Transcript Lecture note 5

Network Layer
(Part I: Addressing)
5- 1
Routers Connect Many Subnets (e.g.,
Ethernet) to Form a Network
destination
Router
source
Router
data
Router
Router
5- 2
Network Layer Provides Services to
Transport Layer
• At the transport layer, we want the network
layer to be able to route our packets across
subnets so that our packets can reach their
destination hosts.
• We may also want reliable delivery, insequence delivery, congestion control,
quality-of-service guarantee, and other
services.
5- 3
Big Argument Between the Internet and
Telephone Communities
• The network layer must do the routing job. (No
argument about this service.)
• However, should the network (the network layer) or the
hosts (the transport layer) do the reliable delivery, insequence delivery, congestion control, quality-of-service
guarantee jobs? (The end-to-end argument v.s.
performance improvement v.s. misbehaving users .)
• Also, should connectionless or connection-oriented be
used in the network? (The datagram v.s. virtual-circuit)
The telephone community wants to make network complicated
but end hosts simple, the Internet community takes the opposite
5- 4
view!
Virtual Circuit
• Before sending packets, a routing path needs to be
chosen and set up first.
• Like traditional circuits, but no physical circuit is set up
between a sender and a receiver.
• Instead, the routers on the VC from the sender to the
receiver each is configured with a VC ID.
• All packets belonging to a flow carry the same VC ID
and will take the same routing path in networks.
• Resource may or may not be reserved for a VC.
– Voice circuit (TDM)
– Data circuit
• Used in ATM or Frame Relay networks (most backbone
5- 5
networks of Internet)
Comparison of Datagram and Virtual Circuit
5- 6
Naming and Addressing
5- 7
Name and Address Are the First Step
toward Routing
• When we want to send a packet to a
machine, we must be able to identify it first.
– Otherwise, how do we let the network know
our intended destination machine.
– Thus, every machine (router or host) must have
a text name or numerical address for us to
identify it.
In Internet, actually, a machine may have multiple
addresses, each associated with an network interface.
5- 8
Name and Address Are Both Useful
• Text names such as www.csie.nctu.edu.tw is more human
understandable and easy to remember.
– However, text names may have variable lengths and formats,
making routers hard to parse and process them.
– Also, text names may be variable and very long, making size of
the source and destination fields in the packet header hard to
choose.
• Fixed-length numerical address can solve the above
problems.
– However, they are not human understandable and they are
difficult to remember.
• The best way is to let human use names to identify a
machine while internally the network uses addresses.
Domain Name Servers (DNS) do this job for us! 5- 9
Hierarchical Naming Has Many
Good Properties
• The problem of using non hierarchical
naming
– Different naming authorities may choose
the same name.
– Need to check every naming authority to
avoid the name conflict problem
– Is not scalable with a large number of
naming authorities like Internet
• Hierarchical naming such as
www.csie.nctu.edu.tw solves this
problem.
Internet uses a hierarchical naming scheme.
5- 10
Hierarchical Addressing Allows Aggregation
and Saves Routing Table Space
• If nonhierarchical (flat) addressing is used, each
router needs to maintain a routing entry for every
machine.
• If hierarchical addressing is used, each router only
needs to maintain a routing entry for every subnet.
– A big saving in router’s memory.
– However, may not result in optimal routing paths
Internet uses a hierarchical addressing scheme.
5- 11
5- 12
IPv4 Address Classes and Format
Machines on the same
network are aggregated
together by sharing the
same network address.
Internet routers use
the network address
portion of a packet’s
destination address
to route packets.
5- 13
A Network Can Be Further Partitioned
into Subnets By Using Subnet Masks
• The size of a network may be too big.
– E.g., the class-A and class-B have 2^24 and 2^16 host
addresses, respectively.
– Using flat addressing inside an organization will
increase the router’s routing table size and slow down
packet forwarding.
– Further partitioning the network into multiple subnets
solve these problems.
• The subnet mask indicates which part inside the
host address field should be treated as subnet
address.
Internet uses subnet masks extensively.
5- 14
A Subnetting Example
5- 15
The Address Shortage Crisis of Internet
Is Caused by Inefficient Uses
• The size of a class-A network is too big.
– No organization would have 2^24 = 16777216 computers.
– However, www.mit.edu’s IP address is 18.181.0.31.
• The size of a class-B network may still be too big for
most organizations.
– 2^16 = 65536 computers. Does NCTU have 65536 computers?
• The size of a class-C network is too small for most
organizations.
– 2^8 = 256 computers. CSIE has more than 256 computers, not
to mention NCTU!
The current crisis is that most allocated IP addresses
5- 16
are not being used!
IPv6 Uses 128-Bit Addresses to End
This Crisis
• With 2^128 addresses, every square inch on the
earth can have 4 IP addresses!
• Source and destination address fields in an IP
header now become larger bandwidth overhead for
small-size packets.
Some researchers joke that in LAN, why don’t we just transport
telnet’s characters by putting them in the source and destination
address fields of a packet.
