1 / 52

CSE 331: Introduction to Networks and Security

Explore the concepts of bridges, extending LANs, IP scaling, and inter-networking challenges in network security. Learn about spanning tree algorithms, IP encapsulation, and addressing techniques for efficient communication.

ngilliam
Download Presentation

CSE 331: Introduction to Networks and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSE 331: Introduction to Networks and Security Slide Set 3 Fall 2001 Instructor: Carl A. Gunter

  2. Internetworking • Bridges • IP • Scaling IP • Next Generation IP • DNS • Multicast

  3. Inter-networking Challenges HeterogeNiety Scale

  4. Extended LANs • Idea: extend LAN. • More hosts • Larger area • How? Use “amplification”. • Inter-LAN packet forwarding • called a repeater • limited by specification.

  5. Bridges • Logically, these are switches • As part of a logical broadcast: • Forward packet on input port to all other ports • Self-Learning Bridge • Watch source addresses to learn destinations • A “transparent” optimization

  6. Learning Example

  7. Host Host Host Topology and Bridges • Consider broadcast emulation:

  8. Problem: Cycles (Loops) • Frame gets rebroadcast forever • Could avoid by construction, BUT: • Hard, especially management • Often want redundancy • Solution: • Restrict Active ports to a “Spanning Tree” • Basic design by Radia Perlman

  9. Root • Spanning Tree: shortest paths to root Host ROOT Host Host

  10. Spanning Tree Algorithm • Messages • Sender ID • Belief about root ID • Distance to root • Elect root for family of LAN’s and designated bridge for each LAN. • Initially: each bridge considers itself root. • Update and forward protocol.

  11. Spanning Tree Algorithm, ctd • A configuration message is better if • provides root with smaller ID • provides root with equal ID but shorter distance to root • provides equal root ID and distance to root but sending ID has smaller ID • Only root bridge sends configuration information at the end. Time out to recover from failure.

  12. Limitations • Scaling • Connections on order of dozens • Transparency incomplete • Heterogeneity • Limited to compatible link layers

  13. IP • Terminology • Service model • Addresses • Forwarding • ARP • ICMP

  14. Internetworks Router (Gateway)

  15. Internetworks Ethernet H1 H2 H3 Ethernet H7 R3 H8 R1 H4 Point-to-Point Link (e.g., ISDN) FDDI Ring R2 H6 H5

  16. FTP NFS HTTP TCP UDP Virtual Network Infrastructure (runs globally) IP ISDN Ethernet ATM IP Interoperability Overlays (running at hosts) Networks (run locally)

  17. IP Encapsulation

  18. Service Model • Choose minimal service model • All nets can implement • “Tin cans and a string” extremum • Features: • Best-effort (datagram) delivery • Reliability, etc. as overlays • Packet format

  19. IPv4 Packet Format 0 4 8 16 19 31 Version Hlen TOS Length Ident Flags Offset TTL Protocol Checksum SourceAddr DestinationAddr Options (variable length) Pad DATA

  20. Fields of IPv4 Header • Version • version of IP, 4 in this case • Hlen • Header length, in 32-bit words • TOS • Type of Service (rarely used) • Priorities, delay, throughput, reliability

  21. Header fields, continued • Length • Length of datagram, in bytes • 16 bits, hence max. of 65,536 bytes • Fields for fragmentation and reassembly • Identifier • Flags • Offset

  22. Header fields, continued • TTL • Time to live (in reality, hop count) • 64 is the current default • Protocol • e.g., TCP (6), UDP(17), etc. (see hourglass)

  23. Yet more fields…. • Checksum • Checksum of header; described P&D 3.4 • SourceAddr, DestinationAddr • 32 bit IP addresses - global, IP-defined • Options • length can be computed using Hlen

  24. Fragmentation and Reassembly • Networks differ on maximum packet size • IP Fragmentation-and-Reassembly analogous to ATM Segmentation and Reassembly • Maximum Transmission Unit (MTU) • Path MTU is min MTU for path • F-and-R BAD for performance (Mogul,..)

