Transcript Internet Protocols

Data and Computer
Communications
Chapter 18 – Internet Protocols
Ninth Edition
by William Stallings
Data and Computer Communications, Ninth
Edition by William Stallings, (c) Pearson
Education - Prentice Hall, 2011
Internet Protocols
She occupied herself with studying a map on the
opposite wall because she knew she would have
to change trains at some point. Tottenham Court
Road must be that point, an interchange from the
black line to the red. This train would take her
there, was bearing her there rapidly now, and at
the station she would follow the signs, for signs
there must be, to the Central Line going
westward.
—King Solomon's Carpet.
Barbara Vine (Ruth Rendell)
Internet
 internet
• an interconnected set of networks where each of
the constituent networks retains its identity
 end
systems
• devices attached to a network
 intermediate
systems
• provide a communications path and perform the
necessary relaying and routing functions


bridges
• acts as a relay of frames between similar networks
routers
• routes packets between potentially different networks
Internetworking
Terms
TCP/IP Concepts
Differences in Networks
 addressing
schemes
 maximum packet size
 network access mechanisms
 timeouts
 error recovery
 status reporting
 routing techniques
 user access control
 connection, connectionless
Connectionless Operation
 Internetworking
involves connectionless
operation at the level of the Internet
Protocol (IP)
IP
• initially developed for the DARPA internet
project
• protocol is needed to access a particular
network
Connectionless Internetworking
 Connectionless
internet facility is flexible
 IP provides a connectionless service
between end systems.

Advantages:
• is flexible
• can be made robust
• does not impose unnecessary overhead
IP
Operation
LAPF : link access
protocol for frame
(frame relay)
IP Design Issues
 routing
 datagram
lifetime
 fragmentation and reassembly
 error control
 flow control
The Internet as a Network
Routing
• indicate next router
to which datagram
is sent
• static
• dynamic
ES / routers maintain
routing tables
source routing
• source specifies
route to be
followed
• can be useful for
security & priority
route recording
(for testing &
debugging)
Datagram Lifetime
 datagrams


could loop indefinitely
consumes resources
transport protocol may need upper bound on
lifetime of a datagram
• can mark datagram with lifetime
• when lifetime expires, datagram discarded
Fragmentation and
Re-assembly



protocol exchanges data between two entities
lower-level protocols may need to break data up into
smaller blocks, called fragmentation
reasons for fragmentation:





network only accepts blocks of a certain size
more efficient error control & smaller retransmission units
fairer access to shared facilities
smaller buffers
disadvantages:


smaller buffers
more interrupts & processing time
Fragmentation and
Re-assembly
at destination
issue of when to
re-assemble
packets get
smaller as data
traverses internet
need large buffers
at routers
intermediate reassembly
buffers may fill
with fragments
all fragments must
go through same
router
IP Fragmentation

IP re-assembles at destination only
 uses fields in header

Data Unit Identifier (ID)
• identifies end-system-originated datagram

Data length
• length of user data in octets

Offset
• position of fragment of user data in original datagram
• in multiples of 64 bits (8 octets)
• indicates that this is not the last fragment
Fragmentation Example
Error and Flow Control

Flow
Error control


discarded datagram
identification is needed
reasons for discarded
datagrams include:
• lifetime expiration
• congestion
• FCS error
(frame check
sequence)


control
allows routers to limit
the rate they receive
data
send flow control
packets requesting
reduced data flow
(ICMP)
Internet Protocol (IP) v4
 defined

in RFC 791
www.rfc-editor.org
 part
of TCP/IP suite
 two parts
specification of
interface with a
higher layer
specification of
actual protocol
format and
mechanisms
IP Services

Primitives




specifies functions to
be performed
form of primitive
implementation
dependent
Send : request
transmission of data
unit
Deliver : notify user of
arrival of data unit

Parameters

used to pass data and
control information
IP Parameters









source & destination addresses
protocol
type of Service
identification
“don’t fragment” indicator
time to live
data length
option data
user data
IP Options
route
recording
security
source
routing
stream
identification
timestamping
IPv4 Header
IPv4 Header
 http://www.tcpipguide.com/free/t_IPDatagr
amGeneralFormat.htm
 Important:
the « Protocol » field identifies
the nature of the next header (in the data
portion of the IP packet) Ex: TCP, ICMP

http://www.iana.org/assignments/protocolnumbers/protocol-numbers.xml
IPv4 Address Formats
IP Addresses - Class A
 start
with binary 0
 all 0 reserved
 01111111 reserved for loopback
• (localhost 127.0.0.1)
 range
1.x.x.x to 126.x.x.x
IP Addresses - Class B
 start
with binary 10
 range 128.x.x.x to 191.x.x.x
 second octet also included in network
address
 214 = 16,384 class B addresses
IP Addresses - Class C
 start
with binary 110
 range 192.x.x.x to 223.x.x.x
 second and third octet also part of network
address
 221 = 2,097,152 addresses
 nearly all allocated

see IPv6
IP Addresses
 Decimal code to
simplify address
management.

