Transcript Chapter7 (IPv4)

Chapter 7
Internet
Protocol
Version 4
(IPv4)
Kyung Hee
University
1
7.1 Introduction
The transmission mechanism used by the TCP/IP
Unreliable and connectionless datagram protocol
Best-effort delivery service
IP packets can be corrupted, lost, arrive out of order, or
delayed and may create congestion for the network
Each datagram is handled independently
Each datagram can follow a different route to
destination
Datagram sent by the same source to the same
destination could arrive out of order.
Kyung Hee
University
2
Position of IP in TCP/IP protocol suite
Kyung Hee
University
3
7.2 Datagrams
Datagrams are packets in the network layer
Datagram is a variable-length packet consisting of
header and data.
The header is 20 to 60 bytes, contains information
essential to routing and delivery
It is customary in TCP/IP to show the header in 4-byte
section
Field in Header
Version(VER) – the version of IP protocol (4-bit)
Header length(HLEN) – total length of the datagram
header in 4-byte words.
Kyung Hee
University
4
IP Datagram
Kyung Hee
University
5
IP Datagram
TOS(Type of Service) – 8-bit
x x 0 0
Precedence
interpretation
x
Category
0
x
x
x
x
x
0
x
x
x
x
1
1
x
x x x 0 1
Differential service
interpretation
Codepoint
Assigning Authority
1
XXXXX0
Internet : 24 services
2
XXXX11
Local
3
XXXX01
Temporary or experiment
Kyung Hee
University
6
IP Datagram
Total Length
16-bit field (limited to 65,535 bytes)
Define the total length of the IP datagram in bytes
Length of data = total length – header length
Encapsulation of a small datagram in an Ethernet frame
Figure 7.4 Encapsulation of a small datagram in an Ethernet frame
Kyung Hee
University
7
IP Datagram
Identification – used in fragmentation
Flags – used in fragmentation
Fragmentation offset – used in fragmentation
Time to love – limited life time of datagram
Protocol – the higher level protocol that uses the
services of the IP layer
Kyung Hee
University
Fig. 7.5 Multiplexing
8
IP Datagram
Checksum – Check errors
Source address – The IP address of source
Destination address – The IP address of destination
Kyung Hee
University
9
Example 7.1
An IP packet has arrived with the first 8 bit shown:
The receiver discards the packet. Why?
Solution
There is an error in this packet. The 4 left-most
bit(0100) show the version, which is correct. The next
4 bit(0010) show the wrong header length(2 × 4 = 8).
The minimum number of byte in the header must be 20.
The packet has been corrupted in transmission.
Kyung Hee
University
10
Example 7.2
In an IP packet, the value of HLEN is 1000 in binary. How
many byte of option are being carried by this packet?
Solution
The HLEN value is 8, which means the total number of
bytes in the header is 8 × 4 or 32 bytes. The first 20 bytes
are the base header, the next 12 bytes are the option.
Kyung Hee
University
11
Example 7.3
In an IP packet, the value of HLEN is 516 and the value of
the total length field is 002816. How many bytes of data
are being carried by this packet?
Solution
The HLEN value is 5, which mean the total number of
bytes in the header is 5 × 4 or 20 bytes (no options). The
total length is 40 bytes, which means the packet is
carrying 20 bytes of data (40 − 20).
Kyung Hee
University
12
7.3 Fragmentation
The format and size of the received frame depend on
the protocol used by the physical network
When a datagram encapsulated in a frame, the total size
of the datagram must be less than MTU(Maximum
Transfer Unit) size
We must divide the datagram to make it possible to
pass through the network; this is called fragmentation
Kyung Hee
University
13
MTU(Maximum Transfer Unit)
IP datagram
Header
Kyung Hee
University
MTU
Maximum length of data that can be encapsulated in a frame
Frame
Trailer
14
Fragmentation
The value of the MTU differs from one physical network
protocol to another
Kyung Hee
University
15
Fields Related to Fragmentation
Identification – All fragments have the same
identification value
Flag – 3-bit field
Fragmentation offset – 13-bit field, the relative position
of this fragment with respect to the whole datagram
Kyung Hee
University
16
Fragmentation Example
Offset = 0000/8 = 0
0000
1399
Offset = 1400/8 = 175
1400
2799
Offset = 2800/8 = 350
2800
Kyung Hee
University
3999
17
Detailed Fragmentation Example
14,567
1420
1 000
Bytes 0000–1399
14,567
4020
0 000
Fragment 1
14,567
Bytes 0000–3999
Original datagram
14,567
820
1 175
1420
1 175
Bytes 1400–2199
Fragment 2.1
Bytes 1400–2799
Fragment 2
14,567
1220
0 350
Bytes 2800–3999
Fragment 3
Kyung Hee
University
18
Example 7.5
A packet has arrived with an M bit value of 0. Is this first
fragment, or a middle fragment? Do we know if the packet
was fragment?
