vol1_printable_notes - Internetworking With TCP/IP Douglas...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Internetworking With TCP/IP Douglas Comer Computer Science Department Purdue University 250 N. University Street West Lafayette, IN 47907-2066 http://www.cs.purdue.edu/people/comer © Copyright 2005. All rights reserved. This document may not be reproduced by any means without the express written consent of the author. NOTES Internetworking With TCP/IP Douglas Comer Computer Science Department Purdue University 250 N. University Street West Lafayette, IN 47907-2066 http://www.cs.purdue.edu/people/comer © Copyright 2005. All rights reserved. This document may not be reproduced by any means without written consent of the author. Copyright (c) 2005 by Douglas E. Comer. All rights reserved. NOTES PART I COURSE OVERVIEW AND INTRODUCTION Internetworking With TCP/IP vol 1 -- Part 1 1 2005 Topic And Scope Internetworking: an overview of concepts, terminology, and technology underlying the TCP/IP Internet protocol suite and the architecture of an internet. Internetworking With TCP/IP vol 1 -- Part 1 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES You Will Learn d Terminology (including acronyms) d Concepts and principles – The underlying model – Encapsulation – End-to-end paradigm d Naming and addressing d Functions of protocols including ARP, IP, TCP, UDP, SMTP, FTP, DHCP, and more d Layering model Internetworking With TCP/IP vol 1 -- Part 1 3 2005 You Will Learn (continued) d Internet architecture and routing d Applications Internetworking With TCP/IP vol 1 -- Part 1 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES What You Will NOT Learn d A list of vendors, hardware products, software products, services, comparisons, or prices d Alternative internetworking technologies (they have all disappeared!) Internetworking With TCP/IP vol 1 -- Part 1 5 2005 Schedule Of Topics d Introduction d Review of – Network hardware – Physical addressing d Internet model and concept d Internet (IP) addresses d Higher-level protocols and the layering principle d Examples of internet architecture Internetworking With TCP/IP vol 1 -- Part 1 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES Schedule Of Topics (continued) d Routing update protocols d Application-layer protocols Internetworking With TCP/IP vol 1 -- Part 1 7 2005 Why Study TCP/IP? d The Internet is everywhere d Most applications are distributed Internetworking With TCP/IP vol 1 -- Part 1 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES Remainder Of This Section d History of Internet protocols (TCP/IP) d Organizations d Documents Internetworking With TCP/IP vol 1 -- Part 1 9 2005 Vendor Independence d Before TCP/IP and the Internet – Only two sources of network protocols * Specific vendors such as IBM or Digital Equipment * Standards bodies such as the ITU (formerly known as CCITT) d TCP/IP – Vendor independent Internetworking With TCP/IP vol 1 -- Part 1 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES Who Built TCP/IP? d Internet Architecture Board (IAB) d Originally known as Internet Activities Board d Evolved from Internet Research Group d Forum for exchange among researchers d About a dozen members d Reorganized in 1989 and 1993 d Merged into the Internet Society in 1992 Internetworking With TCP/IP vol 1 -- Part 1 11 2005 Components Of The IAB Organization d IAB (Internet Architecture Board) – Board that oversees and arbitrates – URL is http://www.iab.org/iab d IRTF (Internet Research Task Force) – Coordinates research on TCP/IP and internetworking – Virtually defunct, but may re-emerge Internetworking With TCP/IP vol 1 -- Part 1 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES Components Of The IAB Organization (continued) d IETF (Internet Engineering Task Force) – Coordinates protocol and Internet engineering – Headed by Internet Engineering Steering Group (IESG) – Divided into N areas (N is 10 plus or minus a few) – Each area has a manager – Composed of working groups (volunteers) – URL is http://www.ietf.org Internetworking With TCP/IP vol 1 -- Part 1 13 2005 ICANN d Internet Corporation for Assigned Names and Numbers http://www.icann.org d Formed in 1998 to subsume IANA contract d Not-for-profit managed by international board d Now sets policies for addresses and domain names d Support organizations – Address allocation (ASO) – Domain Names (DNSO) – Protocol parameter assignments (PSO) d For fun see http://www.icannwatch.org Internetworking With TCP/IP vol 1 -- Part 1 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES World Wide Web Consortium d Organization to develop common protocols for World Wide Web d Open membership d Funded by commercial members d URL is http://w3c.org Internetworking With TCP/IP vol 1 -- Part 1 15 2005 Internet Society d Organization that promotes the use of the Internet d Formed in 1992 d Not-for-profit d Governed by a board of trustees d Members worldwide d URL is http://www.isoc.org Internetworking With TCP/IP vol 1 -- Part 1 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES Protocol Specifications And Documents d Protocols documented in series of reports d Documents known as Request For Comments (RFCs) Internetworking With TCP/IP vol 1 -- Part 1 17 2005 RFCs d Series of reports that include – TCP/IP protocols – The Internet – Related technologies d Edited, but not peer-reviewed like scientific journals d Contain: – Proposals – Surveys and measurements – Protocol standards Internetworking With TCP/IP vol 1 -- Part 1 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES RFCs d Series of reports that include – TCP/IP protocols – The Internet – Related technologies d Checked and edited by IESG d Contain: – Proposals – Surveys and measurements – Protocol Standards – Jokes! Internetworking With TCP/IP vol 1 -- Part 1 19 2005 RFCs (continued) d Numbered in chronological order d Revised document reissued under new number d Numbers ending in 99 reserved for summary of previous 100 RFCs d Index and all RFCs available on-line Internetworking With TCP/IP vol 1 -- Part 1 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 20 2005 NOTES Requirements RFCs d Host Requirements Documents – Major revision/clarification of most TCP/IP protocols – RFC 1122 (Communication Layers) – RFC 1123 (Application & Support) – RFC 1127 (Perspective on 1122-3) d Router Requirements – Major specification of protocols used in IP gateways (routers) – RFC 1812 (updated by RFC 2644) Internetworking With TCP/IP vol 1 -- Part 1 21 2005 Special Subsets Of RFCs d For Your Information (FYI) – Provide general information – Intended for beginners d Best Current Practices (BCP) – Engineering hints – Reviewed and approved by IESG Internetworking With TCP/IP vol 1 -- Part 1 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 22 2005 NOTES A Note About RFCs d RFCs span two extremes – Protocol standards – Jokes d Question: how does one know which are standards? Internetworking With TCP/IP vol 1 -- Part 1 23 2005 TCP/IP Standards (STD) d Set by vote of IETF d Documented in subset of RFCs d Found in Internet Official Protocol Standards RFC and on IETF web site – Issued periodically – Current version is RFC 3600 Internetworking With TCP/IP vol 1 -- Part 1 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 24 2005 NOTES Internet Drafts d Preliminary RFC documents d Often used by IETF working groups d Available on-line from several repositories d Either become RFCs within six months or disappear Internetworking With TCP/IP vol 1 -- Part 1 25 2005 Obtaining RFCs And Internet Drafts d Available via – Email – FTP – World Wide Web http://www.ietf.org/ d IETF report contains summary of weekly activity http://www.isoc.org/ietfreport/ Internetworking With TCP/IP vol 1 -- Part 1 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 26 2005 NOTES Summary d TCP/IP is vendor-independent d Standards set by IETF d Protocol standards found in document series known as Request For Comments (RFCs) d Standards found in subset of RFCs labeled STD Internetworking With TCP/IP vol 1 -- Part 1 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 27 2005 NOTES PART II REVIEW OF NETWORK HARDWARE AND PHYSICAL ADDRESSING Internetworking With TCP/IP vol 1 -- Part 2 1 2005 The TCP/IP Concept d Use existing network hardware d Interconnect networks d Add abstractions to hide heterogeneity Internetworking With TCP/IP vol 1 -- Part 2 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES The Challenge d Accommodate all possible network hardware d Question: what kinds of hardware exist? Internetworking With TCP/IP vol 1 -- Part 2 3 2005 Network Hardware Review d We will – Review basic network concepts – Examine example physical network technologies – Introduce physical (hardware) addressing Internetworking With TCP/IP vol 1 -- Part 2 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES Two Basic Categories Of Network Hardware d Connection oriented d Connectionless Internetworking With TCP/IP vol 1 -- Part 2 5 2005 Connection Oriented (Circuit Switched Technology) d Paradigm – Form a ‘‘connection’’ through the network – Send / receive data over the connection – Terminate the connection d Can guarantee bandwidth d Proponents argue that it works well with real-time applications d Example: ATM network Internetworking With TCP/IP vol 1 -- Part 2 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES Connectionless (Packet Switched Technology) d Paradigm – Form ‘‘packet’’ of data – Pass to network d Each packet travels independently d Packet includes identification of the destination d Each packet can be a different size d The maximum packet size is fixed (some technologies limit packet sizes to 1,500 octets or less) Internetworking With TCP/IP vol 1 -- Part 2 7 2005 Broad Characterizations Of Packet Switching Networks d Local Area Network (LAN) d Wide Area Network (WAN) d Categories are informal and qualitative Internetworking With TCP/IP vol 1 -- Part 2 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES Local Area Networks d Engineered for – Low cost – High capacity d Direct connection among computers d Limited distance Internetworking With TCP/IP vol 1 -- Part 2 9 2005 Wide Area Networks (Long Haul Networks) d Engineered for – Long distances – Indirect interconnection via special-purpose hardware d Higher cost d Lower capacity (usually) Internetworking With TCP/IP vol 1 -- Part 2 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES Examples Of Packet Switched Networks d Wide Area Nets – ARPANET, NSFNET, ANSNET – Common carrier services d Leased line services – Point-to-point connections d Local Area Nets – Ethernet – Wi-Fi Internetworking With TCP/IP vol 1 -- Part 2 11 2005 ARPANET (1969-1989) d Original backbone of Internet d Wide area network around which TCP/IP was developed d Funding from Advanced Research Project Agency d Initial speed 50 Kbps Internetworking With TCP/IP vol 1 -- Part 2 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES NSFNET (1987-1992) d Funded by National Science Foundation d Motivation: Internet backbone to connect all scientists and engineers d Introduced Internet hierarchy – Wide area backbone spanning geographic U.S. – Many mid-level (regional) networks that attach to backbone – Campus networks at lowest level d Initial speed 1.544 Mbps Internetworking With TCP/IP vol 1 -- Part 2 13 2005 ANSNET (1992-1995) End-User Site MCI Point of Presence d Backbone of Internet before commercial ISPs d Typical topology Internetworking With TCP/IP vol 1 -- Part 2 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES Wide Area Networks Available From Common Carriers d Point-to-point digital circuits – T-series (e.g., T1 = 1.5 Mbps, T3 = 45 Mbps) – OC-series (e.g., OC-3 = 155 Mbps, OC-48 = 2.4 Gbps) d Packet switching services also available – Examples: ISDN, SMDS, Frame Relay, ATM Internetworking With TCP/IP vol 1 -- Part 2 15 2005 Example Local Area Network: Ethernet d Extremely popular d Can run over – Copper (twisted pair) – Optical fiber d Three generations – 10Base-T operates at 10 Mbps – 100Base-T (fast Ethernet) operates at 100 Mbps – 1000Base-T (gigabit