There's not much to say about this section, except that I
frequently refer you to corresponding and related entries in an online
copy of The New Hacker's
Dictionary (known online as The Jargon File), an excellent
resource for understanding some of the culture and jargon of the original
Internet. I link you there when I think that the TNHD reference clarifies
or enhances the more straightforward definition I provide.
BSD Unix - The Berkeley Software Distribution of Unix
took an early lead over originator AT&T's offerings by providing extra
features and functionality that didn't appear in AT&T Unix (also called
System V) until later. One of these features was the "sockets" system
for communicating over TCP/IP networks. Between that and its adoption
by Sun Microsystems, Digital Equipment Corporation and others, BSD
Unix was the most popular choice for Internet hosts
from the mid 80's through the early 90's. The early 90's saw AT&T sue
the Computer Software Research Group, the University of California
at Berkeley organization that created BSD. The early 90's also saw
System V adopt many traditional BSD features (including sockets). For
those reasons, virtually all commercial Unixes eventually switched
to System V. BSD is still available in several lineal descendants:
FreeBSD, NetBSD,
OpenBSD and BSD/OS. See
also the BSD and Unix entries in TNHD.
frame - A frame is a type of packet.
In common use, the term refers only to the lowest-level type of packet,
the hardware packet. For example, an Ethernet frame or a PPP frame.
Within a single network, a frame is indivisible: it is never
chopped up into smaller frames, and is never coalesced with other
frames to make larger frames. However, when a frame is translated from
one type of network to another by a gateway
or a router (e.g. Ethernet to frame relay), a
frame can be fragmented if the destination network type has a smaller MTU. There's an optimization called "Path MTU Discovery"
that network stacks employ to avoid this fragmentation.
Most networks have fixed-size frames. (See the entry for MTU for more on frame sizes.) Even on networks with
negotiated frame sizes, the size is usually only negotiated once, when
the host joins the network. PPP works that way:
the frame size is negotiated after the modem connects to the Internet
provider, but before any user data is sent.
gateway - A multi-homed
network host that operates at layer 4 of the OSI model. A gateway understands the transport layer
protocols at the least (TCP, UDP, etc.) and sometimes understands elements
from layer 5 (e.g. the FTP protocol). A gateway uses this information to
filter data for example, it can reject disallowed operations, for
example; and to translate items in the data stream for example,
it can translate the network addresses from an internal format to an
external format. Related terms include "packet filter" and "firewall:"
a packet filter can be part of a gateway, and a gateway is one component
of a firewall.
Also note that looser definitions exist, such as for a mail gateway,
which lets people using one email system to send mail to people using
another system.
IPv6 - The Internet Protocol version 6. This
still-experimental version of IP is destined to replace version 4. "When"
is still up in the air; my personal theory is "about 2 years after
Microsoft ships a consumer operating system with IPv6 support". (As of
this writing (2000.06.14) this still has not happened.) IPv6 improves on
version 4 in two main areas: much larger addresses (128 bits, allowing
for exponentially more hosts on the Internet) and extensibility. The
base IPv6 header is 40 bytes.
Unlike the IPv4 header, the IPv6 header does not "grow" when
optional services are used. Instead, the base IPv6 header just points
to the "next" extension header, each of which also has a "next"
pointer. (The last extension simply points to the TCP header, meaning
"no more extensions".) This allows extensions to be added by chaining
extension headers like a linked list, and it allows new extensions
to be defined later without requring changes to intermediate hosts on
the Internet. Extension headers are all at least 8 bytes. Compare IPv4.
MTU - The Maximum Transmission Unit is the largest packet that a given network medium can carry. Ethernet,
for example, has a fixed MTU of 1500 bytes, ATM has a fixed MTU of 48
bytes, and PPP has a negotiated MTU that is usually between 500 and 2000
bytes. (Note that ATM's 48-byte "cells" are at the extreme low level.
Network stacks usually don't use the cells directly; instead, they run
over a higher-level framing standard called AAL5, which has a 65536
byte MTU.)
OSI network model - Of all the reams of paper the
ISO put out describing their overengineered Open Systems Interconnect,
only one page ever spread much beyond the research lab: the one with
their abstract view of a network stack on it. :) The OSI diagram is a
model for thinking about network stacks, split into seven layers. It is
presented below, with rough analogues from TCP/IP and Winsock.
Application (7) |
the user-level protocol; e.g. FTP, HTTP,
SMTP, etc. |
Presentation (6) |
optional data formatting layer; e.g. XDR or ASN.1 |
Session (5) |
maintains any logical conversation(s); e.g. SSL, RTP |
Transport (4) |
determines which the program on the host will receive
the packet; may also handle congestion control, reliability, etc.; e.g.
TCP or UDP |
Network (3) |
host addressing, determines destination computer of
the packet; e.g. IP |
Data Link (2) |
hardware addressing; e.g. the Ethernet frame |
Physical (1) |
the network interface, cabling, etc.; e.g. Ethernet |
Layers 1 and 2 are the network hardware.
Layers 3 and 4 are the operating system's network stack.
TCP/IP doesn't map onto layer 5 very well. The simplest interpretation
is that it's for protocols like RTP that add a logical conversation
over the transport (layer 4). It can also mean things like SSL, which
maintains a "session" in which several related conversations happen over
a single TCP connection.
