Chapter 7 Internet Protocol Version 4 (IPv4)
Kyung Hee University 1 7.1 Introduction
The transmission mechanism used by the TCP/IP
Unreliable and connectionless datagram protocol
Best-effort delivery service IP packets can be corrupted, lost, arrive out of order, or delayed and may create congestion for the network Each datagram is handled independently
Each datagram can follow a different route to destination
Datagram sent by the same source to the same destination could arrive out of order.
Kyung Hee University 2 Position of IP in TCP/IP protocol suite
Kyung Hee University 3 7.2 Datagrams
Datagrams are packets in the network layer
Datagram is a variable-length packet consisting of header and data.
The header is 20 to 60 bytes, contains information essential to routing and delivery It is customary in TCP/IP to show the header in 4-byte section Field in Header
Version(VER) – the version of IP protocol (4-bit) Header length(HLEN) – total length of the datagram header in 4-byte words. Kyung Hee University 4 IP Datagram
Kyung Hee University 5 IP Datagram
TOS(Type of Service) – 8-bit
x x x 0 0 0 x x x x x 0 Precedence x x x x 1 1 interpretation x x x x 0 1 Differential service interpretation Category Codepoint Assigning Authority 1 XXXXX0 Internet : 24 services 2 XXXX11 Local 3 XXXX01 Temporary or experiment
Kyung Hee University 6 IP Datagram
Total Length
16-bit field (limited to 65,535 bytes) Define the total length of the IP datagram in bytes Length of data = total length – header length Encapsulation of a small datagram in an Ethernet frame
Figure 7.4 Encapsulation of a small datagram in an Ethernet frame
Kyung Hee University 7 IP Datagram Identification – used in fragmentation
Flags – used in fragmentation
Fragmentation offset – used in fragmentation
Time to love – limited life time of datagram
Protocol – the higher level protocol that uses the services of the IP layer
Fig. 7.5 Multiplexing Kyung Hee University 8 IP Datagram
Checksum – Check errors
Source address – The IP address of source
Destination address – The IP address of destination
Kyung Hee University 9 Example 7.1
An IP packet has arrived with the first 8 bit shown:
The receiver discards the packet. Why?
Solution There is an error in this packet. The 4 left-most bit(0100) show the version, which is correct. The next 4 bit(0010) show the wrong header length(2 × 4 = 8). The minimum number of byte in the header must be 20. The packet has been corrupted in transmission.
Kyung Hee University 10 Example 7.2
In an IP packet, the value of HLEN is 1000 in binary. How many byte of option are being carried by this packet?
Solution
The HLEN value is 8, which means the total number of bytes in the header is 8 × 4 or 32 bytes. The first 20 bytes are the base header, the next 12 bytes are the option.
Kyung Hee University 11 Example 7.3
In an IP packet, the value of HLEN is 516 and the value of the total length field is 002816. How many bytes of data are being carried by this packet?
Solution
The HLEN value is 5, which mean the total number of bytes in the header is 5 × 4 or 20 bytes (no options). The total length is 40 bytes, which means the packet is carrying 20 bytes of data (40 − 20).
Kyung Hee University 12 7.3 Fragmentation
The format and size of the received frame depend on the protocol used by the physical network
When a datagram encapsulated in a frame, the total size of the datagram must be less than MTU(Maximum Transfer Unit) size
We must divide the datagram to make it possible to pass through the network; this is called fragmentation
Kyung Hee University 13 MTU(Maximum Transfer Unit)
IP datagram
MTU Header Maximum length of data that can be encapsulated in a frame Trailer Frame
Kyung Hee University 14 Fragmentation
The value of the MTU differs from one physical network protocol to another
Kyung Hee University 15 Fields Related to Fragmentation
Identification – All fragments have the same identification value
Flag – 3-bit field
Fragmentation offset – 13-bit field, the relative position of this fragment with respect to the whole datagram
Kyung Hee University 16 Fragmentation Example
Offset = 0000/8 = 0
0000 1399
Offset = 1400/8 = 175 1400 2799
Offset = 2800/8 = 350 2800 3999
Kyung Hee University 17 Detailed Fragmentation Example
1420 14,567 1 000
Bytes 0000–1399 820 14,567 1 175 Fragment 1 4020 14,567 0 000 1420 Bytes 1400–2199 14,567 1 175 Fragment 2.1
Bytes 0000–3999 Bytes 1400–2799 Original datagram Fragment 2
1220 14,567 0 350
Bytes 2800–3999 Fragment 3 Kyung Hee University 18 Example 7.5
A packet has arrived with an M bit value of 0. Is this first fragment, or a middle fragment? Do we know if the packet was fragment?