5- 17
Classless Inter-Domain Routing (CIDR)
Mitigates the Crisis
• A contiguous sets of class-C network
addresses are allocated to an organization.
• Routers in the network now need to carry a
prefix indication, which plays the same role
as subnet mask.
Nowadays most organizations can only get CIDR
class-C addresses. Class-B network addresses are
very difficult to get.
5- 18
A CIDR Example
5- 19
Dynamic Host Configuration Protocol (DHCP)
Also Mitigates This Crisis
• DHCP can dynamically assign an IP address
to a host. When the host no longer needs to
use it, the IP address will be reclaimed.
• Very useful and efficient in using IP
addresses
– E.g. Notebook computers moving around
– E.g., ISP’s modem server (PPP)
• A user do not need to ask which IP address he
can/should use for his host.
In Win98, just check the “自動取得IP位址” option.
5- 20
Network Address Translator (NAT) Also
Mitigates This Crisis
• A NAT’s job is to convert an IP address to another
one.
• People thus can reuse private IP addresses within
their organization (e.g., NCTU).
• These private IP addresses will be converted to
some public routable IP addresses before the
packets using them are sent to the Internet.
Internet
140.113.215.141
NAT
1.1.1.1
NCTU
5- 21
People Thus Do Not Have a Hurry
to Use IPv6
• Analysts predicted 10 years ago that by year 2000,
most people will go for IPv6 because of the IP
address shortage crisis.
• Now, their predictions turn out to be wrong.
– CIDR, DHCP, NAT mitigate the crisis a lot.
– Also, people are reluctant to change their IP addresses.
• Too much hassle, too many problems
– Now, only those people who cannot get enough IPv4
addresses have to instead use IPv6 addresses.
• Almost none now. Only researchers use them to do experiments.
• Thus, you probably do not need to know IPv6 in the
future 10 years .
5- 22
Packet Encapsulation and Demultiplexing
5- 23
Encapsulation by Prepending Headers at
Different Layers
As a packet goes down layer N, layer N
prepends a layer-N header to it carrying some
5- 24
information relevant to layer N.
Demultiplexing a Packet When It Is Received.
As a packet goes up layer N, layer N strips off
the layer-N header and then do some
5- 25
processings.
Address Resolution Protocol (ARP) and
Reverse ARP (RARP)
5- 26
ARP Finds a Layer-2 Address From an IP Address
• When we want to send packets to a receiving host,
we only know and use the receiving host’s IP
address.
– The network uses the receiving host’s IP address
carried in the packet header to route the packet.
– When the packet arrives at the router that connects the
receiving host’s subnet, the router needs a way to find
the layer-2 address that is used by the receiving host.
Use Ethernet Address
R
Use IP Address
R
H
5- 27
An Example of ARP Usage
DNS
5- 28
ARP Packet Format
• Proxy ARP
– Let a router/host answer ARP request on one of its
networks for a host on another of its networks.
• Can be used to intercept packets for some processing (e.g.
security checking)
• Gratuitous ARP
– Looking for myself layer-2 address
• Can be used to check if someone is using my IP address
• After changing the layer-2 address (network interface),
immediately notify other hosts this change.
5- 29
RARP Finds an IP Address From
a Layer-2 Address
• Mainly used by diskless hosts to find their own IP
addresses.
• A diskless host loads its kernel from a remote
server across network.
• Thus it needs an IP address
• RARP let the diskless host finds its own IP
address.
– My layer-2 address is 12:34:56:78:90:12, who know
my IP address, please tell me!
5- 30
IP Header Format
5- 31
5- 32
Functions of Fields of the IP Header
• Header length: if the value is n, it means that the length of the IP
header is 4 * n bytes.
• Identification: this field is needed in case fragmentation is
needed.
• 3-bit flag: indicate if more fragments of an IP packet will come
in.
• Fragment offset: if this value is n, the real offset is n * 8.
• TTL: used to limit the maximum number of routers a packet can
pass in a network
• Header checksum: only check the validity of the IP header, not
including its data payload.
– Why? It needs to be recalculated on every router of the path. So the
computation should not be too much.
– Also, the transport layer has its own checksum covering the data.
• Options: indicate some required services from routers. E.g.,
5- 33
record route, source routing, etc.
IP Fragmentation Is Harmful
• An IP packet can be as long as 2^16 bytes.
• However, Ethernet’s MTU (maximum transmission unit)
is only 1500 bytes.
– Using a big MTU has many disadvantages
• If the length of an IP packet is greater than the MTU of
a link on its routing path, it may be fragmented by a
router.
• Fragmented packets are not reassembled in the network.
Reassembly is done at the receiving host.
• If any fragment of an IP packet is lost, all other
fragments become useless, and the IP packet needs to
be retransmitted.
So, try not to send an IP packet that > 1500 bytes.
5- 34
Internet Control Message Protocol
• ICMP communicates error messages
between nodes in a network.
Nowadays, for network security reasons, more and
more routers and hosts ignore ICMP messages.
5- 35
Attack!
Attack!
ping
traceroute
5- 36