Solution
If the M bit is 0, it means that there are no more fragment;
the fragment is the last one. However, we cannot say if
the original packet was fragment or not. A nonfragmented
packet is considered the last fragment.
Kyung Hee
University
19
Example 7.9
A packet has arrived in which the offset value is 100, the
value of HLEN is 5 and the value of the total length field is
100. What is the number of the first byte and the last
byte?
Solution
The first byte number is 100 × 8 = 800. The total length is
100bytes and the header length is 20bytes (5 × 4), which
means that there are 80 bytes in this datagram. If the first
byte number is 800, the last byte number must be 879.
Kyung Hee
University
20
7.4 Options
Type field (8-bit) : Fixed length
Copy : Control the presence of the option in
fragmentation
Class : Define the general purpose of the option
Number : Define the type of option
Length field (8-bit) : Fixed length
The total length of the option
Value field : Variable length
Contain the data that specific options require
Kyung Hee
University
21
Option Format
8 bits
Type
Variable length
8 bits
Length
Value
Number
Class
Copy
0 Copy only in first fragment
1 Copy into all fragments
Kyung Hee
University
00
01
10
11
Datagram control
Reserved
Debugging and management
Reserved
00000
00001
00011
00100
00111
01001
End of option
No operation
Loose source route
Timestamp
Record route
Strict source route
22
Categories of Options
Kyung Hee
University
23
No Operation Option
1-byte option used as a filter between options
Kyung Hee
University
24
End-of-Option Option
1-byte option used for padding at the end of the option
field
Kyung Hee
University
25
Record-Route Option
Used to record the Internet routers that handle the
datagram
Kyung Hee
University
26
Record-Route Concept
7
7 15 8
140.10.6.3
15 4
7 15 12
140.10.6.3
200.14.7.9
7 15 16
140.10.6.3
200.14.7.9
138.6.22.26
67.0.0.0/24
140.10.0.0/16
200.14.7.0/24
Network
Network
Network
Kyung Hee
University
138.6.22.26
200.14.7.14
200.14.7.9
140.10.5.4
140.10.6.3
138.6.25.40
67.14.10.22
67.34.30.6
138.6.0.0/16
Network
27
Strict-Source-Route Option
Used by source to predetermine a route for the
datagram as it travels through the Internet
All of routers defined in the option must be visited by
the datagram
Kyung Hee
University
28
Strict-Source-Route Concept
Source: 67.34.30.6
Destination: 67.14.10.22
137 15 4
140.10.5.4
200.14.7.14
138.6.25.40
Source: 67.34.30.6
Destination:140.10.5.4
137 15 8
67.14.10.22
200.14.7.14
138.6.25.40
Source: 67.34.30.6
Destination:200.14.7.14
137 15 12
67.14.10.22
140.10.5.4
138.6.25.40
Source: 67.34.30.6
Destination:138.6.25.40
137 15 16
67.14.10.22
140.10.5.4
200.14.7.14
138.6.25.40
67.0.0.0/24
140.10.0.0/16
200.14.7.0/24
Network
Network
Network
Kyung Hee
University
138.6.22.26
200.14.7.14
200.14.7.9
140.10.5.4
140.10.6.3
67.14.10.22
67.34.30.6
138.6.0.0/16
Network
29
Loose-Source-Route Option
Similar to the strict source route, but it is more relaxed.
