Computer Networks II Unit - IV TCP/IP - II

UNIT IV- TCP/IP-II

Transport Control Protocol (TCP)

 TCP is a connection oriented, reliable protocol used in internet to provide a reliable end-
to-end byte stream over an unreliable internetwork (IP)
 An internetwork differs from a single network because different parts have different
topologies, Bandwidths, Delays, Packet sizes and other parameters
 TCP has been designed to dynamically adapt to the properties of the internetwork.
 TCP is connection oriented, two processes hand shake each other to establish a
connection
 Connection is established between two processes by initializing variables in a connection
record called transmission control block (TCB).
 Connection is established bidirectional; hence data transfer takes place simultaneously in
both directions.
 Stream Data Transfer:- transfers a contiguous stream of bytes across the network, with no
indication of boundaries
 Doesn’t support multicasting or broadcasting.
 Uses selective repeat ARQ to implement reliability.
 A TCP connection is uniquely identified by 4 parameters:
1) Sender IP address
2) Sender port number
3) Receiver IP address
4) Receiver port number
Typically server is assigned a well known port number and client is assigned an ephemeral
port number.

Port addresses

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 1
Computer Networks II Unit - IV TCP/IP - II

TCP Protocol
Source Port and Destination port:-The source and destination ports identify the sending
and receiving applications.
Sequence number:- 32 bit sequence numbers are used for acknowledgements and window
mechanism

The three phases of TCP communication are:-

1. TCP Connection establishment

2. Data transfer phase
3. TCP connection Termination

TCP Connection establishment

To establish a connection, TCP uses a three-way handshake. Before a client attempts to

connect with a server, the server must first bind to a port to open it up for connections: this is
called a passive open. Once the passive open is established, a client may initiate an active
open.

To establish a connection, the three-way (or 3-step) handshake occurs:

1. The active open is performed by the client sending a SYN to the server.
2. In response, the server replies with a SYN-ACK.
3. Finally the client sends an ACK back to the server.

At this point, both the client and server have received an acknowledgment of the connection.

Example:

1. The initiating host (client) sends a synchronization packet (SYN flag set to 1) to initiate a
connection. It sets the packet's sequence number to a random value x.
2. The other host receives the packet, records the sequence number x from the client, and
replies with an acknowledgment and synchronization (SYN-ACK). The
Acknowledgment is a 32-bit field in TCP segment header. It contains the next sequence
number that this host is expecting to receive (x + 1). The host also initiates a return
session. This includes a TCP segment with its own initial Sequence Number of value y.
3. The initiating host responds with the next Sequence Number (x + 1) and a simple
Acknowledgment Number value of y + 1, which is the Sequence Number value of the
other host + 1.

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 2
Computer Networks II Unit - IV TCP/IP - II

Figure:- Three-way handshake

 Each SYN message during connection establishment can specify options such as
maximum segment size (MSS), window scaling and time stamps.
 The three way handshake procedure ensures that both host’s agree on their initial
sequence numbers.
Let us consider a situation why the initial sequence number must be different at every
time and what happened if a host can always use the same initial sequence number.

Figure: - Justifying a three way handshake: If a host always uses the same initial
sequence, old segments cannot be distinguished from the current ones.

In above case, after connection is established, a delayed segment from the previous
connection arrives.
Host B accepts this segment, since the sequence number is legal.

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 3
Computer Networks II Unit - IV TCP/IP - II

If a segment from current connection arrives later, it will be rejected by host B, thinking that
the segment is a duplicate. Thus host B cannot distinguish a delayed segment from the new
one.

The below figure is an example for client server application

TCP Data Transfer

 TCP uses Selective Repeat ARQ protocol as sliding window mechanisms.

 TCP also applies flow control by dynamically advertising the window size (flow control
is the mechanism of regulating the traffic between two points and is used to prevent the
sender from overwhelming the receiver with too much data.
 In each TCP segment, the receiver specifies in the receive window field the amount of
additional received data (in bytes) that it is willing to buffer for the connection.
 The sending host can send only up to that amount of data before it must wait for an
acknowledgment and window update from the receiving host.

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 4
Computer Networks II Unit - IV TCP/IP - II

Figure:-TCP Window flow control

The above figure illustrates an example for TCP Window flow control

 Suppose at time t0, the TCP module in host B advertised a window of 2048 and expected
next byte received to have a sequence number 2000. This advertised window size allows
host A to transmit upto 2048 bytes of unacknowledged data.
 At time t1, host A has only assumed 1024 bytes to transmits all the data starting with
sequence number 2000, and this TCP entity also advertises a window of size 1024 bytes
to host B and next byte expected to have a sequence number 1.
 When the segment arrives, host B chooses to delay the acknowledgement for
piggybacking (the technique of temporarily delaying outgoing acknowledgments so that
they can be looked onto the next outgoing data frame is known as piggybacking).
Meanwhile at t2, host A has another 1024 bytes of data and transmits it. After the
transmission, A’s sending window closes completely. It is not allowed to transmit any
more data until an acknowledgment comes back.
 At time t3, host B has 128 bytes of data to transmit. Host B simply piggybacks the
acknowledgment (ACK=4048) to the data segment. at this time also host B also
advertises the window size of 512 bytes (because of some other connection the window
size may shrink).
 When host A receives the segment, at time t4, assume that host A has nearly 2048 bytes
of data, but it is allowed only 512 bytes.

Like this, window advertisement dynamically controls the flow of data from one host to
another and it prevents the receiver buffer from being overrun.

