Transcript ppt
CIS 3360: Internet: Network Layer
Introduction
Cliff Zou
Spring 2012
Resources Used
Some of these slides are adapted from the slides
copyrighted by
Jim Kurose, Keith Ross
Addison-Wesley, Pearson Education2010.
Computer Networking: A Top Down Approach
Featuring the Internet, 5th edition.
2 2
Network-Layer Functions (Two Key)
forwarding: move packets from router’s
input to appropriate router output
routing: determine route taken by
packets from source to destination
routing algorithms
3
Interplay between routing and forwarding
routing algorithm
local forwarding table
header value output
0100 3 link
0101
0111
1001
2
2
1
value in arriving
packet’s header
0111
1
3 2
4
IP Addresses (Classful addressing)
32 bits
31
24 23
16 15
87
0
Class
A
0
B
10
C
110
D
1110
E
1111
Network
Host
Network
128.0.0.0
191.255.255.255
Host
Network
Host
Multicast address
Reserved for future use
Range of
host addresses
1.0.0.0
127.255.255.255
192.0.0.0
223.255.255.255
224.0.0.0
239.255.255.255
240.0.0.0
255.255.255.255
5
Classful Networks (1993)
Class
Leading
Bits
Size of
Network
Number Bit
field
Size of Rest
Bit field
Number
of Networks
Hosts
per Network
Class A
0
8
24
128
16,777,214
Class B
10
16
16
16,384
65,534
Class C
110
24
8
2,097,152
254
Class D
(multicast)
1110
not defined
not defined
not defined
not defined
Class E
(reserved)
1111
not defined
not defined
not defined
not defined
6
Q: How does an ISP get block of
addresses?
A: ICANN: Internet Corporation for Assigned
Names and Numbers
ICANN publishes /8 address allocation
allocates addresses
manages DNS
assigns domain names, resolves disputes
http://www.iana.org/assignments/ipv4-address-space/ipv4address-space.xml
You can use online “IP address locator” to find out
where a packet comes from
http://www.geobytes.com/IpLocator.htm
www.ip2location.com/free.asp
Network Addresses
Network addresses are usually written in
dotted decimal notation.
Example: Consider a network
hexadecimal address
C0 29 06 14
In binary:
1100 0000 0010 1001 0000 0110 0001 0100
C0
29
06
14
In dotted decimal:
1100 0000 0010 1001 0000 0110 0001 0100
192 .
41 .
6
.
20
8
Example: Convert IP address from dotted
decimal to binary and hex
Example:194.28.0.255
Each decimal number will be converted to eight bit
binary number. Each eight bit binary number has a
place value.
Bit
7
6
5
4
3
2
1
0
Place value
128
64
32
16
8
4
2
1
19410 = 128+64+2 = 1100 00102 = C216, where
C16=11002 and 216 = 00102
2810 = 16 + 8 + 4 = 0001 11002 = 1C16
010 = 0 = 0000 00002 = 0016
25510 = 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = 1111 11112
= FF16
9
Example continued
Dotted decimal
Hexadecimal
Binary
194.28.0.255
C2 1C 00 FF
1100 0010 0001 1100 0000 0000 1111 1111
10
Subnets
IP address:
subnet part (high order
bits)
host part (low order bits)
What’s a subnet ?
device interfaces with
same subnet part of IP
address
can physically reach
each other without
intervening router
223.1.1.1
223.1.2.1
223.1.1.2
223.1.1.4
223.1.1.3
223.1.2.9
223.1.3.27
223.1.2.2
subnet
223.1.3.1
223.1.3.2
network consisting of 3 subnets
11
Subnets
223.1.1.0/24
223.1.2.0/24
To determine the
subnets, detach each
interface from its host or
router, creating islands
of isolated networks.
Each isolated network
is called a subnet.
223.1.3.0/24
Subnet mask: /24
12
Subnets
How many?
223.1.1.2
223.1.1.1
223.1.1.4
223.1.1.3
223.1.9.2
223.1.7.0
223.1.9.1
223.1.7.1
223.1.8.1
223.1.8.0
223.1.2.6
223.1.2.1
223.1.3.27
223.1.2.2
223.1.3.1
223.1.3.2
13
Network address problem
Two solutions
Classless Inter-domain Routing (CIDR)
Private network addresses. Three ranges
10.0.0.0
10.255.255.255
172.16.0.0
172.31.255.255
192.168.0.0
192.168.255.255
14
ICANN publishes /8 address allocation
http://www.iana.org/assignments/ipv4-address-space/ipv4address-space.xml
You can see a lot of companies IP blocks due to historic
reasons
Potential threat for targeted attacks to these companies
15
IP addressing: CIDR
CIDR: Classless InterDomain Routing
subnet portion of address of arbitrary length
address format: a.b.c.d/x, where x is # bits in
subnet portion of address
host
subnet
part
part
11001000 00010111 00010000 00000000
200.23.16.0/23
16
NAT: Network Address Translation
rest of
Internet
local network
(e.g., home network)
10.0.0.0/24
10.0.0.1
10.0.0.4
10.0.0.2
138.76.29.7
10.0.0.3
All datagrams leaving local
network have same single source NAT
IP address: 138.76.29.7,
different source port numbers
Datagrams with source or
destination in this network
have 10.0.0/24 address for
source, destination (as usual)
17
NAT: Network Address Translation
Motivation: local network uses just one IP address as far as
outside world is concerned:
range of addresses not needed from ISP: just
one IP address for all devices
can change addresses of devices in local
network without notifying outside world
can change ISP without changing addresses of
devices in local network
devices inside local net not explicitly
addressable, visible by outside world (a security
plus).