Ethernet) operates at 1 Gbps d IEEE standard is 802.3 Internetworking With TCP/IP vol 1 -- Part 2 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES Ethernet Frame Format Preamble Destination Address Source Address Frame Type Frame Data CRC 8 octets 6 octets 6 octets 2 octets 46–1500 octets 4 octets d Header format fixed (Destination, Source, Type fields) d Frame data size can vary from packet to packet – Maximum 1500 octets – Minimum 46 octets d Preamble and CRC removed by framer hardware before frame stored in computer’s memory Internetworking With TCP/IP vol 1 -- Part 2 17 2005 Example Ethernet Frame In Memory 02 07 01 00 27 ba 08 00 2b 0d 44 a7 08 00 45 00 00 54 82 68 00 00 f f 01 35 21 80 0a 02 03 80 0a 02 08 08 00 73 0b d4 6d 00 00 04 3b 8c 28 28 20 0d 00 08 09 0a 0b 0c 0d 0e 0 f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1 f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2 f 30 31 32 33 34 35 36 37 d Octets shown in hexadecimal d Destination is 02.07.01.00.27.ba d Source is 08.00.2b.0d.44.a7 d Frame type is 08.00 (IP) Internetworking With TCP/IP vol 1 -- Part 2 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES Point-to-Point Network d Any direct connection between two computers – Leased line – Connection between two routers – Dialup connection d Link-level protocol required for framing d TCP/IP views as an independent network Note: some pundits argue the terminology is incorrect because a connection limited to two endpoints is not technically a ‘‘network’’ Internetworking With TCP/IP vol 1 -- Part 2 19 2005 Hardware Address d Unique number assigned to each machine on a network d Used to identify destination for a packet Internetworking With TCP/IP vol 1 -- Part 2 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 20 2005 NOTES Hardware Address Terminology d Known as – MAC (Media Access Control) address – Physical address – Hardware unicast address d Hardware engineers assign fine distinctions to the above terms d We will treat all terms equally Internetworking With TCP/IP vol 1 -- Part 2 21 2005 Use Of Hardware Address d Sender supplies – Destination’s address – Source address (in most technologies) d Network hardware – Uses destination address to forward packet – Delivers packet to proper machine. d Important note: each technology defines its own addressing scheme Internetworking With TCP/IP vol 1 -- Part 2 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 22 2005 NOTES Three Types Of Hardware Addressing Schemes d Static – Address assigned by hardware vendor d Configurable – Address assigned by customer d Dynamic – Address assigned by software at startup Internetworking With TCP/IP vol 1 -- Part 2 23 2005 Examples Of Hardware Address Types d Configurable: proNET-10 (Proteon) – 8-bit address per interface card – All 1s address reserved for broadcast – Address assigned by customer when device installed d Dynamic MAC addressing: LocalTalk (Apple) – Randomized bidding – Handled by protocols in software Internetworking With TCP/IP vol 1 -- Part 2 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 24 2005 NOTES Examples Of Hardware Address Types (continued) d Static MAC addressing: Ethernet – 48-bit address – Unicast address assigned when device manufactured – All 1s address reserved for broadcast – One-half address space reserved for multicast (restricted form of broadcast) d Ethernet’s static addressing is now most common form Internetworking With TCP/IP vol 1 -- Part 2 25 2005 Bridge d Hardware device that connects multiple LANs and makes them appear to be a single LAN d Repeats all packets from one LAN to the other and vice versa d Introduces delay of 1 packet-time d Does not forward collisions or noise d Called Layer 2 Interconnect or Layer 2 forwarder d Makes multiple LANs appear to be a single, large LAN d Often embedded in other equipment (e.g., DSL modem) Internetworking With TCP/IP vol 1 -- Part 2 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 26 2005 NOTES Bridge (continued) d Watches packets to learn which computers are on which side of the bridge d Uses hardware addresses to filter Internetworking With TCP/IP vol 1 -- Part 2 27 2005 Layer 2 Switch d Electronic device d Computers connect directly d Applies bridging algorithm d Can separate computers onto virtual networks (VLAN switch) Internetworking With TCP/IP vol 1 -- Part 2 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 28 2005 NOTES Physical Networks As Viewed By TCP/IP d TCP/IP protocols accommodate – Local Area Network – Wide Area Network – Point-to-point link – Set of bridged LANs Internetworking With TCP/IP vol 1 -- Part 2 29 2005 The Motivation For Heterogeneity d Each network technology has advantages for some applications d Consequence: an internet may contain combinations of technologies Internetworking With TCP/IP vol 1 -- Part 2 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 30 2005 NOTES Heterogeneity And Addressing d Recall: each technology can define its own addressing scheme d Heterogeneous networks imply potential for heterogeneous addressing d Conclusion: cannot rely on hardware addressing 31 Internetworking With TCP/IP vol 1 -- Part 2 2005 Summary d TCP/IP is designed to use all types of networks – Connection-oriented – Connectionless – Local Area Network (LAN) – Wide Area Network (WAN) – Point-to-point link – Set of bridged networks Internetworking With TCP/IP vol 1 -- Part 2 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 32 2005 NOTES Summary (continued) d Each technology defines an addressing scheme d TCP/IP must accommodate heterogeneous addressing schemes Internetworking With TCP/IP vol 1 -- Part 2 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 33 2005 NOTES PART III INTERNETWORKING CONCEPT AND ARCHITECTURAL MODEL Internetworking With TCP/IP vol 1 -- Part 3 1 2005 Accommodating Heterogeneity d Approach 1 – Application gateways – Gateway forwards data from one network to another – Example: file transfer gateway d Approach 2 – Network-level gateways – Gateway forwards individual packets d Discussion question: which is better? Internetworking With TCP/IP vol 1 -- Part 3 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES Desired Properties d Universal service d End-to-end connectivity d Transparency Internetworking With TCP/IP vol 1 -- Part 3 3 2005 Agreement Needed To Achieve Desired Properties d Data formats d Procedures for exchanging information d Identification – Services – Computers – Applications d Broad concepts: naming and addressing Internetworking With TCP/IP vol 1 -- Part 3 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES The TCP/IP Internet Concept d Use available networks d Interconnect physical networks – Network of networks – Revolutionary when proposed d Devise abstractions that hide – Underlying architecture – Hardware addresses – Routes Internetworking With TCP/IP vol 1 -- Part 3 5 2005 Network Interconnection d Uses active system d Each network sees an additional computer attached d Device is IP router (originally called IP gateway) Internetworking With TCP/IP vol 1 -- Part 3 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES Illustration Of Network Interconnection Net 1 R Net 2 d Network technologies can differ – LAN and WAN – Connection-oriented and connectionless Internetworking With TCP/IP vol 1 -- Part 3 7 2005 Building An Internet d Use multiple IP routers d Ensure that each network is reachable d Do not need router between each pair of networks Internetworking With TCP/IP vol 1 -- Part 3 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES Example Of Multiple Networks Net 1 R2 Net 2 R2 Net 3 d Networks can be heterogeneous d No direct connection from network 1 to network 3 Internetworking With TCP/IP vol 1 -- Part 3 9 2005 Physical Connectivity In a TCP/IP internet, special computers called IP routers or IP gateways provide interconnections among physical networks. Internetworking With TCP/IP vol 1 -- Part 3 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES Packet Transmission Paradigm d Source computer – Generates a packet – Sends across one network to a router d Intermediate router – Forwards packet to ‘‘next’’ router d Final router – Delivers packet to destination Internetworking With TCP/IP vol 1 -- Part 3 11 2005 An Important Point About Forwarding Routers use the destination network, not the destination computer, when forwarding packets. Internetworking With TCP/IP vol 1 -- Part 3 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES Equal Treatment The TCP/IP internet protocols treat all networks equally. A Local Area Network such as an Ethernet, a Wide Area Network used as a backbone, or a point-to-point link between two computers each count as one network. Internetworking With TCP/IP vol 1 -- Part 3 13 2005 User’s View Of Internet d Single large (global) network d User’s computers all attach directly d No other structure visible Internetworking With TCP/IP vol 1 -- Part 3 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES Illustration Of User’s View Of A TCP/IP Internet user’s view Internetworking With TCP/IP vol 1 -- Part 3 15 2005 Actual Internet Architecture d Multiple physical networks interconnected d Each host attaches to one network d Single virtual network achieved through software that implements abstractions Internetworking With TCP/IP vol 1 -- Part 3 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES The Two Views Of A TCP/IP Internet user’s view Internetworking With TCP/IP vol 1 -- Part 3 actual connections 17 2005 Architectural Terminology d End-user system is called host computer – Connects to physical network – Possibly many hosts per network – Possibly more than one network connection per host d Dedicated systems called IP gateways or IP routers interconnect networks – Router connects two or more networks Internetworking With TCP/IP vol 1 -- Part 3 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES Many Unanswered Questions d Addressing model and relationship to hardware addresses d Format of packet as it travels through Internet d How a host handles concurrent communication with several other hosts Internetworking With TCP/IP vol 1 -- Part 3 19 2005 Summary d Internet is set of interconnected (possibly heterogeneous) networks d Routers provide interconnection d End-user systems are called host computers d Internetworking introduces abstractions that hide details of underlying networks Internetworking With TCP/IP vol 1 -- Part 3 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 20 2005 NOTES PART IV CLASSFUL INTERNET ADDRESSES 1 Internetworking With TCP/IP vol 1 -- Part 4 2005 Definitions d Name – Identifies what an entity is – Often textual (e.g., ASCII) d Address – Identifies where an entity is located – Often binary and usually compact – Sometimes called locator d Route – Identifies how to get to the object – May be distributed Internetworking With TCP/IP vol 1 -- Part 4 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES Internet Protocol Address (IP Address) d Analogous to hardware address d Unique value assigned as unicast address to each host on Internet d Used by Internet applications Internetworking With TCP/IP vol 1 -- Part 4 3 2005 IP Address Details d 32-bit binary value d Unique value assigned to each host in Internet d Values chosen to make routing efficient Internetworking With TCP/IP vol 1 -- Part 4 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES IP Address Division d Address divided into two parts – Prefix (network ID) identifies network to which host attaches – Suffix (host ID) identifies host on that network Internetworking With TCP/IP vol 1 -- Part 4 5 2005 Classful Addressing d Original IP scheme d Explains many design decisions d New schemes are backward compatible Internetworking With TCP/IP vol 1 -- Part 4 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES Desirable Properties Of An Internet Addressing Scheme d Compact (as small as possible) d Universal (big enough) d Works with all network hardware d Supports efficient decision making – Test whether a destination can be reached directly – Decide which router to use for indirect delivery – Choose next router along a