Transcript lectures5-6

Chapter 4: Network Layer
 Introduction
 IP: Internet Protocol
 IPv4 addressing
 NAT
 IPv6
 Routing algorithms
 Link state
 Distance Vector
 Routing in the Internet
 RIP
 OSPF
 BGP
Chapter 4, slide: 1
Sharing an IP address
 Home networks, other small LANs
 Expensive to have unique IP address for each
host
 Want to share internet access through just
one IP address
 Want to maintain security/privacy
 Install router … but how does it work?
Chapter 4, slide: 2
Network Address Translation
 NAT is an extension of the original IP addressing




scheme
Motivated by exhaustion of IP address space
Allows multiple computers at one site to share a
single global IP address
Requires a device to perform packet translation
In-line configuration


All traffic entering or leaving the network must go
through the NAT device
Should be transparent to all users
• Virtual private connection
Chapter 4, slide: 3
NAT: Network Address Translation
 local network uses just one IP address as far as
outside world is concerned (external address)
 range of addresses not needed from ISP: just
one IP address for all devices
 can change addresses of devices in local
network without notifying outside world
 can change ISP / external address without
changing addresses of devices in local network
 devices inside local net not explicitly
addressable by outside world (a security plus).
Chapter 4, slide: 4
NAT: Network Address Translation
rest of
Internet
local network
(e.g., home network)
10.0.0/24
10.0.0.4
10.0.0.1
10.0.0.2
138.76.29.7
10.0.0.3
All datagrams leaving local
network have same single source
NAT IP address: 138.76.29.7,
different source port numbers
Datagrams with source or
destination in this network
have 10.0.0/24 address for
source, destination (as usual)
Chapter 4, slide: 5
Implementation
 To send datagram out to the internet from a
computer in the private network:
Computer constructs datagram with source
address and destination address, sends to NAT
box
 NAT box translates the source address in the
datagram to the site's IP address
 NAT keeps source and destination addresses in its
translation table
 Note: checksum must be recalculated and
datagram must be reconstructed

Chapter 4, slide: 6
Implementation
 To forward an incoming datagram from the
internet to a computer in the private network:
Datagrams arrive addressed to the site's IP
address
 NAT finds source and destination addresses in its
translation table
 NAT changes the destination address in the
datagram to the internal address for the target
computer
 NAT reconstructs the datagram (with new
checksum, etc.) and forwards it to the computer in
the private network

Chapter 4, slide: 7
Implementation
 Software solutions
 Standard PC with
• NAT software, e.g.:
– Linux masquerade
– Windows RRAS (Routing and Remote Access Server)
• extra NIC required


OK for slower speed networks (e.g., 10 Mbps)
NAT box must translate addresses in time for the usual
network functions to work
• detecting congestion, etc.
 Hardware solutions
 Special-purpose hardware for high-speed networks (e.g., gigabit
Ethernet)
 Hybrid solutions
 Routers can incorporate software for NAT
 Used in medium-speed networks (e.g., 100 Mbps)
Chapter 4, slide: 8
Virtual connection
 The effect of NAT is to form a virtual
private connection between a computer in a
private network and a remote host (internet
site).
 Of course, the connection may be to a
computer in a separate private network
(through another NAT box)
 Internal communications do not use the NAT
box
Chapter 4, slide: 9
Problems with basic NAT
 If two computers inside the private network both
want to communicate with the same external site, the
basic translation table is not sufficient
 If one computer inside the private network is running
applications with two remote hosts, the basic
translation table is not sufficient
 If a remote site wants to make the first contact with
a computer inside the private network, there will be
no translation table entry.
Chapter 4, slide: 10
NAPT
 Network Address and Port Translation
 Most popular implementation of NAT
 Usually just called NAT
 Keeps track of local addresses and IP
addresses
 Also can keep track of (and change) TCP and
UDP protocol port numbers
 Allows
• multiple computers in the private network to
communicate with a single destination
• multiple applications on a single computer in the
private network to communicate with multiple
destinations
Chapter 4, slide: 11
Example NAPT table
 Entry in table records protocol port number as well as IP address
 Port numbers are re-assigned to avoid conflicts
 Note: this requires the NAT box (router) to have some
transport-layer functionality
Direction
Initial value
Translated
Unchanged
out
IP SRC:TCP SRC
10.0.0.125:30000
IP SRC:TCP SRC
128.210.24.6:40001
IP DST:TCP DST
68.18.6.225:80
out
IP SRC:TCP SRC
10.0.0.77:30000
IP SRC:TCP SRC
128.210.24.6:40002
IP DST:TCP DST
68.18.6.225:80
in
IP DST:TCP DST
128.210.24.6:40001
IP DST:TCP DST
10.0.0.125:30000
IP SRC:TCP SRC
68.18.6.225:80
in
IP DST:TCP DST
128.210.24.6:40002
IP DST:TCP DST
10.0.0.77:30000
IP SRC:TCP SRC
68.18.6.225:80
Chapter 4, slide: 12
NAT table
 For an out-going datagram:
 Source address is changed to the site address.
 Source port number is re-assigned and recorded
 Checksum is recalculated
 Datagram is reconstructed
 Destination address / port number are not changed

