NETS 3007

Download Report

Transcript NETS 3007 

CIDR and ICMP
NETS3303/3603
Week 5
School of Information Technologies
Proxy ARP Clarifications
192.168.10.0/24
I do!
A
B
Who has B’s MAC?
• Two broadcast domains sharing network
address through proxy ARP
• Someone else could masquerade too
School of Information Technologies
Outcome
•
•
•
•
CIDR addressing and forwarding
Learn about role of ICMP
Protocol specifics
Know about applications that use ICMP
School of Information Technologies
Classless Inter-Domain
Routing (CIDR)
• Problem
– Continued exponential Internet growth
– Subnetting insufficient
– Limited IP addresses (esp. Class B)
School of Information Technologies
CIDR Addressing
• Solution to problem
– Temporary fix until next generation of IP
– Backward compatible with classful addressing
– Permits network prefix to be arbitrary length
• CIDR was predicted to work ‘‘for a few
years’’
– Extremely successful!
– Will work for at least 20 years!
School of Information Technologies
One Motivation For CIDR:
Class C
• Fewer than seventeen thousand Class B numbers
(total)
• More than two million Class C network numbers
• No one wants Class C (too small)
• CIDR allows
– Merging Class C numbers into a single prefix
– Splitting a Class B along power of two boundaries
School of Information Technologies
CIDR and Supernetting
• CIDR’s first use
• Supernetting allows to assign a block of class C
addresses
• E.g.: A medium-sized org expects to have 200
networks (assign class B is wasteful!)
• So, an ISP can assign a block of contiguous class
C numbers
– (192.100.0.0 – 192.100.255.0)
School of Information Technologies
CIDR Notation
• Addresses written NUMBER/m
– NUMBER is IP prefix
– m is ‘‘address mask’’ length
• Example:
214.5.48.0/20
– Prefix occupies 20 bits
– Suffix occupies 12 bits
• Mask values must be converted to dotted decimal
when configuring a router (and binary internally)
– 255.255.240.0
School of Information Technologies
CIDR & Routing Table
• CIDR involves changing forwarding as well
as addressing
• Store address mask with each route
• Send pair of (address, mask) whenever
exchanging routing information
• Known as a CIDR block
School of Information Technologies
Examples of CIDR Blocks
• The corresponding CIDR block:
– 128.211.168/21
• Example of /30 CIDR Block
– 128.211.176.212/30
School of Information Technologies
Implementation Of CIDR Route
Lookup
• Each entry in routing table has address plus
mask
• Search is organized from most-specific to
least-specific (i.e., entry with longest mask
is tested first)
• Known as longest-prefix lookup or longestprefix search
School of Information Technologies
Implementing Longest-Prefix
Matching
• Unlike classful addressing, the prefix boundary is
not obvious
• So, cannot easily use hashing
• A data structure of choice is binary trie
– An ordered tree structure
– Support fast lookup for variable key-length
• Identifies unique prefix needed to match route
School of Information Technologies
Example Of Unique Prefixes & Trie
Path for prefix 0101
School of Information Technologies
Internet Control Message
Protocol
• considered part of IP
• functionality includes:
– error messages (ttl exceeded, destination unreachable,
router is out of memory, can’t fragment packet)
– network management (ping/traceroute)
– end host configuration (router advert, netmask)
• error messages go from router/end host to original
sender, not between intermediate hops
– why? => don’t know route
School of Information Technologies
ICMP Ideas
• error messages typically sent to IP sender
– later may forward to application
• ICMP error messages never generated due to:
– ICMP error message (creates loop!)
– broadcasts/multicasts packets
• Why? prevent broadcast storms
• ICMP error messages contains offending IP
header + 1st 8 bytes of IP data (contains
tcp/udp ports)
School of Information Technologies
Protocols
School of Information Technologies
Encapsulation
ICMP transmitted within IP datagram so that it is routable
(unlike arp)
School of Information Technologies
Header
checksum covers icmp header/data
School of Information Technologies
ICMP messages (not all)
School of Information Technologies
continued…
School of Information Technologies
ICMP redirect
• limited form of dynamic routing technique
• only done on same link
• situation:
– 1. assume dumb host with 1 default routing table entry
– 2. two routers on same link, one is default, one is route
to net X
– 3. dumb host sends pkt to net X via default router
– 4. default router sends ICMP redirect with correct
router address to dumb host
School of Information Technologies
Redirect Illustration
School of Information Technologies
Dest Unreachable
• Host or router cannot deliver a datagram
• Return IP header & first 8 bytes of payload
• Codes
–
–
–
–
–
