* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Internet
Piggybacking (Internet access) wikipedia , lookup
Distributed firewall wikipedia , lookup
Airborne Networking wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Computer network wikipedia , lookup
Remote Desktop Services wikipedia , lookup
Point-to-Point Protocol over Ethernet wikipedia , lookup
Dynamic Host Configuration Protocol wikipedia , lookup
Asynchronous Transfer Mode wikipedia , lookup
SIP extensions for the IP Multimedia Subsystem wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Deep packet inspection wikipedia , lookup
TCP congestion control wikipedia , lookup
UniPro protocol stack wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Internet protocol suite wikipedia , lookup
IP technology 1) IP technology basic concepts 2) The IP protocol stack 3) Transport layer protocols (UDP, TCP, SCTP) 4) The IP datagram header (IPv4 and IPv6) 5) Addressing and routing 6) GPRS IP network architecture Router Host Computer Host Public Internet LAN or intranet Host Host can be behind modem or ADSL connection ARP Host Client-server concept Host Client Host Request Server Response : • Transactions are always started by client • Network does not have to know IP address of client before transaction (dynamic IP address allocation is possible) • Web (www) applications are based on this concept Role of routers in an IP network Host Client Host Router Server • Routers perform switching of IP packets (task of the OSI network layer) • IP packets are routed independently through the IP network(s) towards the destination indicated by the destination IP address in the IP datagram header • Independent routing => connectionless service (IP packets belonging to a certain transaction can travel along different paths, experience different delays, and arrive out of sequence at the destination…) IP protocol suite HTML SMTP POP, IMAP FTP RT Data HTTP DNS TCP IP SLIP PPP RTP Signalling Protocols (e.g. ISUP) UDP ICMP RIP SCTP OSPF ARP LAN-protocols, ATM, PSTN/ISDN, PLMN … BGP Lower protocol layers IP SLIP PPP ICMP ARP RIP OSPF BGP Bearer Technology LAN-protocols, ATM, PSTN/ISDN, PLMN … ARP (Address Resolution Protocol) takes care of mapping between logical IP addresses and physical MAC addresses in a Local Area Network (LAN). PPP (Point-to-Point Protocol) or SLIP (Serial Line IP) is used for transport of IP traffic over modem connections between terminal and ISP’s Point of Presence (PoP). Assisting protocols in the IP layer (1) TCP IP SLIP PPP UDP ICMP RIP SCTP OSPF BGP ARP ICMP (Internet Control Message Protocol) is a mandatory protocol (i.e. must be supported by all routers) and is used for informing hosts about problems in the network. Some ICMP messages: destination network/host/port unreachable/unknown, echo request, echo reply, TTL expired, IP header bad. Assisting protocols in the IP layer (2) TCP IP SLIP PPP UDP ICMP RIP SCTP OSPF BGP ARP Various routing protocols are employed for exchanging information between routers in the IP network RIP (Routing Information Protocol) OSPF (Open Shortest Path First) BGP (Border Gateway Protocol) for routing within autonomous systems for “international” routing Transport layer protocols (1) HTML SMTP POP, IMAP FTP HTTP RT Data DNS TCP IP RTP Signalling Protocols (e.g. ISUP) UDP ICMP RIP SCTP OSPF BGP TCP (Transmission Control Protocol) takes care of end-toend flow & error control + segmentation & reassembly of larger blocks of information. UDP (User Datagram Protocol) is used for ”unreliable but fast” transport of independent blocks of information. Transport layer protocols (2) HTML SMTP POP, IMAP FTP HTTP RT Data DNS RTP Signalling Protocols (e.g. ISUP) Adapt. pr. TCP IP UDP ICMP RIP SCTP OSPF BGP SCTP (Stream Control Transmission Protocol) is an alternative to TCP (=> too slow) or UDP (=> not reliable), primarily for carrying signalling information. SCTP may become popular also more generally in the future. See: http://www.isoc.org/briefings/017/index.shtml SCTP is used for signalling transport Signalling Protocol (e.g. ISUP) MTP Transport of SS7 application protocols (e.g. ISUP) over conventional SS7 network using MTP. Protocol conversion in signalling gateway (SGW) Adapt. pr. SCTP Sigtran protocols IP Phys. Transport of SS7 application protocols over IP using Sigtran protocol stack (which includes SCTP). Four advantages of SCTP over TCP SCTP TCP Preservation of message boundaries (SCTP carries blocks of information) TCP carries a continuous stream of information (bad for message transport) Multistreaming property (several streams in parallel) One continuous stream only (head-of-line blocking possible) Multihoming property (the host has several points of attachment to the Internet) One point of attachment only (makes TCP less reliable) Protection against SYN flooding attacks SYN flooding attacks are a problem in TCP Preservation of message boundaries TCP ... ... Information is carried as a continuous stream of bytes. The higher protocol layers must find the message boundaries at the receiving end, TCP cannot do this. SCTP ... ... SCTP can find the message boundaries at the receiving end of the SCTP connection. Higher protocol layers do not have to do this. Multisreaming TCP ... 