The TCP/IP Protocol Stack

TCP/IP is a shorthand for the two most important protocols used to make the Internet work.

The Application Layer

The Transport Layer

The Network Layer

The Physical Layer

The Application Layer

The application layer defines how certain services operate and how they can be used. Examples are the FTP service for transferring files, HTTP for serving Web pages and SMTP for e-mail.

These services are defined in a rather abstract manner. Two parties, called the client and the server, set up a connection over which they exchange messages in accordance with a specific protocol. The client starts the protocol by requesting the service. Often the next step is for the server to authenticate the client, for example by asking for a password or by executing a public-key based protocol.

Taking e-mail as an example, the protocol in question is called the Simple Mail Transfer Protocol (SMTP). The client and the server set up an SMTP connection over which they exchange identifying information. The client then tells who the message is from and who the intended recipient is. The server then indicates whether it accepts or refuses the message (for example if it’s spam or the intended recipient is unknown). If the message is accepted, the client sends the actual content of the message and the server stores it in the right mailbox.Each layer of the architecture fills a unique function.

The Transport Layer

On the Internet, the transport layer is realized by two protocols. The first is the Transmission Control Protocol (TCP) and the second is the User Datagram Protocol (UDP). Both break up a message that an application wants to send into packets and attempt to deliver those packets to the intended recipient. At the recipient’s side, both take the payload from the received packets and pass those to the application layer.

The main difference between TCP and UDP is that TCP is reliable and UDP is not. TCP will collect incoming packets, put them in the right order and thereby reassemble the original message. If necessary, TCP requests retransmission of lost or damaged packets. UDP merely takes each incoming packet and delivers the payload (the original message) to the application layer. Any errors or out-of-order data should be taken care of by the application.

UDP is much faster than TCP, and so is mainly used for applications like audio and video streaming, where the occasional error is less important than getting all the data there at the right time. More generally, UDP is designed for applications that do not require the packets to be in any specific order. Because of this, UDP is sometimes called a “connection-less” protocol.

Taking the example of e-mail again, the e-mail client and server communicate over a reliable TCP connection. The server listens on a certain port (port 25) until a connection request arrives from the client. The server acknowledges the request, and a TCP connection is established. Using this connection the client and server can exchange data.

The content of this data is not really relevant at this level: that’s the responsibility of the application layer. The e-mail message and all the other information exchanged at that SMTP application layer are merely payload, data that needs to be transported. Hence the name transport layer.

The Network Layer

The network layer is responsible for transmitting and routing data packets over the network. The Internet uses the Internet Protocol or IP as its network layer. Each node on the network has an address, which of course is called the IP address. Data is sent as IP packets.

A transport layer connection is made up up of a large number of IP packets exchanged by the client and server. The Internet Protocol (IP) is very simple: a packet has a source, a destination and a payload, and it’s passed from one node in the network to another until it gets to the destination. The IP does not notice that a packet gets lost. It just never gets to the destination. If a particular node cannot pass the packet to the next node along the normal route, it will do its best to find an alternative path. That’s why IP is sometimes called a “best-effort” protocol.

When the client sends its TCP connection request, the network layer puts the request in a number of packets and transmits each of them to the server. Each packet can take a different route, and some of the packets may get lost along the way. If they all make it, the transport layer at the server is able to reconstruct the request, and it will prepare a response confirming that a TCP connection has been set up. This response is sent back again in a number of IP packets that will hopefully make it to the client.

The Physical Layer

The lowest layer is the physical layer, which defines how the cables, network cards, wireless transmitters and other hardware connect computers to networks and networks to the rest of the Internet. Examples of physical layer networks are Ethernet, WiFi, Token Ring and Fiber Data Distributed Interface (FDDI). Note that many of these technologies also have their own link layer protocol.

The physical layer provides the means to transfer the actual bits from one computer to another. In an Ethernet network, a computer is connected by plugging a network cable into its Ethernet card, and then plugging the other end of that cable into a router or switch. The physical layer specifies how bits of data are sent over that cable: how do the electrical currents or the pulses the card sends get turned back into the data for the higher level layers. For wireless networks, this works exactly the same, except of course there is no cable.

Putting the Layers Together

Higher layers rely on lower layers

Each layer relies on the layer below it for the actual transmission of data, adding or providing specific functionality for its own intended purpose. The network layer uses Ethernet packets to transport IP packets, and adds the ability to route the packets across networks. The transport layer relies on IP packets to create and establish the TCP connection, or to transport UDP packets.

TCP adds reliability by keeping track of the data sent in the IP packets and retransmitting them if they are lost. And finally applications use TCP or UDP connections to exchange the data that makes up the application protocol: logging in to servers, requesting and transmitting Web pages, delivering e-mail, and so on.

Lower layers encapsulate higher-layer data

At every layer certain messages are exchanged. Each message at a particular level contains as payload all or part of a message that a higher layer wants to send. This is called data encapsulation.

For example, a Web browser (an application) needs to send a request for a Web page to a server. This request is passed on to the transport layer, which sets up a connection to port 80 of the server and transmits a TCP message containing the request. The server responds with a TCP message containing the response. Embedded in the response is the Web page itself. The TCP layer strips off the response and passes the payload, the Web page, to the browser which then renders it.

The TCP request and response are both transmitted by the IP layer. The TCP layer breaks them up into parts that get put in different IP packets. A sequence number is added to each part, allowing the receiving TCP layer to re-assemble the parts and thereby recover the actual message. If IP packets are received out of order, the receiving TCP layer can re-order them. Any missing packets can also be detected. The receiving TCP layer will then request retransmission.

At the physical level, the Ethernet frames are turned into a series of ones and zeroes in the form of electrical currents or pulses that are transmitted over the network cable or through the air.

Layers have specific addressing schemes

Every layer uses its own addressing scheme. At the application level for example, the SMTP e-mail service runs on what’s called port 25 of the server. The server has its IP address, which the network layer uses to get the IP packets to the server. Each network in between uses its own addresses. For example in an Ethernet network every computer or network card has a 12-byte MAC address. With this address, other devices on an Ethernet network can send data to that device.