NAT: network address translation - WordPress.com

▪ 16-bit port-number field: • 60,000 simultaneous connections with a

single LAN-side address!▪ NAT is controversial:

• routers should only process up to layer 3• address shortage should be solved by IPv6• violates end-to-end argument

• NAT possibility must be taken into account by app designers, e.g., P2P applications

• NAT traversal: what if client wants to connect to server behind NAT? (More detail later)

NAT: network address translation

1Network Layer: Data Plane

ver length

32 bits

data (variable length, typically a TCP

or UDP segment)

16-bit identifierheader

checksumtime to

live

32 bit source IP address

head. len

type of service

flgs fragment offset

upper layer

32 bit destination IP address

options (if any)

IP datagram formatIP protocol version

numberheader length

(bytes)

upper layer protocol to deliver payload to

total datagram length (bytes)

“type” of data for fragmentation/ reassemblymax number

remaining hops (decremented at

each router)

e.g. timestamp, record route taken, specify list of routers to visit.


Differentiated Services and is called the Diff Serv Code Point (DSCP).

0x0 is default (best effort)

3

Yeah No checksum. We already have error detection a data link layer

Internet Checksum: example

Transport Layer: 3-18

example: add two 16-bit integers

sum

checksum

Note: when adding numbers, a carryout from the most significant bit needs to be added to the result

* Check out the online interactive exercises for more examples: http://gaia.cs.umass.edu/kurose_ross/interactive/

1 1 1 0 0 1 1 0 0 1 1 0 0 1 1 01 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1

1 1 0 1 1 1 0 1 1 1 0 1 1 1 0 1 1wraparound

1 0 1 1 1 0 1 1 1 0 1 1 1 1 0 00 1 0 0 0 1 0 0 0 1 0 0 0 0 1 1

4

How do you check using the checksum.

sum

checksum

1 1 1 0 0 1 1 0 0 1 1 0 0 1 1 01 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1

1 1 0 1 1 1 0 1 1 1 0 1 1 1 0 1 1wraparound

1 0 1 1 1 0 1 1 1 0 1 1 1 1 0 00 1 0 0 0 1 0 0 0 1 0 0 0 0 1 1

Add up all of the numbers that you receive. Then add the check some. If you don’t get all ones packet is corrupted.

5

WIRE SHARK CAPTURE INSPECTION EXAMPLES

IP fragmentation, reassembly▪ network links have MTU

(max.transfer size) - largest possible link-level frame• different link types,

different MTUs ▪ large IP datagram divided

(“fragmented”) within net• one datagram becomes

several datagrams• “reassembled” only at

final destination• IP header bits used to

identify, order related fragments

fragmentation: in: one large datagram out: 3 smaller datagrams

reassembly

…

…


ID =x

offset =0

fragflag =0

length =4000

ID =x

offset =0

fragflag =1

length =1500

ID =x

offset =185

fragflag =1

length =1500

ID =x

offset =370

fragflag =0

length =1040

one large datagram becomes several smaller datagrams

example:❖ 4000 byte datagram❖ MTU = 1500 bytes

1480 bytes in data field

offset = 1480/8

IP fragmentation, reassembly


Why is 1480 and not 1500Length includes the bytes associated with the header field

Original checksum is 20 bytes

4.1 Overview of Network layer• data plane• control plane

4.2 What’s inside a router4.3 IP: Internet Protocol

• datagram format• fragmentation• IPv4 addressing• network address

translation• IPv6

Chapter 4: outline


9

DCHP explore

10

Bring the Ideas of Together. ( Modem/Router/Switch)

11

Dial-up Modems:

Traditional telephone lines can carry frequencies between 300 and 3300 Hz,

Trelliscoded modulation. Trellis is essentially QAM plus a redundant bit.

https://www.brainkart.com/article/Dial-up-Modems_13438/

https://www.brainkart.com/article/Dial-up-Modems_13438/

12

32-QAM with a baud rate of 2400

Trellis-coded modulation. Trellis is essentially QAM plus a redundant bit.

