Chapter 14 in Stallings 10th Edition
CS420/520 Axel Krings Page 1 Sequence 16
Table 14.1
Internetworki ng Terms (Table is on page 429 in the textbook) CS420/520 Axel Krings Page 2 Sequence 16
1 Host A Host B
App X App Y App Y App X Port
1 2 3 2 4 6 Logical connection (TCP connection) TCP TCP
Global internet IP address IP
Network Access Network Access Protocol #1 Protocol #2 Logical connection Physical Subnetwork attachment (e.g., virtual circuit) Physical point address Router J IP
NAP 1 NAP 2 Network 1 Network 2 Physical Physical
Figure 14.1 TCP/IP Concepts CS420/520 Axel Krings Page 3 Sequence 16
Why we do not want Connection Oriented Transfer
CS420/520 Axel Krings Page 4 Sequence 16
2 Connectionless Operation • Internetworking involves connectionless operation at the level of the Internet Protocol (IP)
IP ••Initially developed for the DARPA internet project ••Protocol is needed to access a particular network
CS420/520 Axel Krings Page 5 Sequence 16
Connectionless Internetworking • Advantages —Flexibility —Robust —No unnecessary overhead • Unreliable —Not guaranteed delivery —Not guaranteed order of delivery • Packets can take different routes —Reliability is responsibility of next layer up (e.g. TCP)
CS420/520 Axel Krings Page 6 Sequence 16
3 LAN 1 LAN 2
Frame relay WAN Router Router End system (X) (Y) End system (A) (B)
TCP TCP
IP IP IP IP t1 t6 t7 t10 t11 t16 LLC LLC LLC LLC t2 t5 LAPF LAPF t12 t15 MAC MAC MAC MAC t3 t4 t8 t9 t13 t14 Physical Physical Physical Physical Physical Physical
t1, t6, t7, t10, t11, t16 IP-H TCP-H Data
t2, t5 LLC1-H IP-H TCP-H Data
t3, t4 MAC1-H LLC1-H IP-H TCP-H Data MAC1-T
t8, t9 FR-H IP-H TCP-H Data FR-T
t12, t15 LLC2-H IP-H TCP-H Data
t13, t14 MAC2-H LLC2-H IP-H TCP-H Data MAC2-T
TCP-H = TCP header MACi-T = MAC trailer IP-H = IP header FR-H = Frame relay header LLCi-H = LLC header FR-T = Frame relay trailer MACi-H = MAC header
Figure 14.2 Example of Internet Protocol Operation CS420/520 Axel Krings Page 7 Sequence 16
Connectionless Internetworking • Connectionless internet facility is flexible • IP provides a connectionless service between end systems —Advantages: • Is flexible • Can be made robust • Does not impose unnecessary overhead
CS420/520 Axel Krings Page 8 Sequence 16
4 IP Design Issues • Routing • Datagram lifetime • Fragmentation and reassembly • Error control • Flow control
CS420/520 Axel Krings Page 9 Sequence 16
S2 S1
T1 P1 P3
T2 T3 The Internet P2
as a Network (a) Packet-switching network architecture
N1 P P S2 R1 P R3 S1
P P P N2 P P P R2 N3
(b) Internetwork architecture CS420/520 Axel Krings Page 10 Sequence 16 Figure 14.3 The Internet as a Network
5 Routing
Source routing ••Routing table indicates ••Each router appends next router to which its internet address to a datagram is sent ••Source specifies route list of addresses in the ••Can be static or to be followed datagram dynamic ••Can be useful for ••Useful for testing and security and priority debugging purposes ES / routers maintain routing tables Route recording
CS420/520 Axel Krings Page 11 Sequence 16
Datagram Lifetime • If dynamic or alternate routing is used the potential exists for a datagram to loop indefinitely —Consumes resources —Transport protocol may need upper bound on lifetime of a datagram • Can mark datagram with lifetime • When lifetime expires, datagram is discarded
CS420/520 Axel Krings Page 12 Sequence 16
6 Fragmentation and Re-assembly • Protocol exchanges data between two entities • Lower-level protocols may need to break data up into smaller blocks, called fragmentation • Reasons for fragmentation: — Network only accepts blocks of a certain size — More efficient error control and smaller retransmission units — Fairer access to shared facilities — Smaller buffers • Disadvantages: — Smaller buffers — More interrupts and processing time
CS420/520 Axel Krings Page 13 Sequence 16
Fragmentation and Reassembly
Packets get smaller as data At destination traverses internet
Internet Fragmentation Issue of when to Need large reassemble buffers at routers
Intermediate Buffers may fill reassembly with fragments
Intranet Fragmentation All fragments must go through same router
CS420/520 Axel Krings Page 14 Sequence 16
7 IP Fragmentation • IP reassembles at destination only • Uses fields in header
Data Unit Identifier (ID)
Identifies end system originated datagram
Data length
Length of user data in octets
Offset
Position of fragment of user data in original datagram In multiples of 64 bits (8 octets)
More flag
