Internet Working Session I

8/8/2019 Internet Working Session I

1/82

Inter-Networking Session I

2nd September 2008

Presented by Michuki Mwangi


2/82

Topics

IP and Networking Basics

DNS Fundamentals

Contention Ratio

Monitoring and Measurement Tools


3/82

IP and Networking Basics


4/82

Outline

Origins of TCP/IP

OSI & TCP/IP Architecture

IPv4 Addressing

IPv6 Routing

Types of Links

Address Resolution Protocol


5/82

Origins of TCP/IP

RAND Corporation (a think tank) & DoDformed ARPA (Advanced Research ProjectAgency)

1968 ARPA engineers proposed Distributednetwork design for ARPANET Network


6/82

A small internetwork or (small i)

internet


7/82

The (capital I) Internet

The world-wide network of TCP/IP networks

Different people or organisations own differentparts

Different parts use different technologies

Interconnections between the parts

Interconnections require agreements sale/purchase of service transit agreements

Contracts and SLAs

peering agreements

No central control or management


8/82

The principle of Internetworking

We have lots of little networks

Many different owners/operators

Many different types

Ethernet, dedicated leased lines, dialup, ATM, Frame Relay,

FDDI

Each type has its own idea of addressing andprotocols

We want to connect them all together and provide aunified view of the whole lot (treat the collection of

networks as a single large internetwork)


9/82

What is TCP/IP?

In simple terms is a language that enablescommunication between computers

A set of rules (protocol) that defines how two

computers address each other and send datato each other

Is a suite of protocols named after the twomost important protocols TCP and IP; butincludes other protocols such as UDP, RTP,etc.


10/82

Protocol Layers:

The TCP/IP Hourglass Model

Network layer

Token

RingATM X.25 PPP

Frame

RelayHDLCEthernet

IP

UDPTCP

HTTP FTP Telnet DNSSMTP Audio Video

RTP

Data link layer

Transport layer

Application layer


11/82

Corresponding layers in the

OSI and TCP/IP models

TCP/UDP end to end reliability

IP - Forwarding (best-effort)

Framing, delivery

Raw signal

Mail, Web, etc.

1

3

2

4

5

6

7 Application

Presentation

SessionTransport

Network

Data Link

Physical

Application

Transport

Network

Data Link &

Physical

OSI TCP/IP


12/82

IP Addressing


13/82

Purpose of an IPv4 address

Unique Identification of:

Source

So the recipient knows where the message is from

Sometimes used for security or policy-based filtering of

data

Destination

So the networks know where to send the data

Network Independent Format

IP over anything


14/82

Purpose of an IPv4 Address

Identifies a machines connection to a network

Physically moving a machine from onenetwork to another requires changing the IP

address Unique; assigned in a hierarchical fashion

IANA to RIRs (AfriNIC, ARIN, RIPE, APNIC,LACNIC)

RIR to ISPs and large organisations

ISP or company IT department to end users

IPv4 uses unique 32-bit addresses


15/82

133 27 162 125

10000101 00011011 10100010 01111101

85 1B A2 7D

Basic Structure of an IPv4 Address

32 bit number (4 octet number):(e.g. 133.27.162.125)

Decimal Representation:

Binary Representation:

Hexadecimal Representation:


16/82

Addressing in Internetworks

The problem we have

More than one physical network

Different Locations

Larger number of computers

Need structure in IP addresses

network part of the address identifies whichnetwork in the internetwork (e.g. the Internet)

host part identifies host on that network

Hosts or routers connected to the same link-layernetwork will have IP addresses with the samenetwork part, but different host part.