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 5
Computer Networks II Unit - IV TCP/IP - II

Nagle Algorithm
• Situation: user types 1 character at a time
– Transmitter sends TCP segment per character (41B)
– Receiver sends ACK (40B)
– Receiver echoes received character (41B)
– Transmitter ACKs echo (40 B)
– 162 bytes transmitted to transfer 1 character!
• Solution:
– TCP sends data & waits for ACK
– New characters buffered
– Send new characters when ACK arrives
– Algorithm adjusts to RTT
• Short RTT send frequently at low efficiency
• Long RTT send less frequently at greater efficiency

Silly Window Syndrome

Situation:
 Transmitter sends large amount of data
 Receiver buffer depleted slowly, so buffer fills
 Every time a few bytes read from buffer, a new advertisement to transmitter is
generated
 Sender immediately sends data & fills buffer
 Many small, inefficient segments are transmitted

Solution:
 Receiver does not advertise window until window is at least ½ of receiver buffer or
maximum segment size
 Transmitter refrains from sending small segments.

TCP Connection Termination

 TCP provides two types of connection terminations i.e. graceful and abrupt termination.
 A graceful termination can be initiated by an application, when it is having no more data
to send.
 The TCP entity completes transmission of its data and, upon receiving acknowledgement
from the receiver, issues a segment with the FIN bit set.
 Upon receiving the FIN segment, a TCP entity informs its application that other entity
has terminated its transmission of data.

For example, in below figure,

 The host A terminates its transmission by issuing a FIN segment.
 Host B sends an ACK segment upon receiving the FIN segment from host A.
 After B receives the FIN segment, host B sends 150 bytes of data in one segment,
followed by FIN segment.

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 6
Computer Networks II Unit - IV TCP/IP - II

 Host A sends then sends an acknowledgment.

 Host A enters the TIME_WAIT state and starts TIME_WAIT timer with an initial
value=2*MSL.
 If such a FIN segment arrives while host A is the TIME_WAIT state, then the ACK
segment is transmitted and the TIME_WAIT timer is restarted at 2MSL.
 When TIME_WAIT timer expires, host A closes the connection.

Figure:- TCP Graceful close

 The second type of termination is an abrupt connection termination through reset (RST)
segments.
 If an application decides to terminate a connection abruptly, it issues an ABORT
command, which causes TCP to discard any data that is queued for transmission and to
send an RST segment.
 The TCP that receives the RST segment then notifies its application process that the
connection has been terminated.

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 7
Computer Networks II Unit - IV TCP/IP - II

TCP state Transition diagram

Figure: - TCP state Transition diagram

Note: - thick solid line is normal state trajectory for a client and the dashed line is
normal state trajectory for a server

 A connection progresses through a series of states during its lifetime. The states are:
LISTEN, SYN-SENT, SYNRECEIVED, ESTABLISHED, FIN-WAIT-1, FIN-WAIT-2,
CLOSE-WAIT, CLOSING, LAST-ACK, TIME-WAIT, and the fictional state CLOSED.
 CLOSED is fictional because it represents the state when there is no TCB, and therefore,
no connection.
Briefly the meanings of the states are:
LISTEN represents waiting for a connection request from any remote TCP and port.
SYN-SENT represents waiting for a matching connection request after having sent a
connection request.
SYN-RECEIVED represents waiting for a confirming connection request acknowledgment
after having both received and sent a connection request.
ESTABLISHED represents an open connection, data received can be delivered to the user.
The normal state for the data transfer phase of the connection.
FIN-WAIT-1 represents waiting for a connection termination request from the remote TCP,
or an acknowledgment of the connection termination request previously sent.
FIN-WAIT-2 represents waiting for a connection termination request from the remote TCP.

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 8
Computer Networks II Unit - IV TCP/IP - II

CLOSE-WAIT represents waiting for a connection termination request from the local user.
CLOSING represents waiting for a connection termination request acknowledgment from
the remote TCP.
LAST-ACK represents waiting for an acknowledgment of the connection termination
request previously sent to the remote TCP (which includes an acknowledgment of its
connection termination request).
TIME-WAIT represents waiting for enough time to pass to be sure the remote TCP received
the acknowledgment of its connection termination request.
CLOSED represents no connection state at all.

 A TCP connection progresses from one state to another in response to events.

 The events are the user calls, OPEN, SEND, RECEIVE, CLOSE, ABORT, and
STATUS; the incoming segments, particularly those containing the SYN, ACK, RST and
FIN flags; and timeouts.

TCP Congestion Control

 TCP uses sliding window protocol for end-to-end flow control.
 The receiver specifies in its acknowledgement (ACK) the amount of bytes it is willing to
receive in advertised window. The advertised window ensures that the receiver’s buffer
will never overflow, since
 TCP uses a congestion window in the sender side to avoid congestion. The congestion
window indicates the maximum amount of data that can be sent out on a connection
without being acknowledged.
 Advertised window size is used to ensure that receiver’s buffer will not overflow
however, buffers at intermediate routers between source and destination may overflow
 Congestion occurs when total arrival rate from all packet flows exceeds R over a
sustained period of time.
 Buffers at multiplexer will fill and packets will be lost.
 Sources must control their sending rates so that aggregate arrival rate is just before knee.
 TCP sender maintains a congestion window (cwnd) to control congestion at intermediate
routers.
 Effective window is minimum of congestion window and advertised window.
 Problem: source does not know what its “fair” share of available bandwidth should be
 Solution: adapt dynamically to available BW.
 Sources probe the network by increasing cwnd.
 When congestion detected, sources reduce rate, Ideally, sources sending rate stabilizes
near ideal point
 TCP detects congestion when it fails to receive an acknowledgement for a packet within
the estimated timeout.
 In such a situation, it decreases the congestion window to one maximum segment size
(MSS), and under other cases it increases the congestion window by one MSS.
 There also exists a congestion window threshold, which is set to half the congestion
window size at the time when a re-transmit was required.

