Computer Networks

By
Mr. D. Santhosh Gupta M.Tech., (Ph.D.)
Assistant Professor (c)
Dept. of ECE, UCEN
Course Outcomes

▪ Demonstrate different network models for networking links OSI, TCP/IP, B-

ISDN, N-BISDN and get knowledge about various communication techniques,
methods and protocol standards.
▪ Discuss different transmission media and different switching networks.
▪ Analyze data link layer services, functions and protocols like HDLC and PPP.
▪ Compare and Classify medium access control protocols like ALOHA, CSMA,
CSMA/CD, CSMA/CA, Polling, Token passing, FDMA, TDMA, CDMA
protocols
▪ Determine application layer services and client server protocols working with the
client server paradigms like WWW, HTTP, FTP, e-mail and SNMP etc.

Mr. D. Santhosh Gupta, Dept. of ECE 2

 UNIT – V
The Transport Layer:

Transport layer protocols: Introduction- services- port number, User data gram
protocol: User datagram- UDP services- UDP applications, Transmission control
protocol: TCP services- TCP features- Segment- A TCP connection- windows in
TCP- flow control-Error control, TCP Congestion control.

Application Layer – World Wide Web- HTTP, Electronic mail: Architecture- web
based mail- email security, TELENET: Local versus Remote Logging, Domain
Name System: Name Space- DNS in the Internet- Resolution-Caching- Resource
Records- DNS messages- Registrars-security of DNS Name Servers, SNMP.

Mr. D. Santhosh Gupta, Dept. of ECE 3

The Transmission Control Protocol (TCP)

Application Services
(Telnet, FTP, e-mail, WWW)

Reliable Stream Unreliable Transport

Transport (TCP) Service (UDP)

Connectionless Packet Delivery Service

(IP)

Mr. D. Santhosh Gupta, Dept. of ECE 4

Introduction
▪ The transport layer is the heart of the TCP/IP protocol suite; it is the end-to-end logical
vehicle for transferring data from one point to another in the Internet.
▪ It provides a process-to-process communication between two application layers, one at the
local host and the other at the remote host.
▪ Communication is provided using a logical connection, which means that the two
application layers, which can be located in different parts of the globe, assume that there is
an imaginary direct connection through which they can send and receive messages.
▪ The two end systems use the services of the transport layer; all intermediate routers use only
the first three layers.
▪ The transport layer protocols concentrate on flow and error control services provided by an
actual transport layer. Understanding these protocols helps us better understand the design of
the transport-layer protocols in the Internet, such as UDP, TCP, and SCTP.
▪ Fig. shows the position of these three protocols in the TCP/IP protocol suite.

Mr. D. Santhosh Gupta, Dept. of ECE 5

Introduction

Mr. D. Santhosh Gupta, Dept. of ECE 6

Services
▪ Each protocol provides a different type of service and should be used appropriately.
UDP
▪ UDP is an unreliable connectionless transport-layer protocol used for its simplicity and
efficiency in applications where error control can be provided by the application-layer
process.
TCP
▪ TCP is a reliable connection-oriented protocol that can be used in any application where
reliability is important.
SCTP
▪ SCTP is a new transport-layer protocol that combines the features of UDP and TCP.

Mr. D. Santhosh Gupta, Dept. of ECE 7

Port Numbers
▪ A transport-layer protocol usually has several responsibilities. One is to create a process-to-
process communication; these protocols use port numbers to accomplish this.
▪ Port numbers provide end-to-end addresses at the transport layer and allow multiplexing and
demultiplexing at this layer, just as IP addresses do at the network layer.
▪ Table gives some common port numbers for all three protocols.
Port Protocol UDP TCP SCTP Description
7 Echo ✓ ✓ ✓ Echoes back a received datagram
9 Discard ✓ ✓ ✓ Discards any datagram that is received
11 Users ✓ ✓ ✓ Active users
13 Daytime ✓ ✓ ✓ Returns the date and the time
17 Quota ✓ ✓ ✓ Returns a quote of the day
19 Chargen ✓ ✓ ✓ Returns a string of characters
20 FTP-data ✓ ✓ File Transfer Protocol
21 FTP-21 ✓ ✓ File Transfer Protocol
Mr. D. Santhosh Gupta, Dept. of ECE 8
Port Numbers
Port Protocol UDP TCP SCTP Description
[L7
23 TELNET ✓ ✓ Terminal Network
25 SMTP ✓ ✓ Simple Mail Transfer Protocol
53 DNS ✓ ✓ ✓ Domain Name Service
67 DHCP ✓ ✓ ✓ Dynamic Host Configuration Protocol
69 TFTP ✓ ✓ ✓ Trivial File Transfer Protocol
80 HTTP ✓ ✓ HyperText Transfer Protocol
111 RPC ✓ ✓ ✓ Remote Procedure Call
123 NTP ✓ ✓ ✓ Network Time Protocol
161 SNMP-server ✓ Simple Network Management Protocol
162 SNMP-client ✓ Simple Network Management Protocol

Mr. D. Santhosh Gupta, Dept. of ECE 9

UDP: User Datagram Protocol
▪ The User Datagram Protocol (UDP) is a connectionless, unreliable transport protocol.
▪ It does not add anything to the services of IP except for providing process-to-process
communication instead of host-to-host communication.
▪ If UDP is so powerless, why would a process want to use it? With the disadvantages come
some advantages.
▪ UDP is a very simple protocol using a minimum of overhead. If a process wants to send a
small message and does not care much about reliability, it can use UDP. Sending a small
message using UDP takes much less interaction between the sender and receiver than using
TCP.
User Datagram
▪ UDP packets, called user datagrams, have a fixed-size header of 8 bytes made of four fields,
each of 2 bytes (16 bits).
▪ Figure shows the format of a user datagram.
Mr. D. Santhosh Gupta, Dept. of ECE 10
UDP: User Datagram Protocol
▪ The first two fields define the source and destination port numbers. The third field defines
the total length of the user datagram, header plus data. The 16 bits can define a total length
of 0 to 65,535 bytes.
▪ However, the total length needs to be less because a UDP user datagram is stored in an IP
datagram with the total length of 65,535 bytes. The last field can carry the optional
checksum.

Mr. D. Santhosh Gupta, Dept. of ECE 11

UDP: Services
▪ The general services provided by transport layer protocol are known. In those what portions
of general services are provided by UDP is discussed below:
Process-to-Process Communication
▪ UDP provides process-to-process communication using socket addresses, a combination of
IP addresses and port numbers.
Connectionless Services
▪ UDP provides a connectionless service. This means that each user datagram sent by UDP is
an independent datagram. There is no relationship between the different user datagrams even
if they are coming from the same source process and going to the same destination program.
The user datagrams are not numbered.
▪ Also, unlike TCP, there is no connection establishment and no connection termination. This
means that each user datagram can travel on a different path.

Mr. D. Santhosh Gupta, Dept. of ECE 12

UDP: Services
▪ Only those processes sending short messages, messages less than 65,507 bytes (65,535 minus 8 bytes for the
UDP header and minus 20 bytes for the IP header), can use UDP.
Flow Control

▪ UDP is a very simple protocol. There is no flow control, and hence no window mechanism. The receiver may
overflow with incoming messages.
Error Control
▪ There is no error control mechanism in UDP except for the checksum. This means that the sender does not know
if a message has been lost or duplicated. When the receiver detects an error through the checksum, the user
datagram is silently discarded.

