TCP/IP Illustrated: The Protocols, Volume 1 (Edition 1) Reading Notes and thinking.

Posted by Jie Gao on February 23, 2025 · 11 mins read

Disclaimer:
This article provides a personal summary and analysis based on the concepts discussed in TCP/IP Illustrated: The Protocols, Volume 1.
All original ideas and content belong to the respective authors and publishers.
This summary is created under fair use principles for educational and informational purposes only.

The second edition is more recent than the first, but it includes an overwhelming amount of information and feels less engaging. In contrast, the first edition is much more enjoyable to read, though some of its content is outdated. My notes focus solely on the aspects of the first edition that remain relevant to modern networking.

Chapter 1: Introduction to TCP/IP

TCP/IP is the foundation of modern networking, evolving from research projects in the 1960s into a globally adopted protocol suite. It was designed for packet-switched networks, allowing flexible, resilient communication.

Key Takeaways:

  1. Routers and Network Connectivity:
    • An IP router or router (previously called a “gateway”) connects two or more networks, forwarding packets between them. Today, “gateway” usually refers to application gateways that handle protocol translation.
    • TCP/IP supports various link-layer technologies, such as Ethernet, Token Ring (should be deprecated today), FDDI (Fiber Distributed Data Interface), and RS-232 serial lines.
    • Networks can also be linked using bridges, which operate at the data link layer. ( btw. In the companies I worked for, Modern networks increasingly rely on Layer 3 switches instead of traditional routers to handle local traffic efficiently.)
  2. Multihomed Systems:
    • A multihomed system has multiple network interfaces and can be connected to multiple networks.
    • Routers don’t have to be dedicated hardware; even a standard computer with proper configuration can function as a router.
  3. Why a Layered Architecture?
    • TCP/IP follows a layered model to keep networking modular and scalable.
    • High-level applications (e.g., a web browser) don’t need to handle hardware-specific details.
    • This separation allows developers to build network applications without worrying about physical infrastructure.

  4. Encapsulation & Demultiplexing: Data sent across networks goes through encapsulation, where each layer adds a header (e.g., Ethernet, IP, TCP/UDP). The receiving device demultiplexes the data, stripping headers as it moves up the stack.

  5. Address Resolution (ARP & RARP):
    • ARP (Address Resolution Protocol): Maps an IP address to a MAC address on Ethernet and Token Ring networks.
    • RARP (Reverse ARP): Does the opposite—resolves a MAC address into an IP address, typically for diskless workstations that don’t store their own IP configuration.
  6. Addressing Types: IP addresses come in three types:
    • Unicast (one-to-one)
    • Broadcast (one-to-all in a network)
    • Multicast (one-to-many for subscribed hosts)
  7. Protocol Governance: The TCP/IP ecosystem is maintained by organizations like:
    • IETF (Internet Engineering Task Force) – Develops standards (RFCs).
    • ISOC (Internet Society) – Promotes internet policy and best practices.
    • IAB (Internet Architecture Board) – Oversees technical development.
  8. TCP/IP Implementations:
    • The 4.x BSD system (Berkeley Software Distribution) played a crucial role in early TCP/IP adoption.
    • BSD’s networking stack became the foundation for many modern operating systems, including Linux and macOS.

Interesting Insight:

Older routing protocols allowed applications to interact directly with IP/ICMP. While rare today, this flexibility enabled experimentation with new transport-layer protocols. I think the example is ping and traceroute.

The Link Layer is responsible for defining how data is physically transmitted across network interfaces. It provides encapsulation methods to ensure that data is properly framed for transmission over different types of networks.

Key Takeaways:

  1. Encapsulation Standards Encapsulation in the Link Layer follows different standards based on network technology. The three major methods include:
    • Ethernet (RFC 894): Developed in 1982 by Digital Equipment Corporation, Intel, and Xerox. Uses CSMA/CD (Carrier Sense Multiple Access with Collision Detection) to manage how devices share the network. The most widely used encapsulation in modern networks.
    • IEEE 802.x Standard: A separate encapsulation standard developed by the Institute of Electrical and Electronics Engineers (IEEE). Includes variations like 802.3 (Ethernet), 802.11 (Wi-Fi), and 802.5 (Token Ring).
    • Trailer Encapsulation (RFC 893): A now deprecated method of encapsulation. Introduced for performance improvements but later abandoned due to compatibility issues.

    Among these, RFC 894 (Ethernet encapsulation) remains the dominant standard. I think this sets the basic of cloud computing networking (VXLAN (RFC 7348)) and VLAN (IEEE 802.1Q). But one thing I am not sure is since IEEE is sperate standard from RFC 894, and how would IEEE 802.1Q work with RFC 894?

  2. Serial Line IP (SLIP) SLIP (Serial Line Internet Protocol) was an early technique for sending IP datagrams over serial connections. Defined in RFC 1055, SLIP provided basic encapsulation but lacked features like error detection. Obsolete today, replaced by more advanced protocols like PPP (Point-to-Point Protocol) which is also being deprecated.

