* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Lesson 11
Survey
Document related concepts
Distributed firewall wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Asynchronous Transfer Mode wikipedia , lookup
Network tap wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Computer network wikipedia , lookup
Airborne Networking wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Deep packet inspection wikipedia , lookup
Internet protocol suite wikipedia , lookup
Packet switching wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Transcript
Internetwork Protocols Lesson 11 NETS2150/2850 http://www.ug.cs.usyd.edu.au/~nets2150/ School of Information Technologies 1 Lesson Outcomes The needs for internetworking and not standalone network! Design issues in a connection-less model Understand the intricacies of IP addressing What’s missing in IPv4? The importance of ICMP, the companion protocol of IP 2 Internetworking Terms Communications Network Facility that provides data transfer service An internet Collection of communications networks interconnected by routers The Internet - note upper case I The global collection of thousands of individual machines and networks An intranet Corporate internet operating within the organization Uses Internet (TCP/IP) technology to deliver documents and resources Can be isolated internet, or can have links to the 3 Internet The Internet/Network layer Host, router network layer functions: Transport layer: TCP, UDP Network layer IP protocol •addressing conventions •packet format •packet handling conventions Routing protocols •path selection •RIP, OSPF routing table ICMP protocol •error reporting •router “signalling” Data link layer physical layer 4 Architectural Approaches Mode of Operation: Connection oriented Connectionless application application transport transport network network data link data link physical physical application application transport transport network network data link data link physical physical 5 Connection Oriented Assume that each network is connection oriented Intermediate System (IS1) connect two or more networks Logical connection set up between ESs • Concatenation of logical connections across networks Individual network virtual circuits joined by IS 1: Bridges and routers are examples of ISs. 6 Connectionless Operation Corresponds to datagram mechanism in packet switched network Each NPDU treated separately Network layer protocol common to all ESs and routers Known generically as the internet protocol Internet Protocol (IP) One such internet protocol was developed for ARPANET (Advanced Research Projects Agency Network ) RFC 791 Lower layer protocol needed to access particular network 7 Connectionless Internetworking Pros: Flexibility Robust No connection setup overhead Cons: Unreliable, not guaranteed delivery Not guaranteed order of delivery • Packets can take different routes Reliability is responsibility of next layer up (e.g. TCP) 8 Ordered Delivery PDUs may arrive out of order Different paths through network But, PDU order must be maintained Number PDUs sequentially Easy to reorder received PDUs 9 IP Operation 10 IP Design Issues Routing Datagram lifetime Fragmentation and re-assembly Error control Flow control 11 Routing End systems and routers maintain routing tables Indicate next router to which packet should be sent, for all possible destination network Could be static • But, may contain alternative routes Or Dynamic • Flexible response to congestion and errors Source routing Source specifies route as sequential list of routers to be followed because of: • Security • Priority 12 Datagram Lifetime Datagram could loop indefinitely Consumes resources Transport protocol may need upper bound on datagram life Datagram marked with lifetime TTL field in IP Decrement TTL on passing through each router Once lifetime expires, datagram discarded 13 Fragmentation and Reassembly Network links have MTU (max. transmission unit) largest possible data linklevel frame Different link types, different MTUs ATM 53 octets Ethernet 1518 octets Pros: More efficient error control fragmentation: in: one large packet out: 3 smaller packets reassembly • Smaller retransmission Fairer • Prevent monopolising Smaller buffers at rcvr 14 Disadvantages of Fragmentation Make PDUs as large as possible because PDU contains some control information Smaller block, larger overhead to data ratio PDU arrival generates interrupt to CPU Waste CPU time Smaller blocks, more interrupts! 