Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Understanding Session Layer and VRRP in the OSI Seven Layer Model, Lecture notes of Decision Making

An overview of the Session Layer (Layer 5) in the OSI Seven Layer Model and introduces Virtual Router Redundancy Protocol (VRRP). The Session Layer is responsible for managing sessions between applications and provides information about the Transport layer protocol being used. VRRP is a protocol used to provide resilience at both Layer 2 and Layer 3 by virtualizing IP addresses and MAC addresses amongst two or more physical units. The document also discusses the role of IP protocol numbers in identifying Layer 4 protocols.

Typology: Lecture notes

2021/2022

Uploaded on 09/27/2022

captainamerica
captainamerica 🇺🇸

4.4

(13)

250 documents

1 / 24

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
13
2
Understanding Layer 2,
3, and 4 Protocols
hile many of the concepts well known to traditional Layer 2 and Layer 3 net-
working still hold true in content switching applications, the area introduces
new and more complex themes that need to be well understood for any success-
ful implementation. Within the discussion of content networking, we will
replace terms such as
packets
and
frames
with
sessions
and
transactions
as we move
our attention further up the OSI Seven Layer Model. Before we move into
these new terms, however, let’s look at some standard Layer 2, 3, and 4 network-
ing concepts.
The OSI Seven Layer Model—What
Is
a Layer?
Established in 1947, the International Organization for Standardization (ISO)
was formed to bring together the standards bodies from countries around the
world. Their definition of the model for Open Systems Interconnection, or
OSI, is used to define modes of interconnection between different components
in a networking system. This means that the physical method of transport can
be designed independently of the protocols and applications running over it. For
example, TCP/IP can be run over both Ethernet and FDDI networks, and
Novell’s IPX and Apple’s AppleTalk protocols can both be run over Token Ring
networks. These are examples of having independence between the physical net-
work type and the upper layer protocols running across them. Consider also, two
TCP/IP-enabled end systems communicating across a multitude of different
W
ch02 Page 13 Monday, June 2, 2003 3:02 PM
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18

Partial preview of the text

Download Understanding Session Layer and VRRP in the OSI Seven Layer Model and more Lecture notes Decision Making in PDF only on Docsity!

Understanding Layer 2,

3, and 4 Protocols

hile many of the concepts well known to traditional Layer 2 and Layer 3 net-

working still hold true in content switching applications, the area introduces

new and more complex themes that need to be well understood for any success-

ful implementation. Within the discussion of content networking, we will

replace terms such as packets and frames with sessions and transactions as we move

our attention further up the OSI Seven Layer Model. Before we move into

these new terms, however, let’s look at some standard Layer 2, 3, and 4 network-

ing concepts.

The OSI Seven Layer Model—What Is a Layer?

Established in 1947, the International Organization for Standardization (ISO)

was formed to bring together the standards bodies from countries around the

world. Their definition of the model for Open Systems Interconnection, or

OSI, is used to define modes of interconnection between different components

in a networking system. This means that the physical method of transport can

be designed independently of the protocols and applications running over it. For

example, TCP/IP can be run over both Ethernet and FDDI networks, and

Novell’s IPX and Apple’s AppleTalk protocols can both be run over Token Ring

networks. These are examples of having independence between the physical net-

work type and the upper layer protocols running across them. Consider also, two

TCP/IP-enabled end systems communicating across a multitude of different

W

14 Chapter 2 ● UNDERSTANDING LAYER 2, 3, AND 4 PROTOCOLS

network types, such as Ethernet, Frame Relay, and ATM. Figure 2–1 shows the

OSI Seven Layer Model.

When we talk about Layer 2 and Layer 3 networking, it is these layers that

we’re referring to, and logically the further up the OSI model we move, the

greater intelligence we can use in networking decisions.

Each layer plays its part in moving data from one device to another across a net-

work infrastructure by providing a standard interface to the surrounding layers.

