Networking Concepts

Contents

Introduction 5At a Glance 5

See Also 7

Networking Terminology 8

Networking Layers 10The Link Layer 10

The IP Layer 11

Transport Layer 12

The Application Layer 14

Understanding Latency 15

Addressing Schemes and Domain Names 17Link-Layer Addressing 17

IP-Layer Addressing 17

Domain Name System (DNS) 18

Whats in a (Domain) Name? 19

Looking Up Names 20

Other Uses of DNS 21

Packet Routing and Delivery 22IPv4 Routing 24

IPv6 Routing 26

Firewalls and Network Address Translation 28

Dynamic Address Assignment 30Dynamic Host Configuration Protocol (DHCP) and DHCPv6 30

Neighbor Discovery and IPv6 Address Assignment 31

Link-Local Addressing and Bonjour 31

Document Revision History 34

2012-07-19 | Copyright 2012 Apple Inc. All Rights Reserved.

2

Glossary 35


3

Contents

Figures and Tables

Networking Terminology 8Figure 1-1 Structure of an Ethernet packet 9

Packet Routing and Delivery 22Table 5-1 An IPv4 network address and (example) netmask for developer.apple.com 25

Table 5-2 The structure of an IPv6 address 27


4

Important: This is a preliminary document. Although it has been reviewed for technical accuracy, it is notfinal. Apple is supplying this information to help you adopt the technologies and programming interfaces

described herein. This information is subject to change, and software implemented according to this

document should be vetted against final documentation. For information about updates to this document,

go to the Apple Developer website. In the relevant reference library, enter the document's title in the

Documents text field that appears.

Because most networking in OS X and iOS is based on the TCP/IP communication protocol, you should have

at least a basic understanding of the fundamentals of the TCP/IP networking model itself before you begin

writing code. Although you can perform some high-level networking tasks without learning about the underlying

protocols, knowing how things work at a low level will help you better understand why things go wrong and

how to handle them when they do.

At a GlanceThe Internet is a vast network of interconnected computers and other devices that provide communication

around the world. When you visit a website, the server that provides that content might be across the room

or across an ocean. Your request might pass through a Wi-Fi router, a cable modem, a trunk line, a satellite

connection, or ostensibly even be delivered by carrier pigeon (RFC 1149). At a high level, each of these


5

Introduction

networking media are equivalent (performance characteristics notwithstanding). However, at a lower level,

devices communicate with one another in different ways, depending on what type of physical network they

are communicating over.

Satelliteconnection

Cellularconnection

Wi-Fi(802.11)

Ethernet,Cable, DSL

Internet

At a low level, when you access a website, your computer breaks up each request into tiny pieces, called

packets, and sends each packet individually to a special device called a router, which forwards those packets

to another router, which in turn forwards them to yet another router, and so on, until the packets reach the

destination server, wherever it might be. The response is sent back in a similar fashion. At each step along the

way, those packets can be split into multiple packets, wrapped up in other types of packets, and so on,

depending on the hardware involved.

This document explains how the Internet works under the hood, but at a moderately high level intended for

programmers. If, after reading this document, you want to learn more about how various Internet technologies

work, you can find a number of third party books that describe them in more detail. In addition, most of the

lower-level Internet technologies are described by RFCs (short for Request for Comment) that describe the

protocols in great detail.

IntroductionAt a Glance


6

See AlsoThis document is a companion document for Networking Overview , which explains how to write good

networking code.

IntroductionSee Also


7

In networking terminology, a host is any device that is connected to a network and provides an endpoint for

networked communication. A host might be a desktop computer, a server, an iOS device, a virtual machine

running on a server, or even the VoIP telephone sitting on your desk. It is called a host because it hosts the

applications and daemons that run on it.

Similarly, an infrastructure device is any piece of equipment that is responsible for making the network function.

The difference between a host and an infrastructure device is that an infrastructure device usually passes on

information sent by a host, whereas a host primarily sends or receives information on its own behalf. There

are even some infrastructure devices that are completely transparent to TCP/IP networking, such as Ethernet

hubs and switches (more on these later).

When one host sends data across a network, it divides the data into small pieces called packets. These packets

can be varying lengths, up to the maximum size allowed by the physical network interconnect (again, more

on this later).


8

Networking Terminology

A packet generally contains three basic parts: a header that tells where the packet should be sent, a payload

that contains the actual data, and a trailer that contains checksum information to ensure that the packet was

received correctly. Some packet types include this checksum information as part of the header, and thus do

not have a trailer. For example, shows the structure of an Ethernet packet.

Figure 1-1 Structure of an Ethernet packet

Ethernet payload45-1500 bytes

TCP packet(for example)

Bytes

Preamble

Start of frame

Destination MAC address

MAC source address

802.1Q tag (optional)

EtherType or length

CRC

Interframe gap

TCP payload

IP header

7

1

6

6

4

2

4

12

TCP header

The receiving host then reassembles these packets and provides them to a program as either a stream of bytes

or a series of messages, depending on the protocol. That program can respond by sending data, which its host

then divides into packets and sends back to the first host.

When one packet contains another packet (generally of a different type), this is called encapsulation. For

example, the Ethernet packet shown in Figure 1-1 contains a TCP/IP packet as its payload; the TCP/IP packet

is said to be encapsulated within the Ethernet packet.

Networking Terminology


9

The TCP/IP networking model consists of four basic layers: the link layer, the IP layer (short for Internet protocol),

the transport layer, and the application layer. These layers are described in the following sections.

Link layer (Ethernet, for example)

IP layer

Transport layer (TCP, UDP and so on)ICMP

Application layer

The Link LayerThe bottommost layer is the link layer, or physical layer. This layer of the networking stack involves the actual

hardware used to communicate with nearby physically connected hosts. The link layer transports raw packets

from one host to another on the same physical network.

Most end users encounter only five link layers directly: Wi-Fi, cellular networking, Ethernet, Bluetooth, and

FireWire. However, their data passes through links of many different types on its way to its destination. A user

might send data over a cable modem based on DOCSIS or a DSL modem based on VHDSL. From there, the

users data might pass across a SONET/SDH link (used for trunk lines) or a satellite connection using IPoS (IP

over satellite) or IPoDVB (IP over digital video broadcast).

A network interface is a piece of hardware that provides a link-layer interconnect. A host can have many network

interfaces. For example, you might have one or more (wired) Ethernet interfaces, a Wi-Fi interface, a Bluetooth

interface, or even a cellular modem (whether attached by USB to a Mac or built into an iPhone or iPad). In

addition, certain pieces of software provide (virtual) network interfacesVPN software, virtualization

environments (like the Classic environment in OS X 10.4 and earlier), and so on.

Each network interface is generally connected to one or more additional interfaces; the connection between

them is called a link. Although these interfaces are not always physically connected to one another, a link

appears to be equivalent to a physical wire as far as the operating system and software are concerned. For

example, two computers connected by an Ethernet hub or switch have a link between them (because the hub


10

Networking Layers

and switch are transparent), but two computers separated by a network router do not (because the operating

system has to know to send data to the router instead of sending it directly to that hostmore on routing

later).

When writing software, unless your software interacts with the link layer directly (by sending and receiving

raw packets, configuring a network interface, reading the hardware ID of a network interface, and so on), the

operating system largely hides the differences between link layers from you (although it cannot fully isolate

you from differences in bandwidth, latency, or reliability).

