Lecture 7 - Lyle School of Engineering

Download Report

Transcript Lecture 7 - Lyle School of Engineering

Spring 2006
EE 5304/EETS 7304 Internet Protocols
Lecture 7
More About Addressing
Tom Oh
Dept of Electrical Engineering
[email protected]
Outline
•
•
•
•
•
•
•
•
IP addresses (Comer: Pg. 286)
Address resolution protocol (ARP) (Comer: Pg. 311)
Dynamic host configuration protocol (DHCP) (Comer: Pg.
630)
Subnetting ( Comer: Pg. 293-294)
Classless inter-domain routing (CIDR) (Comer: Pg. 293)
Network address translation (NAT) (Comer: Pg. 390)
Virtual private networking (VPN) (Comer: Pg. 238, 616)
Mobile IP
IP Addresses
•
IP address = (netID, hostID)
•
•
•
“netID” originally assigned by Internet Assigned Number
Authority (IANA) through Internet Network Information
Center (INTERNIC), now handled by Internet Corp. for
Assigned Names and Numbers (ICANN)
All hosts on same network have same netID
“hostID” is assigned locally
Class A Addresses
•
For large networks with many hosts, IP address format:
0nnnnnnn.hhhhhhhh.hhhhhhhh.hhhhhhhh
where
0 = first bit to identify class A
n = netID bits
h = hostID bits
Class A Addresses (cont)
•
128 (7 bits) possible class A networks, except:
•
•
•
netID = 0000000 reserved for special uses
netID = 1111111 reserved for special uses
10.x.x.x reserved for private networks [RFC 1918]
•
•
May be used within any network, but not routed across the public
Internet
16,777,216 (24 bits) possible host addresses per network
•
•
hostID = all 0’s: refers to network itself (not any particular
host)
hostID = all 1’s: directed broadcast address (to
broadcast to all hosts in network)
Class B Addresses
•
For medium networks with many hosts, IP address format:
10nnnnnn.nnnnnnnn.hhhhhhhh.hhhhhhhh
where
10 = first 2 bits to identify class B
n = netID bits
h = hostID bits
Class B Addresses (cont)
•
16,384 (14 bits) possible class B networks, except:
•
•
•
•
netID = all 0’s reserved for special uses
netID = all 1’s reserved for special uses
Range 172.16.x.x - 172.31.x.x reserved for private
networks [RFC 1918]
65,536 (16 bits) possible host addresses per network
•
•
hostID = all 0’s: refers to network itself (not any particular
host)
hostID = all 1’s: directed broadcast address (to
broadcast to all hosts in network)
Class C Addresses
•
For small networks with few hosts, IP address format:
110nnnnn.nnnnnnnn.nnnnnnnn.hhhhhhhh
where
110 = first 3 bits to identify class C
n = netID bits
h = hostID bits
Class C Addresses (cont)
•
2,097,152 (21 bits) possible class C networks, except:
•
•
•
•
netID = all 0’s reserved for special uses
netID = all 1’s reserved for special uses
Range 192.168.0.x - 192.168.255.x reserved for private
networks [RFC 1918]
256 (8 bits) possible host addresses per network
•
•
hostID = all 0’s: refers to network itself (not any particular
host)
hostID = all 1’s: directed broadcast address (to
broadcast to all hosts in network)
Class D Addresses
•
For multicasting (broadcasting to specific group), IP
address format:
110nnnnn.nnnnnnnn.nnnnnnnn.hhhhhhhh
where
110 = first 3 bits to identify class C
n = netID bits
h = hostID bits
Class E Addresses
•
For experimental purposes, IP address format:
11110bbb.bbbbbbbb.bbbbbbbb.bbbbbbbb
where
11110 = first 5 bits to identify class E
b = address bits
Address Resolution Protocol (ARP)
•
Routers examine netID part of destination address in IP
packets
•
•
Forward packets closer to destination network, ignoring
hostID unless the router is on same network as
destination host
How does local router deliver packet to destination host?
•
Destination networks are often LANs
•
•
Each host has unique 6-byte LAN (eg, Ethernet) address in
addition to IP address
Local router must forward IP packet to destination host
via data link layer (eg, by Ethernet frame)
ARP (cont)
IP packet
Route packet by netID
in dest. IP address,
towards local router
Local router delivers
packet according to
hostID in IP address,
via MAC layer
Dest. host
ARP (cont)
•
•
LAN address space is managed by IEEE
Each LAN adapter manufacturer is assigned unique 3-byte
prefix number and manufactures adapters with this prefix +
unique 3-byte number
•
•
Unique 6-byte address is burned permanently in each
adapter's ROM
By protocol layering principle, LAN addresses and IP
addresses are independent
•
Destination IP address in IP packet must be translated
into a destination LAN address, but how?