The Application Layer (Layer 7)

The top layer in the stack, the Application layer is where the end-user applica-

tion resides. Think of the Application layer as the browser application or email

client for a user surfing the Web or sending email. Many protocols are defined

for use at the Application layer, such as HTTP, FTP, SMTP, and Telnet.

In content switching terms, Layer 7 refers to the ability to parse information

directly generated by the user or application in decision making, such as the URL

typed by the user in the Web browser. For example, http://www.foocorp.com is an

example of Application layer data.

The Presentation Layer (Layer 6)

The Presentation layer is used to provide a common way for applications (resid-

ing at the Application layer) to translate between data formats or perform

encryption and decryption. Mechanisms to convert between text formats such

as ASCII and Unicode may be considered part of the Presentation layer, along

with compression techniques for image files such as GIF and JPEG.

Figure 2–1 The OSI Seven Layer Model.

7 Application Layer 6 Presentation Layer 5 Session Layer 4 Transport Layer 3 Network Layer 2 Data Link Layer 1 Physical Layer

16 Chapter 2 ● UNDERSTANDING LAYER 2, 3, AND 4 PROTOCOLS

forwarded. Hardware-based Layer 3 switches also use Layer 3 information in

forwarding decisions. Layer 3 routers and switches are not concerned whether

the packets contain HTTP, FTP, or SMTP data, but simply where the packet is

flowing to and from.

The Data Link Layer (Layer 2)

The Data Link layer also defines a lower level addressing structure to be used

between end systems as well as the lower level framing and checksums being

used to transmit onto the physical medium. Ethernet, Token Ring, and Frame

Relay are all examples of Data Link layer or Layer 2 protocols.

Traditional Ethernet switches operate at the Data Link layer and are con-

cerned with forwarding packets based on the Layer 2 addressing scheme. Layer

2 Ethernet switches are not concerned with whether the packet contains IP,

IPX, or AppleTalk, but only with where the MAC address of the recipient end

system resides.

The Physical Layer (Layer 1)

As with all computer systems, networking is ultimately about making, moving,

and storing 1s and 0s. In networking terms, the Physical layer defines how the

user’s browser application data is turned into 1s and 0s to be transmitted onto

the physical medium. The Physical layer defines the physical medium such as

cabling and interface specifications. AUI, 10Base-T, and RJ45 are all examples

of Layer 1 specifications.

Putting All the Layers Together

Let’s take an example of a Web user visiting the Web site of Foocorp, Inc.

Within the browser application, at the Application layer, the user will type in

the URL, typically something like http://www.foocorp.com/. While this is the

only input the user will provide the application, there is much more information

generated by the browser application itself, including:

  • The type of browser being used (e.g., Microsoft Internet Explorer,

Netscape)

  • The operating system running on the user’s machine

The OSI Seven Layer Model—What Is a Layer? 17

  • The version of the HTTP protocol being used by the browser
  • The language, or languages, supported by the browser (e.g., English,

Japanese, etc.)

  • Any Presentation layer standards that are supported by the browser, such

as compression types, text formats, and file types

In terms of HTTP-based Web browser traffic, these pieces of information

can be thought of as the Application, Presentation, and Session layers of the

OSI model. They provide not only the raw data input by the user in the applica-

tion, but also information needed by the application to ensure successful com-

munication with the end system; in this case, a Web server at Foocorp. HTTP

information for the Web user would look something like:

Hypertext Transfer Protocol

GET / HTTP/1.0\r\n Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg\r\n Accept-Language: en-gb\r\n User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)\r\n Host: www.foocorp.com\r\n Connection: Keep-Alive\r\n \r\n

Once this application information has been generated, it can be packaged and

passed on to the next layer for transport. HTTP requires a connection-oriented

Transport layer protocol to guarantee the delivery of each packet in the session.

