TCP/IP Tutorial and Technical Overview - IBM Redbooks

More documents

Recommendations

Info

21.1 IPTV overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 746 21.1.1 IPTV requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 747 21.1.2 Business benefits and applications . . . . . . . . . . . . . . . . . . . . . . . . 749 21.2 Functional components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 750 21.2.1 Content acquisition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 750 21.2.2 CODEC (encode and decode) . . . . . . . . . . . . . . . . . . . . . . . . . . . 750 21.2.3 Display devices and control gateway . . . . . . . . . . . . . . . . . . . . . . 751 21.2.4 IP (TV) transport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 752 21.3 IPTV technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 752 21.3.1 Summary of protocol standards . . . . . . . . . . . . . . . . . . . . . . . . . . 753 21.3.2 Stream Control Transmission Protocol . . . . . . . . . . . . . . . . . . . . . 753 21.3.3 Session Description Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . 754 21.3.4 Real-Time Transport Protocol (RTP) . . . . . . . . . . . . . . . . . . . . . . 756 21.3.5 Real-Time Control Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 762 21.3.6 Moving Picture Experts Group (MPEG) standards . . . . . . . . . . . . 767 21.3.7 H.261. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 769 21.4 RFCs relevant to this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 770 Chapter 22. TCP/IP security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 771 22.1 Security exposures and solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 772 22.1.1 Common attacks against security . . . . . . . . . . . . . . . . . . . . . . . . . 772 22.1.2 Solutions to network security problems. . . . . . . . . . . . . . . . . . . . . 772 22.1.3 Implementations of security solutions . . . . . . . . . . . . . . . . . . . . . . 774 22.1.4 Network security policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 776 22.2 A short introduction to cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . 777 22.2.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 777 22.2.2 Symmetric or secret-key algorithms . . . . . . . . . . . . . . . . . . . . . . . 779 22.2.3 Asymmetric or public key algorithms. . . . . . . . . . . . . . . . . . . . . . . 780 22.2.4 Hash functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 785 22.2.5 Digital certificates and certification authorities . . . . . . . . . . . . . . . 791 22.2.6 Random-number generators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 792 22.2.7 Export/import restrictions on cryptography . . . . . . . . . . . . . . . . . . 793 22.3 Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 794 22.3.1 Firewall concept . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 795 22.3.2 Components of a firewall system . . . . . . . . . . . . . . . . . . . . . . . . . 796 22.3.3 Types of firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 805 22.4 IP Security Architecture (IPSec) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 809 22.4.1 Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 810 22.4.2 Authentication Header (AH) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 813 22.4.3 Encapsulating Security Payload (ESP) . . . . . . . . . . . . . . . . . . . . . 817 22.4.4 Combining IPSec protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 823 22.4.5 Internet Key Exchange (IKE) protocol. . . . . . . . . . . . . . . . . . . . . . 829 22.5 SOCKS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 846 xiv TCP/IP Tutorial and Technical Overview
22.5.1 SOCKS Version 5 (SOCKSv5) . . . . . . . . . . . . . . . . . . . . . . . . . . . 848 22.6 Secure Shell (1 and 2). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 853 22.6.1 SSH overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 853 22.7 Secure Sockets Layer (SSL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 854 22.7.1 SSL overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 854 22.7.2 SSL protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 856 22.8 Transport Layer Security (TLS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 861 22.9 Secure Multipurpose Internet Mail Extension (S-MIME) . . . . . . . . . . . . 861 22.10 Virtual private networks (VPNs) overview . . . . . . . . . . . . . . . . . . . . . . 861 22.10.1 VPN introduction and benefits. . . . . . . . . . . . . . . . . . . . . . . . . . . 862 22.11 Kerberos authentication and authorization system . . . . . . . . . . . . . . . 864 22.11.1 Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 865 22.11.2 Naming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 865 22.11.3 Kerberos authentication process. . . . . . . . . . . . . . . . . . . . . . . . . 866 22.11.4 Kerberos database management . . . . . . . . . . . . . . . . . . . . . . . . 870 22.11.5 Kerberos Authorization Model. . . . . . . . . . . . . . . . . . . . . . . . . . . 