The IP LayerSitting on top of the link layer is the IP layer. The IP layer provides packet transport from one host to another

in such a way that the packets can pass across multiple physical networks.

The IP layer adds the notion of routing to the picture, which lets you send a packet to a distant destination.

Briefly put, the packets from a host travel to a nearby router across some physical link, which routes the packet

to another router, which routes it to another router, and so on, until it reaches its destination. Reply packets

travel back in much the same way. The path your packets take is called a route, and each link that the packets

follow from one router to another along the route is called a hop.

The IP layer also helps abstract away differences in the link layer. In particular, different link layers support

packets with different maximum sizesreferred to as the maximum transmission unit (MTU). To hide this

difference, the IP layer splits packets into multiple piecesa process known as fragmentationand reassembles

them at the other end. (Note that fragmentation applies only to taking a packet and splitting it; in the case of

TCP/IP, the sending host packetizes TCP, but because it did not start out as discrete packets, this is not considered

fragmentation.)

On most networks, the amount of time a network takes to deliver a single packet is independent of the packets

size up to the MTU. For example, on an Ethernet network, it takes the same time slice whether you send a

packet that is 100 bytes or 1500 bytes in length. For this reason, repeatedly fragmenting a packet results in a

hefty overhead.

For example, if you send a 1500-byte packet through a network with a 1400-byte MTU on its way to a third

network with an MTU of 1300 (these numbers are arbitrary), your 1500-byte packet would first get broken up

into a 1400-byte packet and a 100-byte packet. Later, the 1400 byte packet would get broken up into a 1300-byte

packet and a second 100-byte packet, for a total of three packets (1300 + 100 + 100). If you instead sent a

1300-byte packet and a 200-byte packet, your data would take one-third less bandwidth on the final network.

Fragmentation also has another cost. If a fragment of a packet is lost, the entire packet is lost. This means that

on a network with high packet loss, fragmentation can increase the rate of retransmission required (which, in

turn, can make the packet loss worse).

Networking LayersThe IP Layer


11

To avoid this problem, when performing TCP communication, most modern operating systems use a technique

called path MTU discovery to determine the largest packet that can pass from one host to another without

fragmentation, thus maximizing the use of available bandwidth. If you are writing code that sends and receives

raw packets, you should consider taking similar steps. Where possible, however, you should use TCP/IP, which

does this for you.

Transport LayerOn top of the IP layer, youll find several transport layers. When writing networking code, you will almost

invariably be working with one of these transport layers or with a higher-level layer built on top of them.

The two most common protocols at this layer are the transmission control protocol (TCP) and the user datagram

protocol (UDP).

Both TCP and UDP provide basic data transport from one host to another, much like IP, but add the notion of

port numbers. These port numbers let you run multiple services on a single host by providing a way to tell the

receiving host which service should receive that particular message.

Like the layers below it, UDP provides no guarantee that the data will ever reach its destination. If your program

uses UDP, you must handle any retransmission yourself, if necessary. UDP may be a good choice for situations

where low latency is required, such as real-time game communication, because if the client state update isnt

available within a few milliseconds, the data is no longer useful anyway. However, as a rule, you should generally

avoid UDP unless you have to support an existing protocol that uses it.

Note: Because UDP packets do not block waiting for confirmation of previous packets, you cancause serious network congestion if you use UDP improperly. If you need to use UDP, be sure to

stop sending packets if you lose communication with the other endpoint for a period of time. If you

are transmitting high-bandwidth data (such as a real-time audio or video stream), be sure to design

your protocol so that each endpoint can determine the number of packets that it failed to receive.

Also, be sure that the two endpoints scale down their transmission rate automatically when congestion

occurs, and implement path MTU discovery where possible.

Unlike UDP, TCP adds:

Delivery guaranteesData transmitted using TCP is guaranteed to be received in the order in which it

was sent and (connection failures notwithstanding) in its entirety. If data cannot be transmitted, the

connection is torn down after a long timeout. However, all data received up to that point in time is

guaranteed to be in order and without missing fragments in the middle.

Networking LayersTransport Layer


12

Congestion controlSending hosts back off the speed of transmission (and retransmission) if data is

getting dropped along the way due to an over-utilized link.

Flow controlWhen busy, receiving hosts tell sending hosts to wait until they are ready to handle more

data.

Stream-based data flowYour software sees the data as a series of bytes instead of as a series of discrete

records (messages, in UDP parlance). Note that if you want to use TCP to send a series of discrete records,

you must encode the record boundaries yourself (using MIME multipart message encoding, for example).

Path MTU discoveryTCP chooses the largest packet size that avoids fragmentation en route.

By contrast, UDP supports three things that TCP does not:

Broadcast messages in IPv4packets sent to a broadcast address are received by every host within its

broadcast domain (which is usually its subnet).

Multicast messagesUDP packets sent to a multicast address are sent out to any host that subscribes to

them; those hosts may be on the local area network (LAN) or may be behind a router, but in practice are

usually limited to the LAN.

Preservation of record (packet) boundaries. With UDP, the receiver sees each message individually instead

of as a continuous stream of bytes.

TCP and UDP also depend on another protocol, the Internet control message protocol (ICMP) that sits on top of

the IP layer. ICMP packets are used for reporting connection failures (destination unreachable, for example)

back to the connecting or sending host. Although TCP and UDP sockets can connect successfully without ICMP,

the ability to detect connection failures is significantly reduced.

In addition to providing support for TCP and UDP, ICMP echo packets form the basis for the ping tool, which

is commonly used to diagnose network problems. When the destination host (or router) receives an ICMP echo

packet, it echoes the packet back to the sender, thus giving you some idea of the rate of packet loss between

two hosts.

Note: There are a number of other protocols that sit on top of the IP layer (RSVP, IGMP, and IPSEC,for example), but these protocols are more specialized and are thus outside the scope of this overview.

Many of these protocols are blocked by firewalls (routers that limit what types of traffic can pass).

On top of these transport layer protocols, you can optionally have encryption layers such as TLS (transport

layer security) on top of TCP or DTLS over UDP.

Networking LayersTransport Layer


13

Similarly, various encapsulation schemes are built on top of transport layer protocolsthe L2TP and PPTP

protocols used by many VPNs, for example. These encapsulation layers appear to your program as a separate

network interface (because they provide a virtual link layer). Under the hood, however, traffic over that interface

looks like any other TCP/IP stream to a single host (the VPN server).

The Application LayerThe application layer sits at the top of the protocol stack. This layer includes such protocols as hypertext transfer

protocol (HTTP) and file transfer protocol (FTP).

The application layer is so named because the details of this layer are specific to a particular application or

class of applications. In other words, this is the layer that is under your programs direct control, whether you

are implementing your own application-layer protocols or are merely asking the operating system to do so on

your behalf.

Networking LayersThe Application Layer


14

Latency refers to the round-trip time for a requestspecifically, the time for the initial packet to reach its

destination, for the destination machine to reply, and for that reply to reach the requestor. Every network has

latency. The total amount of latency that youll get when connecting to a given remote host can vary widely,

depending on network conditions.

Assuming your network connection is not overloaded, the bulk of a connections latency comes from the laws

of physics. The minimum latency between two points on the earth can be calculated by dividing the distance

by the speed at which light or electricity moves in a particular medium (which is usually a large fraction of the

speed of light in a vacuum, c).