Transmission Control Protocol (TCP) is used in HTTP applications to ensure

this successful packet delivery. Other applications will make use of different

Transport layer protocols. TFTP, for example, uses the User Datagram Protocol

(UDP) as its Layer 4 transport because it does not require the guaranteed deliv-

ery provided by TCP. Routing updates sent between Layer 3 devices can use

OSPF, RIP, or BGP as their Layer 4 transport.

At the Transport layer, information about the port numbers, sequence num-

bers, and checksums are included to provide reliable transport. The Layer 4

headers in our example would look something like:

Transmission Control Protocol Source port: 3347 (3347) Destination port: http (80) Sequence number: 52818332 Next sequence number: 52818709 Acknowledgement number: 3364222344

Switching at Different Layers 19

Source: 00:30:ab:17:0d:1a (00:30:ab:17:0d:1a) Type: IP (0x0800)

Figure 2–2 depicts this process of repackaging each layer with new header

information at the layer below.

Switching at Different Layers

Now that we’ve seen examples of different information available within different

layers of the OSI model, let’s look at how this information can be used to make

intelligent traffic forwarding decisions. Before the development of switching,

Ethernet relied on broadcast or flooding of packets to all end stations within a

network to forward traffic. Ethernet is effectively a shared medium with only

one Ethernet end station able to transmit at any time. Combine this with early

implementation techniques relying on every end station in an Ethernet network

seeing every packet, even if it was not addressed to it, and issues of scalability

quickly surface.

Figure 2–2 Passing data through the seven OSI layers.

http://www.foocorp.com/

...11001001001001101010101011010101000010010011010100011010010101...

User

Layer 4 Headers

Application, Presentation, and Session Layers

Layer 3 Headers

Layer 2 Headers

20 Chapter 2 ● UNDERSTANDING LAYER 2, 3, AND 4 PROTOCOLS

Layer 2 Switching

The first implementation of Ethernet or Layer 2 switching uses information in

the Ethernet headers to make traffic forwarding decisions. Intelligent switches

learn which ports have which end stations attached by recording the Ethernet

MAC addresses of packets ingressing the switch. Using this information along

with the ability to parse the Layer 2 headers of all packets means that a Layer 2

switch need only forward frames out of ports where it knows the end station to

be. For end station addresses that have not yet been learned, frames with

unknown destination MAC addresses are flooded out of every port in the switch

to force the recipient to reply. This will allow the switch to learn the relevant

MAC address, as it will be the source address on the reply frame.

Layer 2 switching is implemented along side Layer 3 routing for local area

networks to facilitate communication between devices in a common IP subnet.

As the information at this layer is relatively limited, the opportunity to configure

Layer 2 switches to interpret address information and act upon it in any way

other than described previously is generally not required. Many Layer 2 switches

will offer the ability to configure intelligent services such as Quality of Service

(QoS), bandwidth shaping, or VLAN membership based on the Layer 2 infor-

mation. Figure 2–3 shows a simplified Layer 2 frame with examples of informa-

tion that might be used to make switching decisions.

Layer 3 Switching and Routing

Traditional protocol routers work by using information in the Layer 3 headers of

Ethernet frames. While routing platforms exist for many different protocols

(e.g., IPX, AppleTalk, and DECNet), in TCP/IP terms a router or routing

device will typically use the destination IP address in the Layer 3 header to

make a forwarding decision. The main advantage of Layer 3 routing in its earli-

est guises was that it gave the network designer the ability to segregate the net-

work into distinct IP networks and carefully control the traffic and reachability

between each.

Figure 2–3 Example Layer 2 headers for switching.

Dst: 00:20:6f:14:58:2f Src: 00:30:ab:17:0d:1a OtherHeaders^ L2 Payload

22 Chapter 2 ● UNDERSTANDING LAYER 2, 3, AND 4 PROTOCOLS

IGMP, and IP itself can all be identified by a unique protocol number in the IP

header (see Figure 2–5).

The list of IP protocol numbers is administered and controlled by the Inter-

net Assigned Numbers Authority (IANA), and a comprehensive list can be

found at www.iana.org/. Table 2–1 lists some of the more common IP protocol

numbers.

