this in more depth, from high-level application protocols through to router and switch configuration. We have focused on pulling out a few characteristics that will shape the way we implement NVEs.

Application layer protocols need to balance efficiency and compactness against readability. Although it is tempting to design messages to be as small as possible, ASCII strings are commonly used for header-like information as they are human readable.

At each layer of the TCP/IP stack, there is header information to add and to provide that layer with the necessary information to handle the data it contains. This encapsulation in layers is an important property of the stack, and means that very different host types and software types can interoperate.

UDP is an unreliable connectionless service, whereas TCP is a reliable connection-oriented service. The choice between the two is not as simple as just deciding whether or not reliability is needed. Reliability can be added on top of UDP: after all, TCP uses IP just as UDP. However, we pointed out that retransmission is not desirable in situations where the sender is sending rapidly changing data such as positions.

TCP provides flow control and congestion control so that bandwidth of the application can be managed. It also avoids fragmentation of packets, so it can be more efficient at transmitting large messages, utilizing the bandwidth available fully. Implementing this over UDP would be onerous.

IP provides the packet-routing layer of the Internet. Routers provide the basic forwarding mechanism, but there is also a “back-channel”, ICMP, that can be useful to get information about the reachability of hosts.

There are various link technologies in use, from mobile through wireless to fiber. There is a balance to be struck between cost and availability, though latency will be a particularly important feature for NVEs.

Multicast and QoS support might be available under certain situations.

We’ve also introduced a small suite of tools that can help us explore how the network is working. Wireshark, Ping, traceroute/tracert, nslookup and ipconfig/ifconfig are all essential tools to help understand and debug network applications.

12.1 Introduction

The Internet is a global system of interconnected computer networks that use the standard Internet Protocol (IP) suite to serve billions of users all over the world. Various network applications utilize the Internet or other network hardware infrastructure to perform useful functions. Network applications often use a client-server architecture, where the client and server are two computers connected to the network. The server is programmed to provide some service to the client. For example, in the World Wide Web (WWW) the client computer runs a Web client program like Firefox or Internet Explorer, and the server runs a Web server program like Apache or Internet Information Server where the shared data would be stored and accessed.

The Internet is based on packet switching technology. The information exchanged between the computers are divided into small data chucks called packets and are controlled by various protocols. Each packet has a header and payload where the header carries the information that will help the packet get to its destination such as the sender’s IP address. The payload carries the data in the protocols that the Internet uses. Each packet is routed independently and transmission resources such as link bandwidth and buffer space are allocated as needed by packets. The principal goals of packet switching are to optimize utilization of available link capacity, minimize response times, and increase the robustness of communication.

In a typical network, the traffic through the network is heterogeneous and consists of flows from multiple applications and utilities. Typically a stream of packets is generated when a user visits a website or sends an email. A traffic flow is uniquely identified by four-tuple {source IP address, source port number, destination IP address, destination port number}. Two widely used transport layer protocols are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). The main differences between TCP and UDP are that TCP is connection-oriented and a connection is established before the data can be exchanged. On the other hand, UDP is connectionless.

Many different network applications are running on the Internet. The Internet traffic is a huge mixture and thousands of different applications generate lots of different traffic. In addition to “traditional” applications (e.g., email and file transfer), new Internet applications such as multimedia streaming, blogs, Internet telephony, games, and peer-to-peer (P2P) file sharing have become popular [219]. Therefore, there are different packet sending and arrival patterns due to interaction between the sender and the receiver and data transmission behavior. Many of these applications are unique and have their own requirements with respect to network parameters such as bandwidth, delay, and jitter. Loss-tolerant applications such as video conferencing and interactive games can tolerate some amount of data loss. On the other hand, elastic applications such as email, file transfer, and Web transfer can make use of as much, or as little bandwidth as happens to be available. Elastic Internet applications have the greatest share in the traffic transported over the Internet today. Traffic classification can be defined as methods of classifying traffic data based on features passively observed in the traffic, according to specific classification goals. Quality of Service (QoS) is the ability to provide different priority to different applications, users, or data flows, or to guarantee a certain level of performance to a data flow.

