インターネット概論 第07回(2002/11/12) 「僕と私のセキュ
Download
Report
Transcript インターネット概論 第07回(2002/11/12) 「僕と私のセキュ
Introduction to the
Internet Architecture
Kazunori SUGIURA, PhD.
September 2nd, 2003
2015/7/17
1
About Myself
• Kazunori Sugiura (Born Feb 4th 1970)
• Bachelor degree: Keio University(1994)
– Faculty of Environmental Information
• Graduate School: Masters Degree: Keio University(1996)
– Faculty of Media and Governance
• phD(2002):
– Faculty of Media and Governance
in profession of Information Technology
• Researcher in Communication Research Laboratory
– High Speed Network Division (Internet Architecture Group)
• Part time instructor in Keio University J. Murai, H. Tokuda, O.
Nakamura, H Kusumoto Lab.
• Part time instructor in Otsuma Woman’s Univ.
• Member of WIDE Project.
2015/7/17
2
About My Lecture
• Today
– Introduction to the Internet Architecture
• Brief Internet and “IP” history
• IP Tomorrow
• Tomorrow
– Leftovers from today
– Internet Architecture and Broadband applications
2015/7/17
3
Preparatory Hearings
• How many of you know the history of “The
Internet”?
• How many of you have heard IPv4?
• How many of you have heard IPv6?
2015/7/17
4
History of the Internet (IPv4) and
incoming IPv6
Starting of the Internet
• Mid 1960s (D)ARPA, USA requested
– Network which can resist Nuclear war
• Circuit switching is weak
• Packet exchange
• 1970s TCP/IP was born (Protocol Method)
2015/7/17
6
Topic
Protocol
2015/7/17
7
What is Protocol?
• Pledge to have a communication
• Examples:
IP、HTTP、TCP、FTP、UDP、ICMP、etc…
• Why do we use protocols?
– extendibility
– Scalability
– Transparent to different medium
2015/7/17
8
Topic
Topology and communications
2015/7/17
9
Network Topology
• There are many ways for network
connections.
Star
Tree
2015/7/17
Ring
Bus
Mesh
10
Uni-cast communications
Network
I want to talk to him
alone
2015/7/17
11
Broadcast
I wan to talk to
Everyone
Network
2015/7/17
12
Multicast
I wan to talk to
Group of
People
Network
Talking to group of people
2015/7/17
13
Circuit Exchange (ex. Analog telephone)
• Talk to each other with circuits (virtual circuits).
Exclusive dedicated line.
2015/7/17
14
Packet exchange (Internet)
• Send chunks of data (packets) in shared
networks
Shares same pipes, when its
not crowded, its smooth
2015/7/17
When crowded, may be jammed
15
Topic
Characteristics of the Internet
2015/7/17
16
End-To-End modem
• End system try their best
• End system does not now about the network
2015/7/17
17
Best effort
• Relay system will “try” their best to transport
data
– Internet does not assure the data to be sent
perfectly
2015/7/17
18
Autonomous Distributed Collaborated
• Duty for Relay system
(IP)
– Best effort
– Try their best
2015/7/17
• Duty for End system
(TCP/IP)
•
•
•
•
•
Responsible for data to be sent
Acknowledge to the receiver
Re-transmit
Slow down
Divide the information to
smaller chunks
19
Topic
Layering Models of the Internet
2015/7/17
20
OSI Layer model
data
restoring
Encoding
packet
packet
frame
signal
All we see is an application layer and physical layer
2015/7/17
21
Japan to USP
Airplane
USP
Taxi
My house
Hotel
Train Station gate
Inspection
Shin-Kawasaki
Bus
Custom/domestic
Suva
Narita Express
Nadi Airport
Narita Airport
2015/7/17
22
OSI Layer and packet
• Transmission
– Each layer adds necessary information and delivers it
to the lower layer
• Receiver
Layer
Info.