Checksum
▪ UDP checksum calculation includes three sections: a pseudoheader, the UDP header, and the data coming from
the application layer.
▪ The pseudoheader is the part of the header of the IP packet in which the user datagram is to be encapsulated with
some fields filled with 0s.
Mr. D. Santhosh Gupta, Dept. of ECE 13
UDP: Services
▪ If the checksum does not include the pseudoheader, a user datagram may arrive safe and
sound. However, if the IP header is corrupted, it may be delivered to the wrong host.
▪ The protocol field is added to ensure that the packet belongs to UDP, and not to TCP. The
value of the protocol field for UDP is 17. If this value is changed during transmission, the
checksum calculation at the receiver will detect it and UDP drops the packet. It is not
delivered to the wrong protocol.

Mr. D. Santhosh Gupta, Dept. of ECE 14

UDP: Applications
▪ UDP is preferable for some applications. The reason is that some services may have some side effects that
are either unacceptable or not preferable.
▪ An application designer sometimes needs to compromise to get the optimum.
UDP Features
Connectionless Service
▪ UDP is a connectionless protocol. Each UDP packet is independent from other packets sent by the same
application program. This feature can be considered as an advantage or disadvantage depending on the
application requirements.
▪ It is an advantage if, for example, a client application needs to send a short request to a server and to
receive a short response. If the request and response can each fit in a single user datagram, a connectionless
service may be preferable. The overhead to establish and close a connection may be significant in this case.
▪ In the connection oriented service, to achieve the above goal, at least 9 packets are exchanged between the
client and the server; in connectionless service only 2 packets are exchanged. The connectionless service
provides less delay; the connection-oriented service creates more delay. If delay is an important issue for
the application, the connectionless service is preferred.

Mr. D. Santhosh Gupta, Dept. of ECE 15

UDP: Applications
Lack of Error Control
▪ UDP does not provide error control; it provides an unreliable service. Although a reliable
service is desirable, it may have some side effects that are not acceptable to some
applications.
▪ When a transport layer provides reliable services, if a part of the message is lost or
corrupted, it needs to be resent; there is an uneven delay between different parts of the
message delivered to the application layer. Some applications, by nature, do not even notice
these uneven delays, but for some they are very problematic.
Lack of Congestion Control
▪ UDP does not provide congestion control. However, UDP does not create additional traffic
in an error-prone network. TCP may resend a packet several times and thus contribute to the
creation of congestion or worsen a congested situation. Therefore, in some cases, lack of
error control in UDP can be considered an advantage when congestion is a big issue.

Mr. D. Santhosh Gupta, Dept. of ECE 16

UDP: Applications
▪ The following shows some typical applications that can benefit more from the services of
UDP than from those of TCP.
▪ UDP is suitable for a process that requires simple request-response communication with
little concern for flow and error control. It is not usually used for a process such as FTP
that needs to send bulk data.
▪ UDP is suitable for a process with internal flow- and error-control mechanisms.
▪ UDP is a suitable transport protocol for multicasting. Multicasting capability is
embedded in the UDP software but not in the TCP software.
▪ UDP is used for management processes such as SNMP.
▪ UDP is used for some route updating protocols such as Routing Information Protocol
(RIP).
▪ UDP is normally used for interactive real-time applications that cannot tolerate uneven
delay between sections of a received message.

Mr. D. Santhosh Gupta, Dept. of ECE 17

TCP: Transmission Control Protocol
▪ Transmission Control Protocol (TCP) is a connection-oriented, reliable protocol.
▪ TCP explicitly defines connection establishment, data transfer, and connection teardown phases to
provide a connection-oriented service.
▪ TCP uses a combination of GBN and SR protocols to provide reliability.
▪ To achieve this goal, TCP uses checksum (for error detection), retransmission of lost or corrupted
packets, cumulative and selective acknowledgments, and timers. TCP is the most common transport-
layer protocol in the Internet.
TCP: Services
Process-to-Process Communication
• As with UDP, TCP provides process-to-process communication using port numbers.
Stream Delivery Service
• TCP, unlike UDP, is a stream-oriented protocol.
• In UDP, a process sends messages with predefined boundaries to UDP for delivery. UDP adds its own header to
each of these messages and delivers it to IP for transmission.
Mr. D. Santhosh Gupta, Dept. of ECE 18
TCP: Services
• Each message from the process is called a user datagram, and becomes, eventually, one IP datagram. Neither IP
nor UDP recognizes any relationship between the datagrams.
• TCP, on the other hand, allows the sending process to deliver data as a stream of bytes and allows the receiving
process to obtain data as a stream of bytes. TCP creates an environment in which the two processes seem to be
connected by an imaginary “tube” that carries their bytes across the Internet. The sending process produces
(writes to) the stream and the receiving process consumes (reads from) it.
Sending and Receiving Buffers
• Because the sending and the receiving processes may not necessarily write or read data at the same rate, TCP
needs buffers for storage. There are two buffers, the sending buffer and the receiving buffer, one for each
direction.

Mr. D. Santhosh Gupta, Dept. of ECE 19

TCP: Services
Bytes and Segments
▪ Buffering is used to handle the difference between the speed of data transmission and data consumption.
But only buffering is not enough.
▪ There is a need of one more step before sending the data on the Internet Protocol (IP) layer as a TCP
service provider. It needs to send data in the form of packets and not as a stream of bytes.
▪ At the transport layer, TCP groups several bytes into a packet and this is called a segment. A header is
added to each segment to exercise control.
▪ The segment is encapsulated in an IP diagram and then transmitted. The entire operation is transparent to
the receiving process. The segment may be deceived out of order, lost or corrupted when it receives the
receiving end.
▪ The segments are not of the same size. Each segment can carry hundreds of bytes.
Full-Duplex Service
▪ TCP offers a full-duplex service where the data can flow in both directions simultaneously. Each TCP will
then have a sending buffer and receiving buffer. The TCP segments are sent in both directions.

Mr. D. Santhosh Gupta, Dept. of ECE 20

TCP: Services
Multiplexing and Demultiplexing
▪ Like UDP, TCP performs multiplexing at the sender and demultiplexing at the receiver. However, since TCP is a
connection-oriented protocol, a connection needs to be established for each pair of processes.
Connection-Oriented Service
▪ Already aware that the TCP is a connection-oriented protocol. When a process wants to communicate (send and
receive) with another process (process -2), the sequence of operations is as follows:
▪ TCP of process-1 informs TCP of process-2 and gets its approval.
▪ TCP of process-1 tells TCP of process-2 exchange data in both directions.
▪ After completing the data exchange, when buffers on both sides are empty, the two TCPs destroy their
buffers
▪ The type of connection in TCP is not physical, but it is virtual. The TCP segment encapsulated in an IP datagram
can be sent out of order. These segments can get lost or corrupted and may have to be resend. Each segment may
take a different path to reach the destination.
Reliable Service
▪ TCP is a reliable transport protocol. It uses an acknowledgment mechanism for checking the safe and sound
arrival of data.
Mr. D. Santhosh Gupta, Dept. of ECE 21
TCP: Features
Numbering System
▪ Although the TCP software keeps track of the segments being transmitted or received, there is no field for a
segment number value in the segment header. Instead, there are two fields, called the sequence number and the
acknowledgment number. These two fields refer to a byte number and not a segment number.
Byte Number
▪ TCP numbers all data bytes (octets) that are transmitted in a connection. Numbering is independent in each
direction. When TCP receives bytes of data from a process, TCP stores them in the sending buffer and numbers
them. The numbering does not necessarily start from 0. Instead, TCP chooses an arbitrary number between 0 and
232 − 1 for the number of the first byte.
▪ For example, if the number happens to be 1057 and the total data to be sent is 6000 bytes, the bytes are numbered
from 1057 to 7056. The byte numbering is used for flow and error control.
Sequence Number
• After the bytes have been numbered, TCP assigns a sequence number to each segment that is being sent. The
sequence number, in each direction, is defined as follows:
1. The sequence number of the first segment is the ISN (initial sequence number), which is a random number.

