TCP/IP Networking Resources

Routing Table of Contents

DS3 interfaces on a Cisco 7000 series router.

The OSI Model

This idealized model organizes any look at network protocols. Remember this by reading from bottom to top:

Understanding the Protocols

Quick Overview of Protocol Header Structures

The protocols are defined by RFCs and those RFCs can be found at rfc-editor.org and tools.ietf.org/html.

These organizations design protocols, identify standards, and define and dissemenate The Truth:
Internet Engineering Task Force (IETF)
Internet Assigned Numbers Authority (IANA)
Internet International Ad-Hoc Committee
Internet Society (ISOC)
Institute of Electrical and Electronics Engineers (IEEE)

Here are some of the books on my shelf:

Internetworking with TCP/IP, Volume 1, Douglas Comer, Prentice Hall. This is a very readable description of the major components (and many of the minor ones) of the TCP/IP internetworking protocol suite. Comer's book is the best place to start.

TCP/IP Illustrated, Volume 1, W. Richard Stevens, Addison-Wesley. A bit tough for an introduction, but a good one to follow Comer's book with lots more details. Comer's book is readable, this is more like an encyclopedia.

DNS and BIND, Paul Albitz and Cricket Liu, O'Reilly and Associates. Since you use DNS, use it correctly!

Managing IP Networks with Cisco Routers, Scott M. Ballew, O'Reilly and Associates. And use those routers correctly, too!

Interconnections: Bridges and Routers, Radia Perlman, Addison-Wesley. Loads of details on routing algorithms and protocols.

Typical racks of network equipment: switches, routers, and WAN interfaces.

Physical / Data Link Layers

Network and Telecommunication Cables

Undersea Cables

The interactive Submarine Cable Map is a great resource for investigating undersea cables.

Cisco Catalyst 2900 XL Ethernet switch disassembly and repair

IEEE OUI assignments Organizationally Unique Identifiers, or Ethernet MAC address manufacturer codes.

WLAN link specifications

WAN link specifications

Ooma infographic on wired, mobile,
and Wi-Fi speeds world-wide

Ethernet Infrastructure

Modern switched networks are built in a multi-tier architecture. It may be as simple as spine switches at the core and leaf switches for the host connections.

A three-tier architecture uses core, distribution (or aggregation), and access switches. The core switches at, well, the core of your network, distribution switches in data centers, and access switches for host connections.

A top-of-rack or TOR model has an access switch in each rack. Not necessarily at the top! All the servers in that rack connect to the TOR switch. It then connects to a distribution switch for a row of racks, which then connects to a core switch. If the inter-switch connections are fibre, the architecture is somewhat "future-proofed" or "upgrade-proofed" — if you upgrade the TOR access switches, it's a simple replacement.

An end-of-rack or EOR model connects all the servers in all the racks in that row directly to a distribution switch at the end of the row. The advantage is that there is one less switch in the end-to-end connection, and a little less latency. The disadvantage is that the cabling is much more difficult to manage.

Ethernet 5-4-3 rule (the IEEE way)

The rule was needed in the days of 10BASE5 and 10BASE2 bus topologies built from coaxial cable, as the Ethernet standard required that a signal reach every part of the network within a specified time:

• There can only be a maximum of five LAN segments,
• connected via four repeaters,
• and only three may have user connections.

Modern switched Ethernet LANs are exempt from the 5-4-3 rule because switches have buffers to temporarily store frames and all nodes can access a switched Ethernet LAN simultaneously.

Network Layer — IP — Internet Protocol

A rack of Cisco 3600 and 2600 routers forwarding packets based on their destination IP addresses.

Understanding IP Addressing

In order to understand IP addresses, netmasks, subnet design, VLSM, CIDR, etc., you should read this paper:
Understanding IP Addressing:
Everything You Ever Wanted To Know

IP Address Assignment Authorities

The Internet Assigned Numbers Authority handles global coordination of the DNS root servers and IP address allocation.

North and South America — ARIN, the American Registry of Internet Numbers, has a page listing the the IP address space allocated to ARIN.

Latin America and Caribbean — LACNIC or Latin American and Caribbean Internet Addresses Registry.

Europe — RIPE, Reseaux IP Europeens, is the European authority.

Asia and Pacific — APNIC, Asia Pacific Network Information Center, is the Asia-Pacific authority.