The predictability of network traffic is of significant interest in many domains. For example, it can be used to improve the QoS mechanisms as well as congestion and resource control by adapting the network parameters to traffic characteristics. Dynamic resource allocation with the support of traffic prediction can efficiently utilize the network resources and support QoS. One of the key requirements for dynamic resource allocation framework is to predict traffic in the next control time interval based on historical data and online measurements of traffic characteristics over appropriate timescales. Machine learning algorithms are capable of observing and identifying patterns within the statistical variations of a monitored parameter such as resource consumption. They can then make appropriate predictions concerning future resource demands using this past behavior. There are two main approaches to predictions used in dynamic resource allocation: indirectly predicting traffic behavior descriptors and directly forecasting resource consumption.

In the indirect traffic prediction approach, it is assumed that there is an underlying stochastic model of the network traffic. Time-series modeling is typically used to build such a model from a given traffic trace. First, we want to determine the likely values of the parameters associated with the model. Then a set of possible models may be selected, and parameter values are determined for each model. Finally, diagnostic checking is carried out to establish how well the estimated model conforms to the observed data. A wide range of time series models has been developed to represent short-range and long-range dependent behavior in network traffic. However, it is still an open problem regarding how to fit an appropriate model to the given traffic trace. In addition, long execution times are associated with the model selection process.

The direct traffic prediction approach is more fundamental in nature and more challenging than indirect traffic descriptor prediction. This is because we can easily derive any statistical traffic descriptors from the concrete traffic volume, but not vice versa. Different learning and prediction approaches, including conventional statistical methods and machine learning approaches such as neural networks, have been applied to dynamic resource reservation problems [61]. Despite the reported success of these methods in asynchronous transfer mode and wireless networks, the learning and prediction techniques used can only provide simple predictions; that is, the algorithms make predictions without saying how reliable these predictions are. The reliability of a method is often determined by measuring general accuracy across independent test sets. For learning and prediction algorithms, if we make no prior assumptions about the probability distribution of the data, other than that it is identically and independently distributed (i.i.d.), there is no formal confidence relationship between the accuracy of the prediction made with the test data and the prediction associated with a new and unknown case.

Network behavior can change considerably over time and space. Learning and prediction should ideally be adaptive and provide confidence information. In this chapter, we apply conformal predictions to enhance the learning algorithms for network traffic classification and demand prediction problems. The novelty of conformal predictions is that they can learn and predict simultaneously, continually improving their performance as they make each new prediction and ascertain how accurate it is. Conformal predictors not only give predictions, but also provide additional information about reliability with their outputs. Note that in the case of regression the predictions output by such algorithms are intervals where the true value is supposed to lie.

The reminder of this chapter is structured as follows. Section 12.2 discusses the application of conformal predictions to the problem of network traffic classification. Section 12.3 considers the application of conformal predictions to the network demand predictions and presents a way of constructing reliable prediction intervals (i.e., intervals that include point predictions) by using conformal predictors. Section 12.4 shows experimental results of the conformal prediction on public network traffic datasets. Finally, Section 12.5 presents conclusions.

Publisher Summary

This chapter illustrates how cryptography is used on the Internet to secure protocols and reviews the architecture of the Internet protocol suite, as even what security means is a function of the underlying system architecture. It also reviews the Dolev-Yao model, which describes the threats to which network communications are exposed. In particular, all levels of network protocols are completely exposed to eavesdropping and manipulation by an attacker, so using cryptography properly is a first-class requirement to derive any benefit from its use. It is learnt that effective security mechanisms to protect session-oriented and session establishment protocols are different, although one can share many cryptographic primitives. Cryptography can be very successful at protecting messages on the Internet, but doing so requires preexisting, long-lived relationships. How to build secure open communities is still an open problem; it is probably intractable because a solution would imply the elimination of conflict between human beings who do not know each other.

5 Summary

This chapter examined how cryptography is used on the Internet to secure protocols. It reviewed the architecture of the Internet protocol suite, for even the meaning of what security means is a function of the underlying system architecture. Next it reviewed the Dolev–Yao model, which describes the threats to which network communications are exposed. In particular, all levels of network protocols are completely exposed to eavesdropping and manipulation by an attacker, so using cryptography properly is a first-class requirement to derive any benefit from its use. We learned that effective security mechanisms to protect session-oriented and session establishment protocols are different, although they can share many cryptographic primitives. Cryptography can be very successful in protecting messages on the Internet, but doing so requires preexisting, long-lived relationships. How to build secure open communities is still an open problem; it is probably an intractable question because a solution would imply the elimination of conflict between human beings who do not know each other.

Finally, let’s move on to the real interactive part of this chapter: review questions/exercises, hands-on projects, case projects, and optional team case project. The answers and/or solutions by chapter can be found in the online Instructor’s Solutions Manual.