Some Layer 4 protocols effectively operate at this layer alone. VRRP, for

example, uses Layer 4 headers to transport all information between a series of

participating routers in an IP subnet and consequently has no need for upper

layer protocol information. Its payload is simply the information contained at

Layer 4. Other routing protocols, such as the Border Gateway Protocol (BGP),

will use the reliable Layer 4 Transport layer protocol with the BGP routing

information and updates carried in the upper layer payloads.

In terms of content switching, the two most commonly understood Layer 4

protocols are TCP and UDP. The majority of the standard Application layer

protocols are carried either within TCP or UDP depending on whether there is

a requirement for a reliable end-to-end connection. Taking a Web user example,

the browser application needs to ensure that all packets are successfully delivered

when presenting the user with the desired Web page. The HTTP protocol will

Table 2–1 Some Examples of Common IP Protocol Numbers

IP PROTOCOL NUMBER LAYER 4 PROTOCOL

1 ICMP—Internet Control Message Protocol

6 TCP—Transmission Control Protocol

17 UDP—User Datagram Protocol

112 VRRP—Virtual Router Redundancy Protocol

Figure 2–5 Different IP protocol numbers identify which Layer 4 protocol is being used.

Src: 192.168.254.201 Dst: 216.239.51.101 IP Proto Payload

1 = ICMP 6 = TCP 17 = UDP

L2 Headers

Transport Control Protocol (TCP) 23

therefore rely on TCP as its Transport layer protocol, to guarantee delivery,

which in turn will use IP as its delivery mechanism.

Transport Control Protocol (TCP)

As the Layer 3 IP protocol is principally a connectionless and best-efforts delivery

mechanism, there is a requirement for many applications to ensure the correctly

sequenced delivery of all packets within a conversation. Consequently, many appli-

cations will use Transport Control Protocol (TCP) at Layer 4 to guarantee success-

ful delivery. TCP has several characteristics built in to ensure this delivery:

  • Checksum : The TCP header contains a 16-bit data checksum that is

computed from all other data elements in the TCP header. The receiving

end station uses this checksum to ensure that the packet arrived without

corruption.

  • Sequence and acknowledgment numbers : Each octet of data sent and

received by end stations has an associated sequence number associated

with it. These sequence numbers are cumulative, whereby a certain

sequence number inside the TCP header will be used to indicate that all

data up to and including X should have been received. Sequence and

acknowledgment numbering is used to bring the concept of order to

packet delivery over IP.

  • Windowing : The TCP windowing technique allows two communicat-

ing end stations to build on the sequencing and acknowledgments above

by removing the need for each sequence of data to be individually

acknowledged. In LANs where packet loss is usually minimal, it is far

more efficient to allow the sender to transmit several frames of data

before an acknowledgment is sent.

Along with these mechanisms, TCP must also be able to uniquely identify

each conversation within an internetwork. We’ve already seen the idea of a TCP

port number that is used, among other things, to identify the application process

to the high OSI layers during the conversation. Within a TCP conversation,

there are in fact two port numbers used: one to identify the sender’s listening

port and the other to identify the receiver’s listening port. Depending on the

direction of each individual frame in the conversation, these ports become either

the source port or the destination port within the Layer 4 headers.

Transport Control Protocol (TCP) 25

TCP ports used by both the client and server, each side also uses its own

sequence numbering to identify where within the session each frame fits.

Once the client has determined these two variables, it is ready to send the first

packet of the session and initiate the connection to the server. Using TCP flags,

the client will indicate to the server that it wants to initiate a connection by set-

ting the SYN or synchronize flag showing that this is the first pack in the ses-

sion. In TCP terms, this element is the first packet in what is commonly

referred to as the “three-way handshake.” This is simply because three packets

are exchanged between the client and server to bring the TCP state into that

which can transport data. Consequently, no Application layer data is transmit-

ted until at least the fourth packet in the session, a concept which we will see has

an important consequence when applied to content switching. Figure 2–6 shows

a simplified representation of the three-way handshake to illustrate which side

sends which of the packets when a new connection is initiated.