1 2 2 ... 2 A message is delayed or lost (1). All other messages of all other users (2) are delayed (=> head-of-line blocking). SCTP ... 2 1 ... If a message is delayed or lost (1), only messages belonging to this stream are delayed (2). Other messages are part of other SCTP streams and are carried without delay over the SCTP connection (also called SCTP association). Multihoming In a TCP connection, only one IP address is available at each endpoint. Client 123.456.7.89 Server 123.987.6.54 In an SCTP connection, several IP addresses are available at each endpoint. Client 123.456.7.89 123.456.6.78 123.456.5.67 Server If not available 123.987.6.54 123.987.5.43 use instead 123.987.4.32 Protection against SYN flooding attacks TCP uses a three-way handshake to set up a connection. This method is prone to SYN flooding attacks. Client Server SYN SYN/ACK ACK If client first sends SYN, but does not then send ACK, this TCP connection is left hanging... SCTP uses a 4-way handshake with a signed cookie, in this way preventing DoS (Denial-of-Service) attacks like SYN flooding. Applications (1) HTML SMTP POP, IMAP FTP TCP HTTP RT Data DNS RTP UDP Signalling Protocols (e.g. ISUP) SCTP FTP (File Transfer Protocol) for sending larger files (offers flow and error control). SMTP (Simple Mail Transfer Protocol) for outgoing e-mail. POP (Post Office Protocol) or IMAP (Internet Message Access Protocol) for fetching e-mail from mailbox. Applications (2) HTML SMTP POP, IMAP FTP HTTP RT Data DNS TCP RTP UDP Signalling Protocols (e.g. ISUP) SCTP HTTP (HyperText Transfer Protocol) is used for clientserver type of communication, and is the most popular protocol for transport of WWW content (e.g. HTML pages). http://www.hut.fi/overview.html protocol Uniform Resource Locator (URL) network & host computer content page written in HTML Applications (3) HTML SMTP POP, IMAP FTP HTTP TCP RT Data DNS RTP Signalling Protocols (e.g. ISUP) UDP SCTP DNS (Domain Name System) performs translation between IP addresses and domain names: 122.233.121.123 IP address must be used for routing through IP networks thisnetwork.thishost.com However, domain names are more user friendly Applications (4) HTML SMTP POP, IMAP FTP TCP HTTP RT Data DNS RTP UDP Signalling Protocols (e.g. ISUP) SCTP RTP (Real Time Protocol) provides important functions (e.g. sequence numbering, time stamp) for transport of real time data. RTP runs on top of UDP. RTP can carry e.g. • Digitized speech (PCM) • Encoded speech (EFR, AMR) • Multimedia traffic (compressed audio, video) Real Time Protocol (RTP) RTP is used for carrying real-time data (e.g. coded voice) over IP networks. RTP offers two features: The correct RTP packet order is maintained at the destination RTP packets include a time stamp that records the exact time of transmission. Voice stream RTP UDP IP : Time stamps can be used at the destination to ensure synchronised play-out of (e.g.) the voice samples. TCP cannot be used below RTP, since TCP causes too large delays. Unfortunately, unlike TCP, UDP cannot guarantee correct packet order at the destination. RTP avoids delay variation It is worth noting that RTP cannot reduce the total transmission delay in the network. However, the usage of time stamps helps to reduce the time variation or jitter at the destination. RTP in itself cannot reduce the time variation. This is the task of the application (which utilises the time stamps provided by RTP) at the destination. RTP is able to carry a large variety of coded information (audio or video) => RTP is the standard solution for VoIP applications (“Voice over RTP over UDP over IP”). IPv4 header structure (1) 32 bits (= 4 bytes or octets) Version IHL Type of Service Identification Time-to-live Total length of IP datagram Flags Protocol Fragment offset Header checksum (for error control) Source IP address Destination IP address Options Padding Payload of IP datagram Version (4 bits): tells that this is IP Version 4 (IPv4) (In case of IPv6, the bits following the 4-bit Version field should be interpreted totally differently) IPv4 header structure (2) Version IHL Type of Service Identification Time-to-live Total length of IP datagram Flags Protocol