Mr. D. Santhosh Gupta, Dept. of ECE 22

TCP: Features
2. The sequence number of any other segment is the sequence number of the previous segment plus the number of
bytes (real or imaginary) carried by the previous segment.
▪ When a segment carries a combination of data and control information (piggybacking), it uses a sequence
number.
▪ If a segment does not carry user data, it does not logically define a sequence number. The field is there, but the
value is not valid.
▪ However, some segments, when carrying only control information, need a sequence number to allow an
acknowledgment from the receiver. These segments are used for connection establishment, termination, or
abortion. Each of these segments consume one sequence number as though it carries one byte, but there are no
actual data.
Acknowledgment Number
• Communication in TCP is full duplex; when a connection is established, both parties can send and receive data at
the same time. Each party numbers the bytes, usually with a different starting byte number.
• The sequence number in each direction shows the number of the first byte carried by the segment. Each party
also uses an acknowledgment number to confirm the bytes it has received. However, the acknowledgment
number defines the number of the next byte that the party expects to receive.

Mr. D. Santhosh Gupta, Dept. of ECE 23

TCP: Features
▪ In addition, the acknowledgment number is cumulative, which means that the party takes the number of the
last byte that it has received, safe and sound, adds 1 to it, and announces this sum as the acknowledgment
number.
▪ The term cumulative here means that if a party uses 5643 as an acknowledgment number, it has received all
bytes from the beginning up to 5642.
Segment
▪ Before discussion in detail about TCP, know about TCP packets. A packet in TCP is called a segment.
Format
▪ The format of a segment is shown in Fig. The segment consists of a header of 20 to 60 bytes, followed by
data from the application program. The header is 20 bytes if there are no options and up to 60 bytes if it
contains options.
• Source port address. This is a 16-bit field that defines the port number of the application program in the
host that is sending the segment.
• Destination port address. This is a 16-bit field that defines the port number of the application program in
the host that is receiving the segment.
Mr. D. Santhosh Gupta, Dept. of ECE 24
Mr. D. Santhosh Gupta, Dept. of ECE 25
TCP: Segment
• Sequence number. This 32-bit field defines the number assigned to the first byte of data contained in this
segment. As, TCP is a stream transport protocol. To ensure connectivity, each byte to be transmitted is numbered.
The sequence number tells the destination which byte in this sequence is the first byte in the segment. During
connection establishment each party uses a random number generator to create an initial sequence number
(ISN), which is usually different in each direction.
• Acknowledgment number. This 32-bit field defines the byte number that the receiver of the segment is expecting
to receive from the other party. If the receiver of the segment has successfully received byte number x from the
other party, it returns x + 1 as the acknowledgment number. Acknowledgment and data can be piggybacked
together.
• Header length. This 4-bit field indicates the number of 4-byte words in the TCP header. The length of the header
can be between 20 and 60 bytes. Therefore, the value of this field is always between 5 (5 × 4 = 20) and 15 (15 ×
4 = 60).
• Control. This field defines 6 different control bits or flags, as shown in Fig. One or more of these bits can be set
at a time. These bits enable flow control, connection establishment and termination, connection abortion, and the
mode of data transfer in TCP.

Mr. D. Santhosh Gupta, Dept. of ECE 26

TCP: Segment
• Window size. This field defines the window size of the sending TCP in bytes. Note that the length of this field is
16 bits, which means that the maximum size of the window is 65,535 bytes. This value is normally referred to as
the receiving window (rwnd) and is determined by the receiver.
• Checksum. This 16-bit field contains the checksum. The calculation of the checksum for TCP follows the same
procedure as the one described for UDP. However, the use of the checksum in the UDP datagram is optional,
whereas the use of the checksum for TCP is mandatory. For the TCP pseudoheader, the value for the protocol
field is 6.
• Urgent pointer. This 16-bit field, which is valid only if the urgent flag is set, is used when the segment contains
urgent data. It defines a value that must be added to the sequence number to obtain the number of the last urgent
byte in the data section of the segment.
• Options. There can be up to 40 bytes of optional information in the TCP header.
Encapsulation
• A TCP segment encapsulates the data received from the application layer. The TCP segment is encapsulated in an
IP datagram, which in turn is encapsulated in a frame at the data-link layer.

Mr. D. Santhosh Gupta, Dept. of ECE 27

A TCP Connection
• A connection-oriented transport protocol establishes a logical path between the source and destination. All of the
segments belonging to a message are then sent over this logical path. Using a single logical pathway for the
entire message facilitates the acknowledgment process as well as retransmission of damaged or lost frames.
• TCP uses the services of IP to deliver individual segments to the receiver, but it controls the connection itself. If a
segment is lost or corrupted, it is retransmitted. Unlike TCP, IP is unaware of this retransmission. If a segment
arrives out of order, TCP holds it until the missing segments arrive; IP is unaware of this reordering.
• In TCP, connection-oriented transmission requires three phases: connection establishment, data transfer, and
connection termination.
Connection Establishment
• TCP transmits data in full-duplex mode. When two TCPs in two machines are connected, they are able to send
segments to each other simultaneously. This implies that each party must initialize communication and get
approval from the other party before any data are transferred.
Three-Way Handshaking
• The connection establishment in TCP is called three-way handshaking. In our example, an application program,
called the client, wants to make a connection with another application program, called the server, using TCP as
the transport-layer protocol.

Mr. D. Santhosh Gupta, Dept. of ECE 28

A TCP Connection
• The process starts with the server. The server program tells its TCP that it is ready to accept a connection. This
request is called a passive open. Although the server TCP is ready to accept a connection from any machine in
the world, it cannot make the connection itself.
• The client program issues a request for an active open. A client that wishes to connect to an open server tells its
TCP to connect to a particular server. TCP can now start the three-way handshaking process, as shown in Fig.

Mr. D. Santhosh Gupta, Dept. of ECE 29

A TCP Connection

• The requesting end (Host A) sends an SYN segment determining the server's port number that the client needs to
connect to and its initial sequence number (x).
• The server (Host B) acknowledges its own SYN segment, including the servers initial sequence number (y). The server
also responds to the client SYN by accepting the sender's SYN plus one (X + 1).
• An SYN consumes one sequence number. The client should acknowledge this SYN from the server by accepting the
server's SEQ plus one (SEQ = x + 1, ACK = y + 1). This is how a TCP connection is settled.
Connection Termination (Connection Release)
• While it creates three segments to establish a connection, it takes four segments to terminate a connection. During a
TCP connection is full-duplex, each direction should be shut down alone.