871 22.11.6 Kerberos Version 5 enhancements. . . . . . . . . . . . . . . . . . . . . . . 871 22.12 Remote access authentication protocols. . . . . . . . . . . . . . . . . . . . . . . 872 22.13 Extensible Authentication Protocol (EAP) . . . . . . . . . . . . . . . . . . . . . . 874 22.14 Layer 2 Tunneling Protocol (L2TP) . . . . . . . . . . . . . . . . . . . . . . . . . . . 875 22.14.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 876 22.14.2 Protocol overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 877 22.14.3 L2TP security issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 879 22.15 Secure Electronic Transaction (SET) . . . . . . . . . . . . . . . . . . . . . . . . . 880 22.15.1 SET roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 880 22.15.2 SET transactions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 881 22.15.3 The SET certificate scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . 883 22.16 RFCs relevant to this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 885 Chapter 23. Port based network access control . . . . . . . . . . . . . . . . . . . 889 23.1 Port based network access control (NAC) overview . . . . . . . . . . . . . . . 890 23.2 Port based NAC component overview . . . . . . . . . . . . . . . . . . . . . . . . . 891 23.3 Port based network access control operation . . . . . . . . . . . . . . . . . . . . 892 23.3.1 Port based network access control functional considerations. . . . 904 23.4 RFCs relevant to this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 906 Chapter 24. Availability, scalability, and load balancing . . . . . . . . . . . . . 907 24.1 Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 909 24.2 Scalability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 909 24.3 Load balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 910 24.4 Clustering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 910 24.5 Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 912 24.6 Virtual Router Redundancy Protocol (VRRP) . . . . . . . . . . . . . . . . . . . . 914 Contents xv
Page 1: TCP/IP Tutorial and Technical Overv
Page 4 and 5: Note: Before using this information
Page 6 and 7: 2.7 Frame relay . . . . . . . . . .
Page 8 and 9: 5.4.2 RIP-2 limitations . . . . . .
Page 10 and 11: 8.4 RFCs relevant to this chapter .
Page 12 and 13: 12.4.7 LDAP and DCE . . . . . . . .
Page 14 and 15: 16.1 Web browsers . . . . . . . . .
Page 18 and 19: 24.6.1 Introduction . . . . . . . .
Page 20 and 21: Trademarks The following terms are
Page 22 and 23: ► TCP/IP and System p: http://www
Page 24 and 25: Thanks to the following people for
Page 26 and 27: xxiv TCP/IP Tutorial and Technical
Page 28 and 29: Finally, other standard protocols e
Page 30 and 31: 1.1 TCP/IP architectural model 1.1.
Page 32 and 33: To be able to identify a host withi
Page 34 and 35: est-effort service. As a result, ap
Page 36 and 37: The client/server model TCP is a pe
Page 38 and 39: Gateway Interconnects networks at h
Page 40 and 41: 1.2.1 ARPANET the last release of t
Page 42 and 43: Integrated Digital Network Exchange
Page 44 and 45: 1.2.4 Internet2 coordination. RIPE
Page 46 and 47: 1.2.5 The Open Systems Interconnect
Page 48 and 49: The process of standardization is s
Page 50 and 51: Protocol status can be any of the f
Page 52 and 53: 1.4 Future of the Internet Trying t
Page 54 and 55: 28 TCP/IP Tutorial and Technical Ov
Page 56 and 57: 2.1 Ethernet and IEEE 802 local are
Page 58 and 59: ► Introduced in 1985, RFC 948 - T
Page 60 and 61: The mapping of 32-bit Internet addr
Page 62 and 63: There are a large number of propose
Page 64 and 65: 2.5 Integrated Services Digital Net
Page 66 and 67:
► The value hex 81 (binary 100000
Page 68 and 69:
process the incoming packet (refer
Page 70 and 71:
frame size, retransmission timer, a
Page 72 and 73:
2.8.1 Physical layer PPP presents a
Page 74 and 75:
Basic InATMARP operates essentially
Page 76 and 77:
The client handles the table update
Page 78 and 79:
52 TCP/IP Tutorial and Technical Ov
Page 80 and 81:
To be exact, the TCP/IP PDU is enca
Page 82 and 83:
The address resolution in an ATM ne
Page 84 and 85:
LANs. Each separate LE layer needs
Page 86 and 87:
services of a classic LAN; thus, th
Page 88 and 89:
2.11.3 MPOA functional components T
Page 90 and 91:
Destination resolution The action o
Page 92 and 93:
66 TCP/IP Tutorial and Technical Ov
Page 94 and 95:
3.1 Internet Protocol (IP) 3.1.1 IP
Page 96 and 97:
There are five classes of IP addres
Page 98 and 99:
3.1.2 IP subnets Special use IP add
Page 100 and 101:
Therefore, it is normal to use a co
Page 102 and 103:
Because of the all bits 0 and all b
Page 104 and 105:
► Hosts or networks for which the
Page 106 and 107:
► The default route that contains
Page 108 and 109:
To differentiate between subnets, t
Page 110 and 111:
3.1.4 Methods of delivery: Unicast,
Page 112 and 113:
Anycasting Sometimes, the same IP s
Page 114 and 115:
212.0.0 - 213.255.255 RIPE NCC 214.
