TELE3118 extras F or week 4

1. TELE3118 extras For week 4

2. IPv4 header in Wireshark

3. Assigning IP addresses 223.1.1.2 • Need enough host bits to identify all host & router interfaces + .0 and broadcast • e.g. 200 hosts + 1 router + 2 = 203 => /24 • Can pinch spare addresses • e.g. /30 from /24 for interfaces between routers 223.1.1.1 223.1.1.4 223.1.1.3 223.1.7.2 223.1.9.2 223.1.9.1 223.1.7.1 223.1.8.1 223.1.8.2 223.1.2.6 223.1.3.27 223.1.2.1 223.1.3.2 223.1.2.2 223.1.3.1 Figure based on one from Kurose and Ross

4. Passage of a packet Each node • has 2 addresses: link + network • knows mask (255.0) & default router Each packet has 4 addresses:(source+dest)*(network+link†) A to B: • A: Net prefix length => B is local • A: Lookup B.link (by ARP) • Transmit (AA,BB,1.1,1.2) • B: BB=mine =>receive • R: BBmine => ignore A to F: • A: Net prefix length => F is external, via router R • A: Transmit (AA,CC,1.1,2.3) • R: CC=mine => receive & pass to IP • 2.3 on interface 2.1 & local • lookup 2.3’s link address (through ARP if not already stored) • transmit (DD,FF,1.1,2.3) Note: Link addresses change for each hop 1.1 1.2 2.2 2.3 A B E F 1.3 2.1 R AA BB EE FF CC DD † link layer “destination” is where the frame is destined on this link, not the link layer address of the final destination.

5. Slide from Kurose and Ross

6. DHCP discover src : 0.0.0.0, 68 dest.: 255.255.255.255,67 yiaddr: 0.0.0.0 transaction ID: 654 DHCP client-server scenario arriving client DHCP server: 223.1.2.5 src: 223.1.2.5, 67 dest: 255.255.255.255, 68 yiaddr: 223.1.2.4 transaction ID: 654 Lifetime: 3600 secs DHCP offer src: 0.0.0.0, 68 dest:: 255.255.255.255, 67 yiaddr: 223.1.2.4 transaction ID: 655 Lifetime: 3600 secs DHCP request src: 223.1.2.5, 67 dest: 255.255.255.255, 68 yiaddr: 223.1.2.4 transaction ID: 655 Lifetime: 3600 secs time DHCP ACK 67 = IP protocol number for DHCP servers 68 = IP protocol number for DHCP clients yiaddr = your internet address Slide from Kurose and Ross

7. DHCP (BOOTP) in Wireshark Request retransmitted

8. ARP in Wireshark

9. length =1500 length =1500 length =4000 length =1040 ID =x ID =x ID =x ID =x fragflag =0 fragflag =1 fragflag =1 fragflag =0 offset =2960 offset =1480 offset =0 offset =0 One large datagram becomes several smaller datagrams IP Fragmentation and Reassembly • Example • 4000 byte datagram • MTU = 1500 bytes IP length field includes 20B IP header 3980B payload 1480 + 1480 + 1020 4000B IP packet  1500 + 1500 + 1040 Slide from Kurose and Ross

10. Fragmentation in Wireshark ping -l 6000 Ethernet can carry 1500B data, IP header = 20B => 1480B ICMP/frame 6000B = 3x1480 + 1x80 + 8B ICMP header in first fragment: Frame 10: 8B ICMP header + 1472 ICMP data Frames 11, 12, 13: 1480B ICMP data Frame 14: 88B ICMP data