ARP (cont)
•
•
ARP is a protocol to learn the LAN address of a host whose
IP address is known [RFC 826]
Router will broadcast ARP request message to the LAN
(sent to LAN broadcast address)
•
•
•
ARP request contains source IP address, dest. IP
address, LAN addresses
Each host checks if its IP address matches the dest. IP
address
Matching host replies with an ARP response message
containing its LAN address
ARP (cont)
ARP request
Dest. host
ARP reply
Dest. host
ARP (cont)
•
•
Router now knows the LAN address to send the packet,
and sends packet to dest. LAN address
Why not just broadcast the IP packet to all hosts in the first
place?
•
•
•
Broadcasting is too expensive - involving all hosts - to be
used every time to deliver an IP packet
For efficiency, all hosts on LAN maintain an ARP cache
containing the most recent address mappings learned
from ARP queries/responses
Reverse ARP is opposite procedure to learn the IP address
of host when LAN address is known [RFC 903]
Dynamic Host Configuration Protocol
(DHCP)
•
•
Hosts are not manufactured with permanent IP addresses,
but IP address is configured during installation
Manual configuration of IP addresses can be avoided by
DHCP (dynamic host configuration protocol)
•
•
Host configuration info. is maintained in a DHCP server
New host can discover address of DHCP server by
broadcasting DHCP Discover packet to special reserved IP
address 255.255.255.255
DHCP (cont)
•
•
Packet may be forwarded by special DHCP relays to DHCP
server, which replies with its IP address
Host gets assigned an IP address and optionally IP
address of its default IP router (to send packets)
Subnetting and Supernetting
•
Classful IP addressing:
•
•
•
•
NetID part of IP address, called prefix to host address, is
unique to each physical network
All hosts on same physical network share a common
prefix
Class A prefixes are popular and Class B prefixes are
running out soonest
Efficiency may be gained by allowing same network prefix
to be shared by multiple physical networks
•
Subnetting and supernetting (CIDR)
Subnetting
•
•
Subnetting is a type of hierarchical addressing [RFC 950]
Example: 2 physical networks share class B address
128.10.x.x
All traffic to
128.10.x.x is split
by router based on
3rd address byte
2 bytes
Class B prefix
1 byte
1 byte
Physical
network
Host
Network
128.10.1.x
Network
128.10.2.x
Subnetting (cont)
•
Last 2 bytes are divided into 1 byte to identify physical
network and 1 byte for host
•
•
•
But more flexibility is needed - this example limits 256
subnets and 256 hosts per subnet
Each organization can choose its own way of partitioning
address space
Partitioning of address space is specified by 32-bit subnet
mask
•
•
1’s signify bits in subnet prefix
0’s signify bits in host identifier
Subnetting (cont)
•
Example: a subnet mask for a class B address (mask can
be written 255.255.255.0):
11111111.11111111.11111111.00000000
Class B prefix should be all 1’s
Additional
bits to
identify
network
Host
identifier
Subnetting (cont)
•
More flexibly, 1’s can be anywhere (but not common in
practice), for example
11111111.11111111.00011000.01000000
Class B prefix should be all 1’s
Additional
bits to
identify
network
Host
identifier
•
Classless Inter-Domain Routing
(CIDR)
Suppose a class B address (65,536 hosts) is too large for
an organization but class C address (256 hosts) is too
small
•
•
Supernetting is classless addressing
•
•
Organization would like a block of class C addresses
Addresses in a network can span multiple class prefixes
CIDR [RFC 1517] collapses block of contiguous addresses
into single representation
•
Lowest 32-bit address + 32-bit CIDR mask
CIDR (cont)
•
Example:
Lowest address:
10000000.11010011.10101000.00000000
CIDR mask:
11111111.11111111.11111000.00000000
Mask marks end of prefix, so
highest address in block is
10000000.11010011.10101111.11111111
CIDR (cont)
•
CIDR notation (aka, slash notation):
128.211.168.0/21
Lowest address
in block
Number of 1 bits in CIDR
mask (/8, /16, /24
correspond to traditional
class A, B, C divisions)
CIDR (cont)
•
CIDR complicates routing tables because CIDR addresses
are not self-identifying
•
•
•
Classful addresses had fixed division between network
prefix and hostID
Division between prefix and hostID in CIDR address
cannot be determined by looking at address
Modern routers understand CIDR notation since 1993
(approval of CIDR)
•
Various approaches to looking up prefix in routing tables
Network Address Translation (NAT)
•
Private TCP/IP networks can use arbitrary IP addresses if
isolated from public Internet
•
•
•
But private networks often want Internet access
Usually small fraction of hosts want Internet access at
