Transcript Introduction

ICS 156: Lecture 2 (part 2)
Data link layer protocols
Address resolution protocol
Notes on lab 2
1
TCP/IP Protocol Stack
• The TCP/IP protocol stack runs on
top of multiple data link layers.
Application
Layer
• Two data link layer technologies
•Broadcast
•Point-to-Point
Transport
Layer
Network
Layer
(Data) Link
Layer
Logical Link
Control (LLC)
Media Access
Control (MAC)
Sublayer in
Local Area
Networks
2
Data Link Layer
• The main tasks of the data link layer are:
• Transfer data from the network layer of one machine to
the network layer of another machine
• Convert the raw bit stream of the physical layer into
groups of bits (“frames”)
Network
Layer
Data Link
Layer
Network
Layer
Data Link
Layer
Physical
Layer
Physical
Layer
3
Two types of networks at the data link layer
– Broadcast Networks: All stations share a single
communication channel
– Point-to-Point Networks: Pairs of hosts (or routers) are
directly connected
Broadcast Network
Point-to-Point Network
• Typically, local area networks (LANs) are broadcast and wide area
networks (WANs) are point-to-point
4
Local Area Networks
• Local area networks (LANs) connect computers within a
building or a enterprise network
• Almost all LANs are broadcast networks
• Typical topologies of LANs are bus or ring or star
• We will work with Ethernet LANs. Ethernet has a bus or star
topology.
•Bus LAN
•Ring LAN
5
MAC and LLC
Data Link
Layer
• In any broadcast network, the stations must ensure that only
one station transmits at a time on the shared communication
channel
• The protocol that determines who can transmit on a broadcast
channel are called Medium Access Control (MAC) protocol
• The MAC protocol are implemented
to Network Layer
in the MAC sublayer which is the
Logical Link
lower sublayer of the data link layer
Control
• The higher portion of the data link
Medium Access
Control
layer is often called Logical Link
Control (LLC)
to Physical Layer
6
IEEE 802 Standards
• IEEE 802 is a family of standards for LANs, which defines
an LLC and several MAC sublayers
IEEE 802 standard
IEEE
Reference
Model
Higher layer issues
802.1
Logical Link
Control
802.2 LLC
802.11
Wireless lan
802.5
Token ring
802.4
Token bus
802.3
CSMA/CS
Medium
Access
Control
Physical
Layer
Higher
Layer
Data Link
Layer
Physical
Layer
7
Ethernet
• Speed:
• Standard:
10Mbps -10 Gbps
802.3, Ethernet II (DIX)
• Most popular physical layers for Ethernet:
•
•
•
•
•
•
•
10Base5
10Base2
10Base-T
100Base-TX
100Base-FX
1000Base-FX
10000Base-FX
Thick Ethernet: 10 Mbps coax cable
Thin Ethernet: 10 Mbps coax cable
10 Mbps Twisted Pair
100 Mbps over Category 5 twisted pair
100 Mbps over Fiber Optics
1Gbps over Fiber Optics
1Gbps over Fiber Optics (for wide area links)
8
Bus Topology
• 10Base5 and 10Base2 Ethernets has a bus topology
Ethernet
9
Star Topology
• Starting with 10Base-T, stations are connected to a hub in a
star configuration
Hub
10
Ethernet Hubs vs. Ethernet Switches
• An Ethernet switch is a packet switch for Ethernet frames
• Buffering of frames prevents collisions.
• Each port is isolated and builds its own collision domain
• An Ethernet Hub does not perform buffering:
• Collisions occur if two frames arrive at the same time.
Hub
Switch
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
HighSpeed
Backplane
CSMA/CD
Input
Buffers
CSMA/CD
CSMA/CD
Output
Buffers
11
Ethernet and IEEE 802.3: Any Difference?
• There are two types of Ethernet frames in use, with subtle
differences:
• “Ethernet” (Ethernet II, DIX (Digital-Intel-Xerox)
• An industry standards from 1982 that is based on the
first implementation of CSMA/CD by Xerox.
• Predominant version of CSMA/CD in the US.
• 802.3:
• IEEE’s version of CSMA/CD from 1985.
• Interoperates with 802.2 (LLC) as higher layer.
• Difference for our purposes: Ethernet and 802.3 use
different methods to encapsulate an IP datagram.