Solution
If the M bit is 0, it means that there are no more fragment; the fragment is the last one. However, we cannot say if the original packet was fragment or not. A nonfragmented packet is considered the last fragment.
Kyung Hee University 19 Example 7.9
A packet has arrived in which the offset value is 100, the value of HLEN is 5 and the value of the total length field is 100. What is the number of the first byte and the last byte?
Solution
The first byte number is 100 × 8 = 800. The total length is 100bytes and the header length is 20bytes (5 × 4), which means that there are 80 bytes in this datagram. If the first byte number is 800, the last byte number must be 879.
Kyung Hee University 20 7.4 Options
Type field (8-bit) : Fixed length
Copy : Control the presence of the option in fragmentation Class : Define the general purpose of the option Number : Define the type of option Length field (8-bit) : Fixed length
The total length of the option Value field : Variable length
Contain the data that specific options require
Kyung Hee University 21 Option Format
8 bits 8 bits Variable length Type Length Value
Number
Class 00000 End of option 00001 No operation Copy 00 Datagram control 00011 Loose source route 01 Reserved 00100 Timestamp 0 Copy only in first fragment 10 Debugging and management 00111 Record route 1 Copy into all fragments 11 Reserved 01001 Strict source route
Kyung Hee University 22 Categories of Options
Kyung Hee University 23 No Operation Option
1-byte option used as a filter between options
Kyung Hee University 24 End-of-Option Option
1-byte option used for padding at the end of the option field
Kyung Hee University 25 Record-Route Option
Used to record the Internet routers that handle the datagram
Kyung Hee University 26 Record-Route Concept
7 15 4 7 15 8 7 15 12 7 15 16 140.10.6.3 140.10.6.3 140.10.6.3 200.14.7.9 200.14.7.9 138.6.22.26
67.34.30.6 138.6.25.40 1 4 0 . 6 3 6 7 . 1 4 0 2 1 4 0 . 5 1 3 8 . 6 2 2 0 . 1 4 7 9 2 0 . 1 4 7
67.0.0.0/24 140.10.0.0/16 200.14.7.0/24 138.6.0.0/16 Network Network Network Network
Kyung Hee University 27 Strict-Source-Route Option
Used by source to predetermine a route for the datagram as it travels through the Internet
All of routers defined in the option must be visited by the datagram
Kyung Hee University 28 Strict-Source-Route Concept
Source: 67.34.30.6 Source: 67.34.30.6 Source: 67.34.30.6 Source: 67.34.30.6 Destination: 67.14.10.22 Destination:140.10.5.4 Destination:200.14.7.14 Destination:138.6.25.40 137 15 4 137 15 8 137 15 12 137 15 16 140.10.5.4 67.14.10.22 67.14.10.22 67.14.10.22 200.14.7.14 200.14.7.14 140.10.5.4 140.10.5.4 138.6.25.40 138.6.25.40 138.6.25.40 200.14.7.14
67.34.30.6 138.6.25.40 1 4 0 . 6 3 6 7 . 1 4 0 2 1 4 0 . 5 1 3 8 . 6 2 2 0 . 1 4 7 9 2 0 . 1 4 7
67.0.0.0/24 140.10.0.0/16 200.14.7.0/24 138.6.0.0/16 Network Network Network Network
Kyung Hee University 29 Loose-Source-Route Option
Similar to the strict source route, but it is more relaxed. Each router in the list must be visited, but the datagram can visit other routers as well
Kyung Hee University 30 Timestamp Option
Used to record the time of datagram processing by a router
The time is expressed in miliseconds from Universal Time
Kyung Hee University 31 Use of Flag in Timestamp
Flag 0 : each router adds only the timestamp in the provided field
Flag 1 : each router must add its outgoing IP address and the timestamp
Flag 3 : the IP addresses are given, and each router must check the given IP address with its own incoming IP address
1
0
Kyung Hee University 32 Timestamp Concept
68 28 5 0 1 68 28 13 0 1 68 28 21 0 1 68 28 29 0 1 140.10.6.3 140.10.6.3 140.10.6.3 36000000 36000000 36000000 200.14.7.9 200.14.7.9 36000012 36000012 138.6.22.26 36000020
67.34.30.6 1 4 0 . 6 3 6 7 . 1 4 0 2 1 4 0 . 5 1 3 8 . 6 2 2 0 . 1 4 7 9 2 0 . 1 4 7
67.0.0.0/24 140.10.0.0/16 200.14.7.0/24 138.6.0.0/16 Network Network Network Network
Kyung Hee University 33 Example 7.11
