* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download ppt - The Fengs
Survey
Document related concepts
Asynchronous Transfer Mode wikipedia , lookup
Distributed firewall wikipedia , lookup
Network tap wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Deep packet inspection wikipedia , lookup
Wake-on-LAN wikipedia , lookup
IEEE 802.1aq wikipedia , lookup
Computer network wikipedia , lookup
Airborne Networking wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Internet protocol suite wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Transcript
CSE524: Lecture 14 Network layer Specific protocols (IP), network devices 1 Administrative • Reading assignment – Chapter 4.1-4.7 • Homework #4 available – See course web site 2 Where we’re at… • • • • • Internet architecture and history Internet protocols in practice Application layer Transport layer Network layer – Network-layer functions – Specific network layer protocols (IPv4) • IP demux, IP security, IP fragmentation, IP addressing, etc. • IP routing – Who provides functionality? (Source-routing, virtual circuits, routers) – IP route lookups, Internet area hierarchy, Specific IP routing protocols – IPv6 – Network-layer devices • Data-link layer • Physical layer 3 IP routing • Who provides functionality? – Recall… • Source routes – Calculated by each host and attached to packet – Network devices stateless • Virtual circuits – Setup by edge devices – Network devices have simple lookup tables • Network routers with global addressing…. 4 NL: Network routers (Global IP addresses) • Most prevalent way to route on the Internet – Each packet has destination IP address – Each router has forwarding table of.. • destination IP next hop IP address – Distributed routing algorithm for calculating forwarding tables 5 NL: Global Address Example Packet R R 2 Sender 1 R1 2 3 R2 1 4 R4 3 4 R3 R 2 1 R3 4 3 Receiver R R3 6 NL: Issues in Router Table Size • One entry for every host on the Internet – 100M entries,doubling every year • One entry for every LAN – Every host on LAN shares prefix – Still too many, doubling every year • One entry for every organization – Every host in organization shares prefix – Requires careful address allocation – What constitutes an “organization”? 7 NL: Global Addresses • Advantages – Simple error recovery • Disadvantages – Every router knows about every destination • Potentially large tables – All packets to destination take same route 8 NL: Comparison Source Routing Global Addresses Virtual Circuits Header Size Worst OK – Large address OK (larger than global if IP payload) Router Table Size None Number of hosts (prefixes) Number of circuits Forward Overhead Best Prefix matching Good (table index) Setup Overhead None None Connection Setup Tell all routers Tell all routers, Tear down circuit and re-route Error Recovery Tell all hosts 9 NL: IP route lookups • Original IP Route Lookup – In the early days, address classes made it easy • A: 0 | 7 bit network | 24 bit host (16M each) • B: 10 | 14 bit network | 16 bit host (64K) • C: 110 | 21 bit network | 8 bit host (255) – Address would specify prefix for forwarding table – Simple lookup 10 NL: Original IP Route Lookup – Example • www.ogi.edu address 129.95.5.30 – Class B address – class + network is 129.95 – Lookup 129.95 in forwarding table – Prefix – part of address that really matters for routing • Forwarding table contains – List of prefix entries – A few fixed prefix lengths (8/16/24) • Large tables – 2 Million class C networks – Sites with multiple class C networks have multiple route entries at every router 11 NL: Getting a datagram from source to dest. routing table in A Dest. Net. next router Nhops Classful routing example