Transcript Document

Network Architecture and Design

Scope



Ten (10) Lectures



To cover the complete network design process
from the initial drawings to the final
implementation.
To learn how to effectively combine all the “cutting
edge” technologies to produce a functional
network.
Five (5) Intermediate Reports (IRs)
An Overall Project (OP)
Performance: 50%OP + 50%IRs
Network Architecture and Design
1
IRs and OP


An IR will extend the presented topics
The OP will apply the obtained
knowledge for solving an actual network
design problem.
Network Architecture and Design
2
Basic Tasks





Gathering information
Designing the network
Assembling the network components
Building the network
Network monitoring
Network Architecture and Design
3
Gathering Information

Preparation and analysis





Site survey
Collection of requirements
Organization and interpretation of the
collected information
Drawing up the project (time plan,
resources, etc.)
Submit the proposal
Network Architecture and Design
4
Designing the Network

Network hardware


Protocols


Operating system
Remote/Internet connectivity


ISDN, Frame Relay, DSL, etc.
Host hardware and software


TCP/IP, IPX, NetBEUI, etc.
Technologies


Hubs, bridges, switches, routers, etc.
Dial-in, VPN, DNS, etc.
Security

Filtering routers, firewalls, etc.
Network Architecture and Design
5
Assembling the Components


Choosing hardware vendors
Choosing software plan



Licensing
Find contractors
Creating the final proposal (Release
network specifications)
Network Architecture and Design
6
Building the Network





Ordering the equipment
Cabling the workspace
Assembling the servers
Testing
Final walk-through
Network Architecture and Design
7
Network Monitoring






Traffic monitoring
Tracking important events
Network resource management
Firewalls
Proxies
Upgrade/maintenance
Network Architecture and Design
8
The Course Focus on……
Designing a
Network Using
Modern
Technologies
Network Architecture and Design
9
IP – Overview


Communication between computers on
the internet: Internet Protocol (IP)
Telephone network:


Each user owns a unique telephone
number
Internet

Each computer owns a unique IP address
Network Architecture and Design
10
IP Overview

IP in OSI model
Application Layer
NFS
SNMP
TELNET
DNS
FTP
SMTP
Session Layer
HTTP
Presentation Layer
Application
Transport Layer
TCP, UDP
Network Layer
IP
Logical Link Layer
Device Driver
Physical Layer
Network Adapter
Network Architecture and Design
11
Advanced Issues in Internet
Protocol (IP)






IPv4
Network Address Translation (NAT)
IPV6
IP Security (IPsec)
Mobile IP
IP Telephony (VoIP)
Network Architecture and Design
12
IPv4

Since today addressing is made
according to version 4 of the Internet
Protocol (IPv4)



4 Bytes
4.3 billions different addresses
e.g.


169.21.54.69
17.232.89.22
Network Architecture and Design
13
IPv4


Each address is constituted of the
network prefix and the node prefix
The number of bits of each prefix
depends on the address class
Network Architecture and Design
14
IPv4 Classes
Class A
0
0.X.X.X – 127.X.X.X
Class B
Class C
14 bits
Network prefix
110
192.X.X.X – 223.X.X.X
24 bits
Network prefix
10
128.X.X.X – 191.X.X.X
7 bits
21 bits
Network prefix
Network Architecture and Design
Node prefix
16 bits
Node prefix
8 bits
Node prefix
15
IPv4 Classes



Α Class: 126 networks with 16 billions
nodes
Β Class: 16.000 networks with 16.000
nodes
C Class: 2 billion networks with 256
nodes
Network Architecture and Design
16
IPv4 -Example
Class C Subnetwork
135.5.6.X
135.5.7.34
195.23.5.25
Router
Router
Router
195.23.5.17
135.5.7.69
Class C Subnetwork
Class C Network
195.23.5.X
135.5.7.X
Internet Backbone
Class B Network
135.5.X.X
Network Architecture and Design
17
IPv4 Packet Header
Vers = 4
IHL
Type of Service
Identification
Time to Live
Total Length
Flags
Protocol
Fragment Offset
Header Checksum
Source Address
Destination Address
Options
Network Architecture and Design
18
Limitations of IPv4

No global addressability


No more addresses


Difficult do deploy new internet-wide
applications
Address space will be exhausted by 2008
Too big routing tables
Network Architecture and Design
19
Advanced Issues in Internet
Protocol (IP)






IPv4
Network Address Translation (NAT)
IPV6
IP Security (IPsec)
Mobile IP
IP Telephony
Network Architecture and Design
20
The need of Address Mapping



