Now that we have an appreciation for the evolution of the Internet and the
TCP/IP protocol suite, let us turn our attention to the structure of the
protocol suite. However, since the TCP/IP protocol suite has a layered
structure, we will ®rst examine the ISO Reference Model and the subdivision
of its second layer by the Institute of Electrical and Electronic Engineers
(IEEE) to provide a standardized frame of reference.
2.3 THE ISO REFERENCE MODEL
The International Organization for Standardization is an agency of the United
Nations headquartered in Geneva, Switzerland. The ISO is tasked with the
development of worldwide standards to facilitate the international exchange
of goods and services. The membership of the ISO consists of the national
standards organization of most countries, with over 100 countries participat-
ing in its work. One of the most notable achievements of the ISO in the ®eld of
data communications was its development of the seven-layer Open Systems
Interconnection (OSI) Reference Model. This model de®nes the communica-
tions process as a set of seven layers, with speci®c functions isolated and
associated with each layer.
Figure 2.2 illustrates the seven layers of the ISO Reference Model. Each
layer covers lower layer processes, effectively isolating them from higher layer
functions. In this way, each layer performs a set of functions necessary to
provide a set of services to the layer above it. Layer isolation permits the
characteristics of a given layer to change without impacting the remainder of
the model, provided that the supporting services remain the same. This
layering was developed as a mechanism to enable users to mix and match
OSI-conforming communications products to tailor their communications
systems to satisfy a particular networking requirement. Although OSI-
conforming communications products never gained a signi®cant degree of
acceptance, the OSI Reference Model provides a framework for comparing
18
THE TCP/IP PROTOCOL SUITE
Figure 2.2 The International Organization for Standardization (ISO) Open System

Interconnection (OSI) Reference Model
and contrasting the features and structure of other protocol suites. In
addition, by understanding the structure of the model and the subdivision of
its second layer by the IEEE, we can also obtain an appreciation of the
capabilities and limitations of other protocol suites as well as the manner by
which those suites support data ¯ow from source to destination.
2.3.1 Layers of the OSI Reference Model
With the exception of layers 1 and 7, each layer in the ISO Reference Model is
bounded by the layers above and below it. Layer 1, the physical layer, which
is responsible for moving bits in electrical or optical form, can be considered
to be bound below by the interconnecting medium over which transmission
¯ows. In comparison, layer 7 is the upper layer and has no upper boundary.
Within each layer is a group of functions that can be viewed as providing a set
of de®ned services to the layer that bounds it from above, resulting in layer n
using the services of layer n-1. To obtain an appreciation of the manner in
which the ISO's Reference Model operates, let us turn our attention to each of
the layers in the model.
Layer 1: the physical layer
At the lowest or most basic layer, the physical layer represents a set of rules
that speci®es the electrical, optical, and physical connection between devices
and the transmission medium. Typically, the physical layer can include the
coding method by which data is placed onto the medium as well as the
cabling interface to include the operation of different pins on the cabling
connection.
Layer 2: the data link layer
The data link layer de®nes how a device gains access to the medium speci®ed
by the physical layer as well as the data formats to include framing, error
control procedures, and other link control activities. The data format
speci®cation includes procedures employed to correct transmission errors,
thus, layer 2 becomes responsible for the reliable delivery of information.

At the data link layer information is grouped into entities referred to as
frames. As a minimum, each frame contains control information that enables
the receiver to synchronize itself to an incoming frame, addressing
information that identi®es the source and destination, a ®eld containing
the actual information being transmitted from source to destination, and a
®eld used for verifying the integrity of the data.
One important characteristic of data link protocols is the fact that they do
not have network addresses and as such are non-routable. As we will note
later in this chapter, Ethernet, Token-Ring, and FDDI represent examples of
data link protocols.
2.3 THE ISO REFERENCE MODEL
19
Because the development of OSI layers was originally targeted towards
wide area networking, its applicability to local area networks required a
degree of modi®cation. Under IEEE 802 standards, the data link layer was
subdivided into two sublayers: Logical Link Control (LLC) and Media Access
Control (MAC). The LLC layer is responsible for generating and interpreting
commands that control the ¯ow of data and perform recover operations in the
event of errors. In comparison, the MAC layer is responsible for providing
access to the local area network, which enables a station on the network to
transmit information. Later in this chapter we will discuss the subdivision in
additional detail.
Layer 3: the network layer
The third layer in the ISO Reference Model is the network layer. As its name
implies, this layer is responsible for arranging a logical connection through a
network to include the selection and management of a route for the ¯ow of
information between source and destination based upon the available paths
in a network. Services provided by this layer are associated with the
movement of data packets through a network, including addressing, routing,
switching, sequencing, and ¯ow control procedures. In a complex network,