17/82

Hierarchical Division in IP Address:

Network Part (Prefix) high order bits (left)

describes which physical network

Host Part (Host Address) low order bits (right)

describes which host on that network

Boundary can be anywhere

very often NOT at a multiple of 8 bits

choose the boundary according to number of hosts

Network Host

205 . 154 . 8 1

11001101 10011010 00001000 00000001

Address Structure Revisited


18/82

Network Masks

Network Maskshelp define which bits areused to describe the Network Part and whichfor the Host Part

Different Representations: decimal dot notation: 255.255.224.0 binary: 11111111 11111111 11100000 00000000

hexadecimal: 0xFFFFE000

number of network bits:/19

count the 1's in the binary representation

Binary AND of 32 bit IP address with 32 bitnetmask yields network part of address


19/82

137.158.128.0/17 (netmask 255.255.128.0)

198.134.0.0/16 (netmask 255.255.0.0)

205.37.193.128/26 (netmask 255.255.255.192)

Example Prefixes

1000 1001 1001 1110 1 000 0000 0000 0000

1111 1111 1111 1111 1 000 0000 0000 0000

1100 0110 1000 0110 0000 0000 0000 0000

1111 1111 1111 1111 0000 0000 0000 0000

1100 1101 0010 0101 1100 0001 10 00 0000

1111 1111 1111 1111 1111 1111 11 00 0000


20/82

Special Addresses

All 0s in host part: Represents Network

e.g. 193.0.0.0/24

e.g. 138.37.128.0/17

All 1s in host part: Broadcast e.g. 137.156.255.255 (137.156.0.0/16)

e.g. 134.132.100.255 (134.132.100.0/24)

e.g. 190.0.127.255 (190.0.0.0/17)

127.0.0.0/8: Loopback address (127.0.0.1)

0.0.0.0: Various special purposes


21/82

Allocating IP Addresses

The subnet mask is used to define size of anetwork

E.g. a subnet mask of 255.255.255.0 or /24means 24 network bits, 8 host bits(24+8=32)

28 minus 2 = 254 possible hosts

Similarly a subnet mask of 255.255.255.224or /27 means 27 network bits, 5 host bits(27+5=32)

25 minus 2 = 30 possible hosts


22/82

More levels of address hierarchy

We can also group several networks into alarger block, or divide a large block intoseveral smaller blocks

arbitrary number of levels of hierarchy

blocks dont all need to be the same size

but each block size must be a power of 2

Old systems used restrictive rules (obsolete)

Called Class A, Class B, Class C networks

These days (since 1994), no restriction

Called classless


23/82

A little History:

Classes of IP addresses

Different classes were used to represent differentsizes of network (small, medium, large)

Class A networks (large):

8 bits network, 24 bits host (/8, 255.0.0.0)

First byte of IP address in range 0-127 Class B networks (medium):

16 bits network, 16 bits host (/16 ,255.255.0.0)

First byte of IP address in range 128-191

Class C networks (small):

24 bits network, 8 bits host (/24, 255.255.255.0)

First byte of IP address in range 192-223


24/82

Netmasks of classful addresses

A classful network had a natural or impliedprefix length or netmask:

Class A: prefix length /8 (netmask 255.0.0.0)

Class B: prefix length /16 (netmask 255.255.0.0)

Class C: prefix length /24 (netmask 255.255.255.0)

Modern (classless) routing systems haveexplicit prefix lengths or netmasks

You can't just look at an IP address to tell what the

prefix length or netmask should be. It needs explicit

configuration.


25/82

Traditional subnetting of classful

networks

Old routing systems allowed a classfulnetwork to be divided into subnets

All subnets (of the same classful net) had to be thesame size and have the same netmask

Subnets could not be divided into sub-sub-nets

None of these restrictions apply in modernsystems

You should never use old routing systems that

have these restrictions (e.g. RIP version 1)


26/82

Classless Addressing

Class A, Class B, Class C terminology andrestrictions are now of historical interest only Obsolete in 1994

Internet routing and address management

today is classless CIDR = Classless Inter-Domain Routing

routing does not assume that class A, B, C impliesprefix length /8, /16, /24

VLSM = Variable-Length Subnet Masks routing does not assume that all subnets are the

same size


27/82

Classless addressing example

A large ISP gets a large block of addresses e.g., a /16 prefix, or 65536 separate addresses