path to the destination Internetworking With TCP/IP vol 1 -- Part 4 7 2005 Division Of Internet Address Into Prefix And Suffix d How should division be made? – Large prefix, small suffix means many possible networks, but each is limited in size – Large suffix, small prefix means each network can be large, but there can only be a few networks d Original Internet address scheme designed to accommodate both possibilities – Known as classful addressing Internetworking With TCP/IP vol 1 -- Part 4 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES Original IPv4 Address Classes 01 Class A 0 netid Class B 1 0 8 16 24 hostid netid Class C 1 1 0 31 hostid netid hostid Three Principle Classes 0123 Class D 1 1 1 0 31 IP multicast reserved Class E 1 1 1 1 0 Other (seldom used) Classes Internetworking With TCP/IP vol 1 -- Part 4 9 2005 Important Property d Classful addresses are self-identifying d Consequences – Can determine boundary between prefix and suffix from the address itself – No additional state needed to store boundary information – Both hosts and routers benefit Internetworking With TCP/IP vol 1 -- Part 4 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES Endpoint Identification Because IP addresses encode both a network and a host on that network, they do not specify an individual computer, but a connection to a network. Internetworking With TCP/IP vol 1 -- Part 4 11 2005 IP Address Conventions d When used to refer to a network – Host field contains all 0 bits d Broadcast on the local wire – Network and host fields both contain all 1 bits d Directed broadcast: broadcast on specific (possibly remote) network – Host field contains all 1 bits – Nonstandard form: host field contains all 0 bits Internetworking With TCP/IP vol 1 -- Part 4 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES Assignment Of IP Addresses d All hosts on same network assigned same address prefix – Prefixes assigned by central authority – Obtained from ISP d Each host on a network has a unique suffix – Assigned locally – Local administrator must ensure uniqueness Internetworking With TCP/IP vol 1 -- Part 4 13 2005 Advantages Of Classful Addressing d Computationally efficient – First bits specify size of prefix / suffix d Allows mixtures of large and small networks Internetworking With TCP/IP vol 1 -- Part 4 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES Directed Broadcast IP addresses can be used to specify a directed broadcast in which a packet is sent to all computers on a network; such addresses map to hardware broadcast, if available. By convention, a directed broadcast address has a valid netid and has a hostid with all bits set to 1. Internetworking With TCP/IP vol 1 -- Part 4 15 2005 Limited Broadcast d All 1’s d Broadcast limited to local network only (no forwarding) d Useful for bootstrapping Internetworking With TCP/IP vol 1 -- Part 4 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES All Zeros IP Address d Can only appear as source address d Used during bootstrap before computer knows its address d Means ‘‘this’’ computer Internetworking With TCP/IP vol 1 -- Part 4 17 2005 Internet Multicast d IP allows Internet multicast, but no Internet-wide multicast delivery system currently in place d Class D addresses reserved for multicast d Each address corresponds to group of participating computers d IP multicast uses hardware multicast when available d More later in the course Internetworking With TCP/IP vol 1 -- Part 4 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES Consequences Of IP Addressing d If a host computer moves from one network to another, its IP address must change d For a multi-homed host (with two or more addresses), the path taken by packets depends on the address used Internetworking With TCP/IP vol 1 -- Part 4 19 2005 Multi-Homed Hosts And Reliability NETWORK 1 I1 R I2 A I4 I3 B I5 NETWORK 2 d Knowing that B is multi-homed increases reliability d If interface I3 is down, host A can send to the interface I5 Internetworking With TCP/IP vol 1 -- Part 4 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 20 2005 NOTES Dotted Decimal Notation d Syntactic form for expressing 32-bit address d Used throughout the Internet and associated literature d Represents each octet in decimal separated by periods (dots) 21 Internetworking With TCP/IP vol 1 -- Part 4 2005 Example Of Dotted Decimal Notation d A 32-bit number in binary 10000000 00001010 00000010 00000011 d The same 32-bit number expressed in dotted decimal notation 128 . 10 . 2 . 3 Internetworking With TCP/IP vol 1 -- Part 4 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 22 2005 NOTES Loopback Address d Used for testing d Refers to local computer (never sent to Internet) d Address is 127.0.0.1 Internetworking With TCP/IP vol 1 -- Part 4 23 2005 Classful Address Ranges Class Lowest Address A B C D E Internetworking With TCP/IP vol 1 -- Part 4 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 1.0.0.0 128.1.0.0 192.0.1.0 224.0.0.0 240.0.0.0 24 Highest Address 126.0.0.0 191.255.0.0 223.255.255.0 239.255.255.255 255.255.255.254 2005 NOTES Summary Of Address Conventions This host 1 all 0s all 0s host Limited broadcast (local net) 2 all 1s net all 1s 127 anything (often 1) Notes: 1 2 3 Host on this net 1 Directed broadcast for net 2 Loopback 3 Allowed only at system startup and is never a valid destination address. Never a valid source address. Should never appear on a network. Internetworking With TCP/IP vol 1 -- Part 4 25 2005 An Example Of IP Addresses ETHERNET 128.10.0.0 WI-FI NETWORK 128.210.0.0 ISP 9.0.0.0 routers Internetworking With TCP/IP vol 1 -- Part 4 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 26 2005 NOTES Example Host Addresses ETHERNET 128.10.0.0 128.10.2.3 MERLIN (multi-homed host) 128.10.2.8 GUENEVERE (Ethernet host) 128.10.2.26 LANCELOT (Ethernet host) 128.210.0.3 To ISP 128.10.0.6 128.210.50 WI-FI NETWORK 128.210.0.0 128.10.2.70 TALIESYN (router) GLATISANT (router) 128.210.0.1 ARTHUR (Wi-Fi host) Internetworking With TCP/IP vol 1 -- Part 4 27 2005 Another Addressing Example d Assume an organization has three networks d Organization obtains three prefixes, one per network d Host address must begin with network prefix Internetworking With TCP/IP vol 1 -- Part 4 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 28 2005 NOTES Illustration Of IP Addressing Rest of the Internet Hosts and routers using other addresses Router to Internet R1 Site with three networks 128.10.0.0 R2 R3 192.5.48.0 128.211.0.0 128.211 .0.9 H1 Example host 29 Internetworking With TCP/IP vol 1 -- Part 4 2005 Summary d IP address – 32 bits long – Prefix identifies network – Suffix identifies host d Classful addressing uses first few bits of address to determine boundary between prefix and suffix Internetworking With TCP/IP vol 1 -- Part 4 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 30 2005 NOTES Summary (continued) d Special forms of addresses handle – Limited broadcast – Directed broadcast – Network identification – This host – Loopback Internetworking With TCP/IP vol 1 -- Part 4 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 31 2005 NOTES PART V MAPPING INTERNET ADDRESSES TO PHYSICAL ADDRESSES (ARP) 1 Internetworking With TCP/IP vol 1 -- Part 5 2005 Motivation d Must use hardware (physical) addresses to communicate over network d Applications only use Internet addresses Internetworking With TCP/IP vol 1 -- Part 5 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES Example d Computers A and B on same network d Application on A generates packet for application on B d Protocol software on A must use B’s hardware address when sending a packet 3 Internetworking With TCP/IP vol 1 -- Part 5 2005 Consequence d Protocol software needs a mechanism that maps an IP address to equivalent hardware address d Known as address resolution problem Internetworking With TCP/IP vol 1 -- Part 5 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES Address Resolution d Performed at each step along path through Internet d Two basic algorithms – Direct mapping – Dynamic binding d Choice depends on type of hardware Internetworking With TCP/IP vol 1 -- Part 5 5 2005 Direct Mapping d Easy to understand d Efficient d Only works when hardware address is small d Technique: assign computer an IP address that encodes the hardware address Internetworking With TCP/IP vol 1 -- Part 5 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES Example Of Direct Mapping d Hardware: proNet ring network d Hardware address: 8 bits d Assume IP address 192.5.48.0 (24-bit prefix) d Assign computer with hardware address K an IP address 192.5.48.K d Resolving an IP address means extracting the hardware address from low-order 8 bits Internetworking With TCP/IP vol 1 -- Part 5 7 2005 Dynamic Binding d Needed when hardware addresses are large (e.g., Ethernet) d Allows computer A to find computer B’s hardware address – A starts with B’s IP address – A knows B is on the local network d Technique: broadcast query and obtain response d Note: dynamic binding only used across one network at a time Internetworking With TCP/IP vol 1 -- Part 5 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES Internet Address Resolution Protocol (ARP) d Standard for dynamic address resolution in the Internet d Requires hardware broadcast d Intended for LAN d Important idea: ARP only used to map addresses within a single physical network, never across multiple networks Internetworking With TCP/IP vol 1 -- Part 5 9 2005 ARP d Machine A broadcasts ARP request with B’s IP address d All machines on local net receive broadcast d Machine B replies with its physical address d Machine A adds B’s address information to its table d Machine A delivers packet directly to B Internetworking With TCP/IP vol 1 -- Part 5 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES Illustration Of ARP Request And Reply Messages X A B Y A broadcasts request for B (across local net only) A X Y B B replies to request 11 Internetworking With TCP/IP vol 1 -- Part 5 2005 ARP Packet Format When Used With Ethernet 0 8 16 ETHERNET ADDRESS TYPE (1) ETH ADDR LEN (6) 31 IP ADDRESS TYPE (0800) IP ADDR LEN (4) OPERATION SENDER’S ETH ADDR (first 4 octets) SENDER’S ETH ADDR (last 2 octets) SENDER’S IP ADDR (first 2 octets) SENDER’S IP ADDR (last 2 octets) TARGET’S ETH ADDR (first 2 octets) TARGET’S ETH ADDR (last 4 octets) TARGET’S IP ADDR (all 4 octets) Internetworking With TCP/IP vol 1 -- Part 5 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES Observations About Packet Format d General: can be used with – Arbitrary hardware address – Arbitrary protocol address (not just IP) d Variable length fields (depends on type of addresses) d Length fields allow parsing of packet by computer that does not understand the two address types Internetworking With TCP/IP vol 1 -- Part 5 13 2005 Retention Of Bindings d Cannot afford to send ARP request for each packet d Solution – Maintain a table of bindings d Effect – Use ARP one time, place results in table, and then send many packets Internetworking With TCP/IP vol 1 -- Part 5 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES ARP Caching d ARP table is a cache d Entries time out and are removed d Avoids stale bindings d Typical timeout: 20 minutes Internetworking With TCP/IP vol 1 -- Part 5 15 2005 Algorithm For Processing ARP Requests d Extract sender’s pair, (IA, EA) and update local ARP table if it exists d If this is a request and the target is ‘‘me’’ – Add sender’s pair to ARP table if not present – Fill in target hardware address – Exchange sender and target entries – Set operation to reply – Send reply back to requester Internetworking With TCP/IP vol 1 -- Part 5 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES Algorithm Features d If A ARPs B, B keeps A’s information – B will probably send a packet to A soon d If A ARPs B, other machines do not keep A’s information – Avoids clogging ARP caches needlessly Internetworking With TCP/IP vol 1 -- Part 5 17 2005 Conceptual Purpose Of ARP d Isolates hardware address at low level d Allows application programs to use IP addresses Internetworking With TCP/IP