Download UNIT name: IP protocol

UNIT name: IP protocol
o AIM of the unit
The Student understands of IP address and IP package structure and is able to explain
how IP packets are handled in active nodes of network.
o What are the PRIOR knowledge for unit – concepts what must be covered
before
bit/byte
network basics
TCP/IP protocol family
o Theory (HTML text - possible with links to outside material and simple
flash)
1. IP as standard
IP has different versions. In the internet is mostly used IPv4 whitch is defined in
- RFC 0791 - http://www.graphcomp.com/info/rfc/rfc0791.html and
- RFC 0950 - http://www.graphcomp.com/info/rfc/rfc0950.html
There is newer version IPv6, which is not widely used, looked later in that unit.
IP, as Network Level protocol within TCP/IP protocol family, is addressing network
nodes, defining networks and IP packet structure. IP protocol is used for transporting
data packets from source node to destination node, without any guarantee or error
checking. It supports fragmentation and prioritizing, if needed.
Read more: http://en.wikipedia.org/wiki/IPv4
2. IP packets
(would prefer Flash simulation with explanations)
Source=http://www.uga.edu/~ucns/lans/tcpipsem/
Descriptions from: http://en.wikipedia.org/wiki/IPv4#Packet_structure
Version: The first header field in an IP packet is the 4-bit version field. For IPv4, this
has a value of 4 (hence the name IPv4).
Internet Header Length (IHL): The second field is a 4-bit Internet Header Length
(IHL) telling the number of 32-bit words in the header. Since an IPv4 header may
contain a variable number of options, this field specifies the size of the header (this
also coincides with the offset to the data). The minimum header size is 20 bytes, so
the minimum value for this field is 5 (5×4 = 20 bytes). Being a 4-bit field the
maximum length is 15 words or 60 bytes.
Type of Service (TOS): In RFC 791, the following 8 bits were allocated to a Type of
Service (TOS) field:
bits 0-2: precedence
bit 3: 0 = Normal Delay, 1 = Low Delay
bit 4: 0 = Normal Throughput, 1 = High Throughput
bit 5: 0 = Normal Reliability, 1 = High Reliability
bits 6-7: Reserved for future use
This field is now used for DiffServ and ECN. The original intention was for a sending
host to specify a preference for how the datagram would be handled as it made its way
through an internetwork. For instance, one host could set its IPv4 datagrams' TOS
field value to prefer low delay, while another might prefer high reliability. In practice,
the TOS field has not been widely implemented. However, a great deal of
experimental, research and deployment work has focused on how to make use of these
eight bits. These bits have been redefined, most recently through DiffServ working
group in the IETF and the Explicit Congestion Notification codepoints (see RFC
3168). New technologies are emerging that require real-time data streaming and
therefore will make use of the TOS field. An example is Voice over IP (VoIP) that is
used for interactive data voice exchange.
Total Length: This field defines the entire datagram size, including header and data,
in bytes. The minimum-length datagram is 20 bytes (20 bytes header + 0 bytes data)
and the maximum is 65,535 — the maximum value of a 16-bit word. The minimum
size datagram that any host is required to be able to handle is 576 bytes, but most
modern hosts handle much larger packets. Sometimes subnetworks impose further
restrictions on the size, in which case datagrams must be fragmented. Fragmentation
is handled in either the host or packet switch in IPv4.
Identification: This field is an identification field and is primarily used for uniquely
identifying fragments of an original IP datagram. Some experimental work has
suggested using the ID field for other purposes, such as for adding packet-tracing
information to datagrams in order to help trace back datagrams with spoofed source
addresses.
Flags: A 3-bit field follows and is used to control or identify fragments. They are (in
order, from high order to low order):
1. Reserved; must be zero. As an April Fools joke (RFC 3514) "Evil bit".
2. Don't Fragment (DF)
3. More Fragments (MF)
If the DF flag is set and fragmentation is required to route the packet then the packet
will be dropped. This can be used when sending packets to a host that does not have
sufficient resources to handle fragmentation.
When a packet is fragmented all fragments have the MF flag set except the last
fragment, which does not have the MF flag set. The MF flag is also not set on packets
that are not fragmented — clearly an unfragmented packet can be considered the last
fragment.
Fragment Offset: The fragment offset field is 13-bits long and allows a receiver to
determine the place of a particular fragment in the original IP datagram, measured in
units of 8-byte blocks. This method allows a maximum offset of 65,528 () which
would exceed the maximum IP packet length of 65,535 with the header length
counted with it.
Time To Live (TTL): An 8-bit time to live (TTL) field helps prevent datagrams from
persisting (e.g. going in circles) on an internetwork. Historically the TTL field limited
a datagram's lifetime in seconds, but has come to be a hop count field. Each packet
switch (or router) that a datagram crosses decrements the TTL field by one. When the
TTL field hits zero, the packet is no longer forwarded by a packet switch and is
discarded. Typically, an ICMP message (specifically the time exceeded) is sent back
to the sender that it has been discarded. The reception of these ICMP messages is at
the heart of how traceroute works.
