The Network Layer and the Internet Protocol

The Network Layer and the Internet Protocol

kirja sivut 190-222

Verkkokerros

•

Internet-protokolla (IP) toteuttaa verkkokerroksen

– Tietoliikennepaketit välitetään erilaisten fyysisten kerrosten ylitse koneelta koneelle

– IP tarjoaa "best effort"-tyyppisen epäluotettavan välityspalvelun – Ylemmät kerrokset välittävät datan oikealle sovellukselle, IP tuo

sen vain koneelle

•

Verkkokerroksen osoiteavaruus on globaali

•

Toimiakseen verkkokerros tarvitsee:

– Kehystyksen linkkikerrokselta

– Lähiverkoissa muunnoksen IP-osoitetta vastaavaan MAC- osoitteeseen (ARP)

– Point-to-point -verkoissa tiedon linkkien takana sijaitsevista IP- verkoista (reititysprotokollat)

– Konfiguraatiotiedot (DHCP)

OVERVIEW

• The Internet Protocol

• IP addresses, address resolution

• IP in LAN environment

• Static routing

Network Layer

• Network layer packets are transmitted from the sending network entity all the way to the reciever, spanning several LANs and data link layer

technologies

• There are several network layer protocols

–

Internet Protocol (IP) is currently the most common one

–

X.25 is almost obsolete

–

Provides reliable, connection oriented packet networking

IP

• IP = The Internet Protocol

• Defined in RFC 791

• IP sends simple datagrams over network.

• It provides unreliable and connectionless delivery service.

–

unreliable = no guarantees, ICMP error messages

–

connectionless = each packet is treated as a separate case

• Large IP packets may be fragmented and reassembled in transmission

–

In practice path MTU discovery is used instead

–

Maximum Transmission Unit

IP Packet Format

Data

Padding Options...

Destination IP address Source IP address

Header checksum Protocol

TTL

Fragment offset Flags

Identification

Total length Hdr TOS

length Vers

0 16

^bits

31

...IP Packet Format

• Version is 4 until IPv6 comes.

• Type of Service contains quality parameters, like maximize throughput or reliability. This field has never been really used and is now recycled for different Quality of Service solutions

• Identification is set by sending host to unique value for each sent IP-packet, usually this is an incremental counter.

• Flags tell if this packet is fragmented or if this packet should not be fragmented

• Fragment offset tells how far from the head of

original datagram this fragment is

...IP Packet Format

• Time to Live is decremented by one by every router passed. When 0 is reached, the packet is discarded and an ICMP-message sent back.

• Protocol may be TCP, UDP, ICMP or one of several others

• Options are rarely used and not widely supported.

They are loose and strict source routing, route

recording, time stamping and military security

options (RFC 1108).

IP Addresses

• IP address identifies a network interface. A host can have several interfaces.

• Current length is 32 bits (IPv4). Future length is 128 bits (IPv6).

• General syntax:

–

4 components separated by dots ("dotted quad")

–

decimal numbers (0-255)

–

for example: 193.210.18.18

• Addresses have two components, the network id

and the host id.

Address Classes

•

The network part of the address is used to route a packet to the right LAN

– The host part tells which host on a LAN should receive the packet

– If a host is sending a packet to an address, which network part is not same as the sender’s the packet is sent to a gateway

(router), if the network part is same, the packet is sent to the LAN

•

There is only a small number of class A networks but they can have many hosts

•

Class B networks are almost all taken

•

There are quite a few class C networks but they can only have 254 hosts each

•

Class based routing is now mostly obsolete and replaced by classless routing (CIDR)

Address Classes

•

A traditional division of IPv4 Internet addresses, now mostly obsolete

•

Still often referred to in discussions

11110 1110 110 10 0 first bits

reserved 240-247

0 27

E

multicast addresses 224-239

0 28

D

small -"- 192-223

8 21

C

medium -"- 128-191

16 14

B

large organizations 0-127

24 7

A

use first

byte host

bits netID

bits Class

CIDR (Classless Inter Domain Routing)

•

Arbitrary length host and network fields instead of A, B and C classes

•

Commonly used to make superblocks of C classes for routing (a.k.a. supernetting)

