Date post: | 29-Nov-2014 |
Category: |
Technology |
Upload: | douglaslyon |
View: | 297 times |
Download: | 0 times |
04/09/23 Internet Protocol 1
Network layer functions
• transport packet from sending to receiving hosts
• network layer protocols in every host, router
three important functions:• path determination: route taken by
packets from source to dest. Routing algorithms
• switching: move packets from router’s input to appropriate router output
• call setup: some architectures require call setup along path before data flows
networkdata linkphysical
networkdata linkphysical
networkdata linkphysical
networkdata linkphysical
networkdata linkphysical
networkdata linkphysical
networkdata linkphysical
networkdata linkphysical
application
transportnetworkdata linkphysical
application
transportnetworkdata linkphysical
04/09/23 Internet Protocol 2
Network service model
Q: What service model for “channel” transporting packets from sender to receiver?
• guaranteed bandwidth?
• preservation of inter-packet timing (no jitter)?
• loss-free delivery?
• in-order delivery?
• congestion feedback to sender?
? ??virtual circuit
or datagram?
The most important abstraction provided
by network layer:
serv
ice a
bst
ract
ion
04/09/23 Internet Protocol 3
Virtual circuits
• call setup, teardown for each call before data can flow• each packet carries VC identifier (not destination host OD)• every router on source-destination path maintain “state” for each passing
connection– transport-layer connection only involved two end systems
• link, router resources (bandwidth, buffers) may be allocated to VC– to get circuit-like performance.
“source-to-destination path behaves much like telephone circuit”– performance-wise
– network actions along source-to-destination path
04/09/23 Internet Protocol 4
Datagram networks: the Internet model• no call setup at network layer
• routers: no state about end-to-end connections– no network-level concept of “connection”
• packets typically routed using destination host ID– packets between same source-dest pair may take different paths
application
transportnetworkdata linkphysical
application
transportnetworkdata linkphysical
1. Send data 2. Receive data
04/09/23 Internet Protocol 5
Virtual circuits: signaling protocols
• used to setup, maintain teardown VC• used in ATM, frame-relay, X.25• not used in today’s Internet
application
transportnetworkdata linkphysical
application
transportnetworkdata linkphysical
1. Initiate call 2. incoming call
3. Accept call4. Call connected5. Data flow begins 6. Receive data
04/09/23 Internet Protocol 6
Datagram or VC network: why?
Internet• data exchange among computers
– “elastic” service, no strict timing req.
• “smart” end systems (computers)– can adapt, perform control,
error recovery– simple inside network,
complexity at “edge”• many link types
– different characteristics– uniform service difficult
ATM• evolved from telephony
• human conversation:
– strict timing, reliability requirements
– need for guaranteed service
• “dumb” end systems
– telephones
– complexity inside network
04/09/23 Internet Protocol 7
Routing
Graph abstraction for routing algorithms:
• graph nodes are routers
• graph edges are physical links– link cost: delay, $ cost, or
congestion level
Goal: determine “good” path
(sequence of routers) thru network from source to
dest.
Routing protocol
A
ED
CB
F
2
2
13
1
1
2
53
5
• “good” path:– typically means minimum
cost path
– other def’s possible
04/09/23 Internet Protocol 8
Routing Algorithms
• There are certain properties that are desirable in a routing algorithm:– correctness
– simplicity
– robustness
– stability
– fairness
– optimality
04/09/23 Internet Protocol 9
Routing Algorithm classificationGlobal or decentralized
information?Global:
• all routers have complete topology, link cost info
• “link state” algorithms
Decentralized:
• router knows physically-connected neighbors, link costs to neighbors
• iterative process of computation, exchange of info with neighbors
• “distance vector” algorithms
Static or dynamic?Static:
• routes change slowly over time
Dynamic:
• routes change more quickly
– periodic update
– in response to link cost changes
04/09/23 Internet Protocol 10
A Link-State Routing Algorithm
Dijkstra’s algorithm• net topology, link costs known
to all nodes– accomplished via “link state
broadcast” – all nodes have same info
• computes least cost paths from one node (‘source”) to all other nodes– gives routing table for that
node• iterative: after k iterations,
know least cost path to k dest.’s
Notation:• c(i,j): link cost from node i to
j. cost infinite if not direct neighbors
• D(v): current value of cost of path from source to dest. V
• p(v): predecessor node along path from source to v, that is next v
• N: set of nodes whose least cost path definitively known
04/09/23 Internet Protocol 11
Dijsktra’s Algorithm1 Initialization: 2 N = {A} 3 for all nodes v 4 if v adjacent to A 5 then D(v) = c(A,v) 6 else D(v) = infty 7 8 Loop 9 find w not in N such that D(w) is a minimum 10 add w to N 11 update D(v) for all v adjacent to w and not in N: 12 D(v) = min( D(v), D(w) + c(w,v) ) 13 /* new cost to v is either old cost to v or known 14 shortest path cost to w plus cost from w to v */ 15 until all nodes in N
04/09/23 Internet Protocol 12
Example
04/09/23 Internet Protocol 13
Flooding
• Every incoming packet is sent out on every outgoing line except the one it arrived on
• This algorithm generates vast numbers of duplicate packets but– it will always find the optimal path
– it is very robust
