TCP/IP Tutorial and Technical Overview - IBM Redbooks

More documents

Recommendations

Info

SnmpAuthMsg This field is used as authentication information from the authentication protocol used by that party. The SnmpAuthMsg is serialized according to ASN.1 BER 3 and can then be encrypted. SnmpPrivMsg SNMP Private Message An SNMPv2 private message is an SNMPv2 authenticated management communication that is (possibly) protected from disclosure. A private destination (privDst) is added to address the destination party. The message is then encapsulated in a normal UDP/IP datagram and sent to the destination across the network. For further information, refer to the previously mentioned RFCs. SNMPv3 SNMPv3 is described in RFCs 3410 through 3415. SNMPv3 is not a replacement of SNMPv1 or SNMPv2, but rather is an extension to the existing SNMP architecture. SNMPv3 supports the following: ► A new SNMP message format ► Authentication for messages ► Security for messages ► Access control ► Continued support for SNMPv2 The User-based Security Model (USM), described in RFC 3414, specifies using MD5 and hashing algorithms. This provides data integrity, security, and privacy. There is support for the authentication protocols HMAC-MD5-96, HMAC-SHA-96, and optional support for the encryption protocol CBC-DES. The View-based Access Control Model (VACM), defined in RFC 3415, shows how to define views that are subsets of the full MIB tree. Access control on a per-user basis can then be implemented for these views. Because SNMP has a modular structure, changes to individual modules do not impact the other modules directly. This allows you to easily define SNMPv3 over the existing model. For example, to add a new SNMP message format, it is sufficient to upgrade the message processing model. Furthermore, because it is needed to support SNMPv1 and SNMPv2 messages as well, it can be achieved 3 ASN.1 BER specifies the Basic Encoding Rules for OSI Abstract Syntax Notation One, according to ISO 8825. 646 TCP/IP Tutorial and Technical Overview
y adding the new SNMPv3 message module into the message processing subsystem. Figure 17-8 illustrates this structure. Figure 17-8 The SNMP message processing subsystem 17.1.8 Single authentication and privacy protocol The authentication protocol provides a mechanism by which SNMPv3 management communications, transmitted by a party, can be reliably identified as having originated from that party. The privacy protocol provides a mechanism by which SNMPv3 management communications transmitted to a party are protected from disclosure. Principal threats against which the SNMPv3 security protocol provides protection are: ► Modification of information ► Masquerade ► Message stream modification ► Disclosure The following security services provide protection against these threats: Data integrity Provided by the MD5 message digest algorithm. A 128-bit digest is calculated over the designated portion of a SNMPv3 message and included as part of the message sent to the recipient. Chapter 17. Network management 647
Page 1:
TCP/IP Tutorial and Technical Overv
Page 4 and 5:
Note: Before using this information
Page 6 and 7:
2.7 Frame relay . . . . . . . . . .
Page 8 and 9:
5.4.2 RIP-2 limitations . . . . . .
Page 10 and 11:
8.4 RFCs relevant to this chapter .
Page 12 and 13:
12.4.7 LDAP and DCE . . . . . . . .
Page 14 and 15:
16.1 Web browsers . . . . . . . . .
Page 16 and 17:
21.1 IPTV overview . . . . . . . .
Page 18 and 19:
24.6.1 Introduction . . . . . . . .
Page 20 and 21:
Trademarks The following terms are
Page 22 and 23:
► TCP/IP and System p: http://www
Page 24 and 25:
Thanks to the following people for
Page 26 and 27:
xxiv TCP/IP Tutorial and Technical
Page 28 and 29:
Finally, other standard protocols e
Page 30 and 31:
1.1 TCP/IP architectural model 1.1.
Page 32 and 33:
To be able to identify a host withi
Page 34 and 35:
est-effort service. As a result, ap
Page 36 and 37:
The client/server model TCP is a pe
Page 38 and 39:
Gateway Interconnects networks at h
Page 40 and 41:
1.2.1 ARPANET the last release of t
Page 42 and 43:
Integrated Digital Network Exchange
Page 44 and 45:
1.2.4 Internet2 coordination. RIPE
Page 46 and 47:
1.2.5 The Open Systems Interconnect
Page 48 and 49:
The process of standardization is s
Page 50 and 51:
Protocol status can be any of the f
Page 52 and 53:
1.4 Future of the Internet Trying t
Page 54 and 55:
28 TCP/IP Tutorial and Technical Ov
Page 56 and 57:
2.1 Ethernet and IEEE 802 local are
Page 58 and 59:
► Introduced in 1985, RFC 948 - T
Page 60 and 61:
The mapping of 32-bit Internet addr
Page 62 and 63:
There are a large number of propose
Page 64 and 65:
2.5 Integrated Services Digital Net
Page 66 and 67:
► The value hex 81 (binary 100000
Page 68 and 69:
process the incoming packet (refer
Page 70 and 71:
frame size, retransmission timer, a
Page 72 and 73:
2.8.1 Physical layer PPP presents a
Page 74 and 75:
Basic InATMARP operates essentially
Page 76 and 77:
The client handles the table update
Page 78 and 79:
Page 80 and 81:
To be exact, the TCP/IP PDU is enca
Page 82 and 83:
The address resolution in an ATM ne
Page 84 and 85:
LANs. Each separate LE layer needs
Page 86 and 87:
services of a classic LAN; thus, th
Page 88 and 89:
2.11.3 MPOA functional components T
Page 90 and 91:
Destination resolution The action o
Page 92 and 93:
Page 94 and 95:
3.1 Internet Protocol (IP) 3.1.1 IP
Page 96 and 97:
There are five classes of IP addres
Page 98 and 99:
3.1.2 IP subnets Special use IP add
Page 100 and 101:
Therefore, it is normal to use a co
Page 102 and 103:
Because of the all bits 0 and all b
Page 104 and 105:
► Hosts or networks for which the
Page 106 and 107:
► The default route that contains
Page 108 and 109:
To differentiate between subnets, t
Page 110 and 111:
3.1.4 Methods of delivery: Unicast,
Page 112 and 113:
Anycasting Sometimes, the same IP s
Page 114 and 115:
212.0.0 - 213.255.255 RIPE NCC 214.
Page 116 and 117:
Originally, NAT was suggested as a
Page 118 and 119:
packet, the destination address is
Page 120 and 121:
As shown in Figure 3-14, Network Ad
Page 122 and 123:
class of the network number (thus t
Page 124 and 125:
3.1.9 IP datagram Therefore, a larg
Page 126 and 127:
► Service Type: The service type
Page 128 and 129:
► Destination IP Address: The 32-
Page 130 and 131:
Fragmentation When an IP datagram t
Page 132 and 133:
Pointer This field points to the op
Page 134 and 135:
► Because IP routers are not requ
Page 136 and 137:
3.2.1 ICMP messages ICMP messages a
Page 138 and 139:
5 Source route failed 6 Destination
Page 140 and 141:
Figure 3-34 ICMP: Router Solicitati
Page 142 and 143:
Timestamp Request (13) and Timestam
Page 144 and 145:
Record routes Record the route per
Page 146 and 147:
An exception to the rule is the asy
Page 148 and 149:
ARP packet reception When a host re
Page 150 and 151:
different physical device, it will
Page 152 and 153:
BOOTP is a draft standard protocol.