0 Network unreachable
1 Host unreachable
2 Protocol unreachable
3 Port unreachable
Etc.
School of Information Technologies
Source Quench
• Primitive flow control mechanism
– No flow control in IP itself (data rate)
• Source quench alerts sender
– A packet was discarded
– Slow down transmission rate
• Returned is IP header plus 8 bytes of data
School of Information Technologies
Time Exceeded
• If TTL value 0, discard packet and issue
ICMP time exceeded, code 0
• If all fragments not received within a certain
time limit, discard fragments and issue
ICMP time exceeded, code 1
School of Information Technologies
Parameter problem
• If the IP header format wrong
– Issue ICMP parameter problem
• Code 0 faulty header field, pointer field in ICMP
addresses start byte of problem in IP header
• Code 1 required part of option is missing
School of Information Technologies
ping - ICMP echo request/reply
• ping program, useful diagnostic tool, uses ICMP
echo request/reply packets
• Linux implementation uses “raw” sockets - i/f
directly to ip layer, bypass transports
• ping would send 1 pkt per second
• some newer pings require -s to do that and only
do one ping with this output:
– hostname is alive
School of Information Technologies
ping
• ping adds identifier/sequence number fields to
packets
• sequence # allows you to see if packets lost
• ping will also do roundtrip timing
School of Information Technologies
More ping
• so what do you learn using ping?
–
–
–
–
timing info, does it take too long ?
are packets being lost (why? didn’t tell you)
you can route
end system’s tcp/ip stack is working at least
• echo reply sent by end system’s ICMP module
School of Information Technologies
ping example
• $ ping cse.ogi.edu
PING cse.ogi.edu (129.95.20.2): 56 data bytes
64 bytes from 129.95.20.2 icmp_seq=0 time=8ms
64 bytes from 129.95.20.2 icmp_seq=1 time=8ms
64 bytes from 129.95.20.2 icmp_seq=2 time=20ms
---cse.ogi.edu PING statistics --3 packets transmitted, 3 packets received, 0% loss
round-trip (ms) min/avg/max = 8/12/20
School of Information Technologies
traceroute
• traceroute (a command) allows you to determine
the routers from one end to another
% traceroute north.pole.com
• uses ICMP ttl exceeded and UDP port unreachable
(or ICMP echo reply) messages to do the job
School of Information Technologies
traceroute example
• % traceroute cse.ogi.edu (from sirius.cs.pdx.edu)
traceroute to cse.ogi.edu (129.95.20.2), 30 hops max ...
1. pdx-gwy (131.252.20.1) 3 ms 4 ms 3 ms
2. 198.104.197.58 (198.104.197.58) 7 ms 4 ms 8 ms
3. portland1-gw.nwnet.net (198.104.196.193) 6 ms 5 ms 5
ms
4. ogi-gw-nwnet.net (198.104.196.129) 8 ms 7 ms 7 ms
5. cse.ogi.edu (129.95.20.2) 14 ms 7 ms 9 ms
School of Information Technologies
traceroute algorithm
• ttl = 1 (to 1st router)
while we haven’t got UDP port unreachable
send raw/ip packet with ttl == 1
get response
if rcv ttl error
compute roundtrip time
else if UDP port unreachable
quit
print output
ttl++
end
School of Information Technologies
Address mask
• If host does not know its netmask, issue
ICMP Address mask request (Type 17)
• Router on network replies with mask
• Can be unicast or broadcast
• Often used at bootstrapping
School of Information Technologies
Router solicitation
• Host wants to learn about network topology
issues ICMP RS message (type 10)
• Routers reply with a router advertisement
(type 9)
School of Information Technologies
Packet-pair
• Problem, what is the bandwidth of the links
between my machine and destination?
• Use packet-pair to find bottleneck link
speed
School of Information Technologies
Bandwidth Estimation Algorithm
• Issue two packets back-toback
• Each link will space
packets
• Remote host might
compact again
• Read time between
packets on return path
School of Information Technologies
BW 
probesize
t end 2 t end 1
Packet-pair
School of Information Technologies
IP Final frontier, Mobility
• Once a socket opened, address cannot
change
– Change address – lose connection
– Change place of attachment – lose routing
• One solution MobileIP - RFC2002
School of Information Technologies
MobileIP
• MIP allows hosts to migrate to foreign
networks
• Communication handled by Home Agent in
home network
• Helper router in foreign network Foreign
Agent
School of Information Technologies
MIP
Foreign
Network
HA
1
School of Information Technologies
Home
Network
2
3
FA
IP Tunnelling
IP
IP
Router
School of Information Technologies
IP
IP Tunnelling
IP
IP
IP
FA
School of Information Technologies
Summary
• CIDR substantially overcame IPv4 address issues
– Required routing table and prefix-lookup change too
• ICMP provides error and management support
• Many useful network tools exploit ICMP to help
check network health
• Next: Autonomous System and Routing
architecture
School of Information Technologies