Networking fundamentals

1. Networking models
2. Computer network
3. Network segment
4. Network protocol
5. Transport protocol
6. Example TCP session
7. Additional resources

1. The OSI model is an abstract model that organizes communication between nodes in an interconnected system into a set of layers, each of which exposes specific features to the layer above it.
2. The Internet Protocol Suite or TCP/IP assumes availability of physical links between nodes in a computer network and focuses on networking protocols specifications instead.

• A computer network is a set of at least 3 nodes (computers, switches, routers, phones, etc) connected to each other.
• The main characteristics of a computer network are :
  1. Size
     • LAN when every node is within walking distance of the others, WAN otherwise.
     • The internet is a WAN which spans the entire globe by connecting a whole pile of LANs.
     • Of course, a computer network can exist without being connected to the internet.
  2. Topology

     • It is the arrangement of connections between nodes and networks, or between networks.

     • Specific topologies deliver the best performance depending on specific network use cases :

       

     • The above stems from the time it takes to physically transmit data between 2 network nodes.

     • A computer network is a graph, and each edge in the graph is called a hop.

  3. Physical link
     • It is the physical connection between a node and a network (layer 1 of the OSI model).
     • It defines the means of transmitting a stream of raw bits over this connection.
     • As an example, the physical link can be people carrying floppy disks from one node to another.
     • Technological standards are maintained for development of hardware for connectivity purposes.
     • A connection from a specific node to a specific network is called a network interface.
  4. Link-level protocol
     • It is the protocol used for transmitting frames between adjacent network nodes (layer 2 of the OSI model).
     • It only handles data transfer between nodes connected to the same physical link.
     • It manages the next hop of an incoming frame and has no concerns about its eventual destination.
     • The complementarity between layer 2 protocols ARP and MAC provides an accurate illustration of the above.

Note : Link-level protocol addresses are neither hierarchical nor routable and cannot identify a node as part of a logical or physical group.

• A network segment is a computer network in which nodes can communicate using the physical link or the link-level protocol.
• All nodes in a network segment are thus adjacent : each node is just one hop away from any other node.
• Network segments are a concept that spans across the 3 lower layers of the OSI model :
  1. A Layer 1 segment is an electrical connection between a set of nodes using a shared medium.
  2. A Layer 2 segment is a set of nodes able to communicate with each other using the link-level protocol only.
  3. A Layer 3 segment or subnetwork overlays a layer 2 segment by using a network protocol to address each node.
• In modern networking, collision-free layer 2 segments usually involve the use of switches.
• Once configured as a subnetwork, each network segment can be connected to a larger network.

• Once two networks are interconnected, a network protocol is needed to connect nodes that may use different link-level protocols.
• It handles traffic between nodes anywhere on the network through packet forwarding and routing (layer 3 of the OSI model).
• Any node that is connected to more than one network is called a router: it has a dedicated interface configured for each network.
• The IP protocol is used to route incoming packets depending on their destination by selecting the appropriate interface.
• Routing informations for an IP packet are read from / written to its IP header.

• In the TCP/IP stack and the OSI model, transport protocols expose end-to-end communication features to the application layer.
• The most important ones are TCP and UDP which are implemented in every major operating system.
• TCP features :
  1. Stateful : TCP connections are persistent and expose data streams instead of fixed-size messages.
  2. Multiplexing : TCP uses ports to expose data streams to different services in the application layer.
  3. Ordered : segment numbering is used to reorder received TCP segments before delivery to the application layer.
  4. Reliable : integrity of received data is guaranteed through acknowledgment and retransmission.
  5. Flow control : acknowledgment messages can pause data transfer once the receiving buffer is full.
  6. Congestion control : TCP uses a specific algorithm to prevent sent messages from exceeding network throughput.
• UDP features :
  1. Stateless : does not support persistent connections and exposes individual UDP datagrams to the application layer.
  2. Multiplexing : UDP uses ports to expose datagrams to different services in the application layer.
  3. Unreliable : UDP doesn't keep track of sent messages (no acknowledgement or retransmission mechanism).
  4. Broadcast : it fits use cases in which messages have to be delivered to every node in the current subnetwork.
• Transport informations for a TCP segment are read from / written to its TCP header.
• Transport informations for a UDP datagram are read from / written to its UDP header.

• TCP sessions between nodes are negotiated using a 3 way handshake specific header bits are set to that effect.

• Both ends maintain independant segment sequence numbers to support mutual acknowledgement of messages reception.

• TCP session termination is negotiated using a 4 way handshake, which allows both ends to request it.

• In the following example, 4.4.4.4 connects to 8.8.8.8, data is exchanged before 8.8.8.8 drops the connection.

• Over the course of the session, 4.4.4.4 sends a total of X segments while 8.8.8.8 sends a total of Y segments :

  description	seq	4.4.4.4	8.8.8.8	seq
  4.4.4.4 requests connection	0	SYN
  8.8.8.8 accepts connection			SYN/ACK	0
  4.4.4.4 acknowledges, handshake completed	1	ACK
  data is transmitted in duplex mode	-	-	-	-
  8.8.8.8 requests session termination			FIN	Y - 1
  4.4.4.4 acknowledges, stops accepting writes	X - 1	FIN/ACK
  4.4.4.4 sends last writes to 8.8.8.8	-	-	-	-
  4.4.4.4 confirms session termination	X	FIN
  4.4.4.4 acknowledges, session terminated			FIN/ACK	Y

The following guides provide detailed explanations about the linux kernel network stack, its implementation of the TCP/IP model as well as its networking features. Even if some are dated, 95% of what is laid down here is still relevant in modern networks :

• Rusty Russell's unreliable guides
• netfilter overwiew and features

• iptables reference guide
• Packet filtering basics
• NAT concepts
• NAT basics
• Detailed NAT walkthrough
• conntrack and the state machine
• More details on conntrack: 1 and 2

• Firewall architecture guide
• Advanced IP routing guide
• Advanced linux security guide

• Kernel netfilter hooks
• Multicast basics (outdated)