Application Layer (15.1.1)

In the OSI model and the TCP/IP model, the application layer is the closest layer to the end user. As shown in Figure 15-1, it is the layer that provides the interface between the applications used to communicate and the underlying network over which messages are transmitted. Application layer protocols are used to exchange data between programs running on the source and destination hosts.

Based on the TCP/IP model, the upper three layers of the OSI model—the application, presentation, and session layers—define functions of the TCP/IP application layer.

There are many application layer protocols, and new protocols are being developed all the time. Some of the most widely known application layer protocols are Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Trivial File Transfer Protocol (TFTP), Internet Message Access Protocol (IMAP), and Domain Name System (DNS).

Presentation and Session Layer (15.1.2)

The presentation layer has three primary functions:

• Formatting, or presenting, data at the source device into a compatible format for receipt by the destination device.

• Compressing data in a way that can be decompressed by the destination device.

• Encrypting data for transmission and decrypting data upon receipt.

As shown in Figure 15-2, the presentation layer formats data for the application layer, and it sets standards for file formats. Some well-known standards for video include Matroska Video (MKV), Motion Picture Experts Group (MPG), and QuickTime Video (MOV). Some well-known graphic image formats are Graphics Interchange Format (GIF), Joint Photographic Experts Group (JPG), and Portable Network Graphics (PNG) formats.

As the layer’s name implies, functions at the session layer create and maintain dialogues between source and destination applications. The session layer handles the exchange of information to initiate dialogues, keep them active, and restart sessions that are disrupted or idle for a long period of time.

TCP/IP Application Layer Protocols (15.1.3)

The TCP/IP application layer protocols specify the format and control information necessary for many common internet communication functions. Application layer protocols are used by both the source and destination devices during a communication session. For communications to be successful, the application layer protocols that are implemented on the source and destination hosts must be compatible.

Table 15-1 describes the most popular application layer protocols.

Check Your Understanding—Application, Session, Presentation (15.1.4)

Refer to the online course to complete this activity.

Client-Server Model (15.2.1)

In the client/server model, the device requesting the information is called a client, and the device responding to the request is called a server. The client is a hardware/software combination that people use to directly access the resources that are stored on the server. Client and server processes are considered to be in the application layer. The client begins an exchange by requesting data from the server, which responds by sending one or more streams of data to the client. Application layer protocols describe the format of the requests and responses between clients and servers. In addition to the actual data transfer, this exchange may also require user authentication and the identification of a data file to be transferred.

One example of a client/server network is the email service of an ISP used to send, receive, and store email. The email client on a home computer issues a request to the email server of the ISP for any unread mail. The server responds by sending the requested email to the client. Data transfer from a client to a server is referred to as an upload, and data from a server to a client is called a download.

As shown in Figure 15-3, files are downloaded from the server to the client.

Peer-to-Peer Networks (15.2.2)

In the peer-to-peer (P2P) networking model, the data is accessed from a peer device without the use of a dedicated server. The P2P network model involves two parts: P2P networks and P2P applications. The two parts have similar features, but in practice they work quite differently.

In a P2P network, two or more computers are connected through a network and can share resources (such as printers and files) without having a dedicated server. Every connected end device (known as a peer) can function as both a server and a client. One computer might assume the role of server for one transaction while simultaneously serving as a client for another. The roles of client and server are set on a per-request basis.

In addition to sharing files, a network such as this one would allow users to enable networked games or share an internet connection.

In a peer-to-peer exchange, both devices are considered equal in the communication process. Peer 1 has files that are shared with Peer 2 and can access the shared printer that is directly connected to Peer 2 to print files. Peer 2 is sharing the directly connected printer with Peer 1 while accessing the shared files on Peer 1, as shown in Figure 15-4.

Peer-to-Peer Applications (15.2.3)

A P2P application allows a device to act as both a client and a server within the same communication, as shown in Figure 15-5. In this model, every client is a server, and every server is a client. P2P applications require that each end device provide a user interface and run a background service.

Some P2P applications use a hybrid system in which resource sharing is decentralized, but the indexes that point to resource locations are stored in a centralized directory. In a hybrid system, each peer accesses an index server to get the location of a resource stored on another peer.

