Unit2 - Subjective Questions

Domain Name System (DNS) Architecture:
DNS is a hierarchical, decentralized naming system for computers and other resources connected to the Internet. It translates human-readable domain names (like www.example.com) to machine-readable IP addresses.

Hierarchy:

• Root DNS Servers: The highest level, which delegates to TLD servers.
• Top-Level Domain (TLD) Servers: Handle domains like .com, .org, .edu, and country codes (.uk, .in).
• Authoritative DNS Servers: Owned by organizations or service providers, housing the actual DNS records for a specific domain.

Resolution Types:

• Recursive Resolution: The client (resolver) asks the local DNS server to find the IP address. The local DNS server takes full responsibility to fetch the answer by querying the Root, TLD, and Authoritative servers sequentially, and finally returns the resolved IP to the client.
• Iterative Resolution: The local DNS server queries the Root server, which replies with the address of the TLD server (instead of fetching it on its behalf). The local server then queries the TLD server, which replies with the Authoritative server's address. The local server makes all the subsequent queries itself.

DNS records are instructions that live in authoritative DNS servers and provide information about a domain. Common types include:

• A Record (Address): Maps a hostname to an IPv4 address.
• AAAA Record: Maps a hostname to an IPv6 address.
• CNAME (Canonical Name): Maps an alias name to a true (canonical) domain name (e.g., mapping www.example.com to example.com).
• MX (Mail Exchanger): Specifies the mail servers responsible for accepting email messages on behalf of a domain.
• NS (Name Server): Delegates a DNS zone to use the given authoritative name servers.
• TXT (Text): Allows an administrator to insert arbitrary text into a DNS record, often used for email security (SPF, DKIM).

DNS Caching is the process of temporarily storing DNS query results (IP addresses corresponding to domain names) in a local cache (such as an OS cache, browser cache, or local DNS resolver).

Importance:

• Reduced Latency: By storing the IP address locally, subsequent requests for the same domain do not need to traverse the internet to query root or TLD servers, resulting in much faster load times.
• Reduced Network Traffic: It significantly decreases the volume of DNS query traffic over the network.
• Decreased Load on DNS Servers: It prevents root and TLD servers from being overwhelmed by millions of redundant requests for popular websites.
  Every cached record has a Time-To-Live (TTL), which dictates how long the record should be kept before it is discarded and a fresh query is made.

The Electronic Mail architecture involves several components working together to send, route, and receive messages.

1. User Agent (UA):
This is the email client software used by the user to compose, read, reply to, and forward emails (e.g., Outlook, Thunderbird, or a webmail interface).

2. Message Transfer Agent (MTA):
MTAs are responsible for routing and transferring emails from the sender's mail server to the recipient's mail server over the internet. They use the SMTP (Simple Mail Transfer Protocol) to communicate with each other.

3. Message Access Agent (MAA):
Once an email reaches the recipient's mail server, it is stored in the user's mailbox. The MAA is the protocol/software used by the recipient's UA to retrieve or access these emails. Common MAA protocols include POP3 (Post Office Protocol version 3) and IMAP (Internet Message Access Protocol).

Workflow: Sender UA Sender MTA Internet Receiver MTA Receiver Mailbox Receiver MAA Receiver UA.

SMTP (Simple Mail Transfer Protocol):

• Function: Used for sending or pushing emails from a client to a server or between two servers.
• Port: Uses TCP port 25 (or 587/465 for secure transmission).
• Nature: It is a 'push' protocol.

POP3 (Post Office Protocol v3):

• Function: Used by a client to retrieve emails from a mail server.
• Port: Uses TCP port 110 (or 995 for secure).
• Nature: It is a 'pull' protocol. Typically downloads the email to the local device and deletes it from the server.

IMAP (Internet Message Access Protocol):

• Function: Used by a client to access and manage emails on the mail server.
• Port: Uses TCP port 143 (or 993 for secure).
• Nature: It is a 'pull' protocol. Unlike POP3, it synchronizes the local client with the server, keeping emails on the server, allowing access from multiple devices.

MIME (Multipurpose Internet Mail Extensions) is a supplementary protocol that extends the format of email to support text in character sets other than ASCII, as well as attachments of audio, video, images, and application programs.

Significance:

• Original SMTP can only transfer 7-bit NVT (Network Virtual Terminal) ASCII text. It cannot transmit binary files or text in other languages (like Japanese, Arabic, etc.).
• MIME acts as a translator. At the sender's side, it converts non-ASCII data into 7-bit NVT ASCII data so that SMTP can transfer it.
• At the receiver's side, MIME translates the 7-bit NVT ASCII back to the original non-ASCII data.
• It uses headers like MIME-Version, Content-Type, and Content-Transfer-Encoding to inform the receiving client about the type of data attached.

File Transfer Protocol (FTP) is an application layer protocol used for the transfer of computer files between a client and server on a computer network. It operates on a client-server architecture using reliable TCP connections.

