1 / 83

CMPT 471 Networking II

CMPT 471 Networking II. IP. Internet Architecture. A user can think of the network as a single virtual network that connects them to any other user on the Internet Conceptually TCP/IP provides three sets of services

abia
Download Presentation

CMPT 471 Networking II

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CMPT 471Networking II IP

  2. Internet Architecture • A user can think of the network as a single virtual network that connects them to any other user on the Internet • Conceptually TCP/IP provides three sets of services • Internet software is designed around these three conceptual groups of networking services arranged in a hierarchy • The architecture is robust and adaptable

  3. IP: conceptual service Layers Comer 2006: fig 6.1

  4. Connectionless Delivery • A best effort delivery system that does not guarantee delivery (unreliable) • Each packet is sent independently, packets related to the same communication may take different routes from source to destination • Different routes may take different amounts of time so packets may arrive out of order • Packets may be lost due to transmission errors or congestion but will not be discarded gratuitously. • The protocol that governs many aspects of this delivery system is the IP protocol.

  5. The IP protocol • One of the aspects of the datagram delivery system controlled by the IP protocol is the format of the IP datagram • There are two versions of the IP protocol presently in use IPv4 and IPv6, each with its own packet format. • IPv4 is still the most commonly used version • IPv6 is becoming more common (World IPv6 day June 6 2012) • IPv6 was introduced to address shortcomings of IPv4 • As we discuss IP we will look at both IPv4 and IPv6 and the differences between them

  6. Change IP, other solutions? • Address space exhaustion (temporary solution CIDR) • Two level addressing (network and host) results in many unused addresses. Addresses committed even if not used or potentially used for growth of network. • Growth of networks and the Internet • Extended use of TCP/IP • Lack of security and authentication • Temporary solution: IPsec retrofit to IPv4 (see security notes) • Requirements for new types of service • temporary solution: differential services replaces TOS • Not able to guarantee real-time transmission of services like video or audio

  7. Improvements in IPv6 (1) • Expanded address space: 128 bit addresses • Improved option mechanism: Additional separate optional headers between IPv6 header and transport layer header • Most additional headers are not examined by intermediate routers, improving processing speed at intermediate routers and simplifying router processing. • It is easier to add options by adding more intermediate headers • Address auto configuration: Allows dynamic assignment of addresses

  8. IPv6 Improvements (2) • Increased addressing flexibility: • Anycast - delivered to one of a set of nodes • Improved scalability of multicast addresses • Support for resource allocation: • Labeling of packets to particular traffic flow • Allows special handling (e.g. Support real time streams for applications such as video ) • Replaces type of service • New version of ICMP ICMPv6 (RFC 2463) • Functionality of ICMPv4 and ARP (RFC 2461) in neighbor discovery, and IGMP (RFC 2710 3810) in the multicast listener discoverer, all combined in one protocol

  9. IPv4 addresses: representation • 32 bit global internet (IP) address is used to uniquely identify a particular network interface connected to a particular host as a destination for communication • Globally applicable and globally unique • Expressed a series of 32 binary digits • 10000000 00001011 00000011 00011111 • Also expressed in dotted decimal notation • Binary digits are separated into four groups of eight digits • Each group of 8 digits are translated to a decimal number • The decimal number are separated by dots (periods) • Example address above becomes 128.11.3.31

  10. Structure of an IPv4 address • Each IP address is split into two parts (netid, hostid) to identify the host and the network to which the host is connected • The netid (network address or prefix) identifies the network to which the host belongs. • The number of bits dedicated to the netid will determine the number of possible networks. • The hostid identifies the particular host (network interface for a multi homed host) • The number of bits dedicated to the hostid will determine the possible number of hosts on the network

  11. Network address IPv4 • Netid (network address) non zero: hostid all 0’s • never assigned as the source or destination address of an IP packet, or as the address or a single host/router • Used in routing tables and documentation to refer to all hosts on a particular network • A network address is assigned to the network itself, not to an individual host or router • The network address defines the network to the rest of the internet • If an IP address has a netid corresponding to the address of a particular network then that the IP address is the address of a host on that particular network

