4: Network Layer 4a-1
12: IP Multicast, VPN, IPV6, NAT, MobileIP
Last Modified: 04/21/23 07:17 PM
Adapted from Gordon Chaffee’s slideshttp://bmrc.berkeley.edu/people/chaffee/advnet98/
4: Network Layer 4a-2
What is multicast?
1 to N communication Bandwidth-conserving technology that
reduces traffic by simultaneously delivering a single stream of information to multiple recipients
Examples of Multicast Network hardware efficiently supports
multicast transport• Example: Ethernet allows one packet to be
received by many hosts Many different protocols and service models
• Examples: IETF IP Multicast, ATM Multipoint
4: Network Layer 4a-3
Unicast
R
Sender Problem Sending same data
to many receivers via unicast is inefficient
Example Popular WWW sites
become serious bottlenecks
Especially bad for audio/video streams
4: Network Layer 4a-4
Multicast
R
Sender Efficient one to many data distribution
4: Network Layer 4a-5
IP Multicast Introduction
Efficient one to many data distribution Tree style data distribution Packets traverse network links only once
Location independent addressing IP address per multicast group
Receiver oriented service model Applications can join and leave multicast
groups Senders do not know who is listening Similar to television model Contrasts with telephone network, ATM
4: Network Layer 4a-6
IP Multicast
Service All senders send at the same time to the
same group Receivers subscribe to any group Routers find receivers
Unreliable delivery Reserved IP addresses
224.0.0.0 to 239.255.255.255 reserved for multicast
Static addresses for popular services (e.g. Session Announcement Protocol)
4: Network Layer 4a-7
Internet Group Management Protocol (IGMP)
Protocol for managing group membership IP hosts report multicast group memberships
to neighboring routers Messages in IGMPv2 (RFC 2236)
• Membership Query (from routers)• Membership Report (from hosts)• Leave Group (from hosts)
Announce-Listen protocol with Suppression Hosts respond only if no other hosts has
responded Soft State protocol
4: Network Layer 4a-8
IGMP Example (1)
Network 1
Host 1 begins sending packets No IGMP messages sent Packets remain on Network 1
Router periodically sends IGMP Membership Query
Network 2Router
1
2 4
3
4: Network Layer 4a-9
IGMP Example (2)
Network 1
Host 3 joins conference Sends IGMP Membership Report message
Router begins forwarding packets onto Network 2 Host 3 leaves conference
Sends IGMP Leave Group message Only sent if it was the last host to send an IGMP
Membership Report message
Network 2Router
1
2 4
33
Membership Report
33
Leave Group
4: Network Layer 4a-10
Source Specific Filtering: IGMPv3
Adds Source Filtering to group selection Receive packets only from specific source
addresses Receive packets from all but specific
source addresses Benefits
Helps prevent denial of service attacks Better use of bandwidth
Status: Internet Draft?
4: Network Layer 4a-11
Multicast Routing Discussion
What is the problem? Need to find all receivers in a multicast
group Need to create spanning tree of receivers
Design goals Minimize unwanted traffic Minimize router state Scalability Reliability
4: Network Layer 4a-12
Data Flooding
Send data to all nodes in network Problem
Need to prevent cycles Need to send only once to all nodes in network Could keep track of every packet and check if it had
previously visited node, but means too much state
Sender
R3R1
R2
4: Network Layer 4a-13
Reverse Path Forwarding (RPF) Simple technique for building trees Send out all interfaces except the one
with the shortest path to the sender In unicast routing, routers send to the
destination via the shortest path In multicast routing, routers send away
from the shortest path to the sender
4: Network Layer 4a-14
Reverse Path Forwarding Example
R5 R6
R3R2
R1
R4 R7
Sender
2. Router R2 accepts packets sent from Router R1 because that is the shortest path to the Sender. The packet gets sent out all interfaces.
1. Router R1 checks: Did the data packet arrive on the interface with the shortest path to the Sender? Yes, so it accepts the packet, duplicates it, and forwards the packet out all other interfaces except the interface that is the shortest path to the sender (i.e the interface the packet arrived on).
Drop
Drop3. Router R2 drops packets that arrive from Router R3 because that is not the shortest path to the sender. Avoids cycles.
4: Network Layer 4a-15
Distance Vector Multicast Routing (DVMRP)
Steve Deering, 1988 Source rooted spanning trees
Shortest path tree Minimal hops (latency) from source to receivers
Extends basic distance vector routing Flood and prune algorithm
Initial data sent to all nodes in network(!) using Reverse Path Forwarding
Prunes remove unwanted branches State in routers for all unwanted groups Periodic flooding since prune state times out (soft
state)
4: Network Layer 4a-16
DVMRP Algorithm
Truncated Reverse Path Multicast Optimized version of Reverse Path Forwarding Truncating
• No packets sent onto leaf networks with no receivers Still how “truncated” is this?