18
NAT: Network Address Translation
Implementation:
Outgoing datagrams: NAT router replaces
(source IP address, port #) of every outgoing
datagram to (NAT IP address, new port #)
Remote clients/servers will respond using (NAT
IP address, new port #) as destination address.
Incoming datagrams: NAT router replaces (NAT
IP address, new port #) in destinaton fields of
every incoming datagram with corresponding
(source IP address, port #) stored in NAT table
19
NAT: Network Address Translation
2: NAT router
changes datagram
source addr from
10.0.0.1, 3345 to
138.76.29.7, 5001,
updates table
2
NAT translation table
WAN side addr
LAN side addr
138.76.29.7, 5001 10.0.0.1, 3345
……
……
1: host 10.0.0.1
sends datagram to
128.119.40.186, 80
S: 10.0.0.1, 3345
D: 128.119.40.186, 80
10.0.0.1
S: 138.76.29.7, 5001
D: 128.119.40.186, 80
138.76.29.7
S: 128.119.40.186, 80
D: 138.76.29.7, 5001
3: Reply arrives
dest. address:
138.76.29.7, 5001
3
1
10.0.0.4
S: 128.119.40.186, 80
D: 10.0.0.1, 3345
10.0.0.2
4
10.0.0.3
4: NAT router
changes datagram
dest addr from
138.76.29.7, 5001 to 10.0.0.1, 3345
20
NAT: Network Address Translation
16-bit port-number field:
60,000 simultaneous connections with a
single LAN-side address!
NAT is controversial:
routers should only process up to layer 3
violates end-to-end argument
NAT possibility must be taken into account by app
designers, eg, P2P applications
address shortage should instead be solved
by IPv6
21
NAT traversal problem
client wants to connect to
server with address 10.0.0.1
server address 10.0.0.1 local to
Client
LAN (client can’t use it as
destination addr)
only one externally visible
NATted address: 138.76.29.7
solution 1: statically configure
NAT to forward incoming
connection requests at given
port to server
e.g., (123.76.29.7, port 2500)
always forwarded to 10.0.0.1
port 2500
22
10.0.0.1
?
138.76.29.7
10.0.0.4
NAT
router
NAT traversal problem
solution 2: Universal Plug and
Play (UPnP) Internet Gateway
Device (IGD) Protocol. Allows
NATted host to:
learn public IP address
(138.76.29.7)
add/remove port
mappings
i.e., automate static NAT
port map configuration
23
10.0.0.1
IGD
10.0.0.4
138.76.29.7
NAT
router
NAT traversal problem
solution 3: relaying (used in Skype)
NATed client establishes connection to
relay
External client connects to relay
relay bridges packets between to
connections
2. connection to relay
initiated by client
Client
1. connection to relay
initiated by NATted host
3. Relaying established
138.76.29.7
24
NAT
router
10.0.0.1
DHCP: Dynamic Host Configuration Protocol
Goal: allow host to dynamically obtain its IP address from
network server when it joins network
Can renew its lease on address in use
Allows reuse of addresses (only hold address while connected an
“on”
Support for mobile users who want to join network (more shortly)
DHCP overview:
host broadcasts “DHCP discover” msg
DHCP server responds with “DHCP offer” msg
host requests IP address: “DHCP request” msg
DHCP server sends address: “DHCP ack” msg
DHCP client-server scenario
A
B
223.1.1.1
DHCP
server
223.1.1.2
223.1.1.4
223.1.2.1
223.1.2.9
223.1.2.2
223.1.1.3
223.1.3.1
223.1.3.27
223.1.3.2
E
arriving DHCP
client needs
address in this
network
DHCP client-server scenario
DHCP discover
DHCP server: 223.1.2.5
src : 0.0.0.0, 68
dest.: 255.255.255.255,67
yiaddr: 0.0.0.0
transaction ID: 654
DHCP offer
src: 223.1.2.5, 67
dest: 255.255.255.255, 68
yiaddrr: 223.1.2.4
transaction ID: 654
Lifetime: 3600 secs
DHCP request
time
src: 0.0.0.0, 68
dest:: 255.255.255.255, 67
yiaddrr: 223.1.2.4
transaction ID: 655
Lifetime: 3600 secs
DHCP ACK
src: 223.1.2.5, 67
dest: 255.255.255.255, 68
yiaddrr: 223.1.2.4
transaction ID: 655
Lifetime: 3600 secs
arriving
client