TCP/IP第一卷读书笔记

最新推荐文章于 2021-12-29 20:39:04 发布

keepdoingit

最新推荐文章于 2021-12-29 20:39:04 发布

阅读量2.2k

点赞数

文章标签：读书 protocols network layer internet tcp

本文链接：https://blog.csdn.net/keepdoingit/article/details/5446400

版权

粉红色的句子是代表上次的进度。

红色的是有疑问的地方。

蓝色是重点概念

基础知识：

1 OSI 中的物理层，这个层比较容易理解，就是物理介质，比如说双绞线，在双绞线上跑的都是电信号，就是高低电平。

2 数据链路层，在物理层上跑的电信号不能被计算机所识别，必须要变成有意义的计算机能识别的形式才行，计算机可以识别的东西只有两个数， 0 和 1 ，电平也刚好有两种状态，低和高，那么正好， 0 对应低电平， 1 对应高电平。那么谁来负责把物理层上跑的电平信号转换成数据信号 0 和 1 呢？网卡。具体来说应该是网卡芯片中的一段程序。反过来也是，谁来把计算机中的数据转化成电平信号传出去呢，也是网卡中的一段程序。那么这个网卡中的一段程序就是“数据链路层”。在将数据传出去的过程中有这样一个问题，就是在一台主机不能同时又接数据又收数据，在一个局域网中的不同主机也不能同时往主线上传送数据，这种情况会出现冲突，所以我们必须要想办法保证在同一时间内只有一个主机可以传送数据才行。有很多办法可以来实现这个功能，比如令牌环方法，即在网络中有一块令牌，谁拿到令牌谁才能传送或接收数据。还有一个 csma/cd 方法，即大家都能在任何时刻传送数据，但是在传之前要看一下是否现在正有其它主机在传，如果有，则自己不能传，要等会儿，过一会儿后，再看看，直到没别人用了，自己才可以传。这两种方法各有优缺。根据网卡中的数据链路层的那段程序所采取的方法不同，形成的网络也不同，如果该段程序是实现的 csma/cd 协议，那么这个网络就是以太网，如果实现的是令牌环方法，那么这个网络就是令牌环网。所以说以太网的必须要求是网卡实现 csma/id 协议，与你使用的线的种类无关，如果你用双绞线，就买带 rj-45 接口的以太网卡，如果你用同轴电缆，你就买带 bnc 接口的以太网卡。在发送 IP DATAGRAM 过程中， ” 数据链路层 ” 要将 IP DATAGRAM 打包。这里需要说明的还有网卡的驱动程序，驱动程序的作用是控制网卡中的缓存之类的东西。

3 网络层，传输层，这些层你可以使用 TCP/IP ，也可以不用。所以说如果一个网是以太网，那它也不一定是 tcp/ip, 是 tcp/ip 网，也不一定是以太网

4 不管你的网卡是什么接口的，也不管你的网卡中的“数据链路层”的程序是以太还是令牌环，它的前提是它是一块网卡，有 mac 地址的。所以两个串口的连接不能算是这种网络，它也没有网卡中的链路层实现 csma/cd ，也不能有该层中的 mac 地址。

网卡中的 csma/cd 协议实现的具体方法：

数据链路控制器 (EDLC) 　
　　数据链路控制器是一个大规模集成电路芯片，基本实现了 CSMA/CD 媒体接入协议。 EDLC 按工作流程可分为数据帧发送和数据帧接收两部分。　
　　在数据帧发送流程中， EDLC 的第一件工作是组织帧。 EDLC 先将来自主机的数据包中的目标地址、源地址、类型及数据信息放入数据缓存器的发送 RAM 中，而发送之前自动传输 64 位前导码，使网络接口电路达到稳定状态，并在数据信息之后加上 32 位 CRC 校验码，准备好发送内容。数据缓冲接口部分有一个先进先出 (FIFO) 的 16 字节发送器队列。发送器从数据缓存器逐字节读取数据，然后运用串并转换器把字节转成串行位流后逐位发送。　
　　在数据发送之前和发送流程中， EDLC 随时执行载波侦听，按照 CSMA/CD 的协议要求 “ 先听后说 ” 和 “ 边说边听 ” 。在开始发送之前， EDLC 至少要等待 9.6μs 时间，确定网络上无其他站点在发送，才开始发送，这就是载波侦听。在发送流程中，如果发觉有其他站点发送， EDLC 自动停止 FIFO 内容的发送，立即发出一个 32 位长的 010101 序列阻塞位串，以强化冲突，使所有站点都能检测到冲突的存在。同时， EDLC 告诉主机数据帧发送时发送冲突，需等待一段随机时间后，再重新发送。主机接到请求后执行后退算法，随机等待一段时间，再重新启动发送。若一个数据信息字段传送完毕， EDLC 在最后一个字节送入 FIFO 后，发出 32 位 CRC 校验码。整个数据帧发送完毕，即修改发送状态寄存器。　　在 EDLC 数据接收部分， EDLC 通过译码器接口输入端随时监听网络状态。在网络平静状态下，当收到一个串行位流是连续的 62 位 “010101” 花样的位串后接着是两位连续的 “ １ ” 时，这表示了另外一站点发送的前导码。为了使译码器产生锁相实现同步， EDLC 等待８位时间才寻找 “11” ，即前导码的最后两位。如果收到的不是 “11” ，则不是正确的数据帧，不接收后面的数据。如果收到了最后两位 “11” ，则说明收到了正确的前导码，并继续接收数据帧的数据。接下来收到的应该是目标地址，由 EDLC 的地址检查器检查能不能与 REA 中的地址值匹配如果地址不匹配，则说明是发往其他站点的数据帧，立即停止接收数据操作；如果目标地址与本站地址相同，则继续接收发给本站的数据，执行串并转换，送往接收缓冲队列 FIFO 。当 EDLC 收完一个数据帧后，再执行 CRC 校验。如果校验不正确，则取消收到的　数据缓冲区中的数据帧；如果校验正确，则配置状态寄存器中有关接收状态的各位。最后 EDLC 发出接收结束信号，清理 DMA 接收控制，并发出 INT 信号通知主机接收己完成。　　

Preface

Introduction

This book describes the TCP/IP protocol suite, but from a different perspective than other texts on TCP/IP. Instead of just describing the protocols and what they do, we will use a popular diagnostic tool to watch the protocols in action. Seeing how the protocols operate in varying circumstances provides a greater understanding of how they work and why certain design decisions were made. It also provide a look into the implementation of the protocols, without having to wade through thousands of lines of source code.