Each router in the list must be visited, but the datagram
can visit other routers as well
Kyung Hee
University
30
Timestamp Option
 Used to record the time of datagram processing by a router
 The time is expressed in miliseconds from Universal Time
Kyung Hee
University
31
Use of Flag in Timestamp
 Flag 0 : each router adds only the timestamp in the provided field
 Flag 1 : each router must add its outgoing IP address and the
timestamp
 Flag 3 : the IP addresses are given, and each router must check
the given IP address with its own incoming IP address
1
0
Kyung Hee
University
32
Timestamp Concept
68 28 5
0
68 28 13 0
140.10.6.3
36000000
1
1
68 28 21 0
140.10.6.3
36000000
200.14.7.9
36000012
1
68 28 29 0 1
140.10.6.3
36000000
200.14.7.9
36000012
138.6.22.26
36000020
67.0.0.0/24
140.10.0.0/16
200.14.7.0/24
Network
Network
Network
Kyung Hee
University
138.6.22.26
200.14.7.14
200.14.7.9
140.10.5.4
140.10.6.3
67.14.10.22
67.34.30.6
138.6.0.0/16
Network
33
Example 7.11
Which of the six option are used for datagram control and which
are used for debugging and management?
Solution
We look at the second and third (left-most) bits of the type.
a. No operation: type is 00000001; datagram control.
b. End of option: type is 00000000; datagram control.
c. Record route: type is 00000111; datagram control.
d. Strict source route: type is 10001001; datagram control.
e. Loose source route: type is 10000011; datagram control.
f. Timestamp: type is 01000100; debugging and management
control.
Kyung Hee
University
34
Example 7.12
One of the utilities available in UNIX to check the traveling of the IP
packets is ping. In the next chapter, we talk about the ping program
in more detail. In this example, we want to show how to use the
program to see if a host is available. We ping a server at De Anza
College named fhda.edu. The result shows that the IP address of the
host is 153.18.8.1. The result also shows the number of bytes used.
Kyung Hee
University
35
Example 7.15
The traceroute program can be used to implement loose
source routing. The –g option allows us to define the
routers to be visited, from the source to destination. The
following shows how we can send a packet to the
fhda.edu server with the requirement that the packet visit
the router 153.18.251.4.
Kyung Hee
University
36
Example 7.16
The traceroute program can also be used to implement strict
source routing. The –G option forces the packet to visit the
routers in the command line. The following shows how we can
send a packet to the fhda.edu server and force the packet to
visit only the router 153.18.251.4.
Kyung Hee
University
37
7.5 Checksum
Checksum – The error detection method used by most
TCP/IP protocol
Protect against the corruption that may occur during the
transmission of a packet
Redundant information added to the packet
Calculated at the sender and the value obtained is sent
with the packet
The receiver repeats the same calculation on the whole
packet including the checksum
If the result is satisfactory, the packet is accepted;
otherwise, it is rejected
Kyung Hee
University
38
Checksum Concept
Receiver
Section 1 n bits
Section 2
n bits
Checksum
Packet
n bits
..............
Checksum n bits
..............
Section k n bits
Sum n bits
Complement
n bits
Result
Kyung Hee
University
If the result is 0, keep;
otherwise, discard.
39
Checksum in One’s Complement Arithmetic
Sum : T
Checksum : _T
Sender
Kyung Hee
University
T
_T
Datagram
40
Example 7.17
Figure shows an example of a checksum calculation at the sender site for
an IP header without option. The header is divided into 16-bit sections. All
the sections are added and the sum is complemented. The result is
inserted in the checksum field.
Example of checksum calculation at the sender
5
0
1
0
17
10.12.14.5
12.6.7.9
Kyung Hee
University
41
Example 7.18
Figure shows the checking of checksum calculation at the receiver site ( or
intermediate router ) assuming that no errors occurred in the header. The
header is divided into 16-bit sections. All the sections are added and the
sum is complement. Since the result is 16 0s, the packet is accepted.
Kyung Hee
University
42
7.6 IP over ATM
In this section, we want to see how an IP datagram is
moving through a switched WAN such as an ATM
The IP packet is encapsulated in cells
An ATM network has its own definition for the physical
address of a device
Binding between an IP address and a physical address is
attained through a protocol called ATMARP
Kyung Hee
University
43
An ATM WAN in the Internet
Kyung Hee
University
44
AAL Layer
The AAL layer used by the IP protocol is AAL5
The only AAL used by the Internet is AAL5
It is sometimes called the simple and efficient adaptation
layer (SEAL).