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 9
Computer Networks II Unit - IV TCP/IP - II

The operation of TCP congestion control algorithm may be divided into three phases and
they are as follows:-

TCP Congestion Control: Slow Start

Slow start: increase congestion window size by one segment upon receiving an ACK from
receiver
 initialized at ≤2 segments
 used at (re)start of data transfer
 congestion window increases exponentially

TCP Congestion Control: Congestion Avoidance

 Algorithm progressively sets a congestion threshold
 When cwnd > threshold, slow down rate at which cwnd is increased
 Increase congestion window size by one segment per round-triptime (RTT)
 Each time an ACK arrives cwnd is increased by 1/cwnd
 In one RTT, cwnd segments are sent, so total increase in cwnd is cwnd x 1/cwnd = 1
 cwnd grows linearly with time

Internet Routing Protocols

 The job of the internet routing protocols is to determine the path taken by a datagram
between source and destination.
 The Global Internet consists of Autonomous Systems (AS) interconnected with each
other. An Autonomous system (AS) is loosely defined as a set of routers or networks that
are administered by a single organization.
 There is no restriction that an AS should run a single routing protocol within the AS.

There are three categories of Autonomous system (AS’s)

 Stub AS: small corporation: one connection to other AS’s

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 10
Computer Networks II Unit - IV TCP/IP - II

 Multihomed AS: large corporation (no transit): multiple connections to other AS’s, it
carries only local traffic and does not support transit traffic.
 Transit AS: provider, it has multiple connections to the outside world and can carry
transit and local traffic.

Intra-AS Routing

 Also known as Interior Gateway Protocols (IGP)

 Most common Intra-AS routing protocols:

o RIP: Routing Information Protocol

o OSPF: Open Shortest Path First
o IGRP: Interior Gateway Routing Protocol (Cisco proprietary)

Routing Information Protocol (RIP)

 The Routing Information Protocol (RIP) is a dynamic routing protocol used in local
and wide area networks.
 it is classified as an interior gateway protocol (IGP) using the distance-vector routing
algorithm.
 A RIP run on top of UDP, port number 520 is used.
 RIP is a distance-vector routing protocol, Which employs the hop count as a routing
metric.
 Suitable for small networks (local area environments)
 The maximum number of hops allowed with RIP is 15, and the hold down time is 180
seconds.
 Value of 16 is reserved to represent infinity, i.e. node is not reachable.
 Small number limits the count-to-infinity problem.
 Originally each RIP router transmits full updates every 30 seconds by default.
 A router expects to receive an update message from each of its neighbors within 180
seconds in the worst case
 If router does not receive update message from neighbor X within this limit, it assumes
the link to X has failed and sets the corresponding minimum cost to 16 (infinity)
 Originally, routing tables were small enough that the traffic was not significant.
 RIP implements the split horizon, route poisoning and holddown mechanisms to prevent
incorrect routing information from being propagated. These are some of the stability
features of RIP.
 RIP is available in two versions, i.e. RIP1 and RIP2.
 In many current networking environments RIP would not be the preferred choice for
routing as its time to converge and scalability are poor compared to EIGRP, OSPF
 The hop limit severely limits the size of network it can be used in.
 The periodic routing updates do not carry subnet information, lacking support for
variable length subnet masks (VLSM). This limitation makes it impossible to have
different-sized subnets inside of the same network class.

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 11
Computer Networks II Unit - IV TCP/IP - II

Figure:- RIP Message format

Command: - specifies the purpose of the message, two values are defined value 1 requests
the system to send its routing information and values 2 indicates a response containing the
routing information.
Version: - two versions, RIPV1 and RIPV2
Address Family Identifier:-identifies type of address used currently only IP address is
defined
IP address: - indicates the address of destination, which can be network or host address.

Open Shortest Path First (OSPF)

 Open Shortest Path First (OSPF) routing protocol is a Link State protocol based on
cost rather than hops or ticks (i.e. it is not a vector based routing protocol).
 OSPF is an Interior Gateway Protocol (IGP) Protocol, uses flooding of link state
information and Dijkstra’s least-cost path algorithm.
 With OSPF, router constructs a complete topological map of the entire autonomous
system. The router then locally runs the Dijkstra’s shortest-path algorithm to determine
shortest-path tree to all networks with itself as rootnode.
 The router’s routing table is then obtained from this shortest-path tree.
 At steady state: All routers have same LS database, Know how many routers in network,
Interfaces & links between routers, Cost of each link
 Occasional Hello messages (10 sec) & LS updates sent (30 min)

Advantages of OSPF:

 Changes in an OSPF network are propagated quickly.

 OSPF is hierarchical, using area 0 as the top of the hierarchy.
 OSPF is a Link State Algorithm.
 OSPF supports Variable Length Subnet Masks (VLSM).
 OSPF uses multicasting within areas.
 After initialization, OSPF only sends updates on routing table sections which have
changed, it does not send the entire routing table.

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 12
Computer Networks II Unit - IV TCP/IP - II

 Using areas, OSPF networks can be logically segmented to decrease the size of routing
tables. Table size can be further reduced by using route summarization.
 OSPF is an open standard, not related to any particular vendor.

Disadvantages of OSPF:

 OSPF maintains multiple copies of routing information, increasing the amount of

memory needed.
 Using areas, OSPF can be logically segmented (this can be a good thing and a bad thing).
 OSPF is not as easy to learn as some other protocols.
 In the case where an entire network is running OSPF and one link within it is "bouncing"
every few seconds, OSPF updates would dominate the network by informing every other
router every time the link changed state.