Common P2P Applications (15.2.4)

With P2P applications, each computer in the network that is running the application can act as a client or as a server for the other computers in the network that are also running the application. Common P2P networks include the following:

• BitTorrent

• Direct Connect

• eDonkey

• Freenet

Some P2P applications are based on the Gnutella protocol, and each user shares whole files with other users. As shown in Figure 15-6, Gnutella-compatible client software allows users to connect to Gnutella services over the internet and to locate and access resources shared by other Gnutella peers. Many Gnutella client applications are available, including uTorrent, BitComet, DC++, Deluge, and eMule.

Many P2P applications allow users to share pieces of many files with each other at the same time. Clients use a torrent file to locate other users who have pieces that they need so that they can then connect directly to them. This torrent file also contains information about tracker computers that keep track of which users have specific pieces of certain files. Clients ask for pieces from multiple users at the same time. This is known as a swarm, and the technology is called BitTorrent. BitTorrent has its own client, and there are also many other BitTorrent clients, including uTorrent, Deluge, and qBittorrent.

Check Your Understanding—Peer-to-Peer (15.2.5)

Refer to the online course to complete this activity.

Hypertext Transfer Protocol and Hypertext Markup Language (15.3.1)

When a web address or uniform resource locator (URL) is typed into a web browser, the web browser establishes a connection to the web service. The web service is running on the server that is using HTTP. URLs and uniform resource identifiers (URIs) are the names most people associate with web addresses.

To better understand how a web browser and a web server interact, examine how a web page (in this case, http://www.cisco.com/index.html) is opened in a browser:.

Step 1. As shown in Figure 15-7, the browser interprets the three parts of the URL:

• http (the protocol or scheme)

• www.cisco.com (the server name)

• index.html (the specific filename requested)

Step 2. As shown in Figure 15-8, the browser checks with a name server to convert www.cisco.com into a numeric IP address, which it uses to connect to the server. The client initiates an HTTP request to a server by sending a GET request to the server and asks for the index.html file.

Step 3. In response to the request, the server sends the HTML code for this web page to the browser, as shown in Figure 15-9.

Step 4. The browser deciphers the HTML code and formats the page for the browser window, as shown in Figure 15-10.

HTTP and HTTPS (15.3.2)

HTTP is a request/response protocol. When a client, typically a web browser, sends a request to a web server, HTTP specifies the message types used for that communication. The three common message types are GET, POST, and PUT:

• GET: This is a client request for data . A client (web browser) sends the GET message to the web server to request HTML pages (see Figure 15-11).

  

• POST: This uploads data files such as form data to the web server.

• PUT: This uploads resources or content such as an image to the web server.

Although HTTP is remarkably flexible, it is not a secure protocol. The request messages send information to the server in plaintext that can be intercepted and read. The server responses, typically HTML pages, are also unencrypted.

For secure communication across the internet, the HTTP Secure (HTTPS) protocol is used. HTTPS uses authentication and encryption to secure data as it travels between the client and server. HTTPS uses the same client request/server response process as HTTP, but the data stream is encrypted with Transport Layer Security (TLS) or its predecessor, Secure Socket Layer (SSL), before being transported across the network.

Email Protocols (15.3.3)

One of the primary services offered by an ISP is email hosting. To run on a computer or other end device, email requires several applications and services, as shown in Figure 15-12. Email is a store-and-forward method of sending, storing, and retrieving electronic messages across a network. Email messages are stored in databases on mail servers.

Email clients communicate with mail servers to send and receive email. Mail servers communicate with other mail servers to transport messages from one domain to another. An email client does not communicate directly with another email client when sending email. Instead, both clients rely on the mail server to transport messages.

Email supports three separate protocols for operation: Simple Mail Transfer Protocol (SMTP), Post Office Protocol (POP), and IMAP. The application layer process that sends mail uses SMTP. A client retrieves email using one of the two application layer protocols: POP or IMAP.

SMTP, POP, and IMAP (15.3.4)

The following sections describe the email protocols SMTP, POP, and IMAP.