When networking protocols were being developed in the 1960s through 1980s, expensive, dedicated hardware was required to see the packets going “across the wire”. extreme familiarity with the protocols was also required to comprehend the packets displayed by the hardware. Functionality of the hardware analyzers was limited to that built in by the hardware designers.

Today this has changed dramatically with the ability of the ubiquitous workstation to monitor a local area network. Just attach a workstation to your network, run some publicly available software, and watch what goes by on the wire. While many people consider this a tool to be used for diagnosing network problems, it is also a powerful tool for understanding how the network protocol operate, which is the goal of this book.

This book is intended for anyone wishing to understand how the TCP/IP protocols operate: programmers writing network applications, system administrators responsible for maintaining computer systems and networks utilizing TCP/IP, and users who deal with TCP/IP applications on a daily basis.

Organized of the book

When used as part of a one- or two-semester course in computer networking, the focus should be on IP(chapter 3 and 9), UDP(chapter 11) , and TCP(chapter 17-24), along with some of the application chapters.

Typographical conventions

When we display interactive input and output we’ll show our typed input in a bold font, and the computer output like this. Comments are added in italics.

Chapter 1 Introduction

1.1 Introduction

The TCP/IP protocol suite allows computers of all sizes, from many different computer vendors, running totally different operating systems, to communicate with each other. It is quite amazing because its use has far exceeded its original estimates. What started in the late 1960s as a government-financed research project into packet switching networks has, in the 1990s, turned into the most widely used form of networking between computers. It is truly an open system in that the definition of the protocol suite and many of its implementations are publicly available at little or no charge. It forms the basis for what is called the worldwide Internet, or the Internet, a wide area network(WAN) of more than one million computers that literally spans the globe.

This chapter provides an overview of the TCP/IP protocol suite, to establish an adequate background for the remaining chapters. For a historical perspective on the early development of TCP/IP see [Lynch 1993].

1.2 Layering

Networking protocols are normally developed in layers, with each layer responsible for a different facet of the communications. A protocol suite, such as TCP/IP, is the combination of different protocols at various layers. TCP/IP is normally considered to be a 4-layer system,

Each layer has a different responsibility.

1 the link layer.

2 the network layer.

3 the transport layer.

4 the application layer.

1.3 TCP/IP layering

There are more protocols in the TCP/IP protocol suite.

TCP and UDP are the two predominant transport layer protocols. Both use IP as the network layer.

TCP provides a reliable transport layer, even though the service it uses (IP) is unreliable. Chapter 17 through 22 provide a detailed look at the operation of TCP. We then look at some TCP applications: Telnet and Riogin in chapter 26, ftp is chapter 27, and SMTP in chapter 28. the applications are normally user processes.

UDP sends and receives datagrams for applications. A datagram is a unit of information(i.e., a certain number of bytes of information that is specified by the sender) that travel from the sender to the receiver. Unlike TCP, however, UDP is unreliable. There is no guarantee that the datagram ever gets to its final destination. Chapter 11 looks at UDP, and then chapter 14(the Domain Name System), chapter 15(the trivial File Transfer Protocol), and chapter 16(the Bootstrap Protocol) look at some applications that use UDP. SNMP(the Simple Network Management Protocol) also uses UDP, but since it deals with many of the other protocols, we save a discussion of it until chapter 25.

IP is the main protocol at the network layer. It is used by both TCP and UDP. Every piece of TCP and UDP data that gets transferred around an internet goes through the IP layer at both end systems and at every intermediate router.

ICMP is an adjunct to IP. It is used by IP layer to exchange error messages and other vital information with the IP layer in another host or router. Chapter 6 looks at ICMP in more detail. Although ICMP is used primarily by IP, it is possible for an application to also access it . indeed we’ll see that two diagnostic tools, Ping and Traceroute , both use ICMP.

IGMP is the Internet Group Management Protocol. It is used with multicasting; sending a UDP datagram to multiple hosts. We describe the general properties of broadcasting(sending a UDP datagram to every host on a specified network) and multicasting in chapter 12, and then describe IGMP itself in chapter 13.

ARP(Address Resolution Protocol) and RARP(Reverse Address Resolution Protocol) are specialized protocols used only with certain types of network interfaces(such as Ethernet and token ring) to convert between the addresses used by the IP layer and the addresses used by the network interface.

1.4 Internet Addresses

Every interface on an internet must have a unique Internet address(also called an IP address). These addresses are 32-bit numbers. Instead of using a flat address space such as 1,2,3, and so on, there is a structure to Internet addresses.

The InterNIC assigns only network IDs, The assignment of host IDs is up to the system administrator.

1.5 The Domain Name System

Although the network interfaces on a host, and therefore the host itself, are known by IP address, humans work best using the name of a host. In the TCP/IP world the Domain Name System(DNS) is a distributed database that provides the mapping between IP address and hostnames

For now we must be aware that any application can call a standard library function to look up the IP address corresponding to a given hostname.

1.6 Encapsulation

When an application sends data using TCP, the data is sent down the protocol stack, through each layer, until it is sent as a stream of bits across the network. Each layer adds information to the data by prepending headers(and sometimes adding trailer information) to the data that it receives.

The stream of bits that flows across the Ethernet is called a frame.

We should say that the unit of data passed between IP and the network interface is a packet.

The unit of data that TCP sends to IP is called a TCP segment.

The unit of data that IP sends to the network interface is called an IP datagram

1.7 Demultiplexing

When an Ethernet frame is received at the destination host it starts its way up the protocol stack and all the headers are removed by the appropriate protocol box. Each protocol box looks at certain identifiers in its header to determine which box in the next upper layer receives the data. This is called demultiplexing

Positioning the protocol boxed labeled “ICMP” and “IGMP” Is always a challenge.

1.8 Client-Server Model

Most networking applications are written assuming one side is the client and the other the server.

1.9 Port Numbers

Servers are normally known by their well-known port number. The well-known ports are managed by the Internet Assigned Numbers Authority(IANA).

1.10 Standardization process

1.11 RFCs

All the official standards in the internet community are published as a Request for Comment, or RFC.

1.12 Standard, Simple Services

There are a few standard, simple services that almost every implementation provides. We’ll use some of these servers throughout the text, usually with the telnet client.

1.13 The Internet

The lowercase internet means multiple networks connected together, using a common protocol suite. The uppercase Internet refers to the collection of hosts(over one million) around the world that can communicate with each other using TCP/IP. While the Internet is an internet, but he reverse is not true.

