Week 12 - Sonet, Network, Transport
Download
Report
Transcript Week 12 - Sonet, Network, Transport
CSIS 625 Week 12
Multicast, Transport,
TCP/IP
Copyright 2001, 2002 - Dan Oelke
For use by students of CSIS 625 for purposes of this class only.
CSIS 625
1
Overview
• Multicast - specialized network layer
protocols
• Transport Layer
– Up to layer 4
– Ports, Connections, etc
• TCP/IP
– Network Layer - IP
• IP Addresses, Subnets,
– Transport Layer - UDP or TCP
– ICMP, Arp, etc
CSIS 625
2
Multicast Traffic
• Multicast - to send the same data to multiple destinations,
but not send multiple copies and not broadcast it to
everyone.
• Useful for:
– Radio/TV broadcasts where users “tune in”
– Teleconferencing – IETF meetings are often sent this way
– Distributed updates of information (software updates, database
updates, etc)
• Uses special set of network (and sometimes data link
layer) addresses.
• On a single broadcast LAN, often sent as a broadcast to a
special address that allows network interfaces to listen (or
ignore) as they choose
• On some systems that are not multicast aware, it can be
sent multiple times – also called multiple unicast.
CSIS 625
3
Special requirements of multicast
• Routers must be multicast aware.
• Router will possibly forward a packet out multiple ports
rather than just one.
• Each multicast aware router must keep track of networks
or interfaces that have are “joined” to a particular multicast
session.
• Routers must handle nodes, or networks, leaving and
joining a multicast session.
– Keep alive messages ensure that nodes who leave improperly are
removed from the multicast group
• Routing protocol and algorithms needed for routers to
determine the shortest path to all group members.
• IGMP – Internet Group Management Protocol
– The TCP/IP protocol for managing multicast traffic
– Defined in RFC 1112 (version 1) and RFC 2236 (version 2)
CSIS 625
4
Transport Layer
• May be connection oriented (TCP) or connectionless
(UDP)
• Connection Oriented Transport protocol
– Provides establishment, maintenance, and termination of a logical
connection
• End to end delivery of messages (not just packets)
– Provides segmentation and reassembly of messages into packets
•
•
•
•
•
Addressing - addition of port number
Flow Control
Ordered Delivery
Reliable Delivery
Duplicate Detection
CSIS 625
5
Transport Layer
• Transport layer provides for reliable delivery
– At least the TCP part of TCP/IP does
– There is UDP/IP which is not reliable
• Error control and flow control typically done
using a sliding window mechanism.
– Sequence numbers with ACKs and NAKs
• Transport provides for connection establishment
and termination
– A 3 way handshake is typical for connection
establishment.
– Obviously, not needed for connectionless protocols
CSIS 625
6
Transport Layer - Port numbers
• Transport Layer adds to network address the SAP
– Service Access Point
– In TCP/IP and many protocols this is called the port
number
– Provides an additional level of addressing beyond the
host.
• Allows for an additional level of multiplexing
– Typically identifies the service –
• HTTP server
• SMTP server
• POP3 server
• Telnet server
• etc
CSIS 625
7
Port numbers
• How does a user application know what
port number to use?
– User “just knows” the number - it is a
configuration option
– Well known port numbers are used
• /etc/services on many systems
• This is commonly used for servers
– A name server is used
– Another application on a well-known port
spawns a child application on some other port
(remote job management)
CSIS 625
8
Connection Establishment
• Typically a three-way handshake
• Initiator sends a SYN (Synchronize sequence number)
packet
• Receiver sends back a SYN packet that also acknowledges
the initiators initial sequence number
• Initiator sends an ACK packet to acknowledge the
receiver’s initial sequence number
• Now either side may start sending data
• If the SYN packets overlap - no problem both just send
ACKs.
CSIS 625
9
Connection Establishment Security concerns
• The initial sequence number must be random to
prevent session hijacking.
