IPIPInternet ProtocolAddress Resolution Protocol (ARP)Reverse Address Resolution Protocol
(RARP)Internet Control Message Protocol
(ICMP)
Internet ProtocolInternet Protocol
• What role does IP play?• IP packet header• IP routing• Subnet addressing and masks• Special case of IP addresses
What can IP do?What can IP do?
• End-to-end connectivity over a network• Connectionless: no state maintained about
successive packets (flows)• Unreliable: packets may get lost or thrown
away, or received out of order• Best effort service, ``I will do my best, but nothing is guaranteed”
IP: Packet HeaderIP: Packet Header
Payload
IP: Packet HeaderIP: Packet Header
• Source address• Destination address• Version: Currently IPV4, also IPV6• Header Length: # of 32 bit words in the
header• Total Length (16 bit number): in bytes
Max packet size = 65535 bytes
Header Payload
IP: Packet HeaderIP: Packet Header
• 8-bit Type of Service (TOS)• 3-bit precedence field & D,T,R• TOS bits:
• Minimize delay• Maximize throughput• Maximize reliability• Minimize monetary cost
• Unused bit set to 0
IP: Packet HeaderIP: Packet Header
• 8-bit Time to Live (TTL): It’s decremented every time the packet is forwarded
• 16-bit Checksum: Error detection for the header only. 16-bit ones complement
• 8-bit Protocol Field: identifies the protocol that the IP packet is servicing (TCP, UDP, ICMP,...)
IP: Packet HeaderIP: Packet Header
• 16-bit Identification: Normally incrementsby one each time a datagram is sent
• 13-bit fragmentation offset in 64-bit chunks• 3-bits of flags
• Don’t Fragment (DF)• More Fragments (MF)• Unused = 0
IP: Packet HeaderIP: Packet Header
• Options– Security and handling restrictions– Record route (have each router record
its IP address)– Time stamp (have each router record
its IP address and time)– Loose source routing– Strict source routing– Padding is zeros
IP RoutingIP Routing
Packet
Host/Route
• Is it for me?• Forward accordingto routing table
Ethernet
Interfaces Routing Table Entry• Dest IP address• IP address of next-hop router• Flags• Interface to pass packet to
IP RoutingIP Routing
Actions taken for routing• Search routing table for an entry that exactly
matches the complete destination IP address.If found then forward accordingly
• Default: send according to default entry
IP Routing: AddressingIP Routing: Addressing
Address hierarchy
net id host id
Class A, B, C.
net id host idsubnet id
IP address
Special IP address
SubnetSubnet
A campus network consisting of LANs for various departments
IP Routing: Addressing IP Routing: Addressing HierarchyHierarchy
Net
Subnet Subnet Subnet
Net
Subnet Subnet Subnet
IP Routing: AddressingIP Routing: Addressing
Post Office Routing Table
Destination Address Next POUSA 96822 1234 Dole Street AUSA 96822 4567 E-W Center Rd AUSA 96822 8901 Univ. Ave AUSA 96817 xxx DUSA 12485 xxx GJPN xxx HGBR xxx N
IP Routing: AddressingIP Routing: AddressingRouting Table Look Up• Find an exact, complete match of IP dest addr• If unsuccessful then find a match of subnet id• If unsuccessful then find a match of net id• Go to default
[root@localhost jsac2]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
128.172.167.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default oli1-gw.cns.vcu 0.0.0.0 UG 0 0 0 eth0
IP Routing: MasksIP Routing: MasksSubnet id entry in Routing Table
net id 00000000subnet id
net id, subnet id mask
1111111111111111111111100000000 Mask
Finding a match
IP dest addr Bit-wise AND =?Yes, then a match
IP Routing: MasksIP Routing: MasksNet id entry in Routing Table
net id
Finding a match
Compare net id in table with net id of IP dest addrof packet
IP: Special Case IP IP: Special Case IP AddressesAddresses
netid subnetid hostid Description0 0 Host on this net0 hostid Specify host on this net
127 anything Loopback address-1 -1 Limited broadcast
netid -1 Net directed broadcastnetid -1 Subnet-directed broadcastnetid -1 -1 All-subnets-directed broadcast
subnetid
to netid
NAT
1. Uniqueness of IP address
2. Connectionless service?
3. Layered approach?
4. What about Non TCP/UDP protocol?
5. Some use IP address as a test in payload such as FTP, internet telephony protocol H.323
6. We have limit on port number too.
IPv6?
Internet Control Protocol
Neighbor Greeting: ARP and Neighbor Greeting: ARP and RARPRARP
End nodes and routers find out their neighbors
Network
Point-to-point link
E R
Configured with IP address and mask for each link
Neighbor Greeting: ARP and Neighbor Greeting: ARP and RARPRARP
End nodes attached via LANs
Network
R2
E4
R1
E1 E2
E3Ethernet
Neighbor Greeting: ARP and Neighbor Greeting: ARP and RARPRARP
End nodes attached via LANs
R1
E1 E2
Ethernet
Ethernet packet
dst addr src addr rest of the packet
???