1.14 Implementations

The de facto standard for TCP/IP implementations is the one from the Computer Systems Research Group at the University of California at Berkeley. Historically this has been distributed with the 4.x BSD system(Berkeley Software Distribution), and with the “BSD Networking Releases.” This source code has been the starting point for many other implementations.

Throughout the text we will use the term Berkeley-derived implementation to refer to vendor implementations such as SunOS 4.x, SVR4, and AIX3.2 that were originally developed from the Berkeley sources. These implementations have much in common, often including the same bugs.

1.15 Application Programming Interfaces

Two popular application programming interfaces(APIs) for applications using the TCP/IP protocols are called sockets and TLI(Transport Layer Interface). The former is sometimes called “Berkeley sockets”, indicating where it was originally developed. The latter, originally developed by AT&T, is sometimes called XTI(X/Open Transport Interface), recognizing the work done by X/Open, an international group of computer vendors that produce their own set of standards. XTI is effectively a superset of TLI.

1.16 Test Network

1.17 Summary

This chapter has been a whirlwind tour of the TCP/IP protocol suite, introducing many of the terms and protocols that we discuss in detail in later chapters.

The four layers in the TCP/IP protocol suite are the link layer, network layer, transport layer, and application layer, and we mentioned the different responsibilities of each. In TCP/IP the distinction the network layer and the transport layer is critical: the network layer(IP) provides a hop-by-hop service while the transport layers(TCP and UDP) provide an end-to-end service.

Chapter 2 Link Layer

2.1 Introduction

From figure 1.4 We see that the purpose of the link layer in the TCP/IP protocol suite is to send and receive (1) IP datagrams for the IP module (2) ARP requests and replies for the ARP module and (3) RARP requests and replies for the RARP module.

问： Link layer 指的不就是硬件层吗？如果是硬件层，它应该是负责接收把有的数据包啊，包括 tcp 头的数据，为什么这是不是这样说的呢？

答：我现在看到这个问题，我自己都不明白我问的是什么意思。不管了，把现在的理解描述一下： OSI 的七层结构，最底层是物理层，即线路的类型，包括网线，同轴电缆， RS232 串口线。上一层是 link layer, 包括物理层对应的接口卡和 device driver, 比如你的物理层是网线，那么你的 link layer 包括网卡和网卡的驱动程序。

从“物理角度 ” 重新描述一下 OSI 模型的七层结构，

物理层：你所使用的连接线，或者网线，串口线，同轴电缆等等。

数据链路层：与物理层的连接线所对应的接口卡和卡的驱动程序（网线对应的网卡和驱动程序）

网络层： tcpip.sys ，负责 TCPIP 协议的实现的部分，也是一个 driver.

传输层： tcpip.sys, 负责 TCPIP 协议的实现的部分，也是一个 driver.

应用层：用户所使用的应用程序，比如 IE 浏览器， QQ 聊天工具。

从“逻辑角度 ” 重新描述一下 OSI 模型的七层结构，

比如你在 QQ 上要发送一条消息“ hello world “ ,

过程是，

应用层：你在 QQ 对话框中输入“ hello world “

传输层： tcpip.sys 负责把 ”hello world” 按照 tcp 协议对该字符串进行包装，形成新的数据包

网络层： tcpip.sys 再把经过 tcp 包按照 ip 协议进行包装形成新的数据包，包括目的 IP 地址之类的信息。

数据链路层：对网络层传来的数据包进行处理，形成可以实际发送的数据包，比如将 ip 地址翻译成网卡物理地址（ ARP ）

物理层：对最终的数据包形成比特流传出去。

TCP/IP supports many different link layers, depending on the type of networking hardware being used: Ethernet, token ring, FDDI(Fiber Distributed Data Interface), RS-232 serial lines, and the like.

In this chapter we will look at some of the details involved in the Ethernet link layer, two specialized link layers for serial interfaces(SLIP and PPP), and the loopback driver that’s part of most implementations. Ethernet an SLIP are the link layers used for most of the examples in the book. We also talk about the MTU(Maximum Transmission Unit), a characteristic of the link layer that we encounter numerous times in the remaining chapters. We also show some calculations of how to choose the MTU for a serial line.

So, MTU 是由 link layer 决定的。和 TCP/IP 没有关系。

2.2 Ethernet and IEEE 802 Encapsulation

The term Ethernet generally refers to a standard published in 1982 by Digital Equipment Corp., Intel Corp., and Xerox Corp. it is predominant form of local area network technology used with TCP/IP today. It uses an access method called CSMA/CD, which stands for Carrier Sense, multiple access with Collision Detection. It operates at 10 Mbits/sec and uses 48-bit addresses.

RFC 894 encapsulation is most commonly used. Figure 2.1 shows the two different forms of encapsulation.

Both frame formats use 48 –bit(6-byte) destination and source addresses. These are what we call hardware addresses throughout the text. The ARP and RARP protocols map between the 32-bit IP addresses and the 48-bit hardware addresses.

问：网卡物理地址的意义是什么？在图 2.1 中的网卡物理和 ip datagram 之间的关系？

答：网卡的物理地址相当于人的身份证。网卡物理地址与 IP 地址对应， ARP 负责把 ip datagram 中的目的 IP 地址转变成对应的网卡的物理地址。

2.3 trailer encapsulation

RFC 893[leffler and karels 1984] describes another form of encapsulation used on Ethernets, called trailer encapsulation. It was an experiment with early BSD systems on DEC VAXes that improved performance by rearranging the order of the fields in the IP datagram. “the variable-length fields at the beginning of the data portion of the Ethernet frame(the IP header and the TCP header) were moved to the end (right before the CRC).” This allows the data portion of the frame to be mapped to a hardware page, saving a memory-to-memory copy when the data is copied in the kernel. TCP data that is a multiple of 512 bytes in size can be moved by just manipulating the kernel’s page tables. Two hosts negotiated the use of trailer encapsulation using an extension of ARP. Different Ethernet frame type values are defined for these frames

Nowadays trailer encapsulation is deprecated, so we won’t show any examples of it.

2.4 SLIP: Serial Line IP

SLIP stands for Serial Line IP. It is a simple form of encapsulation for IP datagrams on serial lines, and is specified in RFC 1055. SLIP has become popular for connecting home systems to the Internet, through the ubiquitous RS-232 serial port found on almost every computer and high-speed modems. The following rules specify the framing used by SLIP.

用 SOCKET 写的普通网络程序可以用串口来通信？

1 The IP datagram is terminated by the special character called END(0xc0). Also, to prevent any line noise before this datagram from being interpreted as part of this datagram, most implementations transmit an END character at the beginning of the datagram too.(if there was some line noise the END terminates that erroneous datagram will be thrown away by a higher layer when its contents are detected to be garbage.)