Pruning Prune messages sent if no downstream receivers State maintained for each unwanted group
Grafting On join or graft, remove prune state and propagate
graft message
4: Network Layer 4a-17
Protocol Independent Multicast (PIM) Uses unicast routing table for topology Dense mode (PIM-DM)
For groups with many receivers in local/global region
Like DVMRP, a flood and prune algorithm Sparse mode (PIM-SM)
For groups with few widely distributed receivers
Builds shared tree per group, but may construct source rooted tree for efficiency
Explicit join
4: Network Layer 4a-18
IP Multicast in the Real World
4: Network Layer 4a-19
Commercial Motivation
Problem Traffic on Internet is growing about 100% per year Router technology is getting better at 70% per year Routers that are fast enough are very expensive
ISPs need to find ways to reduce traffic Multicast could be used to…
WWW: Distribute data from popular sites to caches throughout Internet
Send video/audio streams multicast Software distribution
4: Network Layer 4a-20
ISP Concerns
Multicast causes high network utilization One source can produce high total network load Experimental multicast applications are relatively
high bandwidth: audio and video Flow control non-existent in many multicast apps
Multicast breaks telco/ISP pricing model Currently, both sender and receiver pay for
bandwidth Multicast allows sender to buy less bandwidth while
reaching same number of receivers Load on ISP network not proportional to source data
rate
4: Network Layer 4a-21
Economics of Multicast
One packet sent to multiple receivers Sender
+ Benefits by reducing network load compared to unicast
+ Lower cost of network connectivity Network service provider
- One packet sent can cause load greater than unicast packet load
+ Reduces overall traffic that flows over network
Receiver= Same number of packets received as unicast
4: Network Layer 4a-22
Multicast Problems
Multicast is immature Immature protocols and applications Tools are poor, difficult to use, debugging is difficult Routing protocols leave many issues unresolved
• Interoperability of flood and prune/explicit join• Routing instability
Multicast development has focused on academic problems, not business concerns Multicast breaks telco/ISP traffic charging and
management models Routing did not address policy
• PIM, DVMRP, CBT do not address ISP policy concerns• BGMP addresses some ISP concerns, but it is still under
development
4: Network Layer 4a-23
Current ISP Multicast Solution
Restrict senders of multicast data Charge senders to distribute multicast
traffic Static agreements
Do not forward multicast traffic Some ISP’s offer multicast service to
customers (e.g. UUNET UUCast) ISP beginning to discuss peer agreements
4: Network Layer 4a-24
Multicast Tunneling
Problem Not all routers are multicast capable Want to connect domains with non-
multicast routers between them Solution
Encapsulate multicast packets in unicast packet
Tunnel multicast traffic across non-multicast routers
We will see more examples of tunneling later
4: Network Layer 4a-25
Multicast Tunneling Example (1)
UR1 UR2
MulticastRouter 1
MulticastRouter 2
Sender 1
EncapsulatedData Packet
Unicast Routers
Multicast Router 1 encapsulates multicast packets for groups that have receivers outside of network 1. It encapsulates them as unicast IP-in-IP packets.
Network 1
Receiver
Network 2
Multicast Router 2 decapsulates IP-in-IP packets. It then forwards them using Reverse Path Multicast.
4: Network Layer 4a-26
Multicast Tunneling Example (2)
MR1 MR2
VirtualInterfaces
Virtual Network Topology
4: Network Layer 4a-27
MBone
MBONE Multicast capable virtual network, subset of Internet Native multicast regions connection with tunnels
In 1992, the MBone was created to further the development of IP multicast Experimental, global multicast network Served as a testbed for multicast applications
development• vat -- audio tool• vic -- video tool• wb -- shared whiteboard
4: Network Layer 4a-28
Virtual Private Networks (VPN)
4: Network Layer 4a-29
Virtual Private Networks
Definition A VPN is a private network constructed
within the public Internet Goals
Connect private networks using shared public infrastructure
Examples Connect two sites of a business Allow people working at home to have full
access to company network
4: Network Layer 4a-30
How accomplished?
