IP Fragmentation & Reassembly Network links have MTU (maximum transmission unit) – the largest possible link-level frame Computer Networks • different link types, different MTUs • not including frame header/trailer fragmentation: • in: one large datagram but including any and all headers out: 3 smaller datagrams above the link layer Large IP datagrams are split up reassembly Lecture 7: IP Fragmentation, (“fragmented”) in the network IPv6, NAT • each with its own IP header • fragments are “reassembled” only at final destination (why?) • IP header bits used to identify and order related fragments IPv4 Packet Header Format IP Fragmentation and Reassembly 4 bits 4 bits 8 bits 16 bits Example: 4000-byte datagram unique per datagram hdr len Type of Service MTU = 1500 bytes usually IPv4 version per source (bytes) (TOS) Total length (bytes) 3-bit One large datagram length ID IP fragmentation use Identification 13-bit Fragment Offset fragflag offset flags becomes several =4000 =x =0 =0 upper layer protocol 20-byte to deliver payload to, Time to Protocol Header Checksum Header smaller datagrams e.g., ICMP (1), UDP (17), Live (TTL) 1480 bytes in offset = TCP (6) • all but the last fragments data field 1480/8 Source IP Address must be in multiple of 8 length ID fragflag offset Destination IP Address bytes =1500 =x =MF =0 e.g. timestamp, • offsets are specified in record route, Options (if any) length ID fragflag offset source route unit of 8-byte chunks =1500 =x =MF =185 • IP header = 20 bytes (1 Payload (e.g., TCP/UDP packet, max size?) length ID fragflag offset header becomes 3 in this =1040 =x =0 =370 example) Fragmentation Considered Harmful Fragmentation Considered Harmful Reason 1: lose 1 fragment, lose whole packet: Reason 2: inefficient transmission • kernel has limited buffer space Example: • but IP doesn’t know number of fragments per packet • 10 KB of data • sent as 1024 byte TCP segments For example: • uses 10 IP packets, each 1064 bytes • sender sends two packets, L and S • L is fragmented into 8 fragments (TCP/IP headers, each 20 bytes) • S is fragmented into 2 fragments • suppose MTU is 1006 bytes • receiver has 8 buffer slots • each TCP segment is fragmented into 2 IP packets, of 1,004 bytes and 80 bytes respectively • suppose fragments arrive in the following order: • ends up sending 20 packets L1, L2, L3, L4, L5, L6, L7, S1, L8, S2 • If TCP had sent 960-byte segments, only need to • receiver’s buffer fills up after S1, both packets thrown send 11 packets away when reassembly timer times out Fragmentation Considered Harmful IPv6 Analysis: Initial motivation: • IP doesn’t have control over number of fragments 32-bit address space • TCP can do buffer management better because 40-byte it has more information exhaustion, increases Header address size Alternatives to fragmentation: • send only small datagrams (why not?) Additional motivation: • do path MTU discovery and let TCP send • efficient header format helps speed processing/forwarding the appropriate segment sizes • header length: removed, use fixed-length 40-byte header • set DF flag (0.07% overhead even for 576-byte packets) • router returns ICMP error message (type 3, code 4) • header checksum: removed to reduce processing time at each hop if fragmentation becomes necessary • options: allowed, but outside of header, indicated by “next header” • IPv6 enforces minimum MTU of 1280 bytes (576 bytes field for IPv4), fragmentation requires fragmentation header IPv4 Packet Header Format IPv6 4 bits 4 bits 8 bits 16 bits Additional motivation: hdr len Type of Service usually IPv4 version Total length (bytes) • header changes to facilitate Quality of Service (QoS) (bytes) ✗ (TOS) • priority: set priority amongst datagrams in flow (ToS bit) 3-bit Identification ✗ flags ✗ 13-bit Fragment Offset ✗ • flow label: identify datagrams in the same “flow” (concept of “flow” upper layer protocol not well defined, originally these were “reserved” bits) 20-byte to deliver payload to, Time to Protocol Header Checksum Header e.g., ICMP (1), UDP (17), Live (TTL) ✗ TCP (6) Next header identifies “upper layer” protocol or Source IP Address IPv6 options: Destination IP Address • hop-by-hop option, destination option, routing, fragmentation, e.g. timestamp, record route, authentication, encryption Options (if any) ✗ 40-byte source route Header Payload (e.g., TCP/UDP packet, max size?) IPv6 Address IPv6 Address Format What does an IPv6 address look like? FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 • 128 bits written as 8 16-bit integers separated by ’:’ Subnet prefix (64 bits) Interface identifier (64 bits) • each 16-bit integer is represented by 4 hex digits Interface identifier: MAC address (globally unique!) Example: • MAC addresses are 48 bits: add FFFE between the 2 halves FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 • loopback: ::1/128 (only 1 address, not a whole class A block (127/8) as in IPv4) Abbreviations: Subnet prefix: automatically obtained from router actual - 1080:0000:0000:0000:0008:0800:200C:417A • /32 assigned to Internet Registries (ARIN/RIPE/APNIC), skip leading 0’s - 1080:0:0:0:8:800:200C:417A which then dish out smaller address blocks double ’::’ - 1080::8:800:200C:417A but not ::BA98:7654:: IPv6 Special Subnet Prefixes Tunneling Not all routers can be upgraded simultaneous Link-local prefix: FE80::/10 (flush left), not • no “flag days” forwarded by router • how will the network operate with mixed IPv4 and IPv6 routers? A B tunnel E F Unique Local Addresses (ULA): FC00::/7 routed Logical view: IPv6 IPv6 IPv6 IPv6 within a set of cooperating subnets (e.g., networks A B C D E F of the same organization) Physical view: IPv6 IPv6 IPv4 IPv4 IPv6 IPv6 Multicast addresses: FF00::/8 Flow: X Src:B Src:B Flow: X Src: A Dest: E Dest: E Src: A Dest: F B-to-E: Dest: F Flow: X IPv6 inside Flow: X IPv4 addresses: ::/96, e.g., IPv4’s 10.0.0.1 can data Src: A IPv4 Src: A data Dest: F Dest: F A-to-B: E-to-F: be written as 0:0:0:0:0:0:A00:1 or IPv6 data data IPv6 ::10.0.0.1 Tunneling: IPv6 packets carried as payload in IPv4 datagrams among IPv4 routers NAT: Network Address Translation NAT: Example Motivation: a stop-gap measure to handle the IPv4 NAT translation table address exhaustion problem global addr local addr 1: host 10.0.0.1 sends 2: NAT box changes datagram to • share a limited number (≥ 1) of global, static addresses datagram source 138.76.29.7:5001 10.0.0.1:3345 128.119.40.186:80 among a number of local hosts address from …… …… • local to global address binding done per connection, on-demand 10.0.0.1:3345 to 138.76.29.7:5001 , S: 10.0.0.1:3345 updates table D: 128.119.40.186:80 rest of local network 10.0.0.1 Internet (e.g., home network) 1 10.0.0.1 10.0.0/24 S: 138.76.29.7:5001 2 D: 128.119.40.186:80 10.0.0.4 10.0.0.2 10.0.0.4 10.0.0.2 138.76.29.7 S: 128.119.40.186:80 138.76.29.7 S: 128.119.40.186:80 D: 10.0.0.1:3345 4 D: 138.76.29.7:5001 3 10.0.0.3 4: NAT box changes 10.0.0.3 3: Reply arrives datagram destination All datagrams leaving local destination address: Datagrams with source address from network have the same source NAT 138.76.29.7:5001 and destination in this network 138.76.29.7:5001 to IP address: 138.76.29.7, have 10.0.0/24 addresses for 10.0.0.1:3345 different (new) source port numbers source and destination (as usual) Why new port#? A NAT Box’s Functions Why not simply use the original IP Address Space for Private Internets 1. Replaces <sourceIP, port#> of every source port#? outgoing datagram to <NATIP, newport#> Three blocks of the IP address space have been • update header checksum reserved for private internets [RFC 1981]: • remote hosts use <NATIP, newport#> as destination address 10.0.0.0 - 10.255.255.255 (10/8 prefix) 2. In NAT translation table, record every mapping of <sourceIP, port#> to <NATIP, newport#> 172.16.0.0 - 172.31.255.255 (172.16/12) 192.168.0.0 - 192.168.255.255 (192.168/16) 3. Replaces <NATIP, newport#> in destination field of every incoming datagram with corresponding <sourceIP, port#> stored in the NAT table Why must private Internets use reserved address • update header checksum spaces? 4. Forwards modified datagrams into the local network Types of NAT NAT Type Connectivity NAT table maps iAddr+iPort of a local host to its IP- port- UDP- eAddr+ePort open full-cone symmetric restricted restricted disabled 1. Full-cone NAT: open ✔ ✔ ✔ ✔ ✔ ✔ • any remote host can send packets intended for iAddr+iPort ✔ ✔ ✔ ✔ ✗ to eAddr+ePort full-cone IP- 2. IP-restricted NAT: ✔ ✔ ✔ ✗ restricted • a remote host (rAddr) can send packets to eAddr+ePort only if port- iAddr+iPort has contacted rAddr (at any remote port, rPort) ✔ ✗ ✗ restricted 3. Port-restricted NAT: symmetric ✗ ✗ • a remote host can send packets to eAddr+ePort only using an rPort UDP- that iAddr+iPort has contacted at rAddr ✗ disabled Symmetric NAT: eAddr+ePort can only be used by a table is symmetric along the diagonal pre-specified connection, iAddr+iPort+rAddr+rPort [Shami ’09] NAT Type Distribution NAT Traversal STUN (Session Traversal Utilities for NAT): • an open server that returns to NATted host the eAddr+ePort used by its NAT box • also returns the type of the NAT box UPnP (Universal Plug and Play): • allows internal hosts to add static entries into a UPnP-speaking NAT box’s mapping table • used to traverse full-cone NAT • NAT box returns eAddr+ePort that internal host open full-cone IP-restricted port-restricted symmetric UDP-disabled can advertise publicly, e.g., when registering with BitTorrent Tracker [Shami ’09] NAT Traversal NAT: Pros TURN (Traversal Using Relays around NAT): • an open server that serves as a relay for a host behind
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages7 Page
-
File Size-