[Reprint]
1.Network level division
In order to enable computers produced by different computer manufacturers to communicate with each other so as to establish computer networks in a wider range, the International Organization for Standardization (ISO) in 1978 proposed the Open System Interconnection Reference Model (OSI/RM Model).Nterconnection/Reference Model). It divides the communication protocol of computer network architecture into seven layers, which are Physics Layer and Data Link Lay from bottom to top.Er, Network Layer, Transport Layer, Session Layer, Presentation Layer, Application LayerOn Layer). Fourth of them complete data transmission service, and the three level is user oriented.
In addition to the standard OSI seven-tier model, the common network hierarchy is divided into TCP/IP four-tier protocol and TCP/IP five-tier protocol, the corresponding relationship between them is as follows:
2.OSISeven Tier Network Model
TCP/IPProtocol is undoubtedly the basic protocol of the Internet. Without it, it is impossible to access the Internet. Any operation related to the Internet is inseparable from TCP / IP protocol. Whether OSI seven-tier model or TCP/IP four-tier, five-tier model, each layer must have its own proprietary protocol, complete their own correspondingWork and communicate with the upper and lower levels. Since the OSI seven-tier model is the standard hierarchical division of the network, we take the OSI seven-tier model as an example to introduce it from the bottom up.
1)Physical layer (Physical Layer)
Activate, maintain, and close the mechanical, electrical, functional, and process characteristics between communication endpoints. The layer provides a reliable physical media for data transmission. In simple terms, the physical layer ensures that raw data can be transmitted on various physical media. The physical layer memorize two important devices.Name, repeater (Repeater, also called amplifier) and hub.
2)Data link layer (Data Link Layer)
The data link layer provides services to the network layer on the basis of the services provided by the physical layer. The most basic service is to reliably transfer the data from the network layer to the target network layer of the adjacent nodes. To achieve this goal, data links must have a series of corresponding functions, including: how to combine data intoData blocks, called frames in the data link layer, are transmission units in the data link layer; how to control the transmission of frames over physical channels, including how to handle transmission errors, how to adjust the transmission rate to match the receiver; and how to provide a data link between two network entitiesManagement of establishment, maintenance and release of road access. The data link layer provides reliable transmission on unreliable physical media. The functions of this layer include physical address addressing, data framing, flow control, data error detection, retransmission and so on.
Important knowledge points on data link layer:
1> The data link layer provides reliable data transmission for the network layer.
2> The basic data unit is frame.
3> The main protocol is Ethernet protocol.
4> Two important device names: bridges and switches.
3)Network layer (Network Layer)
The purpose of the network layer is to achieve transparent data transmission between two end systems, including addressing and routing, connection establishment, maintenance and termination. It provides services that make the transport layer do not need to understand the data transmission and switching technology in the network. If you want to memorize the network layer with as few words as possible, that is”Path selection, routing and logical addressing”.
There are many protocols involved in the network layer, including the most important protocol, which is also the core protocol of TCP / IP – IP protocol. The IP protocol is very simple, providing only unreliable and connectionless delivery services. The main functions of the IP protocol are connectionless datagram transmission, datagram routing and error control.System. In addition, ARP, RARP, ICMP and IGMP are used to implement the functions of IP protocol. The specific agreement will be summarized in the following parts. The key points of the network layer are:
1> The network layer is responsible for routing packets between subnets. In addition, the network layer can also achieve congestion control, Internet Interconnection and other functions.
2> The basic data unit is IP datagram.
3> The main agreements included:
IPProtocol (Internet Protocol, Internet Protocol);
ICMPProtocol (Internet Control Message Protocol, Internet control message protocol);
ARPProtocol (Address Resolution Protocol, address resolution protocol);
RARPProtocol (Reverse Address Resolution Protocol, inverse address resolution protocol).
4> Important equipment: routers.
4)Transport layer (Transport Layer)
The first end to end is the host to host level. The transport layer is responsible for segmenting the upper layer data and providing end-to-end reliable or unreliable transmission. In addition, the transport layer also deals with end to end error control and traffic control.
The task of the transport layer is to make the best use of the network resources according to the characteristics of the communication subnet, to provide the function of establishing, maintaining and canceling the transmission connection between the two end system session layers, and to be responsible for the reliable data transmission from end to end. At this level, the protocol data unit transmitted by information is called segment or message.
