Transcript Fragments
Network Protocols
Chapter 7 (TCPIP Suite Book):
Internet Protocol Version 4 (IPv4)
Copyright © Lopamudra Roychoudhuri
1
Agenda
IP Protocol and Operations
IP Header and packet format
Packet Fragmentation
options
2
Internet Protocol (IP)
Network layer protocol (layer 3)
The Internet is named after this protocol
“Unreliable” best effort service
Connectionless
Packets in IP layer are called “Datagrams”
a variable-length packet consisting of two parts:
header and data.
The header is 20 to 60 bytes in length and contains
information essential to routing and delivery.
Header has a fixed part (20 bytes) and variable part of
options (maximum 40 bytes)
Each datagram is handled independently and can
follow different paths to the destination
3
Position of IP in TCP/IP protocol suite
4
IP Datagram
HLEN: Actual
number of bytes
in header / 4
Total number of bytes
(header + data)
Version = 4
4 bytes
Used in fragmentation
(Higher
Level)
5
Actually count of hops. Decremented
by one each time the packet is routed
5
IP Header Fields
Version: IP protocol version.
4 bit field – value 0100 for version 4.
IP Header Length(HLEN)
4 bit field
Length of IP header in 32-bits, or 4 bytes.
Min. value
= 5 (5x4=20 bytes),
Max. value
= 15 (15x4=60 bytes)
6
Total Length field: Length of IP packet in bytes (data + header)
2 bytes (or 16 bits) can have total length of maximum 65535 (216 -1) bytes
Why do we need the Total Length Field?
•For Ethernet to work properly, this portion must be at least 46 bytes long.
•We need the Total Length field in IP to know the actual length of data, since IP
datagram can be less than 46 bytes, and would require padding.
Protocol field is used for Multiplexing – IP carries more than one types of protocols (TCP, UDP,
ICMP etc.) The Protocol field contains a code that tells them apart.
7
Example 7.2
In an IP packet, the value of HLEN is 1000 in binary. How
many bytes of options are being carried by this packet?
Solution
The HLEN value is 8, which means the total number of
bytes in the header is 8 × 4 or 32 bytes. The first 20 bytes
are the base header, the next 12 bytes are the options.
8
Example 7.3
In an IP packet, the value of HLEN is 516
and the value of the total length field is 002816 . How
many bytes of data are being carried by this packet?
Solution
The HLEN value is 5, which means the total number of
bytes in the header is 5 × 4 or 20 bytes (no options). The
total length is 40 bytes, which means the packet is
carrying 20 bytes of data (40 − 20).
9
IP Header Fields cont.
Time to Live: Max. number of routers this IP packet
may pass through. This field is decremented by each
router the packet passes through. If it reaches zero,
packet will be discarded.
Header Checksum: Allows error checking of IP
packets
Source Address: 4-byte IP source address for this
packet
Destination Address: 4-byte IP destination address
for this packet
10
Example 7.4
An IP packet has arrived with the first few hexadecimal
digits as shown below:
45000028000100000102 . . .
How many hops can this packet travel before being
dropped? The data belong to what upper layer protocol?
Solution
To find the time-to-live field, we skip 8 bytes (16
hexadecimal digits). The time-to-live field is the ninth byte,
which is 01. This means the packet can travel only one
hop. The protocol field is the next byte (02), which means
that the upper layer protocol is IGMP (see slide 7).
11
IP Header Fields cont.
Identification / Fragment Offset: used to
identify fragments that are formed when an
IP packet needs to be broken up into smaller
packets
12
IP Packet Fragmentation
The format and size of a frame depends on the protocol used by the
physical network. Each layer 2 protocol has a maximum transmission
unit (MTU) size (max. frame data size)
If a router determines that an IP packet length exceeds the MTU for
an outgoing port, it will fragment the packet (that is, break it into
smaller packets)
Fragments are reassembled by IP software at destination host.