SMTP

An SMTP message must have a message header and a message body. The message body can contain any amount of text, and the message header must have a properly formatted recipient email address and a sender address.

When a client sends email, the client SMTP process connects with a server SMTP process on well-known port 25. After the connection is made, the client attempts to send the email to the server across the connection, as shown in Figure 15-13. When the server receives the message, it either places the message in a local account, if the recipient is local, or forwards the message to another mail server for delivery.

The destination email server may not be online or may be busy when email messages are sent. Therefore, SMTP spools messages to be sent at a later time. The server periodically checks the queue for messages and attempts to send them again. If a message is still not delivered after a predetermined expiration time, it is returned to the sender as undeliverable.

POP

An application can use POP to retrieve mail from a mail server. With POP, mail is downloaded from the server to the client and then deleted on the server. This is the default operation of POP.

The server starts the POP service by passively listening on TCP port 110 for client connection requests. When a client wants to make use of the service, it sends a request to establish a TCP connection with the server, as shown in Figure 15-14. When the connection is established, the POP server sends a greeting. The client and POP server then exchange commands and responses until the connection is closed or aborted.

With POP, email messages are downloaded to the client and removed from the server, so there is no centralized location where email messages are kept. Because POP does not store messages, it is not recommended for a small business that needs a centralized backup solution.

POP3 is the most commonly used version of POP.

IMAP

IMAP is another protocol that describes a method to retrieve email messages. Unlike with POP, when the user connects to an IMAP-capable server, copies of the messages are downloaded to the client application, as shown in Figure 15-15. The original messages are kept on the server until they are manually deleted. Users view copies of the messages in their email client software.

Users can create a file hierarchy on the server to organize and store mail. That file structure is duplicated on the email client. When a user decides to delete a message, the server synchronizes that action and deletes the message from the server.

Check Your Understanding—Web and Email Protocols (15.3.5)

Refer to the online course to complete this activity.

Domain Name Service (15.4.1)

In data networks, devices are labeled with numeric IP addresses to send and receive data over networks. Domain names were created to convert these numeric address into recognizable names.

On the internet, fully qualified domain names (FQDNs), such as http://www.cisco.com, are much easier for people to remember than 198.133.219.25, which is the actual numeric address for the server at www.cisco.com. If Cisco decides to change the numeric address of www.cisco.com, the change is transparent to the user because the domain name remains the same. The new address is linked to the existing domain name, and connectivity is maintained.

The DNS protocol defines an automated service that matches resource names with the required numeric network addresses. It includes the format for queries, responses, and data. DNS communications use a single format called a message. This message format is used for all types of client queries and server responses, error messages, and the transfer of resource record information between servers.

The following are the steps in the DNS process:

Step 1. The user types an FQDN into a browser application Address field, as shown in Figure 15-16.

Step 2. A DNS query is sent to the designated DNS server for the client computer, as shown in Figure 15-17.

Step 3. The DNS server matches the FQDN with its IP address, as shown in Figure 15-18.

Step 4. The DNS query response is sent back to the client with the IP address for the FQDN, as shown in Figure 15-19.

Step 5. The client computer uses the IP address to make requests of the server, as shown in Figure 15-20.

DNS Message Format (15.4.2)

The DNS server stores different types of resource records that are used to resolve names. Each record contains the name, address, and type of record. Some of these record types are as follows:

• A: An end-user device IPv4 address

• NS: An authoritative name server

• AAAA: An end-user device IPv6 address; pronounced “quad-A”

• MX: A mail exchange record

When a client makes a query, the DNS process on the server first looks at the server’s own records to resolve the name. If it is unable to resolve the name by using its stored records, it contacts other servers to resolve the name. After a match is found and returned to the original requesting server, the server temporarily stores the numbered address in case the same name is requested again.

The DNS client service on Windows PCs also stores previously resolved names in memory. The ipconfig /displaydns command displays all the cached DNS entries.

As shown in Table 15-2, DNS uses the same message format between servers, consisting of a question, an answer, an authority, and additional information for all types of client queries and server responses, error messages, and transfer of resource record information.