Page 116 and 117:
Originally, NAT was suggested as a
Page 118 and 119:
packet, the destination address is
Page 120 and 121:
As shown in Figure 3-14, Network Ad
Page 122 and 123:
class of the network number (thus t
Page 124 and 125:
3.1.9 IP datagram Therefore, a larg
Page 126 and 127:
► Service Type: The service type
Page 128 and 129:
► Destination IP Address: The 32-
Page 130 and 131:
Fragmentation When an IP datagram t
Page 132 and 133:
Pointer This field points to the op
Page 134 and 135:
► Because IP routers are not requ
Page 136 and 137:
3.2.1 ICMP messages ICMP messages a
Page 138 and 139:
5 Source route failed 6 Destination
Page 140 and 141:
Figure 3-34 ICMP: Router Solicitati
Page 142 and 143:
Timestamp Request (13) and Timestam
Page 144 and 145:
Record routes Record the route per
Page 146 and 147:
An exception to the rule is the asy
Page 148 and 149:
ARP packet reception When a host re
Page 150 and 151:
different physical device, it will
Page 152 and 153:
BOOTP is a draft standard protocol.
Page 154 and 155:
Length Hardware address length in b
Page 156 and 157:
3. The value of the hops field is i
Page 158 and 159:
3.7.1 The DHCP message format The f
Page 160 and 161:
Options The first four bytes of the
Page 162 and 163:
3. The client receives one or more
Page 164 and 165:
Figure 3-46 shows the DHCP process
Page 166 and 167:
administration workload and removes
Page 168 and 169:
► RFC 2474 - Definition of the Di
Page 170 and 171:
4.1 Ports and sockets 4.1.1 Ports T
Page 172 and 173:
► An association is the 5-tuple t
Page 174 and 175:
The UDP datagram has an 8-byte head
Page 176 and 177:
4.3.1 TCP concept Communication, or
Page 178 and 179:
The window principle A simple trans
Page 180 and 181:
Imagine some special cases: ► Pac
Page 182 and 183:
TCP segment format Figure 4-10 show
Page 184 and 185:
158 TCP/IP Tutorial and Technical O
Page 186 and 187:
SACK option Selective Acknowledgmen
Page 188 and 189:
A problem now arises, because the s
Page 190 and 191:
► TIME-WAIT: FINs have been recei
Page 192 and 193:
sender, while the advertised window
Page 194 and 195:
most one segment each round-trip ti
Page 196 and 197:
2. Each time another duplicate ACK
Page 198 and 199:
Figure 5-1 shows an environment whe
Page 200 and 201:
Figure 5-2 on page 173 depicts the
Page 202 and 203:
► To provide more efficient resou
Page 204 and 205:
Figure 5-3 Shortest-Path First (SPF
Page 206 and 207:
5.2.5 Hybrid routing ► Unless the
Page 208 and 209:
The RIP packet format is shown in F
Page 210 and 211:
Figure 5-5 illustrates the distance
Page 212 and 213:
can be considerable. Figure 5-7 ill
Page 214 and 215:
The limitation to this rule is that
Page 216 and 217:
► Support for multicasting: RIP-2
Page 218 and 219:
5.4.2 RIP-2 limitations Authenticat
Page 220 and 221:
The use of the command field and th
Page 222 and 223:
5.6 Open Shortest Path First (OSPF)
Page 224 and 225:
Intra-area, area border, and AS bou
Page 226 and 227:
► Hello and dead intervals: The r
Page 228 and 229:
neighbors. This store and forward a
Page 230 and 231:
All OSPF packets share the common h
Page 232 and 233:
Step 1: Database exchange process T
Page 234 and 235:
Area 1 Area 0 Figure 5-18 OSPF virt
Page 236 and 237:
In this example, the ASBR is redist
Page 238 and 239:
In this figure, the ASBR is adverti
Page 240 and 241:
EIGRP processes the information in
Page 242 and 243:
5.9.1 BGP concepts and terminology
Page 244 and 245:
► Routes and paths: A route assoc
Page 246 and 247:
► Full mesh of BGP sessions withi
Page 248 and 249:
RFC 4271 recommends a 90 second hol
Page 250 and 251:
Each path attribute is placed into
Page 252 and 253:
► LOCAL_PREF (local preference):
Page 254 and 255:
5.9.6 BGP aggregation ► Redistrib
Page 256 and 257:
ecause AS 2 does not know this aggr
Page 258 and 259:
Figure 5-29 also illustrates the in
Page 260 and 261:
► Ease of implementation: Distanc
Page 262 and 263:
Page 264 and 265:
6.1 Multicast addressing Multicast
Page 266 and 267:
address. In this situation, multica
Page 268 and 269:
The fields in the IGMP message cont
Page 270 and 271:
Page 272 and 273:
In Figure 6-4 on page 245, the Type
Page 274 and 275:
To join a group, the host sends an
Page 276 and 277:
amount of processing involved in re
Page 278 and 279:
6.4 Multicast forwarding algorithms
Page 280 and 281:
The disadvantage to the center-base
Page 282 and 283:
When the routers exchange their rou
Page 284 and 285:
6.5.3 DVMRP tunnels Some IP routers
Page 286 and 287:
6.6.2 MOSPF and multiple OSPF areas
Page 288 and 289:
6.7.1 PIM dense mode The PIM-DM pro
Page 290 and 291:
Building the PIM-SM multicast deliv
Page 292 and 293:
RP selection An RP is selected as p
Page 294 and 295:
See Figure 6-14 for an overview of
Page 296 and 297:
6.9.1 MBONE routing MBONE will most
Page 298 and 299:
of multicast systems has accelerate
Page 300 and 301:
Page 302 and 303:
7.1 Mobile IP overview Mobile IP en
Page 304 and 305:
Figure 7-1 shows a mobile IP operat
Page 306 and 307:
The prefix lengths extension can fo
Page 308 and 309:
D Decapsulation by mobile node. The
Page 310 and 311:
7.2.1 Tunneling The home agent exam
Page 312 and 313:
When a mobile node moves from its h
Page 314 and 315:
8.1 Why QoS? In the Internet and in
Page 316 and 317:
Page 318 and 319:
8.2.1 Service classes The Integrate
Page 320 and 321:
a specific bandwidth, a maximum pac
Page 322 and 323:
obeying a token bucket (r,b) and be
Page 324 and 325:
If the path message reaches the fir
Page 326 and 327:
Figure 8-6 shows the reservation pr
Page 328 and 329:
Path and reservation states can als
Page 330 and 331:
RSVP message format An RSVP message
Page 332 and 333:
Style The Style object defines the
Page 334 and 335:
The RSVP Resv messages looks simila
Page 336 and 337:
Integrated Services, described in 8
Page 338 and 339:
different priorities, the DS field
Page 340 and 341:
Figure 8-15 shows the use of bounda
Page 342 and 343:
The traffic conditioner is mainly u
Page 344 and 345:
Figure 8-18 shows the traffic condi
Page 346 and 347:
Intserv model end-to-end across a n
Page 348 and 349:
2. HostA generates a RSVP PATH mess
Page 350 and 351:
Figure 8-21 shows the cooperation o
Page 352 and 353:
► RFC 2212 - Specification of Gua
Page 354 and 355:
9.1 IPv6 introduction 9.1.1 IP grow
Page 356 and 357:
Eventually, the specification for I
Page 358 and 359:
Page 360 and 361:
vers Figure 9-3 IPv6 packet contain
Page 362 and 363:
Where: Type The type of the option.