For example, consider a packet traveling round trip from New York to San Francisco (about 2,900 miles, or

4,670 km):

Over copper wire, the data moves somewhere between .66c and c (depending on the type of wire). Thus,

a packet takes at minimum 1524 ms each way, or about 3048 ms round trip. This delay is barely noticeable.

Over an optical fiber, the data moves at about 0.65c. Thus, a packet takes at minimum 24 ms each way,

or about 48 ms round trip. This delay is also barely noticeable.

Over a satellite connection, the packet must go to geostationary orbit (at an altitude of 35,786 km) and

back down again. For a round trip, it must do this twice. Thus, at approximately c, the minimum round-trip

latency is about 477 milliseconds, or almost half a second. This delay is painfully noticeable.

These calculations represent an absolute lower bound for the latency of a connection through those media.

There are several other factors that can add additional latency on top of the link latency:

Routing delays. A network packet can be further delayed by buffering at routers along its route. Whenever

the rate of data exceeds the capacity of a particular network hop, the packets must be delayed until they

can be sent. If your packets must travel through a highly congested network hop, this buffer delay can

add considerable latency.

For example, if a particular network hop is limited to 100 packets per second, a router can send only one

packet down that wire every 10 milliseconds. Thus, when a router receives an additional packet to send

down that wire, it must buffer the packet until the next free slot. If there are no other packets waiting to

be sent, then the packet will be sent in ten milliseconds or less (five, on average). If there are already three

packets waiting, then the packet will be delayed by an additional 30 milliseconds. Latency caused by time

slots can be particularly noticeable in some types of cellular communications (EDGE, for example).


15

Understanding Latency

Retransmission and exponential backoff. Whenever a host sends a TCP packet, it waits a while for the other

end to acknowledge receipt of the packet. If it does not receive that acknowledgement after a period of

time, the sender retransmits it. As the number of failures increases, the sender increases the retransmission

delay exponentially, under the assumption that the packet loss was probably caused by a saturated link

en route to the destination. Thus, a network connection with high packet loss (more than 1-2 percent)

can significantly reduce performance.

Signal propagation delays within hardware that receives, transmits, forwards, or repeats packets. For

example, an Ethernet switch must receive an entire packet before it can begin sending the packet to its

destination. Although a single switch or repeater adds only a small delay, those delays can add up over

long distances. For example, early fiber optic cable systems required repeaters every 10 km (at most). Thus,

an older fiber run from New York to San Francisco could easily have nearly 500 repeaters.

Understanding Latency


16

At every level of networking, each host is assigned one or more numeric identifiers that uniquely represent it

within a particular network (though they are not always globally unique). The exact nature of those identifiers

varies depending on whether you are working with networking at a high level (IP, for example) or a low level

(raw Ethernet packets, for example).

Link-Layer AddressingAt the link layer (physical layer), each network interface is usually identified by a globally unique hardware ID:

EthernetMAC address (short for Media Access Control)

Wi-FiMAC address (short for Media Access Control)

BluetoothBluetooth hardware ID (similar to a MAC address, but it does not share the same namespace)

GSM CellularIMEI (International Mobile Equipment Identity)

CDMA CellularESN (Electronic Serial Number) or MEID (Mobile Equipment Identifier)

Because the identifier uniquely identifies a single network interface, you should never encounter two physical

devices that share the same hardware address on the same physical network. More importantly, if a single host

has more than one network interface of the same type, each interface has a different hardware ID.

The hardware ID is used to determine whether a particular device should listen to a packet or ignore it. Some

physical networks also limit which packets get sent down a particular wire, based on whether an interface

matching that hardware ID was seen on that wire previously. These networks are referred to as switched

networks. Networks in which every host sees every packet, by contrast, are called shared networks.

Note: Most programs do not need to use link-layer addresses directly.

IP-Layer AddressingAt the IP layer and above, hosts are identified by an IP address (which is also sometimes called an IP number).

An IP address can be in one of two forms: IPv4 or IPv6.


17

Addressing Schemes and Domain Names

An IPv4address consists of four bytes, and is usually represented to the user as a series of four numbers separated

by decimal points. For example, the loopback address that always sends data back to the sending machine is

127.0.0.1.

Because the IPv4 address space is limited in size (and rapidly running out), the IPv6 standard was created. This

standard greatly expands the number of available addresses.

An IPv6address is a 128-bit value, and is usually written as eight groups of 16-bit hexadecimal numbers separated

by colons. Leading zeros in each group can be omitted as long as there is at least one digit in each group. For

example, the IPv6 loopback address, 0000:0000:0000:0000:0000:0000:0000:0001, can be simplified to

0:0:0:0:0:0:0:1.

Also, if an IPv6 address contains several groups of zeros in a row, you can omit those groups and replace them

with a double colon. You can do this only once per address (because otherwise the address would be

ambiguous). Thus, the IPv6 loopback address, 0:0:0:0:0:0:0:1, can be further simplified to ::1 (by replacing

all the leading zero groups with a double colon).

Domain Name System (DNS)IPv4 addresses are hard to remember, and IPv6 addresses are quadruply hard (because they are four times as

long). To make it easier to describe a particular host, the domain name system (DNS) was invented. Besides

being easier to remember, domain names have several other advantages over IP addresses. Domain names:

Minimize service disruption when an IP address changes. The IP addresses of a given host can change

over timewhen a mobile phone goes out of Wi-Fi range, when a user reboots his or her cable modem

at home, when the owner of a server changes ISPs, and so on. By updating the domain name record to

point to the servers new address, users can continue to access the server by the same name.

Allow a host to be accessed by more than one address. To improve robustness and performance, a server

might have multiple IPv4 and IPv6 addresses on multiple physical network connections. If they all share

the same domain name, clients can connect to any of its addresses. And when new addresses are added,

clients can automatically learn about them.

Allow multiple physical hosts to pretend to be a single host. For example, a single domain name might

be serviced by a dozen servers that are geographically distributed around the world to improve performance.

Can adapt to changes in the underlying technology. For example, an app that connects to a host by name

does not need to care whether that host is reachable by IPv4 or IPv6. It asks for the address, and the domain

name resolver returns an appropriate data structure for connecting to that host.

This section describes the parts of a domain name and the DNS lookup process at a high level.

Addressing Schemes and Domain NamesDomain Name System (DNS)


18

Whats in a (Domain) Name?A domain name is a human-readable name that describes a particular host. Each domain name is made up of

a series of parts separated by periods. The easiest way to explain these parts is by example. Consider the

hostname mail.example.com:

comThis part of the domain name is outside your administrative control. This may have multiple parts,

but at a minimum, it contains a top-level domain (TLD). These top-level domains fall into one of the

following categories:

A generic TLD such as .com, .org, or .net

A restricted TLD such as .biz, .edu, or .gov

A sponsored TLD such as .mobi, .museum, or .travel

A two-letter country code such as .us

When the top-level domain contains a country code, the portion of the domain name outside your control

may have multiple parts. For example, a business in the UK generally has an address in the .co.uk

namespace.