12
Ethernet II, DIX Encapsulation (RFC 894)
802.3 MAC
destination
address
source
address
type
data
CRC
6
6
2
46-1500
4
0800
IP datagram
2
38-1492
0806
ARP request/reply
2
28
0835
2
PAD
10
RARP request/reply PAD
28
10
13
IEEE 802.2/802.3 Encapsulation (RFC 1042)
802.3 MAC
802.2 LLC
802.2 SNAP
destination
address
source
address
length
DSAP
AA
SSAP
AA
cntl
03
org code
0
type
data
CRC
6
6
2
1
1
1
3
2
38-1492
4
0800
IP datagram
2
38-1492
0806
ARP request/reply
PAD
2
28
10
- destination address, source address:
MAC addresses are 48 bit
- length: frame length in number of bytes
- DSAP, SSAP: always set to 0xaa
- Ctrl:
set to 3
- org code: set to 0
- type field identifies the content of the
data field
- CRC:
cylic redundancy check
0835
2
RARP request/reply PAD
28
10
14
Point-to-Point (serial) links
• Many data link connections are
point-to-point serial links:
– Dial-in or DSL access connects hosts
to access routers
– Routers are connected by
high-speed point-to-point links
• Here, IP hosts and routers are
connected by a serial cable
• Data link layer protocols for pointto-point links are simple:
– Main role is encapsulation of IP
datagrams
– No media access control needed
Access
Router
Modems
Dial-Up Access
Router
Router
Router
Router
Point-to-Point Links
15
Data Link Protocols for Point-to-Point links
• SLIP (Serial Line IP)
• First protocol for sending IP datagrams over dial-up links (from
1988)
• Encapsulation, not much else
• PPP (Point-to-Point Protocol):
• Successor to SLIP (1992), with added functionality
• Used for dial-in and for high-speed routers
• HDLC (High-level Data Link Control) :
• Widely used and influential standard (1979)
• Default protocol for serial links on Cisco routers
• Actually, PPP is based on a variant of HDLC
16
PPP - IP encapsulation
• The frame format of PPP is similar to HDLC and the 802.2 LLC frame
format:
flag
addr ctrl
7E
FF
03
1
1
1
protocol
data
CRC
flag
7E
2
<= 1500
0021
IP datagram
C021
link control data
8021
network control data
2
1
• PPP assumes a duplex circuit
• Note: PPP does not use addresses
• Usual maximum frame size is 1500
17
Additional PPP functionality
• In addition to encapsulation, PPP supports:
– multiple network layer protocols (protocol multiplexing)
– Link configuration
– Link quality testing
– Error detection
– Option negotiation
– Address notification
– Authentication
• The above functions are supported by helper protocols:
– LCP
– PAP, CHAP
– NCP
18
PPP Support protocols
• Link management: The link control protocol (LCP) is
responsible for establishing, configuring, and negotiating a
data-link connection. LCP also monitors the link quality and is
used to terminate the link.
• Authentication: Authentication is optional. PPP supports two
authentication protocols: Password Authentication Protocol
(PAP) and Challenge Handshake Authentication Protocol
(CHAP).
• Network protocol configuration: PPP has network control
protocols (NCPs) for numerous network layer protocols. The IP
control protocol (IPCP) negotiates IP address assignments
and other parameters when IP is used as network layer.
19
Address Resolution Protocol
(ARP)
20
Overview
TCP
UDP
ICMP
IP
IGMP
ARP
Network
Access
RARP
Transport
Layer
Network
Layer
Link Layer
Media
21
ARP and RARP
• Note:
– The Internet is based on IP addresses
– Data link protocols (Ethernet, FDDI, ATM) may have
different (MAC) addresses
• The ARP and RARP protocols perform the translation
between IP addresses and MAC layer addresses
• We will discuss ARP for broadcast LANs, particularly Ethernet
LANs
IP address
(32 bit)
ARP
RARP
Ethernet MAC
address
(48 bit)
22
Processing of IP packets by network device drivers
IP Input
IP Output
Put on IP
input queue
Yes
Yes
IP destination = multicast
or broadcast ?
No
IP destination of packet
= local IP address ?
loopback
Driver
Put on IP
input queue
No: get MAC
address with
ARP
Ethernet
Driver
ARP
ARP
Packet
IP datagram
demultiplex
Ethernet Frame
Ethernet
23
Address Translation with ARP
ARP Request:
Argon broadcasts an ARP request to all stations on the
network: “What is the hardware address of
128.143.137.1?”
Argon
128.143.137.144
00:a0:24:71:e4:44
Router137
128.143.137.1
00:e0:f9:23:a8:20
ARP Request:
What is the MAC address
of 128.143.71.1?
