Understanding TCP/Ip layering through internet flow?

Question

I have gone through below resources , got high level understanding but not able to map the data flow through TCP/IP to data flow through internet in real world ?

1. TCP/IP layering video

2. HTTP vs TCP/IP, send data to a web server

3. Wiki OSI_model

Lets say i type www.google.com and hit enter, how request and response will flow through TCP/IP layers

My undersatnding :-

Application layer :- Browser will encode the request to right format to make it compatible over network. Similarly it will decode the response back for browser So browser is the main actor here.

Transport Layer :- Operating system(OS) will attach the local port/socket so that it can map the response back. It will also enrich the data with some headers and process it based on underlying protocol like TCP or UDP. Similarly OS will map the response back to right port. Probably it also does the DNS resolution and attaches the IP to request. It will also establish the connection with server so that further data can be sent to server.

Protocols like TCP(contrast to UDP) will also ensure that packet is send in right order and expects the ack from receiver. If ack fails, does re attempt. so reliable. So, OS is the main actor here.

Network Layer :- ISP will further forward the data to internet backbones(IB). IB will decide the what is the shortest path and some other stuff too probably. similarly for response. So ISP and IB are two main actors here.

Data link Layer :- This layer will map the request to right computer i.e. MAC address. So i think it will reside somewhere with in Internet service provider. Actually i am not sure role of this layer and who is the main actor ?

Physical Layer :- This layer handles the physical data like electromagnetic waves. like Fiber optics//cable can be main actors here. Though this is depicted as last layer on TCP/IP layering but i think it's role started from transport layer.

Is mine understnading is correct. If not can someone correct it point wise ?

Answer 1

I will give a (basic?) explanation omitting some details.

Application Layer

The application layer in your example includes: the browser and a web server serving www.google.com, the DNS system and protocol and the HTTP protocol.

Each network application is programmed to use a specific transport and network layer, this means that your browser application and the web server are designed and coded to use TCP/IP. Applications use TCP/IP through and API provided by the operating system (OS). This API in most, if not all, of the cases is what is known as the Berkeley Sockets API (from now on the sockets API). With this API the web server can instruct the OS to listen on a specific port (80 for HTTP or 443 for HTTPS) for client connections and when a new connection is established, the OS will "pass" it to the web server application. With this same API browsers establish a new connection to a remote web server in the Internet and send and receive data.

When you type www.google.com, the first thing that the browser needs to do is to find an IP address for www.google.com since communications in the Internet don't use hostnames. This is performed using the Domain Name System or DNS. Omitting the details, the browser uses the sockets API to send a DNS query using UDP to a configured DNS server IP address and port 53 to obtain an IP address for www.google.com. DNS server will send a reply back to the browser also using UDP.

Once the browser obtained the IP address for www.google.com it will establish a new TCP connection using the sockets API to the IP address obtained before and port 443 if using HTTPS. Once the connection is established, the browser will send HTTP requests to the web server through the connection to obtain resources like web pages, images, audio, etc. and the web server will send replies back to the browser using the same connection. HTTP is the application level protocol used between your browser and the web server.

From the networking point of view, the application layer responsibilities are:

• Translate hostnames to IP addresses using DNS application layer protocol over UDP using the sockets API.
• Establish a TCP connection using the sockets API to the IP address obtained for www.google.com, port 443.
• Send requests and receive responses (send and receive data over the socket) through this connection using the HTTP application layer protocol. Again, HTTP is the protocol used between browsers and web server to ask for resources (web pages, images, etc) and receive the responses.

Application layer builds application layer protocol messages or data and interacts with the transport layer as mentioned via the sockets API. Using this API an application instruct TCP to establish a new connection to a remote host and port and also sends and receives data to/from the application in the other end of the connection.

Transport Layer

The transport layer in your example includes the UDP and TCP protocols running in the source and destination hosts, not including intermediate hosts.

The transport layer is used to send data between two (or more in case of broadcasting but does not apply here) specific applications running in some specific hosts within the Internet.

The transport layer also has other responsibilities that you mentioned: in the case of TCP, connection establishment and tear down, error detection and retransmission, ordered delivery, flow control and congestion control, etc. Some fields in the TCP header are used for these purposes.

TCP and UDP encapsulates application data (DNS or HTTP requests and response in this case) into packets including a header with fields including source port number and destination port number and pass them to the IP layer to be delivered the destination IP address.

Network Layer

The network layer in your example includes, among other stuff, the IP protocol running in the source and destination hosts but also the IP protocol layer running at each hop along the way to the final destination. These intermediate hops are the routers used to interconnect different networks within the Internet.

The IP protocol is a connectionless, best effort delivery (no retransmissions, no error correction, no duplicate detection) protocol used to send packets between two specific hosts within the Internet.

The network layer has different responsibilities than the transport layer, its main purpose is to route packets between hosts among the Internet that is a complex inter-network of interconnected networks via routers, using different link layer technologies and administered by different organizations. The network layer hides lower level network details and provides packet delivery service between hosts to the transport layer.