vol 1 -- Part 5 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES ARP Encapsulation d ARP message travels in data portion of network frame d We say ARP message is encapsulated Internetworking With TCP/IP vol 1 -- Part 5 19 2005 Illustration Of ARP Encapsulation ARP MESSAGE FRAME HEADER Internetworking With TCP/IP vol 1 -- Part 5 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. FRAME DATA AREA 20 2005 NOTES Ethernet Encapsulation d ARP message placed in frame data area d Data area padded with zeroes if ARP message is shorter than minimum Ethernet frame d Ethernet type 0x0806 used for ARP Internetworking With TCP/IP vol 1 -- Part 5 21 2005 Reverse Address Resolution Protocol d Maps Ethernet address to IP address d Same packet format as ARP d Intended for bootstrap – Computer sends its Ethernet address – RARP server responds by sending computer’s IP address d Seldom used (replaced by DHCP) Internetworking With TCP/IP vol 1 -- Part 5 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 22 2005 NOTES Summary d Computer’s IP address independent of computer’s hardware address d Applications use IP addresses d Hardware only understands hardware addresses d Must map from IP address to hardware address for transmission d Two types – Direct mapping – Dynamic mapping 23 Internetworking With TCP/IP vol 1 -- Part 5 2005 Summary (continued) d Address Resolution Protocol (ARP) used for dynamic address mapping d Important for Ethernet d Sender broadcasts ARP request, and target sends ARP reply d ARP bindings are cached d Reverse ARP was originally used for bootstrap Internetworking With TCP/IP vol 1 -- Part 5 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 24 2005 NOTES PART VI INTERNET PROTOCOL: CONNECTIONLESS DATAGRAM DELIVERY Internetworking With TCP/IP vol 1 -- Part 6 1 2005 Internet Protocol d One of two major protocols in TCP/IP suite d Major goals – Hide heterogeneity – Provide the illusion of a single large network – Virtualize access Internetworking With TCP/IP vol 1 -- Part 6 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES The Concept IP allows a user to think of an internet as a single virtual network that interconnects all hosts, and through which communication is possible; its underlying architecture is both hidden and irrelevant. Internetworking With TCP/IP vol 1 -- Part 6 3 2005 Internet Services And Architecture Of Protocol Software APPLICATION SERVICES RELIABLE TRANSPORT SERVICE CONNECTIONLESS PACKET DELIVERY SERVICE d Design has proved especially robust Internetworking With TCP/IP vol 1 -- Part 6 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES IP Characteristics d Provides connectionless packet delivery service d Defines three important items – Internet addressing scheme – Format of packets for the (virtual) Internet – Packet forwarding Internetworking With TCP/IP vol 1 -- Part 6 5 2005 Internet Packet d Analogous to physical network packet d Known as IP datagram Internetworking With TCP/IP vol 1 -- Part 6 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES IP Datagram Layout DATAGRAM HEADER DATAGRAM DATA AREA d Header contains – Source Internet address – Destination Internet address – Datagram type field d Payload contains data being carried 7 Internetworking With TCP/IP vol 1 -- Part 6 2005 Datagram Header Format 0 4 VERS 8 HLEN 16 19 TYPE OF SERVICE IDENT TTL 24 31 TOTAL LENGTH FLAGS TYPE FRAGMENT OFFSET HEADER CHECKSUM SOURCE IP ADDRESS DESTINATION IP ADDRESS IP OPTIONS (MAY BE OMITTED) PADDING BEGINNING OF PAYLOAD (DATA) . . . Internetworking With TCP/IP vol 1 -- Part 6 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES Addresses In The Header d SOURCE is the address of original source d DESTINATION is the address of ultimate destination 9 Internetworking With TCP/IP vol 1 -- Part 6 2005 IP Versions d Version field in header defines version of datagram d Internet currently uses version 4 of IP, IPv4 d Preceding figure is the IPv4 datagram format d IPv6 discussed later in the course Internetworking With TCP/IP vol 1 -- Part 6 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES Datagram Encapsulation d Datagram encapsulated in network frame d Network hardware treats datagram as data d Frame type field identifies contents as datagram – Set by sending computer – Tested by receiving computer 11 Internetworking With TCP/IP vol 1 -- Part 6 2005 Datagram Encapsulation For Ethernet IP HEADER IP DATA FRAME HEADER FRAME DATA d Ethernet header contains Ethernet hardware addresses d Ethernet type field set to 0x0800 Internetworking With TCP/IP vol 1 -- Part 6 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES Datagram Encapsulated In Ethernet Frame 02 07 01 00 27 ba 08 00 2b 0d 44 a7 08 00 45 00 00 54 82 68 00 00 f f 01 35 21 80 0a 02 03 80 0a 02 08 08 00 73 0b d4 6d 00 00 04 3b 8c 28 28 20 0d 00 08 09 0a 0b 0c 0d 0e 0 f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1 f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2 f 30 31 32 33 34 35 36 37 d 20-octet IP header follows Ethernet header d IP source: 128.10.2.3 (800a0203) d IP destination: 128.10.2.8 (800a0208) d IP type: 01 (ICMP) Internetworking With TCP/IP vol 1 -- Part 6 13 2005 Standards For Encapsulation d TCP/IP protocols define encapsulation for each possible type of network hardware – Ethernet – Frame Relay – Others Internetworking With TCP/IP vol 1 -- Part 6 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES Encapsulation Over Serial Networks d Serial hardware transfers stream of octets – Leased serial data line – Dialup telephone connection d Encapsulation of IP on serial network – Implemented by software – Both ends must agree d Most common standards: Point to Point Protocol (PPP) Internetworking With TCP/IP vol 1 -- Part 6 15 2005 A Potential Problem d A datagram can contain up to 65535 total octets (including header) d Network hardware limits maximum size of frame (e.g., Ethernet limited to 1500 octets) – Known as the network Maximum Transmission Unit ( MTU ) d Question: how is encapsulation handled if datagram exceeds network MTU? Internetworking With TCP/IP vol 1 -- Part 6 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES Possible Ways To Accommodate Networks With Differing MTUs d Force datagram to be less than smallest possible MTU – Inefficient – Cannot know minimum MTU d Hide the network MTU and accommodate arbitrary datagram size Internetworking With TCP/IP vol 1 -- Part 6 17 2005 Accommodating Large Datagrams d Cannot send large datagram in single frame d Solution – Divide datagram into pieces – Send each piece in a frame – Called datagram fragmentation Internetworking With TCP/IP vol 1 -- Part 6 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES Illustration Of When Fragmentation Needed Host A Host B Net 1 Net 3 MTU=1500 R1 Net 2 MTU=620 MTU=1500 R2 d Hosts A and B send datagrams of up to 1500 octets d Router R1 fragments large datagrams from Host A before sending over Net 2 d Router R2 fragments large datagrams from Host B before sending over Net 2 Internetworking With TCP/IP vol 1 -- Part 6 19 2005 Datagram Fragmentation d Performed by routers d Divides datagram into several, smaller datagrams called fragments d Fragment uses same header format as datagram d Each fragment forwarded independently Internetworking With TCP/IP vol 1 -- Part 6 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 20 2005 NOTES Illustration Of Fragmentation Original datagram . . . . . . . . . . . data2 600 bytes . . . . . . . . . . . Header data1 600 bytes data3 200 bytes Header1 data1 fragment #1 (offset of 0) Header2 data2 fragment #2 (offset of 600) Header3 data3 fragment #3 (offset of 1200) d Offset specifies where data belongs in original datagram d Offset actually stored as multiples of 8 octets d MORE FRAGMENTS bit turned off in header of fragment #3 Internetworking With TCP/IP vol 1 -- Part 6 21 2005 Fragmenting A Fragment d Fragment can be further fragmented d Occurs when fragment reaches an even-smaller MTU d Discussion: which fields of the datagram header are used, and what is the algorithm? Internetworking With TCP/IP vol 1 -- Part 6 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 22 2005 NOTES Reassembly d Ultimate destination puts fragments back together – Key concept! – Needed in a connectionless Internet d Known as reassembly d No need to reassemble subfragments first d Timer used to ensure all fragments arrive – Timer started when first fragment arrives – If timer expires, entire datagram discarded 23 Internetworking With TCP/IP vol 1 -- Part 6 2005 Time To Live d TTL field of datagram header decremented at each hop (i.e., each router) d If TTL reaches zero, datagram discarded d Prevents datagrams from looping indefinitely (in case forwarding error introduces loop) d IETF recommends initial value of 255 (max) Internetworking With TCP/IP vol 1 -- Part 6 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 24 2005 NOTES Checksum Field In Datagram Header d 16-bit 1’s complement checksum d Over IP header only! d Recomputed at each hop 25 Internetworking With TCP/IP vol 1 -- Part 6 2005 IP Options d Seldom used d Primarily for debugging d Only some options copied into fragments d Are variable length d Note: padding needed because header length measured in 32-bit multiples d Option starts with option code octet Internetworking With TCP/IP vol 1 -- Part 6 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 26 2005 NOTES Option Code Octet 0 COPY 1 2 3 4 OPTION CLASS 5 6 7 OPTION NUMBER Option Class Meaning 0 1 2 3 Datagram or network control Reserved for future use Debugging and measurement Reserved for future use 27 Internetworking With TCP/IP vol 1 -- Part 6 2005 IP Semantics d IP uses best-effort delivery – Makes an attempt to deliver – Does not guarantee delivery d In the Internet, routers become overrun or change routes, meaning that: – Datagrams can be lost – Datagrams can be duplicated – Datagrams can arrive out of order or scrambled d Motivation: allow IP to operate over the widest possible variety of physical networks Internetworking With TCP/IP vol 1 -- Part 6 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 28 2005 NOTES Output From PING Program PING venera.isi.edu (128.9.0.32): 64 data bytes at 1.0000 second intervals 72 72 72 72 72 bytes bytes bytes bytes bytes from from from from from 128.9.0.32: 128.9.0.32: 128.9.0.32: 128.9.0.32: 128.9.0.32: icmp_seq=0. icmp_seq=1. icmp_seq=1. icmp_seq=2. icmp_seq=3. time=170. time=150. time=160. time=160. time=160. ms ms ms ms ms ----venera.isi.edu PING Statistics---4 packets transmitted, 5 packets received, -25% packet loss round-trip (ms) min/avg/max = 150/160/170 d Shows actual case of duplication Internetworking With TCP/IP vol 1 -- Part 6 29 2005 Summary d Internet Protocol provides basic connectionless delivery service for the Internet d IP defines IP datagram to be the format of packets on the Internet d Datagram header – Has fixed fields – Specifies source, destination, and type – Allows options d Datagram encapsulated in network frame for transmission Internetworking With TCP/IP vol 1 -- Part 6 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 30 2005 NOTES Summary (continued) d Fragmentation – Needed when datagram larger than MTU – Usually performed by routers – Divides datagram into fragments d Reassembly – Performed by ultimate destination – If some fragment(s) do not arrive, datagram discarded d To accommodate all possible network hardware, IP does not require reliability (best-effort semantics) Internetworking With TCP/IP vol 1 -- Part 6 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 31 2005 NOTES PART VII INTERNET PROTOCOL: FORWARDING IP DATAGRAMS Internetworking With TCP/IP vol 1 -- Part 7 1 2005 Datagram Transmission d Host delivers datagrams to directly connected machines d Host sends datagrams that cannot be delivered directly to router d Routers forward datagrams to other routers d Final router delivers datagram directly Internetworking With TCP/IP vol 1 -- Part 7 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES Question Does a host need to make forwarding choices? Answer: YES! 3 Internetworking With TCP/IP vol 1 -- Part 