Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Document
Document related concepts
Wake-on-LAN wikipedia , lookup
Distributed firewall wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Computer network wikipedia , lookup
Network tap wikipedia , lookup
Airborne Networking wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Transcript
Network Architecture and Design Scope Ten (10) Lectures To cover the complete network design process from the initial drawings to the final implementation. To learn how to effectively combine all the “cutting edge” technologies to produce a functional network. Five (5) Intermediate Reports (IRs) An Overall Project (OP) Performance: 50%OP + 50%IRs Network Architecture and Design 1 IRs and OP An IR will extend the presented topics The OP will apply the obtained knowledge for solving an actual network design problem. Network Architecture and Design 2 Basic Tasks Gathering information Designing the network Assembling the network components Building the network Network monitoring Network Architecture and Design 3 Gathering Information Preparation and analysis Site survey Collection of requirements Organization and interpretation of the collected information Drawing up the project (time plan, resources, etc.) Submit the proposal Network Architecture and Design 4 Designing the Network Network hardware Protocols Operating system Remote/Internet connectivity ISDN, Frame Relay, DSL, etc. Host hardware and software TCP/IP, IPX, NetBEUI, etc. Technologies Hubs, bridges, switches, routers, etc. Dial-in, VPN, DNS, etc. Security Filtering routers, firewalls, etc. Network Architecture and Design 5 Assembling the Components Choosing hardware vendors Choosing software plan Licensing Find contractors Creating the final proposal (Release network specifications) Network Architecture and Design 6 Building the Network Ordering the equipment Cabling the workspace Assembling the servers Testing Final walk-through Network Architecture and Design 7 Network Monitoring Traffic monitoring Tracking important events Network resource management Firewalls Proxies Upgrade/maintenance Network Architecture and Design 8 The Course Focus on…… Designing a Network Using Modern Technologies Network Architecture and Design 9 IP – Overview Communication between computers on the internet: Internet Protocol (IP) Telephone network: Each user owns a unique telephone number Internet Each computer owns a unique IP address Network Architecture and Design 10 IP Overview IP in OSI model Application Layer NFS SNMP TELNET DNS FTP SMTP Session Layer HTTP Presentation Layer Application Transport Layer TCP, UDP Network Layer IP Logical Link Layer Device Driver Physical Layer Network Adapter Network Architecture and Design 11 Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP Telephony (VoIP) Network Architecture and Design 12 IPv4 Since today addressing is made according to version 4 of the Internet Protocol (IPv4) 4 Bytes 4.3 billions different addresses e.g. 169.21.54.69 17.232.89.22 Network Architecture and Design 13 IPv4 Each address is constituted of the network prefix and the node prefix The number of bits of each prefix depends on the address class Network Architecture and Design 14 IPv4 Classes Class A 0 0.X.X.X – 127.X.X.X Class B Class C 14 bits Network prefix 110 192.X.X.X – 223.X.X.X 24 bits Network prefix 10 128.X.X.X – 191.X.X.X 7 bits 21 bits Network prefix Network Architecture and Design Node prefix 16 bits Node prefix 8 bits Node prefix 15 IPv4 Classes Α Class: 126 networks with 16 billions nodes Β Class: 16.000 networks with 16.000 nodes C Class: 2 billion networks with 256 nodes Network Architecture and Design 16 IPv4 -Example Class C Subnetwork 135.5.6.X 135.5.7.34 195.23.5.25 Router Router Router 195.23.5.17 135.5.7.69 Class C Subnetwork Class C Network 195.23.5.X 135.5.7.X Internet Backbone Class B Network 135.5.X.X Network Architecture and Design 17 IPv4 Packet Header Vers = 4 IHL Type of Service Identification Time to Live Total Length Flags Protocol Fragment Offset Header Checksum Source Address Destination Address Options Network Architecture and Design 18 Limitations of IPv4 No global addressability No more addresses Difficult do deploy new internet-wide applications Address space will be exhausted by 2008 Too big routing tables Network Architecture and Design 19 Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP Telephony Network Architecture