AfriNIC is the Africa IP address registry.

Click here for a list of all Class A networks

U.S. Government/Military — The U.S. Department of Defense Network Information Center is no longer accessible to non-DoD users.

Here is information on your IP address block — a lookup of the DNS PTR record, the network assignment and possibly some routing information:

Block Countries

This archive of country IP block lists in CIDR format lets you block traffic or email on a country-by-country basis.

The IP2location site has a tool that will build rules to block traffic by country. It supports Cisco ACLs, Linux iptables, Apache .htaccess, and more.

Slash Versus Dotted-Quad Notation

The key to all this is the following relations of decimal versus binary:

Given that, we can build the following table of netmasks:

Note that not all combinations are really useful, apply the follow exceptions.

0.0.0.0 isn't useful for much of anything at all. Plus, those CIDR blocks represented by the rest of the first column are awfully big! You probably won't encounter them unless you're running a backbone or selling IP space to a continent.

255.0.0.0, 255.255.0.0, and 255.255.255.0 define the classful /8, /16, and /24, or Class A, B, and C, respectively. They cannot define subnets of their own classful nets.

255.254.0.0, 255.255.254.0, and 255.255.255.254 cannot define subnets of /8, /16, and /24 nets, respectively, as that would only allow one bit for the host number, and that is not allowed by the RFC's.

Really Simple CIDR Block Rule

CIDR is an acronym for Classless Inter-Domain Routing, and relates to higher level abstractions of IP address blocks.

To answer the question, "Does this set of classful network addresses form a CIDR block", instead answer the following question.
Is there a netmask /X such that:

• The first X bits of all network addresses in the set are identical, and
• The remaining bits of all network addresses exhibit all possible patterns.

If so, the answer is "Yes", and the CIDR block description is the first network address followed by /X.

As an example, this is a CIDR block, divided as indicated:

But this is not a CIDR block:

The above is not a CIDR block, because not all eight possible combinations of the last three bits of the classful network designations are used, 001, 101, 110 and 111 are missing. But this shows us what would have to be added to make it a CIDR block:

A VLSM Example

VLSM stands for Variable Length Subnet Mask, and is used with CIDR.

The best place to look is the 3com paper (see above), but here's a fairly simple example. Let's say you're allocated the /24 address space 200.201.202.0/24, and you have to address hosts on the following networks:

• Six point-to-point WAN links (2 IP addresses each for end points)
• Six LAN's:
  • 60 hosts (LAN #1)
  • 50 hosts (LAN #2)
  • 25 hosts (LAN #3)
  • 20 hosts (LAN #4)
  • 10 hosts (LAN #5)
  • 10 hosts (LAN #6)

Assign the addresses as below, where bits marked "x" can take all possible patterns other than all zeros and all ones.

Final octet for host addresses on each network:
     Minimum = final octet of base address plus one
     Maximum = final octet of base address plus number of hosts
Final octet for broadcast on each net:
     Broadcast = final octet of base address plus one plus number of hosts

Inadequately theoretical for you? Then read the paper by Mikail Atallah and Doug Comer.

IPsec

See my simple explanation of what IPsec is, what cryptographic security it provides, and a little about how to set it up. For more details:
RFC 4301 — Security Architecture for the Internet Protocol
RFC 4302 — IP Authentication Header
RFC 4303 — IP Encapsulating Security Payload (ESP)
RFC 4306 — Internet Key Exchange (IKEv2) Protocol

Multicast and Anycast

Assigned multicast addresses and address blocks

RFC 1112 describes how to do multicast.

Anycast, on the other hand, is described in RFC 1546 and RFC 4786.

IPv6

RFC 2460 is the formal specification of IPv6 or Internet Protocol, Version 6. RFC 4291 defines the IPv6 addressing architecture. And RFC 2461, RFC 2462, RFC 2463, RFC 2464, RFC 2465, RFC 2466, RFC 2471, and RFC 2473 specify various details and applications of IPv6.

Geolocation

See the NSA's US Patent 6,947,978, "Method for Geolocating Logical Network Addresses". It builds a network latency topology map using latency to and between known nodes.

sipcalc

The sipcalc tool provides command-line IP subnet calculations. It's available as Linux and BSD packages.