7 2005 Example Host That Must Choose How To Forward Datagrams path to some path to other destinations destinations R1 R2 HOST d Note: host is singly homed! Internetworking With TCP/IP vol 1 -- Part 7 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES Two Broad Cases d Direct delivery – Ultimate destination can be reached over one network – The ‘‘last hop’’ along a path – Also occurs when two communicating hosts both attach to the same physical network d Indirect delivery – Requires intermediary (router) Internetworking With TCP/IP vol 1 -- Part 7 5 2005 Important Design Decision Transmission of an IP datagram between two machines on a single physical network does not involve routers. The sender encapsulates the datagram in a physical frame, binds the destination IP address to a physical hardware address, and sends the resulting frame directly to the destination. Internetworking With TCP/IP vol 1 -- Part 7 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES Testing Whether A Destination Lies On The Same Physical Network As The Sender Because the Internet addresses of all machines on a single network include a common network prefix and extracting that prefix requires only a few machine instructions, testing whether a machine can be reached directly is extremely efficient. Internetworking With TCP/IP vol 1 -- Part 7 7 2005 Datagram Forwarding d General paradigm – Source host sends to first router – Each router passes datagram to next router – Last router along path delivers datagram to destination host d Only works if routers cooperate Internetworking With TCP/IP vol 1 -- Part 7 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES General Concept Routers in a TCP/IP Internet form a cooperative, interconnected structure. Datagrams pass from router to router until they reach a router that can deliver the datagram directly. Internetworking With TCP/IP vol 1 -- Part 7 9 2005 Efficient Forwarding d Decisions based on table lookup d Routing tables keep only network portion of addresses (size proportional to number of networks, not number of hosts) d Extremely efficient – Lookup – Route update Internetworking With TCP/IP vol 1 -- Part 7 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES Important Idea d Table used to decide how to send datagram known as routing table (also called a forwarding table) d Routing table only stores address of next router along the path d Scheme is known as next-hop forwarding or next-hop routing 11 Internetworking With TCP/IP vol 1 -- Part 7 2005 Terminology d Originally – Routing used to refer to passing datagram from router to router d More recently – Purists decided to use forwarding to refer to the process of looking up a route and sending a datagram d But... – Table is usually called a routing table Internetworking With TCP/IP vol 1 -- Part 7 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES Conceptual Contents Of Routing Table Found In An IP Router 20.0.0.5 Network 10.0.0.0 Q 30.0.0.6 Network 20.0.0.0 10.0.0.5 R 40.0.0.7 Network 30.0.0.0 20.0.0.6 S Network 40.0.0.0 30.0.0.7 An example Internet with IP addresses TO REACH NETWORK ROUTE TO THIS ADDRESS 20.0.0.0 / 8 DELIVER DIRECT 30.0.0.0 / 8 DELIVER DIRECT 10.0.0.0 / 8 20.0.0.5 40.0.0.0 / 8 30.0.0.7 The routing table for router R 13 Internetworking With TCP/IP vol 1 -- Part 7 2005 Special Cases d Default route d Host-specific route Internetworking With TCP/IP vol 1 -- Part 7 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES Default Route d Special entry in IP routing table d Matches ‘‘any’’ destination address d Only one default permitted d Only selected if no other match in table Internetworking With TCP/IP vol 1 -- Part 7 15 2005 Host-Specific Route d Entry in routing table d Matches entire 32-bit value d Can be used to send traffic for a specific host along a specific path (i.e., can differ from the network route) d More later in the course Internetworking With TCP/IP vol 1 -- Part 7 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES Level Of Forwarding Algorithm EXAMINATION OR DATAGRAM UPDATES OF ROUTES TO BE FORWARDED ROUTING FORWARDING TABLE ALGORITHM IP addresses used Physical addresses used DATAGRAM TO BE SENT PLUS ADDRESS OF NEXT HOP d Routing table uses IP addresses, not physical addresses Internetworking With TCP/IP vol 1 -- Part 7 17 2005 Summary d IP uses routing table to forward datagrams d Routing table – Stores pairs of network prefix and next hop – Can contain host-specific routes and a default route Internetworking With TCP/IP vol 1 -- Part 7 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES PART VIII ERROR AND CONTROL MESSAGES (ICMP) Internetworking With TCP/IP vol 1 -- Part 8 1 2005 Errors In Packet Switching Networks d Causes include – Temporary or permanent disconnection – Hardware failures – Router overrun – Routing loops d Need mechanisms to detect and correct Internetworking With TCP/IP vol 1 -- Part 8 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES Error Detection And Reporting Mechanisms d IP header checksum to detect transmission errors d Error reporting mechanism to distinguish between events such as lost datagrams and incorrect addresses d Higher level protocols (i.e., TCP) must handle all other problems Internetworking With TCP/IP vol 1 -- Part 8 3 2005 Error Reporting Mechanism d Named Internet Control Message Protocol (ICMP) d Required and integral part of IP d Used primarily by routers to report delivery or routing problems to original source d Also includes informational (nonerror) functionality d Uses IP to carry control messages d No error messages sent about error messages Internetworking With TCP/IP vol 1 -- Part 8 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES ICMP Purpose The Internet Control Message Protocol allows a router to send error or control messages to the source of a datagram, typically a host. ICMP provides communication between the Internet Protocol software on one machine and the Internet Protocol software on another. Internetworking With TCP/IP vol 1 -- Part 8 5 2005 Error Reporting Vs. Error Correction d ICMP does not – Provide interaction between a router and the source of trouble – Maintain state information (each packet is handled independently) d Consequence When a datagram causes an error, ICMP can only report the error condition back to the original source of the datagram; the source must relate the error to an individual application program or take other action to correct the problem. Internetworking With TCP/IP vol 1 -- Part 8 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES Important Restriction d ICMP only reports problems to original source d Discussion question: what major problem in the Internet cannot be handled with ICMP? Internetworking With TCP/IP vol 1 -- Part 8 7 2005 ICMP Encapsulation d ICMP message travels in IP datagram d Entire ICMP message treated as data in the datagram d Two levels of encapsulation result Internetworking With TCP/IP vol 1 -- Part 8 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES ICMP Message Encapsulation ICMP MESSAGE IP HEADER IP DATA FRAME HEADER FRAME DATA d ICMP message has header and data area d Complete ICMP message is treated as data in IP datagram d Complete IP datagram is treated as data in physical network frame Internetworking With TCP/IP vol 1 -- Part 8 9 2005 Example Encapsulation In Ethernet 02 07 01 00 27 ba 08 00 2b 0d 44 a7 08 00 45 00 00 54 82 68 00 00 f f 01 35 21 80 0a 02 03 80 0a 02 08 08 00 73 0b d4 6d 00 00 04 3b 8c 28 28 20 0d 00 08 09 0a 0b 0c 0d 0e 0 f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1 f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2 f 30 31 32 33 34 35 36 37 d ICMP header follows IP header, and contains eight bytes d ICMP type field specifies echo request message (08) d ICMP sequence number is zero Internetworking With TCP/IP vol 1 -- Part 8 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES ICMP Message Format d Multiple message types d Each message has its own format d Messages – Begin with 1-octet TYPE field that identifies which of the basic ICMP message types follows – Some messages have a 1-octet CODE field that further classifies the message d Example – TYPE specifies destination unreachable – CODE specifies whether host or network was unreachable Internetworking With TCP/IP vol 1 -- Part 8 11 2005 ICMP Message Types Type Field ICMP Message Type 0 3 4 5 6 8 9 10 11 12 13 14 15 16 17 18 Echo Reply Destination Unreachable Source Quench Redirect (change a route) Alternate Host Address Echo Request Router Advertisement Router Solicitation Time Exceeded for a Datagram Parameter Problem on a Datagram Timestamp Request Timestamp Reply Information Request Information Reply Address Mask Request Address Mask Reply Internetworking With TCP/IP vol 1 -- Part 8 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES ICMP Message Types (continued) Type Field ICMP Message Type 30 31 32 33 34 35 36 37 38 39 40 Traceroute Datagram Conversion Error Mobile Host Redirect IPv6 Where-Are-You IPv6 I-Am-Here Mobile Registration Request Mobile Registration Reply Domain Name Request Domain Name Reply SKIP Photuris 13 Internetworking With TCP/IP vol 1 -- Part 8 2005 Example ICMP Message (ICMP Echo Request) 0 8 TYPE (8 or 0) 16 CODE (0) 31 CHECKSUM IDENTIFIER SEQUENCE NUMBER OPTIONAL DATA ... d Sent by ping program d Used to test reachability Internetworking With TCP/IP vol 1 -- Part 8 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES Example ICMP Message (Destination Unreachable) 0 8 TYPE (3) 16 CODE (0-12) 31 CHECKSUM UNUSED (MUST BE ZERO) INTERNET HEADER + FIRST 64 BITS OF DATAGRAM ... d Used to report that datagram could not be delivered d Code specifies details 15 Internetworking With TCP/IP vol 1 -- Part 8 2005 Example ICMP Message (Redirect) 0 8 TYPE (5) 16 CODE (0 to 3) 31 CHECKSUM ROUTER INTERNET ADDRESS INTERNET HEADER + FIRST 64 BITS OF DATAGRAM ... d Used to report incorrect route Internetworking With TCP/IP vol 1 -- Part 8 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES Situation Where An ICMP Redirect Cannot Be Used R2 R3 R1 R5 S D R4 d R5 cannot redirect R1 to use shorter path 17 Internetworking With TCP/IP vol 1 -- Part 8 2005 Example ICMP Message (Time Exceeded) 0 8 TYPE (11) 16 CODE (0 or 1) 31 CHECKSUM UNUSED (MUST BE ZERO) INTERNET HEADER + FIRST 64 BITS OF DATAGRAM ... d At least one fragment failed to arrive, or d TTL field in IP header reached zero Internetworking With TCP/IP vol 1 -- Part 8 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES ICMP Trick d Include datagram that caused problem in the error message – Efficient (sender must determine how to correct problem) – Eliminates need to construct detailed message d Problem: entire datagram may be too large d Solution: send IP header plus 64 bits of data area (sufficient in most cases) 19 Internetworking With TCP/IP vol 1 -- Part 8 2005 Summary d ICMP – Required part of IP – Used to report errors to original source – Reporting only: no interaction or error correction d Several ICMP message types, each with its own format d ICMP message begins with 1-octet TYPE field d ICMP encapsulated in IP for delivery Internetworking With TCP/IP vol 1 -- Part 8 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 20 2005 NOTES PART IX INTERNET PROTOCOL: CLASSLESS AND SUBNET ADDRESS EXTENSIONS (CIDR) Internetworking With TCP/IP vol 1 -- Part 9 1 2005 Recall In the original IP addressing scheme, each physical network is assigned a unique network address; each host on a network has the network address as a prefix of the host’s individual address. d Routers only examine prefix (small routing tables) Internetworking With TCP/IP vol 1 -- Part 9 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES An Observation d Division into prefix and suffix means: site can assign and use IP addresses in unusual ways provided – All hosts and routers at the site honor the site’s scheme – Other sites on the Internet can treat addresses as a network prefix and a host suffix Internetworking With TCP/IP vol 1 -- Part 9 3 2005 Classful Addressing d Three possible classes for networks d Class C network limited to 