Out-of-Band Control:
Unlike HTTP or SMTP which send control commands and data over the same connection (in-band), FTP uses two separate TCP connections to function:

• Control Connection (Port 21): Used to send control information like user identification, passwords, and commands to change directories or transfer files. This connection remains open throughout the session.
• Data Connection (Port 20): Used strictly to send the actual files. A new data connection is opened every time a file transfer is initiated and closed when the transfer is complete.
  Because the control commands are sent over a separate connection from the data, FTP is said to send its control information "out-of-band".

Active FTP:

• The client opens a random port (e.g., Port ), connects to the FTP server's command port (Port 21), and sends the command PORT X.
• The server then initiates the data connection from its data port (Port 20) to the client's specified Port .
• Issue: Client firewalls often block incoming connections, causing the data connection to fail.

Passive FTP (PASV):

• To solve the firewall issue, Passive FTP was introduced.
• The client initiates both connections to the server.
• The client connects to Port 21 and sends the PASV command. The server responds with a random unprivileged port (Port ) it has opened for data transfer.
• The client then initiates the data connection from its own unprivileged port to the server's Port .
• This is much friendlier to client-side firewalls.

Relationship:
The Transport layer sits directly above the Network layer in the OSI/TCP-IP model. The Network layer provides logical communication between hosts (devices), while the Transport layer extends this to provide logical communication between processes (applications) running on those hosts.

Key Differences:

1. Scope of Delivery:
   • Network Layer: Responsible for host-to-host delivery. It routes packets from the source machine to the destination machine using IP addresses.
   • Transport Layer: Responsible for process-to-process (end-to-end) delivery. It routes messages to the specific application using Port numbers.
2. Reliability:
   • Network Layer: Usually offers best-effort, unreliable delivery (like IP).
   • Transport Layer: Can offer reliable delivery (like TCP) by adding error checking, flow control, and retransmissions, compensating for the Network layer's unreliability.
3. Data Unit: Network layer handles Packets/Datagrams, whereas the Transport layer handles Segments (TCP) or Datagrams (UDP).

Even if the Network layer provides 100% reliable host-to-host delivery (e.g., no lost packets, ordered delivery), a Transport layer is still essential for several reasons:

1. Process-to-Process Delivery: The network layer only delivers data to the destination computer. The computer may be running multiple network applications simultaneously (e.g., a web browser, an email client, a media streamer). The transport layer uses port numbers to multiplex and demultiplex the data to the correct specific application process.
2. Quality of Service (QoS) Enhancements: The transport layer can provide different types of services (e.g., byte-stream delivery vs. message-oriented delivery) that the underlying network layer might not natively support.
3. End-to-End Flow Control: Even on a reliable network, a fast sender can overwhelm a slow receiver. The transport layer implements end-to-end flow control to prevent this.
4. Application Isolation: The transport layer isolates the application from the specifics and potential changes of the network layer, providing a standardized socket interface.

The Transport Layer provides several critical services to the application layer:

1. Process-to-Process Delivery: Uses port numbers to deliver data to the correct application process on the host machine.
2. Multiplexing and Demultiplexing:
   • Multiplexing: Gathering data from multiple application processes, wrapping them with headers, and passing them to the network layer.
   • Demultiplexing: Receiving data from the network layer and directing it to the correct application process.
3. Connection Management: Establishing, maintaining, and terminating connections (in connection-oriented protocols like TCP).
4. Reliable Data Transfer: Ensuring data arrives intact, in order, without loss or duplication (via acknowledgments, sequence numbers, and timers).
5. Flow Control: Regulating the flow of data from sender to receiver so the receiver's buffers are not overwhelmed (e.g., TCP sliding window).
6. Congestion Control: Preventing a node from overwhelming the network itself by throttling the transmission rate when network congestion is detected.

Multiplexing (at the Sender):
Multiplexing is the process of gathering data chunks from different sockets (applications), encapsulating each data chunk with header information (such as source and destination port numbers) to create segments, and passing them to the network layer.
Example: A host is simultaneously running a Web browser (HTTP) and a File transfer client (FTP). The transport layer collects data from both, adds respective port headers, and passes them down a single IP connection.

Demultiplexing (at the Receiver):
Demultiplexing is the process of delivering the data in a transport-layer segment to the correct socket (application process).
Example: When the receiving host gets segments from the network layer, the transport layer examines the destination port number. If the port is 80, it routes the data to the Web server process; if it's 21, it routes it to the FTP server process.

TCP Header Format (Min 20 bytes):

• Source Port (16 bits) & Destination Port (16 bits): Identify the sending and receiving applications.
• Sequence Number (32 bits): Defines the byte number of the first byte of data in the segment.
• Acknowledgement Number (32 bits): Defines the byte number that the receiver expects to receive next.
• Header Length (4 bits): Length of the TCP header in 32-bit words.
• Reserved (6 bits): For future use.
• Control Flags (6 bits): URG, ACK, PSH, RST, SYN, FIN.
• Window Size (16 bits): Used for flow control (receiver's window size).
• Checksum (16 bits): For error checking of header and data.
• Urgent Pointer (16 bits): Points to urgent data if URG flag is set.
• Options & Padding: Optional information.