– Each layer processes the data within the information,
restores it, and passes to the upper layer
Data
Application
TCP
2015/7/17
UDP
Application
TCP
Data
UDP
IP
IP
Network Interface
Network Interface
Physical
Physical
Transmit node
Receiver node
23
Actual Layering model
Religion / God
Society / Political
Realistic
Layer
Society / Political
Person
Person
Application
Application
Presentation
Presentation
Session
Transport
2015/7/17
Religion / God
Traditional
OSI
Layer
Session
Transport
Network
Network
Data link
Data link
Physical
Physical
24
1) Physical Layer
• Physical Signal transport line
– Strength of signal
– Encoding modulation
• Medium
– Fibers, copper wires, AC outlet, satellites, wireless
– ITU-T, ISO
• Specifications
– X.25,IEEE,ATM,ISDN…
– Fibers: SONET,FDH…
2015/7/17
25
2) Data Link Layer
• Protocol specification for sending packet to physical
communication medium
• Synchronous, transmission control
– CSMA/CD
• Identification
– MAC Address
• Error Correction
– CRC Checksum
2015/7/17
26
3) Network Layer
• Unaware of physical lines, considering point to
point transmission through the whole internet.
• IPv4,IPv6
• Unique address
• Routing
2015/7/17
27
4) Transport layer
• Inter process communication specification for
each node (host)
• TCP,UDP
• Service identification inside the node (port)
2015/7/17
28
5) Session Layer
• Layer specification of session (from beginning of
communication and the end)
• Finite State Machine
– Initilize State, *** State, etc…
• Generally application handles the session
2015/7/17
29
6) Presentation Layer
• Specification of presentation of data
communicated by session layer( coding,
encryption)
• Byte order
– Least/Most Significant Bit (LSB/MSB)
– Htonl (), Htons ()
• Generally, application handles the presentation
of data.
2015/7/17
30
7) Application Layer
• For communication between application
• E-Mail Format
• HTTP, FTP
2015/7/17
31
Many Mediums, Data-link
Wireless
LANs
Campus
UT
P
HUB/
Switch
LANs
ISD
N
Etherne
t
ADSL
Fibers
WDM
Internet
Telecom
Providers
PPP
LANs
Remote Campus
2015/7/17
HOME
35
Topic
IP address
2015/7/17
36
IP address
• Telephone
– Dial number
• Letters
– Address
• Network requires the destination to send to
– Address of the Internet
– IP Address
2015/7/17
37
Protocol Layering
process
process
TCP
Internet Control
Message Protocol
ARP
IGMP
Internet Group
Management Protocol
network
layer
RARP
hardware
interface
2015/7/17
transport
layer
UDP
IP
ICMP
process
process
media
data link
layer
38
IP Address
• Definitions for Internet Protocol
– v4:203.178.143.71
– v4 → 32bit、v6 → 128bit Address pool
– Unique numbers
• IP Address
– Written in Decimal format
• 133.27.4.120
– Inside the computers, are binary digits
• 10000101 00011011 00000100 01111000
– Hexadecimal format
• 0x85 1B 04 78
2015/7/17
39
Topic
IPv4 and IPv6
2015/7/17
40
What is IPv6?
• New Internet Protocol
– We are currently using Version 4
– Next version is Version 6
Version 5 was being obsolete Version 6 is realized
• Pool of available IP address
– IP version 4
• ex.) 133.27.41.68
• 4 Byte, 32bit = 2^32
– 4,294,967,296 individuals
– IP Version 6
• ex.) 2001:8013:fe59::ffe0:0001
• 16 Byte, 128bit = 2^128
– 340,282,366,920,938,463,463,374,607,431,768,211,456 indivisuals
• Fixed header length
• Variety of option header
2015/7/17
41
Why addressing so important?
• IP version 4
– Used to identify the computers connected to the
networks
– Not enough for all the peoples in the global region.
• IP version 6
– To identify every object on Earth.
Real Network
2015/7/17
42
So many addresses in IPv6?
• Address length is 128 bit
– 4 times longer compared to IPv4 address
– And the available address is …
• 2^128 available address pool
– Approx. 3.4×10^38
– Can identify 2.2×10^20 individuals in 1cm2
• Can you count?
