After completing this section, you should be able to discuss TCP/IP network stacks concepts, terminology, and the behavior of specific network stack layers.

The TCP/IP standards are defined in RFC1122:

An IPv4 address is a 32-bit number expressed in decimal as four octets, ranging in value from 0 to 255, separated by dots. The address has two parts, the network part and the host part. All hosts that have the same network part or are on the same network, can communicate with each other directly. However, two hosts on the same network cannot have the same host part, because the host part of the address identifies a specific host on the network.

The size of an IPv4 network address scope is variable. Originally, TCP/IP used fixed classes to define where an address was split into network and host portions. Now, to determine the network and host portions of an IPv4 address, administrators use the netmask that has been assigned. The netmask indicates how many bits of the IPv4 address belong to the network. When a netmask has more bits than the original class defines, the allocated network is being divided into smaller networks, or subnets. The terms network and subnet are often used interchangeably. The more bits that are available for the host part, the more hosts can exist on the subnet.

Figure 3.1: IPv4 addressing and netmasks

The lowest possible address on a subnet is called the network address. The highest possible address on a subnet is used as a broadcast message address in IPv4, and is called the broadcast address. Network masks are expressed in two forms. The older syntax for a an example 24 bit netmask would read 255.255.255.0. The newer syntax, called Classless Inter-domain Routing (CIDR) notation, specifies a network prefix of /24. Both forms convey the same information; the number of leading bits in the v4 address that contribute to its network address.

Each network packet, or frame, possesses a header with a 14 octet length, comprised of the source MAC address, from which the packet originates, the destination MAC address, and the Ethernet frame type, such as Ethernet II, or IEEE 802.2 LLC. Optionally, the Ethernet frame may use an IEEE 802.1Q tag, which identifies a Virtual Local Area Network (VLAN) ID. An Ethernet domain is a layer 2 network. Traditionally, MAC address prefixes were assigned to hardware manufacturers by IEEE. Each MAC address was the vendor prefix combined with an automatically generated unique set of bits for each network card.

Figure 3.2: Ethernet headers in a network packet

Network devices can be physical or virtual. Each provides a network processing capability to move packets between segments and systems.

Hubs and Switches

A network hub is a simple connection point for devices on the same network. They connect segments of a LAN. Packets are copied to all ports so that all segments can see all packets.

Network switches use MAC addresses to forward data on layer 2. Switches monitor network activity and maintain a MAC learning table. Some switches can forward data based on layer 3 because they have routing functionality. A hub broadcasts data out of each port and allows the devices to decide what messages they need. A network switch only forwards data to the devices that need to receive it.

Figure 3.3: Network devices

A broadcast domain is a logical division of a computer network, in which all nodes can reach each other by broadcast at the data link layer. A broadcast domain can be within the same LAN segment or it can be bridged to other LAN segments. Any device that belongs to a network segment can send a broadcast frame that will be repeated to all other devices in the segment.

Users interact with network services through a high level of abstraction. For example, they only know the URL of a website that they want to access, which is the domain name for the web site, such as redhat.com. The web browser interacts with the underlying network implementation, which reaches a DNS server in order to find the IP address that matches the domain name. Even though the IP address is found, the domain name resolution does not return the MAC address. If the server is on the same local network as the user's computer, the system sends Ethernet broadcast packets to determine if any of the systems are configured with the IP address that the user want to connect to. The corresponding system responds with an Ethernet frame that includes the MAC address.

The Address Resolution Protocol (ARP) is a telecommunication protocol used for resolution of network layer addresses to link layer addresses. The ARP protocol converts a network address to a physical address, such as an Ethernet address.

The following describes the handling of network packets:

A single IP packet can travel though multiple routers to reach its destination, and each time, the Ethernet frame is removed and regenerated by each router. In such cases, the original IP packet is encapsulated in the Ethernet frame. Many Ethernet broadcast domains can be connected with IP routers that allow access to foreign network types used for networks such as Wide Area Networks (WANs), which do not forward broadcast packets.

