Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
UNIT name: IP protocol o AIM of the unit The Student understands of IP address and IP package structure and is able to explain how IP packets are handled in active nodes of network. o What are the PRIOR knowledge for unit – concepts what must be covered before bit/byte network basics TCP/IP protocol family o Theory (HTML text - possible with links to outside material and simple flash) 1. IP as standard IP has different versions. In the internet is mostly used IPv4 whitch is defined in - RFC 0791 - http://www.graphcomp.com/info/rfc/rfc0791.html and - RFC 0950 - http://www.graphcomp.com/info/rfc/rfc0950.html There is newer version IPv6, which is not widely used, looked later in that unit. IP, as Network Level protocol within TCP/IP protocol family, is addressing network nodes, defining networks and IP packet structure. IP protocol is used for transporting data packets from source node to destination node, without any guarantee or error checking. It supports fragmentation and prioritizing, if needed. Read more: http://en.wikipedia.org/wiki/IPv4 2. IP packets (would prefer Flash simulation with explanations) Source=http://www.uga.edu/~ucns/lans/tcpipsem/ Descriptions from: http://en.wikipedia.org/wiki/IPv4#Packet_structure Version: The first header field in an IP packet is the 4-bit version field. For IPv4, this has a value of 4 (hence the name IPv4). Internet Header Length (IHL): The second field is a 4-bit Internet Header Length (IHL) telling the number of 32-bit words in the header. Since an IPv4 header may contain a variable number of options, this field specifies the size of the header (this also coincides with the offset to the data). The minimum header size is 20 bytes, so the minimum value for this field is 5 (5×4 = 20 bytes). Being a 4-bit field the maximum length is 15 words or 60 bytes. Type of Service (TOS): In RFC 791, the following 8 bits were allocated to a Type of Service (TOS) field: bits 0-2: precedence bit 3: 0 = Normal Delay, 1 = Low Delay bit 4: 0 = Normal Throughput, 1 = High Throughput bit 5: 0 = Normal Reliability, 1 = High Reliability bits 6-7: Reserved for future use This field is now used for DiffServ and ECN. The original intention was for a sending host to specify a preference for how the datagram would be handled as it made its way through an internetwork. For instance, one host could set its IPv4 datagrams' TOS field value to prefer low delay, while another might prefer high reliability. In practice, the TOS field has not been widely implemented. However, a great deal of experimental, research and deployment work has focused on how to make use of these eight bits. These bits have been redefined, most recently through DiffServ working group in the IETF and the Explicit Congestion Notification codepoints (see RFC 3168). New technologies are emerging that require real-time data streaming and therefore will make use of the TOS field. An example is Voice over IP (VoIP) that is used for interactive data voice exchange. Total Length: This field defines the entire datagram size, including header and data, in bytes. The minimum-length datagram is 20 bytes (20 bytes header + 0 bytes data) and the maximum is 65,535 — the maximum value of a 16-bit word. The minimum size datagram that any host is required to be able to handle is 576 bytes, but most modern hosts handle much larger packets. Sometimes subnetworks impose further restrictions on the size, in which case datagrams must be fragmented. Fragmentation is handled in either the host or packet switch in IPv4. Identification: This field is an identification field and is primarily used for uniquely identifying fragments of an original IP datagram. Some experimental work has suggested using the ID field for other purposes, such as for adding packet-tracing information to datagrams in order to help trace back datagrams with spoofed source addresses. Flags: A 3-bit field follows and is used to control or identify fragments. They are (in order, from high order to low order): 1. Reserved; must be zero. As an April Fools joke (RFC 3514) "Evil bit". 2. Don't Fragment (DF) 3. More Fragments (MF) If the DF flag is set and fragmentation is required to route the packet then the packet will be dropped. This can be used when sending packets to a host that does not have sufficient resources to handle fragmentation. When a packet is fragmented all fragments have the MF flag set except the last fragment, which does not have the MF flag set. The MF flag is also not set on packets that are not fragmented — clearly an unfragmented packet can be considered the last fragment. Fragment Offset: The fragment offset field is 13-bits long and allows a receiver to determine the place of a particular fragment in the original IP datagram, measured in units of 8-byte blocks. This method allows a maximum offset of 65,528 () which would exceed the maximum IP packet length of 65,535 with the header length counted with it. Time To Live (TTL): An 8-bit time to live (TTL) field helps prevent datagrams from persisting (e.g. going in circles) on an internetwork. Historically the TTL field limited a datagram's lifetime in seconds, but has come to be a hop count field. Each packet switch (or router) that a datagram crosses decrements the TTL field by one. When the TTL field hits zero, the packet is no longer forwarded by a