CS335 Networking & Network Administration
Download
Report
Transcript CS335 Networking & Network Administration
CS335
Networking &
Network Administration
Wednesday, May 12, 2010
ICMP
Internet Control Message Protocol
Error reporting protocol integrated with IP
We have reviewed header checksum
http://www.faqs.org/rfcs/rfc792.html
Short for Internet Control Message Protocol, an
extension to the Internet Protocol (IP) defined by
RFC 792. ICMP supports packets containing error,
control, and informational messages. The PING
command, for example, uses ICMP to test an
Internet connection.
ICMP
ICMP Protocol Overview
Internet Control Message Protocol (ICMP), documented in RFC 792, is a required protocol
tightly integrated with IP. ICMP messages, delivered in IP packets, are used for out-of-band
messages related to network operation or misoperation. Of course, since ICMP uses IP,
ICMP packet delivery is unreliable, so hosts can't count on receiving ICMP packets for any
network problem. Some of ICMP's functions are to:
Announce network errors, such as a host or entire portion of the network being unreachable, due
to some type of failure. A TCP or UDP packet directed at a port number with no receiver attached is
also reported via ICMP.
Announce network congestion. When a router begins buffering too many packets, due to an
inability to transmit them as fast as they are being received, it will generate ICMP Source Quench
messages. Directed at the sender, these messages should cause the rate of packet transmission to
be slowed. Of course, generating too many Source Quench messages would cause even more
network congestion, so they are used sparingly.
Assist Troubleshooting. ICMP supports an Echo function, which just sends a packet on a round-trip between two hosts. Ping, a common network management tool, is based on this feature. Ping
will transmit a series of packets, measuring average round--trip times and computing loss
percentages.
Announce Timeouts. If an IP packet's TTL field drops to zero, the router discarding the packet will
often generate an ICMP packet announcing this fact. TraceRoute is a tool which maps network
routes by sending packets with small TTL values and watching the ICMP timeout announcements.
ICMP
messages
http://www.iana.org/assignments/icmp-parameters
http://www.networksorcery.com/enp/protocol/icmp.htm
ICMP message transport
ICMP uses IP to transport error messages
ICMP includes both messages about errors and informational
messages. ICMP is integrated with IP: ICMP encapsulates
messages in IP for transmission and IP uses ICMP to report
problems.
ICMP
ICMP messages are created in response to a
datagram when the datagram has encountered a
problem ( ex. A router finds that the destination is
unreachable)
Sending data back to sender is easy because
datagram has source IP address
No special priority – but if a datagram carrying an
ICMP error causes an error, no error message is
sent to keep from flooding the network with error
messages about error messages
ICMP to test reachability
Ping uses the ICMP echo request and echo
reply messages
Ping sends an IP datagram that contains an
ICMP echo message to the specified
destination
If no reply arrives ping retransmits the
request
ICMP on remote machine replies to the echo
request
Traceroute
ICMP is used in traceroute
Traceroute sets the time to live of first packet to 1
The first router reponds and discards the packet
because of time to live = 0 and sends back an ICMP
time exceeded message
Traceroute now knows the IP address of the first
router from the source address of the error it sends
Then traceroute sends the second packet with time
to live of 2
Traceroute
Last address reply
Two techniques
Send an ICMP echo request message; the destination host will
generate an ICMP echo reply
Send a datagram to a nonexistent application; the destination host
will generate an ICMP destination unreachable message
Microsoft uses the first
Unix uses second approach
The 2 approaches can produce different addresses for the final
destination
Echo request gives a source address equal to the ip address to which
the request was sent
When a datagram with no application arrives, ICMP uses the address
of the interface over which the error message is sent
Traceroute result
traceroute from www.net.berkeley.edu to
www.lagrande.k12.or.us
1 vlan206.inr-203-eva.Berkeley.EDU (128.32.206.1) 0.855 ms 0.627 ms 1.219 ms
2 vlan209.inr-201-eva.Berkeley.EDU (128.32.255.1) 0.340 ms 0.306 ms 0.289 ms
3 ge-1-2-0.inr-002-reccev.Berkeley.EDU (128.32.0.36) 0.402 ms 0.401 ms 0.395 ms
4 hpr-oak-hpr--ucb-ge.cenic.net (137.164.27.129) 0.637 ms 1.150 ms 0.617 ms
5 sac-hpr--oak-hpr-10ge.cenic.net (137.164.25.17) 2.325 ms 2.239 ms 2.243 ms
6 lax-hpr--sac-hpr-10ge.cenic.net (137.164.25.10) 11.893 ms 11.748 ms 11.723 ms
7 abilene-LA--hpr-lax-gsr1-10ge.cenic.net (137.164.25.3) 11.744 ms 13.390 ms 14.997 ms
8 snvang-losang.abilene.ucaid.edu (198.32.8.95) 19.344 ms 19.163 ms 19.432 ms
9 pos-1-0.core0.eug.oregon-gigapop.net (198.32.163.17) 31.597 ms 31.478 ms 31.469 ms
10 nero.eug.oregon-gigapop.net (198.32.163.151) 31.648 ms 31.593 ms 31.585 ms
11 ptck-core2-gw.nero.net (207.98.64.2) 33.928 ms 34.089 ms 33.988 ms
12 eou-car1-gw.nero.net (207.98.64.22)46.885 ms 46.496 ms 46.667 ms
More TraceRoute Info
http://bs.mit.edu:8001/cgi-bin/traceroute
http://www.traceroute.org/#USA
http://visualroute.visualware.com/
Visual Route
http://visualroute.visualware.com/
======================================================================================
=== VisualRoute (R) 2005 Server Edition (v9.3a) report on May 11, 2005 12:46:44 PM ===
======================================================================================
Report for www.lagrande.k12.or.us [140.211.34.6]
Analysis: 'www.lagrande.k12.or.us' was found in 13 hops (TTL=243).