DNS Hierarchy (15.4.3)

The DNS protocol uses a hierarchical system to create a database to provide name resolution, as shown in Figure 15-21. DNS uses domain names to form the hierarchy.

The naming structure is broken down into small, manageable zones. Each DNS server maintains a specific database file and is responsible for managing name-to-IP mappings for only that small portion of the entire DNS structure. When a DNS server receives a request for a name translation that is not within its DNS zone, the DNS server forwards the request to another DNS server within the proper zone for translation. DNS is scalable because hostname resolution is spread across multiple servers.

Each top-level domain represents either the type of organization or the country of origin. Examples of top-level domains include the following:

• .com: A business or an industry

• .org: A non-profit organization

• .au: Australia

• .co: Colombia

The nslookup Command (15.4.4)

When configuring a network device, one or more DNS server addresses are provided that the DNS client can use for name resolution. Usually the ISP provides the addresses to use for the DNS servers. When a user application requests to connect to a remote device by name, the requesting DNS client queries the name server to resolve the name to a numeric address.

Computer operating systems also have a utility called nslookup that allows a user to manually query the name servers to resolve a given hostname. This utility can also be used to troubleshoot name resolution issues and to verify the current status of the name servers.

When the nslookup command is issued, the default DNS server configured for the host is displayed, as shown in Example 15-1. The name of a host or domain can be entered at the nslookup prompt. The nslookup utility has many options available for extensive testing and verification of the DNS process.

Example 15-1 Using the nslookup Command on a Windows Host

Click here to view code image

C:Users> nslookup
Default Server:  dns-sj.cisco.com
Address:  171.70.168.183
> www.cisco.com
Server:  dns-sj.cisco.com
Address:  171.70.168.183
Name:    origin-www.cisco.com
Addresses:  2001:420:1101:1::a
          173.37.145.84
Aliases:  www.cisco.com
> cisco.netacad.net
Server:  dns-sj.cisco.com
Address:  171.70.168.183
Name:    cisco.netacad.net
Address:  72.163.6.223
>

Syntax Checker—The nslookup Command (15.4.5)

Refer to the online course to complete this activity.

Dynamic Host Configuration Protocol (15.4.6)

The Dynamic Host Configuration Protocol (DHCP) for IPv4 service automates the assignment of IPv4 addresses, subnet masks, gateways, and other IPv4 networking parameters. This is referred to as dynamic addressing. The alternative to dynamic addressing is static addressing, in which the network administrator manually enters IP address information on hosts.

When a host connects to the network, the DHCP server is contacted, and an address is requested. The DHCP server chooses an address from a configured range of addresses called a pool and assigns (leases) it to the host.

On larger networks, or where the user population changes frequently, DHCP is preferred for address assignment. New users may arrive and need connections; others may have new computers that must be connected. Rather than use static addressing for each connection, it is more efficient to have IPv4 addresses assigned automatically using DHCP.

DHCP can allocate IP addresses for a configurable period of time, called a lease period. The lease period is an important DHCP setting. When the lease period expires or the DHCP server gets a DHCPRELEASE message, the address is returned to the DHCP pool for reuse. Users can freely move from location to location and can easily reestablish network connections through DHCP.

As Figure 15-22 shows, various types of devices can be DHCP servers. The DHCP server in most medium to large networks is usually a local, dedicated PC-based server. With home networks, the DHCP server is usually located on the local router that connects the home network to the ISP.

Many networks use both DHCP and static addressing. DHCP is used for general-purpose hosts, such as end-user devices. Static addressing is used for network devices, such as gateway routers, switches, servers, and printers.

DHCP for IPv6 (DHCPv6) provides similar services for IPv6 clients. One important difference between DHCP for IPv4 and DHCPv6 is that DHCPv6 does not provide a default gateway address. This address can only be obtained dynamically from the Router Advertisement message of the router.