Each of the top-level domains, in turn, is part of the dot (.) root domain. In common usage, the root

domain does not contribute any characters to the domain name itself. Under the hood, however, every

fully qualified domain name ends in a period. For example, the name apple.com. can resolve to exactly

one domain. The name apple.com typically resolves to apple.com., but if that lookup fails, it could also

resolve to apple.com.example.com if your computer is configured with example.com as its default

search domain.

exampleThe domain part. This part is under the administrative control of your company or organization,

and applies to the company or organization as a whole.

mailThe host part. This part allows you to uniquely identify multiple servers in a single domain. In

addition, the domain name itself (with no host part) is also a valid hostnameapple.com, for example.

Domains can also contain any number of subdomains. For example, www.david.example.com would be the

www host in the david subdomain of the example.com domain. For that matter, even the example.com

domain is a subdomain of the com domain, which is itself a subdomain of the root domain. Every domain

(except the root domain) is a subdomain of another domain.

Be aware that in the context of end-user discussions, the term domain is often used to refer to the largest part

of the domain hierarchy that someone who wants to set up a service can actually buy or otherwise request.

Thus, in the com hierarchy, a domain would contain two partsapple.com, for example. Similarly, a domain

in the au hierarchy would include at least three partsapple.com.au, for example. It is not strictly correct

to limit the use of these terms in this way, but this usage is not uncommon.



19

In general, domain names must be in ASCII (although there is a standard for internationalized domain names)

and can contain only letters, numbers, and hyphens. Domain names are case-insensitive. For more information

about internationalized domain names, see http://www.icann.org/en/resources/idn.

Looking Up NamesBefore a computer or other device can contact the host associated with a domain name, it must first look up

the name to obtain the corresponding IP addresses. To do this, it contacts a DNS server. After the server returns

one or more IP addresses, the computer or device can then connect to the remote host using any of those

addresses.

Because a number of different agencies in different countries work together to manage the domain name

system, the process for looking up addresses is somewhat complicated. A typical domain lookup includes the

following steps:

1. Your computer or other device sends a query to a DNS server.

2. Your local DNS server sends a query to one of several central servers (called the root servers), asking what

server is authoritative for the domain.

3. The root servers generally delegate responsibility for the lookup. Instead of providing a response with the

IP address for www.david.example.com, the root servers instead tell you to ask another server at a

specific IP address.

4. Your local DNS server sends a query to that TLD server, asking what server is authoritative for the domain.

5. The TLD server consults a database to see which servers answer requests for the specified domain.

6. The TLD server delegates responsibility for the lookup to the authoritative servers for the domain (and

provides their IP addresses).

7. Your local DNS server sends a query to one or more of the servers provided by the TLD. That query asks

for the hosts IP addresses.

8. That server either returns one or more IP addresses or further delegates responsibility to another server.

For example, if you are looking up a host in the com top-level domain, your computer makes two requests:

one asking for a list of IPv4 addresses and one asking for a list of IPv6 addresses. The root server then delegates

responsibility to a gTLD (generic top-level domain) server, which in turn delegates responsibility to a server

that is authoritative for the domain. That authoritative server may either return the answer or further delegate

responsibility to another server for a specific subdomain.



20

This process of asking other servers to provide information is called recursion. In general, DNS servers that are

intended for use by end users (caching servers) support recursion, whereas DNS servers that are authoritative

for a specific domain do not. For this reason, your local DNS server may have to talk to several DNS servers

before it finally reaches one that answers for a specific domain or subdomain.

You can use the whois tool to learn about the domains within most registries, including which domain name

servers are authoritative for the domain. For more information, see the whois man page. You can also use the

nslookup and dig tools to perform traditional unicast DNS lookups, and dns-sd to browse, resolve, and

advertise Bonjour services.

Other Uses of DNSDNS lookups can provide more than just IP addresses. The DNS record for a hostname can contain various

record types that each provide different kinds of information. A few of the more interesting record types

include:

AAn IPv4 address.

AAAAAn IPv6 address.

CNAMEA canonical name (mapping one hostname onto another hostname).

DNSKEYAn encryption key used by DNSSEC (a cryptographically secure enhancement to the domain

name system that is in the process of being phased in) when verifying the authenticity of a DNS reply.

MX (mail exchanger)The mail server (or servers) that should accept mail on behalf of the specified domain.

NSThe name server delegation for a particular record (indicating that a request for that record should

be answered by another server).

PTRA pointer to a canonical name. Similar to a CNAME record except that resolving typically stops at

this point, and the client must then resolve the resulting CNAME, if desired. This is primarily used for reverse

DNS lookups (because the goal is to get a name from an IP address, not to get the IP address back again).

It is also used by DNS Service Discovery to store the human-readable name for a service.

SOA (start of authority)Used primarily to indicate how long clients should cache the results and which

other servers are authoritative for the domain.

SRVContains the hostname and port for a provided service. This record type is used by DNS Service

Discovery.

TXTContains a series of informational attributes used by DNS Service Discovery.



21

Although some network connections are point-to-point links between two hosts, most network connections

involve more than two hosts, often connected through a hub, switch, router, or other hardware. This means

that each host can potentially receive packets intended for other hosts on the network. Thus, each host must

be able to recognize whether it is the intended recipient so that it does not incorrectly act upon someone

elses packet.

To support this, each packet contains a the link-layer address of its intended recipient. When the host receives

a packet intended for another host, it ignores it. In many systems, this filtering is performed in hardware, so

that the operating system does not need to concern itself with other hosts traffic.

Important: Link-layer addressing provides correctness, not security. Although the operating system doesnot send other hosts traffic to programs through TCP or UDP sockets, it is not obligated to discard those

extraneous packets entirely. Packet sniffing tools like tcpdump can easily place a network interface into

promiscuous mode, allowing those tools to capture and examine packets intended for other hosts on the

network.

Because of this design, when two hosts need to communicate across a local physical network, the sending

host needs to know the link-layer address of the receiving host before it can start sending packets. To provide

that information, the hardware-specific portions of the operating system use various means to convert between

a logical address (such as an IP address) and a physical address (such as an Ethernet MAC address). The

mechanism for performing this conversion depends on the type of network:

On Ethernet-like networks, the operating system can obtain a hardware address from an IPv4 address

using the address resolutionprotocol (ARP). An ARP request consists of a broadcast message on the network

(a message that all hosts receive) asking who has a particular IP address. The host that owns that IP address

then responds with its link-layer address.

For IPv6 communication over Ethernet, hosts use a similar protocol called the neighbor discovery protocol

(NDP) (which also serves other purposes, including router discovery) that is based on ICMP.

Non-Ethernet-like networks use various protocols, but they generally behave similarly at a high levelthe

network driver (or other software or hardware acting on its behalf ) provides a way to map from an IP

address to some hardware-specific value that uniquely identifies a packets destination.

Point-to-point networks (such as VPN tunnels) do not need to perform this mapping because every packet

is being sent to the host on the other end of such a link.


22

Packet Routing and Delivery

On cellular networks, when a mobile phone initiates communication with a cellular tower, the tower

assigns the phone a specific frequency, time slot, or both. From that point on, the connection behaves as

a point-to-point network.

When two hosts need to communicate across a larger distance, however, these protocols are not sufficient for

two reasons:

It would be infeasible to relay a broadcast packet throughout the entire Internet.

Even if you could obtain the link-layer address of a distant host, that information by itself would not be

sufficient to determine how to get packets to that host.

