Outline • The IP protocol 15-441 15-441 Computer Networking • IPv4 15-641 • IPv6 Lecture 6 – The Internet Protocol • IP in practice Peter Steenkiste • Network address translation • Address resolution protocol • Tunnels Fall 2016 www.cs.cmu.edu/~prs/15-441-F16 2 IP Service Model IPv4 Header Fields • Low-level communication model provided by Internet 3 • Version: IP Version 0481216192428 ver- 1 HLe sio TOS Length • Datagram n n Fl Identifier ag Offset • 4 for IPv4 s • Each packet self-contained TTL Protocol Checksum • All information needed to get to destination Source Address • HLen: Header Length Destination Address • No advance setup or connection maintenance Options (if any) • 32-bit words (typically 5) Data • Analogous to letter or telegram • TOS: Type of Service 0 4 8 121619242831 • Priority information version HLen TOS Length • Length: Packet Length IPv4 Identifier Flag Offset • Bytes (including header) Packet TTL Protocol Checksum Header Format • Header format can change with versions Source Address • First byte identifies version Destination Address • Length field limits packets to 65,535 bytes Options (if any) • In practice, break into much smaller packets for network performance considerations Data 3 4 1 IPv4 Header Fields IP Delivery Model • Identifier, flags, fragment offset used for fragmentation • Best effort service • Time to live • Must be decremented at each router • Network will do its best to get packet to destination • Packets with TTL=0 are thrown away • Does NOT guarantee: • Ensure packets exit the network 3 0 4 8 1216192428 • Any maximum latency or even ultimate success ver- 1 HLe • Protocol sio TOS Length n n Fl Identifier ag Offset • Informing the sender if packet does not make it • Demultiplexing to higher layer protocols s TTL Protocol Checksum • TCP = 6, ICMP = 1, UDP = 17… Source Address • Delivery of packets in same order as they were sent • Header checksum Destination Address Options (if any) • Just one copy of packet will arrive • Ensures some degree of header integrity Data • Relatively weak – 16 bit • Implications • Source and destination IP addresses • Scales very well (really, it does) • Options • Higher level protocols must make up for shortcomings • E.g. Source routing, record route, etc. • Performance issues • Reliably delivering ordered sequence of bytes TCP • Poorly supported • Some services not feasible (or hard) • Latency or bandwidth guarantees 5 6 IP Fragmentation Fragmentation Related Fields MTU = • Length 2000 host router • Length of IP fragment router MTU = 1500 host • Identification MTU = 4000 • To match up with other fragments • Every network has own Maximum Transmission Unit (MTU) • Flags • Largest IP datagram it can carry within its own packet frame • Don’t fragment flag • E.g., Ethernet is 1500 bytes • More fragments flag • Don’t know MTUs of all intermediate networks in advance • Fragment offset • IP Solution • When hit network with small MTU, router fragments packet • Where this fragment lies in entire IP datagram • Destination host reassembles the paper – why? • Measured in 8 octet units (13 bit field) 7 8 2 IP Fragmentation Example #1 IP Fragmentation Example #2 MTU = 2000 router host router router MTU = 4000 Length = 2000, M=1, Offset = 0 Length = 3820, M=0 IP IP IP IP Header Data Length = 3820, M=0 Header Data IP IP 1980 bytes Header Data 3800 bytes Length = 1840, M=0, Offset = 1980 IP IP Header Data 1820 bytes 9 10 Internet Control Message Protocol Fragmentation is Harmful (ICMP) • Uses resources poorly • Short messages used to send error & other control • Forwarding costs per packet information • Best if we can send large chunks of data • Some functions supported by ICMP: • Worst case: packet just bigger than MTU • Ping request /response: check whether remote host reachable • Poor end-to-end performance • Destination unreachable: Indicates how packet got & why couldn’t • Loss of a fragment go further • Flow control: Slow down packet transmit rate • Path MTU discovery protocol determines minimum • Redirect: Suggest alternate routing path for future messages MTU along route • Router solicitation / advertisement: Helps newly connected host • Uses ICMP error messages discover local router • Common theme in system design • Timeout: Packet exceeded maximum hop limit • Assure correctness by implementing complete protocol • How useful are they functions today? • Optimize common cases to avoid full complexity 11 12 3 IP MTU Discovery with ICMP IP MTU Discovery with ICMP MTU = 2000 host router router MTU = 1500 ICMP host Frag. Needed MTU = 2000 MTU = MTU = 4000 2000 host router router MTU = 1500 • Typically send series of packets from one host to another host • Typically, all will follow same route MTU = 4000 • Routes remain stable for minutes at a time • Makes sense to determine path MTU before sending real packets Length = 4000, Don’t Fragment • Operation: Send max-sized packet with “do not fragment” flag set IP Packet • If encounters problem, ICMP message will be returned • “Destination unreachable: Fragmentation needed” • Usually indicates MTU problem encountered • ICMP abuse? Other solutions? 