DHCP Operation (15.4.7)

As shown in Figure 15-23, when an IPv4 DHCP-configured device boots up or connects to the network, the client broadcasts a DHCP discover (DHCPDISCOVER) message to identify any available DHCP servers on the network. A DHCP server replies with a DHCP offer (DHCPOFFER) message, which offers a lease to the client. The offer message contains the IPv4 address and subnet mask to be assigned, the IPv4 address of the DNS server, and the IPv4 address of the default gateway. The lease offer also includes the duration of the lease.

The client may receive multiple DHCPOFFER messages if the local network has more than one DHCP server. In such a case, the client must choose between the offers and sends a DHCP request (DHCPREQUEST) message that identifies the explicit server and lease offer that it is accepting. A client may also choose to request an address that it was previously allocated by the server.

If the IPv4 address requested by the client or offered by the server is still available, the server returns a DHCP acknowledgment (DHCPACK) message that acknowledges to the client that the lease has been finalized. If the offer is no longer valid, the selected server responds with a DHCP negative acknowledgment (DHCPNAK) message. If a DHCPNAK message is returned, the selection process must begin again, with a new DHCPDISCOVER message being transmitted. After the client has the lease, it must be renewed prior to the lease expiration through another DHCP-REQUEST message.

The DHCP server ensures that all IP addresses are unique; that is, the same IP address cannot be assigned to two different network devices simultaneously. Most ISPs use DHCP to allocate addresses to their customers.

DHCPv6 has a set of messages that are similar to those for DHCP for IPv4. The DHCPv6 messages are SOLICIT, ADVERTISE, INFORMATION REQUEST, and REPLY.

Lab—Observe DNS Resolution (15.4.8)

In this lab, you will complete the following objectives:

• Part 1: Observe the DNS Conversion of a URL to an IP Address

• Part 2: Observe DNS Lookup Using the nslookup Command on a Website

• Part 3: Observe DNS Lookup Using the nslookup Command on Mail Servers

Check Your Understanding—IP Addressing Services (15.4.9)

Refer to the online course to complete this activity.

File Transfer Protocol (15.5.1)

As you learned in previous sections, in the client/server model, the client can upload data to a server and download data from a server if both devices are using a file sharing protocol such as File Transfer Protocol (FTP). Like HTTP, email, and addressing protocols, FTP is a commonly used application layer protocol. This section discusses FTP in more detail.

FTP was developed to allow for data transfers between a client and a server. An FTP client is an application that runs on a computer that is being used to push and pull data from an FTP server.

As shown in Figure 15-24, the client establishes the first connection to the server for control traffic by using TCP port 21. The traffic consists of client commands and server replies.

The client establishes the second connection to the server for the actual data transfer, using TCP port 20. This connection is created every time there is data to be transferred.

The data transfer can happen in either direction: The client can download (pull) data from the server, or the client can upload (push) data to the server.

Server Message Block (15.5.2)

Server Message Block (SMB) is a client/server file sharing protocol that describes the structure of shared network resources, such as directories, files, printers, and serial ports. It is a request/response protocol. All SMB messages have a common format: a fixed-sized header followed by a variable-sized parameter and data component.

SMB functions carry out functions such as the following:

• Start, authenticate, and terminate sessions

• Control file and printer access

• Allow an application to send or receive messages to or from another device

SMB file sharing and print services have become the mainstay of Microsoft networking. With the introduction of the Windows 2000 software series, Microsoft changed the underlying structure for using SMB. In previous versions of Microsoft products, the SMB services used a non-TCP/IP protocol to implement name resolution. Windows 2000 and all subsequent Microsoft products use DNS naming, which allows TCP/IP protocols to directly support SMB resource sharing, as shown in Figure 15-25.

Figure 15-26 shows the SMB file exchange process between Windows PCs.

Unlike with the file sharing supported by FTP, with SMB, clients establish long-term connections to servers. After a connection is established, the user of the client can access the resources on the server as if the resource were local to the client host.

The Linux and UNIX operating systems also provide a method of sharing resources with Microsoft networks, using a version of SMB called SAMBA. macOS also supports resource sharing with the SMB protocol.

Check Your Understanding—File Sharing Services (15.5.3)

Refer to the online course to complete this activity.