2 if a byte of the IP datagram equals the END character, the 2-byte sequence 0xdb,0xdc is transmitted instead. This special character, 0xdb, is called the SLIP ESC character, but its value is different from the ASCII ESC character(0xib).

3 If a byte of the IP datagram equals the SLIP ESC character, the 2-byte sequence 0xdb, 0xdd is transmitted instead.

2.5 Compressed SLIP

2.6 PPP: Point-to-Point Protocol

PPP, the Point-to-Point Protocol, corrects all the deficiencies in SLIP. PPP consists of three components.

1 A way to encapsulate IP datagrams on a serial link. PPP supports either an asynchronous link with 8 bits of data and no parity or bit-oriented synchronous links.

2 A link control protocol to establish, configure, and test the data-link connection. This allows each end to negotiate various options.

3 A family of network control protocols specific to different network layer protocols. RFCs currently exist for IP, the OSI network layer, DECnet, and AppleTalk. The IP NCP, for example, allows each end to specify if it can perform header compression, similar to CSLIP.

第二章基本上都没看明白

Chapter 3

Chapter 4 ARP: Address Resolution Protocol

4.1 Introduction

The problem that we deal with in this chapter is that IP address only make sense to the TCP/IP protocol suite. A data link such as an Ethernet or a token ring has its own addressing scheme (often 48-bit addresses) to which any network layer using the data link must conform. A network such as an Ethernet can be used by different network layers at the same time. For example, a collection of hosts using TCP/IP and another collection of hosts using some PC network software can share the same physical cable.

When an Ethernet frame is sent from one host on a LAN to another, it is the 48-bit Ethernet address that determines for which interface the frame is destined. The device driver software never looks at the destination IP address in the IP datagram.

Address resolution provides a mapping between the two different forms of addresses: 32-it IP addresses and whatever type of address the data link uses.

4.2 an example

Ethernet header: 包括 14 个字节 , 前六个是 destination ethernet address, 紧接着 6 个是 source ethernet address, 最后两个是 frame type, frame type 是 0x0806 代表是 ARP 数据包 , 也就是说在 ethernet header 后边接的是 ARP datagram. 是其它的某个值代表是 IP datagram. 所以说 ARP 和 IP 是同等地位的东西 , 不像 ICMP 与 IP 的关系 .

Since ARP’s function is to get a hardware address responding a IP address, but how did it do it?

ARP sends an Ethernet frame called an ARP request to every host on the network. This is called a broadcast. The ARP request contains the IP address of the destination and is the request “if you are the owner of this IP address, please respond to me with your hardware address.”

The destination host’s ARP layer receives this broadcast, recognizes that the sender is asking for its hardware address, and replies with an ARP reply. This reply contains the IP address and the corresponding hardware address..

Chapter 6 ICMP internet control message protocol

6.1 Introduction

ICMP is often considered part of the IP layer. It communicates error messages and other conditions that require attention. ICMP messages are usually acted on by either the IP layer or the higher layer protocol(TCP or UDP). Some ICMP messages cause errors to be returned to user processes.

6.2 ICMP Message Types

6.3 ICMP Address Mask Request and Reply

The ICMP address mask request is intended for a diskless system to obtain its subnet mask at bootstrap time. The requesting system broadcasts its ICMP request(This is similar to a diskless system using RARP to obtain its IP address at bootstrap time). An alternative method for a diskless system to obtain its subnet mask is the BOOTP protocol, which we describe in chapter 16.

6.4 ICMP Timestamp Request and Reply

6.5 ICMP Port Unreachable Error

One rule of UDP is that if it receives a UDP datagram and the destination port does not correspond to a port that some process has in use, UDP responds with an ICMP port unreachable.

6.6 4.4BSD Processing of ICMP Messages

6.7 summary

Chapter 7 Ping Program

7.1 Introduction

The name “ping” is taken from the sonar operation to locate objects. The ping program was written by Mike Muuss and it test whether another host is reachable. The program sends an ICMP echo request message to a host, expecting an ICMP echo reply to be returned.

7.2 ping program

We call the ping program that sends the echo requests the client, and the host being pinged the server. Most tcp/ip implementation support the ping server directly in the kernel.

7.3 IP Record Route Option

IP 在网络上走，经过一个路由器，该路由器就把自己的地址添到 ip datagram 中的 option 中，最多的能添九个。在这个过程中，某些个 PC 的 routing table 可以被更新以获得更新的路径。

7.4 IP Timestamp Option

The ping program is the basic connectivity test between two systems running TCP/IP. It uses the ICMP echo request and reply messages and does not use a transport layer(TCP or UDP). The ping server is normally part of the kernel’s ICMP implementation.

Chapter 8 Traceroute Program

8.1 Introduction

8.2 Traceroute Program Operation

既然 ping 程序已经可以通过 RR （ record route ）方式来记录 IP DATAGRAM 所经过的路径了，为什么还要再开发一个 traceroute 呢？因为有好多路由器并不支持 RR 。 Traceroute 并不需要中间路由器的支持。

Each router that handles the datagram is required to decrement the TTL by either one or the number of seconds that the router holds onto the datagram(prevent the datagram stay in a router forever.) but actually few routers implement this. If a router receives a datagram whose TTL is 0,it will throw it away and send back to the originating host an ICMP message”time exceeded” message. In this message, there is the router’s address, this is important.

So now we know what traceroute do:

It sends an IP datagram with a TTL of 1 to the destination host. The first router to handle the datagram decrements the TTL, discard the datagram, and sends back the ICMP time exceeded,. This identifies the first router in the path. Traceroute then sends a datagram with a TTL of 2, and we find the IP address of the second router. This continues until the datagram reaches the destination host .. but how we know that datagram reached the destination? It sends UDP datarams to the destination host, but it chooses the destination UDP port number to be an unlikely value(larger than 30000), making it improbable that an application at the destination is using that port. This causes the destination host’s UDP module to generate an ICMP “port unreachable” error when the datagram arrives. All traceroute needs to do is differentiate between the received ICMP message-time exceeded versus port unreachable-to know when it’s done.

8.5 IP Source Routing Option

Normally IP routing is dynamic with each router making a decision about which next-hop router to send the datagram to. Applications have no control of this, and are normally not concerned with it. It takes tools such as Traceroute to figure out what the route really is.