OSPF Network

 To improve scalability, AS may be partitioned into areas. Area is identified by 32-bit

Area ID
 Router in area only knows complete topology inside area & limits the flooding of link-
state information to area
 Area border routers summarize info from other areas, each area must be connected to
backbone area (0.0.0.0)
 Distributes routing info between areas
o Internal router has all links to network within the same area i.e. these are in
nonbackbone areas and perform only inter-AS routing
o Area border router has links to more than one area that belongs to both an area and
backbone.
o Backbone router has links connected to the backbone, these routers perform routing
within the backbone, but themselves are not area border routers. Within a
nonbackbone area, internal routers learn of the existence of routers of other area from
the information broadcast within the area by its backbone routers.
o Autonomous system boundary (ASB) router has links to another autonomous
system. ASBR’s learn about routers outside the AS through an exterior gateway
protocol such as BGP.

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 13
Computer Networks II Unit - IV TCP/IP - II

Figure: - OSPF Areas

Neighbor & Adjacent Routers

 Neighbor routers: two routers that have interfaces to a common network
 Neighbors are discovered dynamically by Hello protocol
 Adjacent router: neighbor routers become adjacent when they synchronize topology
databases by exchange of link state information
 Neighbors on point-to-point links become adjacent
 Routers on multi-access networks become adjacent only to designated & backup
designated routers
 Reduces size of topological database & routing traffic

Designated Routers
Reduces number of adjacencies
Elected by each multi-access network after neighbor discovery by hello protocol
Election based on priority & id fields
Generates link advertisements that list routers attached to a multi-access network
Forms adjacencies with routers on multi-access
network
Backup prepared to take over if designated router fails

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 14
Computer Networks II Unit - IV TCP/IP - II

OSPF Operation: - The header format of OSPF is shown in below figure

Figure: - OSPF Common Header

Each OSPF packet consists of an OSPF header followed by the packet body (data)
The description of each field in the OSPF header is given below:
Version: This field specifies the protocol version, current version is 2.
Type: This field specifies the type of OSPF packet. The following types are defined hello,
database description, link-state request, link-state update, link-state acknowledgements.
Packet length: This field specifies the length of OSPF packet in bytes, including OSPF
header.
Router ID: This field identifies the sending router’s ip address.
Area ID: This field identifies the area this packet belongs to. The area ID of 0.0.0.0 is
reserved for backbone.
Checksum: to detect errors in packet.
Authentication type and Authentication: Combination of these fields can be used to
authenticate OSPF packets.
There are five types of OSPF packets
 Hello Packet
 Database description Packet
 Link-state request Packet
 Link-state update Packet and
 Link-state acknowledgement

The operation of OSPF can be explained in 3 steps.

Step1: Discovery of neighbors can be done by sending hello packets in point-to-point links
and designated routers in multi-access networks. The format of hello packet is shown in
below figure:-
 To discover, establish and maintain relationships, the OSPF transmit hello packet to each
interface periodically, typically for every 10 to 30 sec.
 When a router receives a hello packet, it replies with a hello packet containing router ID
of each neighbor it has seen.
 When a router receives a hello packet containing its router ID in one of the neighbor
fields, the router is assured that communication to sender is bidirectional.

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 15
Computer Networks II Unit - IV TCP/IP - II

Figure:- OSPF Hello packets

The function of each field is given below

Step 2: Establishment of adjacent and synchronization of link-state databases

 Once the connection is established between two neighbor routers, the database
description packet is used to synchronize their link-state databases
 One router acts as master and other as slave.
 The format of database description is as follows

Figure: - OSPF Database Description

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 16
Computer Networks II Unit - IV TCP/IP - II

The function of each field is given below

LSA Header: The Link State Advertisement (LSA) header describes the state of the router
or network.
 Each LSA header contains enough information to uniquely identify an entry in the LSA
(type, ID and advertising router).
 The format contains multiple LSA headers and routers will send only their LSA header
instead of entire database.
 The format of LSA header is as shown below


Figure: - LSA Header
The function of LSA header is given below

Step 3: Propagation of OSPF Link State Request and building routing tables

 When a router wants to update the link-state database, it sends a LS request packet to
neighbor to update part of its link-state database

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 17
Computer Networks II Unit - IV TCP/IP - II

 Each LSA request is specified by the link state type, link state ID, and the advertising
router.

Figure: - OSPF Link State Request Packet

OSPF Link State Update

 In response to LS request or trigger router will send new LS info trigger, using the LS
update message
 Contents are composed of link state advertisements (LSA’s)
 LS update message is acknowledged using LS ack pkt to ensure that the flooding
algorithm is reliable; Link state acknowledgement packets consist of a list of LSA
headers.

Figure: - OSPF Link State Update Packet

BGP (Border Gateway Protocol):
 The de facto standard for inter-AS routing,
 BGP: glues the whole Internet together
 Path Vector protocol Uses TCP (service port: 179)
 Similar to Distance Vector protocol. Each Border Gateway broadcast to neighbors (peers)
entire path (i.e., sequence of AS’s) to destination
 BGP is an exterior gateway protocol (EGP), which means that it performs routing
between multiple autonomous systems or domains and exchanges routing and
reachability information with other BGP systems.
 The information exchanged among BGP routers allow a router to construct a graph of
AS’s and each AS is identified by Autonomous System Number (ASN).
 BGP routes to networks (ASs), not individual hosts
 BGP messages exchanged using TCP and BGP messages are:
o OPEN: opens TCP connection to peer and authenticates sender
o UPDATE: advertises new path (or withdraws old)

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 18
Computer Networks II Unit - IV TCP/IP - II

o KEEPALIVE keeps connection alive in absence of UPDATES; also ACKs

OPEN request
o NOTIFICATION: reports errors in previous msg; also used to close connection
 Session is established between two BGP speakers to exchange information regarding
- New active routes
- Old inactive routers or
- To report error conditions
The below figure illustrates core routers using BGP to route traffic between autonomous
systems

 All BGP message types use the basic packet header. Open, update, and notification
messages have additional fields, but keep-alive messages use only the basic packet
header.
 The below figure illustrates the fields used in the BGP header.