IP datagram: misc source dest fields IP addr IP addr data • datagram remains unchanged, as it travels source to destination • addr fields of interest here 223.1.1 223.1.2 223.1.3 A 223.1.1.4 223.1.1.4 1 2 2 223.1.1.1 223.1.2.1 B 223.1.1.2 223.1.1.4 223.1.1.3 223.1.3.1 223.1.2.9 223.1.3.27 223.1.2.2 223.1.3.2 12 E NL: Getting a datagram from source to dest. misc data fields 223.1.1.1 223.1.1.3 Starting at A, given IP datagram addressed to B: • look up net. address of B • find B is on same net. as A • link layer will send datagram directly to B inside link-layer frame – B and A are directly connected Dest. Net. next router Nhops 223.1.1 223.1.2 223.1.3 A 223.1.1.4 223.1.1.4 1 2 2 223.1.1.1 223.1.2.1 B 223.1.1.2 223.1.1.4 223.1.1.3 223.1.3.1 223.1.2.9 223.1.3.27 223.1.2.2 223.1.3.2 13 E NL: Getting a datagram from source to dest. misc data fields 223.1.1.1 223.1.2.3 Dest. Net. next router Nhops 223.1.1 223.1.2 223.1.3 Starting at A, dest. E: – look up network address of E – E on different network • A, E not directly attached – routing table: next hop router to E is 223.1.1.4 – link layer sends datagram to router 223.1.1.4 inside link-layer frame – datagram arrives at 223.1.1.4 – continued….. A 223.1.1.4 223.1.1.4 1 2 2 223.1.1.1 223.1.2.1 B 223.1.1.2 223.1.1.4 223.1.1.3 223.1.3.1 223.1.2.9 223.1.3.27 223.1.2.2 223.1.3.2 14 E NL: Getting a datagram from source to dest. misc data fields 223.1.1.1 223.1.2.3 Arriving at 223.1.4, destined for 223.1.2.2 – look up network address of E – E on same network as router’s interface 223.1.2.9 • router, E directly attached – link layer sends datagram to 223.1.2.2 inside link-layer frame via interface 223.1.2.9 – datagram arrives at 223.1.2.2!!! (hooray!) Dest. next network router Nhops interface 223.1.1 223.1.2 223.1.3 A - 1 1 1 223.1.1.4 223.1.2.9 223.1.3.27 223.1.1.1 223.1.2.1 B 223.1.1.2 223.1.1.4 223.1.1.3 223.1.3.1 223.1.2.9 223.1.3.27 223.1.2.2 223.1.3.2 15 E NL: IP route lookup and CIDR • Recall Classless routing (CIDR) – Advantages • Saves space in route tables • Makes more efficient use of address space – ISP allocated 8 class C chunks, 201.10.0.0 to 201.10.7.255 – Allocation uses 3 bits of class C space – Remaining 21 bits are network number, written as 201.10.0.0/21 – Replace 8 class C entries with 1 combined entry • Routing protocols carry prefix length with destination network address – But....Makes route lookup more complex • No longer separate class A/B/C route tables each with O(1) lookup • One table containing many prefix lengths • Must match against all routes simultaneously via longest prefix match 16 NL: CIDR example ISP X given 16 class C networks 200.23.16.* to 200.23.31.* (or 200.23.16/20) Adjacent ISP router 1 1 ISP X 2 Route 200.23.16/20 Interface 1 Large company 200.23.16. 0/21 200.23.16.0/24, 200.200.17.0/24 200.23.18.0/24, 200.200.19.0/24 200.23.20.0/24, 200.200.21.0/24 200.23.22.0/24, 200.200.23.0/24 3 4 Medium company 200.23.24.0/ 22 200.23.24.0/24 200.23.25.0/24 200.23.26.0/24 200.23.27.0/24 5 Route 200.23.16/21 200.23.24/22 200.23.28/23 200.23.30/24 Small company 200.23.28. 0/23 200.23.28.0/24 200.23.29.0/24 Interface 2 3 4 5 Tiny company 200.23.30. 