• Some technique has to be used from generating an infinite number of packets
04/09/23 Internet Protocol 14
Selective Flooding
• A simple variation to the flooding algorithm is to only send outgoing packets in the correct direction
• Flooding, in any form, is usually not practical• It is useful in some cases
– military applications
– distributed database updates
– can be used to generate a metric against which other routing algorithms can be compared
04/09/23 Internet Protocol 15
Distance Vector Routing
• Distance vector routing algorithms operate by having each router maintain a table giving the best known distance to each destination and which line to use to get there
• The routing decision is simple– find the entry for the destination and send the packet
out on the indicated line
• The tricky part is building, and maintaining, the tables
04/09/23 Internet Protocol 16
Table Maintenance
• Each router is assumed to know– who its neighbors are
– the cost to reach each neighbor
• At regular intervals each router sends its routing table to each of its neighbors
• When a table is received, a router– steps through the table and computes the cost to each
destination
– the new route is used if the cost is less
04/09/23 Internet Protocol 17
Distance Vector Routing: overviewIterative, asynchronous: each
local iteration caused by:
• local link cost change
• message from neighbor: its least cost path change from neighbor
Distributed:
• each node notifies neighbors only when its least cost path to any destination changes– neighbors then notify their
neighbors if necessary
wait for (change in local link cost of message from neighbor)
recompute distance table
if least cost path to any destination has changed,
notify neighbors
Each node:
04/09/23 Internet Protocol 18
Example
A B
DC
Destination Metric LineA 0 -B 10 BC 30 DD 20 D
Routing Table for A
10
10
10
20
04/09/23 Internet Protocol 19
Example
Routing Table for A
Destination Metric LineA 0 -B 10 BC 30 DD 20 D
Destination Metric LineA 10 AB 0 -C 15 DD 5 D
Routing Table for B
A B
DC
10
20 5
10
04/09/23 Internet Protocol 20
Slow Convergence
• Distance Vector Routing works in theory but as a serious drawback in practice– it converges to the correct answer, but it may take a
long time to get there
A B C D E 1 1 2 1 2 3 1 2 3 4
04/09/23 Internet Protocol 21
Count to Infinity
• All lines up, and then line between A and B goes down
A B C D E1 2 3 43 2 3 43 4 3 45 4 5 45 6 5 67 6 7 67 8 7 8… … … …
Initial
AB link down, B decides to route through CC realizes neighbors cost to A is 3
04/09/23 Internet Protocol 22
Split Horizon Hack
• Many solutions to the count to infinity problem have been proposed
• The split horizon algorithm works the same way as distance vector routing, except that the distance to X is not reported on the line that packets for X are sent on
• Split horizon, although widely used, sometimes fails
04/09/23 Internet Protocol 23
Comparison of LS and DV algorithmsMessage complexity• LS: with n nodes, E links, O(nE)
msgs sent each
• DV: exchange between neighbors only
– convergence time varies
Speed of Convergence• LS: O(n**2) algorithm requires
O(nE) msgs
– may have oscillations
• DV: convergence time varies
– may be routing loops
– count-to-infinity problem
Robustness: what happens if router malfunctions?
LS: – node can advertise incorrect
link cost
– each node computes only its own table
DV:– DV node can advertise
incorrect path cost
– each node’s table used by others
• error propagate thru network
04/09/23 Internet Protocol 24
Hierarchical Routing
scale: with 50 million destinations:
• can’t store all dest’s in routing tables!
• routing table exchange would
swamp links!
administrative autonomy• internet = network of networks
• each network admin may want to control routing in its own network
Our routing study thus far - idealization • all routers identical• network “flat”
… not true in practice
04/09/23 Internet Protocol 25
Hierarchical Routing• aggregate routers into
regions, “autonomous systems” (AS)
• routers in same AS run same routing protocol– “inter-AS” routing protocol
– routers in different AS can run different inter-AS routing protocol
• special routers in AS
• run inter-AS routing protocol with all other routers in AS
• also responsible for routing to destinations outside AS
– run intra-AS routing protocol with other gateway routers
gateway routers
04/09/23 Internet Protocol 26
Intra-AS and Inter-AS routing
Gateways:•perform inter-AS routing amongst themselves•perform intra-AS routers with other routers in their AS
inter-AS, intra-AS routing in
gateway A.c
network layer
link layer
physical layer
a
b
b
aaC
A
Bd
A.a
A.c
C.bB.a
cb
c
04/09/23 Internet Protocol 27
Intra-AS and Inter-AS routing
Host h2
a
b
b
aaC
A
Bd c
A.a
A.c
C.bB.a
cb
Hosth1
Intra-AS routingwithin AS A
Inter-AS routingbetween A and B
Intra-AS routingwithin AS B
• We’ll examine specific inter-AS and intra-AS Internet routing protocols shortly
04/09/23 Internet Protocol 28
The Internet Network layer
routingtable
Host, router network layer functions:
Routing protocols•path selection•RIP, OSPF, BGP
IP protocol•addressing conventions•datagram format•packet handling conventions
ICMP protocol•error reporting•router “signaling”
Transport layer: TCP, UDP
Link layer
physical layer
Networklayer
04/09/23 Internet Protocol 29
IP: Internet Protocol
• IP is the workhorse protocol of the TCP/IP protocol suite
• IP provides an unreliable, connectionless, datagram delivery service
• The internet protocol implements two basic functions: addressing and fragmentation.