IP encapsulation and tunneling Same as we saw for Multicast Router at one end of tunnel places
private IP packets into the data field of new IP packets (could be encrypted first for security) which are unicast to the other end of the tunnel
4: Network Layer 4a-31
Motivations
Economic Using shared infrastructure lowers cost of networking Less of a need for leased line connections
Communications privacy Communications can be encrypted if required Ensure that third parties cannot use virtual network
Virtualized equipment locations Hosts on same network do not need to be co-located Make one logical network out of separate physical
networks
Support for private network features Multicast, protocols like IPX or Appletalk, etc
4: Network Layer 4a-32
Examples
Logical Network Creation Virtual Dial-Up
4: Network Layer 4a-33
Logical Network Creation Example
Remote networks 1 and 2 create a logical network
Secure communication at lowest level
Internet
TunnelGatewayGateway
Network 1
Network 2
4: Network Layer 4a-34
Virtual Dial-up Example
Worker dials ISP to get basic IP service Worker creates tunnel to Home Network
Internet
TunnelGateway Gateway
Internet Service ProviderPublic Switched
Telephone Network (PSTN)
Worker
Machine
Home Network
4: Network Layer 4a-35
IPv6
4: Network Layer 4a-36
History of IPv6
IETF began thinking about the problem of running out of IP addresses in 1991
Requires changing IP packet format - HUGE deal!
While we’re at it, lets change X too “NGTrans” (IPv6 Transition) Working
Group of IETF - June 1996
4: Network Layer 4a-37
IPv6 Wish List
From “The Case for IPv6” Scalable Addressing and Routing Support for Real Time Services Support of Autoconfiguration (get your
own IP address and domain name to minimize administration
Security Support Enhanced support for routing to mobile
hosts
4: Network Layer 4a-38
IPv4 Datagram
Version HLen TOS Length
Ident Flags Offset
TTL Protocol Checksum
SourceAddr
DestinationAddr
Options (variable) Pad(variable)
0 4 8 16 19 31
Data
4: Network Layer 4a-39
IPv6 Datagram
Version TrafficClass FlowLabel
PayloadLen NextHeader HopLimit
SourceAddress
DestinationAddress
0 4 12 16 24 31
Next header/data
4: Network Layer 4a-40
IPv6 Base Header Format
VERS = IPv6 TRAFFICE CLASS: specifies the routing priority or
QoS requests FLOW LABEL: to be used by applications
requesting performance guarantees PAYLOAD LENGTH: like IPv4’s datagram length,
but doesn’t include the header length like IPv4 NEXT HEADER: indicates the type of the next
object in the datagram either type of extension header or type of data
HOP LIMIT: like IPv4’s TimeToLive field but named correctly
NO CHECKSUM (processing efficiency)
4: Network Layer 4a-41
Address Space
32 bits versus 128 bits - implications? 4 billiion vesus 3.4 X1038
1500 addresses per square foot of the earth surface
4: Network Layer 4a-42
Addresses
Still divide address into prefix that designates network and suffix that designates host
But no set classes, boundary between suffix and prefix can fall anywhere (CIDR only)
Prefix length associated with each address
4: Network Layer 4a-43
Addresses Types
Unicast: delivered to a single computer Multicast: delivered to each of a set of
computers (can be anywhere) Conferencing, subscribing to a broadcast
Anycast: delivered to one of a set of computers that share a common prefix Deliver to one of a set of machines
providing a common servicer
4: Network Layer 4a-44
Address Notation
Dotted sixteen? 105.67.45.56.23.6.133.211.45.8.0.7.56.45.3
.189.56 Colon hexadecimal notation (8 groups)
69DC:8768:9A56:FFFF:0:5634:343 Or even better with zero compression
(replace run of all 0s with double ::) Makes host names look even more
attractive huh?
