* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Lecture 7 - Lyle School of Engineering
Survey
Document related concepts
Point-to-Point Protocol over Ethernet wikipedia , lookup
IEEE 802.1aq wikipedia , lookup
Airborne Networking wikipedia , lookup
Network tap wikipedia , lookup
Dynamic Host Configuration Protocol wikipedia , lookup
Computer network wikipedia , lookup
Distributed firewall wikipedia , lookup
Deep packet inspection wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Transcript
Spring 2006 EE 5304/EETS 7304 Internet Protocols Lecture 7 More About Addressing Tom Oh Dept of Electrical Engineering [email protected] Outline • • • • • • • • IP addresses (Comer: Pg. 286) Address resolution protocol (ARP) (Comer: Pg. 311) Dynamic host configuration protocol (DHCP) (Comer: Pg. 630) Subnetting ( Comer: Pg. 293-294) Classless inter-domain routing (CIDR) (Comer: Pg. 293) Network address translation (NAT) (Comer: Pg. 390) Virtual private networking (VPN) (Comer: Pg. 238, 616) Mobile IP IP Addresses • IP address = (netID, hostID) • • • “netID” originally assigned by Internet Assigned Number Authority (IANA) through Internet Network Information Center (INTERNIC), now handled by Internet Corp. for Assigned Names and Numbers (ICANN) All hosts on same network have same netID “hostID” is assigned locally Class A Addresses • For large networks with many hosts, IP address format: 0nnnnnnn.hhhhhhhh.hhhhhhhh.hhhhhhhh where 0 = first bit to identify class A n = netID bits h = hostID bits Class A Addresses (cont) • 128 (7 bits) possible class A networks, except: • • • netID = 0000000 reserved for special uses netID = 1111111 reserved for special uses 10.x.x.x reserved for private networks [RFC 1918] • • May be used within any network, but not routed across the public Internet 16,777,216 (24 bits) possible host addresses per network • • hostID = all 0’s: refers to network itself (not any particular host) hostID = all 1’s: directed broadcast address (to broadcast to all hosts in network) Class B Addresses • For medium networks with many hosts, IP address format: 10nnnnnn.nnnnnnnn.hhhhhhhh.hhhhhhhh where 10 = first 2 bits to identify class B n = netID bits h = hostID bits Class B Addresses (cont) • 16,384 (14 bits) possible class B networks, except: • • • • netID = all 0’s reserved for special uses netID = all 1’s reserved for special uses Range 172.16.x.x - 172.31.x.x reserved for private networks [RFC 1918] 65,536 (16 bits) possible host addresses per network • • hostID = all 0’s: refers to network itself (not any particular host) hostID = all 1’s: directed broadcast address (to broadcast to all hosts in network) Class C Addresses • For small networks with few hosts, IP address format: 110nnnnn.nnnnnnnn.nnnnnnnn.hhhhhhhh where 110 = first 3 bits to identify class C n = netID bits h = hostID bits Class C Addresses (cont) • 2,097,152 (21 bits) possible class C networks, except: • • • • netID = all 0’s reserved for special uses netID = all 1’s reserved for special uses Range 192.168.0.x - 192.168.255.x reserved for private networks [RFC 1918] 256 (8 bits) possible host addresses per network • • hostID = all 0’s: refers to network itself (not any particular host) hostID = all 1’s: directed broadcast address (to broadcast to all hosts in network) Class D Addresses • For multicasting (broadcasting to specific group), IP address format: 110nnnnn.nnnnnnnn.nnnnnnnn.hhhhhhhh where 110 = first 3 bits to identify class C n = netID bits h = hostID bits Class E Addresses • For experimental purposes, IP address format: 11110bbb.bbbbbbbb.bbbbbbbb.bbbbbbbb where 11110 = first 5 bits to identify class E b = address bits Address Resolution Protocol (ARP) • Routers examine netID part of destination address in IP packets • • Forward packets closer to destination network, ignoring hostID unless the router is on same network as destination host How does local router deliver packet to destination host? • Destination networks are often LANs • • Each host has unique 6-byte LAN (eg, Ethernet) address in addition to IP address Local router must forward IP packet to destination host via data link layer (eg, by Ethernet frame) ARP (cont) IP packet Route packet by netID in dest. IP address, towards local router Local router delivers packet according to hostID in IP address, via MAC layer Dest. host ARP (cont) • • LAN address space is managed by IEEE Each LAN adapter manufacturer is assigned unique 3-byte prefix number and manufactures adapters with this prefix + unique 3-byte number • • Unique 6-byte address is burned permanently in each adapter's ROM By protocol layering principle, LAN addresses and IP addresses are independent • Destination IP address in IP packet