$ sipcalc 98.226.144.69/21
-[ipv4 : 98.226.144.69/21] - 0

[CIDR]
Host address            - 98.226.144.69
Host address (decimal)  - 1659015237
Host address (hex)      - 62E29045
Network address         - 98.226.144.0
Network mask            - 255.255.248.0
Network mask (bits)     - 21
Network mask (hex)      - FFFFF800
Broadcast address       - 98.226.151.255
Cisco wildcard          - 0.0.7.255
Addresses in network    - 2048
Network range           - 98.226.144.0 - 98.226.151.255
Usable range            - 98.226.144.1 - 98.226.151.254

-
$ sipcalc 2001:558:600d:16:9937:9580:ac52:27f5/64
-[ipv6 : 2001:558:600d:16:9937:9580:ac52:27f5/64] - 0

[IPV6 INFO]
Expanded Address        - 2001:0558:600d:0016:9937:9580:ac52:27f5
Compressed address      - 2001:558:600d:16:9937:9580:ac52:27f5
Subnet prefix (masked)  - 2001:558:600d:16:0:0:0:0/64
Address ID (masked)     - 0:0:0:0:9937:9580:ac52:27f5/64
Prefix address          - ffff:ffff:ffff:ffff:0:0:0:0
Prefix length           - 64
Address type            - Aggregatable Global Unicast Addresses
Network range           - 2001:0558:600d:0016:0000:0000:0000:0000 -
                          2001:0558:600d:0016:ffff:ffff:ffff:ffff

-

Routing, NAT, and DNS

Check the current Internet backbone activity with the Internet Traffic Report. The Internet Traffic Report monitors the flow of data around the world. It then displays a value between zero and 100. Higher values indicate faster and more reliable connections.

Cisco 2514 router, Cisco 2912XL Catalyst switch, Cisco 4500 router

How routing works
How NAT (Network Address Translation) works

DNS / BIND

DNS security issues — how DNS should work, exploits based on stateless DNS, and the Kaminsky DNS Vulnerability.

Mapping DNS to geographic information with IP2geo, cities.lk.net, and dns-loc.

The standard introductory RFC's to read are RFC 1034 and RFC 1035. for the truth about DNS. Also see:

• RFC 1032 and RFC 1033, the Domain Adminstrator's Guides
• RFC 1535 for security issues
• RFC 1536 for implementation problems
• RFC 1537 and RFC 1912 for common configuration problems
• RFC 1591 for DNS structure and delegation
• RFC 1706 for integrating DNS and OSI protocols
• RFC 2181 and RFC 2182 for DNS security issues

Other great DNS and BIND documents are at isc.org and Team Cymru's Secure BIND Template.

You can get BIND at isc.org.

Transport Layer — TCP and UDP

IANA maintains the list of all the assigned TCP/UDP port numbers.

The netstat command gives you loads of information on a machine's network communications. Listening TCP ports, currently active sockets, etc. It's available under Linux, Unix, Apple OS X, and Windows, but the precise format of the output varies between operating systems. Here are some examples of netstat -s output.

Cisco Router Simulators

Dynamips, the Cisco 7200 simulator itself.

VNUML (Virtual Network User Mode Linux), the Linux simulator.

Odds & Ends

TCP/IP Haikus

I was working on this networking project in Japan, and ... Click here to be subjected to them.

Client IP / OS / Browser Identification

A demonstration of how a PHP script on the server can read and reformat the connection information and the client's request: moanmyip.com.

RouterGod Magazine

Including Jessica Simpson's thoughts on open-source routers, Gillian Anderson's on LAN switching, Elizabeth Hurley on the Cisco 2600 series routers, Mr Rogers on the RS-232 standard, and other really odd stuff: routergod.com.

History of the Internet

If you're curious, look here:
The history of the Internet
The isoc.org Internet history
Also, see RFC 2235

Just What Is A "Daemon", Anyway?

According to the Oxford English Dictionary, it is "an attendant, ministering, or indwelling spirit." Socrates wrote of his daemon as his inner spirit. The designers of daemons in Linux/Unix (a concept later ported to most other operating systems) intended this meaning, as pointed out in some manual pages. It's an uncommon word these days, we usually use the Arabic djinn, these days often spelled genie, when we're talking about what used to be called a daemon in the Middle Ages.