* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Lecture note 5
Survey
Document related concepts
Dynamic Host Configuration Protocol wikipedia , lookup
Point-to-Point Protocol over Ethernet wikipedia , lookup
IEEE 802.1aq wikipedia , lookup
Asynchronous Transfer Mode wikipedia , lookup
Internet protocol suite wikipedia , lookup
Network tap wikipedia , lookup
Distributed firewall wikipedia , lookup
Airborne Networking wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Computer network wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Deep packet inspection wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Transcript
Network Layer (Part I: Addressing) 5- 1 Routers Connect Many Subnets (e.g., Ethernet) to Form a Network destination Router source Router data Router Router 5- 2 Network Layer Provides Services to Transport Layer • At the transport layer, we want the network layer to be able to route our packets across subnets so that our packets can reach their destination hosts. • We may also want reliable delivery, insequence delivery, congestion control, quality-of-service guarantee, and other services. 5- 3 Big Argument Between the Internet and Telephone Communities • The network layer must do the routing job. (No argument about this service.) • However, should the network (the network layer) or the hosts (the transport layer) do the reliable delivery, insequence delivery, congestion control, quality-of-service guarantee jobs? (The end-to-end argument v.s. performance improvement v.s. misbehaving users .) • Also, should connectionless or connection-oriented be used in the network? (The datagram v.s. virtual-circuit) The telephone community wants to make network complicated but end hosts simple, the Internet community takes the opposite 5- 4 view! Virtual Circuit • Before sending packets, a routing path needs to be chosen and set up first. • Like traditional circuits, but no physical circuit is set up between a sender and a receiver. • Instead, the routers on the VC from the sender to the receiver each is configured with a VC ID. • All packets belonging to a flow carry the same VC ID and will take the same routing path in networks. • Resource may or may not be reserved for a VC. – Voice circuit (TDM) – Data circuit • Used in ATM or Frame Relay networks (most backbone 5- 5 networks of Internet) Comparison of Datagram and Virtual Circuit 5- 6 Naming and Addressing 5- 7 Name and Address Are the First Step toward Routing • When we want to send a packet to a machine, we must be able to identify it first. – Otherwise, how do we let the network know our intended destination machine. – Thus, every machine (router or host) must have a text name or numerical address for us to identify it. In Internet, actually, a machine may have multiple addresses, each associated with an network interface. 5- 8 Name and Address Are Both Useful • Text names such as www.csie.nctu.edu.tw is more human understandable and easy to remember. – However, text names may have variable lengths and formats, making routers hard to parse and process them. – Also, text names may be variable and very long, making size of the source and destination fields in the packet header hard to choose. • Fixed-length numerical address can solve the above problems. – However, they are not human understandable and they are difficult to remember. • The best way is to let human use names to identify a machine while internally the network uses addresses. Domain Name Servers (DNS) do this job for us! 5- 9 Hierarchical Naming Has Many Good Properties • The problem of using non hierarchical naming – Different naming authorities may choose the same name. – Need to check every naming authority to avoid the name conflict problem – Is not scalable with a large number of naming authorities like Internet • Hierarchical naming such as www.csie.nctu.edu.tw solves this problem. Internet uses a hierarchical naming scheme. 5- 10 Hierarchical Addressing Allows Aggregation and Saves Routing Table Space • If nonhierarchical (flat) addressing is used, each router needs to maintain a routing entry for every machine. • If hierarchical addressing is used, each router only needs to maintain a routing entry for every subnet. – A big saving in router’s memory. – However, may not result in optimal routing paths Internet uses a hierarchical addressing scheme. 5- 11 5- 12 IPv4 Address Classes and Format Machines on the same network are aggregated together by sharing the same network address. Internet routers use the network address portion of a packet’s destination address to route packets. 5- 13 A Network Can Be Further Partitioned into Subnets By Using Subnet Masks • The size of a network may be too big. – E.g., the class-A and class-B have 2^24 and 2^16 host addresses, respectively. – Using flat addressing inside an organization will increase the router’s routing table size and slow down packet forwarding. – Further partitioning the network into multiple subnets solve these problems. • The subnet mask indicates which part inside the host address field should be treated as subnet address. Internet uses subnet masks extensively. 5- 14 A Subnetting Example 5- 15 The Address Shortage Crisis of Internet Is Caused by Inefficient Uses • The size of a class-A network is too big. – No organization would have 2^24 = 16777216 computers. – However, www.mit.edu’s IP address is 18.181.0.31. • The size of a class-B network may still be too big for most organizations. – 2^16 = 65536 computers. Does NCTU have 65536 computers? • The size of a class-C network is too small for most organizations. – 2^8 = 256 computers. CSIE has more than 256 computers, not to mention NCTU! The current crisis is that most allocated IP addresses 5- 16 are not being used! IPv6 Uses 128-Bit Addresses to End This Crisis • With 2^128 addresses, every square inch on the earth can have 4 IP addresses! • Source and destination address fields in an IP header now become larger bandwidth overhead for small-size packets. Some researchers joke that in LAN, why don’t we just transport telnet’s characters by putting them in the source and destination address fields of a packet. 