Thus, ARP packets are limited to a physical local area network, and the Internet uses routing to determine how

to send packets to distant machines. More specifically, a router is a type of infrastructure device that knows

how to send data from one range of IP addresses to another range.

Edge routerssmall routers that provide service to a single customer siteusually know nothing more

than the IP range on one side of the network. Any packets sent to the narrow range of IP addresses within

your in-home network are sent out through one physical port, and any packets sent to any other address

are sent out through the other port (which may then pass through a built-in or external cable modem,

DSL modem, or other encoding hardware on its way upstream).

Core routersrouters that provide service for major Internet backbone routeshave multiple physicalconnections, and keep large routing tables that tell which direction to send packets within a given IP

range. They use protocols such as the border gateway protocol (BGP) or the routing information protocol

(RIP) to advertise new routes to one another. Whenever a new physical cable comes online, the router at

one end tells its peers that it now has a route to the router at the other end. Its peers then propagate that

advertisement to other routers, and so on.

Similarly, when a link is severed (whether because of an intentional change or because a backhoe inadvertently

severed a fiber bundle while digging for a new sewer main), the routers on either end can detect the problem

and reroute packets transparently through a different link. This design allows the Internet as a whole to be

dynamically reconfigurable and robust against hardware failures.

Because the network topology is complex and regularly changing, networking performance is also complex

and regularly changing. For example, if you have a laptop connected to a Wi-Fi router, and two desktop

computers connected by Ethernet, communication between the two desktop computers is faster than

communication between the laptop and the desktop computers. Both local connections are probably faster

than the connection to any site on the public Internet. And the speed at which you communicate with one

site can be much faster or slower than another site simply because the connection passes through different

routers, cables, and so on.

The details of routing differ depending on whether you are using IPv4 or IPv6.

Packet Routing and Delivery


23

IPv4 RoutingAn IPv4 address consists of a 32-bit number, divided into a host part and a network part. The host part uniquely

identifies a given host on a given physical network. The network part identifies the network to which the host

is connected.

Note: The host part of an IP address uniquely identifies a host, but the relationship is not necessarilyone-to-one. A host can have multiple interfaces on multiple networks, each with its own IP address.

Further, a single network interface can have multiple IP addresses on the same physical network.

Depending on how a particular block of IP addresses has been divided up by its owner, the network part may

be as small as 8 bits, or as large as 30 bits.

For networking to work correctly, each host must know three things: its own IP addresses, the IP address of

the destination host, and whether that destination host is on the same network as one of its own addresses.

The host uses that information to determine whether to send a packet directly to its destination (if the destination

is on the same network) or through a router (if it isnt).

Most hosts make this decision using a fairly simple algorithm:

For IP addresses in which the network bits all match, the host sends the packet directly to the destination

host (using ARP or other protocols to discover its physical address).

For all other IP addresses, the host sends the packet to the router for the primary physical network (using

ARP or another protocol to discover the routers physical address based on its IP address). This particular

router is known as the default gateway.

If the host knows something special about the IP addressfor example, if it knows that the IP address is

on the other side of a VPN connectionit may send the packet to a router other than the default gateway,

but this is the exception rather than the rule.

To represent how big the network part is, a host uses a netmask. A netmask is a 32-bit value in which a 1 bit

indicates that the equivalent bit in an IP address is in the network part, and a 0 bit indicates that the matching

bit is in the host part. The netmask is usually written in the same format as an IP address. For example, if you

have a 28-bit network part, the netmask is 255.255.255.240. Table 5-1 shows how the IP address for

developer.apple.com can be decomposed into a network part and a host part based on an example

netmask.

Packet Routing and DeliveryIPv4 Routing


24

Table 5-1 An IPv4 network address and (example) netmask for developer.apple.com

Host PartNetwork Part

1292.254.17.IP address

10000001000000101111111000010001IP address

(in binary)

00.0.255.Netmask

00000000000000000000000011111111Netmask

(in binary)

Note: Because the size of the network portion of an address is just a policy decision made by theadministrators of the network to which that IP address belongs, the example in Table 5-1 shows just

one of many possible network masks that could theoretically be used for developer.apple.com

(and is not the actual netmask).

Because the network part and host part are always contiguous (in practice), this netmask is often shortened

to a single number representing the number of 1 bits in the netmask, which is usually preceded by a slash.

Thus, the aforementioned network with a 28-bit network part is sometimes referred to as a /28 network, the

example in Table 5-1 is a /8 network, and so on. In theory, you can create a network with any arbitrary

combination of zeros and ones in the netmask, but there is no guarantee that all operating systems or network

management software will correctly support such a nonstandard configuration.

Given a particular value for the network part, the valid range of IP addresses available for use in the host part

is referred to as a subnet or netblock. A subnet might, for example, use 24 bits for the network part, leaving 8

bits for the host part. This gives you a block of 256 IP addresses to work with.

However, not all of those 256 IP addresses are actually available. Within any given subnet, there are three

special IP addresses reserved: the broadcast address, the network address, and the router address.

The broadcast address is an address in which the host part is all ones. If you send a packet to this address,

it is received by every host within the same broadcast domain (usually the subnet), and it is never routed

beyond the local area network.

Performance Note: As a general rule, you should avoid sending data to a broadcast address.Instead, use a multicast address. Multicast allows interested hosts to listen without inundating

uninterested hosts, and can be set up to work across subnet boundaries.



25

The network address is an address in which the host part is all zeros. It was used by older operating systems

as the broadcast address, so for historical compatibility reasons, this number is reserved.

The router address is the address of your router. It can be any IP address within the subnet (or in rare

situations, outside the subnet), but it must be reachable without routing, which means that it must be on

the same physical network. Usually, the router address consists of a host part that is all zeros except for

the lowest bit (which is one higher than the network address).

Note: As a special exception, point-to-point networks (networks between two hosts in which oneof the two hosts acts as a router) do not need a separate router or network address.

In addition, IPv4 reserves certain addresses for specific uses. The design allows you to recognize specific address

types by looking for specific patterns in the high-order bits, as listed below:

IPv4 maskAddress type

0.0.0.0Unspecified address

Used to indicate the absence of an address. May not be assigned to any host.

127.0.0.1Loopback address

An address that allows a host to connect back to itself (localhost).

224.0.0.0/4Multicast address

An address used to send packets to any interested party.

169.254.0.0/16Link-local unicast address

An address that should never be routed.

10.0.0.0/8

172.16.0.0/12

192.168.0.0/16

Site-local unicast address

An address that should be routed only within the customer site.

IPv6 RoutingAn IPv6 address is divided into the following parts:

A 64-bit network identifier, which in turn is divided into the following parts:



26

Global routing prefixTells which service provider owns the number. This part may be organized

hierarchically, and thus may effectively be divided into many smaller parts, but this is a policy decision

by the service provider, and is not visible outside the organization.

Subnet IDIdentifies an individual physical network at the customer site. This part may be organized

arbitrarily by the customer site.

The division between the two parts is arbitrary. An ISP assigning a block to a big company might assign

a /48 block (48-bit global routing prefix, 16-bit subnet, 64-bit interface), allowing the customer to create

up to 216 distinct networks. On the other hand, an ISP assigning a block to an individual home might assign

a /64 block in which the ISP owns the entire network part and the customer has only a single network.