24
Address Translation with ARP
ARP Reply:
Router 137 responds with an ARP Reply which contains the
hardware address
Argon
128.143.137.144
00:a0:24:71:e4:44
Router137
128.143.137.1
00:e0:f9:23:a8:20
ARP Reply:
The MAC address of 128.143.71.1
is 00:e0:f9:23:a8:20
25
ARP Packet Format
Ethernet II header
Destination
address
Source
address
Type
0x8060
6
6
2
ARP Request or ARP Reply
28
10
Hardware type (2 bytes)
Hardware address
length (1 byte)
Padding
CRC
4
Protocol type (2 bytes)
Protocol address
length (1 byte)
Operation code (2 bytes)
Source hardware address*
Source protocol address*
Target hardware address*
Target protocol address*
* Note: The length of the address fields is determined by the corresponding address length fields
26
Example
• ARP Request from Argon:
Source hardware address:
Source protocol address:
Target hardware address:
Target protocol address:
00:a0:24:71:e4:44
128.143.137.144
00:00:00:00:00:00
128.143.137.1
• ARP Reply from Router137:
Source hardware address:
Source protocol address:
Target hardware address:
Target protocol address:
00:e0:f9:23:a8:20
128.143.137.1
00:a0:24:71:e4:44
128.143.137.144
27
ARP Cache
• Since sending an ARP request/reply for each IP datagram is
inefficient, hosts maintain a cache (ARP Cache) of current
entries. The entries expire after a time interval.
• Contents of the ARP Cache:
(128.143.71.37) at 00:10:4B:C5:D1:15 [ether] on eth0
(128.143.71.36) at 00:B0:D0:E1:17:D5 [ether] on eth0
(128.143.71.35) at 00:B0:D0:DE:70:E6 [ether] on eth0
(128.143.136.90) at 00:05:3C:06:27:35 [ether] on eth1
(128.143.71.34) at 00:B0:D0:E1:17:DB [ether] on eth0
(128.143.71.33) at 00:B0:D0:E1:17:DF [ether] on eth0
28
Proxy ARP
• Proxy ARP: Host or router responds to ARP Request that
arrives from one of its connected networks for a host that is
on another of its connected networks.
29
Things to know about ARP
• What happens if an ARP Request is made for a non-existing
host?
Several ARP requests are made with increasing time
intervals between requests. Eventually, ARP gives up.
• On some systems (including Linux) a host periodically sends
ARP Requests for all addresses listed in the ARP cache. This
refreshes the ARP cache content, but also introduces traffic.
• Gratuitous ARP Requests: A host sends an ARP request for
its own IP address:
– Useful for detecting if an IP address has already been
assigned.
30
Vulnerabilities of ARP
1. Since ARP does not authenticate requests or replies, ARP Requests and
Replies can be forged
2. ARP is stateless: ARP Replies can be sent without a corresponding ARP
Request
3. According to the ARP protocol specification, a node receiving an ARP
packet (Request or Reply) must update its local ARP cache with the
information in the source fields, if the receiving node already has an entry
for the IP address of the source in its ARP cache. (This applies for ARP
Request packets and for ARP Reply packets)
Typical exploitation of these vulnerabilities:
• A forged ARP Request or Reply can be used to update the ARP cache of
a remote system with a forged entry (ARP Poisoning)
• This can be used to redirect IP traffic to other hosts
31
Notes on Lab 2
32
What is a single-segment network?
128.195.1.100
128.195.1.200
128.195.1.300
128.195.2.0/24
128.195.1.0/24
128.195.1.1
128.195.2.100
128.195.2.1
128.195.3.1
128.195.2.200
128.195.3.0/24
128.195.3.100
128.195.3.200
• A single-segment network consists of interfaces connected
by a single physical link, either a point-to-point link or a
broadcast link.
• Interfaces on the same single-segment network have the
same network prefix.
33
How to identify a single segment IP network
128.195.2.100
128.195.1.100
128.195.1.200
128.195.1.300
128.195.1.1
128.195.3.1
128.195.2.200
128.195.3.100
•
•
•
128.195.2.1
128.195.3.200
Detach interfaces from routers or hosts
Each isolated island is a single segment IP network
Each interface on the same single segment IP network must have
the same network address prefix
34
Protocol specification vs implementation
•
According to the ARP protocol specification, a node receiving
an ARP packet (Request or Reply) must update its local ARP
cache with the information in the source fields, if the
receiving node already has an entry for the IP address of the
source in its ARP cache. (This applies for ARP Request
packets and for ARP Reply packets)
•
Implementation may differ from the specification
• What you observe in the lab may not be universally
true.
35