Mr. D. Santhosh Gupta, Dept. of ECE 30

A TCP Connection
• The termination procedure for each host is shown in the figure. The rule is that either end can share a FIN when
it has finished sending data.
• When a TCP receives a FIN, it should notify the application that the other end has terminated that data flow
direction. The sending of a FIN is usually the result of the application issuing a close.
• The receipt of a FIN only means that there will be no more data flowing in that direction. A TCP can send data
after receiving a FIN. The end that first issues the close (example, send the first FIN) executes the active close.
The other end (that receives this FIN) manages the passive close.

Mr. D. Santhosh Gupta, Dept. of ECE 31

Windows in TCP
• Before discussing data transfer in TCP and the issues such as flow, error, and congestion control, describe the
windows used in TCP. TCP uses two windows (send window and receive window) for each direction of data
transfer, which means four windows for a bidirectional communication.
• To make the discussion simple, make an unrealistic assumption that communication is only unidirectional (say
from client to server); the bidirectional communication can be inferred using two unidirectional communications
with piggybacking.
Send Window
• Fig shows an example of a send window. The window size is 100 bytes, but later the send window size is
dictated by the receiver (flow control) and the congestion in the underlying network (congestion control). The
figure shows how a send window opens, closes, or shrinks.
• The send window in TCP is similar to the one used with the Selective-Repeat protocol, but with some
differences:
1. One difference is the nature of entities related to the window.
2. The second difference is that, in some implementations (TCP can store data received from the process and send
them later)
3. Another difference is the number of timers. (SR – Many, TCP – 1)
Mr. D. Santhosh Gupta, Dept. of ECE 32
Send Window in TCP

Mr. D. Santhosh Gupta, Dept. of ECE 33

Receive Window in TCP

Mr. D. Santhosh Gupta, Dept. of ECE 34

Windows in TCP
Receive Window
• Fig shows an example of a receive window. The window size is 100 bytes. The figure also shows how the receive
window opens and closes; in practice, the window should never shrink.
• There are two differences between the receive window in TCP and the one used for SR.
1. The first difference is that TCP allows the receiving process to pull data at its own pace. The receive window
size determines the number of bytes that the receive window can accept from the sender before being
overwhelmed (flow control). In other words, the receive window size, normally called rwnd, can be determined
as: 𝒓𝒘𝒏𝒅 = 𝒃𝒖𝒇𝒇𝒆𝒓 𝒔𝒊𝒛𝒆 − 𝒏𝒖𝒎𝒃𝒆𝒓 𝒐𝒇 𝒘𝒂𝒊𝒕𝒊𝒏𝒈 𝒃𝒚𝒕𝒆𝒔 𝒕𝒐 𝒃𝒆 𝒑𝒖𝒍𝒍𝒆𝒅
2. The second difference is the way acknowledgments are used in the TCP protocol.

Mr. D. Santhosh Gupta, Dept. of ECE 35

TCP: Flow Control
• Flow control balances the rate a producer creates data with the rate a consumer can use the data. TCP separates
flow control from error control.
• In a communication network, in order for two network hosts to communicate with each other, one has to send a
packet while another host has to receive it. It might happen that both the hosts have
different hardware and software specifications and accordingly their processors might differ.
• If the receiver host has a fast processor which can consume messages sent at a higher rate by the sender then the
communication works well and no problem will occur. But have you ever wondered what would happen if the
receiver had a slower processor? Well, in this case, the incoming messages will keep coming and will be added to
the receiver’s queue.
• Once the receiver’s queue is filled, the messages will start dropping leading to the wastage of channel packets. In
order to overcome this issue of the slow receiver and fast sender, the concept of flow control comes into the
picture.
• For the slow sender and fast receiver, no flow control is required. Whereas for the fast sender and slow receiver,
flow control is important.
• In the fig., TCP stores the data that needs to be sent in the send buffer and the data to be received in the receive
buffer.

Mr. D. Santhosh Gupta, Dept. of ECE 36

TCP: Flow Control

• Flow control makes sure that no more packets are sent by the sender once the receiver’s buffer is full as the
messages will be dropped and the receiver won’t be able to handle them. In order to control the amount of data
sent by the TCP, the receiver will create a buffer which is also known as Receive Window.

• The TCP needs to send ACK every time it receives the data packet, acknowledging that the packet is received
successfully and with this value of ACK it sends the value of the current receive window so that sender knows
where to send the data.

Mr. D. Santhosh Gupta, Dept. of ECE 37

TCP: Error Control
• TCP protocol has methods for finding out corrupted segments, missing segments, out-of-order segments and
duplicated segments.
• Error control in TCP is mainly done through the use of three simple techniques :
1. Checksum – Every segment contains a checksum field which is used to find corrupted segments. If the segment
is corrupted, then that segment is discarded by the destination TCP and is considered lost.
2. Acknowledgement – TCP has another mechanism called acknowledgement to affirm that the data segments have
been delivered. Control segments that contain no data but have sequence numbers will be acknowledged as well
but ACK segments are not acknowledged.
3. Retransmission – When a segment is missing, delayed to deliver to a receiver, corrupted when it is checked by
the receiver then that segment is retransmitted again. Segments are retransmitted only during two events: when
the sender receives three duplicate acknowledgements (ACK) or when a retransmission timer expires.
• Retransmission after RTO: TCP always preserves one retransmission time-out (RTO) timer for all sent but not
acknowledged segments. When the timer runs out of time, the earliest segment is retransmitted. Here no timer is
set for acknowledgement. In TCP, the RTO value is dynamic in nature and it is updated using the round trip time
(RTT) of segments. RTT is the time duration needed for a segment to reach the receiver and an acknowledgement
to be received by the sender.

Mr. D. Santhosh Gupta, Dept. of ECE 38

TCP: Error Control
• Retransmission after Three duplicate ACK segments: RTO method works well when the value of RTO is
small. If it is large, more time is needed to get confirmation about whether a segment has been delivered or not.
Sometimes one segment is lost and the receiver receives so many out-of-order segments that they cannot be
saved. In order to solve this situation, three duplicate acknowledgement method is used and missing segment is
retransmitted immediately instead of retransmitting already delivered segment. This is a fast retransmission
because it makes it possible to quickly retransmit lost segments instead of waiting for timer to end.

Mr. D. Santhosh Gupta, Dept. of ECE 39

TCP: Congestion Control
• TCP congestion control is a method used by the TCP protocol to manage data flow over a network and prevent
congestion. TCP uses a congestion window and congestion policy that avoids congestion.
• Previously, assumed that only the receiver could dictate the sender’s window size & ignored another entity here,
the network. If the network cannot deliver the data as fast as it is created by the sender, it must tell the sender to
slow down.
• In other words, in addition to the receiver, the network is a second entity that determines the size of the sender’s
window
• Congestion Policy in TCP
1. Slow Start Phase: Starts slow increment is exponential to the threshold.
2. Congestion Avoidance Phase: After reaching the threshold increment is by 1.
3. Congestion Detection Phase: The sender goes back to the Slow start phase or the Congestion avoidance phase.
• Slow Start Phase Exponential increment: In this phase after every RTT the congestion window size increments
exponentially.
• Congestion Avoidance Phase
Additive increment: This phase starts after the threshold value also denoted as
𝑠𝑠𝑡ℎ𝑟𝑒𝑠ℎ. The size of 𝑐𝑤𝑛𝑑 (congestion window) increases additive. After each RTT, 𝑐𝑤𝑛𝑑 = 𝑐𝑤𝑛𝑑 + 1.