AAL5 accepts an IP packet of no more than 65,536
bytes and adds 8-byte trailer
AAL5 passes the message in 48-byte segments to the
ATM layer
Kyung Hee
University
45
Cell Routing
The cells start from the entering-point router and end at
the exiting-point router
ATM cell
IP Packet
I
II
III
Entering-point
router
ATM Network
IP Packet
Exiting-point
router
Kyung Hee
University
46
Address Binding in IP over ATM
An ATM network needs virtual circuit identifiers to
route the cell
IP datagram contains only source and destination IP
address
Virtual circuit identifiers must be determined from the
destination IP address.
Kyung Hee
University
47
7.7 Security
Since the IPv4 protocol was started when the Internet
user trusted each other, no security was provided for
the IPv4 protocol
Today, however, the situation is different
The Internet is not secure any more
In this section, we give a brief idea about the security
issues in IP protocol and the solution
Kyung Hee
University
48
Security Issues
 Packet sniffing
Passive attack
The attacker does not change the contents of the packet
Encryption of the packet – attacker cannot see the contents of packet
 Packet modification
Active attack
The attacker intercepts the packet, change the contents of the packet
Data integrity – receiver can make sure that packet has not been
changed during the transmission
 IP spoofing
An attacker can masquerade as somebody else and create an IP packet that
carries the source address of another computer
Origin authentication mechanism can prevent this type of attack
Kyung Hee
University
49
IPSec (IP Security)
 Create a connection-oriented service between two entities in
which they can exchange IP packet without worrying about
the three attacks discussed before
 Defining Algorithms and Key
The two entities that want to create a secure channel between themselves
can agree on some available algorithms and keys to be used for security
purpose
 Packet Encryption
Make the packet sniffing attack useless
 Data Integrity
Guarantee that the packet is not modified during the transmission
 Origin Authentication
Prevent IP spoofing attack
Kyung Hee
University
50
7.8 IP Package
IP package involves eight component
Header-adding module
Processing module
Forwarding module
Fragmentation module
Reassembly module
Routing module
MTU table
Reassembly table
Kyung Hee
University
51
IP Component
Kyung Hee
University
52
IP Header-Adding Module
Kyung Hee
University
53
Processing Module
Kyung Hee
University
54
IP Package
 Queue
Input queue – store the datagram coming from the data link layer
or the upper-layer protocols
Output queue – store the datagram going to the data link layer or
the upper-layer protocols
 Routing table
Used by the forwarding module to determine the next-hop address
of the packet
 Forwarding module
Receive an IP packet from the processing module
Find the IP address of the next station along with the interface
number to which the packet should be sent
 MTU table
Used by the fragmentation module to find the maximum transfer
unit of a particular interface
Kyung Hee
University
55
Fragmentation Module
Kyung Hee
University
56
Fragmentation Module
Kyung Hee
University
57
Reassembly Table
Used by reassembly module
State field : FREE or IN-USE
IP address field : define the source IP address of the
datagram
Datagram ID : number that uniquely defines a datagram
Timeout : predetermined amount of time in which all
fragments must arrive
Fragment field : a pointer to a linked list of fragment
Kyung Hee
University
58
Reassembly Module
Kyung Hee
University
59
Summary
 IP is an unreliable connectionless protocol responsible for
source-to-destination delivery. Packets in the IP layer are
called datagrams
 The MTU is the maximum number of bytes that a data link
protocol can encapsulate. MTUs vary from protocol to
protocol. Fragmentation is the division of a datagram into
smaller units to accommodate the MTU of a data link
protocol
 The IP datagram header consists of a fixed, 20-byte section
and a variable options section with a maximum 40 bytes.
The options section of the IP header is used for network
testing and debugging. The six IP options each have a
specific function
Kyung Hee
University
60
Summary
 The error detection method used by IP is the checksum. The
checksum, however, convers only the header, but not the data. The
checksum uses one’s complement arithmetic to add equal-size
sections of the IP header. The complement result is stored in the
checksum field. The receiver also used one’s complement
arithmetic to check the header.
 IP over ATM uses AAL5 layer in an ATM network. An ATM network
creates a route between an entering-point router and exiting-point
router. The next-hop address of an IP packet can be mapped to a
physical address of an exiting-point router using ATMARP
 An IP package can consist of the following : a header-adding
module, a processing module, a forwarding module, a
fragmentation module, a reassembly module, a routing table, an
MTU table, and a reassembly table.
Kyung Hee
University
61