MTUs for some networks
13
IP Header Fields used for
Fragmentation
Identification: This is a random value chosen
by the sender. If a packet is fragmented, the
same ID value is copied into all fragments.
Flags:
Don’t Fragment (DF) bit - Set to 1 if this
packet should not be fragmented, 0 otherwise
More Fragments (MF) bit – Set to 1 if
packet has been fragmented and this is not
the last fragment, 0 otherwise.
D is mainly for diagnostic purposes
M = 0 this is the last fragment
M = 1 more fragments to follow
14
IP Header Fields used for
Fragmentation
Fragment Offset:
13 bit field shows relative position of this fragment
with respect to the whole datagram
Highest value can be 213-1 = 8191
If this is a fragment packet, this is set to (byte
offset of this packet data in the original packet
data) / 8
Note that this means that all fragments (except
possibly last) must contain an exact multiple of 8
bytes of data.
This means that we can fragment a datagram of
maximum length of 65535 (8192 * 8)
15
IP Fragmentation Example
Assume a router receives an IP packet containing 4000
bytes of data (not including IP header)
Routing table indicates this should be forwarded onto a
subnet with MTU of 1420 bytes
That means the maximum IP data that can be in each
fragment is 1420-20 (IP Header) = 1400 bytes
The 4000 bytes is broken into fragments as follows:
Fragment #1: 1400 bytes of data
Fragment #2: 1400 bytes of data
Fragment #3: 1200 bytes of data
16
Fragmentation Example
17
IP Fragmentation Example
Further assume that Fragment #2
(containing 1400 data bytes) is later
sent over a subnet with MTU of 820
bytes.
Fragment #2.1 contains 800 data bytes
Fragment #2.2 contains 600 data bytes
18
Detailed fragmentation
example
More Fragment
Identification
Flag
Total length
Fragment Offset
1
2
Don’t Fragment
19
Example 7.9
A packet has arrived in which the offset value is 100, the value
of HLEN is 5 and the value of the total length field is 100. What
is the number of the first byte and the last byte?
Solution
The first byte number is 100 × 8 = 800. The total length is 100
bytes and the header length is 20 bytes (5 × 4), which means
that there are 80 bytes in this datagram. If the first byte number
is 800, the last byte number must be 879.
20
Wait a second..
Do we see IP fragmentation in our Wireshark
Example?
In frames 23 and 24, the http reply was broken into
two TCP segments – doesn’t it look like Transport
layer operation?
IP fragmentation, while formally correct, can create
serious performance problem, because loss of a
single fragment means all fragments in the segment
must be retransmitted
21
Wait a second (cont)..
As a remedy, a host MUST implement a mechanism to allow
the transport layer to learn and advertise MSS (Maximum
Segment Size), the maximum transport-layer message size
that may be sent for a given {source, destination, TOS} triplet
MSS = EMTU_S - <IP header size>
Where EMTU_S ("Effective MTU for sending") is the
maximum IP datagram size that may be sent, for a
{source, destination, TOS} triplet
Check Wireshark frame 19, under TCP-> Options, how TCP
is advertising the Maximum segment size (MSS) to be
1460.
We will learn about TCP options later.
Good Link: http://www.freesoft.org/CIE/RFC/1122/60.htm
22
CHECKSUM
The checksum is used in the Internet by several
protocols although not at the data link layer.
However, we briefly discuss it here to complete
our discussion on error checking
Topics discussed in this section:
Idea
One’s Complement
Internet Checksum
23
IP Header Checksum
Sender IP Checksum calculation:
Split IP header into 16-bit fields
Add fields together (set Checksum to 0)
Truncate result to 16 bits
1-s Complement result
Put into Checksum field, send packet
Receiver Checksum check:
Perform same calculation (with nonzero
checksum)
If result is not zero, discard IP packet
24
Module-2 Arithmetic
Adding:
0 + 0 = 0 (sum 0, carry 0)
1 + 0 = 1 (sum 1, carry 0)
0 + 1 = 1 (sum 1, carry 0)
1 + 1 = 10 (sum 0, carry 1)
Starts from the right to the left
25
Example 10.18
Suppose our data is a list of five 4-bit numbers that we
want to send to a destination. In addition to sending these
numbers, we send the sum of the numbers. For example,
if the set of numbers is (7, 11, 12, 0, 6), we send (7, 11, 12,
0, 6, 36), where 36 is the sum of the original numbers.