Baud rate is symbols per second. 2400 Symbols per second

Number of bits 32 QAMlog2(32) = 5

One Redundant bit5-4

How many bits per second4*2400 = 9600 bps

How many bits per second Could you get if 128-QAM

Why the redundant bit? -> Helps with error detection

13

14

Similar Ideas

15

IPv6: motivation▪ initial motivation: 32-bit address space soon to

be completely allocated. ▪ additional motivation:

• header format helps speed processing/forwarding• header changes to facilitate QoS

IPv6 datagram format: • fixed-length 40 byte header• no fragmentation allowed•


Why no fragmentation. (Fragmentation open you up a fragmentation attacks)

IPv6 datagram formatpriority: identify priority among datagrams in flowflow Label: identify datagrams in same “flow.” (concept of“flow” not well defined).next header: identify upper layer protocol for data

data

destination address (128 bits)

source address (128 bits)

payload len next hdr hop limitflow labelpriver

32 bits17Network Layer: Data Plane

18

19

20

21

22

Traffic Class

https://tools.ietf.org/html/rfc2460

Request for Comments (RFC) 2460

https://tools.ietf.org/html/rfc2460

23

24

25

26

27

28

Other changes from IPv4▪ checksum: removed entirely to reduce

processing time at each hop▪ options: allowed, but outside of header,

indicated by “Next Header” field▪ ICMPv6: new version of ICMP

• additional message types, e.g. “Packet Too Big”• multicast group management functions


30

ver length

32 bits

data (variable length, typically a TCP

or UDP segment)

16-bit identifierheader

checksumtime to

live

32 bit source IP address

head. len

type of service

flgs fragment offset

upper layer

32 bit destination IP address

options (if any)

Something Has been removed from IPV6. Is it important?

31

Transition from IPv4 to IPv6▪ not all routers can be upgraded simultaneously

• no “flag days”• how will network operate with mixed IPv4 and

IPv6 routers? ▪ tunneling: IPv6 datagram carried as payload in

IPv4 datagram among IPv4 routers

IPv4 source, dest addr IPv4 header fields

IPv4 datagramIPv6 datagram

IPv4 payload

UDP/TCP payloadIPv6 source dest addr

IPv6 header fields


Transition from IPv4 to IPv6

▪ not all routers can be upgraded simultaneously• no “flag days”• how will network operate with mixed IPv4 and

IPv6 routers?


So how could we address this issue.

Tunneling

physical view:IPv4 IPv4

A B

IPv6 IPv6

E

IPv6 IPv6

FC D

logical view:

IPv4 tunnel connecting IPv6 routers

E

IPv6 IPv6

FA B

IPv6 IPv6


flow: X src: A dest: F

data

A-to-B: IPv6

Flow: X Src: A Dest: F

data

src:B dest: E

B-to-C: IPv6 inside

IPv4

E-to-F: IPv6

flow: X src: A dest: F

data

B-to-C: IPv6 inside

IPv4

Flow: X Src: A Dest: F

data

src:B dest: E

physical view:A B

IPv6 IPv6

E

IPv6 IPv6

FC D

logical view:

IPv4 tunnel connecting IPv6 routers

E

IPv6 IPv6

FA B

IPv6 IPv6

Tunneling

IPv4 IPv4


IPv6: adoption

▪ Google: 30% of clients access services via IPv6▪ NIST: 1/3 of all US government domains are IPv6

capable

▪ Long (long!) time for deployment, use•20 years and counting!•think of application-level changes in last 20 years: WWW, Facebook, streaming media, Skype, …•Why?


37

https://www.google.com/intl/en/ipv6/statistics.html

https://www.google.com/intl/en/ipv6/statistics.html

Computer Networking: A Top Down Approach

A note on the use of these Powerpoint slides: We’re making these slides freely available to all (faculty, students, readers). They’re in PowerPoint form so you see the animations; and can add, modify, and delete slides (including this one) and slide content to suit your needs. They obviously represent a lot of work on our part. In return for use, we only ask the following:

▪ If you use these slides (e.g., in a class) that you mention their source (after all, we’d like people to use our book!)

▪ If you post any slides on a www site, that you note that they are adapted from (or perhaps identical to) our slides, and note our copyright of this material.