Translation table records
• Internal source address / original port number
• Destination address / re-assigned source port number
Chapter 4, slide: 13
NAT table
 For an in-coming datagram:
 Destination address is changed to the internal address
recorded in the translation table.
 Destination port number is changed to the port number
recorded in the translation table.
 Checksum is recalculated
 Datagram is reconstructed
 Source address / port number are not changed
Chapter 4, slide: 14
NAT: Network Address Translation
2: NAT router
changes datagram
source addr from
10.0.0.1, 3345 to
138.76.29.7, 5001,
updates table
2
NAT translation table
WAN side addr
LAN side addr
1: host 10.0.0.1
sends datagram to
128.119.40.186, 80
138.76.29.7, 5001 10.0.0.1, 3345
……
……
S: 10.0.0.1, 3345
D: 128.119.40.186, 80
S: 138.76.29.7, 5001
D: 128.119.40.186, 80
138.76.29.7
S: 128.119.40.186, 80
D: 138.76.29.7, 5001
3: Reply arrives
dest. address:
138.76.29.7, 5001
3
1
10.0.0.4
S: 128.119.40.186, 80
D: 10.0.0.1, 3345
10.0.0.1
10.0.0.2
4
10.0.0.3
4: NAT router
changes datagram
dest addr from
138.76.29.7, 5001 to 10.0.0.1, 3345
Chapter 4, slide: 15
First contact
 When initial contact is attempted from
outside the site, there is no translation
table entry

E.G., a private network might be running
multiple servers through a NAT system
Chapter 4, slide: 16
NAT traversal problem
 client wants to connect to server with address 10.0.0.1
 server address 10.0.0.1 local to LAN (client can’t use it as
destination addr)
 only one externally visible NAT’ed address: 138.76.29.7
Client
10.0.0.1
?
10.0.0.4
138.76.29.7
NAT
router
Chapter 4, slide: 17
NAT traversal problem
Solution 1:
statically configure NAT to forward incoming connection
requests at given port to server

e.g., (123.76.29.7, port 2500) always forwarded to 10.0.0.1
port 25000
Client
10.0.0.1
?
10.0.0.4
138.76.29.7
NAT
router
Chapter 4, slide: 18
NAT traversal problem
Solution 2:
Universal PnP Internet Gateway Device (IGD) Protocol.
Allows NAT’ed host to:
 map (private IP, private port #) with (public IP, public port #)
 advertise (public IP, public port #)

10.0.0.1
So DNS can work
IGD
 add/remove port mappings
10.0.0.4
138.76.29.7
NAT
router
Chapter 4, slide: 19
Summary: Network Address Translation
 16-bit port-number field:

~65,000 simultaneous connections with a single
LAN-side address!
 NAT is controversial.

Objections include:
• routers should only process up to layer 3
• address shortage should instead be solved by IPv6
Chapter 4, slide: 20
Chapter 4: Network Layer
 Introduction
 Virtual circuit and
datagram networks
 IP: Internet Protocol
 IPv4 addressing
 NAT
 IPv6
 Routing algorithms
 Link state
 Distance Vector
 Routing in the Internet
 RIP
 OSPF
 BGP
Chapter 4, slide: 21
IPv6
 Initial motivation:
 32-bit address space soon to be completely
allocated.
 Additional motivation:
 header changes to facilitate QoS
 Major changes from IPv4:
 Fragmentation: no longer allowed; drop packet if
too big
 Checksum: removed to reduce processing time;
already done at transport and link layers
 Options: allowed, but outside of header, indicated
by “Next Header” field
Chapter 4, slide: 22
New features of IPv6
 Support for audio and video

“flow labels” and “quality of service” allow audio
and video applications to establish appropriate
connections
 Extensible
 new features can be added more easily
Chapter 4, slide: 23
IPv6 datagram format
Chapter 4, slide: 24
IPv6 base header format
Chapter 4, slide: 25
IPv6 base header
 Contains less information than IPv4 header
 VERSION (4 bits)
 TRAFFIC CLASS (8 bits)
• specifies the traffic class (used to choose a route)