– If not, a malicious sender can create packets that look
like they come from a trusted source and inject any data
that they choose.
• A malicious initiator can send a lot of initial SYN
packets, but never finish the 3-way transaction
– This can cause resources on the receiver to be tied up
until the three-way handshake times out.
CSIS 625
10
Connection Termination
• One side decides it is done and sends a FIN
(Finish) packet to the other.
• The other side responds with a FIN packet.
• After receiving the corresponding FIN
packet back the session is considered
closed.
• If you receive a FIN packet, it is considered
closed after sending a FIN packet back.
CSIS 625
11
Sequence numbers
• Some systems use a sequence number per packet.
• Some systems use an implicit sequence number
for each byte.
– This means that sequence numbers can increase a lot
for every packet of data.
– TCP uses this scheme
• By ensuring sequence numbers occur in order we
get:
–
–
–
–
CSIS 625
Ordered delivery
Error control for lost or damaged packets
Flow Control
Duplicate detection
12
Retransmission strategy
• A positive acknowledgement of each received segment is
required
• If an acknowledgement is not received after some time
period, a retransmission of the segment occurs
– May be lost data segment -or- lost ACK
• Timeout for retransmission
– May be a fixed value - but it is difficult (impossible?) to
get a good value for all situations
• Too long means sluggish response to lost packets
• Too short means many retransmissions for packets that were
delayed (not lost)
• Ideal timer is just a little longer than round-trip time
– May be adaptive
• Difficult because transmission and processing delays can
change widely and rapidly.
CSIS 625
13
Duplicate detection & Out of Order Data
Management
• A receiver doesn’t know if a duplicate is the first
copy or second
– The first copy may have been delayed causing the
second copy to arrive before the first.
• The receiver acknowledges the first copy received
• The sequence number window must be large
enough so that a packet will die before sequence
numbers wrap around
• If data is received out of order
– Receiver may discard segment
– Receiver may hold segment and wait for missing
segment
CSIS 625
14
TCP/IP Introduction
• TCP/IP is the protocol used for the Internet
• Developed in the 70’s for the US Department of
Defense
– Arpanet - Advanced Research Project Agency
NETwork
• TCP/IP Defines the network and transport layers
– Assumes a connectionless, unreliable packet oriented
data link and physical layer.
– May use connection oriented or non-packet data link
layers, but does not take advantage of their capabilities.
CSIS 625
15
TCP/IP by the layers
• ARP - Address Resolution Protocol - a layer-2 to layer-3 address
mapping protocol
• IP - Internetwork Protocol is the network layer
– Best effort unreliable delivery
• TCP - Transmission Control Protocol - a connection oriented transport
layer
– Stream of data that is guaranteed delivery in sequence
• UDP - User Datagram Protocol - a connectionless transport layer
• Applications do the rest
– lately there are some presentation layer type protocols for encryption
(SSH is the prime example)
• DNS - Domain Name System
– A way to map names to IP addresses
– Example: www.stthomas.edu => 140.209.3.54
CSIS 625
16
Internetwork Protocol
• Header format – IPv4
0
7
15
31
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ver | hlen |
TOS
|
Total Length
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Identification
|Flags|
Fragment Offset
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
TTL
|
Protocol
|
IP Checksum
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Source IP Address
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Destination IP Address
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
IP Options (if any)
...|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
CSIS 625
17
IPv4 Header fields
• Ver - version - currently IPv4 or 0100
– IPv6 is starting to deploy - it has a different formatted
header
• HLen - header length in multiples of 4 bytes
– Allows header lengths up to 60 bytes
• TOS - Type of Service - supposed to be used for
prioritization of data
• Total Length - length of IP datagram
CSIS 625
18
IPv4 Header fields
• Identification, flag, fragment offset
– Identification is a unique number for each packet
– More fragment flag - tells if this is the last fragment
– Don’t fragment flag - tells IP to not fragment this
packet
– fragment offset - the offset in the packet for this
fragment
• TTL - Time to live - initialized to 32 and
decremented for each hop
• Protocol - defines if it is TCP/UDP/ICMP/etc
• IP Checksum - calculated over header only
CSIS 625
19
IPv4 Addresses
• IPv4 addresses are 32 bits.