11. Traceroute in Wireshark TTL (outer, inner)

12. IPv6 header in Wireshark

13. Extension material follows

14. MPLS appearing in Linux traceroute (IP addresses have been removed to save clutter/space. Note route changes) $ traceroute www.ietf.org traceroute to www.ietf.org, 30 hops max, 38 byte packets 1 eebu4s2.uwn.unsw.EDU.AU.92.171.149.in-addr.arpa 1.176 ms 0.717 ms 0.454 ms 2 libcr1-po-6.gw.unsw.edu.au 0.657 ms0.466 msombcr1-po-6.gw.unsw.edu.au 0.407 ms 3 unswbr1-te-8-1.gw.unsw.edu.au0.565 msunswbr1-te-7-1.gw.unsw.edu.au 0.769 ms 0.894 ms 4 bfw1-ea-1-3053.gw.unsw.edu.au 0.461 ms 0.799 ms 0.639 ms 5 unswbr1-vl-3054.gw.unsw.edu.au 0.749 ms 1.119 ms 0.773 ms 6 tengigabitethernet2-2.er1.unsw.cpe.aarnet.net.au 1.145 ms 1.135 ms 1.077 ms 7 ge-4-1-0.bb1.a.syd.aarnet.net.au 1.206 ms 1.219 ms 1.241 ms 8 ae9.pe2.brwy.nsw.aarnet.net.au 1.252 ms 1.315 ms 1.299 ms 9 xe-0-0-0.bb1.b.sea.aarnet.net.au 143.794 ms 143.774 ms 143.815 ms 10 xe-0-6-0-23.r05.sttlwa01.us.bb.gin.ntt.net 152.582 ms 144.315 ms 144.346 ms 11 ae-0.level3.sttlwa01.us.bb.gin.ntt.net 143.860 ms 143.665 ms 143.985 ms 12 ae-31-51.ebr1.Seattle1.Level3.net 168.354 ms 168.093 ms 168.122 ms MPLS Label=1909 CoS=3 TTL=1 S=0 13 ae-7-7.ebr2.SanJose1.Level3.net 162.011 ms 162.081 ms 161.907 ms MPLS Label=1174 CoS=3 TTL=1 S=0 14 ae-92-92.csw4.SanJose1.Level3.net 163.372 ms 163.174 ms ae-72-72.csw2.SanJose1.Level3.net (4.69.153.22) 161.534 ms MPLS Label=1024 CoS=3 TTL=1 S=0 15 ae-2-70.edge8.SanJose1.Level3.net 161.208 ms 161.290 ms ae-3-80.edge8.SanJose1.Level3.net (4.69.152.148) 185.910 ms 16 ASSOCIATION.edge8.SanJose1.Level3.net 168.199 ms 162.042 ms 162.041 ms 17 * * * 18 * * * 19 * * *

15. How low is IP’s LCD? Ethernet: Ethernet services vs IP’s needs • Preamble -> Framing: Ethernet knows frame length, but not padding length => data. IP independently determines length of data. • Addresses: IP can work over point-to-point links without addresses. • Type: 0x0800 = IPv4. but IPv4 checks anyhow with version field. • Checksum: Ethernet protects all data, but IP protects (again) its header & TCP/UDP protect data. Frame formats. (a) Ethernet (DIX). (b) IEEE 802.3. IPv4: The IPv4 (Internet Protocol) header. Figures 4-14 and 5-46 From Tanenbaum & Wetherall

16. 1: host 10.0.0.1 sends datagram to 128.119.40, 80 2: NAT router changes datagram source addr from 10.0.0.1, 3345 to 138.76.29.7, 5001, updates table S: 10.0.0.1, 3345 D: 128.119.40.186, 80 1 S: 138.76.29.7, 5001 D: 128.119.40.186, 80 2 S: 128.119.40.186, 80 D: 10.0.0.1, 3345 4 S: 128.119.40.186, 80 D: 138.76.29.7, 5001 3 NAT: Operation NAT translation table WAN side addr LAN side addr 138.76.29.7, 5001 10.0.0.1, 3345 …… …… 10.0.0.1 10.0.0.4 10.0.0.2 138.76.29.7 10.0.0.3 4: NAT router changes datagram dest addr from 138.76.29.7, 5001 to 10.0.0.1, 3345 3: Reply arrives dest. addr.: 138.76.29.7, 5001 Slide from Kurose and Ross