Global addressing is too complex to be
implemented on the whole internet
No more addresses left
Need of address reusing
Network Architecture and Design
21
Network Address Translation
(NAT)



NAT: the process of swapping one address
for another in the IP packet header
NAT is used to allow privately-addressed
hosts in the Internet
Effective when connecting a small office or
home office (SOHO) to the corporate
network. By using NAT, a company does not
have to allocate a "real" IP address for each
of its remote users
Network Architecture and Design
22
ΝΑΤ Devices (NAT boxes)


This swapping process is performed by
a device running specialized NAT
software or hardware
Examples of NAT boxes:



Router
Unix System
Win2000 server
Network Architecture and Design
23
Network Address Translation
(NAT)


Outside Addresses: Registered by a company
or leased from a provider
Inside addresses: Set aside to be used by
anyone


Two networks, or two million networks, can each
use the same inside address
Inside addresses cannot be used on the public
Internet
Network Architecture and Design
24
Network Address Translation
(NAT)

Inside Local Address – The IP
address of an inside host as it appears
to the other hosts of the network

Inside local addresses can be used in
other networks too
Network Architecture and Design
25
Network Address Translation
(NAT)

Inside global address - The IP address
of an inside host as it appears to
outside networks

Allocated from a globally unique address
space, typically provided by the ISP
Network Architecture and Design
26
Network Address Translation
(NAT)


Outside local address - The IP
address of an outside host as it appears
to the inside network
Outside global address - The
configured IP address assigned to a
host in the outside network
Network Architecture and Design
27
ΝΑΤ - Example
A
117.13.8.10
144.3.23.9
Inside Local
B
144.3.23.10
NAT
175.35.4.133
C
117.13.8.11
NAT TABLE
175.35.4.133
Inside local
address
Inside global
address
117.13.8.10
144.3.23.9
117.13.8.11
144.3.23.10
Outside Global
Network Architecture and Design
28
Static ΝΑΤ


A specific inside local address maps to
a pre-specified inside global address
The inside local and inside global
addresses are statically mapped one for
one


Easy to implement
Need of too many local addresses

Local addresses = global addresses
Network Architecture and Design
29
Dynamic ΝΑΤ



Translations don't exist in the NAT
translation table until the router receives
traffic that requires translation
Dynamic translations are temporary,
and will eventually time out
Only a few number of global addresses
is needed
Network Architecture and Design
30
NAT Overload


Use Port Address Translation (PAT),
which allows multiple inside addresses
to map to the same global address
This is sometimes called


A "many-to-one" NAT
Address overloading
Network Architecture and Design
31
NAT Overload
A
117.13.8.10:13
144.3.23.9:13
B
144.3.23.9:25
NAT
144.3.23.9:21
C
117.13.8.11:25
TRANSLATION TABLE
117.13.8.12 :21
Inside local
address
Inside global
address
Communication
port
117.13.8.10
144.3.23.9
13
117.13.8.11
144.3.23.9
25
117.13.8.12
144.3.23.9
21
Network Architecture and Design
32
NAT Overload


Over 65,000 inside addresses can
theoretically map to a single outside
address
However, the actual number of
translations supported is approximately
4,000 local addresses per global
address
Network Architecture and Design
33
NAT overload

NAT overload can be used in
conjunction with dynamic mapping:


Use a one-to-one dynamic mapping until
the available addresses are almost
depleted, at which time NAT can overload
the remaining address or addresses
Overload the first address until it's maxed
out, and then move on to the second
address, and so on
Network Architecture and Design
34
Limitations of NATs





They wont work for a large number of
“servers” (devices that are “called” by others,
e.g. IP phones)
They break most current IP multicast and IP
mobility
They break many existing applications
They limit the market for new applications
and services
They compromise the performance,
robustness and security of the Internet
Network Architecture and Design
35
Advanced Issues in Internet
Protocol (IP)






IPv4
Network Address Translation (NAT)
IPV6
IP Security (IPsec)
Mobile IP
IP Telephony
Network Architecture and Design
36
Challenges to IP

Addresses needed for 21st century




Internet devices will be more numerous, and
not adequately handled by NATs




Estimated 20 billion people
Multiple interfaces/node
Multiple addresses/interface
mobile phones
cards
residential servers
The solution: IPv6
Network Architecture and Design
37
IPv6

IPv6 Address: 128 bits


3,4x10^38 different addresses
Allows:



multiple interfaces per host
multiple addresses per interface
Advanced routing functions



unicast
multicast
anycast
Network Architecture and Design
38
IPv6 Notation

X:X:X:X:X:X:X:X where X is Hex values
of 16 bits, e.g.