5- 17 Classless Inter-Domain Routing (CIDR) Mitigates the Crisis • A contiguous sets of class-C network addresses are allocated to an organization. • Routers in the network now need to carry a prefix indication, which plays the same role as subnet mask. Nowadays most organizations can only get CIDR class-C addresses. Class-B network addresses are very difficult to get. 5- 18 A CIDR Example 5- 19 Dynamic Host Configuration Protocol (DHCP) Also Mitigates This Crisis • DHCP can dynamically assign an IP address to a host. When the host no longer needs to use it, the IP address will be reclaimed. • Very useful and efficient in using IP addresses – E.g. Notebook computers moving around – E.g., ISP’s modem server (PPP) • A user do not need to ask which IP address he can/should use for his host. In Win98, just check the “自動取得IP位址” option. 5- 20 Network Address Translator (NAT) Also Mitigates This Crisis • A NAT’s job is to convert an IP address to another one. • People thus can reuse private IP addresses within their organization (e.g., NCTU). • These private IP addresses will be converted to some public routable IP addresses before the packets using them are sent to the Internet. Internet 140.113.215.141 NAT 1.1.1.1 NCTU 5- 21 People Thus Do Not Have a Hurry to Use IPv6 • Analysts predicted 10 years ago that by year 2000, most people will go for IPv6 because of the IP address shortage crisis. • Now, their predictions turn out to be wrong. – CIDR, DHCP, NAT mitigate the crisis a lot. – Also, people are reluctant to change their IP addresses. • Too much hassle, too many problems – Now, only those people who cannot get enough IPv4 addresses have to instead use IPv6 addresses. • Almost none now. Only researchers use them to do experiments. • Thus, you probably do not need to know IPv6 in the future 10 years . 5- 22 Packet Encapsulation and Demultiplexing 5- 23 Encapsulation by Prepending Headers at Different Layers As a packet goes down layer N, layer N prepends a layer-N header to it carrying some 5- 24 information relevant to layer N. Demultiplexing a Packet When It Is Received. As a packet goes up layer N, layer N strips off the layer-N header and then do some 5- 25 processings. Address Resolution Protocol (ARP) and Reverse ARP (RARP) 5- 26 ARP Finds a Layer-2 Address From an IP Address • When we want to send packets to a receiving host, we only know and use the receiving host’s IP address. – The network uses the receiving host’s IP address carried in the packet header to route the packet. – When the packet arrives at the router that connects the receiving host’s subnet, the router needs a way to find the layer-2 address that is used by the receiving host. Use Ethernet Address R Use IP Address R H 5- 27 An Example of ARP Usage DNS 5- 28 ARP Packet Format • Proxy ARP – Let a router/host answer ARP request on one of its networks for a host on another of its networks. • Can be used to intercept packets for some processing (e.g. security checking) • Gratuitous ARP – Looking for myself layer-2 address • Can be used to check if someone is using my IP address • After changing the layer-2 address (network interface), immediately notify other hosts this change. 5- 29 RARP Finds an IP Address From a Layer-2 Address • Mainly used by diskless hosts to find their own IP addresses. • A diskless host loads its kernel from a remote server across network. • Thus it needs an IP address • RARP let the diskless host finds its own IP address. – My layer-2 address is 12:34:56:78:90:12, who know my IP address, please tell me! 5- 30 IP Header Format 5- 31 5- 32 Functions of Fields of the IP Header • Header length: if the value is n, it means that the length of the IP header is 4 * n bytes. • Identification: this field is needed in case fragmentation is needed. • 3-bit flag: indicate if more fragments of an IP packet will come in. • Fragment offset: if this value is n, the real offset is n * 8. • TTL: used to limit the maximum number of routers a packet can pass in a network • Header checksum: only check the validity of the IP header, not including its data payload. – Why? It needs to be recalculated on every router of the path. So the computation should not be too much. – Also, the transport layer has its own checksum covering the data. • Options: indicate some required services from routers. E.g., 5- 33 record route, source routing, etc. IP Fragmentation Is Harmful • An IP packet can be as long as 2^16 bytes. • However, Ethernet’s MTU (maximum transmission unit) is only 1500 bytes. – Using a big MTU has many disadvantages • If the length of an IP packet is greater than the MTU of a link on its routing path, it may be fragmented by a router. • Fragmented packets are not reassembled in the network. Reassembly is done at the receiving host. • If any fragment of an IP packet is lost, all other fragments become useless, and the IP packet needs to be retransmitted. So, try not to send an IP packet that > 1500 bytes. 5- 34 Internet Control Message Protocol • ICMP communicates error messages between nodes in a network. Nowadays, for network security reasons, more and more routers and hosts ignore ICMP messages. 5- 35 Attack! Attack! ping traceroute 5- 36