00001010 00000000 00000000 00000000 = 10.0.0.0 (classe A)

Class A examples:
• BBN (4.0.0.0) , General Electric (3.0.0.0), Apple
(17.0.0.0), AT&T (12.0.0.0), IBM (9.0.0.0), MIT
(18.0.0.0)

Class B example : UQAC (132.212.0.0)
IP Addresses
 IP


addresses index :
http://cqcounter.com/whois/ip/
(http://www.ip2location.com/)
IP Addresses

Special cases :


"loopback address" : 127.0.0.1
Non-routable addresses :
• 10.0.0.0
à 10.255.255.255 (Class A)
• 172.16.0.0 à 172.31.255.255 (Class B)
• 192.168.0.0 à 192.168.255.255 (Class C)


if hostid = 00....0 => IP address of the local network
if hostid = 111....1 => "broadcast" address of the local
network
IP Addresses

Addresses assigned by central organisations



IANA (ARIN, RIPR NCC, LACNIC and APNIC)
InterNIC: www.internic.net (http://www.internic.ca/)
Godaddy
IP Addresses
 Configuration

ipconfig /all


netmask, default gateway…
ping 127.0.0.1 (and pinging your own
address)
Subnets and Subnet Masks







allows arbitrary complexity of internetworked
LANs within organization
insulate overall internet from growth of network
numbers and routing complexity
site looks to rest of internet like single network
each LAN assigned subnet number
host portion of address partitioned into subnet
number and host number
local routers route within subnetted network
subnet mask indicates which bits are subnet
number and which are host number
IP Addresses and Subnet Masks
 Other
notation used to represent the
netmask: CIDR notation
 The
number after the ‘/’ represents the
number of ‘1’ of the netmask.
 Ex.
: 132.212.203.0/24 indicates that
the netmask is 255.255.255.0
 Subnet mask:

Allows to define netid and subnetid.
Class C address example: 200.123.15.0



Document 1
Document 2
Subnets and Subnet Masks
 When
is the default gateway actually used ?
Decision based on netmask

Notes:



RFC 950 suggest not to use subnets having all 0s and all
1s. (2 subnets not used)
Modern routers can use those two particular subnets..
To display routing table on a PC : netstat –r
• A computer can have more than one interface

Each has a default gateway
• Example of use : route.xls
 extracted from : Document
Subnets and Subnet Masks
Subnets and Subnet Masks
 NAT (network
address translation)

Formerly « IP masquarading » (using LINUX)
Remapping of IP addresses
Can be implemented in various ways…

Popular method : « port forwarding »


table of correspondence (stored in the gatway
memory)
Proxy server..
Subnets and Subnet Masks
Obtaining an IP address
 DHCP




:
dynamic host configuration protocol
belongs to the application layer
uses UDP port 68 on the client and port 67 on
the server
see figure in
http://wiki.cas.mcmaster.ca/index.php/Dynamic_
Host_Configuration_Protocol

Information sent by DHCP server
Default gateway
Domain name
Name servers …
Network adapter
configuration
 In
a command window => ipconfig /all
 In
a program, one can use GetAdaptersInfo()
https://msdn.microsoft.com/enus/library/windows/desktop/aa366062(v=vs.85).aspx
Address Resolution Protocol
(ARP)
need MAC address to send to LAN host
•
•
•
•
manual
included in network address
use central directory
use ARP (address resolution protocol)
ARP (RFC 826) provides dynamic “IP to
Ethernet” address mapping
• source broadcasts ARP request
• destination replies with ARP response
Address Resolution Protocol
(ARP)
Sequence of events :
• See
http://www.tcpipguide.com/free/t_ARPAddressSpecificationandGeneralOperation-2.htm
• Broadcast at the MAC (Ethernet) level
• No IP header => just ARP header
To read the arp table on a PC :
arp –a
Note: one can modify the arp table if he has admin status …
(« spoofing »)
Internet Control Message
Protocol (ICMP)
 RFC
792
 transfer messages from routers and hosts
to hosts
 provides feedback about problems
• datagram cannot reach its destination
• router does not have buffer capacity to forward
• router can send traffic on a shorter route
 encapsulated

in IP datagram
hence not reliable
ICMP Message Format
(inserted at the end of the IP header)
Common ICMP Messages
 destination
unreachable
 time exceeded (traceroute)
 parameter problem
 source quench
 redirect
 echo & echo reply
 timestamp & timestamp reply
 address mask request & reply
IP Versions
 IP
v 1-3 defined and replaced
 IP v4 - current version
 IP v5 - streams protocol
 IP v6 - replacement for IP v4

during development, it was called IPng (IP
Next Generation)
Why Change IP?
address space
exhaustion:
• two level addressing
(network and host) wastes
space
• network addresses used
even if not connected
• growth of networks and the
Internet
• extended use of TCP/IP
• single address per host
requirements for new types
of service
• address configuration
routing flexibility
• traffic support
IPv6 RFCs