and Design 20 The need of Address Mapping Global addressing is too complex to be implemented on the whole internet No more addresses left Need of address reusing Network Architecture and Design 21 Network Address Translation (NAT) NAT: the process of swapping one address for another in the IP packet header NAT is used to allow privately-addressed hosts in the Internet Effective when connecting a small office or home office (SOHO) to the corporate network. By using NAT, a company does not have to allocate a "real" IP address for each of its remote users Network Architecture and Design 22 ΝΑΤ Devices (NAT boxes) This swapping process is performed by a device running specialized NAT software or hardware Examples of NAT boxes: Router Unix System Win2000 server Network Architecture and Design 23 Network Address Translation (NAT) Outside Addresses: Registered by a company or leased from a provider Inside addresses: Set aside to be used by anyone Two networks, or two million networks, can each use the same inside address Inside addresses cannot be used on the public Internet Network Architecture and Design 24 Network Address Translation (NAT) Inside Local Address – The IP address of an inside host as it appears to the other hosts of the network Inside local addresses can be used in other networks too Network Architecture and Design 25 Network Address Translation (NAT) Inside global address - The IP address of an inside host as it appears to outside networks Allocated from a globally unique address space, typically provided by the ISP Network Architecture and Design 26 Network Address Translation (NAT) Outside local address - The IP address of an outside host as it appears to the inside network Outside global address - The configured IP address assigned to a host in the outside network Network Architecture and Design 27 ΝΑΤ - Example A 117.13.8.10 144.3.23.9 Inside Local B 144.3.23.10 NAT 175.35.4.133 C 117.13.8.11 NAT TABLE 175.35.4.133 Inside local address Inside global address 117.13.8.10 144.3.23.9 117.13.8.11 144.3.23.10 Outside Global Network Architecture and Design 28 Static ΝΑΤ A specific inside local address maps to a pre-specified inside global address The inside local and inside global addresses are statically mapped one for one Easy to implement Need of too many local addresses Local addresses = global addresses Network Architecture and Design 29 Dynamic ΝΑΤ Translations don't exist in the NAT translation table until the router receives traffic that requires translation Dynamic translations are temporary, and will eventually time out Only a few number of global addresses is needed Network Architecture and Design 30 NAT Overload Use Port Address Translation (PAT), which allows multiple inside addresses to map to the same global address This is sometimes called A "many-to-one" NAT Address overloading Network Architecture and Design 31 NAT Overload A 117.13.8.10:13 144.3.23.9:13 B 144.3.23.9:25 NAT 144.3.23.9:21 C 117.13.8.11:25 TRANSLATION TABLE 117.13.8.12 :21 Inside local address Inside global address Communication port 117.13.8.10 144.3.23.9 13 117.13.8.11 144.3.23.9 25 117.13.8.12 144.3.23.9 21 Network Architecture and Design 32 NAT Overload Over 65,000 inside addresses can theoretically map to a single outside address However, the actual number of translations supported is approximately 4,000 local addresses per global address Network Architecture and Design 33 NAT overload NAT overload can be used in conjunction with dynamic mapping: Use a one-to-one dynamic mapping until the available addresses are almost depleted, at which time NAT can overload the remaining address or addresses Overload the first address until it's maxed out, and then move on to the second address, and so on Network Architecture and Design 34 Limitations of NATs They wont work for a large number of “servers” (devices that are “called” by others, e.g. IP phones) They break most current IP multicast and IP mobility They break many existing applications They limit the market for new applications and services They compromise the performance, robustness and security of the Internet Network Architecture and Design 35 Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP Telephony Network Architecture and Design 36 Challenges to IP Addresses needed for 21st century Internet devices will be more numerous, and not adequately handled by NATs Estimated 20 billion people Multiple interfaces/node