The network layer only transmits packets from the source node to the destination node according to the network address, while the transport layer is responsible for the reliable transmission of data to the corresponding port.
The key points of the network layer are:
1> The transport layer is responsible for segmenting the upper layer data and providing end-to-end, reliable or unreliable transmission as well as end-to-end error control and flow control issues.
2> The main protocols included: TCP protocol (Transmission Control Protocol), UDP protocol (User Datagram Protocol, User Datagram Protocol).
3> Important equipment: gateway.
5)Session layer
The session layer manages session processes between hosts, that is, it is responsible for establishing, managing, and terminating sessions between processes. The session layer also uses data to insert checkpoints to achieve data synchronization.
6)presentation layer
The presentation layer transforms the upper data or information to ensure that the application layer information of one host can be understood by the application of another host. The data conversion of presentation layer includes data encryption, compression, format conversion and so on.
7)application layer
Provides access to network services for operating systems or network applications.
Session layer, presentation layer and application layer:
1> The basic unit of data transmission is message.
2> The main protocols included: FTP (File Transfer Protocol), Telnet (Remote Login Protocol), DNS (Domain Name Resolution Protocol), SMTP (Mail Transfer Protocol), POP3 (Post Office Protocol), HTTP (Hyper Text Transfer).Protocol).
3. IPaddress
1)network address
IPThe address is composed of the network number (including the subnet number) and the host number. The host number of the network address is all 0. The network address represents the whole network.
2)Broadcast address
Broadcast addresses are usually called direct broadcast addresses to distinguish restricted broadcast addresses.
The broadcast address is exactly the opposite of the host address of the network address. The host address is 1 in the broadcast address. When a message is sent to a broadcast address of a network, all hosts in the network can receive the broadcast message.
3)multicast
DClass addresses are multicast addresses.
Recall A, B, C, D address first.
AThe class address begins with 0, and the first byte is the network number. The address ranges from 0.0.0.0 to 127.255.255.255; (modified@2016.05.31)
BThe class address starts with 10, and the first two bytes are network numbers. The address range is 128.0.0.0~191.255.255.255.
CClass addresses start with 110, and the first three bytes are the network numbers, ranging from 192.0.0.0 to 223.255.255.255.
DClass addresses start with 1110, range from 224.0.0.0 to 239.255.255.255, and class D addresses are multicast addresses (one-to-many communications).
EClass addresses start with 1111, range from 240.0.0.0 to 255.255.255.255, and class E addresses are reserved addresses for future use.
Note: Only A, B, C can be divided into network number and host number. D and E addresses can not be divided into network number and host number.
4)255.255.255.255
The IP address refers to a restricted broadcast address. The difference between restricted broadcast addresses and general broadcast addresses (direct broadcast addresses) is that restricted broadcast addresses can only be used in local networks, and routers do not forward packets with restricted broadcast addresses as destination addresses; common broadcast addresses can be broadcast locally or across network segments.Radio broadcast. For example, after a direct broadcast packet on host 192.168.1.1/30, another network segment 192.168.1.5/30 can receive the datagram; if a restricted broadcast datagram is sent, it cannot be received.
Note: General broadcast addresses (direct broadcast addresses) can pass through certain routers (not all routers of course), while restricted broadcast addresses cannot pass through routers.
5)0.0.0.0
Usually used to find their own IP addresses, for example, in our RARP, BOOTP, and DHCP protocols, if a diskless machine with an unknown IP address wants to know its own IP address, it takes 255.255.255.255 as the destination address, to the local range (specifically by each).The server sends a IP request packet within the scope of a router shield.
6)loopback
127.0.0.0/8Used as a loopback address, the loopback address represents the address of the machine, often used for testing the machine, the most used is 127.0.0.1.
7)A、B、CClass private address
Private addresses, also known as private addresses, are not used globally but only locally.
AClass private address: 10.0.0.0/8, range: 10.0.0.0~10.255.255.255
BClass private address: 172.16.0.0/12, range: 172.16.0.0~172.31.255.255
CClass private address: 192.168.0.0/16, range: 192.168.0.0~192.168.255.255
4. Subnet mask and network partition
With the continuous expansion of Internet applications, the drawbacks of the original IPv4 are gradually exposed, that is, network numbers occupy too much space, and host numbers are too few, so it can provide more and more scarce host addresses.Classified IP addresses are subdivided to form multiple subnets for use by user groups of different sizes.