any same time
NAT allows private networks to access Internet through at
least one globally valid IP address, say G, while keeping
their private IP addresses [RFC 3022]
•
•
Private IP addresses are not globally unique
Helps IP address shortage because private addresses
can be re-used in other private domains
Network Address Translation (NAT)
•
NAT box is computer interconnecting private network and
public Internet, running NAT software, assigned IP address
G
•
If private network host wants to access Internet, NAT box
translates public address G to private address
Globally unique
address G
Internet
NAT
Private IP
network
Private nonunique
address P
NAT (cont)
•
From internal view, NAT box is like a router with reach to
public Internet - works transparently to hosts
•
•
•
Outgoing packets from private host have source IP
address changed from private host address to public
address G
Incoming packets have destination IP address changed
from G to private host address
Advantage: NAT boxes can be installed without changing
existing hosts and routers
NAT (cont)
•
Address translation is done by NAT translation table
•
•
•
Initialized manually (but takes work)
Built dynamically by watching addresses in outgoing
packets (but communication cannot be initiated from
Internet side)
Built dynamically by handling domain name lookups for
private hosts (but works only if sender performs domain
name lookup before sending data)
Public address
Private address
G1
P1
G2
P2
NAT (cont)
•
ISPs often use NAT tables built dynamically by outgoing
packets
•
•
ISP customer is assigned a private address when dialed
in
NAT table entry is initialized by customer’s packet to
Internet
ISP using NAT
Internet
ISP customer
NAT
dialup
NAT (cont)
•
ICMP complicates NAT
Packet with
source address G
Internet
NAT
Private IP
network
ICMP Destination
Unreachable message
contains original packet
header (with source
address G though)
Private
address P
NAT must open ICMP
message and translate
address G to P
Virtual Private Networks (VPN)
•
Many private organizations have distributed sites that need
to be networked together privately, but leased lines are
expensive and maybe inefficient (if not used all the time)
•
•
Frame relay and ATM virtual circuits can interconnect
sites more efficiently than leased lines, but involve
subscription fees
VPNs allow private networking over public Internet
•
Internet offers ubiquity (access from anywhere) and
efficiency (packets)
VPN (cont)
•
VPN allows private communications over public network
•
•
Tunnels allow packet delivery
Encryption allows privacy
Private
network
Private
network
tunnels
Private
network
VPN (cont)
•
Tunnels use IP-in-IP encapsulation
•
•
•
Real packet for dest. host is carried in payload of outer
IP packet
Outer IP packet serves to deliver inner packet
unchanged through Internet
For privacy, inner packet is first encrypted
•
Encryption scrambles data mathematically into
unreadable form, depending on a secret key, but
reversible by decryption with same secret key
VPN (cont)
Private
address P1
Router
address R1
Private
network
source P1
to dest. P2
Router
address R2
Private
network
tunnel
Encrypt
Decrypt
•••
•••
•••
•••
Add outer packet
header with source
R1 to dest. R2
Private
address P2
Remove outer
packet header
after delivery
Mobile IP
•
•
A limitation of IP addresses: netID part of IP address
assumes fixed location
A mobile host may connect to Internet from different
networks
•
•
Must change its IP address or routers must propagate a
host-specific route across Internet
Mobile IP [RFC 2002] extends IP to support mobile hosts
under constraints:
•
•
Transparent to applications, transport layer protocols,
existing routers
No changes to existing IP addresses
Mobile IP (cont)
•
•
Mobile hosts have 2 addresses and make use of tunneling
Primary address on “home” network is permanent
•
•
Used by applications and transport protocols
Secondary (”care-of”) address on “foreign” network is
temporarily assigned when roaming
•
•
Obtained by registering with foreign network
Not known by applications - known only by mobile host
and “agents” in home network and foreign network
Mobile IP (cont)
•
VPN allows private communications over public network
Packet to
permanent
address
Home agent
tunnels packet to
care-of address
Home
network
tunnel
Foreign
network
Delivered
to care-of
address;
original
packet
recovered
Mobile IP (cont)
•
Roaming mobile host registers with foreign agent in foreign
network
•
•
•
•
Obtains care-of address from foreign host
Informs home agent of care-of address
Mobile host must register again if visit new foreign network
Mobile host must de-register when returning home to stop
packet forwarding