The receiver adds the five numbers and compares the
result with the sum. If the two are the same, the receiver
assumes no error, accepts the five numbers, and discards
the sum. Otherwise, there is an error somewhere and the
data are not accepted.
26
Example 10.19
We can make the job of the receiver easier if we send the
negative (complement) of the sum, called the checksum.
In this case, we send (7, 11, 12, 0, 6, −36). The receiver
can add all the numbers received (including the
checksum). If the result is 0, it assumes no error;
otherwise, there is an error.
27
Example 10.20
How can we represent the number 21 in one’s
complement arithmetic using only four bits?
Solution
The number 21 in binary is 10101 (it needs five bits). We
can wrap the leftmost bit and add it to the four rightmost
bits. We have (0101 + 1) = 0110 or 6.
28
Example 10.21
How can we represent the number −6 in one’s
complement arithmetic using only four bits?
Solution
In one’s complement arithmetic, the negative or
complement of a number is found by inverting all bits.
Positive 6 is 0110; negative 6 is 1001. If we consider only
unsigned numbers, this is 9. In other words, the
complement of 6 is 9.
29
Example 10.22
Let us redo Exercise 10.19 using one’s complement
arithmetic. Figure 10.24 shows the process at the sender
and at the receiver. The sender initializes the checksum
to 0 and adds all data items and the checksum (the
checksum is considered as one data item and is shown in
color). The result is 36. However, 36 cannot be expressed
in 4 bits. The extra two bits are wrapped and added with
the sum to create the wrapped sum value 6. In the figure,
we have shown the details in binary. The sum is then
complemented, resulting in the checksum value 9 (15 − 6
= 9). The sender now sends six data items to the receiver
including the checksum 9.
30
Example 10.22 (continued)
The receiver follows the same procedure as the sender. It
adds all data items (including the checksum); the result
is 45. The sum is wrapped and becomes 15. The wrapped
sum is complemented and becomes 0. Since the value of
the checksum is 0, this means that the data is not
corrupted. The receiver drops the checksum and keeps
the other data items. If the checksum is not zero, the
entire packet is dropped.
31
Figure 10.24 Example 10.22
32
Checksum Concept
33
Service type or differentiated services
Original interpretation:
Read yourself (pg 188-189)
Current interpretation:
Code Point (DSCP)
34
Service Type: original
interpretation
Indicates
packet precedence (which packet should be given
higher priority) and
path optimization type (generally ignored by most
routers)
3 bit precedence - 0 normal, 7 control packet
(has never been used in v4)
1000 D bit – Minimize Delay
0100 T bit – Maximize Throughput
0010 R bit – Maximize Reliability
0001 C bit – Minimize Cost
35
Default types of service: original interpretation
36
Differentiated Services
Simple and scalable mechanism for classifying,
managing network traffic and providing Quality of
Service (QoS)
Can be used to provide low-latency, guaranteed service
to critical network traffic such as voice or video
While providing simple best-effort traffic guarantees to
non-critical services such as web traffic or file transfers
Using Differentiated Services Code Point (DSCP), one
can specify
the class of traffic and
assured forwarding, or in other words, packet dropping
probability
37
Figure 7.3 Service type:
DSCP interpretation
Category
x
x x 0 0
Precedence
interpretation
0
Assigning
Authority
x
x
x
x
x
0
1
Internet
x
x
x
x
1
1
2
Local
x x x 0 1
Differential service
interpretation
3
Temporary
/ Experimental
x
Check this Cisco link for more details on DSCP
38
IP Options
The header of the IP datagram is made of two
parts: a fixed part and a variable part.
