As always, write to me if you have anything interesting to say about programming.
Not been here for a while? Interested in past soapboxes? I've posted them all in the archives.
Common uses of the Internet include the World Wide Web, email, and newsgroups. Since you are probably using the World Wide Web to read this right now, this course will use the web as an example to discuss how the Internet works. If you have any questions which are not covered here, feel free to write me. If I got anything wrong, definitely write me.
When you ask for a web page (say, the home page at
www.esmerel.com), your browser has to do
a few things to get you the page. First, it must
translate the name that you entered into an IP
address, and then it must send a request to that IP
address to have the page returned.
Translating the name (DNS Lookup)
To send a request to another computer (node) on the Internet, your browser
needs to know the IP address of that node. IP stands for "Internet Protocol"
and is the way that computers talk to each other across the Internet. Each
computer has a unique identifier, called an IP address. This is that weird
set of 4 numbers (like 220.127.116.11) that you sometimes see instead of a
name for a web site.
However, you generally know the sites on the Internet by their names (which are called domain names), such as www.esmerel.com. To translate the domain name into an IP address, your browser uses something called a domain name server (DNS).
Your browser (and your email software as well) has already been set up, when you or someone else configured it to access the Internet, to know the IP address of a domain name server. When it wants to find the IP address of a domain, it sends a request to the domain name server, which returns the IP address corresponding to that domain.
The domain name servers are usually set up in a hierarchy, and they are
periodically (and automatically) updated, so your local domain name server
can either directly return the IP address to your computer, or it can look
it up in the next level of DNS and then cache it (so it won't have to look
it up again next time) and return it to you. Either way, your browser gets
a response from the local DNS containing the IP address (or an error
response if it failed to find it).
Sending to an IP address
Once your browser has an IP address, it can construct an IP packet
(containing the message you want to send, in this case a request
for a web page) and send the packet to the destination address. At the
simplest level, your computer simply builds the packet and drops it onto
the Internet, which takes care (almost magically) of getting it to the
Once you look a little closer, the trick behind the magic becomes clear. Your computer does not need to know much about the destination IP address, only that it is not this computer. It can send the entire IP packet to the nearest router (also known as a gateway, probably the default gateway), and let that router send it to the destination.
Isn't that just dodging the responsibility? Yes, and that's the beauty of the Internet. All your computer has done is pass the packet to a router that it thinks has a better chance of delivering it. So, how does that router deliver the packet?
First, the router checks to see if it can deliver the packet directly. If so, then it does. If not, then it looks at the routers which it can directly reach. From those routers, it picks the one that it thinks is closest to the destination (and which, therefore, has the best chance of being able to deliver the packet), and sends the packet to that one.
This is how routing works on the Internet. Each router either delivers the packet directly to the destination, or forwards it to another router which, in its opinion, is closer to the destination. No router actually needs to know the route that the packet will take.
This flexibility is what allows the Internet to heal itself when a router or a link fails. If the packet cannot get there one way, it will get there another.
In the PING packet (in fact, in all IP packets) there is a field known as time-to-live. This field is set to 255 when a packet is sent, and is decremented (reduced by 1) by each router that handles the packet. This field determines the number of "hops" (between servers) that a packet can make. Part of its purpose is to ensure that a packet cannot be routed around the Internet forever. If any router gets a packet and decrements this field to zero, it will not forward the packet any further; it will instead report an error back to the computer that originally sent the packet.
If you want to find out what routers are used to send a packet to a destination, you can use this time-to-live feature to get each router to announce itself to you. Here's how it works.
First, you send a PING to the destination, but you set the time-to-live to one. When the PING reaches the first router, it will decrement the time-to-live to zero, so it will discard the packet and send an error message back to you indicating that the destination is unreachable. This message is known as an ICMP (Internet Control Message Protocol) message. Part of the message is the IP address of the router at which the packet failed.
You record this IP address and then try the PING again, this time with a time-to-live of two. This time it will reach the second router before being discarded, and the error message will give you the IP address of the second router. You continue like this, increasing the time-to-live for each attempt, until you get a PING that actually works. You then have a list of all the routers that handled the packet on the way to the destination.
You cannot set the time-to-live using the ping program itself, but you can use a program called tracert. Tracert will try pinging the destination with increasing time-to-live values, until it determines the route to the destination. If you want to set the time-to-live manually, you can use: tracert -h 1 esmerel.com (then try 2, and so on, until you reach esmerel).
Of course, the next packet may not take the same route. Next time, one of those routers may be down or another one may have come up and be used on the path to the destination.
So, how does the router decide what other router is closer to the destination? It does that by looking it up in a routing table. Each router maintains a routing table, which typically looks something like the one below. Depending on the implementation, there may be other fields in the table, and some of the fields may differ, but this example includes the fields that have to be there.
When the router gets a packet, it looks at the destination address and the routing table. It scans the table looking for an entry that matches, and then it sends the packet to the gateway specified in that entry. If no other entry in the table matches, it sends the packet to the destination marked default. In some routers, this is an entry in the table, and in others it is stored separately as the default route, which you may need to configure.
It matches the entries by taking the destination address and masking it with the entry's subnet mask. It compares this against the destination specified in the table. If they match, then this entry can be used. If multiple entries match, then the packet will be routed based on the most specific routing table entry (the one with the most bits set in the subnet mask).
To make this clear, let's look at a few examples.
So why didn't it use this entry for the first case? Because one of the rules said to use the most specific entry which matches. This is useful because it means your routing table can specify that a large range of addresses should be routed in one direction, then specify that a smaller subrange of those be routed in a different direction.
Notice that all subnet masks (in binary) consist of a series of ones followed by a series of zeroes. This ensures that the division into networks and subnetworks will always work and will unambiguously provide a most specific matching entry. The most specific entry is simply the one with the most ones in the subnet mask.