  3. Point-to-Point Protocol (PPP) PPP (Point-to-Point Protocol) is a standardized protocol for encapsulating IP packets over serial links. More advanced than SLIP, as it supports:
    • Error detection
    • Compression
    • Authentication mechanisms (PAP/CHAP) Commonly used in dial-up, DSL, and VPN connections. I think VPNs commonly used the PPP protocol in the past, but due to security issues, modern VPNs more frequently rely on Layer 3 protocols like OpenVPN and WireGuard for enhanced security and performance. PPP is less used these days but I think in some areas PPP is still being used.

  4. Loopback Interface A special network interface that allows a device to send data to itself. Uses the 127.0.0.1 (IPv4) or ::1 (IPv6) address for internal communication. The Ethernet driver and loopback driver work together to determine if traffic should be processed internally rather than being transmitted over a physical network.

  5. Maximum Transmission Unit (MTU) MTU (Maximum Transmission Unit) defines the largest packet size that can be sent over a network without fragmentation.If a packet exceeds the MTU, IP fragmentation breaks it into smaller pieces before transmission. Common MTU values: Ethernet: 1500 bytes IEEE 802.3, 802.2: 1492 bytes

  6. Path MTU Discovery (PMTUD) Path MTU is the smallest MTU encountered along the route between two hosts.Since different networks have different MTUs, Path MTU Discovery (PMTUD) helps avoid fragmentation by dynamically detecting the lowest MTU along the path.Works by sending packets with the DF (Don’t Fragment) flag and adjusting the packet size based on ICMP feedback.

Final Thoughts

The Link Layer plays a critical role in framing, addressing, and transmitting data over various network types. Ethernet (RFC 894) remains the dominant standard, while older methods like SLIP and Trailer Encapsulation have been phased out. MTU and Path MTU Discovery ensure efficient transmission, preventing unnecessary fragmentation.

Chapter 3: IP: Internet Protocol

Key points

  1. IP: The Core of Internet Routing The Internet Protocol (IP) is the backbone of packet delivery in the Internet. It provides a connectionless, unreliable datagram delivery service. This is actually suprise me but somehow I start to understand TCP does too much to make sure the reliability.

This means:

Connectionless: No prior setup is required between sender and receiver.

Unreliable: IP makes no guarantees about delivery, order, or duplication — that’s left to higher-level protocols like TCP.

Each IP packet contains a header that is 20 bytes long in IPv4.

  1. IP Header Fields: Key Highlights TOS (Type of Service): Originally designed to influence routing decisions based on four priorities:
  • Minimize delay
  • Maximize throughput
  • Maximize reliability
  • Minimize monetary cost (Note: Modern networks often ignore these fields or repurpose them for QoS.)

TTL (Time to Live): Prevents packets from circulating forever. This value sets the maximum number of hops (routers) a datagram can pass through. Each router decrements this field — when TTL hits zero, the packet is discarded.

  1. IP Routing: How a Host Decides Where to Send a Packet Conceptually, routing is simple from a host’s perspective:

Direct Delivery: If the destination is directly reachable (e.g., same Ethernet network or point-to-point link), the packet is sent directly.

Indirect Delivery: Otherwise, the host forwards the datagram to a default router, which handles routing from there.

Routing Table Lookup Steps: Exact Match: Look for an entry matching the complete destination IP address (both network and host ID). Common in point-to-point links.

Network Match: If no exact match, search for an entry matching the network ID only (considering subnet masks). This is typical for local networks.

Default Route: If still no match, use the entry labeled “default”, which points to a default gateway.

Failure: If none match, the packet is dropped (usually with an ICMP “Destination Unreachable” message).

  1. IPv6: The Successor to IPv4 As IPv4 faced exhaustion and scalability limitations, several proposals emerged in the early 1990s under the “IPng” (IP Next Generation) effort. Here are the key contenders:

4.1 SIP (Simple Internet Protocol) Proposed minimal changes to IP.

Used 64-bit addresses.

Redesigned the IP header format.

Maintained the 4-bit version field (set to a value other than 4).

✅ Eventually became the foundation for IPv6. Among these, SIP was selected and further developed into what we now know as IPv6. Though IPv6 eventually expanded to use 128-bit addresses, SIP laid the groundwork for its streamlined header design and extensibility principles.

4.2. PIP Proposed variable-length, hierarchical addresses.

Also introduced a new header format.

Not widely adopted.

4.3. TUBA (TCP and UDP with Bigger Addresses) Based on OSI’s CLNP protocol.

Used variable-length addresses (up to 20 bytes).

Leverage existing documentation and partial router support.

Few hosts supported CLNP, limiting its practicality.

4.4. TP/IX Used 64-bit IP addresses.

Modified TCP and UDP headers:

32-bit port numbers

64-bit sequence and acknowledgment numbers

32-bit TCP windows

A more aggressive redesign of the stack.

← Previous Post