4: Network Layer 4a-45
Special addresses
Ipv4 addresses all reserved for compatibility 96 zeros + IPv4 address = valid IPv6
address
Local Use Addresses Special prefix which means “this needn’t be
globally unique” Allow just to be used locally Aids in autoconfiguration
4: Network Layer 4a-46
Datagram Format
Base Header + 0 to N Extension Headers + Data Area
4: Network Layer 4a-47
Extensible Headers
Why? Saves Space and Processing Time
Only have to allocate space for and spend time processing headers implementing features you need
Extensibility When add new feature just add an
extension header type - no change to existing headers
For experimental features, only sender and receiver need to understand new header
4: Network Layer 4a-48
Flow Label
Virtual circuit like behaviour over a datagram network A sender can request the underlying network to
establish a path with certain requirements• Traffic class specifies the general requirements
(ex. Delay < 100 msec.) If the path can be established, the network returns an
identifier that the sender places along with the traffic class in the flow label
Routers use this identifier to route the datagram along the prearranged path
4: Network Layer 4a-49
ICMPv6
New version of ICMP Additional message types, like “Packet
Too Big” Multicast group management functions
4: Network Layer 4a-50
Summary like IPv6
Connectionless (each datagram contains destination address and is routed seperately)
Best Effort (possibility for virtual circuit behaviour)
Maximum hops field so can avoid datagrams circulating indefinitely
4: Network Layer 4a-51
Summary New Features
Bigger Address Space (128 bits/address) CIDR only Any cast addresses
New Header Format to help speed processing and forwarding Checksum: removed entirely to reduce processing
time at each hop No fragmentation
Simple Base Header + Extension Headers Options: allowed, but outside of header, indicated by
“Next Header” field Ability to influence the path a datagram will
take through the network (Quality of service)
4: Network Layer 4a-52
Transition From IPv4 To IPv6
Not all routers can be upgraded simultaneous no “flag days” How will the network operate with mixed
IPv4 and IPv6 routers? Two proposed approaches:
Dual Stack: some routers with dual stack (v6, v4) can “translate” between formats
Tunneling: IPv6 carried as payload n IPv4 datagram among IPv4 routers
4: Network Layer 4a-53
Dual Stack Approach
4: Network Layer 4a-54
Tunneling
IPv6 inside IPv4 where needed
4: Network Layer 4a-55
6Bone
The 6Bone: an IPv6 testbed Started as a virtual network using IPv6
over IPv4 tunneling/encapsulation Slowly migrated to native links fo IPv6
transport RFC 2471
4: Network Layer 4a-56
Recent History
First blocks of IPv6 addresses delegated to regional registries - July 1999
10 websites in the .com domain that can be reached via an IPv6 enhanced client via an IPv6 TCP connection (http://www.ipv6.org/v6-www.html) - it was 5 a year ago (not a good sign?)
4: Network Layer 4a-57
IPv5?
New version of IP temporarily named “IP - The Next Generation” or IPng
Many competing proposals; name Ipng became ambiguous
Once specific protocol designed needed a name to distinguish it from other proposals
IPv5 has been assigned to an experimental protocol ST
4: Network Layer 4a-58
Network Address Translation (NAT)
4: Network Layer 4a-59
Background
IP defines private intranet address ranges 10.0.0.0 - 10.255.255.255 (Class A) 172.16.0.0 - 172.31.255.255 (Class B) 192.168.0.0 - 192.168.255.255 (Class C)
Addresses reused by many organizations
Addresses cannot be used for communication on Internet
4: Network Layer 4a-60
Problem Discussion
Hosts on private IP networks need to access public Internet
All traffic travels through a gateway to/from public Internet
Traffic needs to use IP address of gateway
Conserves IPv4 address space Private IP addresses mapped into fewer
public IP addresses Will this beat Ipv6?
4: Network Layer 4a-61
Scenario
Gateway
10.0.0.1
10.0.0.2 10.0.0.3 10.0.0.4
Host A
BMRCServer
24.1.70.210
128.32.32.68
All Private Network hosts must use the gateway IP address
Private Network
Public Internet
Public network IP address, globally unique
Same private network IP addresses may be used by many organizations
4: Network Layer 4a-62
Network Address Translation Solution Special function on gateway
IP source and destination addresses are translated
Internal hosts need no changes No changes required to applications TCP based protocols work well Non-TCP based protocols more difficult Provides some security
Hosts behind gateway difficult to reach Possibly vulnerable to IP level attacks
4: Network Layer 4a-63
NAT Example
NAT Gateway
ServerAddress
Translator 128.32.32.68
bmrc.berkeley.edu
TCP Connection 1TCP Connection 1
4: Network Layer 4a-64
TCP Protocol Diagram
Client Server
SYN, ACK
Packet 0:50
ACK 0:50
FIN
FIN, ACK
Source IP Address
Destination IP Address
Checksum
Sequence Number
Dest Port NumberSource Port Number
TCP Header
. . . . .
. . . . .
IP Header
. . . . .
ACK
SYN
SYN flag indicates a new TCP connection
4: Network Layer 4a-65
TCP NAT Example
ServerInternet
10.0.0.3 24.1.70.210128.32.32.68
NATGateway
PROTOSADDRDADDRSPORTDPORTFLAGSCKSUM
TCP24.1.70.210128.32.32.684096080SYN0x2436
2
2. NAT gateway sees SYN flag set, adds new entry to its translation table. It then rewrites the packet using gateway’s external IP address, 24.1.70.210. Updates the packet checksum.