Taking this sequence packet by packet, we can see the importance of the port and

sequence numbers in ensuring the reliable transport between the client and server.

The first frame from the client to the server initiates the connection by setting the

client side port and sequence numbers as shown in Figure 2–7. As we can see,

the client chooses a random source port that will be used by the client to identify

this session uniquely in cases where it has concurrent sessions to the same server.

Figure 2–6 The TCP three-way handshake.

User^ Client Initiating a TCP Connection to the Server

Server

SYN, SPort 3086, Dport 80, Seq 713245119, Ack 0

SYN-ACK, SPort 80, DPort 3086, Seq 20072, Ack 713245120 ACK, SPort 3086, Dport 80, Seq 713245120, Ack 20073

26 Chapter 2 ● UNDERSTANDING LAYER 2, 3, AND 4 PROTOCOLS

When the server replies, both the SYN and ACK flags are set in the TCP

headers to indicate that the server acknowledges the client’s connection request.

To ensure that each packet can be accounted for, the server will set an acknowl-

edgment number that is equal to the last byte received from the client, relative to

the starting sequence number, plus one. In our example, the client started with a

sequence number of 713245119 and transmitted no user data, meaning that the

server will use an acknowledgment of 713245120.

It is also important to notice the change in source and destination ports

depending on which way a particular packet is directed. In our example, the cli-

ent sends on port 80 and listens on port 3086, whereas the server sends on port

3086 and listens on port 80. Figure 2–8 shows the return packet from the server

to the client.

The final packet exchanged during this handshake period is an acknowledg-

ment from the client to the server. This allows the client to correctly acknowl-

edge the sequence numbering used by the server in the previous packet and

remove the SYN flag being used to show the start of the session. Once this final

Figure 2–7 The SYN packet sent by the client.

Internet Protocol Headers Version: 4 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0xb926 (correct) Source: 10.10.10. Destination: 20.20.20. Transmission Control Protocol Headers

Source port: 3086 (3086) Destination port: http (80) Sequence number: 713245119

Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set

28 Chapter 2 ● UNDERSTANDING LAYER 2, 3, AND 4 PROTOCOLS

3. Terminating a Session

Unlike the session initiation, the termination of a TCP connection can be initi-

ated from either side. Once one side of the connection decides that it has no

more data to transmit, it will set the FIN flag in the TCP header to indicate to

the other side that it is ready to terminate the connection. In simple terms, the

receiving station will then acknowledge the FIN, by setting the ACK flag, and

set its own FIN flag to show that it too is ready to terminate the connection.

This series of exchanges results in both sides moving through the TIME WAIT

state to the CLOSED state and the connection is closed.

In some instances, when the client receives the FIN it might still have data to

send, in which case it will issue only an ACK back to the closing station. This

allows the client to continue sending data until it is complete and then issue a

FIN to show that the termination of the session can commence. During this

period, the initiator and recipient of the initial FIN are referred to as being in

the FIN WAIT 2 and CLOSE WAIT states, respectively. Some applications, such

Figure 2–9 The final ACK packet of the handshake.

Internet Protocol Headers Version: 4 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0xb92c (correct) Source: 192.168.254.201 (192.168.254.201) Destination: 212.58.226.40 (212.58.226.40) Transmission Control Protocol Headers

Source port: 3086 (3086) Destination port: http (80) Sequence number: 713245120 Acknowledgement number: 20073

Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Set .... ...0 = Fin: Not set

User Datagram Protocol (UDP) 29

as Web browsers, will often use this type of exchange to leave the connection in

a type of half-closed state, thereby allowing the connection to be brought back

into use when needed without having to reinitiate the entire connection (see

Figure 2–10).

A more detailed description of TCP can be found in RFC 793.

