for comments publication. RFC; Requirements for Internet Hosts - Communication Layers . portal7.info 1 reference. RFC Network Working Group Request for Comments: Internet Engineering Task Force R. Braden, Editor October rfc,request for comment,Download Request for Comments number RFC Database Index: Download RFC Download file: portal7.info
|Language:||English, Spanish, Portuguese|
|ePub File Size:||26.32 MB|
|PDF File Size:||10.22 MB|
|Distribution:||Free* [*Sign up for free]|
[Docs] [txt|pdf] [Tracker] [Errata] Updated by: , , , , , , INTERNET STANDARD , Errata Exist Network Working Group. Requirements for Internet Hosts - Communication Layers, October Canonical URL: portal7.info; File formats: Plain Text PDF. Internet Standard 3, Requirements for Internet Hosts: IETF RFC , Internet Standard 5, Internet Protocol, Version 4 (IPv4): IETF RFC , Internet Protocol.
These documents are intended to provide guidance for vendors, implementors, and users of Internet communication software. They represent the consensus of a large body of technical experience and wisdom, contributed by the members of the Internet research and vendor communities. This RFC enumerates standard protocols that a host connected to the Internet must use, and it incorporates by reference the RFCs and other documents describing the current specifications for these protocols. It corrects errors in the referenced documents and adds additional discussion and guidance for an implementor. For each protocol, this document also contains an explicit set of requirements, recommendations, and options. The reader must understand that the list of requirements in this document is incomplete by itself; the complete set of requirements for an Internet host is primarily defined in the standard protocol specification documents, with the corrections, amendments, and supplements contained in this RFC. A good-faith implementation of the protocols that was produced after careful reading of the RFC's and with some interaction with the Internet technical community, and that followed good communications software engineering practices, should differ from the requirements of this document in only minor ways.
Take a closer look at it. Also a good place to start at when wondering what iptables and Netfilter is about. Excellent documentation about basic packet filtering with iptables written by one of the core developers of iptables and Netfilter. Excellent documentation about Network Address Translation in iptables and Netfilter written by one of the core developers, Rusty Russell.
One of the few documentations on how to write code in the Netfilter and iptables user-space and kernel space code-base. This was also written by Rusty Russell.
Also maintains a list of iptables scripts for different purposes. This shows some classes used in DSCP, and so on. Basically it is the defacto standards for Internet telephony today. It is horribly complex as you can see from the amount of documentation on the working groups homepage, and should hopefully be able to cope with pretty much any needs of session initiation in the future.
It is used mainly to setup peer to peer connections between known users, for example to connect to user example. The current version is running is 1.
This is a standardized way of sending and receiving public keys for servers and handling trusted certificate agents etc. For more information, read the RFC's on this page. This effort has been discontinued due to several reasons discussed on the page, but efforts will still be put into bugfixes, documentation and the forums. This is extremely good to get used to reading once in a while, specifically if you want to get a basic look at what protocols runs on different ports. Internet Assigned Numbers Authority - The IANA is the organisation that is responsible for fixing all numbers in the different protocols in an orderly fashion.
If anyone has a specific addition to make to a protocol for example, adding a new TCP option , they need to contact the IANA, which will assign the numbers requested. In other words, extremely important site to keep an eye on.
Internet Engineering Task Force - This is one of the biggest groups when it comes to setting and maintaining Internet standards. They are the ones maintaining the RFC repository, and consist of a large group of companies and individuals that work together to ensure the interoperability of the Internet.
It is one of the biggest and best documents regarding Linux advanced routing. Maintained by Bert Hubert. Among others, the FTOS patch is available here. The Linux Documentation Project is a great site for documentation.
Most big documents for Linux is available here, and if not in the TLDP, you will have to search the net very carefully. If there is anything you want to know more about, check this site out. Snort - this is an excellent open source "network intrusion detection system" NIDS which looks for signatures in the packets that it sees, and if it sees a signature of some kind of attack or break-in it can do different actions that can be defined notifying the administrator, or take action, or simply logging it.
Tripwire - tripwire is an excellent security tool which can be used to find out about host intrusions. It makes checksums of all the files specified in a configuration file, and then it tells the administrator about any files that has been tampered with in an illegit way every time it is run. Finally, there is some guidance on reading the rest of the document and some terminology. An Internet communication system consists of interconnected packet networks supporting communication among host computers using the Internet protocols.
Internet hosts span a wide range of size, speed, and function. They range in size from small microprocessors through workstations to mainframes and supercomputers. In function, they range from single-purpose hosts such as terminal servers to full-service hosts that support a variety of online network services, typically including remote login, file transfer, and electronic mail. A host is generally said to be multihomed if it has more than one interface to the same or to different networks.