Protocol: This field defines the protocol used in the data portion of the IP datagram.
The Internet Assigned Numbers Authority maintains a list of Protocol numbers and
were originally defined in RFC 790. Common protocols and their decimal values are
shown below (see http://en.wikipedia.org/wiki/List_of_IP_protocol_numbers).
Header Checksum: The 16-bit checksum field is used for error-checking of the
header. At each hop, the checksum of the header must be compared to the value of
this field. If a header checksum is found to be mismatched, then the packet is
discarded. Note that errors in the data field are up to the encapsulated protocol to
handle — indeed, both UDP and TCP have checksum fields.
Since the TTL field is decremented on each hop and fragmentation is possible at each
hop then at each hop the checksum will have to be recomputed. The method used to
compute the checksum is defined within RFC 791:
The checksum field is the 16-bit one's complement of the one's complement sum of
all 16-bit words in the header. For purposes of computing the checksum, the value of
the checksum field is zero.
In other words, all 16-bit words are summed together using one's complement (with
the checksum field set to zero). The sum is then one's complemented. This final value
is then inserted as the checksum field.
Source address: An IP address is a group of 4 8-bit octets for a total of 32 bits. The
value for this field is determined by taking the binary value of each octet and
concatenating them together to make a single 32-bit value.
For example, the address 10.9.8.7 (00001010.00001001.00001000.00000111 in
binary) would be 00001010000010010000100000000111.
This address is the address of the sender of the packet. Note that this address may not
be the "true" sender of the packet due to network address translation (NAT). Instead,
the source address will be translated by the NATing machine to its own address. Thus,
reply packets sent by the receiver are routed to the NATing machine, which translates
the destination address to the original sender's address.
Destination address: Identical to the source address field but indicates the receiver of
the packet.
Options: Additional header fields (called options) may follow the destination address
field, but these are not often used. Note that the value in the IHL field must include
enough extra 32-bit words to hold all the options (plus any padding needed to ensure
that the header contains an integral number of 32-bit words). The list of options may
be terminated with an EOL (End of Options List) option; this is only necessary if the
end of the options would not otherwise coincide with the end of the header.
The use of the LSSR and SSRR options (Loose and Strict Source and Record Route)
is discouraged because they create security concerns; many routers block packets
containing these options.
Data: The last field is not a part of the header and, consequently, not included in the
checksum field. The contents of the data field are specified in the protocol header
field and can be any one of the transport layer protocols.
Read more: http://en.wikipedia.org/wiki/IPv4#Packet_structure
3. IP address
Let’s see how IP address looks like. IP addresses are fixed length four octets in form
of x.y.z.w. In practice they are presented in decimal numerical system, where every
number is between 0-255, as example: 193.40.126.66.
In computers, there is used binary system, IP address is presented with 32 bits. The
same IP address (193.40.126.66) then looks like:
positions...
1
2
3
4
5
6
7
8
9
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
1 1 0 0 0 0 0 1 0 0 1 0 1 0 0 0 0 1 1 1 1 1 1 0 0 1 0 0 0 0 1 0
It makes the number of different addresses 2^32 = 4 294 967 296 in IPv4. This
number seems big, but is not enough for all active nodes in the internet already long
time. Mostly because of that restriction of different IP addresses, there was developed
newer version, IPv6 looked later in that unit, and NAT, covered in unit “IP routing”.
Networks
IP address is divided in two parts logically, beginning with a network number and
followed by local or node address (called the "rest" field). There is used a bit mask in
IP network segment ("address mask") to identify how many bits of the address field
are indicating the network segment address (number) and how many bits will rest for
the identification of nodes.
Masks can be represented in different ways too:
Net bits
Subnet mask
total-addresses
/20
255.255.240.0
4096
/21
255.255.248.0
2048
/22
255.255.252.0
1024
/23
255.255.254.0
512
/24
255.255.255.0
256
/25
255.255.255.128 128
/26
255.255.255.192 64
/27
255.255.255.224 32
/28
255.255.255.240 16
/29
255.255.255.248 8
/30
255.255.255.252 4
(Source: http://xtronics.com/reference/ip-subnetmasks.htm)
Addresses are hierarchical and ordered (as numbers). In top level of Internet
addressing there is IANA (www.iana.org) and RIPE (www.ripe.net) dealing with
network addresses. You can discover to who IANA hase gave some networks in list
there: http://www.iana.org/assignments/ipv4-address-space or query any IP in
http://www.ripe.net/whois?