Fragment offset Header checksum (for error control) Source IP address Destination IP address Options Padding Payload of IP datagram IP header length (4 bits) is needed since Options + Padding can vary in length. Usually IP header length = 20 bytes. (The Options field is rarely used. This is why such a field is not included in the IPv6 header) IPv4 header structure (3) Version IHL Type of Service Identification Time-to-live Total length of IP datagram Flags Protocol Fragment offset Header checksum (for error control) Source IP address Destination IP address Options Padding Payload of IP datagram ToS = Type of Service (8 bits) is used for QoS management purposes (=> DiffServ). (In the IPv6 header there is an 8 bit Traffic class field for the same purpose) IPv4 header structure (4) Version IHL Type of Service Identification Time-to-live Total length of IP datagram Flags Protocol Fragment offset Header checksum (for error control) Source IP address Destination IP address Options Padding Payload of IP datagram Datagram length (16 bits): since this field is 16 bits long, the IP datagram can contain up to 216 = 65535 bytes (in theory). Most routers, however, cannot handle such large datagrams. IPv4 header structure (5) Version IHL Type of Service Identification Time-to-live Total length of IP datagram Flags Protocol Fragment offset Header checksum (for error control) Source IP address All fragments Has value zero contain the same in last Options number fragment Position of Destination IP address fragment in Padding original datagram Payload of IP datagram IP fragmentation: a large IP datagram may be fragmented (in any router along the path) and will be reassembled at the destination. IPv6 does not offer fragmentation (it is rarely used anyway). IPv4 header structure (6) Version IHL Type of Service Identification Time-to-live Total length of IP datagram Flags Protocol Fragment offset Header checksum (for error control) Used also in IPv6 (called “hop limit”) Options Source IP address Destination IP address Padding Payload of IP datagram Time-to-live (8 bits): this number is decreased by one in each router along the path. If number zero is reached in a router, the IP datagram is discarded and the router sends an ICMP message (TTL expired) to the source of the datagram. IPv4 header structure (7) Version IHL Type of Service Identification Time-to-live Total length of IP datagram Flags Protocol Fragment offset Header checksum (for error control) Source IP address Options Starts here ... Used also in IPv6 IP address Destination (called “next header”) Padding Payload of IP datagram Protocol field (8 bits): describes which higher layer protocol is used (TCP, UDP, or SCTP). The header of the higher-layer datagram is located at the beginning of the IP datagram payload. IP packet structure User/application data TCP/UDP header TCP/UDP datagram IP header IP datagram Bearer protocol frame/packet/cell Direction of transport IPv4 header structure (8) Version IHL Type of Service Identification Time-to-live Total length of IP datagram Flags Protocol Fragment offset Header checksum (for error control) Source IP address Destination IP address Options Padding Payload of IP datagram Header checksum (16 bits): used for error control. Routers along the path have to recalculate the checksum. Why? This kind of error control is not used in IPv6 (since the same error control function is offered by TCP - and even UDP). IPv4 header structure (9) Version IHL Type of Service Identification Time-to-live Total length of IP datagram Flags Protocol Fragment offset Header checksum (for error control) Source IP address Destination IP address Options Padding Payload of IP datagram Source and destination IP address (32 bits each): note that these addresses are not changed in routers along the route. In IPv6 the addresses are 4 x 32 = 128 bits long! IPv6 header structure 32 bits (= 4 bytes or octets) Version Traffic class Flow label (identifies datagram ”flows”) Payload length Next header Source IP address Destination IP address Payload of IP datagram Hop limit Can point to an “options” field in the payload (instead of TCP, UDP …) IPv4 and IPv6 address structure IPv4 address (32 bits or 4 bytes): 123.45.67.89 One byte (number between 0 and 255) IPv6 address (128 bits or 16 bytes): 2001:0db8:85a3:0000:1319:8a2e:0370:7344 Four hexadecimal numbers (between 0 and f), each occupying four bits. Strong points of IPv6 Larger IP address space (3.4.1038 IP addresses available) Fixed IP datagram header length (no variable length options field …) and better way to handle options More simple (and therefore faster) header processing; no checksum checking or fragmentation Real-time service or QoS support (using ”flow label” and ”traffic class” fields) UDP header structure Source port number Destination port number Length of UDP content (incl.header) Checksum UDP payload (application data) Two functions of UDP: • application multiplexing (using port numbers) • error control (using checksum) TCP header structure Destination port number Source port number Sequence number Acknowledgement number Data offset Flags Receiver window size Checksum Urgent pointer Options Starts here ... Flow control Padding TCP payload (application data) Flags are one-bit indicators (SYN, ACK, FIN ...) used for simple signalling (TCP connection setup and teardown) Difference between IP address and port Host A IP address – points to host Port – points to application Port Y Host B Port Z IP datagram contains: TCP/UDP IP IP address N (in IP header) source IP address N destination IP address M (in TCP/UDP header) source port Y destination port Z TCP/UDP IP IP address M Some important port numbers (Just to give an example, not necessary to remember.) http (web applications) https (http over SSL) DNS SMTP (outgoing mail) POP3 (from mail server) IMAP (from mail server) 80 443 53 25 110 220 TCP only TCP only UDP mainly TCP/UDP TCP only TCP/UDP (Within the server only. The client can usually freely choose its port number.) IP address + port number is given as 123.456.7.89:80 IPv4 address structure Hierarchical structure: unnecessary capacity 27 = 128 Class A 224 = 16.8 106 0 Network Host 214 = 16384 Class B Class C 10 110 216 = 65536 Network Host 221 = 2.1 106 28 = 256 Network Host running out of class B networks ! Flat structure would provide 232 = 4.3 109 IP addresses IPv6 provides 2128 = 3.4 1038 IP addresses ! Insufficient IPv4 address space There are basically four ways to avoid running out of IP addresses, either by making more efficient usage of the available address space (point 1) or by “expanding” the address space (points 2 – 4): 1. Classless interdomain routing (CIDR) 2. Dynamic IP address allocation 3. Network address translation (NAT) 4. Move to IPv6 (=> virtually unlimited address space). Classless interdomain routing (CIDR) In comparison with the original class-oriented address structure, CIDR makes more efficient usage of the available address space. The size of the network part of the address is included in the IP address after the slash: 182.46.92.110/21 10110110 00101110 01011100 01101110 Network part = 21 bits Host part = 32 – 21 = 11 bits In this example, eight class C networks are effectively grouped into one larger network. Dynamic IP address allocation IP address is allocated temporarily. Address is taken from an address pool (stored in a DHCP server) and after usage is returned to the address pool. Applications: • • • • Dial-up (modem) Internet access ADSL GPRS WLAN Protocol used: DHCP (Dynamic Host Configuration Protocol, RFC 2131). Network address translation (NAT) NAT is a method of connecting a number of hosts (in a private network) to the Internet using a single external IP address. 10.123.4.11 10.123.4.12 10.123.4.13 Internet NAT gateway Reusable IP addresses (for instance of form 10.x.x.x or 192.168.x.x) are used for routing "behind" the NAT gateway. Port no. 1 Port no. 2 Port no. 3 123.456.7.89 Private network A single (globally unique) IP address is used for routing through the Internet. Hosts are identified by TCP/UDP port numbers. IP address and port usage in NAT In outgoing packets (from client to server), NAT affects the source IP address and port number: IP header TCP/UDP header … S IP addr. D IP addr. … S port nr. D port nr. … For example: 10.123.4.11 => 123.456.7.89 For example: 1123 => 12515 In incoming packets, the destination IP address and port number are affected: … S IP addr. D IP addr. … S port nr. D port nr. … Hierarchical structure of Internet EGP = Exterior Gateway Protocol AS 1 IGP AS = Autonomous System EGP AS 2 IGP = Interior Gateway Protocol AS 3 IGP Routing protocols in Internet In practice, there is worldwide only one very complex EGP, namely BGP (Border Gateway Protocol) The two most well-known IGP’s are RIP and OSPF RIP (Routing Information Protocol) OSPF (Open Shortest Path First) RIP vs. OSPF RIP is a distance vector routing protocol, where neighbouring routers exchange routing information. RIP is one of the oldest IGPs and is still widely used today. RFC 1723 OSPF is a link-state routing protocol, where routers construct a complete topological map of the entire autonomous system. Autonomous system can be hierarchically structured into smaller “networks”. Open => publicly available (not like Cisco’s EIGRP) RFC 2178 Example: downloading HTML page (1) User terminal (Client) HTTP Send me HTML page HTML page source (Server) HTTP