Page 154 and 155:
Length Hardware address length in b
Page 156 and 157:
3. The value of the hops field is i
Page 158 and 159:
3.7.1 The DHCP message format The f
Page 160 and 161:
Options The first four bytes of the
Page 162 and 163:
3. The client receives one or more
Page 164 and 165:
Figure 3-46 shows the DHCP process
Page 166 and 167:
administration workload and removes
Page 168 and 169:
► RFC 2474 - Definition of the Di
Page 170 and 171:
4.1 Ports and sockets 4.1.1 Ports T
Page 172 and 173:
► An association is the 5-tuple t
Page 174 and 175:
The UDP datagram has an 8-byte head
Page 176 and 177:
4.3.1 TCP concept Communication, or
Page 178 and 179:
The window principle A simple trans
Page 180 and 181:
Imagine some special cases: ► Pac
Page 182 and 183:
TCP segment format Figure 4-10 show
Page 184 and 185:
158 TCP/IP Tutorial and Technical O
Page 186 and 187:
SACK option Selective Acknowledgmen
Page 188 and 189:
A problem now arises, because the s
Page 190 and 191:
► TIME-WAIT: FINs have been recei
Page 192 and 193:
sender, while the advertised window
Page 194 and 195:
most one segment each round-trip ti
Page 196 and 197:
2. Each time another duplicate ACK
Page 198 and 199:
Figure 5-1 shows an environment whe
Page 200 and 201:
Figure 5-2 on page 173 depicts the
Page 202 and 203:
► To provide more efficient resou
Page 204 and 205:
Figure 5-3 Shortest-Path First (SPF
Page 206 and 207:
5.2.5 Hybrid routing ► Unless the
Page 208 and 209:
The RIP packet format is shown in F
Page 210 and 211:
Figure 5-5 illustrates the distance
Page 212 and 213:
can be considerable. Figure 5-7 ill
Page 214 and 215:
The limitation to this rule is that
Page 216 and 217:
► Support for multicasting: RIP-2
Page 218 and 219:
5.4.2 RIP-2 limitations Authenticat
Page 220 and 221:
The use of the command field and th
Page 222 and 223:
5.6 Open Shortest Path First (OSPF)
Page 224 and 225:
Intra-area, area border, and AS bou
Page 226 and 227:
► Hello and dead intervals: The r
Page 228 and 229:
neighbors. This store and forward a
Page 230 and 231:
All OSPF packets share the common h
Page 232 and 233:
Step 1: Database exchange process T
Page 234 and 235:
Area 1 Area 0 Figure 5-18 OSPF virt
Page 236 and 237:
In this example, the ASBR is redist
Page 238 and 239:
In this figure, the ASBR is adverti
Page 240 and 241:
EIGRP processes the information in
Page 242 and 243:
5.9.1 BGP concepts and terminology
Page 244 and 245:
► Routes and paths: A route assoc
Page 246 and 247:
► Full mesh of BGP sessions withi
Page 248 and 249:
RFC 4271 recommends a 90 second hol
Page 250 and 251:
Each path attribute is placed into
Page 252 and 253:
► LOCAL_PREF (local preference):
Page 254 and 255:
5.9.6 BGP aggregation ► Redistrib
Page 256 and 257:
ecause AS 2 does not know this aggr
Page 258 and 259:
Figure 5-29 also illustrates the in
Page 260 and 261:
► Ease of implementation: Distanc
Page 262 and 263:
Page 264 and 265:
6.1 Multicast addressing Multicast
Page 266 and 267:
address. In this situation, multica
Page 268 and 269:
The fields in the IGMP message cont
Page 270 and 271:
Page 272 and 273:
In Figure 6-4 on page 245, the Type
Page 274 and 275:
To join a group, the host sends an
Page 276 and 277:
amount of processing involved in re
Page 278 and 279:
6.4 Multicast forwarding algorithms
Page 280 and 281:
The disadvantage to the center-base
Page 282 and 283:
When the routers exchange their rou
Page 284 and 285:
6.5.3 DVMRP tunnels Some IP routers
Page 286 and 287:
6.6.2 MOSPF and multiple OSPF areas
Page 288 and 289:
6.7.1 PIM dense mode The PIM-DM pro
Page 290 and 291:
Building the PIM-SM multicast deliv
Page 292 and 293:
RP selection An RP is selected as p
Page 294 and 295:
See Figure 6-14 for an overview of
Page 296 and 297:
6.9.1 MBONE routing MBONE will most
Page 298 and 299:
of multicast systems has accelerate
Page 300 and 301:
Page 302 and 303:
7.1 Mobile IP overview Mobile IP en
Page 304 and 305:
Figure 7-1 shows a mobile IP operat
Page 306 and 307:
The prefix lengths extension can fo
Page 308 and 309:
D Decapsulation by mobile node. The
Page 310 and 311:
7.2.1 Tunneling The home agent exam
Page 312 and 313:
When a mobile node moves from its h
Page 314 and 315:
8.1 Why QoS? In the Internet and in
Page 316 and 317:
Page 318 and 319:
8.2.1 Service classes The Integrate
Page 320 and 321:
a specific bandwidth, a maximum pac
Page 322 and 323:
obeying a token bucket (r,b) and be
Page 324 and 325:
If the path message reaches the fir
Page 326 and 327:
Figure 8-6 shows the reservation pr
Page 328 and 329:
Path and reservation states can als
Page 330 and 331:
RSVP message format An RSVP message
Page 332 and 333:
Style The Style object defines the
Page 334 and 335:
The RSVP Resv messages looks simila
Page 336 and 337:
Integrated Services, described in 8
Page 338 and 339:
different priorities, the DS field
Page 340 and 341:
Figure 8-15 shows the use of bounda
Page 342 and 343:
The traffic conditioner is mainly u
Page 344 and 345:
Figure 8-18 shows the traffic condi
Page 346 and 347:
Intserv model end-to-end across a n
Page 348 and 349:
2. HostA generates a RSVP PATH mess
Page 350 and 351:
Figure 8-21 shows the cooperation o
Page 352 and 353:
► RFC 2212 - Specification of Gua
Page 354 and 355:
9.1 IPv6 introduction 9.1.1 IP grow
Page 356 and 357:
Eventually, the specification for I
Page 358 and 359:
Page 360 and 361:
vers Figure 9-3 IPv6 packet contain
Page 362 and 363:
Where: Type The type of the option.
Page 364 and 365:
source routing, which operates in a
Page 366 and 367:
► It improves multicast scalabili
Page 368 and 369:
Global unicast address format IPv6
Page 370 and 371:
Scope 4-bit value indicating the sc
Page 372 and 373:
9.2.4 Flow labels Figure 9-10 Traff
Page 374 and 375:
Page 376 and 377:
9.2.6 Packet sizes If the algorithm
Page 378 and 379:
9.3 Internet Control Message Protoc
Page 380 and 381:
Address resolution Figure 9-15 show
Page 382 and 383:
The response to the neighbor solici
Page 384 and 385:
IP Header Option 2 Figure 9-18 Rout
Page 386 and 387:
(for example, a new workstation tha
Page 388 and 389:
outer A has forwarded the packet to
Page 390 and 391:
The stateless autoconfiguration pro
Page 392 and 393:
Note the following fields in the IP
Page 394 and 395:
The following extensions are specif
Page 396 and 397:
Site X is multihomed to two provide
Page 398 and 399:
DHCP Advertise This is a unicast me
Page 400 and 401:
On top of the native IPv6 support t
Page 402 and 403:
For further information about mobil
Page 404 and 405:
9.7.3 New research and development
Page 406 and 407:
► IPv4/IPv6 header translation.Th
Page 408 and 409:
► If the destination is not on th
Page 410 and 411:
IPv6/IPv4 Host Ethernet IPv6/IPv4 R
Page 412 and 413:
It is, of course, possible that aft
Page 414 and 415:
direction, the router adds the ::FF
Page 416 and 417:
► RFC 2675 - IPv6 Jumbograms, Aug
Page 418 and 419:
10.1 Wireless concepts Given the di
Page 420 and 421:
Isotropic radiation Actual radiatio
Page 422 and 423:
10.2.2 Reachability 10.2.3 Scalabil
Page 424 and 425:
802.11a An extension to 802.11 that
Page 426 and 427:
10.4 WiMax confidentiality function
Page 428 and 429:
10.5 Applications of wireless netwo
Page 430 and 431:
Page 432 and 433:
Protocol, which is defined by the O
Page 434 and 435:
11.1 Characteristics of application
Page 436 and 437:
11.2 Application programming interf
Page 438 and 439:
Definition of fields: sockfd This i
Page 440 and 441:
An example of a client/server scena
Page 442 and 443:
Figure 11-3 shows the conceptual mo
Page 444 and 445:
- DES authentication: In addition t
Page 446 and 447:
SNMP agent implementations provide
Page 448 and 449:
11.2.4 REXX sockets Note: SET reque
Page 450 and 451:
Page 452 and 453:
12.1 Domain Name System (DNS) The D
Page 454 and 455:
We discuss this hierarchical struct
Page 456 and 457:
12.1.6 Mapping IP addresses to doma
Page 458 and 459:
Note: Although domains within the n
Page 460 and 461:
Domain name stub resolver Figure 12
Page 462 and 463:
When a domain is registered with th
Page 464 and 465:
TTL The time-to-live (TTL) time in
Page 466 and 467:
Figure 12-5 DNS message format Head
Page 468 and 469:
Question section The next section c
Page 470 and 471:
Where the fields before the TTL fie
Page 472 and 473:
They are interconnected by an IP ga
Page 474 and 475:
; 4.1.112.129.in-addr.arpa. IN PTR
Page 476 and 477:
12.1.13 Transport Domain Name Syste
Page 478 and 479:
Page 480 and 481:
In addition to TSIG, and GSS-TSIG,
Page 482 and 483:
Page 484 and 485:
NOTIFY. Based on the RRs contained
Page 486 and 487:
12.4.1 LDAP: Lightweight access to
Page 488 and 489:
LDAP server must communicate using
Page 490 and 491:
12.4.4 LDAP models distinguished na
Page 492 and 493:
classes that a directory server can
Page 494 and 495:
It is usual to follow either a geog
Page 496 and 497:
Some example searches expressed inf
Page 498 and 499:
Page 500 and 501:
12.4.6 LDAP URLs agree on a common
Page 502 and 503:
LDAP interface for the GDA One way
Page 504 and 505:
key piece to building intelligent n
Page 506 and 507:
► RFC 4505 - Anonymous Simple Aut
Page 508 and 509:
Page 510 and 511:
13.1 Telnet Telnet is a standard pr
Page 512 and 513:
► The NVT provides a local echo f
Page 514 and 515:
Number Name State RFC STD 12 Output
Page 516 and 517:
The Interpret As Command (IAC) char
Page 518 and 519:
Send Reply Meaning The terminal typ
Page 520 and 521:
locks following the command. Howeve
Page 522 and 523:
Principle of operation REXECD is a
Page 524 and 525:
13.3.1 DCE directory service When w
Page 526 and 527:
In order to find a resource in anot
Page 528 and 529:
Login facility Provides the environ
Page 530 and 531:
4. Now the user needs the authoriza
Page 532 and 533:
e defined as single threading. A th
Page 534 and 535:
environment. It also provides a way
Page 536 and 537:
13.4.1 File naming DFS follows the
Page 538 and 539:
typically provided by an operating
Page 540 and 541:
14.1 File Transfer Protocol (FTP) F
Page 542 and 543:
► Navigate and manipulate the dir
Page 544 and 545:
Page 546 and 547:
14.1.3 The active data transfer Whe
Page 548 and 549:
command would receive an error when
Page 550 and 551:
long, with the first two digits hav
Page 552 and 553:
This command instructs the FTP serv
Page 554 and 555:
ADAT Passes Base64-encoded security
Page 556 and 557:
14.2.1 TFTP usage TFTP file transfe
Page 558 and 559:
14.2.4 Data modes The TFTP header c
Page 560 and 561:
Both the user ID needed to gain acc
Page 562 and 563:
-B buffer_size Specifies the size o
Page 564 and 565:
chmod mode path Changes the permiss
Page 566 and 567:
Where: options System-specific opti
Page 568 and 569:
14.4.2 File integrity REMOVE Delete
Page 570 and 571:
public file handles and the LOOKUP,
Page 572 and 573:
several directories away. WebNFS ca
Page 574 and 575:
Figure 14-11 on page 547 shows an e
Page 576 and 577:
Datagram Service Just as the Sessio
Page 578 and 579:
1 2 3 4 5 6 7 SMB/CIFS Client Figur
Page 580 and 581:
Page 582 and 583:
15.1 Simple Mail Transfer Protocol
Page 584 and 585:
RFC Description 3030 This introduce
Page 586 and 587:
user%remote-host@gateway-host For a
Page 588 and 589:
Figure 15-1 The SMTP model SMTP mai
Page 590 and 591:
Figure 15-2 illustrates the normal
Page 592 and 593:
TEST.MY.CORP. Instead, it must firs
Page 594 and 595:
15.2 Sendmail Using the Domain Name
Page 596 and 597:
the queue file, attempts to send an
Page 598 and 599:
MIME is a draft standard that inclu
Page 600 and 601:
3. The priority considered when des
Page 602 and 603:
mandatory ones, and some have both.