  12. IPv6 Addresses: representation • 128 bits long represented as a hexadecimal number separated by colons. • Divided into 8 16 bit blocks each represented by 4 hexadecimal digits. • 1080:0000:0000:0000:0008:08A0:200C:417A • Leading zeros can be omitted, but one zero remains if all 4 hexadecimal digits are zero. • 1080:0:0:0:8:8A0:200C:417A • One string of single colon separated zeros can be abbreviated to a :: (Not more than one) • 1080::0008:08A0:200C:417A

  13. Structure of IPv6 addresses • Each IP address is split into 3 parts • Global Routing Prefix: identifies the block of addresses, e.g. multicast, unicast, link local, site local … (48 bits) • Subnet ID: identifies a particular site (16 bits) • Interface ID: identifies a particular interface on a subnet (64 bits) • Uses prefixes: e.g. 21DA:D3:0:2F3B::/64 to denote the network prefix (network address of length 64 is 21DA:D3:0:2F3B)

  14. “this” address • Indicates the absence of a valid address • IPv4 Netid zero: hostid nonzero • Interpreted as hostid on “this” network • IPv4 0.0.0.0 • “this” host when network address is also unknown • IPv6 0:0:0:0:0:0:0:0 • Used when booting a host that does not know its own IP address (usually a diskless host) • Cannot be a destination address

  15. Loopback address • IP address used to send packets from one process to another through the local interface within a host • Packets sent to the loopback address will not leave the local host, they will never be sent onto any network • Packets sent to the loopback address will pass through the local interface (lo) • To record packets sent to the loopback address using tcpdump you must watch packets going through the local interface • Available IPv4 loopback addresses 127.0.0.0 to 127.255.255.254, usually use 127.0.0.1 • IPv6 loopback address ::1

  16. IPv4 Broadcast address • Network broadcast addresses are valid only as a destination • directed broadcast:broadcast to all stations on the local network from anywhere reached by the internet • netid is network address for the network • hostid all 1’s • A security risk for denial of service attacks, by default directed broadcast is disabled • limited broadcast or local network broadcast: broadcast to all stations on the local network from within that local network • netid and hostid all 1’s. • May be used when node starts to establish its IP address

  17. IPv6 Broadcast address? • There is no concept of broadcast address in IPv6 • Specialized multicasting is used to replace broadcasting. • No need to reserve the all 1’s address for broadcast it can be used for a host

  18. IPv4 Private or Non-Routable addresses • Some addresses are reserved for use on local networks that are not connected to the Internet • Routers do not consider these addresses to be valid Internet addresses, and will not route a packet through the Internet to any of them • These addresses may be used and routed on private internets. They may not be directly connected to the Internet. • 10.0.0.0/8 10.0.0.0 to 10.255.255.255 • 172.16.0.0/12 172.16.0.0 to 172.31.255.255 • 192.168.0.0/16 192.168.0.0 to 192.168.255.255

  19. IPv6 Private or Non-Routable addresses • Addresses that may be used on private internets are also available for IPv6. Packets with these addresses will not be routed out of the private network into the Internet, they may be routed within the private network • In early releases of IPv6 such addresses were called site-local addresses. For site-local addresses the first 10 bits of the address were 1111111011 (FEC0). Site local addresses have been deprecated (no longer supported) • The present range of IPv6 addresses available for private networks is FC00::/7. However, local addresses must have the 8th bit set to 1. Basically this means, any IPv6 address that starts with FDxx is for private networks only (FD00::/8)

  20. IPv6 link-local addresses • IPv6 also has a new type of non-routable address called a link-local address. This type of address is for all IPv6 nodes both on the internet and in private networks. Link local addresses • are given to every IPv6 node • begin with FE80 – FEFF (FE80::/10) • are valid only on the local link (the local network segment • Are the type of address used for address resolution