Significance of Sequence and Acknowledgement Numbers:
They are the core of TCP's reliable data transfer. The Sequence Number ensures data is reassembled in the correct order and helps detect lost or duplicate packets. The Acknowledgement Number is used for cumulative acknowledgments, explicitly telling the sender which data has been successfully received and which byte is expected next.

The TCP header contains 6 primary control flags (bits) that dictate the purpose and handling of the segment:

1. URG (Urgent): When set to 1, indicates that the segment contains urgent data and the Urgent Pointer field is valid. The receiver should prioritize this data.
2. ACK (Acknowledgment): When set to 1, indicates that the Acknowledgment Number field is valid. Used in almost all segments after connection establishment to acknowledge receipt of data.
3. PSH (Push): Tells the receiver to pass the data to the application layer immediately, rather than buffering it until a full segment arrives.
4. RST (Reset): Used to immediately abort a connection, usually due to an unrecoverable error or rejecting an invalid connection attempt.
5. SYN (Synchronize): Used during the initial connection setup (3-way handshake) to synchronize sequence numbers between sender and receiver.
6. FIN (Finish): Used during connection termination to indicate that the sender has no more data to send.

TCP uses a three-way handshake to establish a reliable connection before data transmission begins. This process synchronizes sequence numbers and allocates resources.

Step 1: SYN (Client to Server)
The client, wishing to establish a connection, sends a segment with the SYN (Synchronize) flag set to 1. It specifies its initial sequence number (e.g., ). This segment contains no data.

Step 2: SYN + ACK (Server to Client)
The server receives the SYN, allocates TCP buffers and variables, and responds with a segment where both SYN and ACK flags are set. The server provides its own initial sequence number () and acknowledges the client's SYN by setting the acknowledgment number to .

Step 3: ACK (Client to Server)
The client receives the SYN+ACK, allocates buffers and variables, and replies with an ACK segment. The ACK flag is set, and the acknowledgment number is set to . This segment may contain the first payload of application data.

Once complete, a full-duplex TCP connection is established.

TCP connection termination uses a symmetric teardown process, often referred to as a 4-way handshake, as both sides must independently close their half of the connection.

Process:

1. FIN from Client: When the client has no more data to send, it sends a segment with the FIN (Finish) flag set (Sequence number = ).
2. ACK from Server: The server receives the FIN and responds with an ACK segment (Ack number = ). At this point, the client-to-server connection is closed, but the server can still send data to the client (half-close).
3. FIN from Server: Once the server finishes sending its remaining data, it sends its own FIN segment to the client (Sequence number = ).
4. ACK from Client: The client receives the FIN and responds with an ACK segment (Ack number = ).

The client then enters a TIME_WAIT state (usually for ) to ensure the server received the final ACK before completely releasing the connection resources.

UDP Header Format:
The User Datagram Protocol (UDP) header is very lightweight and fixed at exactly 8 bytes. It consists of four fields, each 16 bits (2 bytes) long:

1. Source Port Number (16 bits): Identifies the sending application process. It is optional; if not used, it is set to zero.
2. Destination Port Number (16 bits): Identifies the receiving application process on the destination host.
3. Total Length (16 bits): Specifies the total length of the UDP datagram (Header + Data) in bytes. The minimum value is 8 (header only).
4. Checksum (16 bits): Used for error-checking of the header and data. Unlike TCP, the checksum is technically optional in IPv4 (but mandatory in IPv6), though it is highly recommended to detect corruption during transmission.

An application might choose UDP over TCP for several reasons:

1. Speed and Lower Latency: UDP does not require connection establishment (no 3-way handshake), eliminating setup delay.
2. No Connection State: UDP does not maintain connection state (receive/send buffers, congestion control parameters), allowing a server to support many more active clients.
3. No Retransmission Delays: In real-time applications, receiving data late (after retransmission) is worse than not receiving it at all. UDP drops lost packets rather than delaying the stream.
4. Smaller Header Overhead: UDP has only 8 bytes of header overhead compared to TCP's 20 bytes.

Examples of UDP Applications:

• DNS (Domain Name System): Requires quick request/response without handshake overhead.
• VoIP and Live Video Streaming (e.g., Skype, Zoom): Prioritize timeliness over 100% reliability.
• SNMP: Network management protocols need to be lightweight.
• Online Multiplayer Games: Fast, continuous state updates are required.

Comparison of TCP and UDP:

TCP implements flow control to ensure that a fast sender does not overwhelm a slow receiver's buffer capabilities. This is achieved using a mechanism called the Sliding Window Protocol.

Mechanism:

1. Receive Window (rwnd): Every time the receiver sends an ACK to the sender, it includes a Window Size value in the TCP header. This value represents the amount of free buffer space available at the receiver.
2. Sender Behavior: The sender maintains a variable representing the rwnd. It ensures that the amount of unacknowledged data it has sent never exceeds the current rwnd advertised by the receiver.
3. Dynamic Adjustment: As the receiver's application reads data from the buffer, space frees up, and it advertises a larger window. If the receiver is overwhelmed, it can advertise a window of 0 (Zero Window). When the sender receives a Zero Window advertisement, it stops transmitting data and periodically sends a small "window probe" segment to check if space has opened up.
   This mechanism dynamically regulates data flow based on the receiver's capacity.