The idea behind source routing is that the sender specifies the route. Two forms are provided:

Strict source routing. The sender specifies the exact path that the IP datagram must follow

Chapter 9 IP Routing

1 routing protocols

The topics of which routing protocol to use on a given host, how to exchange routing information with adjacent routers, and how the routing protocols work are complex and can fill an entire book of their own(Interested readers are referred to [Periman 1992] for many of the details.)

We will look briefly at dynamic routing and Routing Information Protocol(RIP) in chapter 10. our main interest in the current chapter is how a single IP layer makes its routing decisions.

2 host 代表一台主机，可以是 PC ，也可以是路由器。

3 router 代表一个路由装置，可以是路由器，或者有路由功能的 PC 机。

4 a host searches the routing table and decides which interface to send a packet out, is routing mechanism . This differs from a routing policy , which is a set of rules that decides which routes go into the routing table. IP performs the routing mechanism while a routing daemon normally provides the routing policy.

We can use “netstat” command to check out the routing table on unix system, the output like this:

Destionation gateway flags Refcnt use interface

140.252.13.65 140.252.13.35 UGH 0 0 emd0

Now we explain the “flags” column, if G is set then means indirect route, 就是说目的地址（ 140.252.13.65 ）没有和 routing table 所在的 PC 或路由器直接相连。这种情况下产生的 IP DATAGRAM 中， destination ip address 是 140.252.13.65, 但是 link layer 产生的网卡物理地址却应该是 140.252.13.35 所对应的物理地址（因为这个 datagram 要马上发到 140.252.13.35 上） .if G is not set then mean direct route, 就是说目的地址与 route table 所在的主机直接相连。所以它产生的 IP DATAGRAM 中的目标 IP 和网卡物理地址都是 destination 的。

Initializing a routing table

how these routing table entries are created?

① The direct route:Whenever an interface is initialized(normally when the interface’s address is set by the ifconfig command) a direct route is automatically created for the interface .

② The indirect route: routes to hosts or networks that are not directly connected must be entered into the routing table somehow. One common way is to execute the route command explicitly from the initialization files when the system is bootstrapped. On the host svr4 the following two commands were executed to add the entries that we showed earlier:

Route add default sun 1

Route add slip bsdi 1

What the interface is?

如果你在一个局域网内，用网卡和网线连接，那么可以把网卡的口可以理解为一个 interface. 如果同时你还有一根 RS232 串口线连接到另外一台电脑上，那么串口也是一个 interface. 他们在路由表中都有一个名字，就是最后一列的值，例如 emd0.. 错了。

IP layer 在接到了本机传来的 TCP SEGMENT 后，首先进行 IP Routing, 如果找到了，则打包该数据， destination address 中放入目标 IP 。传给 link-layer, ARP 根据路由表中的 gateway 得到它的 MAC 地址，把它放到 IP DATAGRAM 中，发送出去。如果在路由表中找不到对应的项，则会返回给上层一个“ host unreachable ”或“ network unreachable ” . 如果 IP LAYER 处理的是由其他主机传来的包的话，刚会发回一个 ICMP ERROR MESSAGE.

9.3

Chapter 10 Dynamic Routing Protocols

10.1 Introduction

10.2 注意概念的区别： dynamic routing 和 static routing.

dynamic routing

dynamic routing occurs when routers talk to adjacent routers, informing each other of what networks each router is currently connected to.

Static routing

the routing table entries were created by default when an interface was configured (for directly connected interfaces), added by the route command(normally from a system bootstrap file), or created by an ICMP redirect(usually when the wrong default was used).

Routing policy 、 Routing protocol and routing mechanism 的区别：

Routing policy: 当一个 router 和其它的 router 沟通以更新自己的 routing table 时，可以对于一个 destination ，会有几个 route 可以来实现，那么按照什么原则去选择，这个原则就是 routing policy.

Routing protocol:

一个 router 如何和其它的 router 进行沟通以更新自己的 routing table? 来回发送数据包，数据包中包含 routing table 信息，那么这个包的格式如何设计，哪一位代表什么意义，这种设计方法叫做 routing protocol.

一个 autonomous system 内部的这种 protocol 以 IGP 为主。

不同的 autonomous systems 之间的以 EGP 为主。

Routing mechanism: IP LAYER 在为一个 destination 查找一个合适的 routing 时所遵守的原则。

Routing table 的生成以及在运行过程时候的更新主要由两种方式，一种是 static routing 里边所说的三种方法，一种是 dynamic routing 里面所说的方法（由 routing deamon 实现）

如下图：

以该图为例，“ routing daemon ”与其它 router 交换 routing table 信息时，使用的协议 ( 数据结构的安排 ) 叫做 routing protocol.

在交换 routing table 时对于同一个 destination 会有好几个 route, 以供选择，那么选择哪一个所依据的原则叫做 routing policy.

IP LAYER 在本机的 routing table 为一个 destination 选择 route 时的顺序叫做 routing mechanism.

In a system such as the Internet, many different routing protocols are currently used. the internet is organized into a collection of autonomous systems(ASs), each of which is normally administered by a single entity. A corporation or university campus often defines an autonomous system. The NSFNET backbone of the Internet forms an autonomous system, because all the routers in the backbone are under a single administrative control.

Each autonomous system can select its own protocol to communicate between the routers in that autonomous system. This is called an interior gateway protocol(IGP) or intradomain routing protocol. The most popular IGP has been the Routing Information protocol(RIP). A newer IGP is the Open Shortest Path First protocol(OSPF). It is intended as a replacement for RIP. An older IGP that has fallen out of use if HELO-the IGP used on the original NSFNET backbone in 1986.

Separate routing protocols called exterior gateway protocols(EGPs) or interdomain routing protocols are used between the routers in different autonomous systems. A newer protocol is the Border Gateway Protocol(BGP) that is currently used between the NSFNET backbone and some of the regional networks that attach to the backbone.

10.3 Unix Routing Daemons

10.4 RIP: Routing Information Protocol

Message Format

RIP messages are carried in UDP datagrams.

理解 Metrics :

Metrics 就是 hop counts.( 跳跃次数 ) 。 RIP 的作用是用来在 router 之间来回发送路由信息，比如说很多个 router 相连，那么他们之间用 RIP 信息来告诉对方自己的路由表。一个 router 到一个 destination 的 path 可能有多个，那么一个 router 如何根据其它 routers 发来的 RIP 信息来决定选择哪个 path 呢？这就需要 Metrics, 即跳跃次数。 Router 会计算不同 path 的 metric ，选一个最小的做为最佳路径。这个计算方法就是一种 route policy.

10.5 RIP Version2

RIP-2 don’t change the protocol, just pass additional information in the fields labeled “must be zero”.