TCP Internet service provider’s PoP IP IP IP PPP PPP ATM TCP ATM Modem connection and PPP link between user terminal and ISP’s Point of Presence (PoP) is established. User terminal is given IP address (dynamic allocation). Example: downloading HTML page (2) User terminal (Client) DNS replies ... UDP HTML page source IP (Server) Contact DNS ... UDP UDP IP IP IP PPP PPP DNS performs translation between URL and IP address of server (only the latter can be used for routing IP packets to the server). Example: downloading HTML page (3) User terminal HTML page source (Client) (Server) HTTP Three-way handshaking TCP TCP IP PPP HTTP IP PPP IP ATM ATM TCP connection is set up. Note that IP packets can be routed over different bearer networks (like ATM as above) and do not necessarily follow the same path. Example: downloading HTML page (4) User terminal HTML page source (Client) (Server) HTTP Request Reply TCP TCP IP PPP HTTP IP PPP IP ATM ATM HTTP request (get HTML page) is sent to server. HTTP reply (including HTML page) is returned in a “200 ok” message. Example: downloading HTML page (5) User terminal HTML page source (Client) (Server) HTTP Two-way handshaking TCP TCP IP PPP HTTP IP PPP IP ATM ATM If the client has no more requests, the TCP connection is cleared. Example: downloading HTML page (6) User terminal HTML page source (Client) (Server) HTTP HTTP TCP TCP IP PPP IP PPP IP ATM ATM When requested by the client, the PPP and modem connections are cleared. (Bearer connections within the Internet backbone are naturally not cleared.) GPRS (General Packet Radio Service) Handles packet (IP) traffic in a mobile network GSM BSS HLR PSTN CS core network AuC EIR MS SGSN GGSN PS core network Internet 3G RAN SGSN MS SGSN GGSN PS core network Internet 3G RAN HLR The serving GPRS support node in the AuC packet-switched core network is the equivalent of the serving MSC/VLR in EIR the CS core network. PSTN GSM BSS CS core network GGSN 3G RAN SGSN GGSN PS core network Internet GSM BSS The gateway GPRS support HLR node is the equivalent of the GMSC in the CS core AuC network. IP traffic from external IP networks (e.g. the Internet) EIR is always MS first routed to the GGSN. PSTN CS core network GPRS attach / PDP session GPRS attach Separate or combined GSM/GPRS attach MS registers with an SGSN (authentication...) Location updates are now possible PDP context is created MS is assigned PDP (IP) address Packet transmission can take place GPRS detach PDP context is terminated Allocated IP address is released In case of dynamic address allocation DHCP (Dynamic Host Configuration Protocol) PDP context Packet data protocol context describes characteristics of GPRS session (session = "always on" connection) PDP context information is stored in MS, SGSN and GGSN MS 123.12.223.9 ::: ::: One user may have several PDP context sessions active PDP type (e.g. IPv4) 123.12.223.0 SGSN GGSN ::: ::: ::: ::: PDP address = IP address of MS (e.g. 123.12.223.9) Requested QoS (priority, delay …) Access Point Name = IP address of GGSN (e.g. 123.12.223.0) PDP context activation MS SGSN GGSN Activate PDP context request Security functions Create PDP context request ::: ::: IP address allocated to MS ::: ::: Create PDP context response Activate PDP context accept ::: ::: Packet transmission (1) MS (client) SGSN GGSN knows temporary IP adress of user Server Server has to find correct GGSN GGSN Dynamic IP address allocation has one problem: It is difficult to handle a mobile terminated transaction (external source does not know IP address of MS) Fortunately, packet services are usually of client-server type => MS (not server) initiates packet transmission Packet transmission (2) MS (client) SGSN Packet is tunneled through IP backbone of PS core network Server GGSN Packet is sent to SGSN. SGSN sends packet to GGSN through GTP (GPRS Tunneling Protocol) tunnel. Tunneling = encapsulation of IP packet in GTP packet Outer IP header IP header IP payload Packet transmission (3) MS (client) SGSN Note the different destination IP addresses Outer IP header Server GGSN IP header Dest. IP address: Server Dest. IP address: GGSN IP payload Packet transmission (4) MS (client) SGSN GGSN sends packet through the Internet to the server. Server GGSN IP header IP payload Source IP address: GGSN, not MS Dest. IP address: Server Packet transmission (5) MS (client) SGSN Server Dest. IP address: MS Dest. IP address (in outer IP header): SGSN GGSN Dest. IP address: GGSN Server sends return packet via GGSN to MS. Note the different destination IP addresses along the way. Packets from server to MS are always routed via GGSN (since this node has PDP context information, including the dynamically allocated IP address of MS).