Thanks and enjoy! JFK/KWR

All material copyright 1996-2016 J.F Kurose and K.W. Ross, All Rights Reserved

7th edition Jim Kurose, Keith RossPearson/Addison WesleyApril 2016

Chapter 4 Network Layer:The Data Plane





translation• IPv6

Chapter 4: outline


Chapter 4: network layer

chapter goals: ▪ understand principles behind network layer

services, focusing on data plane:• network layer service models• forwarding versus routing• how a router works• generalized forwarding

▪ instantiation, implementation in the Internet


Network layer▪ transport segment from

sending to receiving host ▪ on sending side

encapsulates segments into datagrams

▪ on receiving side, delivers segments to transport layer

▪ network layer protocols in every host, router

▪ router examines header fields in all IP datagrams passing through it

application transport network data link physical

application transport network data link physical

network data link physical network

data link physical

network data link physical







network data link physicalnetwork

data link physical


Two key network-layer functions

network-layer functions:▪forwarding: move packets from router’s input to appropriate router output▪routing: determine route taken by packets from source to destination

• routing algorithms

analogy: taking a trip▪ forwarding: process of

getting through single interchange

▪ routing: process of planning trip from source to destination


Network layer: data plane, control plane

Data plane▪local, per-router function▪determines how datagram arriving on router input port is forwarded to router output port▪forwarding function

Control plane▪network-wide logic▪determines how datagram is routed among routers along end-end path from source host to destination host▪two control-plane approaches:

• traditional routing algorithms: implemented in routers

• software-defined networking (SDN): implemented in (remote) servers

1

23

0111

values in arriving packet header


Per-router control plane

Routing Algorithm

Individual routing algorithm components in each and every router interact in the control plane

data plane

control plane

44Network Layer: Control Plane

1

2

0111


3

data plane

control plane

Logically centralized control planeA distinct (typically remote) controller interacts with local control agents (CAs)

Remote Controller

CA

CA CA CA CA

45Network Layer: Control Plane

1

2

0111

3





translation• IPv6

4.4 Generalized Forward and SDN• match• action• OpenFlow examples

of match-plus-action in action

Chapter 4: outline


Router architecture overview

high-seed switching

fabric

routing processor

router input ports router output ports

forwarding data plane (hardware) operttes in

nanosecond timeframe

routing, management control plane (software) operates in millisecond

time frame

▪ high-level view of generic router architecture:


line termination

link layer

protocol (receive)

lookup, forwarding

queueing

Input port functions

decentralized switching: ▪ using header field values, lookup output

port using forwarding table in input port memory (“match plus action”)

▪ goal: complete input port processing at ‘line speed’ (ex line speed 10Mbs)

▪ queuing: if datagrams arrive faster than forwarding rate into switch fabric

physical layer: bit-level reception

data link layer: e.g., Ethernet see chapter 5

switch fabric


line termination

link layer

protocol (receive)

lookup, forwarding

queueing

Input port functions

decentralized switching: ▪ using header field values, lookup output

port using forwarding table in input port memory (“match plus action”)

▪ destination-based forwarding: forward based only on destination IP address (traditional)

physical layer: bit-level reception

data link layer: e.g., Ethernet see chapter 5

switch fabric


Destination Address Range

11001000 00010111 00010000 00000000 through 11001000 00010111 00010111 11111111

11001000 00010111 00011000 00000000 through 11001000 00010111 00011000 11111111

11001000 00010111 00011000 00000000 through 11001000 00010111 00011111 11111111

otherwise

Link Interface

0

1

2

3

Destination-based forwardingforwarding table


Longest prefix matching

Destination Address Range 11001000 00010111 00010*** *********

11001000 00010111 00011000 *********

11001000 00010111 00011*** ********* otherwise

DA: 11001000 00010111 00011000 10101010

examples:DA: 11001000 00010111 00010110 10100001 which interface?

which interface?

when looking for forwarding table entry for given destination address, use longest address prefix that matches destination address.

longest prefix matching

Link interface

0

1

2

3


Longest prefix matching▪ longest prefix matching: often performed using ternary

content addressable memories (TCAMs)• content addressable: present address to TCAM:

retrieve address in one clock cycle, regardless of table size

• Cisco Catalyst: can hold up ~1M routing table entries in TCAM

52Network Layer: Data Planehttps://www.pagiamtzis.com/cam/camintro/

X don’t affect the line (don’t care)

https://www.pagiamtzis.com/cam/camintro/

Switching fabrics▪ transfer packet from input buffer to appropriate

output buffer▪ switching rate: rate at which packets can be

transfer from inputs to outputs• often measured as multiple of input/output line rate• N inputs: switching rate N times line rate desirable