15 Fragmentation and Reassembly When to re-assemble?? At destination? • Results in packets getting smaller as data traverses internet Intermediate re-assembly? • Need large buffers at routers • Buffers may fill with fragments • All fragments must go through same router – Inhibits dynamic routing 16 IP Fragmentation (1) IP reassembles at destination only It uses these fields in header Identifies end system originated packet • Source and destination address • Protocol layer generating data (e.g. TCP) • Identification supplied by IP layer Total Length • Length of packet in octets 17 IP Fragmentation (2) Offset • Position of fragment of user data in original packet • In multiples of 64-bit (8-octet) units More fragment flag • Indicates that this is not the last fragment • 0 – last or the only packet • 1 – not last 18 IP Fragmentation and Reassembly Example 4000-octet packet (with 20octet header) MTU = 1500 octets Data in each is 1480 octets Fragments = 3980/1480 = 3 length ID Moreflag offset =4000 =x =0 =0 One large packet becomes 3 smaller packets length ID Moreflag offset =1500 =x =1 =0 length ID Moreflag offset =1500 =x =1 =185 length ID Moreflag offset =1040 =x =0 =370 Offset in 1st fragment = 0, 2nd fragment = (1480/8) = 185 and 3rd fragment = (185+185) = 370 19 Dealing with Failure Reassembly may fail if some fragments get lost So, need to detect failure Reassembly time out Assigned to first fragment to arrive If timeout expires before all fragments arrive, discard partial data Use packet lifetime (time to live) If TTL runs out, kill partial data 20 Error Control IP do NOT guarantee delivery IP uses checksum for error detection Router should attempt to inform source if packet discarded e.g. for TTL expiring or destination unreachable But, datagram identification needed Handled by ICMP protocol (see later) 21 IP Checksum – 2 steps 1. Add the 16-bit values up. Each time a carry-out (17th bit) is produced, swing that bit around and add it back into the lsb 2. Once all the values are added in this manner, invert all the bits in the result - called its “one's complement” 22 Example: msb 1000 0110 0101 1110 1010 1100 0110 0000 0111 0001 0010 1010 1000 0001 1011 0101 lsb First, we add the 16-bit values 2 at a time: 1000 0110 0101 1110 First 16-bit value + 1010 1100 0110 0000 Second 16-bit value ------------------------1 0011 0010 1011 1110 Produced a carry-out, which gets added + \----------------------> 1 back into lsb ---------------------------0011 0010 1011 1111 + 0111 0001 0010 1010 Third 16-bit value ---------------------------0 1010 0011 1110 1001 No carry to swing around (**) + 1000 0001 1011 0101 Fourth 16-bit value ---------------------------1 0010 0101 1001 1110 Produced a carry-out, which gets added + \----------------------> 1 back into lsb ---------------------------0010 0101 1001 1111 Our sum 23 Example (Cont.) Then we have to take the one's complement of the sum. We do this by simply inverting all the bits in the final result from above: 0010 0101 1001 1111 Our sum 1101 1010 0110 0000 The "one's complement" So the checksum stored in the header would be 1101 1010 0110 0000. 24 Flow Control Allows routers and/or stations to limit rate of incoming data Difficult in connectionless systems Not done here, left to higher layer (i.e. transport) 25 Internet Protocol (IP) Version 4 Part of TCP/IP Specified in RFC 791 Will (eventually) be replaced by IPv6 26 IP Services Send primitive Request transmission of data unit onto the network Deliver primitive Notify user of arrival of data unit from the network 27 IPv4 Header 28 Header Fields (1) Version (4 bits) Currently 4 Internet header length (4 bits) In 32-bit units Including options Type of service (before) – Differentiated Service (now) (8 bits) Allows classification of packets Total length (16 bits) in octets Header plus data 29 Header Fields (2) Identification (16 bits) Sequence number Used with addresses and user protocol to identify packet uniquely Flags (3 bits) More bit (1 bit) Don’t fragment (1 bit) Fragmentation offset (13 bits) Time to live (8 bits) Protocol (8 bits) Next higher layer to receive data field at destination 30 Header Fields (3) Header checksum (16 bits) Reverified and recomputed at each router Uses 16-bit ones complement sum Source address (32 bits) Destination address (32 bits) Options (variable) See next slide Padding (variable) To fill to multiple of 32 bits long 31 Options Security Label Allows secured handling of packets Source routing A list of router addresses specifies a route to follow Route recording Records route taken by a packet Stream identification Allows special handling of streaming traffic Timestamping Intermediate routers add timestamp on packet 32 Data Field Carries user data from next layer up Integer multiple of 8 bits long (octet) Max length of packet (header plus data) 65,535 octets 33 IP Addressing: Introduction IP address: 32-bit identifier for host, router interface interface: connection between host/router and physical link router’s have multiple interfaces IP addresses associated with each interface 223.1.1.1 223.1.2.1 223.1.1.2 