– 340,282,366,920,938,463,463,374,607,431,768,211,456
2015/7/17
43
History of IPv6
• IP next generation
July, 1991
Nov, 1992
IETF starts investigation for IP address shortage
Dec,1993
RFC1550 IPng design
RFC1380 proposes address shortage
Starts development of next generation Internet Protocols
• IPv6
Jan,1995
Using RFC1752 SIPP as base, address spool has been
changed to 128bit
Renamed IPng (next generation) to IPv6 (IP version6)
Dec, 1995
RFC1884 IPv6 Addressing Architecture
1998年7月 RFC2373
1998
IPv6RFC2460 IPv6 Specification, etc…
2015/7/17
44
Address Scheme of IPv6
IPv6 Address
• IP address is 16bytes (128bit)
• If you try to write IPv6 address in similar format
used in IPv4:
– 123.123.123.123.123.123.123.123.123.123.123.123.123.
123.123.123
• Write IPv6 address in hexadecimal format
– “:” is used instead of “.”
– Continuous “0” can be abbreviated once
– Example:
3ffe:501:100c:d220:220:e0ff:fe89:dc8
3ffe:501:100c:1::1 = 3ffe:501:100c:1:0:0:0:1
2015/7/17
46
Characteristics of IPv6
• Available pool of address space
–
–
–
–
–
–
128bit address
Anything can be connected to the networks
Home appliances, mobile phones, cars,
Performance improvements
Simple header for less load factor to relay system
Relay system does not fragment packets
• New Technology
– Automatic network configuration (Plug and Play)
– Mobility, Security, Scalability upgrade
2015/7/17
47
Windows XP supports IPv6
anonymous global address
public global address
link-local address
2015/7/17
48
3 different IP address for IPv6
• Global address
Unique address used to identification throughout the
network
• Link local address
Permitted only to the LAN segment of the network
devices which are connected to
• Site local address
Address used dedicatedly which is not connected to
the internet
2015/7/17
49
Global Address
• 3bit prefix…“001”
– IPv4: Class
• Interface ID is automatically configured with
hardware MAC address
3bit 13bit
001
TLA
ID
32bit
16bit
NLA ID
SLA ID
Public
Topology
2015/7/17
Site
Topology
64bit
Interface ID
Interface
Identification
50
Link local address
• Starts with “fe80”
• Do not send datagram starting with this address
– Ex. Automatic address configuration, finding nearest
nodes
10bit
1111111010
2015/7/17
54bit
0000 . . . . . . . 0000
64bit
Interface ID
51
Site local address
• Starts with “fec0”
• IPv6 router should not send datagram starting
with this address outside the site
10bit
38bit
1111111011 0000 . . . . 0000
2015/7/17
16bit
Subbet
ID
64bit
Interface ID
52
IPv4
0
31
Version Data length
Type of Service
(4bit)
(4bit)
(8bit)
Identification
Flag
(16bit)
(3bit)
Time to live
Protocol
(8bit)
(8bit)
Source address
(32bit)
Destination address
(32bit)
IP Options
(0 or more)
Packet length (byte)
(16bit)
Fragment offset
(13bit)
Header checksum
(16bit)
Padding
Data
32bit
2015/7/17
53
IPv6
0
Version
(3bit)
31
Traffic Class
(9bit)
Payload length
(16bit)
Flow label
(20bit)
Next header
(8bit)
Hop limit
(8bit)
Source address
(128bit)
Destination address
(128bit)
Extension header
(0 or more)
Data
32bit
2015/7/17
54
New technology in IPv6
How to retrieve IPv6 address
• Interface retrieves network information from the router
and configures IP address with own interface ID
Network ID
128bit
interfaceID
ルータ
Here is the
Network info!