A 64-bit interface identifier that identifies the host within that network. (The host address is often generated

programmatically from the hosts MAC address.)

Table 5-2 The structure of an IPv6 address

Host partNetwork part

Interface ID

64 bits

Subnet ID

64-n bits

Global routing prefix

n bits

Note: As with IPv4, the host part of an IP address uniquely identifies a host, but the relationship isalmost never one-to-one. A single network interface typically has multiple IP addresses on the same

physical network (as described in Neighbor Discovery and IPv6 Address Assignment (page 31)). A

host can also have multiple interfaces on multiple networks, each with its own IP address.

In concept, IPv6 routing is similar to IPv4 routing. However, there are no reserved broadcast or network

addresses. Instead, a special link-local all nodes multicast group (ff02::1) provides similar functionality.

Similarly, there are no variably-sized subnets; the per-interface portion is always 64 bits.

IPv6 reserves certain addresses for specific uses. The design allows you to recognize specific address types by

looking for specific patterns in the high-order bits, as listed below:

Mask bit patternIPv6 maskAddress Type

00000000....00000000::/128Unspecified address

Used to indicate the absence of an address. May notbe assigned to any host.



27

Mask bit patternIPv6 maskAddress Type

00000000....00000001::1/128Loopback address

An address that allows a host to connect back to itself(localhost).

11111111FF00::/8Multicast address

An address used to send packets to any interestedparty.

11111110 10FE80::/10Link-local unicast address

An address that should never be routed.

11111110 11FEC0::/10Site-local unicast address

An address that should be routed only within thecustomer site.

All other address patterns are assumed to be globally routable unicast addresses.

Firewalls and Network Address TranslationMost routers are configured to be as transparent as possible from the perspective of hosts on either side.

Routers that are not transparent are called firewalls.

A firewall is any router that inspects traffic, modifies traffic, or blocks specific subsets of traffic that flows through

it. Like a physical firewall (a fireproof wall that prevents fire from spreading from one part of a building to

another), network firewalls are commonly used as edge routers to improve the security of corporate or home

networks by limiting the ways that an outside attacker can interact with that network.

Firewalls are commonly used to:

Block specific ports. For example, many firewalls block ports related to file sharing protocols such as SMB

or AFP so that those services are accessible only within the local network.

Block malformed or spoofed network packets. Malformed packets have been used over the years for a

number of denial-of-service attacks, including Smurf attacks, the ping of death, and the INVITE of death.

Perform deep packet inspection to detect and report suspicious traffic.

Perform network address translation (NAT), in which the firewall changes each packets source or destination

address or port.

Packet Routing and DeliveryFirewalls and Network Address Translation


28

Network address translation deserves further explanation. NAT is most commonly used to make traffic from

every machine on one side of a firewall appear to have originated from a different IP address. It can serve

different purposes depending on how it is configured:

Masquerading: A configuration in which connections from inside the firewall are modified so that packets

appear to have originated at the firewall. When a host inside the firewall makes a connection to a host on

the public Internet, the firewall creates a temporary translation rule that rewrites the source address to

that of the firewall, and the source port number to a high-numbered port.

In this configuration, hosts behind the firewall can connect to the Internet, but hosts on the Internet at

large cannot make connections back to machines on the inside of the firewall. This significantly improves

security, but can break certain network protocols that rely on that ability.

Destination NAT: A configuration in which connections from outside the firewall result in connections to

hosts inside the firewall whose IP addresses are different. This arrangement is often used for certain types

of load balancing, to make multiple servers appear as though they were a single server.

Some masquerading firewalls also support protocols that let applications running on hosts inside the firewall

request temporary destination NAT rules so that outside hosts can temporarily reach them. The two most

common protocols for supporting this are the network address translation port mapping protocol (NAT-PMP)

and the internet gateway device (IGD) standardized device control protocol (part of the Universal Plug And

Play standard, or UPnP).

In OS X and iOS, Bonjour provides built-in support for creating port mappings through firewalls that support

NAT-PMP or UPnP. Services advertised using wide-area Bonjour are automatically mapped. For services advertised

in other ways, you can call DNSServiceNATPortMappingCreate to create the mapping, and

DNSServiceRefDeallocate to destroy the mapping. These mappings are also torn down automatically

when the process that created the mappings exits.

Packet Routing and DeliveryFirewalls and Network Address Translation


29

In the early days of the Internet, every host was assigned a unique IP address that was hard-coded into its

configuration files. As the Internet grew in popularity among less technically savvy users, and diskless devices

became prevalent, it became impractical to manually change the IP address of each machine every time you

changed networks. (This became even more important when laptops and wireless networking became

commonplace.)

To solve this problem, a number of protocols were developed culminating in the modern Dynamic Host

Configuration Protocol (DHCP) standard, IPv6 neighbor discovery, DHCPv6, and link-local addressing. These

protocols are described further in the sections that follow.

Dynamic Host Configuration Protocol (DHCP) and DHCPv6In IPv4, DHCP provides a means for a computer or other device to ask a central server for an IPv4 address

suitable for use on the network. Depending on the server, the IPv4 address can be either assigned randomly

from a pool of available addresses or assigned manually by an administrator based on the requesting hosts

MAC address.

In IPv6, the DHCPv6 protocol can optionally be used in a similar way, though IPv6 addresses can also be acquired

through stateless address autoconfiguration, as described in the next section.

A DHCP server can also provide additional information needed for routingthe subnet mask and router

address, for exampleas well as domain name servers, directory servers, and other arbitrary data as defined

by various extensions to the protocol.

The way DHCP works (at a high level) can be summarized as follows: the client broadcasts a request for an IPv4

address. After the server assigns one, the client is said to own a lease for that IP address that lasts a particular

period of time. The client may renew that lease at any time until the expiration date. The server is not obligated

to agree to extend the lease, but most servers do.

Generally speaking, if the client is connecting for the first time, this exchange is a series of broadcast UDP

packets. If the client is renewing an existing (still valid) IP lease, the exchange can be sent with unicast UDP

packets (at the clients discretion).

The client may continue to send requests for additional data (DNS servers, network volume mounts, Active

Directory domain controllers, and so on) by sending requests with extra options and waiting for the reply.


30

Dynamic Address Assignment

Neighbor Discovery and IPv6 Address AssignmentThe IPv6 protocol (built on top of ICMPv6) provides built-in support for neighbor discovery. Neighbor discovery

serves two purposes:

Discovering the hardware address of other hosts on the same physical network. This takes the place of

ARP.

Stateless address autoconfiguration (SLAAC). This is an alternative to much of the functionality provided

by DHCP.

When a host first connects to a network, it initially uses a self-assigned IPv6 address, which is globally unique

by design. This address allows the host to send neighbor discovery requests to solicit a router. The router then

provides the same sort of information that would appear in a DHCP offer under IPv4the IP address of the

router, the network prefix (which is roughly comparable to the network address and subnet mask), the IP

addresses of DNS servers, and so on. From there, the client can construct a routable IPv6 address to use when

communicating with the public Internet.

In addition to the self-assigned link-local address, each host constructs at least two additional IPv6 addresses:

a permanent address and a privacy address.

The host constructs its permanent address based on the hosts physical (link-layer) address. This results in an

address whose host part generally remains unchanged as the computer moves from network to network. This

address is intended to provide a consistent location where other hosts on the network can send data to the

host in question.