Neighbor Greeting: ARPNeighbor Greeting: ARP
R1
E1 E2
ARP requestbroadcast “E1where are you?”
R1
E1 E2
ARP reply:“I am here (giveethernet address)”
Neighbor Greeting: ARPNeighbor Greeting: ARP
RProxy ARPRouter responding toARP messages foranother node
Gratuitous ARP:Request to your own IP address1. Detect another node with the same IP address2. Update ARP cache entries if hardware addr
changes
Proxy
Neighbor Greeting: RARPNeighbor Greeting: RARP
S
E1 E2
RARP requestbroadcast “What’s myIP address (give ethernet address) ?”
S
E1 E2
RARP reply:“Your IP address isxxxx”
RARP server
Look up IPaddress
Doesn’t know IP addr
Neighbor Greeting: ARP and Neighbor Greeting: ARP and RARPRARP
Ethernet packet
Header• Ethernet dst and src addresses• Ethernet frame type = 0x0806 for ARP request
or reply = 0x0805 for RARP request or
or reply
Header Payload
Neighbor Greeting: ARP and Neighbor Greeting: ARP and RARPRARP
Payload• Hardware type = 1 for ethernet• Protocol type = 0x800 for IP• Length in octets of layer 2 address = 6 for ethernet• Length in octets of layer 3 address = 4 for IP• Operation
– 1 = ARP request– 2 = ARP reply– 3 = RARP request– 4 = RARP reply
Neighbor Greeting: ARP and Neighbor Greeting: ARP and RARPRARP
Payload• Sender layer 2 address• Sender layer 3 address• Target layer 2 address• Target layer 3 address
Neighbor Greeting: ARP and Neighbor Greeting: ARP and RARPRARP
R1
E1 E2
Ethernet
ARP Cache
IP dest Ethernet physical addr Time outs flushcache of oldentries
Internet Control Message Internet Control Message Protocol: ICMPProtocol: ICMP
• For the control plane• Uses IP packets• Deals with connectivity• Errors• Redirection
Internet Control Message Internet Control Message Protocol: ICMPProtocol: ICMP
IP Header ICMP Message
8-bit Type 8-bit Code 16-bit Checksum
Internet Control Message Internet Control Message Protocol: ICMPProtocol: ICMP
type Description0 echo reply (ping reply)3 destination unreachable4 source quench5 redirect8 echo request (ping request)9 router advertisement10 router solicitation11 time exceeded: Time-to-live = 0
Internet Control Message Internet Control Message Protocol: ICMPProtocol: ICMP
type Description12 Parameter problem: IP header bad or
required option missing13 Time stamp request14 Time stamp reply15 Information request (obsolete)16 Information reply (obsolete)17 address mask request18 address mask reply
ICMP: Address Mask ICMP: Address Mask Request and ReplyRequest and Reply
type code (0) checksum
identifier sequence number
32-bit subnet mask
• It’s used by diskless systems to obtain theirsubnet mask
Used to match requests with replies
ICMP: Time Stamp Request ICMP: Time Stamp Request and Replyand Reply
type code (0) checksum
identifier sequence number
32-bit originate time stamp
It’s used to get the current time (# ms since midnite)
32-bit receive time stamp
32-bit transmit time stamp
req sent
req recvd
reply sent
ICMP: Port Unreachable ICMP: Port Unreachable ErrorError
dstX
Node Z
Can’t forwardto X for somereason
srcY
Header
dstY
srcZICMP
Tells Y that there’s a problem with forwardingto X at Z
ICMP: Port Unreachable ICMP: Port Unreachable ErrorError
Reasons why a packet can’t be forwarded:• Network or host can’t be reached because
– Not in routing table– Administrative or TOS prohibited
• Must fragment but packet indicates no fragmentation• Source route failed• Ports or protocol are unavailable
ICMP: Port Unreachable ICMP: Port Unreachable ErrorError
ICMP unreachable message
type(3) code checksum
Unused (must be 0)
IP header (including options)+ first 8 bytes of original IPdatagram data
First 8 bytes of original IP datagram includes src & dst port numbers for UDP and TCP headers
More on IP Packets: OptionsMore on IP Packets: Options0 15 16 31
Data
Vers HL TOS Total Length
Identification Flags Offset
TTL Protocol Header Checksum
Source Address
Destination Address
Options
More on IP Packets: OptionsMore on IP Packets: Options
• Options field is at most 40 bytes• Record Route Option• Timestamp Option• Source Routing
Record Route OptionRecord Route Option
Packet records route: list of IP addreses
code len ptr IP addr #1 IP addr #2 IP addr #9...
