Content Overview This module covers the operation of various transport-layer networking technologies used on routers and hosts, including: This module also discusses tools and methodologies that can be used to aid in troubleshooting transport-layer networking issues.
Content 6.1 Characteristics of Transport Layer Technologies 6.1.1 Common transport layer technologies The transport layer provides end-to-end traffic accountability. Layer 4 technologies ensure reliable data delivery using acknowledgments, sequence numbers, and flow control mechanisms. The transport layer is the first layer that provides end-user functions. Problems at the transport layer can present symptoms ranging from sub-optimal network operation to complete network communications failure. There are at least 35 recognized transport layer protocols. Some of the more common of these are: This section will discuss the characteristics of these protocols and related transport layer technologies. A specific network protocol can communicate with another network protocol at the layer above or below it. Within the TCP/IP protocol suite, Layer 4 operations are primarily handled by UDP and TCP. UDP and TCP rely on IP at the network layer and use port numbers to identify what higher layer application traffic is contained in the packet. ICMP is a protocol from the TCP/IP suite that operates at the network layer and it too relies on IP. Unlike UDP and TCP, ICMP does not carry user data. ICMP is primarily used by network devices for self-management and self-tuning functions and by network engineers for troubleshooting network problems. UDP, TCP, and ICMP are all used heavily on the Internet, supporting a wide variety of traffic types and applications. The Network Basic Input/Output System (NetBIOS) was developed for IBM in 1983 by Sytek Corporation and officially defines a session level interface and a data transport protocol. NetBIOS was extended by IBM in 1985 to create the NetBIOS Extended User Interface (NetBEUI) protocol. NetBEUI supports NetBIOS operations at the network layer. NetBEUI and NetBIOS are commonly used in Microsoft and IBM LANs. NetBEUI operates at the network layer and interfaces directly with ISO’s Logical Link Control 2 (LLC2) at the data-link layer. NetBIOS interfaces with NetBEUI and with IBM’s Server Message Block (SMB) protocol at the application layer. Together, NetBIOS and NetBEUI can be considered to be operating from the network layer through to the presentation layer. Because both NetBIOS and NetBEUI are non-hierarchical broadcast-based protocols, they depend on other hierarchical protocols, such as IP or IPX, to operate in a routed network. Novell’s proprietary protocol suite uses Sequenced Packet Exchange (SPX) at the transport layer to implement reliable data delivery. In the early days of local area networking, Novell’s suite of protocols was commonly implemented. Until version 5 of Novell’s network operating system, IPX/SPX was the default protocol suite installed for Novell networks. Because IPX is not compatible with IP, networks running the Novell protocols are unable to communicate with the Internet without being translated. Due to the growing need for corporate, academic, and government networks to be connected to the Internet, almost all Novell network installations now use the TCP/IP protocol suite. This has led to the steady decline of the number of new network installations using the IPX/SPX protocol suite. AppleTalk Transaction Protocol (ATP) is used at the transport layer of legacy AppleTalk networks and relies on AppleTalk’s Datagram Delivery Protocol (DDP) at the network layer. Because ATP is incompatible with IP, new Mac networks usually use the TCP/IP protocol suite in preference to using the AppleTalk protocol suite. Although legacy networks using IPX/SPX and AppleTalk still exist, troubleshooting these protocol suites is not in the scope of this course and will not be discussed further in this curriculum.
Content 6.1 Characteristics of Transport Layer Technologies 6.1.2 User Datagram Protocol UDP is connectionless and is considered unreliable because it does not guarantee packet delivery. UDP operates on ‘best effort delivery’ basis and does not use packet sequencing, acknowledgment or retransmission mechanisms for flow control and error detection/correction. If flow control and error detection/correction features are required for a UDP-based data flow, these features must be implemented in higher layer protocols or applications. - Because UDP does not retransmit lost packets and does not consume bandwidth with acknowledgments, it is relatively light-weight, fast, and is suitable for both one-to-one and one-to-many communications. Over congestion-free and error-free networks, UDP is ideal for transferring small amounts of data, and for supporting streaming applications such as voice communications and video multicasts. However, using UDP over congested or error-prone networks often results in high degrees of data loss with higher-layer protocols, applications, or even users having to initiate data retransmission. Many higher-layer protocols and applications make use of UDP, including: Web Links Protocol Numbers http://www.iana.org/assignments/protocol-numbers
Content 6.1 Characteristics of Transport Layer Technologies 6.1.3 Transport Control Protocol Unlike UDP, TCP is connection-oriented. Because TCP implements packet sequencing, acknowledgment, and retransmission mechanisms at the transport layer, it is considered to be an inherently reliable protocol. These additional features at Layer 4 give TCP a larger operational overhead, which do not carry a data payload and consume bandwidth. Because of these reliability features, TCP is better suited to one-to-one communications and is rarely used for streaming and one-to-many communications. - TCP implements two main mechanisms for maximizing reliability and efficiency. They are the three-way handshake and windowing. Understanding these technologies is important to troubleshooting network performance issues and failures. TCP three-way handshake
The TCP three-way handshake occurs during TCP connection establishment and consists of three stages:
  1. Session request (TCP SYN) – the initiating host sends a TCP synchronization packet, which has the SYN bit set on, and contains the initiating host’s own sequence number (seq = x) for the connection. This packet also contains information about the initiating hosts TCP receive-window size.
  2. Session request acknowledgment (TCP SYN-ACK) – the target host responds to the packet from the initiating host by sending its own ‘synchronization acknowledgment’ packet. This packet has both the ACK and SYN bits set on, and contains the acknowledgment number generated by incrementing the sequence number from the initiating host by one (ack = x+1) plus the new sequence number from the target host (seq = y). The purpose of this packet is to inform the initiating host that the target host has received and understood the information from the initiating host and inform the initiating host of the TCP receive-window size of the target.
  3. Session acknowledgment (TCP ACK) – the