the source and destination may not be directly connected by a single path,
but instead require a path to be established that consists of many subpaths.
Thus, routing of data through the network onto the correct paths is an
important feature of this layer.
Several protocols represent commonly used layer 3 protocols. Those
protocols include the X.25 packet protocol, which governs the ¯ow of
information within a packet network, Novell's Internet Packet Exchange
(IPX), and the Internet Protocol (IP).
Layer 4: the transport layer
The fourth layer in the ISO's Reference Model is the transport layer. This layer
is responsible for guaranteeing that the transfer of information occurs
correctly after a route has been established by the network layer protocol.
Thus, the primary function of this layer is to control the communications
session between nodes once a path has been established by the network
control layer. Error control, sequence checking, and other end-to-end data
reliability factors are the primary concern of this layer. In addition, to support
the transfer of different types of data between source and destination, this
layer is also responsible for multiplexing and de-multiplexing data streams
between upper layer application processes.
Although most transport layer protocols provide an end-to-end reliability
mechanism, this is an optional feature associated with this layer. Similarly,
although most transport layer protocols are connection-oriented, requiring
the destination to acknowledge its ability to receive data prior to a
transmission session being established, this is also an optional feature.
20
THE TCP/IP PROTOCOL SUITE
Instead of operating as a connection-oriented protocol, a transport layer
protocol can operate on what is referred to as a best-effort basis. This means
that the protocol will initiate transmission without knowing if the destination
is ready to receive data or even if it is powered on and operational. Although

this method of operation may appear awkward, the originator will set a timer
that decrements in value. If no response is received to the initial packet ¯ow
by the time the timer expires, the originator will assume that the destination
is not reachable and terminate the session. The use of a connectionless
protocol avoids the relatively long handshaking process associated with some
connection-oriented transport layer protocols. Examples of transport layer
protocols include Novell's Sequenced Packet Exchange (SPX) as well as the
Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP).
TCP is a connection-oriented, error-free delivery protocol. In comparison,
UDP is a connectionless, best effort protocol.
Layer 5: the session layer
The ®fth layer in the OSI Reference Model is the session layer. This layer
provides a set of rules for establishing and terminating data streams between
nodes in a network. The services that the session layer can provide include
establishing and terminating node connections, ¯ow control, dialogue
control, and end-to-end data control.
Layer 6: the presentation layer
The sixth layer in the ISO's OSI Reference Model is the presentation layer.
This layer is primarily responsible for formatting, data transformation, and
syntax-related operations. One of the primary functions of this layer that is
both visible and probably overlooked as we take it for granted is the
conversion of transmitted data at the receiver into a display format for a
receiving device. Concerning the receiving device, different presentation
layers reside on different devices, since the manner in which data is
displayed on a PC would more than likely differ from the manner in which
data is displayed on a dumb terminal. Other functions that can be performed
by the presentation layer include encryption/decryption and compression/
decompression.
Layer 7: the application layer
The seventh and top layer of the OSI Reference Model is the application layer.

This layer can be viewed as functioning as a window through which the
application gains access to all of the services provided by the seven-layer
model. Examples of functions that can be performed at the application layer
include ®le transfer, electronic mail transmission, and remote terminal
access.
2.3 THE ISO REFERENCE MODEL
21
While the ®rst four layers in the Reference Model are fairly well de®ned, the
functions associated with the upper three layers can vary considerably,
based upon the application, the type of data transported, and the manner in
which the attributes of the display of a device are used for the presentation of
information. As we will note later in this chapter, such popular Internet
protocols as the File Transfer Protocol (FTP), Telnet, and the HyperText
Transport Protocol (HTTP) represent a blend of layer 5 through layer 7 functions.
2.3.2 Data ¯ow
As data ¯ows within an ISO network each layer appends appropriate heading
information to frames of information ¯owing within the network while
removing the heading information added by a lower layer. In this manner,
layer n interacts with layer n-1 as data ¯ows through an ISO network.
Figure 2.3 illustrates the appending and removal of frame header
information as data ¯ows through a network constructed according to the
ISO Reference Model. Since each higher level removes the header appended
by a lower level, the frame traversing the network arrives in its original form
at its destination.
2.3.3 Layer subdivision
Prior to examining the major components of the TCP/IP protocol suite, a
discussion of layer subdivision resulting from the efforts of the Institute of
Electrical and Electronic Engineers (IEEE) is in order. The IEEE is
responsible for developing LAN standards in the USA, and its efforts are
commonly incorporated by the American National Standards Institute (ANSI)