  21. multicast addresses • A multicast address refers to a group of destination IP addresses that may be in different networks throughout the internet • For IPv4 multicast addresses start with 1110 • Group address uses the remaining 28 bits • For IPv6 multicast addresses Start with 1111 1111 • Then has some other special purpose bits followed by 112 bit multicast group ID • IPv4 broadcast is replaced by use of specific aspects of IPv6 multicast

  22. IPv6 Addresses for IPv4 • IPv4 compatible addresses have the form: • first 80 bits 0 ::0/80 • Next 16 bits • 1 for addresses of IPv4 only nodes so that IPv6 hosts have an address to send to IPv4 only nodes • 0 if there is a corresponding IPv6 address that is for dual stack hosts • (Last 32 bits contain the IPv4 address

  23. Hosts • A host is a source or destination of IP packets. • A host usually has 1 network interface, an thus does not forward packets or act as a router • Hosts must still make some routing decisions, in particular which router, directly attached to their own network, to send a particular packet to • A multi-homed host is a host connected to single or multiple networks through more than one network interface • A multi homed host may also forward packets acting as a router. • To act as a (slow) router it must be enabled as a router. (have forwarding activated)

  24. Routers • A router is a system that forwards packets from one host to another. A router • normally has a processor, network interfaces and a high speed switching matrix • will not normally be the destination of packets (except routing information packets transmitted using a routing protocol if dynamic routing is in use) • will forward packets using a routing table • The processor of a router will normally run the implementation of the routing protocol that is the IP routing algorithm and the IP forwarding algorithm • For static routing will load the routing table at boot time • For dynamic routing will maintain the routing table over time

  25. Routing protocols • Routing protocols specify how information about routing will be transferred between routers • Each router will store information provided by the routing protocol in its routing table • For dynamic routing information will be transferred between routers continuously • For static routing the protocol will specify what can be in the routing table built by the network administrator • An IP routing algorithm uses the information supplied by the routing protocol to build, and for dynamic routing update, the routing table • An IP forwarding algorithm uses the information in the routing table to determine which interface of the router to transmit the IP packet through to efficiently deliver the packet to its destination (determines the direction of the next hop)

  26. Direct Delivery • Direct delivery occurs when a datagram is delivered from one host to another on the same physical network. It is not necessary for the packet to pass through a router • If the network specific portion of a packets destination IP address and source IP address are the same then the packet can usually be delivered directly • Direct delivery is also the last step of the delivery of any IP datagram. Once the datagram has reached a router connected to the same physical network as the destination the datagram is encapsulated in a local MAC frame and directly delivered

  27. Indirect Delivery • If the final destination of the IP datagram is not on the local physical network • The datagram must be encapsulated in a MAC frame and sent to a router connected to the local physical network. • That router will extract the datagram from the MAC frame and use it routing capabilities to find another router on an efficient path to the final destination to send the datagram to. • The router then encapsulates the datagram in a MAC frame and transmits it to the next router. • This process continues until the packet reaches a router directly connected to the same local physical network as the destination host. • The datagram can then be directly delivered to the destination.

  28. Choosing the next hop • If it has been determined that the datagram cannot be delivered directly then • If the datagram originates on the present host then choosing the next hop means choosing a router, attached to the same physical network as the host, that is an acceptable next hop in the path to the final destination • If the datagram has arrived at the router from another host or router then an efficient next hop in the path to the destination must be found • The next hop (for both cases) is determined by consulting a routing table. That table will indicate where a datagram destined for a particular IP address should be sent to reach that destination efficiently

  29. Contents of a IPv4 routing table • Each entry in the routing table includes • An address prefix (Destination) and mask (Genmask) which indicate a particular network or networks • The IP address of the next router or host along the path to the final destination (called the gateway) • The network interface that should be used to transmit the packet so it can reach the next hop address • A metric that can be used to compare the relative “goodness” of alternate routes. • Possible implementation specific additional information

  30. A sample IPv4 routing table

  31. Obtaining IPv4 routing info • The LINUX netstat function will let you look at the routing table on a host or LINUX router. The flag –r will give you the information you want, omitting this flag will give you additional information on things in addition to the routing table • To add or remove static entries from the routing table use the LINUX command route. • Route with no arguments will also show you the routing table (route may be disabled, but netstat is usually available)