Allocate smaller blocks to customers e.g., a /22 prefix (1024 addresses) to one

customer, and a /28 prefix (16 addresses) toanother customer

An organisation that gets a /22 prefix fromtheir ISP divides it into smaller blocks e.g. a /26 prefix (64 addresses) for one

department, and a /27 prefix (32 addresses) foranother department


28/82

IPv6


29/82

IP version 6

IPv6 designed as successor to IPv4

Expanded address space

Address length quadrupled to 16 bytes (128 bits)

Header Format Simplification

Fixed length, optional headers are daisy-chained

No checksum at the IP network layer

No hop-by-hop fragmentation

Path MTU discovery

64 bits aligned fields in the header

Authentication and Privacy Capabilities

IPsec is mandated

No more broadcast


30/82

IPv4 and IPv6 Header ComparisonIPv4 Header IPv6 Header

Fields name kept from IPv4 to IPv6

Fields not kept in IPv6

Name and position changed in IPv6

New field in IPv6

Legend

Next

Header

Hop Limit

Flow LabelTraffic Class

Destination Address

Source Address

Payload Length

Version

FragmentOffset

Flags

Total LengthType ofService

IHL

PaddingOptions

Destination Address

Source Address

Header ChecksumProtocolTime toLive

Identification

Version


31/82

Larger Address Space

IPv4 32 bits

= 4,294,967,296 possible addressable devices

IPv6 128 bits: 4 times the size in bits

= 3.4 x 1038

possible addressable devices = 340,282,366,920,938,463,463,374,607,431,768,211,456

5 x 1028 addresses per person on the planet

IPv4 = 32 bits

IPv6 = 128 bits


32/82

16 bit fields in case insensitive colon hexadecimalrepresentation 2031:0000:130F:0000:0000:09C0:876A:130B

Leading zeros in a field are optional: 2031:0:130F:0:0:9C0:876A:130B

Successive fields of 0 represented as ::, but only oncein an address: 2031:0:130F::9C0:876A:130B is ok

2031::130F::9C0:876A:130B is NOT ok (two ::)

0:0:0:0:0:0:0:1 ::1 (loopback address)

0:0:0:0:0:0:0:0 :: (unspecified address)

IPv6 Address Representation


33/82

IPv6 Address Representation

In a URL, it is enclosed in brackets (RFC3986)

http://[2001:db8:4f3a::206:ae14]:8080/index.html

Cumbersome for users

Mostly for diagnostic purposes

Use fully qualified domain names (FQDN)

Prefix Representation

Representation of prefix is same as for IPv4 CIDR

Address and then prefix length, with slash separator

IPv4 address:

198.10.0.0/16

IPv6 address:

2001:db8:12::/40


34/82

IPv6 Addressing

::/12800000000Unspecified

::1/12800000001Loopback

FF00::/81111 1111 ...Multicast Address

FC00::/71111 1100 ...

1111 1101 ...

Unique Local

Unicast Address

FE80::/101111 1110 10...Link Local

Unicast Address

2000::/30010 ...Global Unicast

Address

HexBinaryType


35/82

Interface IDGlobal Routing Prefix Subnet-id

001

64 bits48 bits 16 bits

Provider Site Host

IPv6 Global Unicast Addresses

IPv6 Global Unicast addresses are:

Addresses for generic use of IPv6 Hierarchical structure intended to simplify

aggregation


36/82

2000 0db8

ISP prefix

Site prefix

LAN prefix

/32 /48 /64

Registry

/12

Interface ID

IPv6 Address Allocation

The allocation process is: The IANA is allocating out of 2000::/3 for initial IPv6

unicast use

Each registry gets a /12 prefix from the IANA

Registry allocates a /32 prefix (or larger) to an IPv6 ISP

Policy is that an ISP allocates a /48 prefix to each endcustomer


37/82

IPv6 Addressing Scope

64 bits reserved for the interface ID

Possibility of 264 hosts on one network LAN

Arrangement to accommodate MAC addresseswithin the IPv6 address

16 bits reserved for the end site

Possibility of 216 networks at each end-site

65536 subnets equivalent to a /12 in IPv4(assuming 16 hosts per IPv4 subnet)