Mr. D. Santhosh Gupta, Dept. of ECE 40

TCP: Congestion Control
• Congestion Detection Phase
Multiplicative decrement: If congestion occurs, the congestion window size is
decreased. The only way a sender can guess that congestion has happened is the need to retransmit a segment.
Retransmission is needed to recover a missing packet that is assumed to have been dropped by a router due to
congestion.
• Retransmission can occur in one of two cases: when the RTO timer times out or when three duplicate ACKs are
received.
• Case 1: Retransmission due to Timeout – In this case, the congestion possibility is high.
• Case 2: Retransmission due to 3 Acknowledgement Duplicates – The congestion possibility is less.

Mr. D. Santhosh Gupta, Dept. of ECE 41

Application Layer : WWW

• WWW stands for World Wide Web and is commonly known as the Web. The WWW was started by CERN in
1989. WWW is defined as the collection of different websites around the world, containing different information
shared via local servers (or computers).
• Web pages are linked together using hyperlinks which are HTML-formatted and, also referred to as hypertext,
these are the fundamental units of the Internet and are accessed through Hyper Text Transfer Protocol(HTTP).
Such digital connections, or links, allow users to easily access desired information by connecting relevant pieces
of information. The benefit of hypertext is it allows you to pick a word or phrase from the text and click on other
sites that have more information about it.
System Architecture
• From the user’s point of view, the web consists of a vast, worldwide connection of documents or web pages.
Each page may contain links to other pages anywhere in the world. The pages can be retrieved and viewed by
using browsers of which internet explorer, Netscape Navigator, Google Chrome, etc. are the popular ones. The
browser fetches the page requested interprets the text and formatting commands on it, and displays the page,
properly formatted, on the screen.
• The basic model of how the web works are shown in the figure below. Here the browser is displaying a web page
on the client machine. When the user clicks on a line of text that is linked to a page on the abd.com server, the
browser follows the hyperlink by sending a message to the abd.com server asking it for the page.
Mr. D. Santhosh Gupta, Dept. of ECE 42
Application Layer : WWW

Working of WWW:
• The below diagram indicates how the Web operates just like client-server architecture of the internet. When users
request web pages or other information, then the web browser of your system request to the server for the
information and then the web server provide requested services to web browser back and finally the requested
service is utilized by the user who made the request.

Mr. D. Santhosh Gupta, Dept. of ECE 43

Application Layer : WWW

• Web browsers can be used for several tasks including conducting searches, mailing, transferring files, and much
more. Some of the commonly used browsers are Internet Explorer, Opera Mini, and Google Chrome.
Features of WWW
• WWW is open source.
• It is a distributed system spread across various websites.
• It is a Hypertext Information System.
• It is Cross-Platform.
• Uses Web Browsers to provide a single interface for many services.
• Dynamic, Interactive and Evolving.
Components of the Web
• There are 3 components of the web:
• Uniform Resource Locator (URL): serves as a system for resources on the web.
• Hyper Text Transfer Protocol (HTTP): specifies communication of browser and server.
• Hyper Text Markup Language (HTML): defines the structure, organisation and content of a web page.

Mr. D. Santhosh Gupta, Dept. of ECE 44

Application Layer : HTTP

• HTTP stands for HyperText Transfer Protocol. It is a protocol used to access the data on the World Wide Web.
• The protocol used to transfer hypertext between two computers is known as HyperText Transfer Protocol.
HTTP provides a standard between a web browser and a web server to establish communication. It is a set of
rules for transferring data from one computer to another.
• Whenever a web user opens their web browser, the user indirectly uses HTTP. It is an application protocol that is
used for distributed, collaborative, hypermedia information systems.
Working of HTTP
• First of all, whenever want to open any website then first open a web browser after that will type the URL of that
website (e.g., www.facebook.com ). This URL is now sent to the Domain Name Server (DNS). Then DNS first
check records for this URL in their database, then DNS will return the IP address to the web browser
corresponding to this URL. Now the browser is able to send requests to the actual server.
• After the server sends data to the client, the connection will be closed. If required something else from the server
then have to re-establish the connection between the client and the server.

Mr. D. Santhosh Gupta, Dept. of ECE 45

Application Layer : HTTP

HTTP Request
• HTTP request is simply termed as the information or data that is needed by Internet browsers for loading a website. This
is simply known as HTTP Request.
• There is some common information that is generally present in all HTTP requests. These are mentioned below.
• HTTP Version
• URL
• HTTP Method
• HTTP Request Headers
• HTTP Body
• HTTP Request Headers HTTP Request Headers generally store information in the form of key-value and must be
present in each HTTP Request. The use of this Request Header is to provide core information about the client’s
information, etc.
• HTTP Request Body HTTP Request Body simply contains the information that has to be transferred. HTTP Request
has the information or data to be sent to these browsers.
• HTTP Method HTTP Methods are simply HTTP Verb. In spite of being present so many HTTP Methods, the most
common HTTP Methods are HTTP GET and HTTP POST. These two are generally used in HTTP cases. In HTTP GET,
the information is received in the form of a website.
Mr. D. Santhosh Gupta, Dept. of ECE 46
Application Layer : HTTP

HTTP Response
• HTTP Response is simply the answer to what a Server gets when the request is raised. There are various things contained in HTTP
Response, some of them are listed below.
• HTTP Status Code
• HTTP Headers
• HTTP Body
• HTTP Response Headers HTTP Response headers are simply like an HTTP Request where it has that work to send some
important files and data to the HTTP Response Body.
• HTTP Response Body HTTP Responses are the responses that are received successfully upon the request. Generally, it comes
under the requests generated by the web. In most cases, the request is of transferring the HTML data into a webpage.

Mr. D. Santhosh Gupta, Dept. of ECE 47

Application Layer : HTTP

• HTTP Status Code HTTP Status Codes are the 3-Digit codes that tell the message or simply tell us about the HTTP Request whether
it has been completed or not. There are simply 5 types of status codes.
• Informational
• Successful
• Re-directional
• Client-Error
• Server-Error
Characteristics of HTTP
• HTTP is IP based communication protocol that is used to deliver data from server to client or vice-versa.
• The server processes a request, which is raised by the client, and also server and client know each other only during the current bid and
response period.
• Any type of content can be exchanged as long as the server and client are compatible with it.
• Once data is exchanged, servers and clients are no longer connected.
• It is a request and response protocol based on client and server requirements.
• It is a connection-less protocol because after the connection is closed, the server does not remember anything about the client and the
client does not remember anything about the server.
• It is a stateless protocol because both client and server do not expect anything from each other but they are still able to communicate.
Mr. D. Santhosh Gupta, Dept. of ECE 48
Application Layer : Electronic Mail
• Electronic mail (or e-mail) allows users to exchange messages. In an application such as HTTP or FTP, the server
program is running all the time, waiting for a request from a client. When the request arrives, the server provides
the service. There is a request and there is a response. In the case of electronic mail, the situation is different.
• First, e-mail is considered a one-way transaction. When Alice sends an email to Bob, she may expect a response,
but this is not a mandate. Bob may or may not respond. If he does respond, it is another one-way transaction.
• Second, it is neither feasible nor logical for Bob to run a server program and wait until someone sends an e-mail to
him. Bob may turn off his computer when he is not using it. This means that the idea of client/server programming
should be implemented in another way: using some intermediate computers (servers).
• The users run only client programs when they want and the intermediate servers apply the client/server paradigm.
Architecture
• To explain the architecture of e-mail, consider a common scenario, as shown in Fig. Another possibility is the case
in which Alice or Bob is directly connected to the corresponding mail server, in which LAN or WAN connection is
not required, but this variation in the scenario does not affect.
• In the common scenario, the sender and the receiver of the e-mail, Alice and Bob respectively, are connected via a
LAN or a WAN to two mail servers. The administrator has created one mailbox for each user where the received
messages are stored.