Additionally, each host constructs one or more privacy addresses. These addresses are generated randomly

and change over time. Thus, they are not tied to a particular piece of hardware. By default, outgoing connections

are sent using a privacy address.

Note: When registering services for public consumption, however, apps should not use the privacyaddress because it will change. If you use Bonjour to register your service, it will handle these details

for you. Bonjour is described in the next section.

Link-Local Addressing and BonjourDomain names are a great solution for permanent servers, but they cost money and require a technically savvy

user to configure them. Also, for non-public servers, a globally published domain name makes little sense.

Further, standard domain names are fairly challenging to use with dynamic IP addresses assigned by DHCP

servers and similar schemes. With an increasing number of dynamically configured networks, another solution

was needed.

Dynamic Address AssignmentNeighbor Discovery and IPv6 Address Assignment


31

To provide an alternative, OS X and iOS support Bonjour, an implementation of zero-configuration networking.

Bonjour consists of three parts:

Link-local addresses in IPv4A means for self-assignment of IP addresses in the absence of a DHCP server

or other means of IP address assignment. (Link local address assignment is built in to the IPv6 protocol

itself, and thus there is no need for Bonjour to duplicate this functionality.)

Multicast DNSA technology for providing DNS resolution when an infrastructure server is not present

or when local, unmanaged names are more convenient.

DNS Service DiscoveryA means of registering and discovering services.

The combination of these technologies allows multiple hosts on the same physical network to advertise services

and discover one another without the need for a permanent DNS infrastructure.

Typically, Bonjour uses multicast DNS to send a DNS Service Discovery query to every machine on a local

network, asking whether any of them provide a particular service. Each machine that provides the requested

service then sends a message back to the original machine. The result is that those machines can discover and

use services provided by other machines on the network without needing to tell each machine about those

services ahead of time.

DNS Service Discovery can be combined with link-local addresses to allow zero-configuration

networkingdiscovering networked devices even if you have no network infrastructure configured at all. For

example, you might share files between two computers over an ad hoc wireless network.

The way link-local addresses work is fairly straightforward.

For IPv4, if a host fails to obtain an address from a DHCP server, the computer chooses a random IP address

in a particular range (169.254.*.*), then uses a link-specific protocol (such as ARP) to ask who has that

address. If another machine responds, it tries a different address. If no machine responds, the host claims

that number as its own.

For IPv6, every interface has a link-local address within the fe80:: prefix, regardless of whether the

interface has another address assigned through SLAAC, DHCPv6, or other mechanisms. This address is

computed based on the interfaces hardware address if the interface has one (an Ethernet MAC address,

for example). If it does not, the address is chosen randomly within that prefix, and SLAACs duplicate

address detection protocol is used to guarantee uniqueness. See RFC 4862 for details.

Because these IP addresses are all in the same subnet, every host with a link-local address on a given local area

network can talk to every other host without going through a router. Thus, they can all discover one another

without the need for any additional infrastructure.

Dynamic Address AssignmentLink-Local Addressing and Bonjour


32

Note: These three Bonjour technologies can also be used independently of one another. In particular,multicast DNS can be used to look up the name of a machine on the local network without discovering

services. Similarly, traditional infrastructure DNS servers can provide information about services

through Wide-Area Bonjour.

Dynamic Address AssignmentLink-Local Addressing and Bonjour


33

This table describes the changes to Networking Concepts .

NotesDate

New document that describes the fundamentals of packets, routing,

dynamic address assignment, and service discovery at a high level.

2012-07-19


34

Document Revision History

Address Resolution Protocol (ARP) A protocol fordetermining the hardware address of a computer or

other device based on its IP address.

application layer The topmost layer of thenetworking protocol stack. This layer consists of data

formats and protocols specific to a given application.

For example, the HTTP (hypertext transport protocol)

standard is an application-layer protocol.

broadcast address A special address that sends apacket simultaneously to every device on a local

area network.

core router A router that provides service for majorInternet backbone routes. Core routers are powerful

devices that must handle a large volume of traffic

and usually must manage a large number of

simultaneous routes. Core routers participate in route

advertisements to discover or announce changes in

the network topology.

default gateway The default router used foroutgoing traffic if there is no explicit route for the

destination IP in the systems routing table.

domain name A human-readable name thatidentifies an Internet or intranet site; for example,

developer.apple.com is a domain name. By resolving

a domain name, an application can obtain a

corresponding IP address that is suitable for sending

data to that site.

edge router A router that provides connectivitybetween a customer site and an upstream ISP. Edge

routers generally route between only two or three

different networks, and thus usually do not

participate in route advertisements.

encapsulation The act of wrapping one packetinside another packet (usually of a different type).

For example, on a local area network, your IP packets

are encapsulated within Ethernet packets. The

Ethernet packets provide information about their

destination within the local area network. The IP

packets inside them provide information about what

to do with the packets once they reach the public

Internet.

firewall A router that limits the type of traffic thatcan pass. A firewall may block certain ports, perform

network address translation to hide the IP addresses

of hosts on one side, block malformed packets, or

perform various other packet rewriting operations.

fragmentation The process of breaking up a packetinto smaller pieces to accommodate network

connections with a smaller maximum packet size

(referred to as the maximum transmission unit, or

MTU).

header In the context of packets, the first part of apacket (before the actual payload) that contains

information about where the packet should be

sent.In the context of HTTP, a series of values that

provide information about the content of a request

or reply, such as the hostname, caching policies, and

so on.


35

Glossary

hop Any one of a series of physical links that makeup the route from one host to another.

host Any device that is connected to a network. Itmay be a client computer, a server, a mobile phone,

or even a network-attached printer.

hostname (or host name) A DNS name that pointsto a specific host (or a group of hosts that mimic a

single host).

infrastructure device Any device that providessupport for a networks basic operationfor

example, a router, a Wi-Fi access point, or an

Ethernet switch.

Internet Control Message Protocol (ICMP) Alow-level networking protocol that provides

out-of-band control messages that are used by the

operating system when making TCP connections.

ICMP is used mainly to deliver connection failure

notificationsconnection refused and host

unreachable messages, for example. However, it is

also used by some network diagnostic tools, such

as ping and traceroute.

IP (Internet Protocol) layer The networking layerthat provides basic transport of packets across the

Internet. It sits above the physical layer (hardware

interconnects) and below the transport layer (TCP

and UDP, for example).

IP address A number that uniquely identifies asingle host on the Internet (short for Internet

Protocol address). An IP address can be in one of

two forms: an IPv4 address or an IPv6 address.

IPv4 address An IP address consisting of four 8-bitnumbers (for a total of 32 bits). For example, the IP

address for developer.apple.com is 17.254.2.129.

IPv6 address An IP address consisting of eightgroups of 16-bit hexadecimal numbers (for a total

of 128 bits). If several groups in a row are all zero,

you can omit those groups and replace them with

a double colon (but only once per IP address). For

example, the IPv6 address for example.com is

2001:500:88:200::10.

latency The amount of time it takes for a packet toreach its destination, usually measured in

milliseconds. Latency is usually expressed as

round-trip latency, which refers to the amount of

time for a packet to reach its destination and for the

response packet to reach the original host. Latency

is important for two reasons. First, it increases the

amount of time it takes to establish a connection.