• RFC791 is the official specification of IP
04/09/23 Internet Protocol 30
The Workhorse
ARP RARPHardwareInterface
ICMP IGMPIP
TCP UDP
UserProcess
UserProcess
UserProcess
UserProcess
application
transport
network
link
04/09/23 Internet Protocol 31
IP Header
Version Hdr Len Type of Service Total Length (in bytes)
Identification Flags Fragment offset
168
Time to Live Protocol Checksum
Source IP Address
Destination IP Address
31
20 bytes
options (if any)
data
04/09/23 Internet Protocol 32
Network Byte Ordering
• Multi-byte numbers can be stored in one of two ways:– 6000010 = 00000000 00000000 11101010 01100000
• Network byte order is big endian
Address Big Endian Little EndianAddr0 00000000 01100000Addr1 00000000 11101010Addr2 11101010 00000000Addr3 01100000 00000000
04/09/23 Internet Protocol 33
IP Header Fields
Field DescriptionVersion The Version field indicates the format of the internet
header. The current protocol version is 4 (sometimescalled IPv4)
Header Length The length of the header in 32-bit words. Note thatthe minimum value for a correct header is 5.
Total Length The total length of the IP datagram in bytes (data andheader)
Time to Live Sets an upper limit on the number of routers throughwhich a datagram can pass. It is initialized by thesender (often 32 or 64) and decremented by one eachtime the packet passes through a router. When itreaches 0, the packet is discarded
04/09/23 Internet Protocol 34
Type of Service
• The IP protocol provides a (rather limited) facility for upper layer protocols to convey hints to the Internet Layer about how the tradeoffs should be made for the particular packet
3-bitprecedence
4-bitTOS
MBZ
04/09/23 Internet Protocol 35
TOS Field Values
• There are 4 defined values for the TOS field
• Note these values are defined as integers, not as bits
Value Meaning1000 Minimize delay0100 Maximize throughput0010 Maximize reliability0001 Minimize monetary cost0000 Normal service (default)
04/09/23 Internet Protocol 36
Recommended TOS ValuesApplication Minimize
DelayMaximizeThroughput
MaximizeReliability
MinimizeMonetaryCost
Hex Value
Telnet/Rlogin 1 0 0 0 0x10FTP Control Bulk
10
01
00
00
0x100x08
TFTP 1 0 0 0 0x10SMTP Command Data
10
01
00
00
0x100x08
DNS UDP query TCP query Transfer
100
001
000
000
0x100x000x08
ICMP Error Query
00
00
00
00
0x000x00
SMNP 0 0 1 0 0x02BOOTP 0 0 0 0 0x00NNTP 0 0 0 1 0x01
04/09/23 Internet Protocol 37
Fragmentation
• The physical layer often imposes an upper limit on the size of the frame that can be transmitted
• IP compares the MTU with the datagram size and performs fragmentation, if necessary
• Fragmentation can take place at the original host or at an intermediate router
• IP datagrams are not reassembled until they reach their final destination
04/09/23 Internet Protocol 38
Fragmentation and the Header
• The following fields are used in fragmentation– identification
• contains a unique value for each IP datagram that the sender transmits
– flags
– fragment offset• the offset of the fragment from the beginning of the original
datagram
MBZDon’t
fragmentMore
fragments
04/09/23 Internet Protocol 39
Fragmentation
• If fragmentation must occur…– if the “don’t fragment” bit is turned on the packet is
discarded
– the packet is split into fragments• the header is basically copied except for…
– total length is changed to the size of the fragment
– the fragmentation offset is set to the the offset of the fragment from the beginning of the original datagram
– the “more fragments” bit is turned on in every fragment except for the last one
04/09/23 Internet Protocol 40
Reassembly
• The identification field is used to ensure that fragments of different datagrams are not mixed.
• The fragment offset field tells the receiver the position of a fragment in the original datagram
• The fragment offset and length determine the portion of the original datagram covered by this fragment
• The more-fragments flag indicates (by being reset) the last fragment
04/09/23 Internet Protocol 41
Protocol Field
• This field indicates the next level protocol used in the data portion of the internet datagram
• The values for various protocols are specified in RFC1060 (Assigned Numbers)
Number Protocol0 Reserved1 ICMP2 IGMP6 TCP17 UDP
04/09/23 Internet Protocol 42
Header Checksum
• The header checksum is calculated over the IP header only
• The checksum is calculated as follows:– set the checksum field to 0
– calculate the 16-bit one’s complement sum of the header
– the 16-bit one’s complement of this sum is stored in the checksum field
04/09/23 Internet Protocol 43
Header Checksum
• When an IP datagram is received, the 16-bit one’s complement sum of the header is calculated
• Since the receiver’s calculated checksum contains the checksum stored by the sender, the calculated result should be all ones
• If the checksum is wrong, the packet is quietly discarded. No error messages are generated
• ICMP, IGMP, UDP, and TCP all use the same checksum
04/09/23 Internet Protocol 44
Addressing
• A distinction is made between names, addresses, and routes– A name indicates what we seek
– An address indicates where it is
– A route indicates how to get there
• The internet protocol deals primarily with addresses. It is the task of higher level protocols to make the mapping from names to addresses.