•

In the future may be used to split unused A classes

•

Network mask marks the boundary

– For example 130.223.236.0/22 netmask is 255.255.252.0

– The number after the slash (/) tells how many bits in the mask are 1, the rest are 0

•

Host IP address AND network mask = network's IP address

•

RFC 1518, 1519

Special Addresses

• 0.0.0.0 is used for "any" or "no" IP address

• 255.255.255.255 is local broadcast address

• 127 followed by hostID is the loopback address

–

E.g. 127.0.0.1

• NetID followed by all zeros is the network address

–

E.g. 222.1.16.0/24

• NetID followed by all ones is network broadcast address

–

E.g. 222.1.16.255/24

Special Addresses

• On the Internet there is an agreement that some addresses are not routed to the backbone

–

10.0.0.0/8

–

192.168.0.0/16

–

172.16.0.0/12

• These addresses are called private networks and

used for NAT (Network Address Translation)

Subnetting

•

Large networks are often divided into smaller units

•

Subnetting hides the details of internal network organization

– for example, 150.78.0.0/16 (2¹⁶-2 hosts) could be subnetted to 150.78.0.0/24 (28 subnets with 2⁸-2 hosts in each)

•

Host IP address AND network mask = network IP address

HostID SubnetID

NetID

Default netmask Subnet mask

ICMP

•

ICMP = Internet Control Message Protocol

•

Defined in RFC 792

•

ICMP packet syntax:

– Type identifies the message: echo request, echo reply, destination unreachable, etc.

– Code defines the reason: host unreachable, port unreachable, etc.

– Data contains part of the IP packet that caused the error.

Data

Checksum Code

Type

ICMP

•

ICMP messages are transmitted in IP datagrams.

•

Communicates error messages and other conditions that require attention.

•

Can be utilized to track network infrastructure (ping, traceroute).

ICMP data ICMP header

IP header

IP on LAN

• Usually one physical segment = one IP network

• Each IP network has a network address and a broadcast address

• Problem: IP addresses only make sense to the TCP/IP protocol suite, not to the hardware

interface

• Solution: ARP maps IP addresses to hardware addresses

• If a booting host doesn’t know its IP address,

DHCP (or RARP, BOOTP) can be used

…IP on LAN

• Host interfaces must be activated

• Loopback interface:

ifconfig lo 127.0.0.1

• Ethernet interface:

ifconfig eth0 194.197.118.42 broadcast \ 194.197.118.255 netmask 255.255.255.0

• Other interfaces

• Default route

route add default 194.197.118.1

…IP on LAN

gato tsilven 6$ ifconfig -a

lo Link encap:Local Loopback

inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0 UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1

RX packets:77 errors:0 dropped:0 overruns:0 frame:0 TX packets:77 errors:0 dropped:0 overruns:0 carrier:0 collisions:0

eth0 Link encap:Ethernet HWaddr 00:60:08:06:2A:36

inet addr:194.197.118.42 Bcast:194.197.118.255 Mask:255.255.255.0

UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:178567 errors:0 dropped:0 overruns:0 frame:0 TX packets:43770 errors:0 dropped:0 overruns:0 carrier:0 collisions:20

Interrupt:5 Base address:0x6c00 gato tsilven 7$ netstat -rn

Kernel IP routing table

Destination Gateway Genmask Flags MSS Iface 194.197.118.0 0.0.0.0 255.255.255.0 U 1500 eth0

ARP (Address Resolution Protocol)

• A host finds other hosts by broadcasting an ARP query for the IP address

• The host with correct IP address replies with its hardware address

• The address pair is added to receivers dynamic ARP cache

• Features: proxy ARP, gratuitous ARP

• RFC 826

ARP Packet Format

•

Encapsulated into link layer frame

•

Data is always 28 bytes

– hardw type = hardware address type (0x0001 = Ethernet) – prot type = protocol address type (0x0800 = IP)

– OP = operation (ARP/RARP request/reply)

target IP address target

MAC address sender

IP

address sender

MAC address OP

prot size hardw

size prot

type hardw

type

2 2 1 1 2 6 4 6 4 bytes

ARP, an Example

gato tsilven 15$ arp -a

jalopeno.nixu.fi (194.197.118.20) at 08:00:20:74:F1:2C [ether] on eth0 fajitas.nixu.fi (194.197.118.21) at 08:00:20:18:06:14 [ether] on eth0 tapas.nixu.fi (194.197.118.24) at 08:00:09:6D:B6:44 [ether] on eth0 gato tsilven 16$ ping 194.197.118.37