10.6 OSPF: Open Shortest Path First

OSPF is a newer alternative to RIP as an interior gateway protocol. It overcomes all the limitations of RIP.

OSPF is a link-state protocol, as opposed to RIP, which is a distance-vector protocol. the term distance-vector means the messages sent by RIP contain a vector of distances(hop counts). Each router updates its routing table based on the vector of these distances that it receives from its neighbors.

In a link-state protocol a router does not exchange distances with its neighbors. Instead each router actively tests the status of its link to each of its neighbors, sends this information to its other neighbors, which then propagate it throughout the autonomous system. Each router takes this link-state information and builds a complete routing table.

What does link-state mean? It means if a router is down ,it can tell.

OSPF is different from RIP(and many other routing protocols) in that OSPF uses IP directly. That is, it does not use UDP or TCP. OSPF has its own value for the protocol field in the IP header.

With most router vendors supporting OSPF, it will start replacing RIP in many networks.

10.7 BGP: Border Gateway Protocol

BGP is an exterior gateway protocol for communication between routers in different autonomous systems. BGP is a replacement for the older EGP that was used on the ARPANET.

A BGP system exchanges network reachability information with other BGP systems. This information includes the full path of autonomous systems that traffic transit to reach these networks. This information is adequate to construct a graph of AS connectivity.

We first categorize an IP dategram in an AS(autonomous system) as either local traffic or transit traffic

An AS can be categorized as one of the following:

10.8 CIDR: classless interdomain routing

这节没看。

summary

Chapter 11

1 Looking at Figure 11.3 we see that the two IP addresses are swapped, as are the two port numbers. The other fields in the pseudo-header and the UDP header are the same, as is the data being echoed. This reiterates that the UDP checksums (indeed, all the checksums in the TCP/IP protocol suite) are simple 16-bit sums. They cannot detect an error that swaps two of the 16-bit values.

Checksum 是求和校验，就是对所有位求个和，然后看是否相等，所以如果被校验的数里面位置交换，它是检验不出错误来的。

2 IP fragementation

The physical network layer normally imposes an upper limit on the size of the frame that can be transmitted. Whenever the IP layer receives an IP datagram to send, it determines which local interface the datagram is being sent on(routing), and queries that interface to obtain its MTU. IP compares the MTU with the datagram size and performs fragmentation, if necessary. Fragmentation can take place either at the original sending host or at an intermediate router.

When an IP datagram is fragmented, it is not reassembled until it reaches its final destination.(this handling of reassembly differs from some other networking protocols that require reassembly to take place at the next hop, not at the final destination.). the information maintained in the IP header for fragmentation and reassembly provides enough information to do this.

Recalling the IP header, the following fields are used in fragmentation. The identification contains a unique value for each IP datagram that the sender transmits. The number is copied into each fragment of a particular datagram. The flags field uses one bit as the “more fragments” bit. This bit is turned on for each fragment comprising a datagram except the final fragment. The fragment offset field contains the offset of this fragment from the beginning of the original datagram. Also, when a datagram is fragmented the total length field of each fragment is changed to be the size of that fragment.

Finally, one of the bits in the flags field is called the “don’t fragment” bit. If this is turned on, IP will not fragment the datagram. Instead the datagram is thrown away and an ICMP error(“fragmentation needed but don’t fragment bit set”) is sent to the originator.

You should note that only the first fragmentation includes the UDP header, the following other fragments don’t include the UDP header.

Also note the terminology: an “IP datagram” is the unit of end-to-end transmission at the IP layer(before fragmentation and after reassembly), and a “packet” is the unit of data passed between the IP layer and the link layer. A packet can be a complete IP datagram or a fragment of an IP datagram.

11.6 ICMP Unreachable Error(Fragmentation Required)

You can use “ping” command to do this. or use SNMP to do this

11.7 Determining the Path MTU Using Traceroute

Although most systems don’t support the path MTU discovery feature, we can easily modify a version of “traceroute” to let us determine the path MTU. What we will do is send packets with the “don’t fragment” bit set. The size of the first packet we send will equal the MTU of the outgoing interface, and whenever we receive an ICMP “can’t fragment” error. We will reduce the size of the packet. If the router sending the ICMP error sends the newer version that includes the MTU of the outgoing interface, we will use that value; otherwise we will try the next smallest MTU.

这里又涉及到了前面的内容了，而前面的内容有些还没看，所以暂停，回到 chapter 6 去看。

Chapter 12 Broadcasting and Multicasting

端口 : 为什么要有端口 ,? 什么是端口 ?

This is a important concept!

网络通信 , 实质上就是数据包在网络上传输 . 我们把 PC 机比喻成一个码头 , 把处理数据包的程序比喻成人 . 网络就是有 N 个码头 , 在这些码头之间传送货物 ( 网络数据包 ). 为了区别各个码头 , 我们为它们编号 (ip 地址 ). 我们的货物通过查看目标 IP 就知道把货物送到哪个码头 . 但是还有一个问题 , 这个码头有好几个人在等着自己的货物 , 那么这个货物应该给谁呀 ? 无法判断 , 我们应该再定义一个数据来标识货物的主人 , 于是我们采用了 ” 端口 ” 的概念 . 在不同码头的两个人定义自己的端口 , 放在数据包中 , 那么接收的人看到该数据包的端口就知道是不是自己的了 . 同样 , 在 PC 中的两个不同的应用程序也用这种方式来区分 , 所以运行在同一个 PC 上的两个不同的网络程序不能使用同一个端口 .

对于 C/S 模式的程序 , 一个是 SERVER, 一个是 CLIENT, SERVER 在 20000 上监听数据包 , 那么 CLIENT 在发送数据包时 , 数据包内的目标端口就是 20000, 包里还有一个源端口 10000,SEVER 在接到数据包后可能会向 CLIENT 发回一个数据包 , 那么这个数据包中的目标端口就是 10000,CLIENT 在这个 10000 端口上监听 ( 在某某端口上监听其实就是看数据包的目标端口是不是某某而已 .). 其实这上不应该用 ” 端口 ” 这个词 ! 太容易造成混淆 .