13 14 IP MTU Discovery with ICMP IP MTU Discovery with ICMP MTU = 2000 host ICMP router Frag. Needed router MTU = 1500 MTU = 1500 MTU = host 2000 host MTU = 4000 router router MTU = 1500 host Length = 1500, Don’t Fragment MTU = 4000 IP Packet Length = 2000, Don’t Fragment IP Packet • When successful, no reply at IP level • “No news is good news” • Higher level protocol might have some form of acknowledgement 15 16 4 Important Concepts Outline • Base-level protocol (IP) provides minimal service level • The IP protocol • Allows highly decentralized implementation • Each step involves determining next hop • IPv4 • Most of the work at the endpoints • IPv6 • ICMP provides low-level error reporting • IP forwarding global addressing, alternatives, lookup • IP in practice tables • Network address translation • IP addressing hierarchical, CIDR • IP service best effort, simplicity of routers • Address resolution protocol • IP packets header fields, fragmentation, ICMP • Tunnels 17 18 IPv6 IPv6 Address Size Discussion • “Next generation” IP. • Do we need more addresses? Probably, long term • Most urgent issue: increasing address space. • Big panic in 90s: “We’re running out of addresses!” V/Pr Flow label • Big worry: Devices. Small devices. Cell phones, toasters, • 128 bit addresses everything. • Simplified header for faster Length Next Hop L processing: • 128 bit addresses provide space for structure (good!) • No checksum (why not?) • Hierarchical addressing is much easier • Assign an entire 48-bit sized chunk per LAN – use Ethernet • No fragmentation (really?) Source IP address addresses • Support for guaranteed • Different chunks for geographical addressing, the IPv4 address services: priority and flow id space, • Options handled as “next • Perhaps help clean up the routing tables - just use one huge chunk header” per ISP and one huge chunk per customer. • reduces overhead of handling Destination IP address options Sub 010 Registry Provider Subscriber Host Net 19 20 5 IP Router Implementation: IPv6 Header Cleanup: Options Fast Path versus Slow Path • Common case: Switched in silicon (“fast path”) • 32 IPv4 options → variable length header • Almost everything • Rarely used • Weird cases: Handed to CPU (“slow path”, or “process • No development / many hosts/routers do not support switched”) • Worse than useless: Packets w/options often even get • Fragmentation dropped! • TTL expiration (traceroute) • Processed in “slow path”. • IP option handling • IPv6 options: “Next header” pointer • Slow path is evil in today’s environment • Combines “protocol” and “options” handling • “Christmas Tree” attack sets weird IP options, bits, and overloads • Next header: “TCP”, “UDP”, etc. router • Extensions header: Chained together • Developers cannot (really) use things on the slow path • Makes it easy to implement host-based options • Slows down their traffic – not good for business • One value “hop-by-hop” examined by intermediate • If it became popular, they are in trouble! routers • E.g., “source route” implemented only at intermediate hops 21 22 IPv6 Header Cleanup: “no” Migration from IPv4 to IPv6 • No checksum • Interoperability with IP v4 is necessary for incremental • Motivation was efficiency: If packet corrupted at hop 1, deployment. don’t waste b/w transmitting on hops 2..N. • No “flag day” • Useful when corruption frequent, b/w expensive • Fundamentally hard because a (single) IP protocol is • Today: corruption is rare, bandwidth is cheap critical to achieving global connectivity across the internet • No fragmentation • Process uses a combination of mechanisms: • Router discard packets, send ICMP “Packet Too Big” • Dual stack operation: IP v6 nodes support both address types → host does MTU discovery and fragments • Tunnel IP v6 packets through IP v4 clouds • IPv4-IPv6 translation at edge of network • Reduced packet processing and network complexity. • NAT must not only translate addresses but also translate between IPv4 • Increased MTU a boon to application writers and IPv6 protocols • Hosts can still fragment - using fragmentation header. • IPv6 addresses based on IPv4 – no benefit! Routers don’t deal with it any more. • 20 years later, this is still a major challenge! 23 24 6.