Multiple addresses/interface mobile phones cards residential servers The solution: IPv6 Network Architecture and Design 37 IPv6 IPv6 Address: 128 bits 3,4x10^38 different addresses Allows: multiple interfaces per host multiple addresses per interface Advanced routing functions unicast multicast anycast Network Architecture and Design 38 IPv6 Notation X:X:X:X:X:X:X:X where X is Hex values of 16 bits, e.g. FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 Skip one sequence of zero words, e.g. FEDC:0000:0000:0000:9876:0000:0000:ABCD = = FEDC::9876:0000:0000:ABCD Network Architecture and Design 39 IPv6 Address Types According to the prefix there are 5 types of addresses Local use: Provider-based (global): Prefix:010 Link local: Prefix: 1111 1110 10 Site local: Prefix: 1111 1110 11 Multicast: Prefix: 1111 1111 Reserved unspecified, loop back, IPv6 with embedded IPv4 addresses: Prefix: 0000 0000 Network Architecture and Design 40 IPv6 Address Types Global Site-Local Link-Local Global - Forwarded anywhere Link Local – Not forwarded outside the link Site Local – Not forwarded outside the site Network Architecture and Design 41 IPv6 Provider Based Address Registry Provider Subscriber 010 0 0 ID ID ID 3 5 16 8 24 8 Subnet ID 16 Interface ID 48 Forwarded anywhere Variable size partitions Network Architecture and Design 42 IPv6 - Link Local Address 1111 1110 10 10 bits 0 Interaface ID n bits 118-n bits Not forwarded outside the link Notation: FE:80::xxx Network Architecture and Design 43 IPv6 - Site Local Address 1111 1110 11 10 bits 0 Interaface ID n bits 118-n bits Not forwarded outside the site Notation: FE:C0::xxx Network Architecture and Design 44 IPv6 – Multicast Addresses 1111 1111 8 bits Scope 4bits Group ID 112 bits Flag: 000T Flags 4 bits T=0 for permanent address T=1 for transient address Scope: 1: Node Local 2: Link Local 8: Org Local E: Global Network Architecture and Design 45 IPv6 Packet Header Version (4 bits) Priority (4 bits) Payload Length (16 bits) IPv6 Flow Label (24 bits) Next Header (8 bits) Hop Limit (8 bits) Source Address (128 bits) Destination Address (128 bits) Vers = 4 IHL Type of Service Identification IPv4 Time to Live Total Length Flags Protocol Fragment Offset Header Checksum Source Address Destination Address Options Shaded fields are absent from IPv6 header Network Architecture and Design 46 IPv6 Header Types Header Types Hop-by-Hop = 0 Routing Header = 43 Fragment Header = 44 Authentication Header = 51 Encrypted Payload = 52 TCP =6 UDP =17 Network Architecture and Design 47 IPv6 Extension Headers Options field of IPv4 is replaced by extension headers, used for special purposes: Extension headers are chained together IPv6 Header TCP Header + Data Next Header = TCP IPv6 Header Routing Header Next Header = Routing Next Header = TCP TCP Header + Data IPv6 Header Routing Header Fragment Header Fragment of TCP Next Header = Routing Next Header = Fragment Next Header = TCP Header + Data Network Architecture and Design 48 IPv6 Extension Headers Hop – by - Hop Routing Fragment Destination Options Authentication Encryption Security Payload Network Architecture and Design 49 IPv6 Flow Label Header Field IPv6 header gives the ability of labeling traffic flow (24 bits) Flow label indicates that packets need special handling: Real time service Special QoS Network Architecture and Design 50 IPv6 – Priority Header Field 4 bit priority field Enables source to identify the desired delivery priority of it’s packets relative to other packets from the same source Two ranges 0 through 7 specifies priority of packets (no real time) 8 through 15 specify priority of real time packets Network Architecture and Design 51 IPv6 Vs IPv4 Expanded addressing capabilities Simplified header format Reduction in processing cost Flow labeling Support for authentication and privacy Support for improved options and extensions Support of all IPv4-based mechanisms IPsec – diffserv – QoS features Network Architecture and Design 52 IPv6 and IPv4 Co-existence IPv4 and IPv6 will exist together As time goes by: Devices support only IPv4 Devices support IPv4 and IPv6 Devices support only IPv6 Coexistence using: Dual stack approach Tunneling approach Applications choose version to use Encapsulation of IPv6 in IPv4 packets Translation approach Extended NAT techniques for translating IPv6 to IPv4 Network Architecture and Design 53 End of First Lecture Network Architecture and Design 54
