Simplifying TCP/IP

Roads? Trucks? Tubes?

How The Internet Actually Works. redux.

Created by Laurence J MacGuire a.k.a Liu Jian Ming

ThoughtWorks Xi’An, 2016/04/23

OSI Model

Application
Presentation
Session
Transport
Network
~~Datalink~~
~~Physical~~

source: Wikipedia

Setting up the example

Zhao MengRu, the shopper
SuperTaoBaoGuy, the shop-keeper

Both are people. Have a physical presence. And need to exchange goods/information.

We can talk in terms of the Postal service/FedEx/UPS/KuaiDi and the general transportation system.

SuperTaoBaoGuy

He’s a known person, he offers a service publicly.

He sells cheap stuffs by mail-order catalog.

Zhao MengRu

Despite her dreams, she remains a private person.

Wants a dirty jokes book.

SuperTaoBaoGuy can sell her a book full of them.

Zhao MengRu’s House

It’s huge! She’s got butlers and everything.

Mansion

MengRu @ CNMrZhao

MengRu is a user on a computer named CnMrZhao.

(How curious, that really looks like an email)

Charles, the buttler.

Charles (and the rest of the staff) take care of the house

Buttler

Kind of like, the Kernel and its’ sub-systems.

“Charles. Please send this message to SuperTaoBaoGuy”

Letter

“Dear Mr SuperTaoBaoGuy. Please send me the book with the dirtiest jokes of them all.”

This would be a packet’s payload.

Who? And where is “SuperTaoBaoGuy” ?

Address Book

SuperTaoBaoGuy, 34 JinYe Yi Lu, Xi’An, ShanXi, China

DNS

This is what the DNS (Domain Name System) does.

It provides a look-up service, to go from a simple name, to a complex address.

supertaobaoguy.com => 8.8.8.8

How should we send our letter?

Quadcopter

CNMrZhao only has wifi.

Any destination that is NOT itself, will go though Wifi.

CNMrZHao’s IP is 192.168.1.101

Details left intentionally vague.

Our postman does his thing.

Slap a stamp, and write a return address:

“From: Zhao MengRu, 206 TianGu Ba Lu, … To: SuperTaoBaoGuy, ???, NingBo, ZheJiang, …”

Headers versus payload

{
	"headers": {
		"from": "192.168.1.101",
		"to: "8.8.8.8"
	},
	"payload": "All your dirty jokes, plz"
}

Off into the outgoing queue

As a convenience, our postman has a sub-address for every “conversation”.

Pigeon hole

These are TCP(UDP)/IP ports

They range between 1 and 65535. The range above 30000 is usually used for starting connections. Under 1024 is usually for famous protocols.

{
	"headers": {
		"from": "192.168.1.101",
		"from-port": "42341"
		"to: "8.8.8.8",
		"to-port": "443"
	},
	"payload": "All your dirty jokes, plz"
}

source: wikipedia

Transports are not the same

Trains go in 2 directions.

Cars in multiple directions.

Helicopters fly.

Their addressing systems are different.

MAC VS IP

CNMrZhao = 192.168.1.101

192.168.1.101 = 86:7d:bd:ba:a4:50

Data Link Layer vs Network Layer

Internet Magic

This is a crucial part of the internet.

IP Addressing comes on top of (at the time) proprietary networking. A Token Ring network could now talk to an ethernet based network.

Because all the networks were NOT the same at the time

Transports are not the same

Different features

Trucks go fast, with a big payload
Quad-copters can carry a small payload anywhere

Maximum Transmission Unit

PPPoE: 1492 bytes
Ethernet: 1500-9000 bytes
Fibre: 4000+ bytes

Encapsulation

Our quad-copter driver packs the first envelope in a box, with an address he knows how to use.

{
	"headers": {
		"from": "CA:CA:CA:CA:CA:CA",
		"to": "BA:BA:BA:BA:BA:BA"
	},
	"payload": {
		"headers": {
			"from": "192.168.1.101",
			"from-port": "42341"
			"to: "8.8.8.8",
			"to-port": "443"
		},
		"payload": "All your dirty jokes, plz"
	}
}

How to resolve IP -> MAC? Address Resolution Protocol

Getting out the compound

Mengru's compound

Main house, guest house, maids dorms, etc. Publicly, only have one address.

NAT

Network Address Translation.

Let multiple devices share one common IP address, from an outside perspective.

Read more: Wikipedia

Routing

N to N relationships

Nope.

Routers

Multiple connections. Decide which path to send a packet. Change the hardware level destination.

Network

Network of routers

Network

Street signs

Routing Tables

[~] $ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Metric  Iface
0.0.0         10.201.133.254  0.0.0.0         600     wlan0
201.132.0    0.0.0.0         255.255.254.0   600     wlan0
254.0.0     0.0.0.0         255.255.0.0     1000    wlan0
17.0.0      0.0.0.0         255.255.0.0     0       br-16f6042a4d98
18.0.0      0.0.0.0         255.255.0.0     0       br-b835c5144847
19.0.0      0.0.0.0         255.255.0.0     0       br-cce5865d45c2
20.0.0      0.0.0.0         255.255.0.0     0       br-ea5a75bd3f31
22.0.0      0.0.0.0         255.255.0.0     0       br-c935e7c5c669
23.0.0      0.0.0.0         255.255.0.0     0       br-1e3b59174675
24.0.0      0.0.0.0         255.255.0.0     0       br-2aa3b7b03bb0
168.0.0     0.0.0.0         255.255.240.0   0       br-9bf3ee74f9bf
168.255.0   0.0.0.0         255.255.255.0   0       docker0

Distributed state of the world.

Security

Gated Communties

Access control to which kinds of packets/connections can go through a gate.

Firewalls

## open port ssh tcp port 22 ##
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 22 -j ACCEPT
 
## open cups (printing service) udp/tcp port 631 for LAN users ##
iptables -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 631 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 631 -j ACCEPT
 
## allow time sync via NTP for lan users (open udp port 123) ##
iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 123 -j ACCEPT