38/82

IPv6 Addressing Scope

16 bits reserved for the service provider

Possibility of 216 end-sites per service provider

65536 possible customers: equivalent to eachservice provider receiving a /8 in IPv4 (assuming a

/24 address block per customer)

32 bits reserved for service providers

Possibility of 232 service providers

i.e. 4 billion discrete service provider networks

Although some service providers already are justifyingmore than a /32

Equivalent to the size of the entire IPv4 addressspace


39/82

Summary

Vast address space

Hexadecimal addressing

Distinct addressing hierarchy between ISPs,

end-sites, and LANs ISPs have /32s

End-sites have /48s

LANs have /64s

Other IPv6 features discussed later


40/82

Routing


41/82

Routing and Forwarding

Routing is not the same as Forwarding

Routing is the building of maps Each routing protocol usually has its own routing

database

Routing protocols populate the forwarding table Forwarding is passing the packet to the next

hop device Forwarding table contains the best path to the next

hop for each prefix

There is only ONE forwarding table


42/82

IP Routing

Each router or host makes its own routing decisions

Sending machine does not have to determine the entire path to

the destination

Sending machine just determines the next-hop along the path

(based on destination IP address)

This process is repeated until the destination is reached, or theres

an error

Forwarding table is consulted (at each hop) to determine the

next-hop


43/82

IP Routing

Classless routing

route entries include

destination

next-hop

mask (prefix-length) indicating size of address space described by the

entry

Longest match

for a given destination, find longest prefix match in the routing table

example: destination is 35.35.66.42

routing table entries are 35.0.0.0/8, 35.35.64.0/19 and 0.0.0.0/0

All these routes match, but the /19 is the longest match


44/82

IP routing

Default route

where to send packets if there is no entry for the

destination in the routing table

most machines have a single default route

often referred to as a default gateway

0.0.0.0/0

matches all possible destinations, but is usually not the

longest match


45/82

Static vs. Dynamic routing

Static routes

Set up by administrator

Changes need to be

made by administrator Only good for small

sites and star topologies

Bad for every other

topology type

Dynamic routes

Provided by routing

protocols

Changes are madeautomatically

Good for network

topologies which have

redundant links (most!)


46/82

Dynamic Routing

Routers compute routing tables dynamicallybased on information provided by otherrouters in the network

Routers communicate topology to each other

via different protocols Routers then compute one or more next hops

for each destination trying to calculate themost optimal path

Automatically repairs damage by choosing analternative route (if there is one)


47/82

A Large ISP with more than oneupstream provider

UpstreamISP

UpstreamISP

Africa

Europe

USA

Large ISP


48/82

Why does an ISP need BGP?

Multi-homing connecting to multipleproviders

upstream providers

local networks regional peering to get local traffic

Policy discrimination controlling how traffic flows

do not accidentally provide transit to non-customers

Aggregation


49/82

Defining BGP

BGP = Border Gateway Protocol

BGP is an exterior routing protocol

Focus on routing policy, not topology

BGP can make groups of networks(Autonomous Systems)

Good route filtering capabilities

Ability to isolate from others problems


50/82

BGP Protocol Basics

Routing Protocol used between

ASes

If you arent connected to

multiple ASes you dont needBGP

Runs over TCP

AS 100 AS 101

AS 102

EE

BB DD

AA CC

Peering


51/82

BGP Protocol Basics

Uses Incremental updates

sends one copy of the RIB at the beginning, then

sends changes as they happen

Path Vector protocol

keeps track of the AS path of routing information

Many options for policy enforcement


52/82

Terminology

Transit carrying network traffic across a network, usually for a

fee

Peering exchanging routing information and traffic

your customers and your peers customers network information only.

not your peers peers; not your peers providers.