Which of the six option are used for datagram control and which are used for debugging and management? Solution We look at the second and third (left-most) bits of the type. a. No operation: type is 00000001; datagram control. b. End of option: type is 00000000; datagram control. c. Record route: type is 00000111; datagram control. d. Strict source route: type is 10001001; datagram control. e. Loose source route: type is 10000011; datagram control. f. Timestamp: type is 01000100; debugging and management control. Kyung Hee University 34 Example 7.12
One of the utilities available in UNIX to check the traveling of the IP packets is ping. In the next chapter, we talk about the ping program in more detail. In this example, we want to show how to use the program to see if a host is available. We ping a server at De Anza College named fhda.edu. The result shows that the IP address of the host is 153.18.8.1. The result also shows the number of bytes used.
Kyung Hee University 35 Example 7.15
The traceroute program can be used to implement loose source routing. The –g option allows us to define the routers to be visited, from the source to destination. The following shows how we can send a packet to the fhda.edu server with the requirement that the packet visit the router 153.18.251.4.
Kyung Hee University 36 Example 7.16
The traceroute program can also be used to implement strict source routing. The –G option forces the packet to visit the routers in the command line. The following shows how we can send a packet to the fhda.edu server and force the packet to visit only the router 153.18.251.4.
Kyung Hee University 37 7.5 Checksum
Checksum – The error detection method used by most TCP/IP protocol
Protect against the corruption that may occur during the transmission of a packet Redundant information added to the packet Calculated at the sender and the value obtained is sent with the packet The receiver repeats the same calculation on the whole packet including the checksum If the result is satisfactory, the packet is accepted; otherwise, it is rejected
Kyung Hee University 38 Checksum Concept
Receiver Section 1 n bits Section 2 n bits ...... Checksum n bits ...... n bits Section k n bits Checksum Packet Sum n bits Complement If the result is 0, keep; n bits otherwise, discard. Result
Kyung Hee University 39 Checksum in One’s Complement Arithmetic
Sum : T _ Checksum : _T T T Sender Datagram
Kyung Hee University 40 Example 7.17
Figure shows an example of a checksum calculation at the sender site for an IP header without option. The header is divided into 16-bit sections. All the sections are added and the sum is complemented. The result is inserted in the checksum field.
Example of checksum calculation at the sender
5 0 1 0 17 10.12.14.5 12.6.7.9
Kyung Hee University 41 Example 7.18
Figure shows the checking of checksum calculation at the receiver site ( or intermediate router ) assuming that no errors occurred in the header. The header is divided into 16-bit sections. All the sections are added and the sum is complement. Since the result is 16 0s, the packet is accepted.
Kyung Hee University 42 7.6 IP over ATM
In this section, we want to see how an IP datagram is moving through a switched WAN such as an ATM
The IP packet is encapsulated in cells An ATM network has its own definition for the physical address of a device Binding between an IP address and a physical address is attained through a protocol called ATMARP
Kyung Hee University 43 An ATM WAN in the Internet
Kyung Hee University 44 AAL Layer
The AAL layer used by the IP protocol is AAL5
The only AAL used by the Internet is AAL5
It is sometimes called the simple and efficient adaptation layer (SEAL). AAL5 accepts an IP packet of no more than 65,536 bytes and adds 8-byte trailer
AAL5 passes the message in 48-byte segments to the ATM layer
Kyung Hee University 45 Cell Routing
The cells start from the entering-point router and end at the exiting-point router
ATM cell
IP Packet
I II III
Entering-point router ATM Network Exiting-point router P a c k e t I P
Kyung Hee University 46 Address Binding in IP over ATM
An ATM network needs virtual circuit identifiers to route the cell
IP datagram contains only source and destination IP address Virtual circuit identifiers must be determined from the destination IP address.