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------| Hop | %Loss | IP Address | Node Name
| Location
| Tzone | ms | Graph
| Network
|
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------|0 |
| 161.58.180.113 | WIN10115.visualware.com
|*
|
| |
| Verio, Inc. VRIO-161-058
|
|1 |
| 161.58.176.129 | |
|
|0 |x
| Verio, Inc. VRIO-161-058
|
|2 |
| 161.58.156.140 | |
|
| 6 | x| Verio, Inc. VRIO-161-058
|
|3 |
| 129.250.28.206 | xe-1-2-0-3.r20.asbnva01.us.bb.verio.net | Ashburn, VA, USA | -05:00 | 0 | x
| Verio, Inc. VRIO-129-250
|
|4 |
| 129.250.2.35 | p64-0-0-0.r21.asbnva01.us.bb.verio.net | Ashburn, VA, USA | -05:00 | 0 | x
| Verio, Inc. VRIO-129-250
|
|5 |
| 129.250.9.162 | p16-0.level3.asbnva01.us.bb.verio.net | Ashburn, VA, USA | -05:00 | 0 | x
| Verio, Inc. VRIO-129-250
|
|6 |
| 209.244.11.13 | so-2-1-0.bbr2.Washington1.Level3.net | 38.55n, 77.13w |
|0 |x
| Level 3 Communications, Inc. LEVEL3-CIDR
|
|7 |
| 209.247.10.133 | so-1-0-0.mp2.Seattle1.Level3.net
| Seattle, WA, USA | -08:00 | 74 |
x | Level 3 Communications, Inc. LEVEL3CIDR
|
|8 |
| 209.247.9.58 | ge-11-1.hsa2.Seattle1.Level3.net
| Seattle, WA, USA | -08:00 | 75 |
x | Level 3 Communications, Inc. LEVEL3-CIDR
|
|9 |
| 63.211.200.246 | unknown.Level3.net
|
|
| 78 |
x | Level 3 Communications, Inc. LEVEL4-CIDR
|
| 10 |
| 207.98.64.138 | ptck-core2-gw.nero.net
|
|
| 78 |
x | Oregon Exchange OREGON-EXCH
|
| 11 |
| 207.98.64.22 | eou-car1-gw.nero.net
|
|
| 91 |
x | Oregon Exchange OREGON-EXCH
|
| 12 |
| 140.211.34.6 | lagrande.k12.or.us
|
|
| 92 |
x | Oregon State System of Higher Education OSSHENET |
| 13 |
| 140.211.34.6 | www.lagrande.k12.or.us
|
|
| 92 |
x | Oregon State System of Higher Education OSSHENET |
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ICMP for path MTU discovery
Smallest MTU is the path MTU
Fragmentation impacts performance so
determining path MTU can keep
fragmentation from happening
Set header bit in Flags field to prevent
fragmentation
Probe with datagrams to find a datagram size
that passes the MTU of the route
UDP – User Datagram Protocol
End-to-end protocols are in Layer 4
End-to-end protocol or transport protocol
UDP is less complex but does not provide the
type of service that a typical application
expects
UDP
End-to-end – can distinguish among multiple applications on a
computer
Connectionless – the interface that UDP supplies to apps follows a
connectionless paradigm; does not need to preestablish communication
before sending data, nor terminate communication when finished; no
control messages, arbitrary delay times between messages
Message-oriented – an app that uses UDP send and receives individual
messages
Best-effort – UDP offers the same best effort delivery as IP
Arbitrary interaction – UDP allows an app to send to many other apps,
receive from many apps, or communicate with exactly one app
OS independent – provides a means of identifying application programs
that does not depend on identifiers used by the local OS
Message-oriented interface
Does not divide messages into packets for
transmission
Does not combine messages for delivery
IP datagram size forms a limit on the size of a UDP
message
Problems for programmers
UDP message size
Large messages will be fragmented if the network MTU is
exceeded
Small messages have large ratio of header octets to data
octets - inefficient
UDP
UDP uses IP for delivery so it uses best-effort
delivery semantics
UDP suffices for applications that can afford
lost or corrupted packets
Audio could afford a lost packet – it would
produce annoying noise
On-line shopping can’t tolerate duplication of
messages
UDP
1-to-1: app to app
1-to-many: app to multiple recipients
Many-to-1: receive messages from multiple
Many-to-many: set of apps communicate
together
Applications using UDP can use unicast,
multicast and broadcast IP addresses
UDP
UDP defines an abstract set of identifiers for
the application programs called protocol port
numbers independent of the underlying OS
All OS’s recognize the standard protocol port
numbers
UDP Datagram
UDP messages are called user datagrams
Short header and a payload
Protocol port numbers for sender and
receiver
Message length of total size measured in
octets
Encapsulation
UDP is encapsulated in IP
UDP summary
Provides end-to-end message transport from
an app on one computer to an app on
another
Encapsulated in IP
Uses best delivery like IP
Uses protocol port numbers to distinguish
among apps and independent of underlying