FLOW LABEL (20 bits)

PAYLOAD LENGTH (16 bits)

NEXT HEADER (8 bits)

HOP LIMIT (8 bits) (old TTL)
• used to associate datagrams belonging to a flow or
communication between two applications
• indicates the length of data (i.e. payload) excluding
header
• points to first extension header
• specifies the maximum number of hops a packet can
travel through before being discarded
SOURCE ADDRESS (128 bits)
 DESTINATION ADDRESS (128 bits)

Chapter 4, slide: 26
NEXT header
Chapter 4, slide: 27
Parsing IPv6 headers
 Base header is fixed size - 40 octets
 NEXT HEADER field in base header defines type
of next header

Next header appears at end of fixed-size base header
 Some extensions headers are variable sized
 NEXT HEADER field in extension header defines type
 HEADER LEN field gives size of extension header
Chapter 4, slide: 28
Multiple headers
 Efficiency

header only as large as necessary
 Flexibility
 can add new headers for new features
 Incremental development

can add processing for new features
Chapter 4, slide: 29
Fragmentation and Path MTU
 Fragmentation information is in fragmentation
extension header
 IPv6 source (not intermediate routers) is responsible
for fragmentation

Source must find path MTU
 Routers simply drop datagrams larger than path MTU
 No more fragmenting by routers
 ICMP message sent to source
 Must be dynamic - path may change during
transmission of datagrams
 Source determines path MTU

Uses path MTU discovery
• Source sends probe message of various sizes
• Gets ICMP messages until destination reached

Constructs datagrams to fit within that MTU
Chapter 4, slide: 30
IPv6 addressing
 128-bit addresses
 Includes network prefix and host suffix
 No address classes
 prefix/suffix boundary can fall anywhere
 Longest matching prefix
Chapter 4, slide: 31
Address notation in IPv6
 128-bit addresses
 unwieldy in dotted decimal
 requires 16 numbers
 example:
• 105.220.136.100.255.255.255.255.0.0.18.128.140.10.255.255
 IPv6 uses groups of 16-bit numbers in hex
separated by colons
colon hexadecimal (colon hex)
 example:

• 69DC:8864:FFFF:FFFF:0:1280:8C0A:FFFF
 Add /bits to specify netmask
 example:
• 69DC:8864:FFFF:FFFF:0:1280:8C0A:FFFF/64
Chapter 4, slide: 32
Address shorthand in IPv6
 Zero-compression
 series of zeroes indicated by two colons
 example:
• FF0C:0:0:0:0:0:0:B1
becomes
• FF0C::B1
 An IPv6 address with 96 leading
zeros is interpreted to hold an IPv4
address
Chapter 4, slide: 33
Transition From IPv4 To IPv6
 Can all routers be upgraded simultaneously ??
 Answer: it can’t; no “flag days”
 Analogy: (IP for Internet)
~ (foundation for House)
 To change the foundation, you need to tear down the house!!
 Solution
gradually incorporate IPv6 (may take few years)


How will the network operate with mixed IPv4 and IPv6
routers?
Tunneling??
Chapter 4, slide: 34
Tunneling
Logical view:
Physical view:
Be aware that:
•
•
IPv6 nodes
have both IPv4
& IPv6
addresses
Nodes know
which nodes are
IPv4 and which
one are IPv6
(use for e.g.
DNS)
A
B
IPv6
IPv6
A
B
C
IPv6
IPv6
IPv4
Flow: X
Src: A
Dest: F
data
A-to-B:
IPv6
E
F
IPv6
IPv6
D
E
F
IPv4
IPv6
IPv6
tunnel
What is the problem here?
Why can’t B just send an
IPv4 packet to C ?
Problem: D won’t be able to
send an IPv6 packet to
E? Why?
Chapter 4, slide: 35
Tunneling
Logical view:
Physical view:
Be aware that:
•
•
IPv6 nodes
have both IPv4
& IPv6
addresses
Nodes know
which nodes are
IPv4 and which
one are IPv6
(use for e.g.
DNS)
A
B
IPv6
IPv6
A
B
C
IPv6
IPv6
IPv4
Flow: X
Src: A
Dest: F
data
A-to-B:
IPv6
E
F
IPv6
IPv6
D
E
F
IPv4
IPv6
IPv6
tunnel
Src:B
Dest: E
Src:B
Dest: E
Flow: X
Src: A
Dest: F
Flow: X
Src: A
Dest: F
data
data
B-to-C:
IPv6 inside
IPv4
B-to-C:
IPv6 inside
IPv4
Flow: X
Src: A
Dest: F
data
E-to-F:
IPv6
Chapter 4, slide: 36