0/24 17 NL: CIDR, hierarchical addressing, route aggregation Hierarchical addressing allows efficient advertisement of routing information: Organization 0 200.23.16.0/23 Organization 1 200.23.18.0/23 Organization 2 200.23.20.0/23 Organization 7 . . . . . . Fly-By-Night-ISP “Send me anything with addresses beginning 200.23.16.0/20” Internet 200.23.30.0/23 ISPs-R-Us “Send me anything with addresses beginning 199.31.0.0/16” 18 NL: Another CIDR example • Routing to the network 10.1.1.2/31 10.1.1.3 • Packet to 10.1.1.3 arrives • Path is R2 – R1 – H1 – H2 10.1.1.2 10.1.1.4 H1 H2 10.1.1/24 10.1.3.2 10.1.1.1 10.1.2.2 10.1.3.1 R1 H3 10.1.3/24 10.1.2/24 10.1.16/24 Provider R2 10.1.8.1 10.1.2.1 10.1.16.1 10.1.8/24 H4 10.1.8.4 19 NL: Another CIDR example • Subnet Routing 10.1.1.2/31 10.1.1.3 • Packet to 10.1.1.3 • Matches 10.1.0.0/22 10.1.1.2 10.1.1.4 H1 H2 10.1.1/24 10.1.3.2 10.1.1.1 10.1.2.2 10.1.3.1 R1 Routing table at R2 Destination Next Hop H3 10.1.3/24 Interface 127.0.0.1 127.0.0.1 lo0 Default or 0/0 provider 10.1.16.1 10.1.8.0/24 10.1.8.1 10.1.8.1 10.1.2.0/24 10.1.2.1 10.1.2.1 10.1.0.0/22 10.1.2.2 10.1.2.1 10.1.2/24 10.1.16/24 R2 10.1.8.1 10.1.2.1 10.1.16.1 10.1.8/24 H4 10.1.8.4 20 NL: Another CIDR example • Subnet Routing 10.1.1.2/31 10.1.1.3 • Packet to 10.1.1.3 • Matches 10.1.1.2/31 10.1.1.2 10.1.1.4 H1 10.1.1/24 10.1.3.2 • Longest prefix match 10.1.1.1 10.1.2.2 10.1.3.1 R1 Routing table at R1 Destination Next Hop H2 H3 10.1.3/24 Interface 127.0.0.1 127.0.0.1 lo0 Default or 0/0 10.1.2.1 10.1.2.2 10.1.3.0/24 10.1.3.1 10.1.3.1 10.1.1.0/24 10.1.1.1 10.1.1.1 10.1.2.0/24 10.1.2.2 10.1.2.2 10.1.1.2/31 10.1.1.4 10.1.1.1 10.1.2/24 10.1.16/24 R2 10.1.8.1 10.1.2.1 10.1.16.1 10.1.8/24 H4 10.1.8.4 21 10.1.1.3 matches both routes, use longest prefix match NL: Another CIDR example • Subnet Routing 10.1.1.2/31 10.1.1.3 10.1.1.2 10.1.1.4 • Packet to 10.1.1.3 • Direct route H1 H2 10.1.1/24 10.1.3.2 10.1.1.1 10.1.2.2 10.1.3.1 • Longest prefix match R1 H3 10.1.3/24 Routing table at H1 10.1.2/24 10.1.16/24 Destination Next Hop Interface 127.0.0.1 127.0.0.1 lo0 Default or 0/0 10.1.1.1 10.1.1.4 10.1.1.0/24 10.1.1.4 10.1.1.4 10.1.1.2/31 10.1.1.2 10.1.1.2 R2 10.1.8.1 10.1.2.1 10.1.16.1 10.1.8/24 H4 10.1.8.4 22 10.1.1.3 matches both routes, use longest prefix match NL: CIDR Shortcomings • Customer selecting a new provider – Renumbering required 199.31.0.0/16 201.10.0.0/21 Provider 1 201.10.0.0/22 201.10.4.0/24 201.10.5.0/24 Provider 2 201.10.6.0/23 23 NL: CIDR Shortcomings • Multi-homing ISPs-R-Us has a more specific route to Organization 1 Organization 0 200.23.16.0/23 Organization 2 200.23.20.0/23 Organization 7 . . . . . . Fly-By-Night-ISP “Send me anything with addresses beginning 200.23.16.0/20” Internet 200.23.30.0/23 ISPs-R-Us Organization 1 200.23.18.0/23 “Send me anything with addresses beginning 199.31.0.0/16 or 200.23.18.0/23” 24 NL: Longest-prefix matching • Algorithms and data structures for CIDR-based IP route lookups – Ruiz-Sanchez, Biersack, Dabbous, “Survey and Taxonomy of IP address Lookup Algorithms”, IEEE Network, Vol. 15, No. 2, March 2001 • • • • • • • • • • Binary trie Multi-bit trie LC trie Lulea trie Full expansion/compression Binary search on prefix lengths Binary range search Multiway range search Multiway range trees Binary search on hash tables (Waldvogel – SIGCOMM 97) 25 NL: Binary trie • Data structure to support longest-prefix match for forwarding • Bit-wise traversal from left-to-right Route A B C D E F G H I Prefixes 0* 01000* 011* 1* 100* 1100* 1101* 1110* 1111* 0 1 A D 1 0 0 1 0 C 0 1 0 1 E 0 1 0 1 F G H I 0 26 B NL: Path-compressed binary trie • Eliminate single branch point nodes • Compare address against all prefixes along path to leaf – Take deepest match • Variants include PATRICIA and BSD tries Route A B C D E F G H I Prefixes 0* 01000* 011* 1* 100* 1100* 1101* B 1110* 1111* Bit=1 0 1 Bit=3 A 0 Bit=2 D 1 0 C 1 E Bit=3 0 Bit=4 0 F 1 1 Bit=4 0 1 G H I 27 NL: Multi-bit tries • Compare multiple bits at a time – Stride = number of bits being examined – Reduces memory accesses – Increase memory required • Forces table expansion for prefixes falling in between strides – Two types • Variable stride multi-bit tries • Fixed stride multi-bit tries • Most route entries are Class C – Optimize “stride” based on this 28 NL: Variable stride multi-bit trie • Single level has variable stride lengths Route A B C D E F G H I Prefixes 0* 01000* 011* 1* 100* A 1100* 1101* 1110* 1111* 00 01 10 11 A 00 01 D 0 10 11 C C E D 1 00 01 F G 10 11 H I 0 1 B 29 NL: Fixed stride multi-bit trie • Single level has equal strides Route A B C D E F G H I Prefixes 0* 01000* 011* 1* 100* 000 1100* 1101* A 1110* 1111* 001 A 010 011 A C B 00 01 10 11 100 101 E 110 D 111 D D F F G G H H I I 00 01 10 11 00 01 10 11 30 NL: Issues • Scaling – IPv6 • Stride choice – Tuning stride to route table – Bit shuffling 31 NL: Hierarchical routing in the Internet • Area routing – aggregate routers into regions, “autonomous systems” (AS) – administrative autonomy – routers in same AS run same routing protocol • “intra-AS” routing protocol or interior gateway protocol (IGP) • routers in different AS can run different intra-AS routing protocol gateway routers • special routers in AS • run intra-AS routing protocol with all other routers in AS • also responsible for routing to destinations outside AS – run inter-AS routing protocol or exterior gateway protocol (EGP) with other gateway routers in other AS’s 32 NL: Example #1 1 2 IGP 2.1 IGP EGP 1.1 2.2.1 1.2 EGP EGP EGP 3 IGP 4.1 EGP 5 3.1 5.1 2.2 IGP IGP 4.2 4 3.2 5.2 33 NL: Example #2 C.b a C Gateways: B.a A.a b A.c d A a b c a c B b •perform inter-AS routing amongst themselves •perform intra-AS routers with other routers in their AS network layer inter-AS, intra-AS routing in gateway A.c link layer physical layer 34 NL: Path Sub-optimality 1 2 2.1 1.1 2.2 2.2.1 1.2 1.2.1 start end 3.2.1 3 3 hop red path vs. 2 hop green path 3.1 3.2 35 NL: AS Categories • Stub: an AS that has only a single connection to one other AS - carries only local traffic. • Multi-homed: an AS that has connections to more than one AS, but does not carry transit traffic • Transit: an AS that has connections to more than one AS, and carries both transit and local traffic (under certain policy restrictions) 36 NL: AS categories example AS1 AS3 AS1 AS2 AS1 AS3 AS2 Transit Stub AS2 Multi-homed 37 NL: Specific IP routing protocols • Intra-AS routing protocols (interior routing protocols) – – – – GGP RIP IGRP OSPF • Inter-AS routing protocols (exterior routing protocols) – EGP – BGP 38 NL: Intra-AS Routing • Generate Intra-AS routing tables • Also known as Interior Gateway Protocols (IGP) • Most common IGPs – Distance vector protocols • GGP: Gateway-to-Gateway Protocol (1970s) • RIP: Routing Information Protocol (1982) • IGRP: Interior Gateway Routing Protocol (1988) – Cisco proprietary – Link state protocols • OSPF: Open Shortest Path First • Hierarchical OSPF 39 NL: RIP (Routing Information Protocol) • Included in BSD-UNIX Distribution in 1982 • Distance metric: # of hops (max = 15 hops) • Vectors exchanged every 30 sec and when triggered – Static update period leads to synchronization problems • Split horizon with poisonous reverse • RIP-2 in 1993 adds prefix mask for CIDR 40 NL: RIP: Link Failure and Recovery If no advertisement heard after 180 sec --> neighbor/link declared dead – routes via neighbor invalidated – new advertisements sent to neighbors – neighbors in turn send out new advertisements (if tables changed) – link failure info quickly propagates to entire net – poison reverse used to prevent count-to-infinity (infinite distance = 16 hops) 41 NL: RIP Table processing • RIP routing tables managed by application-level process called route-d (daemon) • advertisements sent in UDP packets, periodically repeated 42 NL: IGRP (Interior Gateway Routing Protocol) • CISCO proprietary; successor of RIP (mid 80s) – – – – Distance Vector, like RIP several cost metrics (delay, bandwidth, reliability, load etc) 90 sec update with triggered updates Split horizon • V1: path holddown • V2: route poisoning • multiple path support – uses TCP to exchange routing updates – EIGRP • Loop-free routing via DUAL (based on diffused computation) • CIDR support 43 NL: Intra-AS Link State Protocols • OSPF – Uses Link State algorithm • LS packet dissemination • Topology map at each node • Route computation using Dijkstra’s algorithm – OSPF advertisement carries one entry per neighbor router – Advertisements disseminated to entire AS (via flooding) 44 NL: OSPF “advanced” features (not in RIP) • Security: all OSPF messages authenticated (to prevent malicious intrusion); TCP connections used • Multiple same-cost paths allowed (only one path in RIP) • For each link, multiple cost metrics for different TOS (eg, satellite link cost set “low” for best effort; high for real time) • Integrated uni- and multicast support: – Multicast OSPF (MOSPF) uses same topology data base as OSPF • Hierarchical OSPF in large domains. 45 NL: Hierarchical OSPF 46 NL: Hierarchical OSPF • Two-level hierarchy: local area, backbone. – Link-state advertisements only in area – each nodes has detailed area topology; only know direction (shortest path) to nets in other areas. • Area border routers: “summarize” distances to nets in own area, advertise to other Area Border routers. • Backbone routers: run OSPF routing limited to backbone. • Boundary routers: connect to other ASs. 47 NL: Inter-AS routing • EGP • BGP 48 NL: Why different Intra- and Inter-AS routing ? Policy vs. Performance: • Inter-AS – ISPs want control over how its traffic routed, who routes through its net – policy and monetary factors dominate over performance • Intra-AS – single administrative policy – performance dominates 49 NL: History • Mid-80s: EGP (Exterior Gateway Protocol) – Used in original ARPAnet – Reachability protocol (no shortest path) • Single bit for reachability information – Topology restricted to a tree (no cycles allowed) • ARPA-managed packet switches at top of tree – Unacceptable once Internet grew to multiple independent backbones • Result: BGP development 50 NL: BGP • Link state or distance vector? – Problems with distance-vector: • Bellman-Ford algorithm may not converge – More problems with link state: • Everyone sees every link – LS database too large – entire Internet – Can’t easily control who uses the network (i.e. an ISP may want to hide particular links from being used by others, but link states are broadcast) • Metric used by routers not the same – loops – No universal routing metric – Policy drives routing decisions 51 NL: BGP • BGP (Border Gateway Protocol): the de facto standard • Path Vector protocol: – similar to Distance Vector protocol – each Border Gateway broadcast to neighbors (peers) entire path (I.e, sequence of ASs) to destination • E.g., Gateway X sends its path to dest. Z: – Path (X,Z) = X,Y1,Y2,Y3,…,Z – When AS gets route check if AS already in path • If yes, reject route • If no, add self and (possibly) advertise route further – Allows for policy application (different metrics) • Metrics are local - AS chooses path, protocol ensures no loops Supports CIDR aggregation (BGP4) Supports alternative routes 52 NL: Path Selection Criteria • Path attributes + external (policy) information • Examples: – Hop count – Policy considerations • Preference for AS • Presence or absence of certain AS – Path origin – Link dynamics – Early-exit • Hot-potato routing for transit packets 53 NL: Policy with BGP • BGP provides capability for enforcing various policies • Policies are not part of BGP: they are provided to BGP as configuration information • BGP enforces policies