Mr. D. Santhosh Gupta, Dept. of ECE 49

Application Layer : Electronic Mail

Mr. D. Santhosh Gupta, Dept. of ECE 50

Application Layer : Electronic Mail
• A mailbox is part of a server hard drive, a special file with permission restrictions. Only the owner of the mailbox
has access to it. The administrator has also created a queue (spool) to store messages waiting to be sent.
• A simple e-mail from Alice to Bob takes nine different steps, as shown in the figure.
• Alice and Bob use three different agents: a user agent (UA), a message transfer agent (MTA), and a message
access agent (MAA).
• When Alice needs to send a message to Bob, she runs a UA program to prepare the message and send it to her
mail server. The mail server at her site uses a queue (spool) to store messages waiting to be sent.
• The message, however, needs to be sent through the Internet from Alice’s site to Bob’s site using an MTA. Here
two message transfer agents are needed: one client and one server.
• Like most client-server programs on the Internet, the server needs to run all the time because it does not know
when a client will ask for a connection. The client, on the other hand, can be triggered by the system when there
is a message in the queue to be sent.
• The user agent at the Bob site allows Bob to read the received message. Bob later uses an MAA client to retrieve
the message from an MAA server running on the second server.

Mr. D. Santhosh Gupta, Dept. of ECE 51

Application Layer : Electronic Mail
• There are two important points to emphasize here.
• First, Bob cannot bypass the mail server and use the MTA server directly. To use the MTA server directly,
Bob would need to run the MTA server all the time because he does not know when a message will arrive.
This implies that Bob must keep his computer on all the time if he is connected to his system through a
LAN. If he is connected through a WAN, he must keep the connection up all the time. Neither of these
situations is feasible today.
• Second, note that Bob needs another pair of client-server programs: message access programs. This is
because an MTA client-server program is a push program: the client pushes the message to the server. Bob
needs a pull program. The client needs to pull the message from the server.
The electronic mail system needs two UAs, two pairs of MTAs (client and server),
and a pair of MAAs (client and server).

Mr. D. Santhosh Gupta, Dept. of ECE 52

Application Layer : Web-Based Mail
• E-mail is such a common application that some websites today provide this service to anyone who accesses the
site. Three common sites are Hotmail, Yahoo, and Google mail. The idea is very simple. Fig. shows two cases:

Mr. D. Santhosh Gupta, Dept. of ECE 53

Case I
• In the first case, Alice, the sender, uses a traditional mail server; Bob, the receiver, has an account on a web-
based server.
• Mail transfer from Alice’s browser to her mail server is done through SMTP. The transfer of the message
from the sending mail server to the receiving mail server is still through SMTP. However, the message from
the receiving server (the web server) to Bob’s browser is done through HTTP.
• In other words, instead of using POP3 or IMAP4, HTTP is normally used.
• When Bob needs to retrieve his e-mails, he sends a request HTTP message to the website (Hotmail, for
example). The website sends a form to be filled in by Bob, which includes the log-in name and the
password. If the log-in name and password match, the list of e-mails is transferred from the web server to
Bob’s browser in HTML format. Now Bob can browse through his received e-mails and then, using more
HTTP transactions, can get his e-mails one by one.
Case II
• In the second case, both Alice and Bob use web servers, but not necessarily the same server. Alice sends the
message to the web server using HTTP transactions. Alice sends an HTTP request message to her web
server using the name and address of Bob’s mailbox as the URL. The server at the Alice site passes the
message to the SMTP client and sends it to the server at the Bob site using SMTP protocol. Bob receives the
message using HTTP transactions. However, the message from the server at the Alice site to the server at the
Bob site still takes place using SMTP protocol.

Mr. D. Santhosh Gupta, Dept. of ECE 54

Application Layer : E-Mail Security
• The protocol discussed does not provide any security provisions.
• However, e-mail exchanges can be secured using two application-layer securities designed in particular for e-
mail systems. Two of these protocols, Pretty Good Privacy (PGP) and Secure/Multipurpose Internet Mail
Extensions (S/MIME).

Mr. D. Santhosh Gupta, Dept. of ECE 55

Application Layer : TELNET
• A server program can provide a specific service to its corresponding client program. For e.g., the FTP server is
designed to let the FTP client store or retrieve files on the server site. However, it is impossible to have a client/server
pair for each type of service; the number of servers soon becomes intractable. The idea is not scalable.
• Another solution is to have a specific client/server program for a set of common scenarios, but to have some generic
client/server programs that allow a user on the client site to log into the computer at the server site and use the
services available there.
• For e.g., if a student needs to use the Java compiler program at her university lab, there is no need for a Java compiler
client and a Java compiler server. The student can use a client logging program to log into the university server and
use the compiler program at the university. Refer to these generic client/server pairs as remote logging applications.
• One of the original remote logging protocols is TELNET, which is an abbreviation for TErminaL NETwork. Although
TELNET requires a logging name and password, it is vulnerable to hacking because it sends all data including the
password in plaintext (not encrypted). A hacker can eavesdrop and obtain the logging name and password.
• Because of this security issue, the use of TELNET has diminished in favor of another protocol, Secure Shell (SSH).
Although TELNET is almost replaced by SSH, briefly discuss TELNET for two reasons:
1. The simple plaintext architecture of TELNET allows us to explain the issues and challenges related to the concept of
remote logging, which is also used in SSH when it serves as a remote logging protocol.
2. Network administrators often use TELNET for diagnostic and debugging purposes.
Mr. D. Santhosh Gupta, Dept. of ECE 56
 TELNET: Local versus Remote Logging
• First discuss the concept of local
and remote logging as shown in
Fig.
• When a user logs into a local
system, it is called local logging.
As a user types at a terminal or
at a workstation running a
terminal emulator, the keystrokes
are accepted by the terminal
driver. The terminal driver
passes the characters to the
operating system.
• The operating system, in turn,
interprets the combination of
characters and invokes the
desired application program or
utility.

Mr. D. Santhosh Gupta, Dept. of ECE 57

TELNET: Local versus Remote Logging
• However, when a user wants to access an application program or utility located on a remote machine, she
performs remote logging.
• Here the TELNET client and server programs come into use. The user sends the keystrokes to the terminal driver
where the local operating system accepts the characters but does not interpret them.
• The characters are sent to the TELNET client, which transforms the characters into a universal character set
called Network Virtual Terminal (NVT) characters and delivers them to the local TCP/IP stack.
• The commands or text, in NVT form, travel through the Internet and arrive at the TCP/IP stack at the remote
machine. Here the characters are delivered to the operating system and passed to the TELNET server, which
changes the characters to the corresponding characters understandable by the remote computer.
• However, the characters cannot be passed directly to the operating system because the remote operating system is
not designed to receive characters from a TELNET server; it is designed to receive characters from a terminal
driver.
• The solution is to add a piece of software called a pseudoterminal driver, which pretends that the characters are
coming from a terminal.
• The operating system then passes the characters to the appropriate application program.