Page 604 and 605:
Page 606 and 607:
videos. Only part of the data is sh
Page 608 and 609:
One such addition defined in RFC 37
Page 610 and 611:
Quoted-Printable encoding uses the
Page 612 and 613:
Base64 value ASCII char Base64 valu
Page 614 and 615:
► Message relaying programs frequ
Page 616 and 617:
3. After the client sends the QUIT
Page 618 and 619:
15.5.2 IMAP4 states The disconnecte
Page 620 and 621:
15.5.3 IMAP4 commands and response
Page 622 and 623: - EXPUNGE: Permanently removes all
Page 624 and 625: other sessions. This allows a clien
Page 626 and 627: ► RFC 3030 - SMTP Service Extensi
Page 628 and 629: “Ports” on page 144 for more in
Page 630 and 631: 16.2 Web servers Web browsers are r
Page 632 and 633: 16.3.2 HTTP operation desirable fas
Page 634 and 635: esponse chain. Therefore, if the se
Page 636 and 637: - Upgrade - Via Request A request m
Page 638 and 639: ► Successful (2xx) This class of
Page 640 and 641: Content negotiation In order to fin
Page 642 and 643: computer, an AIX 5L or UNIX machine
Page 644 and 645: alternative dynamic portion each ti
Page 646 and 647: HTTP-Based Client Java Application
Page 648 and 649: 622 TCP/IP Tutorial and Technical O
Page 650 and 651: Given these circumstances, this cha
Page 652 and 653: Group name Description of objects w
Page 654 and 655: As an example, consider the object
Page 656 and 657: This if further illustrated in Figu
Page 658 and 659: getBulkRequest Performs the same fu
Page 660 and 661: Messages sent between SNMP agents a
Page 662 and 663: To illustrate the process of queryi
Page 664 and 665: 17.1.6 SNMP traps In this illustrat
Page 666 and 667: ► User-based Security Model (USM)
Page 668 and 669: ► A single authentication protoco
Page 670 and 671: InformRequest An InformRequest is g
Page 674 and 675: Data origin authentication Provided
Page 676 and 677: Local Socket The local IP address a
Page 678 and 679: ► RFC 1213 - Management Informati
Page 680 and 681: 654 TCP/IP Tutorial and Technical O
Page 682 and 683: advance, we now have fourth generat
Page 684 and 685: ► The Extended Hypertext Markup L
Page 686 and 687: User Agent Profile Manager Used mai
Page 688 and 689: Here, we give a brief description o
Page 690 and 691: 18.6 WAP push architecture The desi
Page 692 and 693: ► Client control As owner of the
Page 694 and 695: 18.6.4 Service indication The servi
Page 696 and 697: 18.7 The Wireless Application Envir
Page 698 and 699: ► WAP-specific data, such as the
Page 700 and 701: The primitive types and their abbre
Page 702 and 703: implementing an end-to-end connecti
Page 704 and 705: and allows WPT-TCP to send acknowle
Page 706 and 707: datagrams. For that functionality,
Page 708 and 709: Example of a WSP-WTP sequence flow
Page 710 and 711: exchange of information and control
Page 712 and 713: peer layer). The dashed line repres
Page 714 and 715: The peer who starts the negotiation
Page 716 and 717: 2. The server uses the S-Connect.re
Page 718 and 719: Normal session establishment Figure
Page 720 and 721: Normal method invocation Figure 18-
Page 722 and 723:
Wireless client HTTP WTLS WP-TCP Fi
Page 724 and 725:
WTLS layer goals The primary goal i
Page 726 and 727:
CipherSpec Specifies the bulk data
Page 728 and 729:
WIM is used to store permanent priv
Page 730 and 731:
► WAP-229_001-HTTP-20011031-a - W
Page 732 and 733:
Page 734 and 735:
The following terminology is used w
Page 736 and 737:
Page 738 and 739:
Changes to presence information are
Page 740 and 741:
19.2 Presence Information Data Form
Page 742 and 743:
19.3 Presence protocols The Extensi
Page 744 and 745:
19.3.1 Binding to TCP client-to-ser
Page 746 and 747:
Page 748 and 749:
networks in such a manner, organiza
Page 750 and 751:
20.1 Voice over IP (VoIP) introduct
Page 752 and 753:
20.1.2 VoIP functional components F
Page 754 and 755:
is a set of international CODEC sta
Page 756 and 757:
Operational support system OSS prov
Page 758 and 759:
► The proxy server provides appli
Page 760 and 761:
Figure 20-2 An example of SIP reque
Page 762 and 763:
► Stream Control Transmission Pro
Page 764 and 765:
MDCX “ModifyConnection” changes
Page 766 and 767:
Terminals Terminals are the LAN cli
Page 768 and 769:
RTP RTCP audio G.711, G.723.1, etc.