至此 , 似乎通信都比较成功了 . 但是随着网络用户的不断增多 , 又出现这样一个问题 . IP 地址越来越不够用了 ! 于是出现了局域网的概念 . 局域网中的许多机器共用一个 IP 来上网 , 比如说典型的 ADSL 共享上网的情况 , 有一个路由器 , 在 ISP 处申请来的外网地址是 202.162.1.15, 内网地址是 192.168.1.1, 下面连接了 200 台机器 ,IP 从 192.168.1.2 到 192.168.1.201( 网关是 192.168.1.1) 它们如何发送数据包 , 如果以自己的局域网 IP 为源地址 , 根本不能和 INTERNET 沟通 , 那么就出现了一种技术 ,NAT(network address transfer). 以 192 。 168 。 1 。 10 为例，它要向 12.106.24.58 发送一个数据包，那么从 192.168.1.10 到路由器的包的格式是，目标 IP 是 12.106.24.58 ，源 IP 是 192.168.1.10, 源端口是 5001 ，到路由器后， NAT 将该包改装成，目标 IP 和端口不变，源 IP 从 192.168.1.10 变成 202.162.1.15, 如果只改变这些的话，那么将来 12.106.24.58 往回发一个包时就出现了一个问题，当包到达了路由器的外网地址后，路由器怎么知道这个包应该转发给局域网内的谁呢？？解决方法是动态转换。 “动态转换”就是路由器随机地将源端口转换成一个随机值，利用这个值来记录该包应该发回给哪个机器。这时又存在一个问题，也就是内网机器必须首先向外发个包，然后外面才能访问自己，否则外面的机器无法主要访问内网！这对于 C/S 类型的程序来说行不通，比如 SERVER 装在局域网内的一台机器上，那么外部的 CLIENT 无法访问 SERVER ！解决方法是使用“虚拟服务器”， “虚拟服务器”映射一个端口 1112 到一个内网机器 192 。 168 。 1 。 15 ，路由器在接到目标端口是 1112 的数据包后立即传送给 192 。 168 。 1 。 15 处理。这时外面的 CLIENT 可以主动的访问 SERVER 了。

理解单播 / 广播 / 多播 :

我们是利用 IP 和网卡的物理地址来标识一个数据包的目标机器的 , 一个机器对应一个 IP 和一个网卡物理地址 . 这在单播时完全没有问题 , 很清晰 . 但是如果一个数据包想同时发给局域网内所有的机器呢怎么办 ? 唯一的方法就是一个一个的发送 , 有多少个目标机器我们就发送多少个数据包 , 每个包中包含一个目标机器的 IP 和物理地址 . 这样做可以 , 但是非常的浪费 ( 要发送 N 次 ), 后来人们想出这样一个方法 , 我们留出来一个 IP 和物理地址 , 如果大家看到这个 IP 和物理地址 , 那就都接收这个数据包 . 这样的话只要发送一次就可以了。为了这种应用而保留下来的 IP 和物理地址就是特殊 IP 和 MAC 。比如 IP 255.255.255.255, 代表广播，就是数据包头的目标地址为 255 。 255 。 255 。 255 就是广播，大家都要接收该包。

假设一个 host 上有三个 process 在跑，此时如果使用的是 broadcasting, 则该 host 的 IP layer 不能根据 ip 来断定哪个 process 需要处理它，所以向上传至 UDP layer,UDP layer 根据端口才能决定该数据是不是该 process 的。

但是如果使用的是 multicasting, 就不需要端口的概念了，因为 host 中有一个 table 来记录哪个 process 属于哪个 multicasting group 。

12.1 Introduction

We mentioned in chapter 1 that there are three kinds of IP addresses: unicast, broadcast and multicast.

Broadcasting and multicasting only apply to UDP, where it makes sense for an application to send a single message to multiple recipients.

Broadcast and multicast :

Broadcast is to send a frame to every other host on the cable .

Multicast is to send to a set of host that belong to a multicast group.

The problem with broadcasting is the processing load that it places on hosts that aren’t interested in the broadcasts. The intent of multicasting is to reduce this load on hosts with no interest in the application. With multicasting a host specifically join one or more multicast groups. If possible, the interface card is told which multicast groups the host belongs to, and only those multicast frames are received.

12.2 Broadcasting

We now describe all kinds of the broadcasting address:

Limited Broadcast

the limited broadcast address is 255.255.255.255. destination 是 255.255.255.255 的 IP Datagram 不会被 router 转发，它的在效范围是一个局域网内。

Net-directed Broadcast

这个地址就是 host ID 所有位全部为 1 的一个地址 ( 没有 subnet ) 。

以该地址为 destination 的 IP Datagram 要被发送到一个网络内所有子网的所有主机。

Subnet-directed Broadcast

这个地址就是 host ID 所有位全部为 1 的一个地址 ( 有 subnet ) 。

以该地址为 destination 的 IP Datagram 要被发送到一个网络内的某一个子网内的所有主机。

All-subnets-directed Broadcast

这个地址就是 sunnet ID 和 host ID 全部为 1 的一个地址。

它和 net-directed Broadcast 的区别是， net-directed Broadcast 没有 subnet, 也就是不分子网， host ID 全是 1. all-subnets-directed Broadcast 是分了子网， subnet ID 和 host ID 全是 1.

所以事实上它们两个达到的效果是一样的，就是把数据送到某个 netid 下的所有主机中。

举个例子：

如果子网掩码是 255.255.255.0 ，那么 128.1.255.255 是一个 All-subnet-directed broadcast. 如果没有被 subnetted, 则它是个 net-directed broadcast.

当给你一个 IP 地址时，你首先要判断它是不一个 special case IP( 需要 subnet ID). 像这种 host ID 全为 1 的就是 special case IP.

现在给你一个 IP Datagram ，它的 destination 是 128.1.2.255 ，你现在不能断定这个 IP 是代表一个主机地址，还是代表一个广播地址。你需要知道它的 subnet mask 才能确定，如果 subnet mask 是 255.255.255.0 ，则是一个广播。如果 subnet mask 是 255.255.254.0, 则它是一个主机的 IP 地址。

12.3 broadcasting example

How are broadcasts sent and what do routers and hosts do with broadcasts? Unfortunately this is a hard question to answer because it depends on the type of broadcast address, the application, the TCP/IP implementation, and possible configuration switches.

If you run : ping 255.255.255.255.

Most TCP/IP implementation doesn’t support the limited broadcast, they don’t look on 255.255.255.255 as a broadcast, but look for in a routing table, and choose the default gateway, finally throw it away.! Why ? why they don’t support the broadcast?!

Most applications invoke some socket API don’t support the broadcast, those API doesn’t allow a process to send a UDP datagram to the broadcast address unless the process specifically states that it plans to broadcast. This is intended to prevent users from mistakenly specifying a broadcast address when the application was never intended to broadcast.

With the sockets API the application must set the so_broadcast socket option before sending a UDP datagram to a broadcast address.