Peering also has another meaning:

BGP neighbour, whether or not transit is provided

Default where to send traffic when there is no explicit route in

the routing table


53/82

What is an Exchange Point

Network Access Points (NAPs) established at

end of NSFnet

The original exchange points

Major providers connect their networks andexchange traffic

High-speed network or ethernet switch

Simple concept any place where providers

come together to exchange traffic


54/82

Internet Exchange Points

ISPs connect at Exchange Points or NetworkAccess Points to exchange traffic

IXP 1 IXP 2

ISP A

ISP B


55/82

Conceptual Diagram of an IXP

ISP Router

ISP Router

ISP Router

Exchange Point Medium


56/82

Why use an IXP?

KEEP LOCAL TRAFFIC LOCAL!!!

ISPs within a region peer with each other at the

local exchange

No need to have traffic go overseas only to come

back

Much reduced latency and increased performance


57/82

Why use an IXP?

VASTLY IMPROVES PERFORMANCE!!!

Network RTTs between organisations in the local

economy is measured in milliseconds, not seconds

Packet loss becomes virtually non-existent

Customers use the Internet for more products,

services, and activities


58/82

Why use an IXP?

Countries or regions with a successful IXP

have a successful Internet economy

Local traffic stays local

Money spent on local net infrastructure Service Quality not an issue

All this attracts businesses, customers, and

content


59/82

Domain Name System(DNS) Fundamentals


60/82

Computers use IP addresses.Why do we need names?

Names are easier for people to remember

Computers may be moved betweennetworks, in which case their IP address

will change.


61/82

The old solution: HOSTS.TXT

A centrally-maintained file, distributed to allhosts on the Internet

SPARKY 128.4.13.9

UCB-MAILGATE 4.98.133.7

FTPHOST 200.10.194.33

... etc

This feature still exists:/etc/hosts (UNIX)

c:\windows\hosts


62/82

hosts.txt does not scale

Huge file (traffic and load)Name collisions (name uniqueness)

Consistency

Always out of date

Single point of Administration

Did not scale well


63/82

The Domain Name System was born

DNS is a distributed database for holdingname to IP address (and other) information

Distributed:

Shares the Administration

Shares the Load

Robustness and improved performanceachieved through

replication

and caching

Employs a client-server architecture

A critical piece of the Internet'sinfrastructure


64/82

DNS is Hierarchical

.(root)

ke org com

DNS Database

/ (root)

etc usrbin

Unix FilesystemForms a tree structure

ac.ke

kcct.ac.ke

isoc.org afnog.org google.com

www.isoc.org

usr/local usr/sbin/etc/rc.d

usr/local/src


65/82

DNS is Hierarchical (contd.)

Globally unique names Administered in zones (parts of the tree)

You can give away ("delegate") control ofpart of the tree underneath you

Example: isoc.org on one set of nameservers

wiki.tools.isoc.org on a different set

elists.isoc.org on another set


66/82

Domain Names are (almost) unlimited

Max 255 characters total length

Max 63 characters in each part RFC 1034, RFC 1035

If a domain name is being used as a host name,

you should abide by some restrictions RFC 952 (old!)

a-z 0-9 and minus (-) only

No underscores ( _ )


67/82

Using the DNS

A Domain Name (like www.isoc.org) is theKEY to look up information

The result is one or more RESOURCERECORDS (RRs)

There are different RRs for different types ofinformation

You can ask for the specific type you want,or ask for "any" RRs associated with thedomain name

Commonly seen Resource Records


68/82

Commonly seen Resource Records(RRs)

A (address): map hostname to IPv4 address AAAA (quad A): map a hostname to IPv6

address

PTR (pointer): map IP address to hostname

MX (mail exchanger): where to deliver mail for

user@domain

CNAME (canonical name): map alternative

hostname to real hostname

TXT (text): any descriptive text

NS (name server), SOA (start of authority):used for delegation and management of the

DNS itself


69/82

A Simple Example

Query: www.isoc.org.Query type: A

Result:

www.isoc.org. 86400 IN A 206.131.241.137

In this case a single RR is found, but ingeneral, multiple RRs may be returned.