Page 770 and 771:
► RFC 3266 - Support for IPv6 in
Page 772 and 773:
21.1 IPTV overview IPTV is an IP ne
Page 774 and 775:
► Communication context This is s
Page 776 and 777:
21.2 Functional components Figure 2
Page 778 and 779:
21.2.4 IP (TV) transport IPTV requi
Page 780 and 781:
► Congestion control SCTP maintai
Page 782 and 783:
Type Description s Session name i*
Page 784 and 785:
RTP header format The header of an
Page 786 and 787:
1 1016 25 CelB 2 G726-32 26 JPEG 3
Page 788 and 789:
Application RTP 12 1 10 2 9 3 8 4 7
Page 790 and 791:
Receiver report An RTCP receiver re
Page 792 and 793:
Length Contains the packet length.
Page 794 and 795:
It allows weighted prediction, enab
Page 796 and 797:
21.4 RFCs relevant to this chapter
Page 798 and 799:
22.1 Security exposures and solutio
Page 800 and 801:
Problem/exposure Remedy How to ensu
Page 802 and 803:
Application proxy Access control En
Page 804 and 805:
Encryption and decryption: Cryptogr
Page 806 and 807:
eighth bit serving as parity bit. F
Page 808 and 809:
cleartext clea cle Cleartext Alice'
Page 810 and 811:
e and d are called the public and p
Page 812 and 813:
A hash function that takes a key as
Page 814 and 815:
Examples of hash functions The most
Page 816 and 817:
Digital Signature Standard (DSS) As
Page 818 and 819:
public key and identification, a di
Page 820 and 821:
22.3 Firewalls In September 1998, t
Page 822 and 823:
time. The network administrator mus
Page 824 and 825:
Service level filtering Because mos
Page 826 and 827:
etween the secure and the non-secur
Page 828 and 829:
In normal mode, the FTP client firs
Page 830 and 831:
circuit-level gateway (see Figure 2
Page 832 and 833:
Generally, a packet-filtering firew
Page 834 and 835:
Internal DNS and Mail server Secure
Page 836 and 837:
22.4.1 Concepts IPSec adds integrit
Page 838 and 839:
Tunneling Tunneling or encapsulatio
Page 840 and 841:
AH format The AH format is describe
Page 842 and 843:
AH in transport mode In this mode,
Page 844 and 845:
connectionless, in that they operat
Page 846 and 847:
Padding Most encryption algorithms
Page 848 and 849:
The tunnel mode is used whenever ei
Page 850 and 851:
When designing a VPN, limit the num
Page 852 and 853:
Figure 22-33 illustrates the simple
Page 854 and 855:
Figure 22-36 shows in detail how th
Page 856 and 857:
Before describing the details of th
Page 858 and 859:
Permanent identifiers The IKE proto
Page 860 and 861:
Note: For ISAKMP phase 1 messages,
Page 862 and 863:
Page 864 and 865:
authority using a protocol such as
Page 866 and 867:
IKE phase 2: Setting up protocol Se
Page 868 and 869:
Hash A Hash payload must immediatel
Page 870 and 871:
Generating the keys (phase 2) Using
Page 872 and 873:
22.5 SOCKS intranet is considered t
Page 874 and 875:
22.5.1 SOCKS Version 5 (SOCKSv5) SO
Page 876 and 877:
Where: VER Indicates the version of
Page 878 and 879:
X'03' Network unreachable X'04' Hos
Page 880 and 881:
X Window System’s clients. SSH fo
Page 882 and 883:
22.7.2 SSL protocol Authentication
Page 884 and 885:
CipherSpec message after processing
Page 886 and 887:
The client then sends a finished me
Page 888 and 889:
In this chapter, we begin by defini
Page 890 and 891:
usiness partner's and supplier's VP
Page 892 and 893:
name the principal. Both the realm
Page 894 and 895:
The authentication process consists
Page 896 and 897:
After the server has validated a cl
Page 898 and 899:
► Authorization and accounting in
Page 900 and 901:
modem connection is made, the NAS p
Page 902 and 903:
22.14.1 Terminology Before describi
Page 904 and 905:
PPP Data Figure 22-54 L2TP packet c
Page 906 and 907:
complementary use of IPSec, an L2TP
Page 908 and 909:
The diagram shows the following tra
Page 910 and 911:
Key management on such a large scal
Page 912 and 913:
► RFC 2405 - The ESP DES-CBC Ciph
Page 914 and 915:
Page 916 and 917:
23.1 Port based network access cont
Page 918 and 919:
23.3 Port based network access cont
Page 920 and 921:
Figure 23-3 illustrates the control
Page 922 and 923:
802.1x authentication process The a
Page 924 and 925:
Figure 23-6 and Figure 23-7 show sn
Page 926 and 927:
Request and response type Value TLS
Page 928 and 929:
Figure 23-15 EAP-Success packet EAP
Page 930 and 931:
Figure 23-21 shows the sniffer trac
Page 932 and 933:
► Multicast propagation If authen
Page 934 and 935:
The Internet business has grown so
Page 936 and 937:
Generic techniques to enhance scala
Page 938 and 939:
24.5 Virtualization Virtualization
Page 940 and 941:
Network virtualization Network virt
Page 942 and 943:
24.6.2 VRRP definitions 24.6.3 VRRP
Page 944 and 945:
24.6.4 Sample configuration Figure
Page 946 and 947:
The fields of the VRRP header are d
Page 948 and 949:
24.8.1 Network Address Translation
Page 950 and 951:
24.9 RFCs relevant to this chapter
Page 952 and 953:
A.1 MPLS: An introduction The idea
Page 954 and 955:
MPLS also provides the ability to a
Page 956 and 957:
Layer 2 Header MPLS Header Figure A
Page 958 and 959:
Label switched path (LSP) An LSP re
Page 960 and 961:
► The packet does not contain a l
Page 962 and 963:
7. R22 reviews the level-2 label ap
Page 964 and 965:
A.2.5 Label distribution protocols
Page 966 and 967:
Emulated Ethernet MUX MPLS Figure A
Page 968 and 969:
► The effort can provide a single
Page 970 and 971:
A generalized label only carries a
Page 972 and 973:
Fault management The LMP fault mana
Page 974 and 975:
Note: GMPLS allows SP to dynamicall
Page 976 and 977:
Furthermore, because the labels can
Page 978 and 979:
A.5 RFCs relevant to this chapter T
Page 980 and 981:
DLCI Data Link Connection Identifie
Page 982 and 983:
MTU Maximum Transmission Unit MVS M
Page 984 and 985:
VRML Virtual Reality Modeling Langu
Page 986 and 987:
► TCP/IP and System i http://www.
Page 988 and 989:
Page 990 and 991:
DHCP interoperability 140 forwardin
Page 992 and 993:
fingerprint 785 firewall 12, 776, 8
Page 994 and 995:
Security Parameter Index (SPI) 810
Page 996 and 997:
latency 61 Layer 2 Forwarding (L2F)
Page 998 and 999:
RFC 1483 53 RFC 1492 873 RFC 1510 8
Page 1000 and 1001:
subnet number 73 subnets 72 subnett
Page 1004:
TCP/IP Tutorial and Technical Overv
show all

TCP/IP Tutorial and Technical Overview - IBM Redbooks

Create successful ePaper yourself

Delete template?

Save as template?