Second, it dramatically reduces performance when

using protocols that require the client to wait for a

response before sending subsequent requests.

link A physical connection between two hosts ona network (or a virtual connection that emulates a

physical connection) with no intermediate routers

(except for link-layer switches).

link layer The lowest layer of the network protocolstack. This layer provides support for the physical

transport of packets from one host to another across

a local area network or other physical link.

listening socket (or listen socket) A socketconfigured to listen for incoming connections.

Maximum Transmission Unit (MTU) The largestpacket size that can be delivered across a particular

link. The MTU is limited by the actual communication

hardware, and usually represents the maximum

payload size supported by the largest physical packet

that the hardware supports. However, in some cases

(such as gigabit Ethernet), the default MTU may be

further limited in software to maintain backwards

compatibility with legacy hardware that does not

support larger packets.

Glossary


36

multicast A special type of packet that issimultaneously delivered to a multitude of hosts on

the network, but not to every host (broadcast).

neighbor discovery protocol (NDP) A protocolused by IPv6 over Ethernet to learn about other

devices on the physical network. Among other

things, neighbor discovery can be used to learn the

hardware addresses of nearby devices, discover

routers and name servers, and determine

information about upstream links, such as their

Maximum Transmission Unit (MTU).

netblock See subnet.

netmask A collection of bits indicating whichportion of an IPv4 address is the network part and

which portion is the host part. If the network part of

the destination address is the same as the network

part of the source address, the two hosts are

considered to be within the same subnet.

network address A special reserved address withineach IPv4 network in which the host part is all zeros.

This address was used by older operating systems

as the broadcast address, so for historical

compatibility reasons, this number is reserved.

network address translation (NAT) A form ofpacket rewriting performed by a firewall in which

packets are modified to contain a different source

or destination IP address before passing them on.

NAT is most commonly used to make traffic from

multiple devices appear to come from a single

device, often for security or load balancing purposes.

network interface A piece of hardware (or virtualhardware) that represents the endpoint of a link.

packets A discrete unit of data that is sent across acomputer network.

path MTU discovery A process by which one hostdetermines the largest packet that can be sent to a

destination without fragmenting it. This allows the

host to fragment the data ahead of time, which

prevents packets from potentially being fragmented

more than once before reaching their final

destination. Path MTU discovery works by sending

packets with the Don't Fragment bit set. If any

router along the path responds by sending an ICMP

packet with the Fragmentation Needed bit set, the

host then tries progressively smaller sizes until the

packet reaches its destination successfully. See also

Maximum Transmission Unit (MTU).

payload The data contents of a packet (as distinctfrom the structure of the packet itself ).

physical layer See link layer.

port numbers A number that uniquely identifies aparticular service on a given host. Port numbers are

further divided according to whether they are TCP

or UDP ports.

recursion The use of recursive queries. A recursivequery asks the domain name server to perform

recursion on the clients behalf. If the domain name

server allows recursive queries, it then sends a query

to the root name server asking which server knows

the answer, then asks that server, and so on, until it

reaches a server that actually knows the answer to

the query. See also recursion.

route The path that packets take from one host toanother host. If the two hosts are on the same

physical network, the route consists of a single link;

if not, it passes through one or more routers.

router A device that routes packets between twoor more networks. A router determines which

network should receive each packet based on a set

Glossary


37

of routing rules. Most routers also communicate with

other routers to optimize those rules as network

links are added and removed.

router address The IP address of your router.

routing The process of taking a packet on onephysical network and retransmitting it on a different

physical network, using a set of rules to determine

which network should receive each packet. A device

that performs routing is called a router.

shared network A network in which every packetis received by every device on the network. This is

the opposite of a switched network.

subnet A range of IP addresses in which packetsfrom one host can be sent directly to another host

without going through an intermediate router.

switched network A physical network in which aninfrastructure device (called a switch) directs packets

based on their destination. This improves network

performance by ensuring that only the hosts that

need to receive a given packet actually see it. This

is the opposite of a shared network.

trailer The last part of a packet (after the payload)that usually contains a checksum of the payload

data.

Transmission Control Protocol (TCP) Atransport-layer protocol that provides bidirectional,

stream-based delivery of data, with flow control and

delivery guarantees (automatic retry). Contrast with

User Datagram Protocol (UDP).

transport layer The networking layer that sits ontop of the IP layer and can provide such features as

port numbers, delivery guarantees, flow control, and

checksums. The two most common transport-layer

protocols are the Transmission Control Protocol (TCP)

and the User Datagram Protocol (UDP).

User Datagram Protocol (UDP) A transport-layerprotocol that provides unidirectional, packet-based

delivery of data, with best-effort delivery (no

retransmission). Contrast with Transmission Control

Protocol (TCP).

Glossary


38

Apple Inc.Copyright 2012 Apple Inc.All rights reserved.

No part of this publication may be reproduced,stored in a retrieval system, or transmitted, in anyform or by any means, mechanical, electronic,photocopying, recording, or otherwise, withoutprior written permission of Apple Inc., with thefollowing exceptions: Any person is herebyauthorized to store documentation on a singlecomputer or device for personal use only and toprint copies of documentation for personal useprovided that the documentation containsApples copyright notice.

No licenses, express or implied, are granted withrespect to any of the technology described in thisdocument. Apple retains all intellectual propertyrights associated with the technology describedin this document. This document is intended toassist application developers to developapplications only for Apple-branded products.

Apple Inc.1 Infinite LoopCupertino, CA 95014408-996-1010

Apple, the Apple logo, Bonjour, FireWire, iPad,iPhone, Mac, New York, and OS X are trademarksof Apple Inc., registered in the U.S. and othercountries.

IOS is a trademark or registered trademark ofCisco in the U.S. and other countries and is usedunder license.

APPLE MAKES NO WARRANTY OR REPRESENTATION,EITHER EXPRESS OR IMPLIED, WITH RESPECT TO THISDOCUMENT, ITS QUALITY, ACCURACY,MERCHANTABILITY, OR FITNESS FOR A PARTICULARPURPOSE. AS A RESULT, THIS DOCUMENT IS PROVIDEDAS IS, AND YOU, THE READER, ARE ASSUMING THEENTIRE RISK AS TO ITS QUALITY AND ACCURACY.

IN NO EVENT WILL APPLE BE LIABLE FOR DIRECT,INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIALDAMAGES RESULTING FROM ANY DEFECT, ERROR ORINACCURACY IN THIS DOCUMENT, even if advised ofthe possibility of such damages.

Some jurisdictions do not allow the exclusion ofimplied warranties or liability, so the above exclusionmay not apply to you.

Networking ConceptsContentsFigures and TablesIntroductionNetworking TerminologyNetworking LayersThe Link LayerThe IP LayerTransport LayerThe Application Layer

Understanding LatencyAddressing Schemes and Domain NamesLink-Layer AddressingIP-Layer AddressingDomain Name System (DNS)Whats in a (Domain) Name?Looking Up NamesOther Uses of DNS

Packet Routing and DeliveryIPv4 RoutingIPv6 RoutingFirewalls and Network Address Translation

Dynamic Address AssignmentDynamic Host Configuration Protocol (DHCP) and DHCPv6Neighbor Discovery and IPv6 Address AssignmentLink-Local Addressing and Bonjour

Revision HistoryGlossary