PING 194.197.118.37 (194.197.118.37): 56 data bytes

64 bytes from 194.197.118.37: icmp_seq=0 ttl=64 time=3.0 ms 64 bytes from 194.197.118.37: icmp_seq=1 ttl=64 time=0.7 ms --- 194.197.118.37 ping statistics ---

2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 0.7/1.8/3.0 ms

gato tsilven 17$ arp -a

jalopeno.nixu.fi (194.197.118.20) at 08:00:20:74:F1:2C [ether] on eth0 sueno.nixu.fi (194.197.118.37) at 00:60:08:54:2D:D9 [ether] on eth0 fajitas.nixu.fi (194.197.118.21) at 08:00:20:18:06:14 [ether] on eth0 tapas.nixu.fi (194.197.118.24) at 08:00:09:6D:B6:44 [ether] on eth0

ARP, an Example

bash-2.02# tcpdump -i eth0 -n -t -q\

host 194.197.118.42

tcpdump: listening on eth0

arp who-has 194.197.118.37 tell 194.197.118.42 arp reply 194.197.118.37 is-at 0:60:8:54:2d:d9

194.197.118.42 > 194.197.118.37: icmp: echo request 194.197.118.37 > 194.197.118.42: icmp: echo reply 194.197.118.42 > 194.197.118.37: icmp: echo request 194.197.118.37 > 194.197.118.42: icmp: echo reply 6 packets received by filter

0 packets dropped by kernel

Bootstrapping an IP Host in the LAN

• RARP (Reverse ARP), a host broadcasts its

hardware address and receives an IP address to use as its own

• BOOTP (Bootstrap Protocol) is better:

–

IP address and other information can be given

• Both now replaced by DHCP (Dynamic Host

Configuration Protocol)

DHCP

• DHCP (Dynamic Host Configuration Protocol) extends BOOTP:

–

automatic assignment of (permanent) IP addresses

–

dynamic assignment for a limited time

• Extends vendor-specific area from 64 to 312 bytes

• RFC 1531

• Supports distributed configuration

–

Message forwarding or local servers

• Not a trivial service to configure for large

installations

…DHCP

•

Messages are sent using UDP over IP – Server in port 67, client in port 68

•

The DHCP server on the LAN segment is found using a broadcast

– First packet to 255.255.255.255 from 0.0.0.0 (client does not know its’ own address)

•

Message types:

– DISCOVER, OFFER, REQUEST, DECLINE, ACK, NAK, RELEASE

•

The server returns all necessary information – IP address, netmask, gateway to the client – DNS server’s address also

– Address assignment for limited time or permanently – The IP address can be from a pool or static

DHCP Event Diagram

Server1 Client Server 2

DHCPDISCOVER

DHCPOFFER DHCPREQUEST

DHCPACK DHCPDISCOVER

DHCPOFFER DHCPREQUEST

Static Routing

• When host has an IP datagram to send, it checks the routing table for the correct destination

• When a host receives an IP datagram, it checks datagram’s destination address

–

if there is a match, IP layer delivers the datagram to correct protocol module

–

else the datagram is silently discarded

• A (Unix) system can be configured to act as a router in addition to acting as a host

–

routers can forward IP datagrams from one of its interfaces to another

Router

• Router is a network component, which passes traffic between networks

–

Two or more network interfaces connected to networks or to other routers

• For each and every given destination address, router must be able to make routing decision

–

Where (to what interface) I send this packet ?

–

Routing decision might also be: No such destination, cannot send

–

This applies also to workstations and servers even though they usually have only one network interface

• Routing decisions are based on routing table

–

Data structure, which contains information about possible

Routing Table, an Example

gato tsilven 19$ netstat -rn Kernel IP routing table

Destination Gateway Genmask Flags MSS Iface 194.197.118.0 0.0.0.0 255.255.255.0 U 1500 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 3584 lo 0.0.0.0 194.197.118.1 0.0.0.0 UG 1500 eth0

Routing table

• Can be fixed (configured by hand to each device)

–

Static routing

–

Common at the edges of the network, workstations, servers

–

Not feasible on big and redundant networks

–

Usually very robust

• Can also be dynamic

–

Configured by hand at some point of the network distributed automatically

–

Routers exchange information using routing protocols

–

Routing protocol events (routing updates) affect directly to routing table.