BGP Packet-Header Fields

• Marker—contains an authentication value that the message receiver can predict.
• Length—indicates the total length of the message in bytes.
• Type— specifies the message type as one of the following:
— Open
— Update
— Notification
— Keep-alive
• Data—Contains upper-layer information in this optional field.

Open Message Format

 BGP open messages are comprised of a BGP header and additional fields.
 The below figure illustrates the additional fields used in BGP open messages.

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 19
Computer Networks II Unit - IV TCP/IP - II

BGP Open Message Fields

BGP packets in which the type field in the header identifies the packet to be a BGP open
message packet include the following fields. These fields provide the exchange criteria for
two BGP routers to establish a peer relationship.
• Version—Provides the BGP version number so that the recipient can determine whether it
is running the same version as the sender.
• Autonomous System—Provides the autonomous system number of the sender.
• Hold-Time—Indicates the maximum number of seconds that can elapse without receipt of a
message before the transmitter is assumed to be nonfunctional.
• BGP Identifier—Provides the BGP identifier of the sender (an IP address), which is
determined at startup and is identical for all local interfaces and all BGP peers.
• Optional Parameters Length—Indicates the length of the optional parameters field (if
present).
• Optional Parameters—Contains a list of optional parameters (if any). Only one optional
parameter type is currently defined: authentication information.
Authentication information consists of the following two fields:
— Authentication code: Indicates the type of authentication being used.
Authentication data: Contains data used by the authentication mechanism (if used).

Update Message Format

 BGP update messages are comprised of a BGP header and additional fields.
 The below figure illustrates the additional fields used in BGP update messages.

BGP Update Message Fields

BGP packets in which the type field in the header identifies the packet to be a BGP update
message packet include the following fields. Upon receiving an update message packet,
routers will be able to add or delete specific entries from their routing tables to ensure
accuracy. Update messages consist of the following fields:
• Unfeasible Routes Length—Indicates the total length of the withdrawn routes field or that
the field is not present.
• Withdrawn Routes—Contains a list of IP address prefixes for routes being withdrawn from
service.
• Total Path Attribute Length—Indicates the total length of the path attributes field or that
the field is not present.
Path Attributes—Describes the characteristics of the advertised path. The following are
possible attributes for a path:
— Origin: Mandatory attribute that defines the origin of the path information

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 20
Computer Networks II Unit - IV TCP/IP - II

— AS Path: Mandatory attribute composed of a sequence of autonomous system path

segments
— Next Hop: Mandatory attribute that defines the IP address of the border router that should
be used as the next hop to destinations listed in the network layer reachability information
field
— Mult Exit Disc: Optional attribute used to discriminate between multiple exit points to a
neighboring autonomous system
— Local Pref: Discretionary attribute used to specify the degree of preference for an
advertised route
— Atomic Aggregate: Discretionary attribute used to disclose information about route
selections
— Aggregator: Optional attribute that contains information about aggregate routes
• Network Layer Reachability Information—Contains a list of IP address prefixes for the
advertised routes

Notification Message Format

The below figure illustrates the additional fields used in BGP notification messages.

BGP Notification Message Fields

BGP packets in which the type field in the header identifies the packet to be a BGP
notification message packet include the following fields. This packet is used to indicate some
sort of error condition to the peers of the originating router.
• Error Code—Indicates the type of error that occurred. The following are the error types
defined by the field:
— Message Header Error: Indicates a problem with a message header, such as unacceptable
message length, unacceptable marker field value, or unacceptable message type.
— Open Message Error: Indicates a problem with an open message, such as unsupported
version number, unacceptable autonomous system number or IP address, or unsupported
authentication code.
— Update Message Error: Indicates a problem with an update message, such as a malformed
attribute list, attribute list error, or invalid next-hop attribute.
— Hold Time Expired: Indicates that the hold-time has expired, after which time a BGP node
will be considered nonfunctional.
— Finite State Machine Error: Indicates an unexpected event.
— Cease: Closes a BGP connection at the request of a BGP device in the absence of any fatal
errors.
• Error Subcode—Provides more specific information about the nature of the reported error.
• Error Data—Contains data based on the error code and error subcode fields. This field is
used to diagnose the reason for the notification message.

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 21
Computer Networks II Unit - IV TCP/IP - II

Multicast Routing
 The sending of a packet from one sender to multiple receivers with a single "transmit"
operation is known as multicast routing. Teleconferencing is an example which requires
multicast routing.
 The goal of multicast routing is to find a tree of links that connects all of the routers that
have attached hosts belonging to the multicast group. Multicast packets will then be
routed along this tree from the sender to all of the hosts belonging to the multicast tree.
 There are many ways to generate multicast tree, MBONE is also one approach to
generate multicast tree. The Internet Multicast Backbone (MBone) is an interconnected
set of subnetworks and routers that support the delivery of IP multicast traffic.
 An IP multicast group is identified by a Class D address.