254 hosts (cannot use all-1s or all-0s) d Personal computers result in networks with many hosts d Class B network allows many hosts, but insufficient class B prefixes Internetworking With TCP/IP vol 1 -- Part 9 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES Question d How can we minimize the number of assigned network prefixes (especially class B) without abandoning the 32-bit addressing scheme? Internetworking With TCP/IP vol 1 -- Part 9 5 2005 Two Answers To The Minimization Question d Proxy ARP d Subnet addressing Internetworking With TCP/IP vol 1 -- Part 9 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES Proxy ARP d Layer 2 solution d Allow two physical networks to share a single IP prefix d Arrange special system to answer ARP requests and forward datagrams between networks 7 Internetworking With TCP/IP vol 1 -- Part 9 2005 Illustration Of Proxy ARP Main Network H1 H2 H3 Router running proxy ARP R H4 H5 Hidden Network d Hosts think they are on same network d Known informally as the ARP hack Internetworking With TCP/IP vol 1 -- Part 9 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES Assessment Of Proxy ARP d Chief advantages – Transparent to hosts – No change in IP routing tables d Chief disadvantages – Does not generalize to complex topology – Only works on networks that use ARP – Most proxy ARP systems require manual configuration Internetworking With TCP/IP vol 1 -- Part 9 9 2005 Subnet Addressing d Not part of original TCP/IP address scheme d Allows an organization to use a single network prefix for multiple physical networks d Subdivides the host suffix into a pair of fields for physical network and host d Interpreted only by routers and hosts at the site; treated like normal address elsewhere Internetworking With TCP/IP vol 1 -- Part 9 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES Example Of Subnet Addressing Network 128.10.1.0 128.10.1.1 H1 REST OF THE INTERNET 128.10.1.2 H2 R Network 128.10.2.0 128.10.2.1 H3 all traffic to 128.10.2.2 H4 128.10.0.0 d Both physical networks share prefix 128.10 d Router R uses third octet of address to choose physical net Internetworking With TCP/IP vol 1 -- Part 9 11 2005 Interpretation Of Addresses d Classful interpretation is two-level hierarchy – Physical network identified by prefix – Host on the net identified by suffix d Subnetted interpretation is three-level hierarchy – Site identified by network prefix – Physical net at site identified by part of suffix – Host on the net identified by remainder of suffix Internetworking With TCP/IP vol 1 -- Part 9 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES Example Of Address Interpretation (Subnetted Class B Address) Internet part . . . . . . . . . . . . . . . . . . . local part . . . . . . . . . . . . . . . . . . . Internet part . . . . . . . . . . . . . . . . . . . physical network host Note: in this case, 16-bit host portion is divided into two 8-bit fields Internetworking With TCP/IP vol 1 -- Part 9 13 2005 Choice Of Subnet Size d How should host portion of address be divided? d Answer depends on topology at site and number of hosts per network Internetworking With TCP/IP vol 1 -- Part 9 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 Example Of Site With Hierarchical Topology To rest of Internet R1 Network 1 R2 R3 Network 2 R4 Network 3 R5 Network 4 Network 5 15 Internetworking With TCP/IP vol 1 -- Part 9 2005 Illustration Of Subnet Addressing Rest of the Internet Subnet address treated as normal IP address Router at site R1 Subnet identified by using part of host portion to identify physical net 128.10.1.0 R2 R3 128.10.2.0 128.10.3.0 Site using third octet to subnet address 128.10.0.0 Internetworking With TCP/IP vol 1 -- Part 9 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES NOTES Address Mask d Each physical network is assigned 32-bit address mask (also called subnet mask) d One bits in mask cover network prefix plus zero or more bits of suffix portion d Logical and between mask and destination IP address extracts the prefix and subnet portions Internetworking With TCP/IP vol 1 -- Part 9 17 2005 Two Possible Mask Assignments d Fixed-length subnet masks d Variable-length subnet masks Internetworking With TCP/IP vol 1 -- Part 9 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES Fixed-length Subnet Masks d Organization uses same mask on all networks d Advantages – Uniformity – Ease of debugging / maintenance d Disadvantages – Number of nets fixed for entire organization – Size of physical nets fixed for entire organization Internetworking With TCP/IP vol 1 -- Part 9 19 2005 Possible Fixed-Length Subnets For Sixteen Bit Host Address Bits in mask # subnets # hosts/subnet 16 18 19 20 21 22 23 1 2 6 14 30 62 126 65534 16382 8190 4094 2046 1022 510 24 254 254 25 26 27 28 29 30 510 1022 2046 4094 8190 16382 126 62 30 14 6 2 d All-0s and all-1s values must be omitted d Organization chooses one line in table Internetworking With TCP/IP vol 1 -- Part 9 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 20 2005 NOTES Variable-Length Subnet Masks (VLSM) d Administrator chooses size for each physical network d Mask assigned on per-network basis d Advantages – Flexibility to mix large and small nets – More complete use of address space d Disadvantages – Difficult to assign / administer – Potential address ambiguity – More routes Internetworking With TCP/IP vol 1 -- Part 9 21 2005 Use Of Address Space (Start With 16 Bits Of Host Suffix) d One possible VLSM assignment (92.9% of addresses used) – 11 networks of 2046 hosts each – 24 networks of 254 hosts each – 256 networks of 126 hosts each d Another possible VLSM assignment (93.1% of addresses used) – 9 networks of 2046 hosts each – 2 networks of 1022 hosts each – 40 networks of 510 hosts each – 160 networks of 126 hosts each Internetworking With TCP/IP vol 1 -- Part 9 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 22 2005 NOTES Subnet Details d Two interesting facts – Can assign all-0’s or all-1’s subnet – Can assign noncontiguous subnet mask bits d In practice – Should avoid both d Discussion question: why does the subnet standard allow the all-1’s and all-0’s subnet numbers? Internetworking With TCP/IP vol 1 -- Part 9 23 2005 VLSM Example d Use low-order sixteen bits of 128.10.0.0 d Create seven subnets d Subnet 1 – Up to 254 hosts – Subnet mask is 24 bits d Subnets 2 through 7 – Up to 62 hosts each – Subnet mask is 26 bits Internetworking With TCP/IP vol 1 -- Part 9 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 24 2005 NOTES Example VLSM Prefixes d Subnet 1 (up to 254 hosts) mask: 11111111 11111111 11111111 00000000 prefix: 10000000 00001010 00000001 00000000 d Subnet 2 (up to 62 hosts) mask: 11111111 11111111 11111111 11000000 prefix: 10000000 00001010 00000000 10000000 d Subnet 3 (up to 62 hosts) mask: 11111111 11111111 11111111 11000000 prefix: 10000000 00001010 00000000 11000000 25 Internetworking With TCP/IP vol 1 -- Part 9 2005 Example VLSM Prefixes (continued) d Subnet 4 (up to 62 hosts) mask: 11111111 11111111 11111111 11000000 prefix: 10000000 00001010 00000001 00000000 d Subnet 5 (up to 62 hosts) mask: 11111111 11111111 11111111 11000000 prefix: 10000000 00001010 00000001 01000000 d Subnet 6 (up to 62 hosts) mask: 11111111 11111111 11111111 11000000 prefix: 10000000 00001010 00000001 10000000 Internetworking With TCP/IP vol 1 -- Part 9 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 26 2005 NOTES Example VLSM Prefixes (continued) d Subnet 7 (up to 62 hosts) mask: 11111111 11111111 11111111 11000000 prefix: 10000000 00001010 00000001 11000000 Internetworking With TCP/IP vol 1 -- Part 9 27 2005 Address Ambiguity d Address of host 63 on subnet 1 is mask: 11111111 11111111 11111111 00000000 prefix: 10000000 00001010 00000001 00000000 host: 10000000 00001010 00000001 00111111 d Directed broadcast address on subnet 4 is mask: 11111111 11111111 11111111 11000000 prefix: 10000000 00001010 00000001 00000000 bcast: 10000000 00001010 00000001 00111111 d Same value! Internetworking With TCP/IP vol 1 -- Part 9 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 28 2005 NOTES More Address Ambiguity d Directed broadcast address on subnet 1 is mask: 11111111 11111111 11111111 00000000 prefix: 10000000 00001010 00000001 00000000 broadcast: 10000000 00001010 00000001 11111111 d Directed broadcast address on subnet 7 is mask: 11111111 11111111 11111111 11000000 prefix: 10000000 00001010 00000001 11000000 broadcast:10000000 00001010 00000001 11111111 d Same value! 29 Internetworking With TCP/IP vol 1 -- Part 9 2005 Example Of Illegal Subnet Assignment Net 1 (not a subnet address) R1 H R2 Net 2 (subnet of address N) Net 3 (subnet of address N) d Host cannot route among subnets d Rule: subnets must be contiguous! Internetworking With TCP/IP vol 1 -- Part 9 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 30 2005 NOTES Variety Of Routes d Forwarding must accommodate – Network-specific routes – Subnet-specific routes – Host-specific routes – Default route – Limited broadcast – Directed broadcast to network – Directed broadcast to specific subnet d Single algorithm with address masks can accommodate all the above Internetworking With TCP/IP vol 1 -- Part 9 31 2005 Use Of Address Masks d Each entry in routing table also has address mask d All-1s mask used for host-specific routes d Network mask used for network-specific routes d Subnet mask used for subnet-specific routes d All-0s mask used for default route Internetworking With TCP/IP vol 1 -- Part 9 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 32 2005 NOTES Unified Forwarding Algorithm Algorithm: Forward_IP_Datagram (datagram, routing_table) Extract destination IP address, ID, from datagram; If prefix of ID matches address of any directly connected network send datagram to destination over that network (This involves resolving ID to a physical address, encapsulating the datagram, and sending the frame.) else for each entry in routing table do Let N be the bitwise-and of ID and the subnet mask If N equals the network address field of the entry then forward the datagram to the specified next hop address endforloop If no matches were found, declare a forwarding error; Internetworking With TCP/IP vol 1 -- Part 9 33 2005 Special Case: Unnumbered Serial Network d Only two endpoints d Not necessary to assign (waste) network prefix d Trick: use remote IP address as next hop Internetworking With TCP/IP vol 1 -- Part 9 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 34 2005 NOTES Example Unnumbered Serial Network 128.10.0.0 128.211.0.0 R1 1 leased serial line R2 2 128.10.2.250 (a) 128.211.0.100 TO REACH HOSTS ON NETWORK ROUTE TO THIS ADDRESS USING THIS INTERFACE 128.10.0.0 DELIVER DIRECT 1 default 128.211.0.100 2 (b) Internetworking With TCP/IP vol 1 -- Part 9 35 2005 Classless Inter-Domain Routing (CIDR) d Problem – Continued exponential Internet growth – Subnetting insufficient – Limited IP addresses (esp. Class B) d Dire prediction made in 1993: We will exhaust the address space ‘‘in a few years’’. Note: address space is not near exhaustion Internetworking With TCP/IP vol 1 -- Part 9 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 36 2005 NOTES CIDR Addressing d Solution to problem – Temporary fix until next generation of IP – Backward compatible with classful addressing – Extend variable-length subnet technology to prefixes d CIDR was predicted to work ‘‘for a few years’’ – Extremely successful! – Will work for at least 25 years! Internetworking With TCP/IP vol 1 -- Part 9 37 2005 One Motivation For CIDR: Class C d Fewer than seventeen thousand Class B numbers (total) d More than two million Class C network numbers d No one wants Class C (too small) d CIDR allows – Merging 256 Class C numbers into a single prefix that is equivalent to Class B – Splitting a Class B along power of two boundaries Internetworking With TCP/IP vol 1 -- Part 9 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 38 2005 NOTES CIDR Notation d Addresses written NUMBER / m – NUMBER is IP prefix – m is ‘‘address mask’’ length d Example 214.5.48.0/20 – Prefix occupies 20 bits – Suffix occupies 12 bits d Mask