The TCP/IP Network Model - Apache

TCP and IP form two layers in a hierarchy of protocols stretching from the application at the top to the hardware at the bottom. The TCP/IP network model is a simplified version of the OSI seven-layer networking model, which it resembles but isn’t completely compliant with. Although the OSI model is often compared to TCP/IP in network references, the comparison is next to useless because nothing else entirely complies with OSI either. An understanding of TCP/IP on its own is far more valuable. TCP/IP is a four-level network hierarchy, built on top of the hardware and below the application. Figure 1-3 shows a simplified stack diagram.

Figure 1-3. Four-layer network model

The Data Link level is shown as a single level, but in practice it often contains multiple levels. However, the point of TCP/IP is that you don’t need to care. For example, in a typical communication between a Web server and client, the layers might look like the following: at the server, connected to an Ethernet network (see Figure 1-4) and at the client, a user on a dial-up network account (see Figure 1-5).

Figure 1-4. TCP/IP layers on a typical Web server

Figure 1-5. TCP/IP layers on a client communicating with a Web server

In this case, an additional PPP, which breaks the bottom data link layer into two layers, has been used to enable IP to work over the basic serial protocol used between modems.

When the user asks for a Web page through his or her browser, the browser generates the request using HTTP. It’s then transmitted over a TCP-initiated connection using IP to route the packet containing the request to a gateway across a serial connection using PPP.

IP routes the packet through potentially many intermediate servers. The address information in the packet tells each intermediate server where the packet needs to go next.

At the server, the network interface sees a packet whose IP address identifies it as for the server. The server pulls the packet off the network and sends it up to TCP, which sees that it’s a connection request and acknowledges it. A little later, the network sees a data packet that’s again sent up to TCP, which identifies it as being for the connection just established. It acknowledges the data packet, strips off the envelope information, and presents the enclosed HTTP request to Apache.

Apache processes the request and sends a response back to the client, working its way down the hierarchy again and back across the Internet to the client.

If instead you were trying to manage a mail system on a Unix e-mail server, the protocol layers would look like Figure 1-6.

Figure 1-6. TCP/IP layers on a mail server

As you can see, the only difference is the top-level protocol and the application you use—TCP/IP handles everything else.

There are several other protocols that run directly over Ethernet and don’t use IP. For example, the Address Resolution Protocol (ARP) is used on Ethernet networks to deduce the Ethernet address of a network interface from its IP address. Rival protocols such as SPX/IPX also run on Ethernet without involving IP. The design of Ethernet allows all these protocols to coexist peacefully.

Very few of these protocols are found on the Internet because the majority of them aren’t capable of making the journey from source to destination in more than one hop—this is what IP provides. Therefore, protocols that need it, such as TCP or UDP, are built on top of it rather than independently.

Each host in a TCP/IP network needs to have a unique IP address assigned to it by the network administrators. In addition, if the host is to communicate over the Internet, it needs to have a unique IP address across the whole of the Internet as well.

IPv4 addresses are 32-bit numbers, usually written as 4 bytes, or octets, with a value between 0 and 255, separated by periods—for example, 192.168.20.181.

IPv6 addresses are 128-bit numbers, represented as colon-separated blocks of hexadecimal numbers—for example, fe80::910:a4ff:aefe:9a8. The observant will notice that there aren’t enough digits to make up a 128-bit address. This is because a number of zeros have been compressed into the space occupied by the double colon, so you don’t have to list them explicitly. This number is intended to be only partially under your control; part of it is derived from the Ethernet address of the network interface. This allows automatic allocation of IPv6 addresses and mobile IP networking, one of the design goals of IPv6. IPv6 is discussed in more detail later in the chapter.

The total range of IP addresses is partitioned into regions within which different classes of networks reside. The rest of the Internet considers IP addresses within a network class to be part of the same network, and it expects to use one point of contact, called a gateway, to route packets to hosts inside that network.

In addition, certain IP addresses (the first, all 0s, and the last, all 255s) in each class are considered special, so there aren’t quite as many addresses for hosts as you might expect. I’ll discuss these special addresses in a moment.

The IPv4 address space, which is still the addressing scheme on the Internet, is nominally divided into regions of class A, class B, and class C networks for the purposes of allocation.

• Class A networks, of which there are very few, occupy the address range whose first number is between 1 and 126. The first number only is fixed, and the total number of possible hosts in a class A network is 16,777,214.

• Class B networks occupy the range from 128 to 191. Both the first and second numbers are fixed, giving a total of 16,382 possible class B networks, each with a possible 65,534 hosts.

• Class C networks are the smallest, occupying the range 192 to 223. The first three numbers are fixed, making more than two million class C networks available, but each one is capable of having only 254 hosts.

• The range from 224 to 254 is reserved in the TCP/IP specification.

The IPv6 address space is divided similarly but across a wider range: 6 octets (48 bits) are fixed, with the remaining 10 (80 bits) assigned to the local network.

Certain IP addresses get special treatment from TCP/IP networks. Within a network class, an address of 0s denotes an anonymous source address when the host doesn’t know what IP address it is—a rare occurrence. An address of all 255s is a broadcast address for the network (all hosts on the network may receive a broadcast). The net-mask isn’t strictly an address; it defines which addresses in an IP address range are considered directly connected (that is, on the same network segment). Addresses differing by more than the netmask are on different networks and must use gateways and routers to communicate.

Depending on the network class, the number of 0s or 255s varies, as the three example networks in Table 1-3 illustrate.

Because broadcasts are connectionless—the originating host sends the data to any host capable of receiving it—they’re done using UDP. IPv6 works differently than IPv4 in this respect and doesn’t support broadcasting. Instead, it uses multicasting. For simplicity, I’ll skip this and stick to IPv4 for this discussion.

There are also a few IP address ranges that networking hardware such as routers treat differently. Addresses within these ranges are considered private, and packets for them are never transmitted outside the local network by routers. For this reason, these addresses make good choices for testing networks or for intranets that’ll never be directly connected to the Internet. Table 1-4 shows the complete list of private IP address ranges.

Another special IP address is the loopback address, 127.0.0.1, which refers to the local host (often given the name localhost, appropriately enough). Use this to access servers running on the local machine.

Mail servers use other addresses in the 127 network to identify open relays and other undesirable mail origins. Services such as MAPS, ORDB, ORBZ, and Spews all operate Domain Name System (DNS) query servers that return an address in the 127 network when the originating IP address is blacklisted. This works because the address isn’t legal, which makes it an effective way for a yes or no query to be made from a DNS server. This is a nonstandard use of TCP/IP addressing standards but an effective one.

This article is excerpted from Pro Apache by Peter Wainwright (Apress, 2004; ISBN  1590593006). Check it out at your favorite bookstore today. Buy this book now.