Page 364 and 365:
source routing, which operates in a
Page 366 and 367:
► It improves multicast scalabili
Page 368 and 369:
Global unicast address format IPv6
Page 370 and 371:
Scope 4-bit value indicating the sc
Page 372 and 373:
9.2.4 Flow labels Figure 9-10 Traff
Page 374 and 375:
Page 376 and 377:
9.2.6 Packet sizes If the algorithm
Page 378 and 379:
9.3 Internet Control Message Protoc
Page 380 and 381:
Address resolution Figure 9-15 show
Page 382 and 383:
The response to the neighbor solici
Page 384 and 385:
IP Header Option 2 Figure 9-18 Rout
Page 386 and 387:
(for example, a new workstation tha
Page 388 and 389:
outer A has forwarded the packet to
Page 390 and 391:
The stateless autoconfiguration pro
Page 392 and 393:
Note the following fields in the IP
Page 394 and 395:
The following extensions are specif
Page 396 and 397:
Site X is multihomed to two provide
Page 398 and 399:
DHCP Advertise This is a unicast me
Page 400 and 401:
On top of the native IPv6 support t
Page 402 and 403:
For further information about mobil
Page 404 and 405:
9.7.3 New research and development
Page 406 and 407:
► IPv4/IPv6 header translation.Th
Page 408 and 409:
► If the destination is not on th
Page 410 and 411:
IPv6/IPv4 Host Ethernet IPv6/IPv4 R
Page 412 and 413:
It is, of course, possible that aft
Page 414 and 415:
direction, the router adds the ::FF
Page 416 and 417:
► RFC 2675 - IPv6 Jumbograms, Aug
Page 418 and 419:
10.1 Wireless concepts Given the di
Page 420 and 421:
Isotropic radiation Actual radiatio
Page 422 and 423:
10.2.2 Reachability 10.2.3 Scalabil
Page 424 and 425:
802.11a An extension to 802.11 that
Page 426 and 427:
10.4 WiMax confidentiality function
Page 428 and 429:
10.5 Applications of wireless netwo
Page 430 and 431:
Page 432 and 433:
Protocol, which is defined by the O
Page 434 and 435:
11.1 Characteristics of application
Page 436 and 437:
11.2 Application programming interf
Page 438 and 439:
Definition of fields: sockfd This i
Page 440 and 441:
An example of a client/server scena
Page 442 and 443:
Figure 11-3 shows the conceptual mo
Page 444 and 445:
- DES authentication: In addition t
Page 446 and 447:
SNMP agent implementations provide
Page 448 and 449:
11.2.4 REXX sockets Note: SET reque
Page 450 and 451:
Page 452 and 453:
12.1 Domain Name System (DNS) The D
Page 454 and 455:
We discuss this hierarchical struct
Page 456 and 457:
12.1.6 Mapping IP addresses to doma
Page 458 and 459:
Note: Although domains within the n
Page 460 and 461:
Domain name stub resolver Figure 12
Page 462 and 463:
When a domain is registered with th
Page 464 and 465:
TTL The time-to-live (TTL) time in
Page 466 and 467:
Figure 12-5 DNS message format Head
Page 468 and 469:
Question section The next section c
Page 470 and 471:
Where the fields before the TTL fie
Page 472 and 473:
They are interconnected by an IP ga
Page 474 and 475:
; 4.1.112.129.in-addr.arpa. IN PTR
Page 476 and 477:
12.1.13 Transport Domain Name Syste
Page 478 and 479:
Page 480 and 481:
In addition to TSIG, and GSS-TSIG,
Page 482 and 483:
Page 484 and 485:
NOTIFY. Based on the RRs contained
Page 486 and 487:
12.4.1 LDAP: Lightweight access to
Page 488 and 489:
LDAP server must communicate using
Page 490 and 491:
12.4.4 LDAP models distinguished na
Page 492 and 493:
classes that a directory server can
Page 494 and 495:
It is usual to follow either a geog
Page 496 and 497:
Some example searches expressed inf
Page 498 and 499:
Page 500 and 501:
12.4.6 LDAP URLs agree on a common
Page 502 and 503:
LDAP interface for the GDA One way
Page 504 and 505:
key piece to building intelligent n
Page 506 and 507:
► RFC 4505 - Anonymous Simple Aut
Page 508 and 509:
Page 510 and 511:
13.1 Telnet Telnet is a standard pr
Page 512 and 513:
► The NVT provides a local echo f
Page 514 and 515:
Number Name State RFC STD 12 Output
Page 516 and 517:
The Interpret As Command (IAC) char
Page 518 and 519:
Send Reply Meaning The terminal typ
Page 520 and 521:
locks following the command. Howeve
Page 522 and 523:
Principle of operation REXECD is a
Page 524 and 525:
13.3.1 DCE directory service When w
Page 526 and 527:
In order to find a resource in anot
Page 528 and 529:
Login facility Provides the environ
Page 530 and 531:
4. Now the user needs the authoriza
Page 532 and 533:
e defined as single threading. A th
Page 534 and 535:
environment. It also provides a way
Page 536 and 537:
13.4.1 File naming DFS follows the
Page 538 and 539:
typically provided by an operating
Page 540 and 541:
14.1 File Transfer Protocol (FTP) F
Page 542 and 543:
► Navigate and manipulate the dir
Page 544 and 545:
Page 546 and 547:
14.1.3 The active data transfer Whe
Page 548 and 549:
command would receive an error when
Page 550 and 551:
long, with the first two digits hav
Page 552 and 553:
This command instructs the FTP serv
Page 554 and 555:
ADAT Passes Base64-encoded security
Page 556 and 557:
14.2.1 TFTP usage TFTP file transfe
Page 558 and 559:
14.2.4 Data modes The TFTP header c
Page 560 and 561:
Both the user ID needed to gain acc
Page 562 and 563:
-B buffer_size Specifies the size o
Page 564 and 565:
chmod mode path Changes the permiss
Page 566 and 567:
Where: options System-specific opti
Page 568 and 569:
14.4.2 File integrity REMOVE Delete
Page 570 and 571:
public file handles and the LOOKUP,
Page 572 and 573:
several directories away. WebNFS ca
Page 574 and 575:
Figure 14-11 on page 547 shows an e
Page 576 and 577:
Datagram Service Just as the Sessio
Page 578 and 579:
1 2 3 4 5 6 7 SMB/CIFS Client Figur
Page 580 and 581:
Page 582 and 583:
15.1 Simple Mail Transfer Protocol
Page 584 and 585:
RFC Description 3030 This introduce
Page 586 and 587:
user%remote-host@gateway-host For a
Page 588 and 589:
Figure 15-1 The SMTP model SMTP mai
Page 590 and 591:
Figure 15-2 illustrates the normal
Page 592 and 593:
TEST.MY.CORP. Instead, it must firs
Page 594 and 595:
15.2 Sendmail Using the Domain Name
Page 596 and 597:
the queue file, attempts to send an
Page 598 and 599:
MIME is a draft standard that inclu
Page 600 and 601:
3. The priority considered when des
Page 602 and 603:
mandatory ones, and some have both.
Page 604 and 605:
Page 606 and 607:
videos. Only part of the data is sh
Page 608 and 609:
One such addition defined in RFC 37
Page 610 and 611:
Quoted-Printable encoding uses the
Page 612 and 613:
Base64 value ASCII char Base64 valu
Page 614 and 615:
► Message relaying programs frequ
Page 616 and 617:
3. After the client sends the QUIT
Page 618 and 619:
15.5.2 IMAP4 states The disconnecte
Page 620 and 621:
15.5.3 IMAP4 commands and response
Page 622 and 623:
- EXPUNGE: Permanently removes all
Page 624 and 625:
other sessions. This allows a clien
Page 626 and 627:
► RFC 3030 - SMTP Service Extensi
Page 628 and 629:
“Ports” on page 144 for more in
Page 630 and 631:
16.2 Web servers Web browsers are r
Page 632 and 633:
16.3.2 HTTP operation desirable fas
Page 634 and 635:
esponse chain. Therefore, if the se
Page 636 and 637:
- Upgrade - Via Request A request m
Page 638 and 639:
► Successful (2xx) This class of
Page 640 and 641:
Content negotiation In order to fin
Page 642 and 643:
computer, an AIX 5L or UNIX machine
Page 644 and 645:
alternative dynamic portion each ti
Page 646 and 647:
HTTP-Based Client Java Application
Page 648 and 649:
Page 650 and 651:
Given these circumstances, this cha
Page 652 and 653:
Group name Description of objects w
Page 654 and 655:
As an example, consider the object
Page 656 and 657:
This if further illustrated in Figu
Page 658 and 659:
getBulkRequest Performs the same fu
Page 660 and 661:
Messages sent between SNMP agents a
Page 662 and 663:
To illustrate the process of queryi
Page 664 and 665:
17.1.6 SNMP traps In this illustrat
Page 666 and 667:
► User-based Security Model (USM)
Page 668 and 669:
► A single authentication protoco
Page 670 and 671:
InformRequest An InformRequest is g
Page 672 and 673:
SnmpAuthMsg This field is used as a
Page 674 and 675:
Data origin authentication Provided
Page 676 and 677:
Local Socket The local IP address a
Page 678 and 679:
► RFC 1213 - Management Informati
Page 680 and 681:
Page 682 and 683:
advance, we now have fourth generat
Page 684 and 685:
► The Extended Hypertext Markup L
Page 686 and 687:
User Agent Profile Manager Used mai
Page 688 and 689:
Here, we give a brief description o