  25. Ethernet H1 H2 H3 Ethernet MTU = 1500 MTU = 1500 H7 R3 H8 R1 H4 Point-to-Point Link (e.g., ISDN) FDDI Ring R2 MTU = 4500 MTU = 532 H6 H5 H1 R1 R2 R3 H8 P2P IP (512) P2P IP (512) ETH IP (512) ETH IP (512) ETH IP (1400) ETH IP (376) FDDI IP (1400) P2P IP (376)

  26. Unfragmented packet Fragmented packets

  27. IP addresses • Hierarchical, not flat as in Ethernet • Written as four decimal numbers separated by dots: 158.130.14.2 7 24 A Network Host 0 14 16 B Host 1 0 Network 21 8 C Host 1 1 0 Network

  28. Network Classes

  29. Forwarding • If (network # dest == network # interface) then deliver to destination over interface • else if (network # dest in forwarding table) deliver packet to NextHop router • else deliver packet to default router

  30. ARP • ARP - Address Resolution Protocol • Mapping between IP and link layer addresses using broadcast

  31. ARP Packet Format

  32. ARP and ICMP • ICMP - Internet Control Message Protocol • ping • redirect • error messages

  33. Scaling Problems • Not enough network numbers. • Routing information too cumbersome.

  34. Subnets • Solution: Subnetting • All nodes are configured with subnet mask • Allows definition of a subnet number • All hosts on a physical subnetwork share the same subnet number Subnet Mask (255.255.255.0) 111111111111111111111111 00000000 Subnetted Address: Network number Subnet ID Host ID

  35. Subnets, cont’d • Mask is bitwise-ANDed with address • This is done at routers • Router tables in this model: • <Subnet #, Subnet Mask, NextHop> • Subnetting allows a set of physical networks to look like a single logical network from elsewhere

  36. Forwarding Algorithm D = destination IP address for each forwarding table entry (SubnetNumber, SubnetMask, NextHop) D1 = SubnetMask & D if D1 = SubnetNumber if NextHop is an interface deliver datagram directly to destination else deliver datagram to NextHop (router)

  37. IP Routing • Begin by partitioning problem: • Interdomain Routing - between administrative domains (e.g., companies) • Intradomain Routing - inside administrative domains

  38. Intradomain Routing • RIP - Routing Information Protocol • Uses distance vector algorithm • Limited to small nets; <15 hops • See packet format p. 245 P&D • OPSF - Open Shortest Path First • Augmented version of link-state • Augmentation includes authentication, load-balancing, and defined areas

  39. 2   2   1 1  1 1 0 0 0 Synchronous Bellman-Ford Destination

  40.   3 3   2 2 2     4  1 1 1 1 0 0 0 0 0 Asynchronous Version

  41. 1 3 3  6 3 2 0 2 2 2 5 5 1  4  4 4 Counting to Infinity Loops may form and stability cannot occur without “counting to infinity”. Problem in RIP addressed in AODV at the cost of greater complexity.

  42. Interdomain Routing • EGP - Exterior Gateway Protocol • Early; constrained Internet to tree and hence shares some problems of bridging (scalability, path exploitation, etc. ….. )

  43. Interdomain Routing, cont. • BGP - Border Gateway Protocol • Arbitrary topology • Lego-like interconnection of Administrative Domains • local traffic: originates or terminates in A.D. • transit traffic: passes through • stub: one A.D.-A.D. link • multihomed: multiple A.D. links, no transit • transit: connections to other A.D.s; carry transit

  44. Intradomain Routing, cont. • BGP • A border gateway is an IP router that forwards packets between A.D.s • A.D. has one “BGP speaker” • BGP advertises reachability, not costs • And it advertises paths between A.D.s • Thus, not LSP or DV. • Router state ~# A.D.s, hence large

  45. Next Generation IP • Lots of addresses (128 bits) • Real-time • Security • Autoconfiguration • Mobile hosts and other enhanced routing functions

  46. Packet Format 0 31 Ver. Prio FlowLabel PayloadLEN NextHeader HopLimit Source Address (128 bits) Destination Address (128 bits) Next Header/Data

  47. Cheltenham.cs.arizona.edu 192.12.69.60 Domain Name System • System for mapping mnemonic names for computers into IP addresses. • Domain Hierarchy • Name Servers • Name Resolution

More Related