• MAC address is (should be) unique
using it as a unique address in Internet
• Interface ID consists of 64 bit
• Objective of Network ID is to define positions
2015/7/17
56
Difference between DHCP(IPv4) and IPv6
• IPv4(DHCP)
– DHCP distributes address pool predefined in the
configuration
• DHCP address needs to be reserved
• Different address may be reconfigured every time
• IPv6
– Address configured with network information and
Interface ID
• Address is already configured by the interface
• If used in same network, address will not change
2015/7/17
57
Unique character in IPv6
• Protocol level extension availability
• Security awareness
– Security and authorization readiness
– IPsec is available in standard( IPv4 is optional )
• Authentication:
Authenticate if you are communicating with trusted host
• Encryption:
Cannot be decrypted during the network relays
• Using IPv6 extension header
• Priority controls
– Priority control for real time communications
2015/7/17
58
IPv4 to IPv6 (switching ?)
From IPv4 to IPv6
v4 only
•Partial IPv6
•Tunneling v4 backbone
v4 / v6
•Mostly IPv6
•IPv6 Native networs
•Different technology required during switching
•IPv6 cannot be correspondent to terminal or the network alone
•Finally it will likely to be like in the IPv4 infrastructure
2015/7/17
v6 only
60
Dual Stack
• IPv4/IPv6 can be used
• Server/Router/Client
• Until No IPv4 nodes are available
IPv4/v6
IPv4/v6
IPv6
IPv4
IPv4
IPv4
IPv6
IPv6
IPv4/v6
2015/7/17
61
Tunneling
• IPv6 network tunnels
through IPv4 network
(IPv4 network tunnels
through IPv6 network)
• Encapsulation mechanism
Beginning
IPv6
IPv6
IPv6
IPv4
IPv6
Ending
IPv4
2015/7/17
IPv4
IPv4
IPv6
IPv4
62
Translator
• To communicate IPv4 only supported host to
IPv6 only supported host
• NAT,SOCKS, Layer realization
IPv6
2015/7/17
IPv4
63
IPv6 readiness
IPv6 Ready!
• UNIX based platforms
– Linux, FreeBSD, OpenBSD, NetBSD, Solaris8
• Windows
– 2000, XP
• Macintosh
– Mac OS X
2015/7/17
65
IPv6 Ready applications – windows
• server
– Apache 2.0.43 / 1.3.27
• client – www
– Internet Explorer
– WWWC 1.0.2
– Wget 1.7
• client – telnet/ssh
– Tera Term Pro 2.3 + TTSSH
1.5.4
– PortForwarder 1.1.1
• client – FTP
– FFFTP 1.82
– NcFTP 3.0.4
2015/7/17
• client – etc
–
–
–
–
Meadow 1.15
Emacs 21.1
NTEmacs 20.7
ActivePerl 5.6.1.633
• Socket6 port for Win32
• patch for IM
– Ruby 1.6.7
– Cygwin 1.3.12-4
• Application List on
Cygwin/Mingw
– WinPcap 2.2beta & WinDump
3.5.2a
– Runtime Library for MSVC++
7.0 (mfc70.dll and msvcr70.dll)
66
IPv6 stacks
• Implementations
• KAME(http://www.kame.
net) BSD IPv6 stacks
• USAGI(http://www.linuxipv6.org/) Linux IPv6
stacks
Mac
UNIX
OS X
*BSD
KAME
2015/7/17
• MSR(http://www.researc
h.microsoft.com/)
Microsoft Research
• WindowsXP includes IPv6
stacks by default
Windows
Linux
2000
USAGI
MSR IPv6
XP
XP SP1
XP IPv6
67
IPv6 Services
How to realize IPv6
• IPv6 readiness check
• IPv6 ready machines and informations
– IPv6 capable router
– At least one IPv4 global address for tunneling
– DNS Server
2015/7/17
69
Windows XP (1/3)
• SP1
• Ipconfig
• Ipv6 if
2015/7/17
70
Windows XP(2/3)
• Install IPv6
– Ipconfig
ipv6 if
– Ipv6 install
2015/7/17
71
Windows XP( 3/3)
• IPv6
confirmation
– ipconfig
– ipv6 if
– ping6
– http://www.k
ame.net
2015/7/17
72