Figure: Multicast tree routed at source S

 In the above figure, the source S wants to transmit to destinations with multicast group
G1.
 The source can send each copy of the packet separately to each destination by using
conventional unicast routing or else a more efficient method which will reduce the
number of copies
 For example, when router 1 receives a packet from the source, router 1 copies the packet
to router 2 and router 5 simultaneously. Upon receipt of these packets, router 2 forwards
the packet to its local network, and router 5 copies the packet to router 7 and router 8. the
packet will be received by each intended destinations.

RPB (Reverse Path Broadcasting)

 The fundamental algorithm to construct these source-based trees is referred to as Reverse

Path Broadcasting (RPB).
 The RPB operation is very simple.

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 22
Computer Networks II Unit - IV TCP/IP - II

 For each source, if a packet arrives on a link that the local router believes to be on the
shortest path back toward the packet's source, then the router forwards the packet on all
interfaces except the incoming interface.
 If the packet does not arrive on the interface that is on the shortest path back toward the
source, then the packet is discarded.
 The interface over which the router expects to receive multicast packets from a particular
source is referred to as the "parent" link.
 The outbound links over which the router forwards the multicast packet are called "child"
links for this source.
 The key benefit to reverse path broadcasting is that it is reasonably efficient and easy to
implement.
 It does not require that the router know about the entire spanning tree, nor does it require
a special mechanism to stop the forwarding process (as flooding does).
 In addition, it guarantees efficient delivery since multicast packets always follow the
"shortest" path from the source station to the destination group.
 Finally, the packets are distributed over multiple links, resulting in better network
utilization since a different tree is computed for each source.
 One of the major limitations of the RPB algorithm is that it does not take into account
multicast group membership when building the delivery

TRPB

 Truncated Reverse Path Broadcasting (TRPB) was developed to overcome the limitations
of Reverse Path Broadcasting.
 With information provided by IGMP, multicast routers determine the group memberships
on each leaf subnetwork and avoid forwarding datagrams onto a leaf subnetwork if it
does not contain at least one member of a given destination group. Thus, the delivery
tree is "truncated" by the router if a leaf subnetwork has no group members.

RPM (Reverse Path Multicasting)

Reverse Path Multicasting (RPM) is an enhancement to Reverse Path Broadcasting and
Truncated Reverse Path Broadcasting.
RPM creates a delivery tree that spans only
1) subnetworks with group members, and
2) routers and subnetworks along the shortest path to those subnetworks.

 RPM allows the source-based "shortest-path" tree to be "pruned" so that datagrams are
only forwarded along branches that lead to active members of the destination group.
 When a multicast router receives a packet for a (source, group) pair, the first packet is
forwarded following the TRPB algorithm across all routers in the internetwork.
 Routers on the edge of the network (which have only leaf subnetworks) are called leaf
routers.
 The TRPB algorithm guarantees that each leaf router will receive at least the first
multicast packet.

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 23
Computer Networks II Unit - IV TCP/IP - II

 If there is a group member on one of its leaf subnetworks, a leaf router forwards the
packet based on this group membership information.
 If none of the subnetworks connected to the leaf router contain group members, the leaf
router may transmit a "prune" message on its parent link, informing the upstream router
that it should not forward packets for this particular (source, group) pair on the child
interface on which it received the prune message.
 Prune messages are sent just one hop back toward the source.
 An upstream router receiving a prune message is required to store the prune information
in memory.
 If the upstream router has no recipients on local leaf subnetworks and has received prune
messages from each downstream neighbor on each of the child interfaces for this (source,
group) pair, then the upstream router does not need to receive any more packets for this
(source, group) pair.
 Therefore, the upstream router can also generate a prune message of its own, one hop
further back toward the source.

Figure: Grafting to cancel Pruning

 A host may later decide to join a multicast group after a prune message has been sent by
its leaf router. In this case the leaf router may send graft message to its upstream router
to cancel its earlier prune message
 The above figure shows the graft message flow when a host attached to router 6 wants to
join the group.
 Subsequently, router 1 will forward the multicast packets to router 4, which will forward
the multicast packets to router 6. then the multicast packets arrive at the host.

DVRMP
 The first multicast routing protocol used in the Internet and the most widely supported
multicast routing algorithm is the distance vector multicast routing protocol (DVMRP)
DVMRP implements source-based trees with reverse path forwarding, pruning, and
grafting.

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 24
Computer Networks II Unit - IV TCP/IP - II

 DVMRP is based on combination of RIP and RPM.

 DVMRP uses a distance vector algorithm that allows each router to compute the outgoing
link (next hop) that is on its shortest path back to each possible source.
 This information is then used in the RPF algorithm.
 In addition to computing next hop information, DVMRP also computes a list of
dependent downstream routers for pruning purposes.
 When a router has received a prune message from all of its dependent downstream routers
for a given group, it will propagate a prune message upstream to the router from which it
receives its multicast traffic for that group.
 A DVMRP prune message contains a prune lifetime (with a default value of two hours)
that indicates how long a pruned branch will remain pruned before being automatically
restored.
 DVMRP graft messages are sent by a router to its upstream neighbor to force a
previously-pruned branch to be added back on to the multicast tree.

IGMP (Internet Group Management Protocol)

 The (IGMP) runs between hosts and their immediately-neighboring multicast routers.
 The mechanisms of the protocol allow a host to inform its local router that it wishes to
receive transmissions addressed to a specific multicast group. Also, routers periodically
query the LAN to determine if any group members are still active.
 If there is more than one IP multicast router on the LAN, one of the routers is elected
"querier" and assumes the responsibility of querying the LAN for the presence of any
group members.
 Based on the group membership information learned from the IGMP, a router is able to
determine which (if any) multicast traffic needs to be forwarded to each of its "leaf"
subnetworks.
 "Leaf" subnetworks are those that have no further downstream routers; they either
contain receivers for some set of groups, or they do not.
 Multicast routers use the information derived from IGMP, along with a multicast routing
protocol, to support IP multicasting across the MBone.