into US standards, either as is or with slight modi®cation.
During the early development of LAN standards, the IEEE recognized that it
would be desirable to subdivide the data link layer. The result of this
subdivision was the creation of Logical Link Control (LLC) and Media Access
Control (MAC) sublayers. The MAC sublayer, which resides at the bottom of
the portion of the data link layer that was subdivided, de®nes the manner by
which a station gains access to a LAN. Examples of MAC methods include
Ethernet's Carrier Sense Multiple Access/Collision Detection (CSMA/CD)
scheme and Token-Ring's free token acquisition method. Above the MAC
layer, which differs for each type of LAN, is the LLC layer. The LLC layer,
which is common for each IEEE network, is used for controlling the
establishment, maintenance, and termination of logical connections between
stations on a network.
Addressing
Access to an IEEE network is accomplished through the MAC layer. Frames
placed on an IEEE network include two address-related ®elds: destination
and source address. Each address normally represents a 6-byte address
burnt into read-only memory (ROM) on the network adapter card of the frame
22
THE TCP/IP PROTOCOL SUITE
2.3 THE ISO REFERENCE MODEL
23
Figure 2.3 Data ¯ow within an ISO Reference Model network
originator (source address) and the frame recipient (destination address). The
®rst three bytes of the 6-byte network adapter card address are assigned by
the IEEE to an adapter card manufacturer, and represent the manufacturer
identi®cation (ID) portion of the address. The next three bytes are used by the
adapter card manufacturer to uniquely identify each adapter card that it
manufactures. If the manufacturer is so successful that it runs out of its
allocated 3-byte sequence of numbers, it will request another manufacturer

ID from the IEEE and use that ID for producing a new series of network
adapter cards.
Figure 2.4 illustrates the general format of an IEEE Mac address. When
used as a source address, a bit composition of all binary 1s represents a
broadcast address and results in each station copying the contents of the
frame off the network. Depending upon the type of LAN, the setting of different
bits within the 6-byte source MAC address can be used to identify different
groups. Then, each workstation associated with the group identi®er would
copy the frame off the network. If the frame's destination address is neither a
broadcast nor a group address, it will only be copied off the network by the
station whose adapter address matches the destination address in the frame.
Universally vs. locally administered addresses
Two types of addresses can be associated with stations on an IEEE network:
universally administered and locally administered. When a burnt-in ROM
address is used, it is referred to as a universally administered address, as it is
uniquely assigned by the IEEE. In comparison, a second type of address
results from the effort of a LAN administrator or network manager to override
the universally administered address. This second type of MAC address
results from the creation of a batch ®le statement being used to set a locally
generated address that overrides the burnt-in ROM address. Because this
address is developed locally, it is referred to as a locally administered
address. Note that, regardless of the type of MAC address, it is a layer 2
address that is 48 bits in length. Because TCP/IP addresses are 32 bits in
length (IPv4) and represent both a network address and a host address on a
network, a translation process is required to associate a layer 3 IP address to
a layer 2 MAC address. Later in this book we will examine the address
resolution process that performs the required translation.
2.4 THE TCP/IP PROTOCOL SUITE
In the previous section we have an overview of the functions of the seven
layers in the ISO Reference Model to provide a frame of reference when

examining the TCP/IP protocol suite. In actuality, TCP/IP represents one of
the earliest developed layered protocol suites and preceded the development
of the ISO's OSI Reference Model by approximately 20 years. Although it
predates the OSI Reference Model, we can obtain an appreciation of the
protocol suite by comparing it with that model.
24
THE TCP/IP PROTOCOL SUITE
2.4.1 Comparison with the ISO Reference Model
Similar to the ISO Reference Model, the TCP/IP protocol suite is subdivided
into distinct layers, commencing at the network layer. Although the protocol
suite does not include equivalents to the lower two layers of the ISO Reference
Model, it does provide a mechanism to translate addressing from the network
layer of the reference model to MAC addresses used by LANs at the lower
portion of the data link layer. This enables the TCP/IP protocol suite to use
the physical layer supported by different LANs.
A second key difference between the ISO Reference Model and the TCP/IP
protocol suite occurs at the top of the suite. TCP/IP applications can be
considered to represent the equivalent of layers 5 through 7 of the OSI
Reference Model. Based upon the preceding, Figure 2.5 provides a general
comparison of the TCP/IP protocol suite with the ISO Reference Model. Note
that, as previously mentioned, the TCP/IP protocol suite commences at the
equivalent of layer 3 of the ISO Reference Model. Thus, the dashed lines
surrounding Ethernet, Token-Ring, and FDDI layer 2 protocols and their
physical layers indicate that they are not actually part of the TCP/IP protocol
suite. Instead, the Address Resolution Protocol (ARP), which can be viewed as
a facility of the Internet Protocol (IP), provides the translation mechanism
that enables IP addressed packets to be correctly delivered to workstations
that use MAC addresses. In fact, the TCP/IP protocol suite can also run over
ATM, with a special type of address resolution used to resolve IP to ATM
addresses. Thus, address resolution enables the TCP/IP protocol suite to be

transported by other protocols and use the physical layer speci®ed by those
protocols.
Now that we have an appreciation for the general relationship between the
TCP/IP protocol stack and the ISO's Open System Interconnection Reference
Model, let's turn our attention to the actual layers of the protocol suite.
The network layer
The Internet Protocol (IP) represents the network layer protocol employed by
the TCP/IP protocol suite. IP packets are formed by the addition of an IP
header to the layer 4 protocol data entity, which is either the Transport
Control Protocol (TCP) or the User Datagram Protocol (UDP).
IP headers contain 32-bit source and destination addresses that are
normally subdivided to denote a network address and host address on the
2.4 THE TCP/IP PROTOCOL SUITE
25
Figure 2.4 The IEEE MAC address format