See Section 1. The assumptions most relevant to hosts are as follows: a The Internet is a network of networks. Each host is directly connected to some particular network s ; its connection to the Internet is only conceptual.
Two hosts on the same network communicate with each other using the same set of protocols that they would use to communicate with hosts on distant networks. To improve robustness of the communication system, gateways are designed to be stateless, forwarding each IP datagram independently of other datagrams.
As a result, redundant paths can be exploited to provide robust service in spite of failures of intervening gateways and networks. All state information required for end-to-end flow control and reliability is implemented in the hosts, in the transport layer or in application programs.
All connection control information is thus co-located with the end points of the communication, so it will be lost only if an end point fails.
Routing is a complex and difficult problem, and ought to be performed by the gateways, not the hosts. A basic objective of the Internet design is to tolerate a wide range of network characteristics -- e. Another objective is robustness against failure of individual networks, gateways, and hosts, using whatever bandwidth is still available. Finally, the goal is full "open system interconnection": an Internet host must be able to interoperate robustly and effectively with any other Internet host, across diverse Internet paths.
Sometimes host implementors have designed for less ambitious goals. For example, the LAN environment is typically much more benign than the Internet as a whole; LANs have low packet loss and delay and do not reorder packets.
Some vendors have fielded host implementations that are adequate for a simple LAN environment, but work badly for general interoperation. The vendor justifies such a product as being economical within the restricted LAN market.
However, isolated LANs seldom stay isolated for long; they are soon gatewayed to each other, to organization-wide internets, and eventually to the global Internet system. In the end, neither the customer nor the vendor is served by incomplete or substandard Internet host software. The requirements spelled out in this document are designed for a full-function Internet host, capable of full interoperation over an arbitrary Internet path. A host typically must implement at least one protocol from each layer.
The Internet suite does not further subdivide the application layer, although some of the Internet application layer protocols do contain some internal sub-layering. The application layer of the Internet suite essentially combines the functions of the top two layers -- Presentation and Application -- of the OSI reference model.
We distinguish two categories of application layer protocols: user protocols that provide service directly to users, and support protocols that provide common system functions. UDP is a connectionless "datagram" transport service. Other transport protocols have been developed by the research community, and the set of official Internet transport protocols may be expanded in the future. Transport layer protocols are discussed in Chapter 4.
IP is a connectionless or datagram internetwork service, providing no end-to-end delivery guarantees. Thus, IP datagrams may arrive at the destination host damaged, duplicated, out of order, or not at all. The layers above IP are responsible for reliable delivery service when it is required.
The IP protocol includes provision for addressing, type-of-service specification, fragmentation and reassembly, and security information. The datagram or connectionless nature of the IP protocol is a fundamental and characteristic feature of the Internet architecture.
ICMP provides error reporting, congestion reporting, and first-hop gateway redirection. We call this a link layer or media-access layer protocol. There is a wide variety of link layer protocols, corresponding to the many different types of networks.
See Chapter 2. Such dual-purpose systems must follow the Gateway Requirements RFC [INTRO:2] with respect to their gateway functions, and must follow the present document with respect to their host functions.
In all overlapping cases, the two specifications should be in agreement. There are varying opinions in the Internet community about embedded gateway functionality. The main arguments are as follows: o Pro: in a local network environment where networking is informal, or in isolated internets, it may be convenient and economical to use existing host systems as gateways.
There is also an architectural argument for embedded gateway functionality: multihoming is much more common than originally foreseen, and multihoming forces a host to make routing decisions as if it were a gateway. If the multihomed host contains an embedded gateway, it will have full routing knowledge and as a result will be able to make more optimal routing decisions. Attempting to include a general gateway function within the host IP layer will force host system maintainers to track these more frequent changes.
Also, a larger pool of gateway implementations will make coordinating the changes more difficult. Finally, the complexity of a gateway IP layer is somewhat greater than that of a host, making the implementation and operation tasks more complex.
In addition, the style of operation of some hosts is not appropriate for providing stable and robust gateway service. There is considerable merit in both of these viewpoints. One conclusion can be drawn: an host administrator must have conscious control over whether or not a given host acts as a gateway.
See Section 3. These problems are being addressed, and as a result there will be continuing evolution of the specifications described in this document. These changes will be carefully planned and controlled, since there is extensive participation in this planning by the vendors and by the organizations responsible for operations of the networks. Development, evolution, and revision are characteristic of computer network protocols today, and this situation will persist for some years.
A vendor who develops computer communication software for the Internet protocol suite or any other protocol suite! The Internet is a large communication network, and the users are in constant contact through it. Experience has shown that knowledge of deficiencies in vendor software propagates quickly through the Internet technical community.