–

This causes interesting dynamic problems

–

Debugging can be painful

Routing table contents

• For each destination, routing table contains

–

Addresses for this destination

–

Might be some kind of wild card, e.g. all destinations not mentioned elsewhere in routing table (default route)

–

Usually expressed as network number / mask

–

E.g. 194.197.118.0 / 24 (class C network, 24 network bits)

–

Modern routing mechanisms are classless, any number of network bits allowed

–

Old-fashioned implementations usually are more or less class-bound.

–

Next hop (where to send traffic to this destination)

–

Additional information (cost and/or other administrative information)

...Routing table contents

• In practice, most transit providers accept only routes with 24 or less network bits

–

E.g. no routes smaller than class C are accepted

–

Now backbone transit providers are moving towards allowing /16 networks

–

Usually called “superblocks” (254 C classes)

• The routing table has usually a cost associated to each link

–

Not a monetary cost, more like a preference (lowest preferred)

Routing table

•

Common case: LAN connected to Internet using serial line – Routing table is very simple, a typical case for static routing:

Serial line to Internet (default s0

*

Local LAN (Ethernet) e0

193.209.237.0/24

Comment Next hop

Destination Internet

Internet

s0 R e0

193.209.237.0/24

...Routing table

•

When amount of routers and redundant links increase to non-trivial numbers, something more flexible is needed – Static routing can not handle redundant links nor link faults

– Except on some environments (and even there unreliable)

Inet

R1

R2

R3 s1

s0

e0

L2, 2Mbps L1, 2 Mbps

L2, 64 kbps

193.209.237.0/24

...Routing table

• Routing table for router R3

Destination Next hop Cost Comment

194.197.118.0/24 e0 0 Directly connected 193.209.237.0/24 s0 1 Fastest route

193.209.237.0/24 s1 10 Backup via R2

* s0 1 Fastest route via R1

* s1 10 Slower

–

Cost added to routing table, prioritization of redundant routes

–

How we can know which links are up ?

–

Routing protocol again !

...Routing table

• What if we can not have default route at all ?

–

Internet "backbone"

–

Multihomed network

–

Internet connections from many (> 1) ISPs

–

In this case routing table will be very big

–

And it changes practically all the time

–

Practical example on Internet router (1999-04-15)

–

69000 prefixes (routes)

–

Routes consume 16MB of memory

–

Realistic minimum memory for router 64MB

Routing protocols

•

Routers can talk to other routers and find out the network topology

– Which paths are available to which networks – Which path should be preferred

– Routing protocols transport information, not IP packets

•

Routing protocols can be divided by algorithm or by area

•

By algorithm:

– No routing protocol (static routes) – Link state protocols (SPF)

– Distance vector protocols (Bellman-Ford)

•

By area:

– Routing protocols used internally by one AS, Interior Gateway Protocols

– Routing protocols used between ASes, Exterior Gateway Protocols

Common routing problems

• Missing default route

–

On statically routed environments

• Configuration faults

–

On many platforms, syntax of configuration commands is very hard to manage and/or confusing

–

On some environments, route filtering is a must because some parties advertise bogus routes

–

Routing protocols do not usually have security features

• Rotten software

–

Some vendors distribute alpha-quality software

• Bad documentation

Common routing problems ...

• Lack of expertise

–

Very small amount of Internet specialists actually can manage routing configurations, esp. in non-trivial cases

–

Better documentation needed

• Bad performance

–

Internet grows all the time and router manufacturers barely keep up with the developments

–

On some environments, some router features (e.g. ACLs) can not be used because of performance issues

IPv6

• A new version of the Internet Protocol exists

• The major advantage is longer address fields

–

128 bits long

• Some minor advantages

–

More streamlined header structure

–

Support for IPSec security

• Deployment has started

–

Asian operators have a shortage of IPv4 addresses

–

3G telephone networks are designed to use IPv6

–

3GPP R5 defines all IPv6 network

–

Supported by almost all new network software/hardware