04/09/23 Internet Protocol 45
IP Addresses
• Every interface on the internet must have a unique Internet Address (also called an IP address)
• IP addresses are 32-bits numbers• The addresses are not flat, they are divided into
two components: the host address and the network address
• The number of bits assigned to the host portion and network portion of the address varies depending on the class of the address
04/09/23 Internet Protocol 46
IP Address Classes
netid
netid
netid
hostid
hostid
hostid
multicast group ID
(reserved for future use)
0
0
0
0
0
1
11
1 1 1
1 1 1 1
Class A
Class B
Class C
Class D
Class E
7 bits
8 bits
24 bits
14 bits 16 bits
21 bits
28 bits
27 bits
04/09/23 Internet Protocol 47
Dotted Decimal Notation
• IP addresses are normally written as four decimal numbers, one for each byte of the address.– 129.21.38.169
• The easiest way to differentiate between the classes is to look at the first number
Class RangeA 0.0.0.0 to 127.255.255.255B 128.0.0.0 to 191.255.255.255C 192.0.0.0 to 223.255.255.255D 224.0.0.0 to 239.255.255.255E 240.0.0.0 to 247.255.255.255
04/09/23 Internet Protocol 48
Assigning IP Addresses
• Since every interface must have a unique IP address, there must be a central authority for assigning numbers
• That authority is the Internet Network Information Center, called the InterNIC.
• The InterNIC assigns only network ids, the assignment of host ids is up to the system administrator
04/09/23 Internet Protocol 49
Subnet Addressing
• The original view of the Internet universe was a two-level hierarchy:– the top level the Internet as a whole– the level below it individual networks, each
with its own network number.• In this two-level model, each host sees its network
as a single entity
04/09/23 Internet Protocol 50
Subnet Addressing
• While the two-level view has proved simple and powerful, a number of organizations have found it inadequate, and have added a third level to the interpretation of Internet addresses.
• In this view, a given Internet network is divided into a collection of subnets.
• The three-level model is useful in networks belonging to moderately large organizations
04/09/23 Internet Protocol 51
Subnet Addressing
• Locally IP addresses consist of three parts:– network ID
– subnet ID
– host ID
• Outside of the subnetted network the addresses are handled normally
• Inside the subnet, the network portion of the address is extended for local routing purpose
04/09/23 Internet Protocol 52
Subnet Masks
• Once the decision to subnet has been made, the local administrator must decide how many bits to allocate to the subnet ID
• A common division is to use the 8-bit boundary in the 16 bits of a host ID in a class B address
• A subnet mask is used to divide the local address into network and host portions
• Subnetting effectively hides the details of the internal network to external routers
04/09/23 Internet Protocol 53
Special IP Addresses
IP Address Can Appear asNet ID Subnet ID Host ID Source? Destination?
Description
00
0hostid
OKOK
NeverNever
This host on this netSpecified host on this net
127 anything OK OK Loopback address255netidnetidnetid
Subnetid255
255255255255
NeverNeverNeverNever
OKOKOKOK
Limited broadcast (never forwarded)Net-directed broadcast to netidSubnet-direct broadcast to netid, subnetidAll-subnets-directed broadcast to netid
04/09/23 Internet Protocol 54
IP Options Field
• The options field is a variable-length list of optional information for the datagram
• The options currently defined are– security and handling restrictions (RFC1108)
– record route
– timestamp
– loose & strict source routing
• The options field always ends on a 32-bit boundary
04/09/23 Internet Protocol 55
IP Routing
• Routing is one of the most important functions of IP
• Datagrams to be routed can either be generated on the local host or on some other host
• If a machine is not configured as a router, datagrams received through network interfaces that are not addressed to the machine are dropped
04/09/23 Internet Protocol 56
Host Routing
• Conceptually IP routing is easy, especially for a host– Remember the structure of an internet address
• If the destination is directly connected to the host, or on a shared network, then the datagram is sent directly
• Otherwise the host sends the datagram to a default router, and lets the router do all of the work
04/09/23 Internet Protocol 57
IP routing Algorithm
• The basic internet routing algorithm is used by both hosts and routers
• The primary difference is that hosts never forward datagrams (except to a default router), whereas routers forward datagrams
• The algorithm uses a routing table to make routing decisions
04/09/23 Internet Protocol 58
A Typical Routing Table
• Each entry in the routing table contains the following information– Destination IP address.