User Datagram Protocol (UDP)

The User Datagram Protocol, or UDP, is the other most commonly used Trans-

port layer protocol found within the Internet. While TCP is designed to provide

connection-oriented delivery of packets, UDP implements a connectionless or

unguaranteed delivery mechanism that is suitable for a number of upper layer

applications. For some applications, the overhead of TCP, such as handshaking,

is not required and for these, UDP is best suited.

A comparison between TCP and UDP can be drawn from the world of cellu-

lar phones. TCP is similar in nature to a full telephone conversation, whereby

you establish a connection to the receiving station by dialing their number, hold

a conversation with them using verbal interaction and acknowledgments, and

finally terminate the call. UDP is much more akin to SMS or text messaging,

Figure 2–10 Closing a TCP session.

User^ Server terminating TCP session with client Server

FIN, SPort 80, DPort 3086, Seq 20231, Ack 713245462

ACK, SPort 80, Dport 3086, Seq 20072, Ack 713245463

FIN, SPort 3086, Dport 80, Seq 713245462, Ack 20232

Virtual Router Redundancy Protocol (VRRP) 31

This is again a very brief overview of the UDP protocol. A more detailed

description is available in RFC 768, available on the IETF Web site.

Virtual Router Redundancy Protocol (VRRP)

The Virtual Router Redundancy Protocol, or VRRP, is inextricably linked with

the implementation of content switching, not because it is used by user applica-

tions, but because it provides a mechanism to eliminate single points of failure

within content switching topologies. VRRP provides a mechanism to group two

or more IP addresses, typically representing a routed interface, and make them

appear to all surrounding devices as a single logical IP address.

Many of the topologies described later in this book will show how multiple

content switches, and other routers, can be deployed to ensure a resilient and

fault-tolerant implementation. For this reason, we need to examine the concepts

and theory of VRRP in some more detail.

Figure 2–11 A UDP-based DNS query.

Internet Protocol Headers Version: 4 Time to live: 249 Protocol: UDP (0x11) Header checksum: 0xc8de (correct) Source: 20.20.20. Destination: 10.10.10. Transmission Control Protocol Headers

Source port: domain (53) Destination port: 1763 (1763) Length: 276 Checksum: 0x04bc (correct)

Domain Name System (response) Answers www.foo.com: type A, class inet, addr 1.2.3. Name: www.foo.com Type: Host address Class: inet Time to live: 10 minutes Data length: 4 Addr: 1.2.3.

32 Chapter 2 ● UNDERSTANDING LAYER 2, 3, AND 4 PROTOCOLS

Layer 2 and 3 Redundancy

Let’s consider a network as shown in Figure 2–13. To eliminate a single point of

failure for clients on the network accessing the Internet, the network adminis-

trator might consider deploying two Internet facing routers, R1 and R2. The

client PC on the network will have been configured with a default route; for

example, 10.10.10.2 pointing to router R1.

This “hard-coding” of the default gateway IP address into the client’s TCP/IP

settings presents the network administrator with two challenges when consider-

ing resilience:

  • Router R1 might fail, leaving the client with a default gateway of an

unreachable IP address.

  • The client PC will resolve the IP address of the default gateway to the

Ethernet address of router R1. This means that even if we replace the

hardware of router R1, the client will still not have access to the Internet

until its ARP cache has timed out or has been cleared.

Figure 2–12 The UDP-based DNS response.

Internet Protocol Headers Version: 4 Time to live: 249 Protocol: UDP (0x11) Header checksum: 0xc8de (correct) Source: 20.20.20. Destination: 10.10.10. Transmission Control Protocol Headers

Source port: domain (53) Destination port: 1763 (1763) Length: 276 Checksum: 0x04bc (correct)

Domain Name System (response) Answers www.foo.com: type A, class inet, addr 1.2.3. Name: www.foo.com Type: Host address Class: inet Time to live: 10 minutes Data length: 4 Addr: 1.2.3.