1 1 1 4 bytes 4 bytes 4 bytes
39 bytes
ptr=4 ptr=8 ptr=36
• Code = 7• len = total number of bytes• ptr = points to where the next IP addr goes
IP Timestamp OptionIP Timestamp Option
code len ptr timestamp #1 ...
1 1 1 4 bytes 4 bytes
timestamp #9
OF FL
• code = 0x44• len, ptr• FL flags field• OF field: incr every ovflow
Records time stamps along the route
• Records time stamps• Records TS and addr• Init w. addr & TS=0
then TS is filled in
Source Routing OptionSource Routing Option
• Strict source routing• Loose source routing
• List of IP addresses in the packet• Strictly defined = follow list exactly• Loosely defined = follow list but other nodes can
be in between
Source Routing OptionSource Routing Option
A,B,C,D
Header
BA C DStrictly defined
Loosely defined
AB
C
D
Source Routing OptionSource Routing Option
Packet follows the route in its list
code len ptr IP addr #1 IP addr #2 IP addr #9...
1 1 1 4 bytes 4 bytes 4 bytes
39 bytes
ptr=4 ptr=8 ptr=36
• Code = 0x83 (loose) or 0x89 (strict)• len = total number of bytes• ptr = points to where the next IP addr goes
Source Routing: ExampleSource Routing: Example
S
D
R1 R2R2
Headerdest
Payloadoptions
dest=D{R1,R2,R3}
dest=R1{R2,R3,D}
dest=R2{R1,R3,D}
dest=R3{R1,R2,D}
ptr ptr ptr
D dest=D{R1,R2,R3}
ptr
IP RoutingIP Routing
• Routing principles• ICMP unreachable errors• ICMP redirects• Fast table lookups
Routing PrinciplesRouting Principles
• Routing mechanism: search routing table anddecide which interface to send the packet
• Routing policy: rules to decide which routesgo into the routing tables
Routing Principles: Routing Principles: processing done at the IP processing done at the IP
layerlayer
RoutingTable
routecommand
routingDaemon
netstatecommand
ICMP
redirectsNext interface to forward to
IPlayer
Routing Principles: simple Routing Principles: simple routing tablerouting table
Destination Gateway Flags Refcnt Use Interface140.252.13.65 140.252.13.35 UGH 0 0 emd0127.0.0.1 127.0.0.1 UH 1 0 lo0default 140.252.13.33 UG 0 0 emd0140.252.13.32 140.252.13.34 U 4 25 emd0
Loopback
.35 .34 .33
emd0
# active connections
# packets
Routing Principles: simple Routing Principles: simple routing tablerouting table
Flags• U: Route is up• G: Route is to a gateway (router; “indirect route”).
If not then the dest is directly connected (“direct route)
• H: Host, destination address must be matchedcompletely. Without H, destination is a net orsubnet
• D: Route was created by a redirect• M: Route was modified by a redirect
Routing Principles: simple Routing Principles: simple routing tablerouting table
End
End
R
Directroutes
Indirect route
ICMP Unreachable ErrorsICMP Unreachable Errors
• When a packet cannot be forwarded thenIP sends an ICMP unreachable errormessage back to the source
ICMP RedirectsICMP Redirects
R2
R1
• Dest=X• No Routing Table Entry• Default = R1
1 2
Forward
I just sent a messageout from where I received it
ICMPredirect
3
ICMP redirects updatesrouting tables
ICMP Redirect MessageICMP Redirect Messagetype(5) code(0-3) checksumrouter IP address that should be used
IP header (including options) +first 8 bytes of original IP datagram
code Description0 redirect for network1 redirect for host2 redirect for TOS and network3 redirect for TOS and host
ICMP Router Discovery ICMP Router Discovery MessagesMessages
H
R1 R2
• Boot• No entries in routing table• Send router solicitation
(rs) message
rs
ra + list ra + list
Other nodes reply• Router advertisement
(ra)• List of destinations it
has in its routing tables
ICMP Router Discovery ICMP Router Discovery MessagesMessages
type(10) code(0-3) checksumUnused (sent as 0)
Format of ICMP router solicitation message
ICMP Router Discovery ICMP Router Discovery MessagesMessages
type(9) code(0) checksum
router address[1]
Format of ICMP router advertisement message
# addr 2 lifetime
preference level[1]router address[2]
preference level[2]
addrentrysize
Fast ForwardingFast Forwarding
Table look-ups are a bottleneck to packet processing
• Let’s assume each IP address (as a destination)in the routing table has a mask.