Mr. D. Santhosh Gupta, Dept. of ECE 58

Application Layer : Domain Name System (DNS)
• Since the Internet is so huge today, a central directory system cannot hold all the mapping. In addition, if the central
computer fails, the whole communication network will collapse. A better solution is to distribute the information
among many computers in the world. In this method, the host that needs mapping can contact the closest computer
holding the needed information. This method is used by the Domain Name System (DNS).
• Fig. shows how TCP/IP uses a DNS client and a DNS server to map a name to an address.

Mr. D. Santhosh Gupta, Dept. of ECE 59

Application Layer : Domain Name System (DNS)
• A user wants to use a file transfer client to access the corresponding file transfer server running on a remote host.
The user knows only the file transfer server name, such as afilesource.com. However, the TCP/IP suite needs the IP
address of the file transfer server to make the connection. The following six steps map the host name to an IP
address:
1. The user passes the host name to the file transfer client.
2. The file transfer client passes the host name to the DNS client.
3. Each computer, after being booted, knows the address of one DNS server. The DNS client sends a message to a
DNS server with a query that gives the file transfer server name using the known IP address of the DNS server.
4. The DNS server responds with the IP address of the desired file transfer server.
5. The DNS server passes the IP address to the file transfer client.
6. The file transfer client now uses the received IP address to access the file transfer server.
• Note that the purpose of accessing the Internet is to make a connection between the file transfer client and server,
but before this can happen, another connection needs to be made between the DNS client and DNS server.
• In other words, need at least two connections in this case. The first is for mapping the name to an IP address; the
second is for transferring files. The mapping may need more than one connection.

Mr. D. Santhosh Gupta, Dept. of ECE 60

DNS: Name Space
• A name space that maps each address to a unique name can be organized in two ways: flat or hierarchical.
➢ In a flat name space, a name is assigned to an address.
➢ A name in this space is a sequence of characters without structure. The names may or may not have a common section;
if they do, it has no meaning.
➢ The main disadvantage of a flat name space is that it cannot be used in a large system such as the Internet because it
must be centrally controlled to avoid ambiguity and duplication.
❑ In a hierarchical name space, each name is made of several parts.
❑ The first part can define the nature of the organization, the second part can define the name of an organization, the third
part can define departments in the organization, and so on.
❑ In this case, the authority to assign and control the name spaces can be decentralized. A central authority can assign the
part of the name that defines the nature of the organization and the name of the organization. The responsibility for the
rest of the name can be given to the organization itself. The organization can add suffixes (or prefixes) to the name to
define its host or resources.
❑ The management of the organization need not worry that the prefix chosen for a host is taken by another organization
because, even if part of an address is the same, the whole address is different.
Domain Name Space
• To have a hierarchical name space, a domain name space was designed. In this design the names are defined in an inverted-
tree structure with the root at the top. The tree can have only 128 levels: level 0 (root) to level 127 (see Fig.)

Mr. D. Santhosh Gupta, Dept. of ECE 61

DNS: Name Space

Label
• Each node in the tree has a label, which is a string with a maximum of 63 characters. The root label is a null string
(empty string). DNS requires that children of a node (nodes that branch from the same node) have different labels,
which guarantees the uniqueness of the domain names.
Domain Name
• Each node in the tree has a domain name. A full domain name is a sequence of labels separated by dots (.). The
domain names are always read from the node up to the root. The last label is the label of the root (null). This means
that a full domain name always ends in a null label, which means the last character is a dot because the null string is
nothing. Following fig. shows some domain names.
• If a label is terminated by a null string, it is called a fully qualified domain name (FQDN). The name must end with
a null label, but because null means nothing, the label ends with a dot. If a label is not terminated by a null string, it is
called a partially qualified domain name (PQDN). A PQDN starts from a node, but it does not reach the root. It is
used when the name to be resolved belongs to the same site as the client. Here the resolver can supply the missing
part, called the suffix, to create an FQDN.
Mr. D. Santhosh Gupta, Dept. of ECE 62
 DNS: Name Space
Domain
• A domain is a subtree of the domain name space. The name
of the domain is the name of the node at the top of the
subtree. Following fig. shows some domains. Note that a
domain may itself be divided into domains.
Distribution of Name Space
• The information contained in the domain name space must
be stored. However, it is very inefficient and also not
reliable to have just one computer store such a huge amount
of information. It is inefficient because responding to
requests from all over the world places a heavy load on the
system. It is not reliable because any failure makes the data
inaccessible.
Hierarchy of Name Servers
• The solution to these problems is to distribute the
information among many computers called DNS servers.
One way to do this is to divide the whole space into many
domains based on the first level.
Mr. D. Santhosh Gupta, Dept. of ECE 63
DNS: Name Space

• In other words, let the root stand alone and create as many domains (subtrees) as there are first-level nodes.
• Because a domain created this way could be very large, DNS allows domains to be divided further into smaller
domains (subdomains). Each server can be responsible (authoritative) for either a large or small domain.
• In other words, have a hierarchy of servers in the same way that we have a hierarchy of names (see Figure)
• Zone
• Since the complete domain name hierarchy cannot be stored on a single server, it is divided among many servers.
What a server is responsible for or has authority over is called a zone.
• If a server accepts responsibility for a domain and does not divide the domain into smaller domains, the “domain” and
the “zone” refer to the same thing. However, if a server divides its domain into subdomains and delegates part of its
authority to other servers, “domain” and “zone” refer to different things.
• Of course, the original server does not free itself from responsibility totally. It still has a zone, but the detailed
information is kept by the lower-level servers (see Figure)

Mr. D. Santhosh Gupta, Dept. of ECE 64

DNS: Name Space

Root Server
• A root server is a server whose zone consists of the whole tree. A root server usually does not store any information
about domains but delegates its authority to other servers, keeping references to those servers. There are several root
servers, each covering the whole domain name space. The root servers are distributed all around the world.
Primary and Secondary Servers
• DNS defines two types of servers: primary and secondary. A primary server is a server that stores a file about the zone
for which it is an authority. It is responsible for creating, maintaining, and updating the zone file. It stores the zone file
on a local disk.
• A secondary server is a server that transfers the complete information about a zone from another server (primary or
secondary) and stores the file on its local disk. The secondary server neither creates nor updates the zone files. If
updating is required, it must be done by the primary server, which sends the updated version to the secondary.
A primary server loads all information from the disk file;
the secondary server loads all information from the primary server.
Mr. D. Santhosh Gupta, Dept. of ECE 65
DNS: DNS in the Internet
• DNS is a protocol that can be used in different platforms. In the Internet, the domain name space (tree) was originally
divided into three different sections: generic domains, country domains, and the inverse domains. However, due to the
rapid growth of the Internet, it became extremely difficult to keep track of the inverse domains, which could be used
to find the name of a host when given the IP address. The inverse domains are now deprecated.
Generic Domains
• The generic domains define registered hosts according to their generic behavior. Each node in the tree defines a
domain, which is an index to the domain name space database (see Figure).
• Looking at the tree, the first level in the generic domains section allows 14 possible labels.