10.0.0.1
PROTOSADDRDADDRSPORTDPORTFLAGSCKSUM
TCP128.32.32.68 24.1.70.2108040960SYN, ACK0x8041
3
3. Server responds to SYN packet with a SYN,ACK packet. The packet is sent to the NAT gateway’s IP address.
Client Server IPAddr Port IPAddr Port NATPort 10.0.0.3 1049 128.32.32.68 80 40960 . . . .. . . . .. . .
NAT Translation Table
PROTOSADDRDADDRSPORTDPORTFLAGSCKSUM
TCP10.0.0.3128.32.32.68104980SYN0x1636
1
1. Host tries to connect to web server at 128.32.32.68. It sends out a SYN packet using its internal IP address, 10.0.0.3.
PROTOSADDRDADDRSPORTDPORTFLAGSCKSUM
TCP128.32.32.68 10.0.0.3801049SYN, ACK0x7841
4
4. NAT gateway looks in its translation table, finds a match for the source and destination addresses and ports, and rewrites the packet using the internal IP address.
4: Network Layer 4a-66
Load Balancing Servers with NAT
Single IP address for web server Redirects workload to multiple internal
servers
Server
Server
Server
Server
NAT
Gateway
(Virtual
Server)
Private
Intranet
Public
Internet
4: Network Layer 4a-67
Load Balancing Networks with NAT
NATGateway
Connections from Private Intranet split across Service Providers 1 and 2
Load balances at connection level Load balancing at IP level can cause low TCP
throughput
Private
Intranet
Service Provider 1
Service Provider 2
Network X
4: Network Layer 4a-68
NAT Discussion
NAT works best with TCP connections NAT breaks End-to-End Principle by
modifying packets Problems
Connectionless UDP (Real Audio) ICMP (Ping) Multicast Applications use IP addresses within data
stream (FTP) Need to watch/modify data packets
4: Network Layer 4a-69
MobileIP
4: Network Layer 4a-70
MobileIP
Goal: Allow machines to roam around and maintain IP connectivity
Problem: IP addresses => location This is important for efficient routing
Solutions? DHCP?
• ok for relocation but not for ongoing connections Dynamic DNS (mobile nodes update name
to IP address mapping as they move around)?
• ok for relocation but not for ongoing connections
4: Network Layer 4a-71
Mobile IP
Allows computer to roam and be reachable
Basic architecture Home agent (HA) on home network Foreign agent (FA) at remote network
location Home and foreign agents tunnel traffic Non-optimal data flow
4: Network Layer 4a-72
MobileIP
Mobile nodes have a permanent home address and a default local router called the “home agent”
The router nearest a nodes current location is called the “foreign agent” Register with foreign agent when connect to
network Located much like the DHCP server
4: Network Layer 4a-73
Forwarding Packets
Home agent impersonates the mobile host by changing the mapping from IP address to hardware address (“proxy ARP”)
Sends any packets destined for mobile host on to the foreign agent with IP encapsulation
Foreign agent strips off and does a special translation of the mobile nodes IP address to its current hardware address
4: Network Layer 4a-74
Mobile IP Example
HomeAgent
ForeignAgent
Internet
Foreign Subnet
Home Subnet
Mobile Node
169.229.2.98
169.229.2.97
18.86.0.253
128.95.4.112
Fixed Node
Register
1. The Mobile Node registers itself with the Foreign Agent on the Foreign Subnet. The Foreign Agent opens an IP-IP tunnel to the Home Agent. The Home Agent begins listening for packets sent to 169.229.2.98.
2. The Fixed Node initiates a connection to the Mobile Node. It sends packets to the Mobile Node’s home IP address, 169.229.2.98. The packets are routed to the Home Subnet.
4. The Foreign Agent decapsulates the IP-IP packets, and it sends them out on the Foreign Subnet. These packets will be addressed to 169.229.2.98.5. The Mobile Node receives the packets, and it sends responses directly to the Fixed Node at 128.95.4.112.
3. The Home Agent receives them, encapsulates them in IP-IP packets, and it sends them to the Foreign Agent. Encapsulated packets are addressed to 18.86.0.253.
4: Network Layer 4a-75
Avoiding the Foreign Agent
Mobile host can also obtain a new IP address on the remote network and inform the home agent
The home agent can then resend the packet to the new IP address
4: Network Layer 4a-76
Optimizations
What if two remote hosts are temporarily close together
If they want to send traffic to each other, why should it have to go all the way to their home agents and back again
Optimizations exist to allow the sending node to learn and cache the current location of a recipient to avoid this problem
4: Network Layer 4a-77
Roadmap
Finished with the network layer and IP specifics
Next on to the link layer If two hosts are on the same network
how do they send data directly to one another