IP is a layer 3 protocol and can route a packet from its source to its destination. Ether is a layer 2 protocol and routes packets for a single hop. A device transmitting a message on a TCP/IP network must know the next layer 2 hop and the layer 3 final destination.

For example, a device on Subnet A issues the ping command to a device on Subnet B. The device on Subnet A broadcasts a layer 2 ARP request. The request asks which device on the network can route a packet to the device on Subnet B. Because the devices are on different subnets, no local network device recognizes the address.

A router seeing the request checks its routing tables. It has a route to forward packets to Subnet B from Subnet A. The router replies to the request with its own Ethernet address as the source. The device on Subnet A sends the packet to the device on Subnet B using the router's address as the destination. The router receives the packet on its own layer 2 address. It notices that the actual destination address is different from its own. It forwards the packet to the final destination requested by the device on Subnet A.

If the router does not have a route in the routing table for a subnet it will be unable to send packets to any device on that subnet.

Figure 3.4: Routing packets

Administrators partition single layer 2 networks to create multiple broadcast domains that are mutually isolated, so that packets only pass between them via routers. This segregation is known as Virtual Local Area Networks (VLANs). VLANs provide segmentation services traditionally offered by routers in LAN configurations. VLANs address issues such as scalability, security, and network management. Routers in VLAN topologies provide broadcast filtering, security, address summary, and traffic-flow management. VLANs can create multiple layer 3 networks on a single physical segment. For example, a DHCP server available to an unsegmented switch will serve any host on that switch configured to use DHCP. By using VLANs, the switch network can be isolated, such that some hosts see the DHCP server and others do not.

Figure 3.5: VLAN header

In a VLAN environment, VLANs typically map one-to-one with IP subnets, although it is possible to create multiple subnets on a single VLAN. With VLANs, administrators control traffic and react quickly to relocations. VLANs provide the flexibility to adapt to changes in network requirements and to facilitate simplified network management.

Generic Network Virtualization Encapsulation (GENEVE) is a new network standard for cloud tunneling.

VLANs were created to segment network traffic. Unfortunately, their 12-bit field limited the number of VLANs to around 4000. Before the cloud era this limited number was more than enough. Note that many organizations use VLAN networks for tenant networks.

VXLAN (Virtual Extensible LAN) addressed the limitations of VLAN. The larger 24-bit header size ensured a greater number of virtual networks.

GENEVE addresses the limitations by supporting all of the capabilities of VXLAN, NVGRE and STT. GENEVE only encapsulates the data format, meaning that it does not include any specification for the control plane. The GENEVE protocol evolves by adding new optional capabilities, which are transmitted via standard networking equipment without the need for agents. Packets are sent using unicast or multicast addressing to tunnel endpoints. Packets are transmitted to the endpoints using a standard UDP packet, supported by IPv4 and IPv6.

Figure 3.6: GENEVE header

Traditionally, routers were similar to software routers. They moved network packets into their memory, performed various lookups, and then moved the data from memory to the outbound network interface. Switches used to be faster than routers, but modern switches and routers use the same hardware. Many hardware vendors provide switches and routers that can be configured on a per-port basis to either perform switching functions or routing functions.

The current generation of hardware uses the concept of a flow table. Instead of tracking routes and MAC addresses, modern switches and routers have a single lookup table that can match any criteria, such as the source MAC address, the IP address of the destination MAC address, the IP address, or the TCP port, and then decide to either forward the packet or to drop it. Network capabilities, such as statistics, are maintained in the flow table. Network processors provide the support for the flow table.

Network processors are a great innovation, but network protocols have changed little. Instead of developing new protocols for network processors, routers and switches use traditional routing to determine the network flow and inject flow rules into the switch. The first packet in a TCP/IP stream must often be processed by software; later packets are forwarded to destinations using flow rules created in the switch.