The main purpose of this paper is to make use of IP address effectively in the case of network segmentation. By taking the high bit part of host number as subnet number, the subnet mask is extended or compressed from the usual network bit boundaries to create more subnets of a certain kind of address. But when creating more subnets, the available host addresses on each subnetThe number will be reduced.
What is a subnet mask?
A subnet mask is a sign of whether two IP addresses belong to a subnet or not, and is also a 32-bit binary address, each of which represents a network bit for 1 and a host bit for 0. It is also represented by point decimal notation as well as IP addresses. If two IP addresses are calculated according to the bitmap of the subnet mask.The results obtained are the same, indicating that they belong to the same subnet.
When calculating operator network masks, we should pay attention to the reserved addresses in IP addresses, namely “0” addresses and broadcast addresses. They refer to the IP addresses when the host addresses or network addresses are all “0” or “1”. They represent the network addresses and broadcast addresses, and generally can not be counted.
Calculation of subnet mask:
For IP addresses that do not need to be subdivided into subnets, the subnet mask is very simple, that is, by its definition, it can be written out: if a class B IP address is 10.12.3.0 and no subnets need to be subdivided, the subnet mask of the IP address is 255.255.0.0. If it is a C class addressIts subnet mask is 255.255.255.0. Other analogies are no longer detailed. The next key is to introduce an IP address, but also need its high-bit host as the division of the subnet network number, the remaining is the host number of each subnet, then how to mask each subnetCode calculation.
The following is a summary of the common interview questions related to subnet mask and network partition.
1)Calculate by subnet number
The number of subnets to be divided and the number of hosts required in each subnet must be ascertained before the subnet mask can be obtained.
(1) The number of subnets is converted to binary.
If you want to divide the B class IP address 168.195.0.0 into 27 subnets: 27=11011;
(2) The number of bits obtained is N.
The binary number is five digits, N = 5.
(3) The subnet-like mask of the IP address is obtained, and the subnet mask of the IP address partitioning subnet is obtained by the first N position 1 of the host address part.
Get the 255.255.248.0 address of the B class address’s subnet mask 255.255.0.0 at the top 5 position 1.
2)Calculate with host number
If you want to divide the B class IP address 168.195.0.0 into several subnets, there are 700 hosts in each subnet.
(1) The number of hosts is converted to binary.
700=1010111100;
(2) If the number of hosts is less than or equal to 254 (be careful to remove the two IP addresses reserved), then get the binary digits of the host, N, N< 8. If more than 254, then N> 8, which means that the host address will occupy more than 8 bits.
The binary number is ten digits, N=10;
(3) Use 255.255.255.255.255 to set all the host address bits of this type of IP address to 1, and then set all the N bits back and forward to 0, which is the subnet mask value.
Set all the host addresses of the subnet mask 255.255.0.0 of the class B address to 1 and get 255.255.255.255.255.255, then forward and backward 10 positions 0, that is, 11111111111.11111111111111.111100.0000The 0000 is 255.255.252.0. This is the subnet mask that you want to divide into the 700 class B class IP address 168.195.0.0.
3)There is also a type of question that requires you to plan the subnet address and calculate the operator network mask according to the number of hosts on each network. This can also be calculated on the basis of the above principles.
For example, if there are 10 hosts in a subnet, the IP address needed for this subnet is:
10+1+1+1=13
Note: The first one added refers to the gateway address needed for this network connection, and the next two 1 refers to the network address and the broadcast address respectively.
Because the 13 is less than 16 (16 times equal to 2 times the 4 power side), the host bit is 4 bits. And 256-16 = 240, so the subnet mask is 255.255.255.240.
If a subnet has 14 hosts, many people often make the mistake of still allocating a subnet with 16 address spaces and forgetting to assign addresses to the gateway. This is wrong because 14 + 1 + 1 + 1 = 17, 17 is greater than 16, so we can only assign 32 addresses (32 equalsThe 2 power of the 5 power subnet. The subnet mask is 255.255.255.224.