packet switch and is discarded. Typically, an ICMP message (specifically the time exceeded) is sent back to the sender that it has been discarded. The reception of these ICMP messages is at the heart of how traceroute works. Protocol: This field defines the protocol used in the data portion of the IP datagram. The Internet Assigned Numbers Authority maintains a list of Protocol numbers and were originally defined in RFC 790. Common protocols and their decimal values are shown below (see http://en.wikipedia.org/wiki/List_of_IP_protocol_numbers). Header Checksum: The 16-bit checksum field is used for error-checking of the header. At each hop, the checksum of the header must be compared to the value of this field. If a header checksum is found to be mismatched, then the packet is discarded. Note that errors in the data field are up to the encapsulated protocol to handle — indeed, both UDP and TCP have checksum fields. Since the TTL field is decremented on each hop and fragmentation is possible at each hop then at each hop the checksum will have to be recomputed. The method used to compute the checksum is defined within RFC 791: The checksum field is the 16-bit one's complement of the one's complement sum of all 16-bit words in the header. For purposes of computing the checksum, the value of the checksum field is zero. In other words, all 16-bit words are summed together using one's complement (with the checksum field set to zero). The sum is then one's complemented. This final value is then inserted as the checksum field. Source address: An IP address is a group of 4 8-bit octets for a total of 32 bits. The value for this field is determined by taking the binary value of each octet and concatenating them together to make a single 32-bit value. For example, the address 10.9.8.7 (00001010.00001001.00001000.00000111 in binary) would be 00001010000010010000100000000111. This address is the address of the sender of the packet. Note that this address may not be the "true" sender of the packet due to network address translation (NAT). Instead, the source address will be translated by the NATing machine to its own address. Thus, reply packets sent by the receiver are routed to the NATing machine, which translates the destination address to the original sender's address. Destination address: Identical to the source address field but indicates the receiver of the packet. Options: Additional header fields (called options) may follow the destination address field, but these are not often used. Note that the value in the IHL field must include enough extra 32-bit words to hold all the options (plus any padding needed to ensure that the header contains an integral number of 32-bit words). The list of options may be terminated with an EOL (End of Options List) option; this is only necessary if the end of the options would not otherwise coincide with the end of the header. The use of the LSSR and SSRR options (Loose and Strict Source and Record Route) is discouraged because they create security concerns; many routers block packets containing these options. Data: The last field is not a part of the header and, consequently, not included in the checksum field. The contents of the data field are specified in the protocol header field and can be any one of the transport layer protocols. Read more: http://en.wikipedia.org/wiki/IPv4#Packet_structure 3. IP address Let’s see how IP address looks like. IP addresses are fixed length four octets in form of x.y.z.w. In practice they are presented in decimal numerical system, where every number is between 0-255, as example: 193.40.126.66. In computers, there is used binary system, IP address is presented with 32 bits. The same IP address (193.40.126.66) then looks like: positions... 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 1 1 0 0 0 0 0 1 0 0 1 0 1 0 0 0 0 1 1 1 1 1 1 0 0 1 0 0 0 0 1 0 It makes the number of different addresses 2^32 = 4 294 967 296 in IPv4. This number seems big, but is not enough for all active nodes in the internet already long time. Mostly because of that restriction of different IP addresses, there was developed newer version, IPv6 looked later in that unit, and NAT, covered in unit “IP routing”. Networks IP address is divided in two parts logically, beginning with a network number and followed by local or node address (called the "rest" field). There is used a bit mask in IP network segment ("address mask") to identify how many bits of the address field are indicating the network segment address (number) and how many bits will rest for the identification of nodes. Masks can be represented in different ways too: Net bits Subnet mask total-addresses /20 255.255.240.0 4096 /21 255.255.248.0 2048 /22 255.255.252.0 1024 /23 255.255.254.0 512 /24 255.255.255.0 256 /25 255.255.255.128 128 /26 255.255.255.192 64 /27 255.255.255.224 32 /28 255.255.255.240 16 /29 255.255.255.248 8 /30 255.255.255.252 4 (Source: http://xtronics.com/reference/ip-subnetmasks.htm) Addresses are hierarchical and ordered (as numbers). In top level of Internet addressing there is IANA (www.iana.org) and RIPE (www.ripe.net) dealing with network addresses. You can discover to who IANA hase gave some networks in list there: http://www.iana.org/assignments/ipv4-address-space or query any IP in http://www.ripe.net/whois? IP classes Class to … there is A starting from 1.0.0.0 127.0.0.0 B 