Indicates that this is not the last fragment CS420/520 Axel Krings Page 15 Sequence 16
Original IP datagram Data length = 404 octets Segment offset = 0; More = 0 IP TCP Header Header TCP payload (384 octets) (20 (20 octets) octets)
IP TCP Header Header Partial TCP payload (188 octets) (20 (20 octets) octets) First fragment Data length = 208 octets Segment offset = 0; More = 1
IP Header Partial TCP payload (196 octets) (20 octets) Second fragment Data length = 196 octets Segment offset = 26 64-bit units (208 octets); More = 0
Figure 14.4 Fragmentation Example
CS420/520 Axel Krings Page 16 Sequence 16
8 Error and Flow Control Error control Flow control —Discarded datagram —Allows routers to limit identification is the rate they receive needed data —Reasons for discarded —Send flow control datagrams include: packets requesting • Lifetime expiration reduced data flow • Congestion • FCS error
CS420/520 Axel Krings Page 17 Sequence 16
Internet Protocol (IP) v4
• Defined in RFC 791 • Part of TCP/IP suite • Two parts
Specification of Specification of actual protocol interface with a format and higher layer mechanisms
CS420/520 Axel Krings Page 18 Sequence 16
9 IP Services • Primitives • Parameters —Specifies functions to —Used to pass data and be performed control information —Form of primitive implementation dependent —Send-request transmission of data unit —Deliver-notify user of arrival of data unit
CS420/520 Axel Krings Page 19 Sequence 16
IP Parameters • Source and destination addresses • Protocol • Type of Service • Identification • Don’t fragment indicator • Time to live • Data length • Option data • User data
CS420/520 Axel Krings Page 20 Sequence 16
10 IP Options
Route Security recording
Source routing
Stream identification Timestamping
CS420/520 Axel Krings Page 21 Sequence 16
ECN
Version IHL DS Total Length
Identification Flags Fragment Offset
Time to Live Protocol Header Checksum
Source Address
Destination Address
Options + Padding
(a) IPv4 header ECN
Version DS Flow Label
Payload Length Next Header Hop Limit
Source Address
Destination Address
(b) IPv6 header
Field name kept from IPv4 to IPv6 Name and position changed in IPv6 Field not kept in IPv6 New field in IPv6
Figure 14.5 IPv4 and IPv6 Headers CS420/520 Axel Krings Page 22 Sequence 16
11 0 Network (7 bits) Host (24 bits) Class A
1 0 Network (14 bits) Host (16 bits) Class B
1 1 0 Network (21 bits) Host (8 bits) Class C
1 1 1 0 Multicast Class D
1 1 1 1 0 Future Use Class E
Figure 14.6 IPv4 Address Formats
CS420/520 Axel Krings Page 23 Sequence 16
IP IP IP Addresses Addresses Addresses Class A Class B Class C
Start with binary 110 Start with binary 0 Start with binary 10
Network addresses with a Range 192 to 223 first octet of 0 (binary Range 128 to 191(binary 0000000) and 127 (binary 10000000 to 10111111) 01111111) are reserved Second and third octet also part of network address 126 potential Class A Second octet also included network numbers in network address 221 = 2,097,152 addresses
214 = 16,384 Class B Nearly all allocated Range 1 to 126 addresses ••See IPv6
CS420/520 Axel Krings Page 24 Sequence 16
12 Subnets and Subnet Masks • Allows arbitrary complexity of internetworked LANs within organization • Insulate overall internet from growth of network numbers and routing complexity • Site looks to rest of internet like single network • Each LAN assigned subnet number • Host portion of address partitioned into subnet number and host number • Local routers route within subnetted network • Subnet mask indicates which bits are subnet number and which are host number
CS420/520 Axel Krings Page 25 Sequence 16
Table 14.2 IPv4 Addresses and Subnet Masks
Binary Representation Dotted Decimal IP address 11000000.11100100.00010001.00111001 192.228.17.57 Subnet mask 11111111.11111111.11111111.11100000 255.255.255.224 Bitwise AND of address 11000000.11100100.00010001.00100000 192.228.17.32 and mask (resultant network/subnet number) Subnet number 11000000.11100100.00010001.001 1 Host number 00000000.00000000.00000000.00011001 25 (a) Dotted decimal and binary representations of IPv4 address and subnet masks
Binary Representation Dotted Decimal Class A default mask 11111111.00000000.00000000.00000000 255.0.0.0 Example Class A mask 11111111.11000000.00000000.00000000 255.192.0.0 Class B default mask 11111111.11111111.00000000.00000000 255.255.0.0 Example Class B mask 11111111.11111111.11111000.00000000 255.255.248.0 Class C default mask 11111111.11111111.11111111.00000000 255. 255. 255.0 Example Class C mask 11111111.11111111.11111111.11111100 255. 255. 255.252 (b) Default subnet masks CS420/520 Axel Krings Page 26 Sequence 16