5. ARP/RARPAgreement
Address Resolution Protocol (ARP) is a TCP / IP protocol that obtains physical addresses from IP addresses. When the host sends information, the ARP request containing the target IP address is broadcast to all hosts on the network.It receives the return message to determine the physical address of the target; after receiving the return message, it stores the IP address and physical address in the local ARP cache and retains it for a certain period of time, and queries the ARP cache directly on the next request to save resources. Address resolution protocol is the basis for mutual trust between hosts in the network.The host on the network can send the ARP reply message independently, and other hosts will not detect the authenticity of the reply message when they receive it, and then it will be put into the local ARP cache; thus an attacker can send a pseudo-ARP reply message to a host so that the message sent cannot reach the expected host orArriving at the wrong host, this constitutes a ARP spoofing. ARP commands can be used to query the correspondence between IP addresses and MAC addresses in native ARP caches, add or delete static correspondence, etc.
ARPExamples of workflow:
The IP address of the host A is 192.168.1.1 and the MAC address is 0A-11-22-33-44-01.
The IP address of the host B is 192.168.1.2 and the MAC address is 0A-11-22-33-44-02.
When host A communicates with host B, the address resolution protocol resolves the IP address of host B (192.168.1.2) to the MAC address of host B. The following is the workflow:
(1)According to the contents of the routing table on the host A, IP determines that the forwarding IP address for accessing the host B is 192.168.1.2. Then the A host checks the matching MAC address of host B in its own local ARP cache.
(2)If host A does not find a mapping in the ARP cache, it will ask the hardware address of 192.168.1.2 to broadcast the ARP request frame to all hosts on the local network. The IP address and MAC address of the source host A are included in the ARP request. Every host on the local network isReceive the ARP request and check whether it matches your IP address. If the host finds that the IP address of the request does not match its IP address, it will discard the ARP request.
(3)Host B determines that the IP address in the ARP request matches its own IP address, and adds host A’s IP address and MAC address mapping to the local ARP cache.
(4)The host B will send the ARP reply message containing its MAC address to the host A directly.
(5)When host A receives an ARP reply message from host B, the ARP cache is updated with host B’s IP and MAC address mapping. The native cache has a lifetime and will repeat the process again after the end of the lifetime. Once host B’s MAC address is determined, host A can send to host B.IP has communicated.
Reverse Address Resolution Protocol (RARP), which functions as opposed to ARP protocol, translates the physical address of a host in the LAN into an IP address. For example, if a host in the LAN only knows the physical address but does not know the IP address, it can send out a broadcast to ask for its IP address through RARP protocol.The request is then answered by the RARP server.
RARPProtocol workflow:
(1)Send a local RAP broadcast to the host, in which the broadcast packet declares its MAC address and requests any RAP server that receives the request to assign an IP address;
(2)After receiving this request, the RARP server on the local network segment checks its RARP list to find the IP address corresponding to the MAC address.
(3)If it exists, the RARP server sends a response packet to the source host and provides the IP address to the other host for use.
(4)If it does not exist, the RARP server will not respond to this.
(5)The source host receives the response from the RARP server and communicates using the resulting IP address; if it has not received the response from the RARP server, initialization fails.
6. Routing protocol
The common routing protocols are RIP protocol and OSPF protocol.
RIPProtocol: The bottom layer is the Bellmanford algorithm, which selects the metric of the route to be the number of hops, the maximum number of hops is 15 hops, if more than 15 hops, it will discard the packet.
OSPFProtocol: Open Shortest Path First Open Shortest Path First Open Shortest Path First Open Shortest Path First Open Shortest Path First Open Shortest Path First Open Shortest Path First Open Shortest Path First Open Shortest Path First Open Shortest Path First Open Shortest Path First Open Shortest Path First Open
7. TCP/IPAgreement
TCP/IPThe protocol is the most basic protocol of the Internet and the foundation of the Internet. It is composed of IP protocol in the network layer and TCP protocol in the transport layer. Generally speaking, TCP is responsible for detecting transmission problems, signaling whenever there is a problem and requiring retransmission until all data is safeAll right to the destination. IP provides an address to every internet device on the Internet.
IPLayer 1 receives packets sent from lower layers (network interface layer such as Ethernet device driver) and sends them to higher layers – – TCP or UDP layer; in contrast, IP layer sends packets received from TCP or UDP layer to lower layers. IP packets are unreliable becauseIP does nothing to confirm whether packets are sent sequentially or are corrupted. The IP packet contains the address of the host that sent it (the source address) and the address of the host that received it (the destination address).