Mr. D. Santhosh Gupta, Dept. of ECE 66

DNS: DNS in the Internet
Country Domains
• The country domains section uses two-character country abbreviations (e.g., us for United States). Second labels can
be organizational, or they can be more specific national designations. The United States, for example, uses state
abbreviations as a subdivision of us (e.g., ca.us.).
• Fig. shows the country domains section. The address uci.ca.us. can be translated to University of California, Irvine, in
the state of California in the United States.

Mr. D. Santhosh Gupta, Dept. of ECE 67

DNS: Resolution
• Mapping a name to an address is called name-address resolution.
• DNS is designed as a client-server application. A host that needs to map an address to a name or a name to an address
calls a DNS client called a resolver.
• The resolver accesses the closest DNS server with a mapping request. If the server has the information, it satisfies the
resolver; otherwise, it either refers the resolver to other servers or asks other servers to provide the information.
• After the resolver receives the mapping, it interprets the response to see if it is a real resolution or an error, and finally
delivers the result to the process that requested it.
• A resolution can be either recursive or iterative.

Mr. D. Santhosh Gupta, Dept. of ECE 68

DNS: Caching
• Each time a server receives a query for a name that is not in its domain, it needs to search its database for a server IP
address. Reduction of this search time would increase efficiency. DNS handles this with a mechanism called caching.
• When a server asks for a mapping from another server and receives the response, it stores this information in its cache
memory before sending it to the client.
• If the same or another client asks for the same mapping, it can check its cache memory and resolve the problem.
However, to inform the client that the response is coming from the cache memory and not from an authoritative
source, the server marks the response as unauthoritative.
• Caching speeds up resolution, but it can also be problematic. If a server caches a mapping for a long time, it may send
an outdated mapping to the client. To counter this, two techniques are used.
• First, the authoritative server always adds information to the mapping called time to live (TTL). It defines the time in
seconds that the receiving server can cache the information. After that time, the mapping is invalid and any query
must be sent again to the authoritative server.
• Second, DNS requires that each server keep a TTL counter for each mapping it caches. The cache memory must be
searched periodically and those mappings with an expired TTL must be purged.

Mr. D. Santhosh Gupta, Dept. of ECE 69

DNS: Resource Records
• The zone information associated with a server is implemented as a set of resource records. In other words, a name
server stores a database of resource records. A resource record is a 5-tuple structure, as shown below:
(Domain Name, Type, Class, TTL, Value)
• The domain name field is what identifies the resource record.
• The value defines the information kept about the domain name.
• The TTL defines the number of seconds for which the information is valid.
• The class defines the type of network; only interested in the class IN (Internet).
• The type defines how the value should be interpreted. Table lists the common types and how the value is interpreted
for each type.
Type Interpretation of Value
A A 32-bit IPv4 address
NS Identifies the authoritative servers for a zone
CNAME Defines an alias for the official name of a host
SOA Marks the beginning of a zone
MX Redirects mail to a mail server
AAAA An IPv6 address
Mr. D. Santhosh Gupta, Dept. of ECE 70
DNS: Messages
• To retrieve information about hosts, DNS uses two types of messages: query and response. Both types have the same
format as shown in Figure.

Mr. D. Santhosh Gupta, Dept. of ECE 71

DNS: Messages
• The identification field is used by the client to match the response with the query.
• The flag field defines whether the message is a query or response. It also includes status of error.
• The next four fields in the header define the number of each record type in the message.
• The question section consists of one or more question records. It is present in both query and response messages.
• The answer section consists of one or more resource records. It is present only in response messages.
• The authoritative section gives information (domain name) about one or more authoritative servers for the query.
• The additional information section provides additional information that may help the resolver.

Mr. D. Santhosh Gupta, Dept. of ECE 72

DNS: Registrars & DDNS
• How are new domains added to DNS? This is done through a registrar, a commercial entity accredited by ICANN. A
registrar first verifies that the requested domain name is unique and then enters it into the DNS database. A fee is
charged. Today, there are many registrars; their names and addresses can be found at http://www.intenic.net.
• To register, the organization needs to give the name of its server and the IP address of the server. For example, a new
commercial organization named wonderful with a server named ws and IP address 200.200.200.5 needs to give the
following information to one of the registrars:
Domain name: ws.wonderful.com IP address: 200.200.200.5
DDNS
• When the DNS was designed, no one predicted that there would be so many address changes. In DNS, when there is a
change, such as adding a new host, removing a host, or changing an IP address, the change must be made to the DNS
master file. These types of changes involve a lot of manual updating. The size of today’s Internet does not allow for
this kind of manual operation.
• The DNS master file must be updated dynamically. The Dynamic Domain Name System (DDNS) therefore was
devised to respond to this need. In DDNS, when a binding between a name and an address is determined, the
information is sent, usually by DHCP to a primary DNS server. To provide security and prevent unauthorized changes
in the DNS records, DDNS can use an authentication mechanism.
Mr. D. Santhosh Gupta, Dept. of ECE 73
DNS: Security of DNS
• DNS is one of the most important systems in the Internet infrastructure; it provides crucial services to Internet users.
Applications such as Web access or e-mail are heavily dependent on the proper operation of DNS. DNS can be
attacked in several ways including:
1. The attacker may read the response of a DNS server to find the nature or names of sites the user mostly accesses.
This type of information can be used to find the user’s profile. To prevent this attack, DNS messages need to be
confidential.
2. The attacker may intercept the response of a DNS server and change it or create a totally new bogus response to
direct the user to the site or domain the attacker wishes the user to access. This type of attack can be prevented using
message origin authentication and message integrity.
3. The attacker may flood the DNS server to overwhelm it or eventually crash it. This type of attack can be prevented
using the provision against denial-of-service attack.
• To protect DNS, IETF has devised a technology named DNS Security (DNSSEC) that provides message origin
authentication and message integrity using a security service called digital signature. DNSSEC, however, does not
provide confidentiality for the DNS messages. There is no specific protection against the denial-of-service attack in
the specification of DNSSEC. However, the caching system protects the upper-level servers against this attack to
some extent.

Mr. D. Santhosh Gupta, Dept. of ECE 74

SNMP
• Several network management standards have been devised during the last few decades. The most important one is
Simple Network Management Protocol (SNMP), used by the Internet.
• SNMP is a framework for managing devices in an internet using the TCP/IP protocol suite. It provides a set of
fundamental operations for monitoring and maintaining an internet.
• SNMP uses the concept of manager and agent. That is, a manager, usually a host, controls and monitors a set of
agents, usually routers or servers (see Figure).

Mr. D. Santhosh Gupta, Dept. of ECE 75

SNMP
• SNMP is an application-level protocol in which a few manager stations control a set of agents. The protocol is
designed at the application level so that it can monitor devices made by different manufacturers and installed on
different physical networks.
• In other words, SNMP frees management tasks from both the physical characteristics of the managed devices and the
underlying networking technology.
• It can be used in a heterogeneous internet made of different LANs and WANs connected by routers made by different
manufacturers.

Mr. D. Santhosh Gupta, Dept. of ECE 76