Not all system enforce this restriction. Some implementations allow any process to broadcast UDP datagram. Without requiring the process to say so. Others are more restrictive and require a process to have superuser privileges to broadcast.

The next question is whether directed broadcasts are forwarded or not. Some kernels and routers have an option to enable or disable this feature. What does this actually mean? 以书中的那个作者所以的网络图为例，如果 sun 主机发送一个 destination 为 140.252.13.63 的广播 IP Datagram, 那么它可以直接发送至 bsdi 和 svr4 上 . 但是如果 slip 主机发送一个同样的广播包，因为它只和 bsdi 一台机器相连，所以如果 bsdi 不向前 forward ，那么 sun 和 svr4 将不会得到该包。

12.4 Multicasting

IP multicasting provides two services for an application.

1 Delivery to multiple destinations.

2 solicitation of servers by clients. A diskless workstation, for example, needs to locate a bootstrap server.

Multicast Group Address

A multicast group address is the combination of the high-order 4 bits of 1110 and the multicast group ID. These are normally written as dotted-decimal numbers and are in the range 224.0.0.0 through 239.255.255.255.

The set of hosts listening to a particular IP multicast address is called a host group. A host group can span multiple networks. Membership in a host group is dynamic-hosts may join and leave host groups at will. There is no restriction on the number of hosts in a group, and a host does not have to belong to a group to send a message to that group.

Some multicast group addresses are assigned as well-known addresses by the IANA. “These are called permanent host groups. This is similar to the well-known TCP and UDP port numbers, similarly, these well-known multicast addresses are listed in the latest assigned numbers RFC. Notice that it is the multicast address of the group that is permanent, not the membership of the group.” For example, 224.0.0.1 means “all systems on this subnet”, and 224.0.0.2 means “all routers on this subnet”. The multicast address 224.0.1.1 is for NTP, the Network Time Protocol, 224.0.0.9 is for RIP-2, and 224.0.1.2 is for SGI’s(Silicon Graphics) dogfight application.

Ethernet address( 以太网地址 ) ，就是 MAC 地址。

Multicast 没看懂！

Chapter 13 IGMP Internet Group Management Protocol

Chapter 17 TCP: Transmission Control Protocol

17. Introduction

In this chapter we provide a description of the services provided by TCP for the application layer. We also look at the fields in the TCP header. In the chapters that follow we examine all of these header fields in more detail, as we see how TCP operates.

Our description of TCP starts in this chapter and continues in the next seven chapters. Chapter 18 describes how a TCP connection is established and terminated, and chapter 19 and 20 look at the normal transfer of data, both for interactive use (remote login) and bulk data(file transfer). Chapter 21 provides the details of TCP’S timeout and retransmission, followed by two other TCP timers in chapter 22 and 23. finally chapter 24 takes a look at newer TCP features and TCP performance.

The original specification for TCP is RFC 793[ postel 1981 c ], although some errors in that RFC are corrected in the Host Requirments RFC.

17.2 TCP Services

Even though TCP and UDP use the same network layer(IP). TCP provides a totally different service to the application layer than UDP does. TCP provides a connection-oriented, reliable, byte stream service.

The term connection-oriented means the two applications using TCP(normally considered a client and a sever) must establish a TCP connection with each other before they can exchange data. The typical analogy is dialing a telephone number, waiting for the other party to answer the phone and say “hello”, and then saying who’s calling. In chapter 18 we look at how a connection is established, and disconnected some time later when either end is done.

There are exactly two end points communicating with each other on a TCP connection. Concepts that we talked about in chapter 12, broadcasting and multicasting, aren’t applicable to TCP.

TCP provides reliability by doing the following:

l The application data is broken into what TCP consider the best sized chunks to send. The unit of information passed by TCP to IP is called a segment.

l When TCP sends a segment it maintains a timer, waiting for the other end to acknowledge reception of the segment. If an acknowledgment isn’t received in time, the segment is retransmitted. In chapter 21 we’ll look at TCP’S adaptive timeout and retransmission strategy.

l When TCP receives data from the other end of the connection, it sends an acknowledgment. This acknowledgment is not sent immediately, but normally delayed a fraction of a second, as we discuss in section 19.3

l TCP maintains a checksum on its header and data. This is a end-to-end checksum whose purpose is to detect any modification of the data in transit. If a segment arrives with invalid checksum, TCP discards it and doesn’t acknowledge receiving it.

l Since TCP segments are transmitted as IP datagrams, and since IP datagrams can arrive out of order, TCP segments can arrive out of order. A receiving TCP resequence the data if necessary, passing the received data in the correct order to the application.

l Since IP datagrams can get duplicated, a receiving TCP must discard duplicate data

l TCP also provides flow control. Each end of a TCP connection has a finite amount of buffer space. A receiving TCP only allows the other end to send as much data as the receiver has buffers for. This prevents a fast host from taking all the buffers on a slower host.

A stream of 8-bit bytes is exchanged across the TCP connection between the two applications. There are no record markers automatically inserted by TCP. This is what we called a byte stream service. If the application on one end writes 10 bytes, followed by a write of 20 bytes, followed by a write of 50 bytes, the application at the other end of the connection what size the individual writes were. The other end may read the 80 bytes in four reads of 20 bytes at a time. One end puts a stream of bytes into TCP and the same, identical stream of bytes appears at the other end.

17.3 TCP Header

NAT: network address transfer

利用 NAT 保护您的内部网络

什么是 NAT?

NAT-------- 网络地址转换，是通过将局域网专用网络地址（如企业内部网 intranet ）转换为公用地址（如互联网 internet ），从而对外隐藏了内部管理的 IP 地址。这样，通过在内部使用非注册的 IP 地址，并将它们转换为一小部分外部注册的 IP 地址，从而减少了 IP 地址注册的费用以及节省了目前越来越缺乏的地址空间。同时，这也隐藏了内部网络结构，从而降低了内部网络受到攻击的风险。

NAT 功能通常被集成到路由器、防火墙、单独的 NAT 设备中，当然，现在比较流行的操作系统或其他软件（主要是代理软件，如 winroute ） , 大多也有着 NAT 的功能。 NAT 设备（或软件）维护一个状态表，用来把内部网络的私有 IP 地址映射到外部网络的合法 IP 地址上去。每个包在 NAT 设备（或软件）中都被翻译成正确的 IP 地址发往下一级。与普通路由器不同的是， NAT 设备实际上对包头进行修改，将内部网络的源地址变为 NAT 设备自己的外部网络地址，而普通路由器仅在将数据包转发到目的地前读取源地址和目的地址。