Page 690 and 691:
18.6 WAP push architecture The desi
Page 692 and 693:
► Client control As owner of the
Page 694 and 695:
18.6.4 Service indication The servi
Page 696 and 697:
18.7 The Wireless Application Envir
Page 698 and 699:
► WAP-specific data, such as the
Page 700 and 701:
The primitive types and their abbre
Page 702 and 703:
implementing an end-to-end connecti
Page 704 and 705:
and allows WPT-TCP to send acknowle
Page 706 and 707:
datagrams. For that functionality,
Page 708 and 709:
Example of a WSP-WTP sequence flow
Page 710 and 711:
exchange of information and control
Page 712 and 713:
peer layer). The dashed line repres
Page 714 and 715:
The peer who starts the negotiation
Page 716 and 717:
2. The server uses the S-Connect.re
Page 718 and 719:
Normal session establishment Figure
Page 720 and 721:
Normal method invocation Figure 18-
Page 722 and 723:
Wireless client HTTP WTLS WP-TCP Fi
Page 724 and 725:
WTLS layer goals The primary goal i
Page 726 and 727:
CipherSpec Specifies the bulk data
Page 728 and 729:
WIM is used to store permanent priv
Page 730 and 731:
► WAP-229_001-HTTP-20011031-a - W
Page 732 and 733:
Page 734 and 735:
The following terminology is used w
Page 736 and 737:
Page 738 and 739:
Changes to presence information are
Page 740 and 741:
19.2 Presence Information Data Form
Page 742 and 743:
19.3 Presence protocols The Extensi
Page 744 and 745:
19.3.1 Binding to TCP client-to-ser
Page 746 and 747:
Page 748 and 749:
networks in such a manner, organiza
Page 750 and 751:
20.1 Voice over IP (VoIP) introduct
Page 752 and 753:
20.1.2 VoIP functional components F
Page 754 and 755:
is a set of international CODEC sta
Page 756 and 757:
Operational support system OSS prov
Page 758 and 759:
► The proxy server provides appli
Page 760 and 761:
Figure 20-2 An example of SIP reque
Page 762 and 763:
► Stream Control Transmission Pro
Page 764 and 765:
MDCX “ModifyConnection” changes
Page 766 and 767:
Terminals Terminals are the LAN cli
Page 768 and 769:
RTP RTCP audio G.711, G.723.1, etc.
Page 770 and 771:
► RFC 3266 - Support for IPv6 in
Page 772 and 773:
21.1 IPTV overview IPTV is an IP ne
Page 774 and 775:
► Communication context This is s
Page 776 and 777:
21.2 Functional components Figure 2
Page 778 and 779:
21.2.4 IP (TV) transport IPTV requi
Page 780 and 781:
► Congestion control SCTP maintai
Page 782 and 783:
Type Description s Session name i*
Page 784 and 785:
RTP header format The header of an
Page 786 and 787:
1 1016 25 CelB 2 G726-32 26 JPEG 3
Page 788 and 789:
Application RTP 12 1 10 2 9 3 8 4 7
Page 790 and 791:
Receiver report An RTCP receiver re
Page 792 and 793:
Length Contains the packet length.
Page 794 and 795:
It allows weighted prediction, enab
Page 796 and 797:
21.4 RFCs relevant to this chapter
Page 798 and 799:
22.1 Security exposures and solutio
Page 800 and 801:
Problem/exposure Remedy How to ensu
Page 802 and 803:
Application proxy Access control En
Page 804 and 805:
Encryption and decryption: Cryptogr
Page 806 and 807:
eighth bit serving as parity bit. F
Page 808 and 809:
cleartext clea cle Cleartext Alice'
Page 810 and 811:
e and d are called the public and p
Page 812 and 813:
A hash function that takes a key as
Page 814 and 815:
Examples of hash functions The most
Page 816 and 817:
Digital Signature Standard (DSS) As
Page 818 and 819:
public key and identification, a di
Page 820 and 821:
22.3 Firewalls In September 1998, t
Page 822 and 823:
time. The network administrator mus
Page 824 and 825:
Service level filtering Because mos
Page 826 and 827:
etween the secure and the non-secur
Page 828 and 829:
In normal mode, the FTP client firs
Page 830 and 831:
circuit-level gateway (see Figure 2
Page 832 and 833:
Generally, a packet-filtering firew
Page 834 and 835:
Internal DNS and Mail server Secure
Page 836 and 837:
22.4.1 Concepts IPSec adds integrit
Page 838 and 839:
Tunneling Tunneling or encapsulatio
Page 840 and 841:
AH format The AH format is describe
Page 842 and 843:
AH in transport mode In this mode,
Page 844 and 845:
connectionless, in that they operat
Page 846 and 847:
Padding Most encryption algorithms
Page 848 and 849:
The tunnel mode is used whenever ei