by choosing paths from multiple alternatives and controlling advertisement to other AS’s 54 NL: Examples of BGP Policies • A multi-homed AS refuses to act as transit – Limit path advertisement • A multi-homed AS can become transit for some AS’s – Only advertise paths to some AS’s • An AS can favor or disfavor certain AS’s for traffic transit from itself 55 NL: Interconnecting BGP Peers • BGP uses TCP to connect peers • Advantages: – Simplifies BGP – No need for periodic refresh - routes are valid until withdrawn, or the connection is lost • Note recent news on BGP TCP spoofing attack – Incremental updates • Disadvantages – Congestion control on a routing protocol? – Poor interaction during high load 56 NL: Internet inter-AS routing: BGP • BGP messages exchanged using TCP. • BGP messages: – OPEN: opens TCP connection to peer and authenticates sender – UPDATE: advertises new path (or withdraws old) – KEEPALIVE keeps connection alive in absence of UPDATES; also ACKs OPEN request – NOTIFICATION: reports errors in previous msg; also used to close connection 57 NL: IPv4 summary • • • • • • • Security Error detection Delivery semantics Quality-of-service Fragmentation Addressing Routing 58 NL: IPv6 • Redefine functions of IP (version 4) – Remove ancillary functionality – Add missing, but essential functionality – Recall, functions of IPv4 • What changes should be made in…. – – – – – – – IP addressing IP delivery semantics IP quality of service IP security IP routing IP fragmentation IP error detection 59 NL: IPv6 • Initial motivation: 32-bit address space completely allocated by 2008. • Additional motivation: – header format to help speed processing/forwarding – header changes to facilitate QoS – new “anycast” address: route to “best” of several replicated servers 60 NL: IPv6 Header 0 4 Versi on 12 Class Payload Length 16 19 24 32 Flow Label Next Header Hop Limit Source Address (128 bits) Destination Address (128 bits) 61 NL: IPv6 Changes • Scale – addresses are 128bit – Header size? • Simplification – Removes infrequently used parts of header – 40 byte fixed header vs. 20+ byte variable header • IPv6 removes checksum – Relies on upper layer protocols to provide integrity – Reduces processing time at each hop • IPv6 eliminates fragmentation – Requires path MTU discovery 62 NL: IPv6 Changes • TOS replaced with traffic class octet – Support QoS via DiffServ • FlowID field – Help soft state systems, accelerate flow classification – Maps well onto TCP connection or stream of UDP packets on host-port pair • Easy configuration – Provides auto-configuration using hardware MAC address to provide unique base • Additional requirements – Support for security – Support for mobility 63 NL: IPv6 Changes • Protocol field replaced by next header field – Unify support for protocol demultiplexing as well as option processing • Option processing – Options allowed, but only outside of header, indicated by “Next Header” field – Options header does not need to be processed by every router • Large performance improvement • Makes options practical/useful • ICMPv6: new version of ICMP – additional message types, e.g. “Packet Too Big” – multicast group management functions 64 NL: Transition From IPv4 To IPv6 • Not all routers can be upgraded simultaneous – no “flag days” – How will the network operate with mixed IPv4 and IPv6 routers? • Two proposed approaches: – Dual Stack: some routers with dual stack (v6, v4) can “translate” between formats – Tunneling: IPv6 carried as payload in an IPv4 datagram among IPv4 routers 65 NL: Dual Stack Approach 66 NL: Tunneling IPv6 inside IPv4 where needed 67 NL: Network layer summary • Network layer functions • Specific network layers (IPv4, IPv6) 68