Application, Presentation, and Session

In the OSI model and the TCP/IP model, the application layer is the layer closest to the end user. Application layer protocols are used to exchange data between programs running on the source and destination hosts. The presentation layer has three primary functions: formatting, or presenting, data at the source device into a compatible form for receipt by the destination device; compressing data in a way that can be decompressed by the destination device; and encrypting data for transmission and decrypting data upon receipt. The session layer creates and maintains dialogues between source and destination applications. The session layer handles the exchange of information to initiate dialogues, keep them active, and restart sessions that are disrupted or idle for a long period of time. TCP/IP application layer protocols specify the format and control information necessary for many common internet communication functions. These protocols are used by both the source and destination devices during a session. The protocols implemented on the source and destination hosts must be compatible.

Peer-to-Peer

In the client/server model, the device requesting the information is called a client, and the device responding to the request is called a server. The client begins an exchange by requesting data from the server, which responds by sending one or more streams of data to the client. In a P2P network, two or more computers are connected on a network and can share resources without having a dedicated server. Every peer can function as both a server and a client. One computer might assume the role of server for one transaction while simultaneously serving as a client for another. P2P applications require that each end device provide a user interface and run a background service. Some P2P applications use a hybrid system in which resource sharing is decentralized, but the indexes that point to resource locations are stored in a centralized directory. Many P2P applications allow users to share pieces of files with each other at the same time. Clients use a small file called a torrent file to locate other users who have pieces that they need so that they can connect directly to them. This file also contains information about tracker computers that keep track of which users have what pieces of which files.

Web and Email Protocols

When a web address or URL is typed into a web browser, the web browser establishes a connection to the web service. The web service is running on the server that is using HTTP, which is a request/response protocol. When a client, typically a web browser, sends a request to a web server, HTTP specifies the message types used for that communication. The three common message types are GET, POST, and PUT. For secure communication across the internet, HTTPS uses the same client request/server response process as HTTP, but the data stream is encrypted with SSL before being transported across the network. Email supports three separate protocols for operation: SMTP, POP, and IMAP. The application layer process that sends mail uses SMTP. A client retrieves email by using POP or IMAP. An SMTP message must have a message header and a message body. The message body can contain any amount of text, and the message header must have a properly formatted recipient email address and a sender address. An application can use POP to retrieve mail from a mail server. With POP, mail is downloaded from the server to the client and then deleted on the server. With IMAP, unlike with POP, when the user connects to an IMAP-capable server, copies of the messages are downloaded to the client application. The original messages are kept on the server until they are manually deleted.

IP Addressing Services

The DNS protocol matches resource names with the required numeric network addresses. DNS protocol communications use a message format for all types of client queries and server responses, error messages, and the transfer of resource record information between servers. DNS uses domain names to form a hierarchy. Each DNS server maintains a specific database file and is responsible for managing name-to-IP mappings for only a small portion of the entire DNS structure. Computer OSs use nslookup to allow the user to manually query the name servers to resolve a given hostname. DHCP for IPv4 automates the assignment of IPv4 addresses, subnet masks, gateways, and other IPv4 networking parameters. DHCPv6 provides similar services for IPv6 clients, except that it does not provide a default gateway address. When an IPv4 DHCP-configured device boots up or connects to the network, the client broadcasts a DHCPDISCOVER message to identify any available DHCP servers on the network. A DHCP server replies with a DHCPOFFER message, which offers a lease to the client. DHCPv6 has a set of messages that are similar to those for DHCPv4. The DHCPv6 messages are SOLICIT, ADVERTISE, INFORMATION REQUEST, and REPLY.

File Sharing Services

An FTP client is an application which runs on a computer that is being used to push and pull data from an FTP server. The client establishes the first connection to the server for control traffic by using TCP port 21. The client establishes the second connection to the server for the actual data transfer by using TCP port 20. The client can download (pull) data from the server, or the client can upload (push) data to the server. The following are examples of the functions of SMB messages: start, authenticate, and terminate sessions; control file and printer access; and allow an application to send or receive messages to or from another device. Unlike with the file sharing supported by FTP, with SMB clients establish long-term connections to servers. After a connection is established, the user of the client can access the resources on the server as if the resource were local to the client host.