13 Inter-domain Routing • Classless Inter-Domain Routing - CIDR —Introduced in 1993 by the Internet Engineering Task Force —Goal was to slow the growth of routing tables on routers across the Internet, and to help slow the rapid exhaustion of IPv4 addresses —CIDR appends a “/” character to the address and the decimal number of leading bits of the routing prefix —Example: • 192.168.1.0/24 for IPv4 • 2001:db8::/32 for IPv6
CS420/520 Axel Krings Page 27 Sequence 16
LAN X Net ID/Subnet ID: 192.228.17.32 Subnet number: 1
B A IP Address: 192.228.17.57 IP Address: 192.228.17.33 Host number: 25 Host number: 1 Rest of R1 Internet Net ID/Subnet ID: 192.228.17.64 Subnet number: 2 LAN Y C
IP Address: 192.228.17.65 Host number: 1 R2
LAN Z Net ID/Subnet ID: 192.228.17.96 Subnet number: 3
D
IP Address: 192.228.17.97 Host number: 1
Figure 14.7 Example of Subnetworking CS420/520 Axel Krings Page 28 Sequence 16
14 Internet Control Message Protocol (ICMP)
• RFC 792 • Provides a means for transferring messages from routers and other hosts to a host • Provides feedback about problems • Datagram cannot reach its destination • Router does not have buffer capacity to forward • Router can send traffic on a shorter route • Encapsulated in IP datagram —Hence not reliable
CS420/520 Axel Krings Page 29 Sequence 16
0 8 16 31 0 8 16 31 Type Code Checksum Type Code Checksum Unused Identifier Sequence Number IP Header + 64 bits of original datagram Originate Timestamp
(a) Destination Unreachable; Time Exceeded; Source Quench (e) Timestamp
0 8 16 31 0 8 16 31 Type Code Checksum Type Code Checksum Pointer Unused Identifier Sequence Number IP Header + 64 bits of original datagram Originate Timestamp Receive Timestamp (b) Parameter Problem Transmit Timestamp
(f) Timestamp Reply 0 8 16 31 Type Code Checksum Gateway Internet Address 0 8 16 31 IP Header + 64 bits of original datagram Type Code Checksum Identifier Sequence Number (c) Redirect (g) Address Mask Request
0 8 16 31 Type Code Checksum 0 8 16 31 Identifier Sequence Number Type Code Checksum Optional data Identifier Sequence Number Address Mask (d) Echo, Echo Reply (h) Address Mask Reply
Figure 14.8 ICMP Message Formats
CS420/520 Axel Krings Page 30 Sequence 16
15 Common ICMP Messages
• Destination unreachable • Time exceeded • Parameter problem • Source quench • Redirect • Echo and echo reply • Timestamp and timestamp reply • Address mask request and reply
CS420/520 Axel Krings Page 31 Sequence 16
Address Resolution Protocol (ARP)
Need MAC address to send to LAN host
Manual Included in network address Use central directory Use address resolution protocol
ARP (RFC 826) provides dynamic IP to Ethernet address mapping
Source broadcasts ARP request Destination replies with ARP response
CS420/520 Axel Krings Page 32 Sequence 16
16 IP Next Generation
Address space exhaustion: Requirements for new ••Two level addressing types of service (network and host) wastes ••Address configuration space routing flexibility ••Network addresses used even if not connected ••Traffic support ••Growth of networks and the Internet ••Extended use of TCP/IP ••Single address per host
CS420/520 Axel Krings Page 33 Sequence 16
IPv6 RFCs
• RFC 1752 - Recommendations for the IP Next Generation Protocol —Requirements —PDU formats —Addressing, routing security issues • RFC 2460 - overall specification • RFC 4291 - addressing structure
CS420/520 Axel Krings Page 34 Sequence 16
17 IPv6 Enhancements
• Expanded 128 bit address space • Improved option mechanism —Most not examined by intermediate routes • Dynamic address assignment • Increased addressing flexibility —Anycast and multicast • Support for resource allocation —Labeled packet flows
CS420/520 Axel Krings Page 35 Sequence 16
Octets: Mandatory Next Header 40 IPv6 header IPv6 header
Next Header
Hop-by-hop Variable options header
Next Header
Optional Variable extension Routing header headers
Next Header Fragment header 8 Next Header Destination Variable options header
20 (optional TCP header variable part)
IPv6 packet body Application data Variable
Figure 14.9 IPv6 Packet with Extension Headers (containing a TCP Segment) CS420/520 Axel Krings Page 36 Sequence 16
18 ECN
Version IHL DS Total Length
Identification Flags Fragment Offset
Time to Live Protocol Header Checksum
Source Address
Destination Address
Options + Padding
(a) IPv4 header ECN
Version DS Flow Label
Payload Length Next Header Hop Limit
Source Address
Destination Address