Kyung Hee University 47 7.7 Security
Since the IPv4 protocol was started when the Internet user trusted each other, no security was provided for the IPv4 protocol
Today, however, the situation is different
The Internet is not secure any more In this section, we give a brief idea about the security issues in IP protocol and the solution
Kyung Hee University 48 Security Issues
Packet sniffing
Passive attack The attacker does not change the contents of the packet Encryption of the packet – attacker cannot see the contents of packet Packet modification
Active attack The attacker intercepts the packet, change the contents of the packet Data integrity – receiver can make sure that packet has not been changed during the transmission IP spoofing
An attacker can masquerade as somebody else and create an IP packet that carries the source address of another computer Origin authentication mechanism can prevent this type of attack
Kyung Hee University 49 IPSec (IP Security)
. Create a connection-oriented service between two entities in which they can exchange IP packet without worrying about the three attacks discussed before
Defining Algorithms and Key The two entities that want to create a secure channel between themselves can agree on some available algorithms and keys to be used for security purpose Packet Encryption Make the packet sniffing attack useless Data Integrity Guarantee that the packet is not modified during the transmission Origin Authentication Prevent IP spoofing attack Kyung Hee University 50 7.8 IP Package
IP package involves eight component
Header-adding module Processing module Forwarding module Fragmentation module Reassembly module Routing module MTU table Reassembly table
Kyung Hee University 51 IP Component
Kyung Hee University 52 IP Header-Adding Module
Kyung Hee University 53 Processing Module
Kyung Hee University 54 IP Package
Queue Input queue – store the datagram coming from the data link layer or the upper-layer protocols Output queue – store the datagram going to the data link layer or the upper-layer protocols Routing table Used by the forwarding module to determine the next-hop address of the packet Forwarding module Receive an IP packet from the processing module Find the IP address of the next station along with the interface number to which the packet should be sent MTU table Used by the fragmentation module to find the maximum transfer unit of a particular interface Kyung Hee University 55 Fragmentation Module
Kyung Hee University 56 Fragmentation Module
Kyung Hee University 57 Reassembly Table
Used by reassembly module
State field : FREE or IN-USE IP address field : define the source IP address of the datagram Datagram ID : number that uniquely defines a datagram Timeout : predetermined amount of time in which all fragments must arrive Fragment field : a pointer to a linked list of fragment
Kyung Hee University 58 Reassembly Module
Kyung Hee University 59 Summary
IP is an unreliable connectionless protocol responsible for source-to-destination delivery. Packets in the IP layer are called datagrams
The MTU is the maximum number of bytes that a data link protocol can encapsulate. MTUs vary from protocol to protocol. Fragmentation is the division of a datagram into smaller units to accommodate the MTU of a data link protocol
The IP datagram header consists of a fixed, 20-byte section and a variable options section with a maximum 40 bytes. The options section of the IP header is used for network testing and debugging. The six IP options each have a specific function Kyung Hee University 60 Summary
The error detection method used by IP is the checksum. The checksum, however, convers only the header, but not the data. The checksum uses one’s complement arithmetic to add equal-size sections of the IP header. The complement result is stored in the checksum field. The receiver also used one’s complement arithmetic to check the header.
IP over ATM uses AAL5 layer in an ATM network. An ATM network creates a route between an entering-point router and exiting-point router. The next-hop address of an IP packet can be mapped to a physical address of an exiting-point router using ATMARP
An IP package can consist of the following : a header-adding module, a processing module, a forwarding module, a fragmentation module, a reassembly module, a routing table, an MTU table, and a reassembly table.
Kyung Hee University 61