• this can be either a host address or a network address
– IP address of the next-hop router, or the IP address of a directly connected network
– Flags that tell more about the entry
– Which interface the datagram should be passed to for delivery
04/09/23 Internet Protocol 59
IP routing
• IP routing performs the following actions– search the routing table for an entry that matches the
complete destination address. If found, send the packet as indicated
– search the routing table for a matching destination network ID. If found, send the packet as indicated
– search the routing table for a default entry. If found send the packet as indicated
• If none of the steps work, the datagram is undeliverable
04/09/23 Internet Protocol 60
IP Layer Routing
04/09/23 Internet Protocol 61
IP Routing
• The routing done by IP, when it searches the routing table and decides which interface to send a packet out, is a routing mechanism
• A routing policy is a set of rules that determines which routes go into the routing table.
• IP performs the routing mechanism while a routing daemon normally provides the routing policy.
04/09/23 Internet Protocol 62
Initializing a Routing Table
• One common way is to execute the route command explicitly from the initialization files when the system is being bootstrapped.
• Some systems allow a default router to be specified in a file such, and this default is added to the routing table on every reboot.
• Other ways to initialize a routing table are to run a routing daemon or to use the newer router discovery protocol.
04/09/23 Internet Protocol 63
Routing Errors
• What happens if there is no default route, and a match is not found for a given destination?
• If the datagram was generated locally, an error is returned to the application that sent the datagram (either “host unreachable” or “network unreachable”)
• What do I do if I am a router?– Sender should be notified of the error
04/09/23 Internet Protocol 64
Internet Control Message Protocol
• ICMP communicates error messages and other conditions that require attention
• ICMP is often considered part of the IP layer• RFC792 is the official specification for ICMP• ICMP messages are transmitted within IP
datagrams
04/09/23 Internet Protocol 65
ICMP Packet Format
• The first 4 bytes of the same format for all messages, the remainder differs from one message to the next
8-bit type 8-bit code 16-bit checksum
contents depend on type and code
04/09/23 Internet Protocol 66
ICMP Message TypesType Code Description Query Error0 0 Echo reply 3
0123456789101112131415
Destination unreachable: Network unreachable Host unreachable Protocol unreachable Port unreachable Fragmentation needed Source route failed Destination network unknown Destination host unknown Source host isolated Destination net prohibited Destination host prohibited Network unreachable for TOS Host unreachable for TOS Communication prohibited Host precedence violation Precedence cutoff in effect
4 0 Source quench
04/09/23 Internet Protocol 67
ICMP Message TypesType Code Description Query Error5
0123
Redirect Redirect for network Redirect for host Redirect for TOS and Net Redirect for TOS and Host
8 0 Echo request 910
00
Router advertisementRouter solicitation
1101
Time exceeded TTL equals 0 during transit TTL equals 0 during reassembly
1201
Parameter problem IP header bad Required option missing
13 0 Timestamp request 14 0 Timestamp reply 15 0 Information request 16 0 Information reply 17 0 Address mask request 18 0 Address mask reply
04/09/23 Internet Protocol 68
ICMP Error Messages
• When an ICMP error message is sent, the message always contains the IP header and the first 8 bytes of the IP datagram that caused the problem
• ICMP has rules regarding error message generation to prevent broadcast storms
04/09/23 Internet Protocol 69
Error Message Generation Rules
• ICMP errors messages are not generated in response to– an ICMP error message
– datagrams destined to an IP broadcast address
– datagrams sent as a link-layer broadcast
– a fragment other than the first
– a datagram whose source address does not define a single host
04/09/23 Internet Protocol 70
ICMP Timestamp Request & Reply
• This option allows a system to query another for the current time.
• The recommended value to be returned is the number of milliseconds since midnight, Coordinated Universal Time (UTC).
• A drawback is that only the time since midnight is returned. The caller must know the date form some other means
04/09/23 Internet Protocol 71
Timestamp Message Format
type (13 or 14) code (0) 16-bit checksum
identifier (can be set to anything) sequence (can be set to anything)
32-bit originate timestamp
32-bit receive timestamp
32-bit transmit timestamp
04/09/23 Internet Protocol 72
Time Adjustments
originate received
transmit
request reply
RTT
• The time fields are defined as follows– originate: time the request is sent
– receive: time the request is received by the receiver
– transmit: time the reply is sent
• Adjustment: (recv - orig) - (0.5 * RTT)
04/09/23 Internet Protocol 73
ICMP Unreachable Error
• Unreachable errors are generate for a number of reasons– network unreachable
– host unreachable
type (3) code (0-15) 16-bit checksum
unused (must be 0)
IP header (including options) + first 8 bytes of IP datagram data
04/09/23 Internet Protocol 74
Handling of ICMP MessagesType Code Description Handled by0 0 Echo reply User process3
0123456789101112131415
Destination unreachable: Network unreachable Host unreachable Protocol unreachable Port unreachable Fragmentation needed Source route failed Destination network unknown Destination host unknown Source host isolated Destination net prohibited Destination host prohibited Network unreachable for TOS Host unreachable for TOS Communication prohibited Host precedence violation Precedence cutoff in effect
“No route to host”“No route to host”“Connection refused”“Connection refused”“Message too long”“No route to host”“Network is unreachable”“No route to host”“No route to host”“Network is unreachable”“No route to host”“Network is unreachable”“No route to host”(ignored)(ignored)(ignored)
4 0 Source quench Kernel for TCP; ignored by UDP
04/09/23 Internet Protocol 75
Handling of ICMP MessagesType Code Description Handled by5
0123
Redirect Redirect for network Redirect for host Redirect for TOS and Net Redirect for TOS and Host
Kernel updates routing tableKernel updates routing tableKernel updates routing tableKernel updates routing table
8 0 Echo request Kernel generates reply910
00
Router advertisementRouter solicitation
User processUser process
1101
Time exceeded TTL equals 0 during transit TTL equals 0 during reassembly
User processUser process
1201
Parameter problem IP header bad Required option missing
“Protocol not available”“Protocol not available”
13 0 Timestamp request Kernel generates reply14 0 Timestamp reply User process15 0 Information request Kernel generates reply16 0 Information reply User process17 0 Address mask request Kernel generates reply18 0 Address mask reply User process
04/09/23 Internet Protocol 76
ICMP Redirect Errors
• The ICMP redirect error is sent by a router to a sender of an IP datagram when the datagram should have been sent to a different router.