The network layer packet, IP datagrams in our case, includes a header with the source and destination IP address used to route packets to the right host within the Internet. Part of this layer are the routers, special purpose network equipment that interconnect different physical networks and route packets between them using destination addresses and routing tables built dynamically using route exchange protocols like OSPF and BGP

IP encapsulates TCP segments into IP datagrams including a header with fields including protocol = TCP (this field is used by the destination IP layer to deliver the content of the datagram to either TCP or UDP), source IP address and destination IP address and pass them to the link layer to be delivered to the next hop along the path to the destination.

Link Layer

The link layer in your example may include several protocols. In your local network that may be WI-FI (IEEE 802.11 something) and/or Ethernet (IEEE 802.3 something) but also includes the link layer protocol used between your home and your ISP, inside different networks of your ISP and in wide area networks used to reach the target ISP or company and finally the destination host. Some of the link layer protocols that you may also be using are: PPP and Frame Relay.

The link layer operates only on the local network segment (link) that a host is connected to, link layer packets are not routed to other networks. The responsibility of this layer is to transfer data using the physical layer between two hosts connected to the same network. This layer, is the only layer that actually transfer bits between two different machines.

The link layer encapsulates IP datagrams into frames including a header with fields including EtherType = IP (this field is used by the destination link layer to deliver the content of the frame to the proper network layer), source link layer address and destination link layer address (for example MAC address).

Physical Layer

The physical layer in your example may include several protocols. In your local network that may be some of the Ethernet physical layers but also includes the physical layer protocol used between your home and your ISP like DSL, inside different networks of your ISP and in wide area networks used to reach the target ISP or company and finally the destination host. In wide area networks the most used physical layer is SDH or SONET

The physical layer transform bits into electrical signals or light pulses using different digital modulation methods and transfer these signals through the physical medium, be it copper wire, micro waves or fiber optics. The physical layer includes every piece of hardware required like connectors, wires, equipment, antennas, repeaters, etc. to build the network.

A Concrete Example

Lets assume that Google web server has IP address = 10.0.0.1 and your host has IP address = 20.0.0.1. Also assume that some network administrator at Google, setup DNS server with an entry for www.google.com to map to 10.0.0.1. Also assume that your host is configured to use a DNS server with IP = 30.0.0.1.

Google web server uses sockets API to listen for connections from clients (browsers) at IP 10.0.0.1 and port 443. Web server host OS will forward each new TCP connection to 10.0.0.1:443 to the web server application.

You type www.google.com in your browser at host with IP address = 20.0.0.1.

Your browser, using the sockets API, will send a DNS query using UDP to destination IP = 30.0.0.1 and destination port = 53. DNS server listening on that host and port will receive the query and will forward it to some other DNS servers until Google DNS server (the authority for domain google.com) is contacted and responds with a DNS response telling that www.google.com is at 10.0.0.1. Please see details below to understand how these queries are delivered to the DNS server application using UDP and the response is sent back to the application, the only difference at this level of detail with UDP is that no connection is established before sending data.

Your browser, using again the sockets API, will establish a TCP connection to destination IP = 10.0.0.1 and destination port = 443. Your OS will assign a random local port to this connection, lets say port = 10000. Now we have a TCP connection identified by local and destination endpoints, this is in our example (20.0.0.1:10000, 10.0.0.1:443).

After obtaining the IP address for www.google.com, your browser, using the sockets API again, will send HTTP requests requesting index.html and all resources that are part of that page. Sockets API will send application data to the TCP layer.

TCP layer running in your host will encapsulate application data into segments with local port = 10000 and destination port = 443 and will ask the IP layer to send these segments to destination IP = 10.0.0.1.

IP layer running in your host will find the next hop for these datagrams using local routing table and destination IP address. Next hop will be the default gateway configured in your host.

IP layer running in your host will find the MAC address of the next hop (the default gateway) using a protocol named ARP. This protocol is used to find a MAC address for a given destination IP address located in the same local network.

IP layer will encapsulate TCP segments into IP datagrams with protocol = TCP, source IP = 20.0.0.1 and destination IP = 10.0.0.1 and will ask the link layer to send these IP datagrams to the next hop.

Next hop IP address is mapped to a network interface installed in your machine. So, the link layer will encapsulate IP datagrams into frames with EtherType = IP, source MAC = (MAC address of mapped local network interface) and destination MAC = (MAC address of default gateway obtained using ARP) and send them through the right network interface.

Default gateway (a router) and all other routers along the way will repeat this process:

• Link layer will receive frames destined to the MAC address of some of the local network interfaces.
• Link layer will inspect frame field EtherType and since value is IP will pass datagram to the IP layer.
• The IP layer will inspect destination IP address and since destination IP address is not any of the local IP addresses it will find the next hop for this datagram using local routing table and so on until final destination host.

Final host (running Google web server) will do the same steps but since now the destination IP address matches one of the local IP address of this host, the IP layer will inspect the protocol field of the IP datagram and since it is TCP will pass the segments to the TCP layer. TCP layer will inspect destination port (443 in this example) in TCP segment and will pass the application layer data to the application listening on port 443 (Google web server in this example) via the sockets API. Remember that this socket is bound to a specific remote IP and port (20.0.0.1:10000) so when the web server sends the response back through this socket, the process will repeat but now with source IP = 10.0.0.1, source port = 443, destination IP = 20.0.0.1 and destination port = 10000.