223.1.1.4 223.1.1.3 223.1.2.9 223.1.3.27 223.1.2.2 Dotted-decimal notation Decimal number representing each of the octets, separated by a decimal point 223.1.3.2 223.1.3.1 223.1.1.1 = 11011111 00000001 00000001 00000001 223 1 1 1 34 IP Addressing IP address: 2 parts network part (high order bits) host part (low order bits) What’s a network ? (from IP address perspective) device interfaces with same network part of IP address can physically reach each other without intervening router 223.1.1.1 223.1.2.1 223.1.1.2 223.1.1.4 223.1.1.3 223.1.2.9 223.1.3.27 223.1.2.2 LAN 223.1.3.1 223.1.3.2 35 IP Addresses given notion of “network”, let’s re-examine IP addresses: “classful” addressing: class A 0 network B 10 C 110 D 1110 Address range 0.0.0.0 to 127.255.255.255 host network 128.0.0.0 to 191.255.255.255 host network multicast address host 192.0.0.0 to 223.255.255.255 224.0.0.0 to 239.255.255.255 32 bits All host ids. 36 Private IP addresses Also called non-routable IP addresses IP blocks reserved for private networks are: 10.0.0.0 through 10.255.255.255 172.16.0.0 through 172.31.255.255 192.168.0.0 through 192.168.255.255 Network Address Translation (NAT) protocol could be used to map private IP addresses to external IP address space (see RFC 1631) Use to hide internal network structure from the outside world (Security measure!) 37 IP addressing: CIDR Classful addressing contributed to: inefficient use of address space, address space exhaustion e.g., class B net allocated enough addresses for 65K hosts, even if only 2K hosts in that network Solution classless addressing CIDR: Classless InterDomain Routing network portion of address is of arbitrary length address format: a.b.c.d/x, where x is # bits in network portion of address (Slash notation) network part host part 11001000 00010111 00010000 00000000 200.23.16.0/23 38 IP addresses: how to get one? Q: How does host get IP address? hard-coded by network admin: MS Windows: control-panel->network>configuration->tcp/ip->properties Red-Hat LINUX: /etc/sysconfig DHCP: Dynamic Host Configuration Protocol: dynamically gets address from a server Client “plug-and-play” 39 Who assigns IP addresses? Q: How does network get network part of IP addr? A: gets allocated portion of its provider ISP’s address space ISP's block 11001000 00010111 00010000 00000000 200.23.16.0/20 Organization 0 Organization 1 Organization 2 ... 11001000 00010111 00010000 00000000 11001000 00010111 00010010 00000000 11001000 00010111 00010100 00000000 ….. …. 200.23.16.0/23 200.23.18.0/23 200.23.20.0/23 …. Organization 7 11001000 00010111 00011110 00000000 200.23.30.0/23 40 Subnets and Subnet Masks Allow arbitrary complexity of internetworked LANs within organisation Each LAN segment assigned subnet number Host portion of address partitioned into subnet number and host number With the help of subnet mask 41 IP addressing: the last word... Q: How does an ISP get block of addresses? A: ICANN: Internet Corporation for Assigned Names and Numbers allocates addresses manages DNS assigns domain names, resolves disputes 42 ICMP: Internet Control Message Protocol Used by hosts, routers to communicate network-level information (RFC 792) error reporting: unreachable host, network, port, protocol query: echo request/reply (used by ping) In network-layer “above” IP: ICMP msgs carried in IP packets ICMP message: type, code plus IP header and first 8 octets of data causing error Type Code description 0 0 echo reply (ping) 3 0 dest. network unreachable 3 1 dest host unreachable 3 2 dest protocol unreachable 3 3 dest port unreachable 3 6 dest network unknown 3 7 dest host unknown 4 0 source quench (congestion control - not used) 8 0 echo request (ping) 9 0 route advertisement 10 0 router discovery 11 0 TTL expired 12 0 bad IP header ICMP IP 43 IP v6 - Version Number IP v 1-3 defined and replaced IP v4 - current version IP v5 - non-IP real-time streaming protocol IP v6 - replacement for IP v4 During development it was called IPng Overall spec in RFC 2460 44 Why Change IP? Address space exhaustion Two level addressing (network and host) wastes space Network addresses used even if not connected to Internet Exponential growth of the Internet Single address per host Requirements for new types of service 45 Network sniffer or a protocol analyzer: Ethereal Ethereal: A Packet Sniffer A basic tool for observing messages exchanges between protocol entities It captures messages being sent/received from/by your computer Other packet sniffers are tcpdump, Zx Sniffer & AnalogX PacketMon 46 47 48 49 Summary IP enables host-to-host delivery of packets, unreliably Allows a flexible approach Some assistance by ICMP when error Who looks at process-to-process delivery?? Transport layer (next lesson!) Read Stallings Chapter 18 Download RFC 791, a classic (1981)! 50