04/09/23 Internet Protocol 77
Sending a Redirect
• How can a router make this decision? – Assume a host sends an IP datagram to R1. This routing
decision is often made because R1 is the default router – R1 receives the datagram and determines that R2 is the
next-hop router– When it sends the datagram to R2, R1 detects that it is
sending it out the same interface on which the datagram arrived.
– R1 sends an ICMP redirect to the host, telling it to send future datagrams to that destination to R2
04/09/23 Internet Protocol 78
Using Redirects
• A common use for redirects is to let a host with minimal routing knowledge build up a better routing table over time.
• The host can start with a default route and anytime this turns out to be wrong, it will be informed by that router with a redirect, allowing the host to update its routing tables accordingly.
04/09/23 Internet Protocol 79
Redirect Rules
• There are rules regarding the generation of ICMP redirects.– Redirects are generated only by routers, and not by
hosts
– Redirects are intended to be used by hosts, not by routers (it is assumed that routers participate in a routing protocol with other routers, and the routing protocol eliminates the needs for redirects)
04/09/23 Internet Protocol 80
Handling Redirects
• A host that receives an ICMP redirect performs some checks before modifying its routing table– the new router must be on a directly connected network
– the redirect must be from the current router for that destination
– the redirect cannot tell the host to use itself as the router
– the route that is being modified must be a direct route
• Routers should send only host redirects and not network redirects
04/09/23 Internet Protocol 81
ICMP Router Discovery
• A newer way to initialize a routing table is to use the ICMP router advertisement and solicitation
• The general concept is that after bootstrapping, a host broadcasts or multicasts a router solicitation message. One or more routers respond with a router advertisement message
• Routers periodically broadcast or multicast their router advertisements
• RFC1256 specifies the format of these messages
04/09/23 Internet Protocol 82
Message Formats
04/09/23 Internet Protocol 83
Router Discovery Messages
• Multiple addresses can be advertised by a router in a single message– number of addresses gives the number of addresses in
the message
– address entry size is the number of 32-bit words for each router address and is always 2
– lifetime is the number of seconds that the advertised addresses can be considered valid
04/09/23 Internet Protocol 84
Router Discovery Messages
• Pair(s) of IP addresses and a preference then follow (the address must be router's IP address)
• The preference level indicates the preference of this address as a default router– Larger values imply more preferable addresses.
– The preference level 0x80000000 indicates that the corresponding address, although advertised, should not be used by the receiver as a default router address
– The default value is normally 0.
04/09/23 Internet Protocol 85
Router Discovery Operation
• When a router starts up it transmits periodic advertisements on all interfaces capable of broadcasting or multicasting
• The default lifetime for a given advertisement is 30 minutes.
• The lifetime field is is also used when an interface on a router is disabled. In this case the router transmits an advertisement with lifetime set to 0.
04/09/23 Internet Protocol 86
Router Discovery Operation
• A router also listens for solicitations from hosts. It responds to these solicitations with a router advertisement.
• If there are multiple routers on a subnet, it is up to the system administrator to configure the preference level for each router as appropriate. For example a primary router would have a higher preference than a backup.