In general, it is best to assume that the network is filled with malevolent entities that will send in packets designed to have the worst possible effect. Adaptability to change must be designed into all levels of Internet host software. As a simple example, consider a protocol specification that contains an enumeration of values for a particular header field -- e. Thus, if a protocol specification defines four possible error codes, the software must not break when a fifth code shows up.
An undefined code might be logged see below , but it must not cause a failure. The second part of the principle is almost as important: software on other hosts may contain deficiencies that make it unwise to exploit legal but obscure protocol features. It is unwise to stray far from the obvious and simple, lest untoward effects result elsewhere. A corollary of this is "watch out for misbehaving hosts"; host software should be prepared, not just to survive other misbehaving hosts, but also to cooperate to limit the amount of disruption such hosts can cause to the shared communication facility.
As a result of complexity, diversity, and distribution of function, the diagnosis of Internet problems is often very difficult.
Problem diagnosis will be aided if host implementations include a carefully designed facility for logging erroneous or "strange" protocol events. It is important to include as much diagnostic information as possible when an error is logged. In particular, it is often useful to record the header s of a packet that caused an error. However, care must be taken to ensure that error logging does not consume prohibitive amounts of resources or otherwise interfere with the operation of the host.
There is a tendency for abnormal but harmless protocol events to overflow error logging files; this can be avoided by using a "circular" log, or by enabling logging only while diagnosing a known failure. It may be useful to filter and count duplicate successive messages. For example, it might useful to be able to "log everything" or to "log everything for host X". Note that different managements may have differing policies about the amount of error logging that they want normally enabled in a host.
Some will say, "if it doesn't hurt me, I don't want to know about it", while others will want to take a more watchful and aggressive attitude about detecting and removing protocol abnormalities. This would allow the whole suite to be implemented in ROM or cast into silicon, it would simplify diskless workstations, and it would be an immense boon to harried LAN administrators as well as system vendors.
We have not reached this ideal; in fact, we are not even close. At many points in this document, you will find a requirement that a parameter be a configurable option. There are several different reasons behind such requirements. In a few cases, there is current uncertainty or disagreement about the best value, and it may be necessary to update the recommended value in the future.
In other cases, the value really depends on external factors -- e. In some cases, configurability is needed because of administrative requirements. Finally, some configuration options are required to communicate with obsolete or incorrect implementations of the protocols, distributed without sources, that unfortunately persist in many parts of the Internet.
To make correct systems coexist with these faulty systems, administrators often have to "mis- configure" the correct systems.
This problem will correct itself gradually as the faulty systems are retired, but it cannot be ignored by vendors. When we say that a parameter must be configurable, we do not intend to require that its value be explicitly read from a configuration file at every boot time. This document requires a particular value for such defaults in some cases.
The choice of default is a sensitive issue when the configuration item controls the accommodation to existing faulty systems.
If the Internet is to converge successfully to complete interoperability, the default values built into implementations must implement the official protocol, not "mis-configurations" to accommodate faulty implementations. Although marketing considerations have led some vendors to choose mis-configuration defaults, we urge vendors to choose defaults that will conform to the standard.
Finally, we note that a vendor needs to provide adequate documentation on all configuration parameters, their limits and effects. In describing the rules, we assume that an implementation does strictly mirror the layering of the protocols. Thus, the following three major sections specify the requirements for the link layer, the internet layer, and the transport layer, respectively. This layerist organization was chosen for simplicity and clarity.
However, strict layering is an imperfect model, both for the protocol suite and for recommended implementation approaches. Protocols in different layers interact in complex and sometimes subtle ways, and particular functions often involve multiple layers. There are many design choices in an implementation, many of which involve creative "breaking" of strict layering. This document describes the conceptual service interface between layers using a functional "procedure call" notation, like that used in the TCP specification [TCP:1].
For example, many implementations reflect the coupling between the transport layer and the IP layer by giving them shared access to common data structures.
These data structures, rather than explicit procedure calls, are then the agency for passing much of the information that is required. In general, each major section of this document is organized into the following subsections: 1 Introduction 2 Protocol Walk-Through -- considers the protocol specification documents section-by-section, correcting errors, stating requirements that may be ambiguous or ill-defined, and providing further clarification or explanation.
This material is intended to give clarification and explanation of the preceding requirements text. It also includes some suggestions on possible future directions or developments. The implementation material contains suggested approaches that an implementor may want to consider. The summary sections are intended to be guides and indexes to the text, but are necessarily cryptic and incomplete.
The summaries should never be used or referenced separately from the complete RFC. One vendor may choose to include the item because a particular marketplace requires it or because it enhances the product, for example; another vendor may omit the same item. An implementation is not compliant if it fails to satisfy one or more of the MUST requirements for the protocols it implements. A segment consists of a TCP header followed by application data.