TCPIt is a connection-oriented communication protocol, which establishes a connection through three handshakes. When the communication is completed, the connection must be removed. Because TCP is connection-oriented, it can only be used for end-to-end communication. TCP provides a reliable data flow service, using the “affirmative confirmation with retransmission” technology to achieve transmission reliability. TCP also uses a method called “sliding window” to control the flow, so-called window actually represents the receiving capacity, to limit the sending speed of the sender.
TCPMessage header format:
TCPThe three handshake and four wave of the agreement are:
Note: seq:’sequance’serial number; ack:’acknowledge’ confirmation number; SYN:’synchronize’request synchronization flag; ACK:’acknowledge’ confirmation flag; FIN:’Finall’Y “end sign.
TCPConnection establishment process: First, the Client side sends the connection request message, and the Server section receives the connection and replies to the ACK message, and allocates resources for this connection. When the Client terminal receives the ACK message, it also generates ACK messages to the Server segment and allocates resources, so TCPThe connection was established.
TCPConnection disconnection process: suppose the Client side initiates the interrupt connection request, that is to send the FIN message. When the server receives a FIN message, it means “I don’t have data to send to you on the Client side,” but if you still have data to send, you don’t have to shut down S in a hurry.Ocket, you can continue sending data. So you send the ACK first, “Tell the Client that I received your request, but I’m not ready yet. Please keep waiting for me.” At this point, the Client port will enter the FIN_WAIT state and continue to wait for Server.The FIN message on the end. When the server determines that the data has been sent, it sends a FIN message to the Client, “Tell the Client that I’m done with the data and ready to close the connection.” After receiving the FIN message, the Client terminal knows that it can be closed.Connected, but he still does not believe the network, afraid that the server does not know to close, so send ACK into the TIME_WAIT state, if the server did not receive ACK can be re-transmitted. After Server receives ACK, it knows that it can disconnect.”.” If the client side waits for 2MSL and still doesn’t receive a reply, it proves that the server side is closed properly. Well, my client side can also close the connection. Ok, TCP connection is closed!
Why do you want to wave three times?
In a case where there are only two handshakes, assume that the client wants to connect to the server, but the client has to resend the connection request because the datagram of the connection request is lost; at this point, the server receives only one connection request, so it is normalEstablish connections. Sometimes, however, instead of sending a request back to the client because the datagram is missing, it is possible that the data transfer process is blocked at a node because of the large amount of network concurrency. In this case, the server receives two requests and waits for two Client requests continuously.The problem is that the Cient side actually has only one request, and the Server side has two responses. In extreme cases, the Client side may send the request data many times and the Server side may eventually set up more than N responses waiting.Cause huge waste of resources! Therefore, the “three handshake” is necessary.
Why do you want to wave four times?
Just imagine, if you are a client now, what do you want to disconnect from all the connections with Server? The first step is to stop sending data to the Server side and wait for Server to reply. But it’s not over yet, though you don’t send data to Server yourself,Because you’ve already established an equal connection, he has the initiative to send you data at this time; so the server has to stop sending you data and wait for your confirmation. In fact, to put it plainly is to ensure the complete implementation of a contract between the two sides.
Protocol using TCP: FTP (File Transfer Protocol), Telnet (Remote Login Protocol), SMTP (Simple Mail Transfer Protocol), POP3 (as opposed to SMTP, for receiving mail), HTTP protocol, etc.
8. UDPAgreement
UDPUser Datagram Protocol (UDP) is a connectionless communication protocol. UDP data includes destination port number and source port number information. Because communication does not require connection, broadcast transmission can be achieved. UDP communication does not need to be confirmed by the receiver. It is an unreliable transmission. Packet loss may occur in UDP communication.Programmers are required to verify programming.
UDPIt is on the same level as TCP, but it does not care about the order, error or retransmission of packets. Therefore, UDP is not used for connection-oriented services that use virtual circuits, and UDP is mainly used for query-and-answer oriented services, such as NFS. These services are relative to FTP or Telnet.The amount of information that needs to be exchanged is small.
