Internet Protocol Layers

(Not ISO, but it works)

At frigate networks, we find it helpful to think of The Internet Protocols in layers. Our layers don't match the exactly match ISO model, but we find them very useful in practice:
 

Application Layer
  Socket Layer
Routing Layer
Link Layer
Device Driver
 
Application Layer

Applications let people do something useful with the network. They can be very simple diagnostic programs such as "ping" or "traceroute". Or they can be more complex and sophisticated programs such as "telnet" or "ftp". They can be groups of programs. At frigate, for example, we use "httpd" and "tcl" to implement Web-based remote management. We also use "sendmail" and "popper" to implement an SNMP and POP3 mail server. Most of the applications that we know about talk to other stations on the Internet through "sockets".

Socket Layer

The socket layer provides an application with a programming interface to the network that looks like a file. When an application writes to the socket, the socket layer sends data to an application on a remote host. When an application reads from a socket, the socket layer provides data received from a remote host.

Types of sockets include: "raw", "UDP", and "TCP". The "ping" program uses a "raw" socket. The Routing Information Protocol (RIP), "traceroute", and most Domain Name Service (DNS) operations use UDP. Multicast Backbone ("mbone") applications such as "vat" use UDP. The vast majority of applications, including Web browsers (such as Netscape Navigator and Microsoft Explorer), ftp, and telnet, use TCP. Although the socket interface is protocol independent, authors of Internet applications are not blind to which protocol type of socket is being used. Neither UDP nor "raw" sockets provide as much capability as TCP. The author of an application that uses one of these types of sockets needs to make up for missing capabilities or decide that these missing capabilities are not needed.

When data is written to a raw socket the host adds an IP header containing a destination address and source address. By default, the source address is the IP address assigned to the output interface. In addition to IP source and destination address, a UDP socket also adds an optional (but recommended) checksum and source and destination port numbers. These port numbers are used to distinguish which application and which process on the remote system will receive the data. TCP includes all the capabilities of UDP, and adds a window transmission protocol with acknowledgments, timeouts, and retransmissions. The checksum is mandatory and TCP guarantees reliable, in-sequence reception of data by the remote application. Modern TCP implementations automatically adjust to changes in speed, reliability, and congestion in the path through the Internet to a remote host. This ability to tolerate fluctuations in network performance has made TCP a very widely-used protocol.

Routing Layer

The routing layer is where the decision is made to receive, forward, or discard a packet. This decision is based on the destination IP address. Encrypting routers may also use the destination IP address to determine how to cipher a packet. "Firewall" routers may also look at source IP address and UDP or TCP source and destination ports when deciding whether to forward or discard a packet. By discarding packets based on source IP address and UDP or TCP ports, traffic from specific hosts or specific applications is selectively disabled. The relationship between the routing layer and Internet security is changing rapidly as people add increasingly sophisiticated filtering capabilities to routers. Ascend, cisco, and Digital have recently announced new products in this area.

Link Layer

The link layer provides a mechanism for sending an IP packet over a particular network or media. Examples of such networks include point-to-point links, frame relay, regular analog telephone (POTS), ISDN, Ethernet and Token Ring. Because the link layer software is responsible for encapsulating IP packets in a way that meets the requirement of a particular network, IP routing and the socket and application layers above IP routing are network and media independent. Anything that is done at the IP routing layer or above works over all media. This is one of the major advantages of using TCP/IP.

Examples of link layer protocols are PPP HDLC, PPP Async Pseudo-HDLC, Frame Relay RFC 1490 (often called "IETF"), Ethernet, and SNAP.

Device Driver

The device driver layer refers to the software that manages the network interface hardware and sends and receives packets. Device drivers often have strict performance requirements and limited development tools available. Since they are accessing real hardware, they have the potential to cause a system failure.

Standard driver interfaces such as FTP Software's "Packet Driver" and Microsofts NDIS, reduce the need for custom device drivers. For those customers who cannot take advantage of one of these standard interfaces, frigate networks offers consulting services to support development and maintainence of device drivers for BSD and various embedded operating systems.


Copyright 1997-1999

frigate networks
1119 Timberpine Court
Sunnyvale, CA 94086

info@frigate.com
 
(408) 244-8864

Comments about this page to: cslater@frigate.com

[frigate home page]