▪ three types of switching fabrics

memory

memory

bus crossbar


Memory Based Routersfirst generation routers:▪ traditional computers with switching under direct control of CPU▪ packet copied to system’s memory▪ speed limited by memory bandwidth (2 bus crossings per datagram)

input port (e.g.,

Ethernet)

memoryoutput port (e.g.,

Ethernet)

system bus


Switching via a bus

▪ datagram from input port memory

to output port memory via a shared bus

▪ bus contention: switching speed limited by bus bandwidth

▪ 32 Gbps bus, Cisco 5600: sufficient speed for access and enterprise routers

bus


Switching via interconnection network

▪ overcome bus bandwidth limitations

▪ banyan networks, crossbar, other interconnection nets initially developed to connect processors in multiprocessor

▪ advanced design: fragmenting datagram into fixed length cells, switch cells through the fabric.

▪ Cisco 12000: switches 60 Gbps through the interconnection network

crossbar


57

Hi-Z high impedance. Very little current flow

58

What control signal would result in result shown below.

59

1 0 0 0

0 1 0 0

0 0 1 0

0 0 0 1

60

Network Layer 61

A Big Banyan Tree at Bangalore

62

Given some banyan switch draw the configuration that gets the output

Input port queuing

▪ fabric slower than input ports combined -> queueing may occur at input queues • queueing delay and loss due to input buffer overflow!

▪ Head-of-the-Line (HOL) blocking: queued datagram at front of queue prevents others in queue from moving forward

output port contention:only one red datagram can be

transferred.lower red packet is blocked

switch fabric

one packet time later: green packet experiences HOL

blocking

switch fabric


Output ports

▪ buffering required when datagrams arrive from fabric faster than the transmission rate

▪ scheduling discipline chooses among queued datagrams for transmission

line termination

link layer

protocol (send)

switch fabric

datagram buffer

queueing

This slide is HUGELY important!

Datagram (packets) can be lost due to congestion, lack of buffers

Priority scheduling – who gets best performance, network neutrality


Output port queueing

▪ buffering when arrival rate at switch exceeds output line speed

▪ queueing (delay) and loss due to output port buffer overflow!

at t, packets more from input to output

one packet time later

switch fabric

switch fabric


How much buffering?▪ RFC 3439 rule of thumb: average buffering

equal to “typical” RTT (say 250 msec) times link capacity C• e.g., C = 10 Gpbs link: 2.5 Gbit buffer

▪ recent recommendation: with N flows, buffering equal to

RTT C.N


Scheduling mechanisms

▪ scheduling: choose next packet to send on link▪ FIFO (first in first out) scheduling: send in order of

arrival to queue• discard policy: if packet arrives to full queue: who to

discard?• tail drop: drop arriving packet• priority: drop/remove on priority basis• random: drop/remove randomly

queue (waiting area)

packet arrivals

packet departureslink

(server)


Scheduling policies: prioritypriority scheduling:

send highest priority queued packet

▪ multiple classes, with different priorities• class may depend on

marking or other header info, e.g. IP source/dest, port numbers, etc.

• Q: real world example?

high priority queue (waiting area)

low priority queue (waiting area)

arrivals

classify

departures

link (server)

1 3 2 4 5

5

5

2

2

1

1

3

3 4

4arrivals

departures

packet in

service


Scheduling policies: still moreRound Robin (RR) scheduling:▪ multiple classes▪ cyclically scan class queues, sending one complete packet from each class (if available)

1 23 4 5

5

5

2

3

1

1

3

2 4

4arrivals

departures

packet in

service


Weighted Fair Queuing (WFQ): ▪ generalized Round Robin▪ each class gets weighted amount of service in

each cycle

Scheduling policies: still more





translation• IPv6

4.4 Generalized Forward and SDN• match• action• OpenFlow examples

of match-plus-action in action

Chapter 4: outline


The Internet network layer

forwarding table

host, router network layer functions:

routing protocols• path selection • RIP, OSPF, BGP

IP protocol• addressing conventions • datagram format • packet handling conventions

ICMP protocol• error reporting • router “signaling”

transport layer: TCP, UDP

link layer

physical layer

network layer


Date post:	24-Oct-2021
Category:	Documents
Upload:	others
View:	5 times
Download:	0 times

NAT: network address translation - WordPress.com

Documents