TCP/IP Illustrated: The Protocols, Volume 1 (Edition 1) Reading Notes and thinking.

Posted by Jie Gao on February 23, 2025 · 8 mins read

Disclaimer:
This article provides a personal summary and analysis based on the concepts discussed in TCP/IP Illustrated: The Protocols, Volume 1.
All original ideas and content belong to the respective authors and publishers.
This summary is created under fair use principles for educational and informational purposes only.

The second edition is more recent than the first, but it includes an overwhelming amount of information and feels less engaging. In contrast, the first edition is much more enjoyable to read, though some of its content is outdated. My notes focus solely on the aspects of the first edition that remain relevant to modern networking.

Chapter 1: Introduction to TCP/IP

TCP/IP is the foundation of modern networking, evolving from research projects in the 1960s into a globally adopted protocol suite. It was designed for packet-switched networks, allowing flexible, resilient communication.

Key Takeaways:

  1. Routers and Network Connectivity:
    • An IP router or router (previously called a “gateway”) connects two or more networks, forwarding packets between them. Today, “gateway” usually refers to application gateways that handle protocol translation.
    • TCP/IP supports various link-layer technologies, such as Ethernet, Token Ring (should be deprecated today), FDDI (Fiber Distributed Data Interface), and RS-232 serial lines.
    • Networks can also be linked using bridges, which operate at the data link layer. ( btw. In the companies I worked for, Modern networks increasingly rely on Layer 3 switches instead of traditional routers to handle local traffic efficiently.)
  2. Multihomed Systems:
    • A multihomed system has multiple network interfaces and can be connected to multiple networks.
    • Routers don’t have to be dedicated hardware; even a standard computer with proper configuration can function as a router.
  3. Why a Layered Architecture?
    • TCP/IP follows a layered model to keep networking modular and scalable.
    • High-level applications (e.g., a web browser) don’t need to handle hardware-specific details.
    • This separation allows developers to build network applications without worrying about physical infrastructure.

  4. Encapsulation & Demultiplexing: Data sent across networks goes through encapsulation, where each layer adds a header (e.g., Ethernet, IP, TCP/UDP). The receiving device demultiplexes the data, stripping headers as it moves up the stack.

  5. Address Resolution (ARP & RARP):
    • ARP (Address Resolution Protocol): Maps an IP address to a MAC address on Ethernet and Token Ring networks.
    • RARP (Reverse ARP): Does the opposite—resolves a MAC address into an IP address, typically for diskless workstations that don’t store their own IP configuration.
  6. Addressing Types: IP addresses come in three types:
    • Unicast (one-to-one)
    • Broadcast (one-to-all in a network)
    • Multicast (one-to-many for subscribed hosts)
  7. Protocol Governance: The TCP/IP ecosystem is maintained by organizations like:
    • IETF (Internet Engineering Task Force) – Develops standards (RFCs).
    • ISOC (Internet Society) – Promotes internet policy and best practices.
    • IAB (Internet Architecture Board) – Oversees technical development.
  8. TCP/IP Implementations:
    • The 4.x BSD system (Berkeley Software Distribution) played a crucial role in early TCP/IP adoption.
    • BSD’s networking stack became the foundation for many modern operating systems, including Linux and macOS.

Interesting Insight:

Older routing protocols allowed applications to interact directly with IP/ICMP. While rare today, this flexibility enabled experimentation with new transport-layer protocols. I think the example is ping and traceroute.

The Link Layer is responsible for defining how data is physically transmitted across network interfaces. It provides encapsulation methods to ensure that data is properly framed for transmission over different types of networks.

Key Takeaways:

  1. Encapsulation Standards Encapsulation in the Link Layer follows different standards based on network technology. The three major methods include:
    • Ethernet (RFC 894): Developed in 1982 by Digital Equipment Corporation, Intel, and Xerox. Uses CSMA/CD (Carrier Sense Multiple Access with Collision Detection) to manage how devices share the network. The most widely used encapsulation in modern networks.
    • IEEE 802.x Standard: A separate encapsulation standard developed by the Institute of Electrical and Electronics Engineers (IEEE). Includes variations like 802.3 (Ethernet), 802.11 (Wi-Fi), and 802.5 (Token Ring).
    • Trailer Encapsulation (RFC 893): A now deprecated method of encapsulation. Introduced for performance improvements but later abandoned due to compatibility issues.

    Among these, RFC 894 (Ethernet encapsulation) remains the dominant standard. I think this sets the basic of cloud computing networking (VXLAN (RFC 7348)) and VLAN (IEEE 802.1Q). But one thing I am not sure is since IEEE is sperate standard from RFC 894, and how would IEEE 802.1Q work with RFC 894?

  2. Serial Line IP (SLIP) SLIP (Serial Line Internet Protocol) was an early technique for sending IP datagrams over serial connections. Defined in RFC 1055, SLIP provided basic encapsulation but lacked features like error detection. Obsolete today, replaced by more advanced protocols like PPP (Point-to-Point Protocol) which is also being deprecated.

  3. Point-to-Point Protocol (PPP) PPP (Point-to-Point Protocol) is a standardized protocol for encapsulating IP packets over serial links. More advanced than SLIP, as it supports:
    • Error detection
    • Compression
    • Authentication mechanisms (PAP/CHAP) Commonly used in dial-up, DSL, and VPN connections. I think VPNs commonly used the PPP protocol in the past, but due to security issues, modern VPNs more frequently rely on Layer 3 protocols like OpenVPN and WireGuard for enhanced security and performance. PPP is less used these days but I think in some areas PPP is still being used.

  4. Loopback Interface A special network interface that allows a device to send data to itself. Uses the 127.0.0.1 (IPv4) or ::1 (IPv6) address for internal communication. The Ethernet driver and loopback driver work together to determine if traffic should be processed internally rather than being transmitted over a physical network.

  5. Maximum Transmission Unit (MTU) MTU (Maximum Transmission Unit) defines the largest packet size that can be sent over a network without fragmentation.If a packet exceeds the MTU, IP fragmentation breaks it into smaller pieces before transmission. Common MTU values: Ethernet: 1500 bytes IEEE 802.3, 802.2: 1492 bytes

  6. Path MTU Discovery (PMTUD) Path MTU is the smallest MTU encountered along the route between two hosts.Since different networks have different MTUs, Path MTU Discovery (PMTUD) helps avoid fragmentation by dynamically detecting the lowest MTU along the path.Works by sending packets with the DF (Don’t Fragment) flag and adjusting the packet size based on ICMP feedback.

Final Thoughts

The Link Layer plays a critical role in framing, addressing, and transmitting data over various network types. Ethernet (RFC 894) remains the dominant standard, while older methods like SLIP and Trailer Encapsulation have been phased out. MTU and Path MTU Discovery ensure efficient transmission, preventing unnecessary fragmentation.

← Previous Post