The fixed part is 20 bytes long that we just
discussed.
The variable part comprises the options, which
can be a maximum of 40 bytes.
Options, as the name implies, are not required
for a datagram.
They can be used for network testing and
debugging.
39
Categories of options
40
IP Options
No Operation
Is a 1-byte option used as a filler between
options.
It can be used to align beginning of an option.
It can be used to align the next option on a
16-bit or 32-bit boundary.
End of Option
Is a 1-byte option used for padding at the
end of the option field.
It can only be used as the last option. Only
one end-of option can be used.
After this option the receiver looks for the
payload data.
41
IP Options
Record Route
Is used to record the Internet routers that
handle the datagram to the header
Strict Source Routing
Is used by the source to predetermine a
route for the datagram as it travels though
the Internet (Gives complete path).
Loose Source Routing
Traverse the list of routers in order
Timestamp
Is used to record the time of datagram
processing by a router.
42
IP Options format
8 bits
Type
Variable length
8 bits
Length
Value
Number
Class
Copy
0 Copy only in first fragment
1 Copy into all fragments
00
01
10
11
Datagram control
Reserved
Debugging and management
Reserved
00000
00001
00011
00100
00111
01001
End of option
No operation
Loose source route
Timestamp
Record route
Strict source route
43
Record Route
•Used to record the routers that handle the datagram
•It can list up to 9 addresses (can use 36 bytes out of 40)
•An intermediate router records its outgoing interface IP address
Byte number
of the first
empty entry
Determines
how many
addresses to
be recorded
1st 3 bytes of overhead
1st entry starts at 4
Total 15 bytes
44
Source Routing
Normally IP routing is dynamic where each
router makes its own decision about the next
hop router
Applications have no control, nor are concerned
In source routing, the sender specifies the route
Strict source routing
Loose source routing
Sender specifies exact path – ICMP error if unspecified
router is visited
Sender specifies a list of IP addresses that the datagram
must traverse, but the datagram can also pass thru other
routers
The destination address changes at each hop!!
This is generally used for troubleshooting
purposes
45
Strict Source Routing
46
Strict-source-route Example (this is the correct version of Fig. 7.17)
•From the application, src address: 67.34.30.6, dest address: 138.6.25.40, strict route thru
ingoing interface IP addresses of routers 67.14.10.22, 140.10.5.4, 200.14.7.14
•The sending host
•Changes destination address of packet: Removes first source router entry and makes it
the destination address,
•Moves remaining entries up, and places original destination address as the final entry
•The next router
•Changes destination address: Makes the next source router address in the list (where
ptr points) destination address of the packet,
•Replaces the same address with its outgoing interface IP address,
•Increments the pointer by 4.
Source: 67.34.30.6
Destination: 67.14.10.22
137 15 4
140.10.5.4
200.14.7.14
138.6.25.40
Source: 67.34.30.6
Destination:140.10.5.4
137 15 8
140.10.6.3
67.14.10.22
140.10.5.4
200.14.7.14
200.14.7.14
138.6.25.40
138.6.25.40
Source: 67.34.30.6
Destination:200.14.7.14
137 15 12
Source: 67.34.30.6
67.14.10.22
140.10.6.3
Destination:138.6.25.40
140.10.5.4
200.14.7.9
137 15 16
138.6.25.40
138.6.25.40
67.14.10.22
140.10.6.3
140.10.5.4
200.14.7.9
200.14.7.14
138.6.22.26
138.6.25.40
138.6.22.26
200.14.7.14
200.14.7.9
140.10.5.4
140.10.6.3
67.14.10.22
67.34.30.6
•When
an application receives
data that was source
routed, it should find 138.6.0.0/16
a reversed
200.14.7.0/24
67.0.0.0/24
140.10.0.0/16
route
thru the same routers
Network
Network
Network
Network
47
Timestamp Option Format
48
Timestamp
•To record the time at each router, expressed in ms from midnight, Universal time
•Estimate, since router clocks may not be synchronized
49