(IN is the "class" for INTERNET use of the

DNS)


70/82

Possible results from a Query

POSITIVEone or more RRs found

NEGATIVE

definitely no RRs match the query

SERVER FAIL cannot find the answer

REFUSED

not allowed to query the server


71/82

How DNS resolution works (2)

ResolverCaching

NS

Query

1

AuthNS

2

Auth

NS

3

AuthNS

4Response

5


72/82

DNS Resolving and Caching

Resolver

Caching Forwarder

(Recursive)

Root Server

ccTLD Server

KENIC Server

www.my.co.ke A?

www.my.co.ke A?

www.my.co.ke A?

www.my.co.ke A?

62.8.88.72

Ask .ke server @

mzizi.kenic.or.ke (+glue)

Ask kenic server @

ole.kenic.or.ke (+glue)

62.8.88.72

Add to

Cache


73/82

Contention Ratio


74/82

Definition

The ratio of the potential maximum demand (usage)to the actual bandwidth available - ref wikipedia

Also referred to as Overbooking ratio

Call it the bandwidth sharing ratio

Most service providers do not disclose this ratio In the UK its 50:1 on BT home ADSL and 20:1 on

business subscribers

The ratio is higher in the US - re Comcast case

No Data on Kenyan ISPs contention ratio

Argument for contention ratio is that 10% ofsubscribers utilize over 80% of bandwidth available


75/82

What does it mean?

In the ratio of 50:1 it means if you have a1Mbps link you are most likely sharing such(transit) with 49 other subscribers.

Therefore if all users were online

simultaneously you would get a speed of20Kbps

The easiest way to observe downloads at peakhours and off-peak hours

Also locally hosted content would be subjectto lower content ratios


76/82

Monitoring and MeasurementTools


77/82

Why Monitoring is important

To check network health status

Identify network bottlenecks

Plan for growth and expansion

Address security issues


78/82

Open Source Monitoring tools

MRTG & Cacti for bandwidth utilization

Nagios for service monitoring

Smokeping for RTT and availability

FlowD, NFSEN for protocol analysis and utilization

Webalizer - Web-server log monitoring

Rancid - router management

Snort - intrusion detection

Wireshark - tcdump analysis and log file


79/82

Open Source Measurement Tools

Ping - one-way RTT and reachability

Traceroute - one-way reachability

Mtr - one-way path attributes, packet loss,

Netperf- client/server bandwidth,throughput

Iperf- client/server bandwidth, throughput

Pathchar - one-way bandwidth, through put


80/82

Iperf sample

michuki:~ michuki$ iperf -c wavu.kixp.or.ke------------------------------------------------------------Client connecting to wavu.kixp.or.ke, TCP port 5001TCP window size: 65.0 KByte (default)------------------------------------------------------------[ 3] local 10.0.1.2 port 62134 connected with 80.240.194.142 port 5001[ ID] Interval Transfer Bandwidth[ 3] 0.0-13.6 sec 232 KBytes 139 Kbits/sec


81/82

Netperf

michuki:~ michuki$ sudo netperf -H wavu.kixp.or.ke -f kPassword:

TCP STREAM TEST to wavu.kixp.or.keRecv Send SendSocket Socket Message ElapsedSize Size Size Time Throughputbytes bytes bytes secs. 10^3bits/sec

65536 65535 65535 27.35 54.64


82/82

Thank you for your attention!

Most of the slides used are lifted from the AfNOG training material

available at:

www.ws.afnog.org

Date post:	10-Apr-2018
Category:	Documents
Upload:	kevotoo
View:	217 times
Download:	0 times

Internet Working Session I

Documents