04/09/23 Internet Protocol 87
Host Discovery Operation
• Upon bootstrap a host normally transmits three router solicitations, 3 seconds apart
• A host listens for advertisements from adjacent routers. These advertisements can cause the host's default router to change
• If an advertisement is not received for the current default, that default can timeout– A router will send advertisements every 10 minutes,
with a lifetime of 30 minutes
04/09/23 Internet Protocol 88
CS Network
129.21.38.254
129.21.38.145
kiev
129.21.37.254
129.21.37.175
silver
129.21.39.218129.21.37.218129.21.38.218 129.21.30.26
mordor
129.21.39.254
staff ICL1ICL4Grad Lab
ICL2ICL3CSL
servers
129.21.30.254
mordor-38 mordor-37 mordor-39
04/09/23 Internet Protocol 89
Kiev ifconfig
kiev> ifconfig -alo0: flags=849<UP,LOOPBACK,RUNNING,MULTICAST> mtu 8232 inet 127.0.0.1 netmask ff000000hme0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500 inet 129.21.38.145 netmask ffffff80 broadcast 129.21.38.255kiev>
04/09/23 Internet Protocol 90
Mordor ifconfig
mordor> ifconfig -alo0: flags=849<UP,LOOPBACK,RUNNING,MULTICAST> mtu 8232 inet 127.0.0.1 netmask ff000000hme0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500 inet 129.21.30.26 netmask ffffff80 broadcast 129.21.30.127qfe0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500 inet 129.21.37.218 netmask ffffff80 broadcast 129.21.37.255qfe1: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500 inet 129.21.38.218 netmask ffffff80 broadcast 129.21.38.255qfe2: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500 inet 129.21.39.218 netmask ffffff80 broadcast 129.21.39.255mordor>
04/09/23 Internet Protocol 91
Grace ifconfig
$ ifconfig -atu0: flags=c63<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,SIMPLEX>
fta0: flags=8c63<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,SIMPLEX> inet 129.21.3.102 netmask ffffff00 broadcast 129.21.3.255 ipmtu 4352
sl0: flags=10<POINTOPOINT>
lo0: flags=100c89<UP,LOOPBACK,NOARP,MULTICAST,SIMPLEX,NOCHECKSUM> inet 127.0.0.1 netmask ff000000 ipmtu 4096
04/09/23 Internet Protocol 92
Kiev netstat
kiev> netstat -rn
Routing Table: Destination Gateway Flags Ref Use Interface-------------------- -------------------- ----- ----- ------ ---------129.21.38.128 129.21.38.145 U 3 3056 hme0224.0.0.0 129.21.38.145 U 3 0 hme0default 129.21.38.254 UG 0 21129127.0.0.1 127.0.0.1 UH 0 21718 lo0kiev>
04/09/23 Internet Protocol 93
Mordor netstat
mordor> netstat -rn
Routing Table: Destination Gateway Flags Ref Use Interface-------------------- -------------------- ----- ----- ------ ---------129.21.30.0 129.21.30.26 U 3 374 hme0129.21.37.128 129.21.37.218 U 2 2667 qfe0129.21.38.128 129.21.38.218 U 2 2858 qfe1129.21.39.128 129.21.39.218 U 2 1967 qfe2224.0.0.0 129.21.30.26 U 3 0 hme0default 129.21.30.126 UG 0 4762127.0.0.1 127.0.0.1 UH 08072949 lo0mordor>
04/09/23 Internet Protocol 94
traceroutekiev> traceroute silvertraceroute: Warning: ckecksums disabledtraceroute to silver (129.21.37.175), 30 hops max, 40 byte packets 1 cs3-router (129.21.38.254) 0.716 ms 0.513 ms 0.523 ms 2 silver (129.21.37.175) 1.703 ms * 0.988 ms
kiev> traceroute mordortraceroute: Warning: ckecksums disabledtraceroute to mordor (129.21.30.26), 30 hops max, 40 byte packets 1 cs3-router (129.21.38.254) 0.635 ms 0.496 ms 0.527 ms 2 mordor-38 (129.21.38.218) 0.590 ms * 0.746 ms
kiev> traceroute mordor-38traceroute: Warning: ckecksums disabledtraceroute to mordor-38 (129.21.38.218), 30 hops max, 40 byte packets 1 mordor-38 (129.21.38.218) 0.558 ms * 0.457 mskiev>
04/09/23 Internet Protocol 95
traceroute
kiev> traceroute gracetraceroute: Warning: ckecksums disabledtraceroute to grace.rit.edu (129.21.3.102), 30 hops max, 40 byte packets 1 cs3-router (129.21.38.254) 0.730 ms 0.572 ms 0.442 ms 2 grace.isc.rit.edu (129.21.3.102) 0.794 ms 0.724 ms 0.697 mskiev>
$ traceroute kiev.cs.rit.edutraceroute to kiev.cs.rit.edu (129.21.38.145), 30 hops max, 40 byte packets 1 r33.isc.rit.edu (129.21.3.217) 1 ms 1 ms 0 ms 2 kiev.cs.rit.edu (129.21.38.145) 1 ms * 1 ms$
04/09/23 Internet Protocol 96
PTT-net
• Recently got Road Runner• Unhappy about reports of constant probes of
machines• Policy decision
– I want to prevent unauthorized probes/connection attempts on my machines
• Mechanism– Purchase some sort of firewall for my home network
04/09/23 Internet Protocol 97
DI-701
Manufacturer: D-Link (www.dlink.com)
04/09/23 Internet Protocol 98
Configuration
Internet Cable Modem DI-701 Hub
Desktop
Laptop
Printer
04/09/23 Internet Protocol 99
Address Management
Internet Cable Modem DI-701 Hub
Desktop
Laptop
Printer
RR-DHCP(24.93.24.121)
DLINK-DHCP(192.168.0.2 – 192.168.0.32)
DLINK (192.168.0.1)
04/09/23 Internet Protocol 100
Firewall
Internet Cable Modem DI-701 Hub
Desktop
Laptop
Printer
Internet traffic stops here
Filters Internet traffic…
Addresses never go past firewall
04/09/23 Internet Protocol 101
BCP-5
• The Internet has grown beyond anyone's expectations. Sustained exponential growth…
• One challenge is that globally unique address space will be exhausted.
