Chapter 31 - Microsoft TCP/IP Architecture
TCP/IP protocols map to a four-layered conceptual model: Application, Transport, Internet, and Network Interface. This model is officially known as the TCP/IP Internet Protocol Suite but is often referred to as the TCP/IP protocol family. As shown in Figure 2.1, each layer in the TCP/IP model corresponds to one or more layers of the International Standards Organization (ISO) seven-layer Open Systems Interconnection (OSI) model.
Figure 31.1 TCP/IP and the OSI Model
The TCP/IP Protocol Suite
Defined within the four layers of TCP/IP are protocols that dictate how computers connect and communicate. The most common of these protocols are Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Internet Protocol (IP), Address Resolution Protocol (ARP), and Internet Control Message Protocol (ICMP). The following sections introduce these protocols, explain how they relate to Windows NT networking, and describe where and how TCP/IP configuration parameters are stored on Windows NT.
Transmission Control Protocol
The most common higher-level protocol in the suite is Transmission Control Protocol (TCP). It provides a reliable, connection-oriented packet delivery service on top of (or encapsulated within) IP. TCP guarantees the delivery of packets, ensures proper sequencing of the data, and provides a checksum feature that validates both the packet header and its data for accuracy. If the network either corrupts or loses a TCP packet during transmission, TCP is responsible for retransmitting the faulty packet. This reliability makes TCP the protocol of choice for session-based data transmission, client-server applications, and critical services, such as electronic mail.
This reliability has a price. TCP headers require additional bits to provide proper sequencing of information, as well as a mandatory checksum to ensure reliability of both the TCP packet header and the packet data. To guarantee successful data delivery, the protocol also requires that the recipient acknowledge successful receipt of data.
Such acknowledgments (ACKs) generate additional network traffic, diminishing the rate at which data passes in favor of reliability. To reduce the impact on performance, most hosts send an acknowledgment for every other segment or when a specified time interval has passed.
User Datagram Protocol
If reliability is not essential, User Datagram Protocol (UDP), a TCP complement, offers a connectionless datagram service that guarantees neither delivery nor correct sequencing of delivered packets (much like IP). Higher-level protocols or applications might provide reliability mechanisms in addition to UDP/IP. UDP data checksums are optional, providing a way to exchange data over highly reliable networks without unnecessarily consuming network resources or processing time. When UDP checksums are used, they validate the integrity of both the header and data. ACKs are not enforced by the UDP protocol; this is left to higher-level protocols.
UDP also supports sending data from a single sender to multiple receivers.
Internet Protocol (IP) provides packet delivery for all other protocols within the suite. It provides a best-effort, connectionless delivery system for computer data. That is, IP packets are not guaranteed to arrive at their destination, nor are they guaranteed to be received in the sequence in which they were sent. The protocol's checksum feature confirms only the IP header's integrity. Thus, responsibility for the data contained within the IP packet (and the sequencing) is assured only by using higher-level protocols.
Address Resolution Protocol
Not directly related to data transport, but important nonetheless, the Address Resolution Protocol (ARP) is one of the maintenance protocols that supports the TCP/IP suite and is usually invisible to users and applications.
If two systems are to communicate across a TCP/IP network, the system sending the packet must map the IP address of the final destination to the physical address of the final destination. IP acquires this physical address by broadcasting a special inquiry packet (an ARP request packet) containing the IP address of the destination system. All ARP-enabled systems on the local IP network detect these broadcast messages, and the system that owns the IP address in question replies by sending its physical address to the requester (in an ARP reply packet). The physical/IP address is then stored in the ARP cache of the requesting system for subsequent use.
Because the ARP reply can also be broadcast to the network, other systems on the network can use this information to update their own ARP caches. (Use the arp program to view the ARP tables.)
Internet Control Message Protocol
Internet Control Message Protocol (ICMP) is another of the maintenance protocols. It allows two systems on an IP network to share status and error information. This information can be used by higher-level protocols to recover from transmission problems or by network administrators to detect network trouble. Although ICMP packets are encapsulated within IP packets, they are not considered to be a higher-level protocol. (ICMP is required in every IP network implementation.)
The ping program uses the ICMP echo request and echo reply packets to determine whether a particular IP system on a network is functional. For this reason, the ping program is useful for diagnosing IP network or router failures.
TCP/IP and the Windows NT Network Architecture
The architecture of the Microsoft Windows NT operating system with integrated networking is protocol-independent. This architecture, illustrated in Figure 2.2, provides application, file, print, and other services over any network protocol that supports the transport driver interface (TDI). The protocols package network requests for applications in their respective formats and send the requests to the appropriate network adapter by means of the network device interface specification (NDIS) interface. NDIS allows multiple network protocols to reside over a wide variety of network adapters and media types.
Figure 31.2 Architectural Model of Windows NT with TCP/IP
Under the Windows NT transport-independent architecture, TCP/IP is a suite of protocols that can be used to offer Windows-based networking capabilities. The TCP/IP protocols give Windows NT, Windows for Workgroups, and LAN Manager computers transparent access to each other and enable communication with non-Microsoft systems in the enterprise network.
TCP/IP and the Windows NT Configuration Database
TCP/IP configuration information is stored in the Windows NT Registry. The Registry, illustrated in Figure 31.3, is a hierarchical database that provides a central repository for hardware-specific information.
Figure 31.3 Conceptual View of the Windows NT Registry
In general, the TCP/IP-configuration parameters (such as IP address and computer name) are modified by means of the Windows NT Control Panel or the Administrative Tools (Common) folder. However, parameters that are not routinely changed, such as default Time To Live (TTL) and default Type Of Service (TOS), can be modified only by means of the Registry (with the Registry Editor).
Caution Incorrectly adjusting TCP/IP registry parameters may adversely affect system performance. For a description of these parameters, see the Regentry.hlp help file on the Microsoft Windows NT Resource Kit CD-ROM.