Each UDP message is divided into two parts: the UDP header and the UDP data area. The header consists of four 16-bit long (2-byte) fields that specify the source port, destination port, message length, and check value of the message, respectively. The UDP header consists of 4 domains, each of which occupies 2 bytes, as follows:
(1)Source port number;
(2)Target port number;
(3)Datagram length;
(4)Check value.
UDP protocol includes: TFTP (Simple File Transfer Protocol), SNMP (Simple Network Management Protocol), DNS (Domain Name Resolution Protocol), NFS, BOOTP.
TCP Difference from UDP: TCP is a connection-oriented, reliable byte stream service; UDP is a connectionless, unreliable datagram service.
9. DNSAgreement
DNSDomain Name System is an abbreviation for naming computers and network services organized into a domain hierarchy, which can be simply understood as converting URLs to IP addresses. A domain name is made up of dots, separated by a string of words or abbreviations, and each domain name corresponds.A unique IP address is a one-to-one correspondence between domain names and IP addresses on the Internet, and DNS is the server for domain name resolution. DNS is named for Internet and other TCP/IP networks, and finds computers and services through user-friendly names.
10. NATAgreement
NATNetwork Address Translation (NAT) is an access wide area network (WAN) technology, which converts private (reserved) addresses into legitimate IP addresses. It is widely used in various types of Internet access modes and technologies.In all types of networks. The reason is simple: NAT not only perfectly solves the problem of insufficient lP addresses, but also effectively avoids attacks from outside the network, hiding and protecting computers inside the network.
11. DHCPAgreement
DHCPDynamic Host Configuration Protocol (DHCP) is a LAN network protocol that works using UDP protocol. It can be used for two main purposes: automatically assigning IP addresses to internal networks or network service providers and giving users IP addressesOr the internal network administrator is a central management tool for all computers.
12. HTTPAgreement
Hypertext Transfer Protocol (HTTP) is one of the most widely used network protocols on the Internet. All WWW files must comply with this standard.
HTTP What requests are included in the agreement?
GET:Request to read the information marked by URL.
POST:Add information to the server (such as annotations).
PUT:Store a document under a given URL.
DELETE:Delete the resources marked by the given URL.
HTTP The difference between POST and GET
1)GetData is obtained from the server, and Post sends data to the server.
2)GetThe parameter data queue is added to the URL pointed to by the Action attribute of the submitting form, and the values correspond to the fields in the form one by one, as you can see in the URL.
3)GetThe amount of data transmitted is small and can not be greater than 2KB; Post transmits a large amount of data, which is generally defaulted to be unrestricted.
4)According to the HTTP specification, GET is used for information acquisition, and it should be secure and idempotent.
I. Security means that the operation is used to obtain information instead of modifying information. In other words, GET requests should not generally have side effects. That is to say, it is just to get resource information, just like database queries, will not modify, increase data, will not affect the status of resources.
II. Idempotent means that multiple requests for the same URL should return the same result.
13. An example
All the processes that are executed after entering www.baidu.com in the browser.
Now suppose that if we type http://www.baidu.com into the client (client) browser and baidu.com is the server (server) to be accessed, the following is a detailed analysis of the series of protocol operations that the client performs to access the server:
1)The client browser resolves through DNS to the IP address 220.181.27.48 of www.baidu.com, and finds the path from the client to the server through this IP address. The client browser initiates a HTTP session to 220.161.27.48, and thenEncapsulate packets through TCP and input them to the network layer.
2)In the transport layer of the client, HTTP session requests are divided into message segments, and source and destination ports are added. For example, the server uses port 80 to listen for the client’s requests, the client randomly selects a port such as 5000 to exchange with the server, and the server returns the corresponding request to the client’s 500.Port 0. Then use the IP address of the IP layer to find the destination.
3)The network layer of the client does not need to be related to the application layer or transport layer. The main thing is to find out how to get to the server by looking up the routing table. During the process, it may pass through multiple routers. These are all the work done by routers. Without too much description, it is just decided to go through that route by looking up the routing votes.Reach the server.
4)The client’s link layer sends packets through the link layer to the router, finds the MAC address of a given IP address through the neighborhood protocol, and then sends an ARP request to find the destination address. If the response is received, the IP packet that can be exchanged using the ARP request reply can now be transmitted, and then sends an IThe P packet arrives at the address of the server.
This article is reproduced from http://www.cnblogs.com/maybe2030/p/4781555.html#_label6