Page 850 and 851:
When designing a VPN, limit the num
Page 852 and 853:
Figure 22-33 illustrates the simple
Page 854 and 855:
Figure 22-36 shows in detail how th
Page 856 and 857:
Before describing the details of th
Page 858 and 859:
Permanent identifiers The IKE proto
Page 860 and 861:
Note: For ISAKMP phase 1 messages,
Page 862 and 863:
Page 864 and 865:
authority using a protocol such as
Page 866 and 867:
IKE phase 2: Setting up protocol Se
Page 868 and 869:
Hash A Hash payload must immediatel
Page 870 and 871:
Generating the keys (phase 2) Using
Page 872 and 873:
22.5 SOCKS intranet is considered t
Page 874 and 875:
22.5.1 SOCKS Version 5 (SOCKSv5) SO
Page 876 and 877:
Where: VER Indicates the version of
Page 878 and 879:
X'03' Network unreachable X'04' Hos
Page 880 and 881:
X Window System’s clients. SSH fo
Page 882 and 883:
22.7.2 SSL protocol Authentication
Page 884 and 885:
CipherSpec message after processing
Page 886 and 887:
The client then sends a finished me
Page 888 and 889:
In this chapter, we begin by defini
Page 890 and 891:
usiness partner's and supplier's VP
Page 892 and 893:
name the principal. Both the realm
Page 894 and 895:
The authentication process consists
Page 896 and 897:
After the server has validated a cl
Page 898 and 899:
► Authorization and accounting in
Page 900 and 901:
modem connection is made, the NAS p
Page 902 and 903:
22.14.1 Terminology Before describi
Page 904 and 905:
PPP Data Figure 22-54 L2TP packet c
Page 906 and 907:
complementary use of IPSec, an L2TP
Page 908 and 909:
The diagram shows the following tra
Page 910 and 911:
Key management on such a large scal
Page 912 and 913:
► RFC 2405 - The ESP DES-CBC Ciph
Page 914 and 915:
Page 916 and 917:
23.1 Port based network access cont
Page 918 and 919:
23.3 Port based network access cont
Page 920 and 921:
Figure 23-3 illustrates the control
Page 922 and 923:
802.1x authentication process The a
Page 924 and 925:
Figure 23-6 and Figure 23-7 show sn
Page 926 and 927:
Request and response type Value TLS
Page 928 and 929:
Figure 23-15 EAP-Success packet EAP
Page 930 and 931:
Figure 23-21 shows the sniffer trac
Page 932 and 933:
► Multicast propagation If authen
Page 934 and 935:
The Internet business has grown so
Page 936 and 937:
Generic techniques to enhance scala
Page 938 and 939:
24.5 Virtualization Virtualization
Page 940 and 941:
Network virtualization Network virt
Page 942 and 943:
24.6.2 VRRP definitions 24.6.3 VRRP
Page 944 and 945:
24.6.4 Sample configuration Figure
Page 946 and 947:
The fields of the VRRP header are d
Page 948 and 949:
24.8.1 Network Address Translation
Page 950 and 951:
24.9 RFCs relevant to this chapter
Page 952 and 953:
A.1 MPLS: An introduction The idea
Page 954 and 955:
MPLS also provides the ability to a
Page 956 and 957:
Layer 2 Header MPLS Header Figure A
Page 958 and 959:
Label switched path (LSP) An LSP re
Page 960 and 961:
► The packet does not contain a l
Page 962 and 963:
7. R22 reviews the level-2 label ap
Page 964 and 965:
A.2.5 Label distribution protocols
Page 966 and 967:
Emulated Ethernet MUX MPLS Figure A
Page 968 and 969:
► The effort can provide a single
Page 970 and 971:
A generalized label only carries a
Page 972 and 973:
Fault management The LMP fault mana
Page 974 and 975:
Note: GMPLS allows SP to dynamicall
Page 976 and 977:
Furthermore, because the labels can
Page 978 and 979:
A.5 RFCs relevant to this chapter T
Page 980 and 981:
DLCI Data Link Connection Identifie
Page 982 and 983:
MTU Maximum Transmission Unit MVS M
Page 984 and 985:
VRML Virtual Reality Modeling Langu
Page 986 and 987:
► TCP/IP and System i http://www.
Page 988 and 989:
Page 990 and 991:
DHCP interoperability 140 forwardin
Page 992 and 993:
fingerprint 785 firewall 12, 776, 8
Page 994 and 995:
Security Parameter Index (SPI) 810
Page 996 and 997:
latency 61 Layer 2 Forwarding (L2F)
Page 998 and 999:
RFC 1483 53 RFC 1492 873 RFC 1510 8
Page 1000 and 1001:
subnet number 73 subnets 72 subnett
Page 1004:
TCP/IP Tutorial and Technical Overv
show all

TCP/IP Tutorial and Technical Overview - IBM Redbooks

Create successful ePaper yourself

Delete template?

Save as template?