  32. The IPv4 forwarding algorithm • Extract the IP destination address from the packet • If the destination address is on the local network directly deliver the datagram OTHERWISE • For each routing table entry use the mask (bitwise and the mask with the destination IP address) to extract the prefix from the destination address and compare it to the prefix in the table. Remember any entries that match • Choose the matching entry with the longest prefix match • If there is no match send a routing error back to the source

  33. Using a netmask to extract netid • IP address 198.53.147.45 converted to binary • 11000110 00110101 10010011 00101101 • Netmask 255.255.255.0 (class C) converted to binary • 11111111 11111111 11111111 00000000 • AND IP address and Netmask 11000110 00110101 10010011 00101101 11111111 11111111 11111111 00000000 11000110 00110101 10010011 00000000 • Convert result of and to dotted decimal to get the network address (netid) 198.53.147.0

  34. Contents of a IPv6 routing table • Each entry in the routing table includes • An network prefix and which indicate a particular network or networks (address and size addr/size) • The IP address of the next hop router or host along the path to the final destination (called the next hop router) • The network interface that should be used to transmit the packet so it can reach the next hop address • A metric that can be used to compare the relative “goodness” of alternate routes. • Possible implementation specific additional information

  35. A sample routing table IPv6 Destination Next Hop Flag Met Ref Use If ::1/128 :: Un 0 1 41 lo fdd0:8184:d967:25::a19:106/128 fdd0:8184:d967:29::a1d:109 UG 1024 0 203 eth1 fdd0:8184:d967:26::/64 fdd0:8184:d967:30::a1e:108 UG 1024 0 122 eth2 fdd0:8184:d967:29::/128 :: Un 0 2 0 lo fdd0:8184:d967:29::a1d:10a/128 :: Un 0 1 350 lo fdd0:8184:d967:29::/64 :: U 256 0 1 eth1 fdd0:8184:d967:30::/128 :: Un 0 2 0 lo fdd0:8184:d967:30::a1e:10a/128 :: Un 0 1 392 lo fdd0:8184:d967:30::/64 :: U 256 0 1 eth2 fe80::250:56ff:fea4:1795/128 :: Un 0 1 74 lo fe80::250:56ff:fea4:59c9/128 :: Un 0 1 63 lo fe80::250:56ff:fea4:764f/128 :: Un 0 1 0 lo fe80::/64 :: U 256 0 0 eth1 fe80::/64 :: U 256 0 0 eth2 fe80::/64 :: U 256 0 0 eth0 ::/0

  36. Notes about the routing table • The addresses that start fdd0 are IPv6 private network global addresses • The addresses that start fe80 are link local addresses • /128 addresses refer to a single host • :/0 is the default address

  37. Obtaining IPv6 routing info • The LINIX netstat function will show you the IPv6 routing table. netstat –r6 • The LINIX ip function can be used to look at the IPv6 routing table. ip –6 route • route -6 will also show the IPv6 routing table • To add or remove static entries from the routing table use the LINUX command ip (or route). • Using these commands in the command line will make the change until the host is rebooted • Placing the commands in the /etc/network/interfaces file will make the change persistent after reboot

  38. The IPv6 forwarding algorithm Next hop determination • IPv6 maintains a cache known as the destination cache. In the destination cache all the next hop destinations for all the destinations of recent packets are stored. • The cache also holds other information about the path to the destination • When a packet arrives to be forwarded the first step is the check for the destination address in the destination cache. • If the destination is in the destination cache then the packet is forwarded to the next hop and other parameters given in the cache.