• A separate and far more pressing concern is that the amount of routing overhead will grow beyond the capabilities of Internet Service Providers.
• Efforts are in progress to find long term solutions to both of these problems.
04/09/23 Internet Protocol 102
Types of Hosts
• Hosts using IP can be grouped into 3 categories:– Category 1
• Hosts that do not require access to hosts in other enterprises or the Internet at large
– Category 2• Hosts that need access to a limited set of outside services
which can be handled by mediating gateways. For many hosts in this category an unrestricted external access may be unnecessary and even undesirable for security reasons.
– Category 3: • Hosts that need network layer access outside the enterprise
(provided via IP connectivity)
04/09/23 Internet Protocol 103
Ramifications
• Hosts using IP can be grouped into 3 categories:– Category 1
• IP addresses need to be unambiguous within an enterprise, but may be ambiguous between enterprises.
– Category 2• Just like hosts within the first category, hosts may use IP
addresses that are unambiguous within an enterprise, but may be ambiguous between enterprises.
– Category 3: • Requires IP addresses that are globally unambiguous.
04/09/23 Internet Protocol 104
PTT-net
• PTT-net clearly falls into category 1 or 2– Assuming the DI-701 is doing its job
• The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets:– 10.0.0.0 - 10.255.255.255
– 172.16.0.0 - 172.31.255.255
– 192.168.0.0 - 192.168.255.255
04/09/23 Internet Protocol 105
Mystery
• PTT’s laptop opens a TCP connection to the CS department’s web server– Laptop’s address is 192.168.0.2:1234– Destination is 129.21.30.29:80– Routed to DI-701– DI-701 replaces with address with 24.93.24.121– RIT responds, destination 24.93.24.121– Arrives at DI-701– How does the DI-702 know the send the packet to the
laptop?
04/09/23 Internet Protocol 106
Mystery Solved
Private Address Private Port External Address
External Port NAT Port
Protocol Used
192.168.0.2 1234 129.21.30.21 80 14003 TCP
192.1.68.0.1 386 129.2.1.30.21 80 14004 TCP
192.168.0.2 5000 129.21.30.24 25 14005 TCP
192.168.0.1 5000 129.21.30.24 25 14006 TCP
04/09/23 Internet Protocol 107
Network Address Translator
• NAT is a method by which IP addresses are mapped from one realm to another
• NAT devices connect an isolated address realm to a realm with globally unique registered addresses
• There are a variety of flavors of NAT and terms to match them
• RFC-2663 is an attempt to define NAT
04/09/23 Internet Protocol 108
Common Characteristics
• All flavors of NAT devices should share the following characteristics.– Transparent Address assignment.
– Transparent routing through address translation. (routing here refers to forwarding packets, and not exchanging routing information)
– ICMP error packet payload translation.
04/09/23 Internet Protocol 109
Basic Idea
• NAT devices attempt to provide transparent routing– Source/Destination addresses are modified en-route
– The NAT device maintains state so that the datagrams are routed to the correct end-node
– This solution works only when the applications do not use the IP addresses as part of the protocol itself
04/09/23 Internet Protocol 110
Translation
• TCP/UDP sessions are uniquely identified by the tuple– (source-IP, source-port, dest-IP, dest-port)
• ICMP query sessions are identified by– (source-IP, ICMP query ID, dest-IP)
• All other sessions– (source-IP, dest-IP, IP protocol)
04/09/23 Internet Protocol 111
Start of Session
• TCP– The first packet of every sessions contains a SYN bit
and no ACK bit
– All other TCP packets will have the ACK bit set
• UDP– No deterministic way to determine the start of a session
– Assume the first packet with never before seen parameters marks the start of a session
04/09/23 Internet Protocol 112
IP Futures
• There are problems with IP which are a result of the phenomenal growth of the Internet over the past few years– as of 1994, over half of the class B addresses have been
allocated
– 32-bit IP addresses are inadequate
– the current routing structure is basically flat, making routing tables too large
• CDIR fixes the last problem for a while
04/09/23 Internet Protocol 113
New IP Versions
• Four proposals have been made for a new version of IP– SIP, the Simple Internet Protocol. Proposes a minimal
set of changes to IP that uses 64-bit addresses and a different header format
– PIP, larger, variable length, hierarchical addresses with a different header format
– TUBA (RFC1347), TCP and UDP with bigger addresses
– TP/IX (RFC1475), 64-bit addresses, changes TCP/UDP
04/09/23 Internet Protocol 114
References
• The May 1993 issue of IEEE Network (volume 7, number 3) contains overviews of the first three proposals, along with an article on CDIR.
• RFC1454 also compares the first three proposals