must be translated into a destination LAN address, but how? ARP (cont) • • ARP is a protocol to learn the LAN address of a host whose IP address is known [RFC 826] Router will broadcast ARP request message to the LAN (sent to LAN broadcast address) • • • ARP request contains source IP address, dest. IP address, LAN addresses Each host checks if its IP address matches the dest. IP address Matching host replies with an ARP response message containing its LAN address ARP (cont) ARP request Dest. host ARP reply Dest. host ARP (cont) • • Router now knows the LAN address to send the packet, and sends packet to dest. LAN address Why not just broadcast the IP packet to all hosts in the first place? • • • Broadcasting is too expensive - involving all hosts - to be used every time to deliver an IP packet For efficiency, all hosts on LAN maintain an ARP cache containing the most recent address mappings learned from ARP queries/responses Reverse ARP is opposite procedure to learn the IP address of host when LAN address is known [RFC 903] Dynamic Host Configuration Protocol (DHCP) • • Hosts are not manufactured with permanent IP addresses, but IP address is configured during installation Manual configuration of IP addresses can be avoided by DHCP (dynamic host configuration protocol) • • Host configuration info. is maintained in a DHCP server New host can discover address of DHCP server by broadcasting DHCP Discover packet to special reserved IP address 255.255.255.255 DHCP (cont) • • Packet may be forwarded by special DHCP relays to DHCP server, which replies with its IP address Host gets assigned an IP address and optionally IP address of its default IP router (to send packets) Subnetting and Supernetting • Classful IP addressing: • • • • NetID part of IP address, called prefix to host address, is unique to each physical network All hosts on same physical network share a common prefix Class A prefixes are popular and Class B prefixes are running out soonest Efficiency may be gained by allowing same network prefix to be shared by multiple physical networks • Subnetting and supernetting (CIDR) Subnetting • • Subnetting is a type of hierarchical addressing [RFC 950] Example: 2 physical networks share class B address 128.10.x.x All traffic to 128.10.x.x is split by router based on 3rd address byte 2 bytes Class B prefix 1 byte 1 byte Physical network Host Network 128.10.1.x Network 128.10.2.x Subnetting (cont) • Last 2 bytes are divided into 1 byte to identify physical network and 1 byte for host • • • But more flexibility is needed - this example limits 256 subnets and 256 hosts per subnet Each organization can choose its own way of partitioning address space Partitioning of address space is specified by 32-bit subnet mask • • 1’s signify bits in subnet prefix 0’s signify bits in host identifier Subnetting (cont) • Example: a subnet mask for a class B address (mask can be written 255.255.255.0): 11111111.11111111.11111111.00000000 Class B prefix should be all 1’s Additional bits to identify network Host identifier Subnetting (cont) • More flexibly, 1’s can be anywhere (but not common in practice), for example 11111111.11111111.00011000.01000000 Class B prefix should be all 1’s Additional bits to identify network Host identifier • Classless Inter-Domain Routing (CIDR) Suppose a class B address (65,536 hosts) is too large for an organization but class C address (256 hosts) is too small • • Supernetting is classless addressing • • Organization would like a block of class C addresses Addresses in a network can span multiple class prefixes CIDR [RFC 1517] collapses block of contiguous addresses into single representation • Lowest 32-bit address + 32-bit CIDR mask CIDR (cont) • Example: Lowest address: 10000000.11010011.10101000.00000000 CIDR mask: 11111111.11111111.11111000.00000000 Mask marks end of prefix, so highest address in block is 10000000.11010011.10101111.11111111 CIDR (cont) • CIDR notation (aka, slash notation): 128.211.168.0/21 Lowest address in block Number of 1 bits in CIDR mask (/8, /16, /24 correspond to traditional class A, B, C divisions) CIDR (cont) • CIDR complicates routing tables because CIDR addresses are not self-identifying • • • Classful addresses had fixed division between network prefix and hostID Division between prefix and hostID in CIDR address cannot be determined by looking at address Modern routers understand CIDR notation since 1993 (approval of CIDR) • Various approaches to looking up prefix in routing tables Network Address Translation (NAT) • Private TCP/IP networks can use arbitrary IP addresses if isolated from public Internet • • • But private networks often want Internet access Usually small fraction of