OS
TCP
Transmission control protocol
Provides reliable data delivery service to
applications
Reliability is the responsibility of the transport
protocol
TCP services
Connection orientation – app first requests a
connection to a destination, then uses it to transfer
data
Point-to-point – each TCP connection has exactly
two endpoints
Complete reliability – TCP guarantees that the data
sent will be delivered exactly as sent
Full duplex communication – data flows in either
direction; either app can send data at any time. TCP
can buffer outgoing and incoming data, so an app
can continue computation while data is transferred
TCP services
Stream interface – app sends continuous
sequence of octets
Reliable connection startup – both apps have
to agree to the connection; duplicate packets
used in previous connections will not appear
to be valid responses
Graceful connection shutdown – apps can
open connections, send arbitrary data, then
request a shutdown. TCP guarantees to
deliver data reliably before closing connection
End-to-end service
Virtual connections because achieved in software
Encapsulated in IP
IP passes to TCP
TCP treats IP as a packet communication system and IP
treats each TCP message as data to be transferred
Reliability
Can’t accept duplicate messages from old
connections
Computer reboots can leave a a connection
in place
Packet Loss
Retransmission
TCP starts timer when it sends data
If no ACK retransmits
Adaptive retransmission
TCP estimates round trip delays for each
connection to adapt to internet delay
Doesn’t use a fixed timeout due to changes in
internet responses
Comparison
Adaptive retransmission
Buffers, flow control
TCP uses a window mechanism
Each side allocates a buffer and
communicates it to the other side
Amount of buffer at a time is the
window
When a sender gets a zero
window it has to wait to send
more data
Receiver can control the rate at
which sender transmits data
Three-way handshake
Reliable connections established and terminated
Synchronization segment (SYN) to create connection
Finish segment (FIN) to terminate connection
TCP retransmits lost SYN and FIN segments
Congestion control
Packet loss (or extremely long delay) is most
likely due to congestion
Congestion can be exacerbated by
retransmission
So TCP uses packet loss as a measure of
congestion and reduces the rate at which it
retransmits data
TCP knows receiver window size and
retransmits at lower rates
Congestion
TCP sends a single message containing data
If an ACK arrives with no loss, TCP sends
two additional messages
If those ACK’s arrive, sends 4
When it reaches half of the receiving window
allotment it slows down the rate of increase
This scheme works well with increased traffic
on the internet
Senders back off when congestion occurs
TCP segment format
Segment refers to a message
TCP uses this format for all messages: data,
acknowledgements, and messages that are part of the 3way handshake
TCP Summary
Major transport protocol of the TCP/IP suite
Provides apps with a reliable, flow-controlled, fullduplex, stream transport service
Connection oriented with guaranteed delivery and
termination
TCP on one computer exchanges messages with
TCP on receiver
Travels in IP datagram
Retransmits lost messages
Retransmission time is adaptive
TCP resources
ftp://ftp.isi.edu/in-notes/rfc793.txt original
DARPA TCP protocol definition from 1981
ftp://ftp.isi.edu/in-notes/rfc1122.txt later
refinements
http://www.faqs.org/rfcs/rfc793.html
http://www.cisco.com/warp/public/535/4.html
http://www.protocols.com/pbook/tcpip1.htm
NAT
Network address translation
Share one single valid IP address for the
Internet with multiple computers
Computers on Internet never see private
addresses
Basic address translation
Valid IP address for site of 128.210.24.6
Source address = 10.0.0.1
Destination address = 128.211.134.4
NAT has to rewrite the source address to
make it 128.210.24.6
Also has to recompute the IP checksum
because the original checksum will fail
Translation table
NAT uses translation table to track the
destination of packets to the incoming
network
NAPT
Network address and port translation
If browser at 10.0.0.1 and 10.0.0.2 both form
TCP connection, NAPT table rewrites both IP
address and port number
NAT at home
DSL and cable modems use NAT to share
address in a residence
NAT resources
http://www.faqs.org/rfcs/rfc3022.html NAT
http://www.faqs.org/rfcs/rfc2663.html NAT
http://www.faqs.org/rfcs/rfc2766.html NAPT