  39. Next hop determination • The destination address is obtained from the packet. • For each destination entry in the routing table the first N bits (where /N is specified for that destination) are compared to the first N bits of the destination address • If the first N bits are the same the destination is a match

  40. Next hop determination • The list of matches is examined, and the match with the largest number of matching bits is chosen (most specific matching route) • If there are multiple matches with the maximum number of bits choose the match with the lowest value of metric • Use the selected entry to get the next hop IP and interface (same as IPv4)

  41. The IPv6 forwarding algorithm • When a packet is sent and its destination is not in the destination cache, then its destination, and the corresponding next hop destination are saved in the destination cache and the timers for the lifetime of the cache entry are started • When a packet is sent and its destination is in the destination cache, then the timers for the lifetime of the cache entry are updated

  42. IPv4 Protocol Header Maximum length 60 octets, minimum length 20 octets (see arrow) Options field may span as many as 20 rows (40 octets) Comer 2006: fig 6.3

  43. IPv4 Header Fields (1) • Version(4 bits): 4 for IPv4 • Internet header length or HLEN( 4 bits): length of IP header in 32 bit words. Minimum header length is 20 octets, so header length would be at least 5. Used to locate the start of the payload • Service Type (8 bits): Contains bits to set priority (0 lowest to 7 highest) and to select routing based on optimization of reliability, precedence, delay or throughput parameters (TOS replaced by Differential Services, more later) • Total length (16 bits): This includes the header and the data payload. Packet length is measured in octets. Maximum length of a packet is 216 -1= 65,535 octets

  44. IPv4 Header Fields (2) • Identification (16 bits): Identifies a particular datagram or packet. The same Identification is used for each fragment of a fragmented datagram. The final receiver will use the Identification for reassembly. The sender of the datagram must generate a unique identification for each datagram sent. • Flags(3 bits): More bit, Don’t fragment bit, third bit (highest order bit) is undefined • Fragment offset (13 bits): Position of the fragment in the present packet within the unfragmented payload. (Must be a multiple of 64 bits from start of the unfragmented payload, measured in 64 bit units)

  45. IPv4 Header Fields (3) • Time to live (8 bits): Measured in seconds, but must decrement by at least 1 at each IS. Since transmission time in modern system are very rarely in excess of one second this is essentially a hop counter (Default 64) • Protocol (8 bits): protocol of next higher layer (transport layer) to receive data field at destination • Header checksum (16 bits): 16 bit ones complement sum of all 16 bit words in header (header checksum field is zero during the calculation). Checksum does not include data, verification that data is not corrupted is left to higher layers in the protocol stack.Reverified and recomputed at each IS. IP packet is discarded if checksum does not match.

  46. IPv4 Header Fields (4) • Source address (32 bits): IP address of the originating station • Destination address (32 bits): IP address of final destination • Options (variable): Examples include • Security • Strict source routing (specify all ISs) • Loose source routing (Specify some ISs) • record route (records address at each hop) • timestamp (records address and timestamp at each hop) • Padding (variable) • To add zero bits at the end of the options so the header length is a multiple of 32 bits long

  47. IP v6 Header Figure 33.2 Comer (2000)

  48. IPv6 packet Structure Hop by Hop header IPv6 header Routing header Destination options header Fragment header Authentication header Encapsulating Security header Transport header Destination Options header DATA

  49. IP v6 Header Fields (1) • Version (4 bits): 6 • Traffic Class (8 bits): Experimental: indicates class or priority of packet. Still undefined, provides way for application to experiment with class • Flow Label (20 bits): Experimental: Indicates that packet belongs to a specific sequence of packets that can be reference by flow number. Used by hosts requesting special handling of such a sequence of packets. Multiple sequences can flow between the same hosts, each packet in a sequence must have identical Hop by Hop and routing headers and IPv6 addresses.

  50. IP v6 Header Fields (2) • Payload length (16 bits): Includes all extension headers plus user data. For lengths greater than 65,535 bytes it is set to zero, and jumbo payload option in the hop by hop header is used • Next Header (8 bits): Indicates the type of the first extension header or in the absence of extension headers the protocol for the next layer up (same as for IPv4). • Hop Limit (16 bits): maximum number of allowed hops (0-255). When number is exceeded ICMPv6 Time Exceeded message is sent • Source Address (128 bits) • Destination address (128 bits)

More Related