(b) IPv6 header
Field name kept from IPv4 to IPv6 Name and position changed in IPv6 Field not kept in IPv6 New field in IPv6
CS420/520 Axel Krings FigurePage 14.537 IPv4 and IPv6 Headers Sequence 16
IPv6 Flow Label • Related sequence of packets • Special handling • Identified by source and destination address plus flow label • Router treats flow as sharing attributes • May treat flows differently • Alternative to including all information in every header • Have requirements on flow label processing
CS420/520 Axel Krings Page 38 Sequence 16
19 IPv6 Addresses • 128 bits long • Assigned to interface • Single interface may have multiple unicast addresses
Three types of addresses:
••Unicast - single interface address ••Anycast - one of a set of interface addresses ••Multicast - all of a set of interfaces
CS420/520 Axel Krings Page 39 Sequence 16
Table 14.3 IPv6 Address Space Usage
Address Type Binary Prefix IPv6 Notation Fraction of address space Embedded IPv4 00…1111 1111 1111 ::FFFF/96 2–96 address 1111 (96 bits) Loopback 00…1 ::1/128 2–128 (128 bits) Link-local unicast 1111 1110 10 FE80::/10 1/1024 Multicast 1111 1111 FF00::/8 2/256 Global unicast Everything else
CS420/520 Axel Krings Page 40 Sequence 16
20 Hop-by-Hop Options • Must be examined by every router —If unknown discard/forward handling is specified • Next header • Header extension length • Options —Pad1 —PadN —Jumbo payload —Router alert
CS420/520 Axel Krings Page 41 Sequence 16
0 8 16 31 0 8 16 31 Next Header Hdr Ext Len Next Header Hdr Ext Len Routing type Segments left
One or more options type-specific data
(a) Hop-by-hop options header; (c) Generic routing header destination options header
0 8 16 29 31 Next Header Reserved Fragment Offset Res M Identification
(b) Fragmentation header
Figure 14.10 IPv6 Extension Headers
CS420/520 Axel Krings Page 42 Sequence 16
21 Fragmentation Header • Fragmentation only allowed at source • No fragmentation at intermediate routers • Node must perform path discovery to find smallest MTU of intermediate networks • Set source fragments to match MTU • Otherwise limit to 1280 octets
CS420/520 Axel Krings Page 43 Sequence 16
Routing Header
• Contains a list of one or more intermediate nodes to be visited on the way to a packet’s destination ••Next header ••Header extension Header length includes ••Routing type ••Segments left
CS420/520 Axel Krings Page 44 Sequence 16
22 Destination Options Header
Carries optional Format same as information for hop-by-hop destination node header
CS420/520 Axel Krings Page 45 Sequence 16
Virtual Private Network (VPN) • Set of computers interconnected using an unsecure network • e.g. linking corporate LANs over Internet • Using encryption and special protocols to provide security • Eavesdropping • Entry point for unauthorized users • Proprietary solutions are problematical • Development of IPSec standard
CS420/520 Axel Krings Page 46 Sequence 16
23 Applications needing security IPsec include: • RFC 1636 (1994) identified security need Branch office connectivity • Encryption and authentication necessary security features in IPv6 Remote access over Internet • Designed also for use with
current IPv4 Extranet and intranet connectivity for partners
Electronic commerce security CS420/520 Axel Krings Page 47 Sequence 16
User system with IPSec IP IPSec Secure IP Header Header Payload Public (Internet) or Private Network
Secure IP HeaderIP Payload
IPSec Header IPSec Header IP Secure IP Header Payload
Ethernet switch IP IP IP Header Payload Payload
IP Networking device Header with IPSec
Figure 14.11 An IP Security Scenario CS420/520 Axel Krings Page 48 Sequence 16
24 Benefits of IPsec • Provides strong security for external traffic • Resistant to bypass • Below transport layer hence transparent to applications • Can be transparent to end users • Can provide security for individual users if needed
CS420/520 Axel Krings Page 49 Sequence 16
IPsec Functions
CS420/520 Axel Krings Page 50 Sequence 16
25 Summary
• Principles of • IPv6 internetworking — Structure — Requirements — Header — Connectionless operation — Addresses • Internet protocol operation — IP next generation — Operation of a — Hop-by-hop options header connectionless — Fragment header internetworking scheme — Routing header — Design issues — Destination options header • Internet protocol • VPNs and IP security — IP services — IPsec — Internet protocol — Applications of IPsec — IP addresses — Benefits of IPsec — ICMP — IPsec functions — ARP CS420/520 Axel Krings Page 51 Sequence 16
26