hosts want Internet access at any same time NAT allows private networks to access Internet through at least one globally valid IP address, say G, while keeping their private IP addresses [RFC 3022] • • Private IP addresses are not globally unique Helps IP address shortage because private addresses can be re-used in other private domains Network Address Translation (NAT) • NAT box is computer interconnecting private network and public Internet, running NAT software, assigned IP address G • If private network host wants to access Internet, NAT box translates public address G to private address Globally unique address G Internet NAT Private IP network Private nonunique address P NAT (cont) • From internal view, NAT box is like a router with reach to public Internet - works transparently to hosts • • • Outgoing packets from private host have source IP address changed from private host address to public address G Incoming packets have destination IP address changed from G to private host address Advantage: NAT boxes can be installed without changing existing hosts and routers NAT (cont) • Address translation is done by NAT translation table • • • Initialized manually (but takes work) Built dynamically by watching addresses in outgoing packets (but communication cannot be initiated from Internet side) Built dynamically by handling domain name lookups for private hosts (but works only if sender performs domain name lookup before sending data) Public address Private address G1 P1 G2 P2 NAT (cont) • ISPs often use NAT tables built dynamically by outgoing packets • • ISP customer is assigned a private address when dialed in NAT table entry is initialized by customer’s packet to Internet ISP using NAT Internet ISP customer NAT dialup NAT (cont) • ICMP complicates NAT Packet with source address G Internet NAT Private IP network ICMP Destination Unreachable message contains original packet header (with source address G though) Private address P NAT must open ICMP message and translate address G to P Virtual Private Networks (VPN) • Many private organizations have distributed sites that need to be networked together privately, but leased lines are expensive and maybe inefficient (if not used all the time) • • Frame relay and ATM virtual circuits can interconnect sites more efficiently than leased lines, but involve subscription fees VPNs allow private networking over public Internet • Internet offers ubiquity (access from anywhere) and efficiency (packets) VPN (cont) • VPN allows private communications over public network • • Tunnels allow packet delivery Encryption allows privacy Private network Private network tunnels Private network VPN (cont) • Tunnels use IP-in-IP encapsulation • • • Real packet for dest. host is carried in payload of outer IP packet Outer IP packet serves to deliver inner packet unchanged through Internet For privacy, inner packet is first encrypted • Encryption scrambles data mathematically into unreadable form, depending on a secret key, but reversible by decryption with same secret key VPN (cont) Private address P1 Router address R1 Private network source P1 to dest. P2 Router address R2 Private network tunnel Encrypt Decrypt ••• ••• ••• ••• Add outer packet header with source R1 to dest. R2 Private address P2 Remove outer packet header after delivery Mobile IP • • A limitation of IP addresses: netID part of IP address assumes fixed location A mobile host may connect to Internet from different networks • • Must change its IP address or routers must propagate a host-specific route across Internet Mobile IP [RFC 2002] extends IP to support mobile hosts under constraints: • • Transparent to applications, transport layer protocols, existing routers No changes to existing IP addresses Mobile IP (cont) • • Mobile hosts have 2 addresses and make use of tunneling Primary address on “home” network is permanent • • Used by applications and transport protocols Secondary (”care-of”) address on “foreign” network is temporarily assigned when roaming • • Obtained by registering with foreign network Not known by applications - known only by mobile host and “agents” in home network and foreign network Mobile IP (cont) • VPN allows private communications over public network Packet to permanent address Home agent tunnels packet to care-of address Home network tunnel Foreign network Delivered to care-of address; original packet recovered Mobile IP (cont) • Roaming mobile host registers with foreign agent in foreign network • • • • Obtains care-of address from foreign host Informs home agent of care-of address Mobile host must register again if visit new foreign network Mobile host must de-register when returning home to stop packet forwarding