Figure: IGMP message format

Version: This field identifies the version number
Type: This field identifies the message type. There are two message types, type1 indicates a
query message sent by router and type 2 indicates a report sent by host
Unused: This field must be set to zero.
Checksum: This field contains checksum for all eight bytes of IGMP message
Group Address: This address is the class D IPV4 address. This field is set to zero in a query
message and is set to a valid group address in the response.

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 25
Computer Networks II Unit - IV TCP/IP - II

Multicast routers periodically transmit Host Membership Query messages to determine

which host groups have members on their directly-attached networks.

Mobile IP
 The Mobile IP protocol allows location-independent routing of IP datagrams on the
Internet.
 Each mobile node is identified by its home address disregarding its current location in the
Internet. While away from its home network, a mobile node is associated with a care-of
address which identifies its current location and its home address is associated with the
local endpoint of a tunnel to its home agent.
 Mobile IP specifies how a mobile node registers with its home agent and how the home
agent routes datagrams to the mobile node through the tunnel.
 Mobile IP provides an efficient, scalable mechanism for roaming within the Internet.
Using Mobile IP, nodes may change their point-of-attachment to the Internet without
changing their home IP address.
 Mobile IP allows portable devices called mobile hosts (MHs) to roam from one area to
another.

A common analogy to understand Mobile IP is that when someone moves his residence from
one location to another. Person moves from Boston to New York. Person drops off new
mailing address to New York post office. New York post office notifies Boston post office of
new mailing address. When Boston post office receives mail for person it knows to forward
mail to person's New York address.

The below figure describes the mobile hosts routing

Figure: Routing for mobile hosts

Mobile IP operates as follows:-

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 26
Computer Networks II Unit - IV TCP/IP - II

 When a correspondent host (CH) wants to send a packet to MH, the CH transmits the
standard IP packet with its address as the source IP address and MH’s address as
destination IP address.
 This packet will be intercepted by the mobile host’s router called home agent (HA),
which keeps track of the current location of the MH. The HA manages all MHs in its
home network that use the same address prefix
 If the MH is located in the home network, the HA simply forwards the packet to its home
network.
 When an MH moves to a foreign network, the MH obtains a care of address from the
foreign agent (FA) and registers the new address with its HA. The care-of-address
reflects the MH’s current location and is typically the address of FA.
 Once the HA knows the care-of-address of the MH, the HA can forward the registration
packet to the MH via the FA.

To transmit a packet by HA to MH directly when MH is in foreign network, instead of using

FA, tunneling mechanisms is used. It has two addresses,

 Destination address of the other end of the tunnel (FA) and Final destination MH.

NAT (Network Address Translation or Network Address Translator)

 NAT is the translation of an Internet Protocol address (IP address) used within one
network to a different IP address known within another network.
 One network is designated the inside network and the other is the outside.
 Typically, a company maps its local inside network addresses to one or more global
outside IP addresses and unmaps the global IP addresses on incoming packets back into
local IP addresses.
 This helps ensure security since each outgoing or incoming request must go through a
translation process that also offers the opportunity to qualify or authenticate the request
or match it to a previous request.
 NAT also conserves on the number of global IP addresses that a company needs and it
lets the company use a single IP address in its communication with the world.
 NAT is included as part of a router and is often part of a corporate firewall.
 Network administrators create a NAT table that does the global-to-local and local-to-
global IP address mapping.
 NAT can be statically defined or it can be set up to dynamically translate from and to a
pool of IP addresses.
NAT lets an administrator to create tables that map:
 A local IP address to one global IP address statically
 A local IP address to any of a rotating pool of global IP addresses that a company may
have a local IP address plus a particular TCP port to a global IP address or one in a pool
of them
 A global IP address to any of a pool of local IP addresses on a round-robin basis

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 27
Computer Networks II Unit - IV TCP/IP - II

Address translation

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 28
Computer Networks II Unit - IV TCP/IP - II

DHCP (Dynamic Host Configuration Protocol)

 DHCP protocol is used to assign IP addresses to hosts or workstations on the network.
 Usually a DHCP server on the network performs this function. Basically it "leases" out
address for specific times to the various hosts.
 If a host does not use a given address for some period of time, that IP address can then be
assigned to another machine by the DHCP server. When assignments are made or
changed, the DHCP server must update the information in the DNS server.
 As with BOOTP, DHCP uses the machine's or NIC ethernet (MAC) or hardware address
to determine IP address assignments. The DHCP protocol is built on BOOTP and
replaces BOOTP.

DHCP Lease Stages

1. Lease Request - The client sends a broadcast requesting an IP address

2. Lease Offer - The server sends the above information and marks the offered address as
unavailable. The message sent is a DHCPOFFER broadcast message.
3. Lease Acceptance - The first offer received by the client is accepted. The acceptance is
sent from the client as a broadcast (DHCPREQUEST message) including the IP address
of the DNS server that sent the accepted offer. Other DHCP servers retract their offers
and mark the offered address as available and the accepted address as unavailable.
4. Server lease acknowledgement - The server sends a DHCPACK or a DHCPNACK if an
unavailable address was requested.

DHCP discover message - The initial broadcast sent by the client to obtain a DHCP lease. It
contains the client MAC address and computer name. This is a broadcast using
255.255.255.255 as the destination address and 0.0.0.0 as the source address.

Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables a server
to automatically assign an IP address to a computer from a defined range of numbers (i.e., a
scope) configured for a given network.

DHCP assigns an IP address when a system is started, for example:

1. A user turns on a computer with a DHCP client.

2. The client computer sends a broadcast request (called a DISCOVER or
DHCPDISCOVER), looking for a DHCP server to answer.
3. The router directs the DISCOVER packet to the correct DHCP server.
4. The server receives the DISCOVER packet. Based on availability and usage policies
set on the server, the server determines an appropriate address (if any) to give to the
client. The server then temporarily reserves that address for the client and sends back
to the client an OFFER (or DHCPOFFER) packet, with that address information. The
server also configures the client's DNS servers, WINS servers, NTP servers, and
sometimes other services as well.
5. The client sends a REQUEST (or DHCPREQUEST) packet, letting the server know
that it intends to use the address.

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 29
Computer Networks II Unit - IV TCP/IP - II

6. The server sends an ACK (or DHCPACK) packet, confirming that the client has a
been given a lease on the address for a server-specified period of time.

When a computer uses a static IP address, it means that the computer is manually configured
to use a specific IP address. One problem with static assignment, which can result from user
error or inattention to detail, occurs when two computers are configured with the same IP
address. This creates a conflict that results in loss of service. Using DHCP to dynamically
assign IP addresses minimizes these conflicts.

Figure 1

In figure 1, a new client that just joined the network, needs an IP address. Since it does not
know the DHCP server's location, the client broadcasts (step 1) a DHCPDISCOVER
message on the local network. The message packet contains a hardware identifier (usually the
MAC address), the source port (68), the destination IP (255.255.255.255), destination port
(67), and a randomly generated transaction id. Optionally the client can specify the IP
address it wants and the lease duration in the message. Once the DHCP relay receives the
broadcasted message, it fills in the "giaddr" field of the packet with the gateway IP address of
10.1.2.9 . This piece of information is critical because the DHCP Server needs it to determine
which subnet the client is on and thus which IP address to allocate to the client. Afterwards
the DHCPDISCOVER message is relayed to the DHCP Server via unicast (step 2). A
unicast, instead of a broadcast, is sufficient because the DHCP relay knows the exact location
of the DHCP server. For this same reason, the DHCP relay does not allow the other network
segment, 10.1.1.X, to receive the message.

Once the DHCP server receives the DHCPDISCOVER request, it allocates an IP address,
marks it as taken, and then broadcasts a DHCPOFFER message back to the requesting client.
This message packet contains the DHCP server's IP address, the client's hardware identifier,
the same transaction id, and the IP address allocated for the client. Optionally, the message

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 30
Computer Networks II Unit - IV TCP/IP - II

may also contain the lease time, subnet mask, default TTL, default router(s), and numerous
other parameters.

Figure 2

In figure 2, the DHCP server allocates new IP address 10.1.2.3 for the client and broadcasts a
DHCPOFFER message to its network (step 3). When the DHCP relay sees the DHCPOFFER
broadcast, it relays the broadcast to the 10.1.2.X network and only that network (step 4).
Once the new client sees the DHCPOFFER message, it accepts the IP address (step 5) and
prepares a confirmation message to the DHCP server with a DHCPREQUEST packet. Please
note that the client does not have to accept this IP address, in which case it will not send a
DHCPREQUEST message. If multiple DHCP servers sends out a DHCPOFFER, the client
can choose which one to accept. If for some reason, the DHCPOFFER message fails to ever
arrive, the client will rebroadcast the DHCPDISCOVER message.

Figure 3

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 31
Computer Networks II Unit - IV TCP/IP - II

If the client included optional information in the initial DHCPDISCOVER message, it must
include that same information in the subsequent DHCPREQUEST message. In step 6 of
figure 3, the new client confirms it wants the IP address 10.1.2.3 by broadcasting a
DHCPREQUEST to the DHCP server. Once the DHCP Server receives this message (with
help again from the DHCP Relay), it first ensures that it is the intended target - because the
client could be responding to another DHCP Server. If this DHCP server is not the intended
target, then it knows some other DHCP server is handling this client. So this DHCP server
can discard any previously allocated IP address for that client. If this DHCP Server is the
intended recipient, then it has to verify the optional parameters that it specified in the
previous DHCPOFFER message to this client, are still valid. Assuming everything is fine up
to this point, the DHCP Server sends a DHCPACK broadcast (step 8) to tell the client that its
new IP address can now officially be used. However, if something is wrong, then a
DHCPNACK is broadcasted instead. Either way, a DHCPACK or DHCPNACK will be the
final message sent by the DHCP server in the dynamic IP address allocation sequence..

Assuming it receives the DHCPACK relayed by the router (step 9), the client is encouraged
to verify no other hosts has the same IP address. This is usually accomplished through a
simple ARP probe. Any response to the probe means that another client is already using the
IP address. In such a situation, the client must send a DHCPDECLINE message to the DHCP
server. Afterwards the client will then need to restart this whole process beginning with
DHCPDISCOVER phase. In most cases, there's no response to the client's ARP probe. This
means the client can go ahead and use the allocated IP address along with any other optional
information stored in the message packet.

If the client got a DHCPNAK instead of DHCPACK, then it has no choice but to restart
everything from the very beginning i.e. the DHCPDISCOVER stage. Finally, if the client
doesn't receive any DHCPACK or DHCPNAK message after a certain period of time, then it
rebroadcasts the DHCPREQUEST message.

Dr. Ramesh Babu H S, Professor & Head, Dept. of ISE, AcIT, Bangalore 32