Layer 6 is often part of the application, since data representation
can't usually be separated from the high-level protocol. The presentation
layer, if it's present at all, is usually a cross-platform data
representation like XDR or ASN.1. It could also be an encryption or data
compression layer, though both of those could be lower in the model as
well. (Secure IP (IPsec) is at layer 3, just like regular IP, for
example.)
Layer 7 is the high-level application protocol.
The Winsock API does not correspond to any of the OSI layers. Roughly
speaking, it's between layers 4 and 5.
packet - A packet is a particular block of data sent
over a network. Packets are typically only discussed when talking
about datagram protocols or hardware frames.
In stream protocols, packets are only
useful concepts when working with the lowest levels of the network.
From the application level, packets in stream protocols are mysterious,
hard-to-predict things, so it's best simply to ignore the fact that
packets do exist to avoid mismatches between expectation and reality.
packetization - Packetization is a process by which the
network stack decides how to break up data sent by
programs into network frames.
With a datagram protocol, packetization
is straightforward: the stack sends each datagram as a single frame
if possible, or fragments it into several frames if necessary. With a
stream protocol, the network stack must decide
how to break the data stream up into network frames. For TCP, the
Nagle algorithm is the main influence on this
process.
After the stack decides how much data to put in a frame, it wraps
that data in network protocol headers before sending it to the hardware
layer for sending on the network. In the case of TCP/IP, that's a TCP
or UDP header on the inside, wrapped with an IP header.
router - A router is a multi-homed host that
moves packets between two or more networks,
based on configurable rules. The router looks at the contents of OSI layer 3 (e.g. the IP addresses in a packet), and
then consults its rule set which tells it where the packet should go.
Most modern network hosts have at least some rudimentary routing
capability. Consider a PC on a LAN that also has a modem for connecting to
the Internet. It might have a "LAN route" so that all traffic destined
for the LAN goes out the LAN adapter, and a "default route" so that
all other traffic goes out the modem. Try the "route" and "netstat -r"
commands on a Windows 95 or Windows NT machine.
sliding window - A feature of TCP that allows a
sender to have more than one unacknowledged packet
"in flight" at a time, which improves network throughput. The TCP window
only allows a sender to have as much unacknowledged data as the receiver
has buffer space. Without this limit, a sender could send more data
than a slow receiver can buffer, forcing the receiver to drop all the
data it can't buffer. The sender would not see an acknowledgement for
the dropped packets, so it would blindly retransmit the packets until
space opened up in the receiver's buffer.
There's a FAQ item that
goes into more detail on this topic.
stack - In network parlance, a stack is
a set of layered programs, each of which talks to the ones above and
below it. Below is an illustration of the most common kind of network
stack, showing how an application program talks through the stack to
the low-level network:
Winsock application |
Winsock API |
Specific implementation of Winsock |
Protocol stack API |
Protocol stack (TCP/IP, IPX/SPX, DECnet, etc.) |
Hardware driver API (packet driver, NDIS, ODI, etc.) |
Hardware driver |
Networking hardware (network interface card, modem, CSU/DSU) |
Communications path (Ethernet cable, the telephone system) |
There is a stack within the stack: the protocol stack. Just like
the network stack, the protocol stack is a layered architecture,
where higher-level components talk to lower-level components, and
vice versa. (The model used when talking about protocol stacks is the
OSI network model.)
Here's a simplified example of how a stack works, using FTP as an
example:
- The FTP client
sends some data to Winsock; for example, a command asking to download a
particular file.
- Winsock prepends a TCP and IP header onto the data packet. (I'm
purposely not going into how packetization
really works here.)
- The TCP/IP packet is sent to the hardware which wraps the packet in
a frame and sends it across the network.
- On most types of local area networks (LANs), all computers see all
packets. The target computer knows which packets are for it by looking
for its hardware address in the frame header. The hardware sends the
data inside the frame up to the network stack.
- The network stack processes and removes the IP and TCP headers. This
tells the network stack which program to deliver the data to.
- Winsock delivers the file download request to the FTP server.
As mentioned above, this example ignores how packetization works. It
also ignores issues like corrupted/duplicated/missing network frames,
flow control, and efficiency optimizations like the Nagle algorithm.
stream protocol - A stream protocol, such as TCP,
delivers data in variable-length packets whose
size have no necessary relationship with the size of the packets that
were sent. For example, if one host sends two 50-byte packets to the
other host, that host may receive them as 100 single-byte packets, as
a single 100-byte packet, or as a handful of smaller packets. Further,
those 100 bytes might be sandwiched between data from previous and
successive sends. Compare datagram protocol.
TCP - The Transmission Control Protocol is a "reliable
stream protocol"; Winsock gives you a TCP
socket when you pass SOCK_STREAM
as the second argument
to socket()
. "Reliable" means that Winsock always succeeds in
sending the data to the remote peer: TCP can deal
with lost, corrupted, duplicated and fragmented packets. The remote peer
sees incoming data as a stream of individual bytes: there is no notion
of packets, from the program's viewpoint. TCP can
coalesce sends, for efficiency: if you make four quick send()
calls
to Winsock with 100, 50, 30 and 120 bytes in each, Winsock is likely to
pack all these up into a single 300-byte TCP packet when it decides to
send them out on the network. (This is called the Nagle
algorithm.) Compare UDP.