128.0.0.0 191.255.0.0 C 192.168.0.0 233.255.255.0 D 234.0.0.0 255.255.255.255 127 networks (mask 255.0.0.0) 16 thousand networks (mask 255.255.0.0) 2 Million networks (mask 255.255.255.0) experimental addresses and in every network ~1,6 million nodes ~64 thousand nodes 254 nodes There is some examples of how we can present (define) IP network segment with about 64 thousand nodes: Area of addresses: 193.40.0.0 - 193.40.255.255 Thorough network bits: 193.40.0.0/16 Thorough Subnet Mask: 193.40.0.0/255.255.0.0 Look also - http://www.ripe.net/whois?searchtext=193.40.126.66 Private networks are used inside organizations behind firewalls and NAT, (covered in unit “IP routing”). Because these addresses are used privately and not routed to other networks, they can be used in different organizations at the same time. 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 Read more: http://en.wikipedia.org/wiki/Private_network Zeroconf – default random addressing for nodes, giving a possibility to communicate within local network (DataLayer segment) without routing information. Read more: http://en.wikipedia.org/wiki/Zeroconf Network and Broadcast address. In every network, there is two addresses used for network and broadcast addressing. These addresses are not available for node addressing. So if there are 4 addresses in the network, there can be 2 nodes defined. Only exception is network with 32 bit mask (network with only one address), which is used for defining the nodes local IP address in the routing table. It means mask with 31 bits, network with 2 addresses, can not be used. Network address is first address in the network and it is used for identification network segment. All the IP addresses, using the same network address part, are in the same network segment. Because network address is first address in the network, it can not be random IP address, but it must mach with network mask in a binary view, for last bits in the network address must be zeros, as long as mask has zeros. As an example: 193.040.136.064 = 11000001.00101000.10001000.01000000 (network) 255.255.255.240 = 11111111.11111111.11111111.11110000 (mask) In private networks, inside organizations, there is mostly used mask 255.255.255.0, because of simplicity of calculations of network address – last octet is zero, and first three octets are representing network address. Broadcast address is the last address in the network, and it is used for addressing all the nodes in the network at the same time. It means that IP packet, where the destination address is broadcast address, is sent to all nodes of the IP network. It is important for remote announcements in network segment. In some cases it is used for attacking purposes by hackers or can cause problems in bigger network segments. Read more: http://en.wikipedia.org/wiki/Broadcast_address http://en.wikipedia.org/wiki/Broadcast_traffic http://en.wikipedia.org/wiki/Broadcast_storm What is Gateway and how to calculate network and broadcast address, if you have node address and mask, is covered in the “IP routing” unit. 4. IPv6 Main reason to develop new version of IP was lack of addresses. Because of NAT and other improvements of IPv4, there is not very big demand for IPv6. US government has specified that the network backbones of all federal agencies must deploy IPv6 by 2008. Read more: http://en.wikipedia.org/wiki/Ipv6 5. Other important things - Configuring Linux, Windows, routers etc o IFCONFIG/IPCONFIG - ICMP - http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol o PING with packet size and other options o Other utilities to see what is happening in the network (tcpdump, Ethreal) - ARP - http://en.wikipedia.org/wiki/Address_Resolution_Protocol o DHCP http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol - DNS - http://en.wikipedia.org/wiki/Dns o Attachments (Videos, Simulations etc – describe!!!) The picture of IP Packet header will be shown in the beginning. Then it hides and will show separately every component of header + description (text) at bottom. At the end student can point to any component and the specific description will show up. Also Student can start the animation (simulation) again. o Quiz (best is 1…x right answers of 3…6 choices, may be different quizzes – for self-learning and grading) 1. Network protocol is a. addressing IP network packets (x) b. addressing LAN transmission frames c. addressing applications in hosts 2. These are network layer protocols: a. TCP b. IP (x) c. IPX (x) d. SPX e. Ethernet f. Fiber g. VPN 3. IP packet header includes a. IP addresses (x) b. MAC addresses c. data d. port numbers 4. IP packets belongs to a. data link layer b. network layer (x) c. transport layer d. application layer 5. Network protocol is a. addressing network packets (x) b. addressing transmission frames c. addressing applications 6. IP packet can transport: a. 64 bits of data b. 64 bytes of data c. 64 KB of data (x) d. 64 MB of data 7. DNS is important for a. data transmission between nodes b. internet name resolution to IP numbers (x) 8. To test if IP protocol is working, there is best to use utility in MS Windows (choose 2): a. IPCONFIG (x) b. PING (x) c. TRACERT d. NETSTAT 9. How many nodes can be defined in network, with mask 255.255.255.252 a. 2 (x) b. 4 c. 8 d. 16 10. How many addresses is in IP network defined as 193.40.223.32/27 a. 4 b. 8 c. 16 d. 32 (x) e. 64 ...