• An IP address that would be flagged H (requiringa complete match) would have a mask 1111....11111
• Table look-up: find the longest prefix match
Fast Forwarding: ExampleFast Forwarding: Example
Routing table entries:1. value: 11001111 01011100 00000000 10000111 mask: 11111111 11111111 11111111 111111112. value: 11001111 01011100 00000000 00000000 mask: 11111111 11111111 00000000 000000003. value: 11001111 01011100 00000000 00000000 mask: 11111111 11111111 11100000 00000000
11001111 01011100 00000000 10000111
Longest prefix match
Fast Forwarding: ExampleFast Forwarding: Example
Routing table entries:1. value: 11001111 01011100 00000000 10000111 mask: 11111111 11111111 11111111 111111112. value: 11001111 01011100 00000000 00000000 mask: 11111111 11111111 00000000 000000003. value: 11001111 01011100 00000000 00000000 mask: 11111111 11111111 11100000 00000000
11001111 01011100 00001000 10000111
Longest prefix match
Fast ForwardingFast Forwarding
• Tries• Hash functions and binary search
TriesTries
Binary tree root
leaf
Each node hasat most two children
TriesTries
• Binary tree• Each node represents a prefix or part of a prefix• Each node has a pointer to data for that prefix
E.g., outgoing interface for the prefix• A child node extends a parent node by an
additional bit
TriesTries
01*0 1
010 011
No childrenso it is the longestprefix with these bits
1
0111*
Prefix for a subnet
Not a prefix
Prefix for a subnet
TriesTries{ }
0 1
00* 01 10 11*
000 001*
0001*
010
0101*
101* 111*
1010*
TriesTries
Searching a trie:• Start from the root• Continue going down the trie matching the IP
address of the packet• If any * is encountered then record that as
the “longest prefix so far”• Return the longest prefix so far
Tries: ImprovementsTries: Improvements
Collapsing a long nonbranching path
1
11
111
1111*
1
1111*
Tries: ImprovementsTries: Improvements
• Trading memory for search time: k-ary treesI.e., trees with up to k children per child
• Trees are shorter so search time is faster• k should be a power of two, e.g., 8 or 16
Tries: ImprovementsTries: Improvements
101
1010* 1011
10100* 10110*
Binary Trie
101
10100 10101 10110 10111
What forwarding infoshould be stored ateach entry?
Tries: ImprovementsTries: Improvements
101
1010* 1011
10100* 10110*
Binary Trie
101
10100 10101 10110 10111
10100*1010*
1010* 10110*
Tries: Hashing and Binary Tries: Hashing and Binary SearchSearch
Implementation of a routing table:
Suppose the table was for exact IP address matches
Implementation 1:• Have a memory with 32 address bits• Each address A has an entry for the IP dest A• Problem: Big memory (4 billion) even though the
number of IP destinations may be much smaller
Tries: Hashing and Binary Tries: Hashing and Binary SearchSearch
Routing TableAddresses Entries(32 bits)
Sparsely filled
IP Packet
dst
Returnoutgoinginterface
Tries: Hashing functionTries: Hashing function
Smaller Routing TableAddresses Entries(16 bits)
denser
IP Packet
dst
Returnoutgoinginterface
h(dst)
Tries: Hashing FunctionTries: Hashing Function
• The hashing function maps the 32-bit number (IP address) into a 16-bit number (memory address of the routing table).
• Mapping tries to be uniform. Ideally each 32-bit number gets mapped to a distinct 16-bit number
• Example hashing function:
h(dst) = (a * dst + b) mod 216
Tries: Hashing FunctionTries: Hashing Function
• Two distinct IP addresses dstA and dstB couldgive the same hashing function output, i.e.,h(dstA) = h(dstB). CONTENTION!
IP Packet
dst
h(dst)
Store alldsts thatmap to thesame outputas a linkedlist
Tries: Hashing FunctionTries: Hashing Function
• That’s for complete IP address matches• What about for longest prefixes?
– Each prefix entry (e.g., 01001*) is mappedby the hashing function to a linked list
Tries: Linear SearchTries: Linear Search
How do we find the longest prefix match?
Approach 1 (linear search): IP address11001111 01011100 00001000 10000111
To find an entry, search for• 1 (first bit)• then 11 (first 2 bits)• then 110 (first 3 bits)• and so on for all possible 32-bit prefixes
Tries: Binary SearchTries: Binary Search
Approach 2 (binary search): IP address11001111 01011100 00001000 10000111
To find an entry, search for• 11001111 01011100 (first 16 bits)• if unsuccessful search for first 8 bits• else search for first 24 bits• and so on until we find the longest prefix match
Tries: Binary SearchTries: Binary Search
Approach 2 (binary search): Suppose the table has the following entries
11001111 01011100 00001000 10000111*
11001111 0101110*
Then it must also have the entries
11001111 01011100 0&
11001111 01011100 00&
Etc
& means thatthere’s a biggerprefix