IP classes
Class
to …
there is
A
starting
from
1.0.0.0
127.0.0.0
B
128.0.0.0
191.255.0.0
C
192.168.0.0
233.255.255.0
D
234.0.0.0
255.255.255.255
127 networks (mask
255.0.0.0)
16 thousand networks
(mask 255.255.0.0)
2 Million networks (mask
255.255.255.0)
experimental addresses
and in every
network
~1,6 million
nodes
~64 thousand
nodes
254 nodes
There is some examples of how we can present (define) IP network segment with
about 64 thousand nodes:
Area of addresses: 193.40.0.0 - 193.40.255.255
Thorough network bits: 193.40.0.0/16
Thorough Subnet Mask: 193.40.0.0/255.255.0.0
Look also - http://www.ripe.net/whois?searchtext=193.40.126.66
Private networks are used inside organizations behind firewalls and NAT, (covered
in unit “IP routing”). Because these addresses are used privately and not routed to
other networks, they can be used in different organizations at the same time.
192.168.0.0/16
172.16.0.0/12
10.0.0.0/8
Read more: http://en.wikipedia.org/wiki/Private_network
Zeroconf – default random addressing for nodes, giving a possibility to communicate
within local network (DataLayer segment) without routing information. Read more:
http://en.wikipedia.org/wiki/Zeroconf
Network and Broadcast address.
In every network, there is two addresses used for network and broadcast addressing.
These addresses are not available for node addressing. So if there are 4 addresses in
the network, there can be 2 nodes defined. Only exception is network with 32 bit
mask (network with only one address), which is used for defining the nodes local IP
address in the routing table. It means mask with 31 bits, network with 2 addresses, can
not be used.
Network address is first address in the network and it is used for identification
network segment. All the IP addresses, using the same network address part, are in the
same network segment. Because network address is first address in the network, it can
not be random IP address, but it must mach with network mask in a binary view, for
last bits in the network address must be zeros, as long as mask has zeros.
As an example:
193.040.136.064 = 11000001.00101000.10001000.01000000 (network)
255.255.255.240 = 11111111.11111111.11111111.11110000 (mask)
In private networks, inside organizations, there is mostly used mask 255.255.255.0,
because of simplicity of calculations of network address – last octet is zero, and first
three octets are representing network address.
Broadcast address is the last address in the network, and it is used for addressing all
the nodes in the network at the same time. It means that IP packet, where the
destination address is broadcast address, is sent to all nodes of the IP network. It is
important for remote announcements in network segment. In some cases it is used for
attacking purposes by hackers or can cause problems in bigger network segments.
Read more:
http://en.wikipedia.org/wiki/Broadcast_address
http://en.wikipedia.org/wiki/Broadcast_traffic
http://en.wikipedia.org/wiki/Broadcast_storm
What is Gateway and how to calculate network and broadcast address, if you have
node address and mask, is covered in the “IP routing” unit.
4. IPv6
Main reason to develop new version of IP was lack of addresses. Because of NAT and
other improvements of IPv4, there is not very big demand for IPv6. US government
has specified that the network backbones of all federal agencies must deploy IPv6 by
2008.
Read more: http://en.wikipedia.org/wiki/Ipv6
5. Other important things
- Configuring Linux, Windows, routers etc
o IFCONFIG/IPCONFIG
- ICMP - http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol
o PING with packet size and other options
o Other utilities to see what is happening in the network (tcpdump,
Ethreal)
- ARP - http://en.wikipedia.org/wiki/Address_Resolution_Protocol
o DHCP http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol
- DNS - http://en.wikipedia.org/wiki/Dns
o Attachments (Videos, Simulations etc – describe!!!)
The picture of IP Packet header will be shown in the beginning. Then it hides and will
show separately every component of header + description (text) at bottom. At the end
student can point to any component and the specific description will show up. Also
Student can start the animation (simulation) again.
o Quiz (best is 1…x right answers of 3…6 choices, may be different quizzes –
for self-learning and grading)
1. Network protocol is
a. addressing IP network packets (x)
b. addressing LAN transmission frames
c. addressing applications in hosts
2. These are network layer protocols:
a. TCP
b. IP (x)
c. IPX (x)
d. SPX
e. Ethernet
f. Fiber
g. VPN
3. IP packet header includes
a. IP addresses (x)
b. MAC addresses
c. data
d. port numbers
4. IP packets belongs to
a. data link layer
b. network layer (x)
c. transport layer
d. application layer
5. Network protocol is
a. addressing network packets (x)
b. addressing transmission frames
c. addressing applications
6. IP packet can transport:
a. 64 bits of data
b. 64 bytes of data
c. 64 KB of data (x)
d. 64 MB of data
7. DNS is important for
a. data transmission between nodes
b. internet name resolution to IP numbers (x)
8. To test if IP protocol is working, there is best to use utility in MS Windows
(choose 2):
a. IPCONFIG (x)
b. PING (x)
c. TRACERT
d. NETSTAT
9. How many nodes can be defined in network, with mask 255.255.255.252
a. 2 (x)
b. 4
c. 8
d. 16
10. How many addresses is in IP network defined as 193.40.223.32/27
a. 4
b. 8
c. 16
d. 32 (x)
e. 64
...