• Typically written in dotted-decimal notation
– Four numbers 0-255 separated by dots.
– 128.11.34.132
• The address is divided into a network portion and
a host portion
• Initially IPv4 had the concept of network classes
that identified how many bits were the network
portion based on the first couple of bits.
– Caused address space crunch
– This has now been abandoned in all modern IP stacks
CSIS 625
20
IPv4 Address Classes
• Class A
– 1.0.0.0 -> 126.0.0.0
– 0.* and 127.* reserved
• Class B
– 128.0.0.0 -> 191.255.0.0
• Class C
– 192.0.0.0 -> 223.255.255.0
• Class D/E (Multicast)
– 224.0.0.0 -> 255.255.255.255
• Remember - usually not used in practice, just used
to designate how much space is given
CSIS 625
21
IPv4 Addresses and subnets
• Instead of looking at the first couple of bits and
determining what the class is, and therefore what
the Network portion is, now all systems use a
subnet mask.
• Subnets where started before class notation was
abandoned as a way to break down bigger
networks.
• Subnet is a 32 bit number that when bitwiseand’ed with an address breaks it into a network
portion and a host portion
CSIS 625
22
IPv4 Subnets
• Subnets are generally set with only the most
significant bits set to 1’s.
• This allows for a simplification where the address
is written with a slash indicating number of bits in
subnetmask
– Example: 192.176.32.3/24 indicates that the subnet
mask is 24 bits or 255.255.255.0. This indicates a
network of 192.176.32.0
– Does not have to end up on even byte boundaries.
CSIS 625
23
IP - default gateway.
• An IP node is generally provisioned with
– IP address
– Subnet mask
– Default gateway
• The Default gateway is the address that a packet is
forwarded to if it isn’t on the same network as the
sending node.
• Typically the default gateway is a router that
forwards packets to the correct network
CSIS 625
24
ICMP - Internet Control Message Protocol
• Documented in RFC 792
• Uses IP to transport messages, but is not a fully separate
transport layer protocol because it is so integrated with IP
• Reports some errors - but not everything so it isn’t there to
make IP reliable.
• Does not send error messages when the source of the
destination address isn’t an individual address (multi-cast,
loopback, etc)
• Does not send error messages for ICMP messages (avoid
the infinite loop)
CSIS 625
25
ICMP - Types of messages:
– Echo & Echo Reply • Used for “ping” command to see if a node is there
– Destination unreachable
• A router in-between can’t forward the packet because a link is down
• The end node doesn’t have a service running on that port.
– Source Quench
• Meant to be a way for the destination to tell the source to slow down
• Often not used
– Redirect
• A router tells the previous node a better way to send the packet.
– Time Exceeded
• The TTL value of a packet counted down to zero before the packet
could be delivered.
• Used by the traceroute command.
CSIS 625
26
Transport layer – UDP/IP
• UDP is simple in that all it really has to support in
addition to the IP header is port addresses.
• Header format
0
7
15
31
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Source Port
|
Destination Port
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Total length
|
Checksum
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
• Source and destination ports determine the service that is
running them
• Checksum protects the UDP header (not the packet data)
CSIS 625
27
Transport layer – TCP/IP
• TCP is connection oriented so it must provide connection
setup and teardown as well as provide mechanisms for
reliable packet delivery.