FEDC:BA98:7654:3210:FEDC:BA98:7654:3210
Skip one sequence of zero words, e.g.

FEDC:0000:0000:0000:9876:0000:0000:ABCD =
= FEDC::9876:0000:0000:ABCD
Network Architecture and Design
39
IPv6 Address Types

According to the prefix there are 5 types of
addresses


Local use:




Provider-based (global): Prefix:010
Link local: Prefix: 1111 1110 10
Site local: Prefix: 1111 1110 11
Multicast: Prefix: 1111 1111
Reserved

unspecified, loop back, IPv6 with embedded IPv4
addresses: Prefix: 0000 0000
Network Architecture and Design
40
IPv6 Address Types
Global



Site-Local
Link-Local
Global - Forwarded anywhere
Link Local – Not forwarded outside the link
Site Local – Not forwarded outside the site
Network Architecture and Design
41
IPv6 Provider Based Address
Registry Provider
Subscriber
010
0
0
ID
ID
ID
3
5


16
8
24
8
Subnet
ID
16
Interface
ID
48
Forwarded anywhere
Variable size partitions
Network Architecture and Design
42
IPv6 - Link Local Address
1111 1110 10
10 bits


0
Interaface ID
n bits
118-n bits
Not forwarded outside the link
Notation: FE:80::xxx
Network Architecture and Design
43
IPv6 - Site Local Address
1111 1110 11
10 bits


0
Interaface ID
n bits
118-n bits
Not forwarded outside the site
Notation: FE:C0::xxx
Network Architecture and Design
44
IPv6 – Multicast Addresses
1111 1111
8 bits

Scope
4bits
Group ID
112 bits
Flag: 000T



Flags
4 bits
T=0 for permanent address
T=1 for transient address
Scope:




1: Node Local
2: Link Local
8: Org Local
E: Global
Network Architecture and Design
45
IPv6 Packet Header
Version (4 bits)
Priority (4 bits)
Payload Length (16 bits)
IPv6
Flow Label (24 bits)
Next Header (8 bits)
Hop Limit (8 bits)
Source Address (128 bits)
Destination Address (128 bits)
Vers = 4
IHL
Type of Service
Identification
IPv4
Time to Live
Total Length
Flags
Protocol
Fragment Offset
Header Checksum
Source Address
Destination Address
Options
Shaded fields are absent from IPv6 header
Network Architecture and Design
46
IPv6 Header Types

Header Types







Hop-by-Hop = 0
Routing Header = 43
Fragment Header = 44
Authentication Header = 51
Encrypted Payload = 52
TCP =6
UDP =17
Network Architecture and Design
47
IPv6 Extension Headers

Options field of IPv4 is replaced by extension
headers, used for special purposes:

Extension headers are chained together
IPv6 Header
TCP Header + Data
Next Header = TCP
IPv6 Header
Routing Header
Next Header = Routing
Next Header = TCP
TCP Header + Data
IPv6 Header
Routing Header
Fragment Header
Fragment of TCP
Next Header = Routing
Next Header = Fragment
Next Header = TCP
Header + Data
Network Architecture and Design
48
IPv6 Extension Headers






Hop – by - Hop
Routing
Fragment
Destination Options
Authentication
Encryption Security Payload
Network Architecture and Design
49
IPv6
Flow Label Header Field


IPv6 header gives the ability of labeling
traffic flow (24 bits)
Flow label indicates that packets need
special handling:


Real time service
Special QoS
Network Architecture and Design
50
IPv6 – Priority Header Field



4 bit priority field
Enables source to identify the desired
delivery priority of it’s packets relative to other
packets from the same source
Two ranges


0 through 7 specifies priority of packets (no real
time)
8 through 15 specify priority of real time packets
Network Architecture and Design
51
IPv6 Vs IPv4


Expanded addressing capabilities
Simplified header format





Reduction in processing cost
Flow labeling
Support for authentication and privacy
Support for improved options and extensions
Support of all IPv4-based mechanisms

IPsec – diffserv – QoS features
Network Architecture and Design
52
IPv6 and IPv4 Co-existence


IPv4 and IPv6 will exist together
As time goes by:




Devices support only IPv4
Devices support IPv4 and IPv6
Devices support only IPv6
Coexistence using:

Dual stack approach


Tunneling approach


Applications choose version to use
Encapsulation of IPv6 in IPv4 packets
Translation approach

Extended NAT techniques for translating IPv6 to IPv4
Network Architecture and Design
53
End of First Lecture
Network Architecture and Design
54