RFC 1752 - Recommendations for the IP Next
Generation Protocol




requirements
PDU formats
addressing, routing security issues
RFC 2460 - overall specification
 RFC 4291 - addressing structure
IPv6 Enhancements
 expanded
128-bit address space
 improved option mechanism

most not examined by intermediate routes
 dynamic
address assignment (no more
DHCP)
 increased addressing flexibility

anycast & multicast
 support

for resource allocation
labeled packet flows
IPv6
 Basics:
• Network prefix (48 bits) + subnet (16 bits) +
interface ID (64 bits)

Interface ID can be used for additionnal subnet masking
• www.tc.mtu.edu/ipv6/basics.php
• Expanded and Compressed notation (: ::)


Uncompressed: fc00:0:3:0:0:0:23:a
Compressed:
fc00:0:3::23:a
• Can compress only once
• Leading and ending zeros can be omitted

Examples:
::1
and
fc00:0:3:1ad3::
• Netmask (CIDR notation Ex: /48)
IPv6
 Basics:
• http://www.tunnelsup.com/subnet-calculator


Calculate
• 2001:0db8:85a3::8a2e:0370:7334/64
• 2001:0db8:85a3::/48/64 (see subnet prefix)
Brackets in URL : http://[2001:db8:85a3:8d3:1319:8a2e:370:7348]/
(colon usually defines ports so backets are required to avoid confusion)
IPv6
 Address

types :
http://www.ripe.net/lir-services/new-lir/ipv6_reference_card.pdf
• Link local addresses are used in one single network
segment, they can't be routed. Unique local addresses can
be routed, but only within one routing domain. So an ISP can
choose to use ULA for services which can't be publicly
accessible.
• Note: the example of unique local addresses is not correct
(should be fc00:f53b:82e4::53)
• Address space still not completely defined
• Ex PC de l’UQAC : fe80::517:ed90:ee5:7e15/10
 http://www.iana.org/assignments/ipv6-
address-space/ipv6-address-space.xhtml
IPv6
PDU
(Packet)
Structure
IP v6 Header
IP v6 Flow Label







related sequence of packets
special handling
A flow is identified by source and destination
addresses + flow label
router treats flow as sharing attributes
may treat flows differently (a particular flow uses
the same path -> guarantees same order
delivery)
alternative to including all information in every
header
have requirements on flow label processing
IPv6 Addresses

128 bits long
 assigned to interface
 single interface may have multiple unicast
addresses
three types of addresses:
• unicast - single interface address
• anycast - one of a set of interface addresses
(still no clear usage of anycast…)
• multicast - all of a set of interfaces
Hop-by-Hop Options

must be examined by every router

if unknown discard/forward handling is specified

next header
 header extension length
 options




Pad1
PadN
Jumbo payload (> 64kB)
Router alert
Fragmentation Header

In IPv6, fragmentation only allowed at source


no fragmentation at intermediate routers
node must perform path discovery to find
smallest MTU of intermediate networks
 set source fragments to match MTU
 otherwise limit to 1280 octets
Routing Header

contains a list of one or more intermediate nodes
to be visited on the way to a packet’s destination
header
includes
Type 0 routing
provides a list
of addresses
•
•
•
•
next header
header extension length
routing type
segments left
• initial destination address is first on list
• current destination address is next on
list
• final destination address will be last in
list
Destination Options Header
carries optional
information for
destination node
format same as
hop-by-hop
header
IPv6 Extension Headers
Virtual Private Network (VPN)
 set
of computers interconnected using an
unsecure network
• e.g. linking corporate LANs over Internet
 using
encryption & special protocols
to provide security against
• eavesdropping
• entry point for unauthorized users
 proprietary
solutions are problematical
• development of IPSec standard
IPSec
 RFC
1636 (1994) identified security need
 encryption and authentication necessary
security features in IPv6
 designed also for use with current IPv4
 applications needing security include:




branch office connectivity
remote access over Internet
extranet and intranet connectivity for partners
electronic commerce security
IPSec Functions
IP Security Scenario
Benefits of IPsec
 provides
strong security for external traffic
 resistant to bypass
 Located below transport layer hence

=> transparent to applications
 can be transparent to end users
 can provide security for individual users if
needed
IPsec vs https
 https


encrypts data at the application level
uses special port 443
 IPsec



encrypts data at the network level
all applications data (not only http data) are
encrypted.
any port can be used
Summary
 internetworking
principles
 Internet protocol operation

design issues, connectionless operation
 IP

services, addresses, subnets, ICMP, ARP
 IPv6

structure, header, addresses
 VPNs

and IP Security
IPsec applications, benefits, functions