• Header format
0
7
15
31
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Source Port
|
Destination Port
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Sequence Number
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Acknowledgement Number
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| HLEN | Resv
|
Flags
|
Window Size
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Checksum
|
Urgent Pointer
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Options & Padding
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
CSIS 625
28
TCP Header
• Port Addresses – used to identify services
• Sequence Number & Acknowledgement number – used for sliding
window flow control and error control
• HLEN – Header length in multiples of 4
• Resv – Reserved for future use
• Flags –
–
–
–
–
–
–
URG – Urgent – there is urgent data in the data portion
ACK – The acknowledgement field is valid
PSH – Push – higher throughput is desired
RST –
SYN – Sequence number synchronization in the connection setup
FIN – connection termination
• Window Size – The number of packets that can be sent.
• Checksum – error detection for the header (not the data)
• Urgent pointer – an offset into the data portion for where the urgent
data is (if the URG flag is set.
CSIS 625
29
TCP flow control
•
•
•
TCP uses a modified sliding window technique - called a credit scheme
Each ACK has both a number in the window for the bytes that are being
acknowledged, and a number in the window that may be sent up to before
acknowledgement.
Slow Start - developed by Van Jacobson - 1988
– Exponentially increases the window size as data is successfully sent.
– Allows the amount of data being sent to grow up to the network capacity.
– Causes “slowness” for very short data transfers
•
Dynamic Window Sizing on Congestion
– When a packet is lost, and retransmitted – the window size is cut dramatically and
slow-start redone up to ½ the previous level.
– From that point on – a slower linear rather than exponential growth is taken.
•
•
These methods when widely implemented allow the Internet to work even in
the face of extreme loads.
Fortunately few people have the ability to re-write their TCP/IP stack and
defeat these mechanisms.
CSIS 625
30
ARP - Address Resolution Protocol
• Used as a way for IP to map an Ethernet Address to an IP
address
• When a node wants to send an IP datagram over an
Ethernet network, it needs to know the MAC address of
the destination.
• An Ethernet broadcast is sent out asking who owns this IP
address
• The node with the address replies.
• From the reply the original node gets the MAC address.
• Now the IP packet can be sent over the Ethernet to the
destination.
CSIS 625
31
ARP Cache
• The sender keeps a cache of recently resolved addresses so
it doesn’t have to ARP before sending every packet
– This cache can often be displayed using “arp” command
– This cache must time out if one node stops using an IP address and
another starts.
• When one node sends out an arp reply message, all nodes
on a broadcast network may add it to their cache.
CSIS 625
32
Proxy-ARP
• Sometimes an administrator will want to merge two
separate Ethernet networks to look like one for IP packets
• A router can be configured so that it will send an ARP
response on an interface for a whole range of IP addresses.
• The router will then receive the packets, and forward them
to the correct Ethernet network
– Will need to do an ARP request on that interface to find the actual
node’s MAC address.
– Router will typically be configured to proxy-ARP in both
directions.
CSIS 625
33
DNS - Domain Name System
• A protocol and the whole system for mapping names of
machines to IP addresses
• The protocol is usually over UDP packets.
– Unreliable, but since message is only one packet to the server and
one packet in response it has lower overhead than TCP.
• A node is typically configured with the IP address of one
or more DNS servers.
– If the first one fails to respond, the second one is used, etc.
• Top Level Domain - the last set of letters after a period (.) in a domain
name.
• Root name server - the master domain name server for a given top
level domain.
CSIS 625
34
DNS Control
• ICANN - Internet Corporation for Assigned Names and
Numbers
– Created by US government as a way to sort out the management of
DNS
– Very controversial in how it has been handling things
• Each of the top level domains has a single database
maintainer
– .com, .net, .org are all through Network Solutions
– .gov is controlled by the United States government
– Each country has a two letter top level domain
• (.us, .cc, .tv, .ru, .uk, .de, .au, etc.)
– There may be multiple companies that register names into that
database, but a single database exists.
• Some people have started creating alternative name
CSISservers.
625
35
TCP/IP Additional resource
• http://cache.3com.com/www.3com.com/other/pdfs/solution
s/en_US/50130201a.pdf
• http://www4.ulpgc.es/tutoriales/tcpip/pru/
CSIS 625
36