values must be converted to dotted decimal when configuring a router (and binary internally) Internetworking With TCP/IP vol 1 -- Part 9 39 2005 Route Proliferation d If classful forwarding used, CIDR addresses result in more routes d Example: – Single CIDR prefix spans 256 Class C network numbers (supernetting) – Classful routing table requires 256 separate entries Internetworking With TCP/IP vol 1 -- Part 9 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 40 2005 NOTES Route Condensation d Solution: change forwarding as well as addressing d Store address mask with each route d Send pair of (address, mask) whenever exchanging routing information d Known as a CIDR block Internetworking With TCP/IP vol 1 -- Part 9 41 2005 Example Of A CIDR Block Dotted Decimal lowest highest 32-bit Binary Equivalent 128.211.168.0 128.211.175.255 10000000 11010011 10101000 00000000 10000000 11010011 10101111 11111111 Internetworking With TCP/IP vol 1 -- Part 9 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 42 2005 NOTES Dotted Decimal Equivalents CIDR Notation /1 /2 /3 /4 /5 /6 /7 /8 /9 /10 /11 /12 /13 /14 /15 /16 Dotted Decimal CIDR Notation Internetworking With TCP/IP vol 1 -- Part 9 Dotted Decimal /17 /18 /19 /20 /21 /22 /23 /24 /25 /26 /27 /28 /29 /30 /31 /32 128.0.0.0 192.0.0.0 224.0.0.0 240.0.0.0 248.0.0.0 252.0.0.0 254.0.0.0 255.0.0.0 255.128.0.0 255.192.0.0 255.224.0.0 255.240.0.0 255.248.0.0 255.252.0.0 255.254.0.0 255.255.0.0 255.255.128.0 255.255.192.0 255.255.224.0 255.255.240.0 255.255.248.0 255.255.252.0 255.255.254.0 255.255.255.0 255.255.255.128 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252 255.255.255.254 255.255.255.255 43 2005 Example Of /30 CIDR Block Dotted Decimal lowest highest 32-bit Binary Equivalent 128.211.176.212 128.211.176.215 10000000 11010011 10110000 11010100 10000000 11010011 10110000 11010111 d Useful when customer of ISP has very small network Internetworking With TCP/IP vol 1 -- Part 9 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 44 2005 NOTES Implementation Of CIDR Route Lookup d Each entry in routing table has address plus mask d Search is organized from most-specific to least-specific (i.e., entry with longest mask is tested first) d Known as longest-prefix lookup or longest-prefix search Internetworking With TCP/IP vol 1 -- Part 9 45 2005 Implementing Longest-Prefix Matching d Cannot easily use hashing d Data structure of choice is binary trie d Identifies unique prefix needed to match route Internetworking With TCP/IP vol 1 -- Part 9 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 46 2005 NOTES Example Of Unique Prefixes 32-Bit Address 00110101 01000110 01010110 01100001 10101010 10110000 10111011 00000000 00000000 00000000 00000000 11110000 00000010 00001010 Unique Prefix 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00 0100 0101 011 1010 10110 10111 47 Internetworking With TCP/IP vol 1 -- Part 9 2005 Example Binary Trie For The Seven Prefixes 0 1 1 0 0 0 0 1 1 1 1 0 0 1 d Path for 0101 is shown in red Internetworking With TCP/IP vol 1 -- Part 9 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 48 2005 NOTES Modifications And Extensions d Several variations of trie data structures exist – PATRICIA trees – Level-Compressed tries (LC-tries) d Motivation – Handle longest-prefix match – Skip levels that do not distinguish among routes 49 Internetworking With TCP/IP vol 1 -- Part 9 2005 Nonroutable Addresses d CIDR blocks reserved for use within a site d Must never appear on the Internet d ISPs do not maintain routes d Also called private addresses Prefix Lowest Address 10 / 8 172.16 / 12 192.168 / 16 169.254 / 16 Internetworking With TCP/IP vol 1 -- Part 9 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10.0.0.0 172.16.0.0 192.168.0.0 169.254.0.0 50 Highest Address 10.255.255.255 172.31.255.255 192.168.255.255 169.254.255.255 2005 NOTES Summary d Original IP addressing scheme was classful d Two extensions added – Subnet addressing – CIDR addressing d Subnetting used only within a site d CIDR used throughout the Internet d Both use 32-bit address mask – CIDR mask identifies division between network prefix and host suffix – Subnet mask identifies boundary between subnet and individual host Internetworking With TCP/IP vol 1 -- Part 9 51 2005 Summary (continued) d Single unified forwarding algorithm handles routes that are – Network-specific – Subnet-specific – Host-specific – Limited broadcast – Directed broadcast to network – Directed broadcast to subnet – Default d Longest-prefix match required – Typical implementation: binary trie Internetworking With TCP/IP vol 1 -- Part 9 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 52 2005 NOTES PART X PROTOCOL LAYERING Internetworking With TCP/IP vol 1 -- Part 10 1 2005 Motivation For Layering d Communication is difficult to understand d Many subproblems – Hardware failure – Network congestion – Packet delay or loss – Data corruption – Data duplication or inverted arrivals Internetworking With TCP/IP vol 1 -- Part 10 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES Solving The Problem d Divide the problem into pieces d Solve subproblems separately d Combine into integrated whole d Result is layered protocols Internetworking With TCP/IP vol 1 -- Part 10 3 2005 Protocol Layering d Separates protocol functionality d Each layer solves one part of the communication problem d Intended primarily for protocol designers d Set of layers is called a protocol stack Internetworking With TCP/IP vol 1 -- Part 10 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES Concept Of Layering Sender Receiver Layer n Layer n ... ... Layer 2 Layer 2 Layer 1 Layer 1 Network Internetworking With TCP/IP vol 1 -- Part 10 5 2005 More Realistic Layering Conceptual Layers High-Level Protocol Layer Software Organization Protocol 1 Internet Protocol Layer Network Interface Layer Copyright (c) 2005 by Douglas E. Comer. All rights reserved. Protocol 3 IP Module Interface 1 (a) Internetworking With TCP/IP vol 1 -- Part 10 Protocol 2 Interface 2 Interface 3 (b) 6 2005 NOTES Layering In An Internet Sender Receiver other... other... IP Layer IP Layer IP Layer IP Layer Interface Interface Interface Interface Net 1 Internetworking With TCP/IP vol 1 -- Part 10 Net 2 Net 3 7 2005 Examples Of Layering d Two models exist d ISO 7-layer reference model for Open System Interconnection (OSI) – Predates TCP/IP – Does not include an Internet layer – Prescriptive (designed before protocols) d Internet 5-layer reference model – Designed for TCP/IP – Descriptive (designed along with actual protocols) Internetworking With TCP/IP vol 1 -- Part 10 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES ISO 7-Layer Reference Model Layer Functionality 7 Application 6 Presentation 5 Session 4 Transport 3 Network 2 Data Link (Hardware Interface) 1 Physical Hardware Connection Internetworking With TCP/IP vol 1 -- Part 10 9 2005 TCP/IP 5-Layer Reference Model Conceptual Layer Objects Passed Between Layers Application Messages or Streams Transport Transport Protocol Packets Internet IP Datagrams Network Interface Network-Specific Frames . . ......................... ............ . . . . . . . . . . Hardware . . . . . . . . . . . ......................... ............ . d Only four layers above hardware Internetworking With TCP/IP vol 1 -- Part 10 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES TCP/IP Layer 1: Physical Hardware d Denes electrical signals used in communication (e.g., voltages on wires between two computers) d Uninteresting except to electrical engineers Internetworking With TCP/IP vol 1 -- Part 10 11 2005 TCP/IP Layer 2: Network Interface d Defines communication between computer and network hardware d Isolates details of hardware (MAC) addressing d Example protocol: ARP d Code is usually in the operating system Internetworking With TCP/IP vol 1 -- Part 10 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES TCP/IP Layer 3: Internet d Protocol is IP d Provides machine to machine communication d Defines best-effort, connectionless datagram delivery service for the Internet d Code is usually in the operating system Internetworking With TCP/IP vol 1 -- Part 10 13 2005 TCP/IP Layer 4: Transport d Provides end-to-end connection from application program to application program d Often handles reliability, flow control d Protocols are TCP and UDP d Code is usually in the operating system Internetworking With TCP/IP vol 1 -- Part 10 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES TCP/IP Layer 5: Application d Implemented by application programs d Many application-specific protocols in the Internet d Built on top of transport layer Internetworking With TCP/IP vol 1 -- Part 10 15 2005 Two Differences Between TCP/IP And Other Layered Protocols d TCP/IP uses end-to-end reliability instead of link-level reliability d TCP/IP places the locus of intelligence and decision making at the edge of the network instead of the core Internetworking With TCP/IP vol 1 -- Part 10 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES The Layering Principle Software implementing layer n at the destination receives exactly the message sent by software implementing layer n at the source. Internetworking With TCP/IP vol 1 -- Part 10 17 2005 Illustration Of Layering Principle Host A Host B Application Application identical message Transport Transport identical packet Internet Internet identical datagram Network Interface identical frame Network Interface Physical Net Internetworking With TCP/IP vol 1 -- Part 10 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES When A Datagram Traverses The Internet d All layers involved at – Original source – Ultimate destination d Only up through IP layer involved at – Intermediate routers Internetworking With TCP/IP vol 1 -- Part 10 19 2005 Illustration Of Layering In An Internet Host A Host B Application identical message Application Transport identical packet Transport Router R Internet Internet identical datagram Network Interface identical frame Network Interface Physical Net 1 Internetworking With TCP/IP vol 1 -- Part 10 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. Internet identical datagram identical frame Network Interface Physical Net 2 20 2005 NOTES A Key Definition d A protocol is classified as end-to-end if the layering principle applies from one end of the Internet to the other d Examples – IP is machine-to-machine because layering principle only applies across one hop – TCP is end-to-end because layering principle from original source to ultimate destination Internetworking With TCP/IP vol 1 -- Part 10 21 2005 Practical Aspect Of Layering d Multiple protocols at each layer d One protocol used at each layer for given datagram Internetworking With TCP/IP vol 1 -- Part 10 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 22 2005 NOTES Example Of Two Protocols At Network Interface Layer: SLIP And PPP d Both used to send IP across – Serial data circuit – Dialup connection d Each defines standards for – Framing (encapsulation) – Addressing d Incompatible Internetworking With TCP/IP vol 1 -- Part 10 23 2005 Notion Of Multiple Interfaces And Layering Conceptual Layer Transport Software Organization Protocol 1 Internet Network Interface Protocol 2 Protocol 3 IP Module Interface 1 Interface 2 Intranet Point-To-Point (Intranet) (a) Interface 3 (b) Internetworking With TCP/IP vol 1 -- Part 10 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 24 2005 NOTES Boundaries In The TCP/IP Layering Model d High-level protocol address boundary – Division between software that uses hardware addresses and software that uses IP addresses d Operating system boundary – Division between application program running outside the operating system and protocol software running inside the operating system Internetworking With TCP/IP vol 1 -- Part 10 25 2005 The Consequence Of An Address Boundary Application programs as well as all protocol software from the Internet layer upward use only IP addresses; the network interface layer handles physical addresses. Internetworking With TCP/IP vol 1 -- Part 10 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 26 2005 NOTES Illustration Of The Two Boundaries Conceptual Layer Application Transport Boundary Software outside the operating system Software inside the operating system Internet Only IP addresses used Physical addresses used Network Interface ........................................ . . . . . . . . . . . . Hardware . . . . . . . ........................................ . Internetworking With TCP/IP vol 1 -- Part 10 27 2005 Handling Multiple Protocols Per Layer d Sender places field in header to say which protocol used at each layer d Receiver uses field to determine which protocol at next layer receives the packet d Known as multiplexing and demultiplexing Internetworking With TCP/IP vol 1 -- Part 10 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 28 2005 Example Of Demultiplexing An Incoming Frame IP Module ARP Module RARP Module Demultiplexing Based On Frame Type Frame Arrives Internetworking With TCP/IP vol 1 -- Part 10 29 2005 Example Of Demultiplexing Performed By IP ICMP Module UDP Module TCP Module IP Module Datagram Arrives Internetworking With TCP/IP vol 1 -- Part 10 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 30 2005 NOTES Example Of Demultiplexing Performed By TCP Application 1 Application 2 ... Application n TCP Module Segment Arrives d TCP is part of operating system d Transfer to application program must cross operating system boundary Internetworking With TCP/IP vol 1 -- Part 10 31 2005 Discussion d What are the key advantages and disadvantages of multiplexing / demultiplexing? d Can you think of an alternative? Internetworking With TCP/IP vol 1 -- Part 10 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 32 2005 NOTES NOTES Summary d Layering – Intended for designers – Helps control complexity in protocol design d TCP/IP uses 5-layer reference model d Conceptually, a router only needs layers 2 and 3, and a host needs all layers d IP is machine-to-machine protocol d TCP is end-to-end protocol d Demultiplexing used to handle multiple protocols at each layer Internetworking With TCP/IP vol 1 -- Part 10 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 33 2005 NOTES PART XI USER DATAGRAM PROTOCOL (UDP) Internetworking With TCP/IP vol 1 -- Part 11 1 2005 Identifying The Ultimate Destination d IP address only specifies a computer d Need a way to specify an application program (process) on a computer d Unfortunately – Application programs can be created and destroyed rapidly – Each operating system uses its own identification Internetworking With TCP/IP vol 1 -- Part 11 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES Specifying An Application Program d TCP/IP introduces its own specification d Abstract destination point known as protocol port number (positive integer) d Each OS determines how to bind protocol port number to specific application program Internetworking With TCP/IP vol 1 -- Part 11 3 2005 User Datagram Protocol d Transport-layer protocol (Layer 4) d Connectionless service: provides application programs with ability to send and receive messages d Allows multiple, application programs on a single machine to communicate concurrently d Same best-effort semantics as IP – Message can be delayed, lost, or duplicated – Messages can arrive out of order d Application accepts full responsibility for errors Internetworking With TCP/IP vol 1 -- Part 11 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES The Added Benefit Of UDP The User Datagram Protocol (UDP) provides an unreliable connectionless delivery service using IP to transport messages between machines. It uses IP to carry messages, but adds the ability to distinguish among multiple destinations within a given host computer. Internetworking With TCP/IP vol 1 -- Part 11 5 2005 UDP Message Format 0 16 UDP SOURCE PORT 31 UDP DESTINATION PORT UDP MESSAGE LENGTH UDP CHECKSUM DATA ... d If UDP CHECKSUM field contains zeroes, receiver does not verify the checksum Internetworking With TCP/IP vol 1 -- Part 11 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES Port Numbers In A UDP Message d SOURCE PORT identifies application on original source computer d DESTINATION PORT identifies application on ultimate destination computer d Note: IP addresses of source and destination do not appear explicitly in header Internetworking With TCP/IP vol 1 -- Part 11 7 2005 UDP Pseudo-Header d Used when computing or verifying a checksum d Temporarily prepended to UDP message d Contains items from IP header d Guarantees that message arrived at correct destination d Note: pseudo header is not sent across Internet Internetworking With TCP/IP vol 1 -- Part 11 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES Contents Of UDP Pseudo-Header 0 8 16 31 SOURCE IP ADDRESS DESTINATION IP ADDRESS ZERO PROTO UDP LENGTH d SOURCE ADDRESS and DESTINATION ADDRESS specify IP address of sending and receiving computers d PROTO contains the Type from the IP datagram header 9 Internetworking With TCP/IP vol 1 -- Part 11 2005 Position Of UDP In Protocol Stack Conceptual Layering Application User Datagram (UDP) Internet (IP) Network Interface d UDP lies between applications and IP Internetworking With TCP/IP vol 1 -- Part 11 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES Encapsulation UDP HEADER UDP DATA AREA IP HEADER FRAME HEADER IP DATA AREA FRAME DATA AREA Internetworking With TCP/IP vol 1 -- Part 11 11 2005 Division Of Duties Between IP and UDP The IP layer is responsible for transferring data between a pair of hosts on an internet, while the UDP layer is responsible for differentiating among multiple sources or destinations within one host. d IP header only identifies computer d UDP header only identifies application programs Internetworking With TCP/IP vol 1 -- Part 11 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES Demultiplexing Based On UDP Protocol Port Number Port 1 Port 2 Port 3 UDP: Demultiplexing Based On Port UDP Datagram arrives IP Module Internetworking With TCP/IP vol 1 -- Part 11 13 2005 Assignment Of UDP Port Numbers d Small numbers reserved for specific services – Called well-known ports – Same interpretation throughout the Internet – Used by server software d Large numbers not reserved – Available to arbitrary application program – Used by client software d More later in the course Internetworking With TCP/IP vol 1 -- Part 11 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES Examples Of Assigned UDP Port Numbers Decimal 0 7 9 11 13 15 17 19 37 42 43 53 67 68 69 88 111 123 161 162 512 513 514 525 Keyword ECHO DISCARD USERS DAYTIME QUOTE CHARGEN TIME NAMESERVER NICNAME DOMAIN BOOTPS BOOTPC TFTP KERBEROS SUNRPC NTP - UNIX Keyword echo discard systat daytime netstat qotd chargen time name whois nameserver bootps bootpc tftp kerberos sunrpc ntp snmp snmp-trap biff who syslog timed Internetworking With TCP/IP vol 1 -- Part 11 Description Reserved Echo Discard Active Users Daytime Network Status Program Quote of the Day Character Generator Time Host Name Server Who Is Domain Name Server BOOTP or DHCP Server BOOTP or DHCP Client Trivial File Transfer Kerberos Security Service Sun Remote Procedure Call Network Time Protocol Simple Network Management Protocol SNMP traps UNIX comsat UNIX rwho Daemon System Log Time Daemon 15 2005 Summary d User Datagram Protocol (UDP) provides connectionless, best-effort message service d UDP message encapsulated in IP datagram for delivery d IP identifies destination computer; UDP identifies application on the destination computer d UDP uses abstraction known as protocol port numbers Internetworking With TCP/IP vol 1 -- Part 11 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES PART XII RELIABLE STREAM TRANSPORT SERVICE (TCP) Internetworking With TCP/IP vol 1 -- Part 12 1 2005 Transmission Control Protocol (TCP) d Major transport service in the TCP/IP suite d Used for most Internet applications (esp. World Wide Web) Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES TCP Characteristics d Stream orientation d Virtual circuit connection d Buffered transfer d Unstructured stream d Full duplex connection d Reliability Internetworking With TCP/IP vol 1 -- Part 12 3 2005 Providing Reliability d Traditional technique: Positive Acknowledgement with Retransmission (PAR) – Receiver sends acknowledgement when data arrives – Sender starts timer whenever transmitting – Sender retransmits if timer expires before acknowledgement arrives Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES Illustration Of Acknowledgements Events At Sender Site Network Messages Events At Receiver Site Send Packet 1 Receive Packet 1 Send ACK 1 Receive ACK 1 Send Packet 2 Receive Packet 2 Send ACK 2 Receive ACK 2 d Time moves from top to bottom in the diagram Internetworking With TCP/IP vol 1 -- Part 12 5 2005 Illustration Of Recovery After Packet Loss Events At Sender Site Send Packet 1 Start Timer Network Messages Events At Receiver Site Packet lost Packet should arrive ACK should be sent ACK would normally arrive at this time Timer Expires Retransmit Packet 1 Start Timer Receive Packet 1 Send ACK 1 Receive ACK 1 Cancel Timer Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES The Problem With Simplistic PAR A simple positive acknowledgement protocol wastes a substantial amount of network bandwidth because it must delay sending a new packet until it receives an acknowledgement for the previous packet. d Problem is especially severe if network has long latency Internetworking With TCP/IP vol 1 -- Part 12 7 2005 Solving The Problem d Allow multiple packets to be outstanding at any time d Still require acknowledgements and retransmission d Known as sliding window Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES Illustration Of Sliding Window initial window 1 2 3 4 5 6 7 8 9 10 ... 7 8 9 10 ... (a) window slides 1 2 3 4 5 6 (b) d Window size is fixed d As acknowledgement arrives, window moves forward Internetworking With TCP/IP vol 1 -- Part 12 9 2005 Why Sliding Window Works Because a well-tuned sliding window protocol keeps the network completely saturated with packets, it obtains substantially higher throughput than a simple positive acknowledgement protocol. Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES Illustration Of Sliding Window Events At Sender Site Network Messages Events At Receiver Site Send Packet 1 Send Packet 2 Receive Packet 1 Send ACK 1 Send Packet 3 Receive Packet 2 Send ACK 2 Receive ACK 1 Receive Packet 3 Send ACK 3 Receive ACK 2 Receive ACK 3 11 Internetworking With TCP/IP vol 1 -- Part 12 2005 Sliding Window Used By TCP d Measured in byte positions d Illustration current window 1 2 3 4 5 6 . . . . . . . . . . . . . . . . 7 8 9 10 11 ... d Bytes through 2 are acknowledged d Bytes 3 through 6 not yet acknowledged d Bytes 7 though 9 waiting to be sent d Bytes above 9 lie outside the window and cannot be sent Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES Layering Of The Three Major Protocols Conceptual Layering Application Reliable Stream (TCP) User Datagram (UDP) Internet (IP) Network Interface Internetworking With TCP/IP vol 1 -- Part 12 13 2005 TCP Ports, Connections, And Endpoints d Endpoint of communication is application program d TCP uses protocol port number to identify application d TCP connection between two endpoints identified by four items – Sender’s IP address – Sender’s protocol port number – Receiver’s IP address – Receiver’s protocol port number Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES An Important Idea About Port Numbers Because TCP identifies a connection by a pair of endpoints, a given TCP port number can be shared by multiple connections on the same machine. Internetworking With TCP/IP vol 1 -- Part 12 15 2005 Passive And Active Opens d Two sides of a connection d One side waits for contact – A server program – Uses TCP’s passive open d One side initiates contact – A client program – Uses TCP’s active open Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES TCP Segment Format 0 4 10 16 SOURCE PORT 24 31 DESTINATION PORT SEQUENCE NUMBER ACKNOWLEDGEMENT NUMBER HLEN RESERVED CODE BITS WINDOW CHECKSUM URGENT PTR OPTIONS (MAY BE OMITTED) PADDING BEGINNING OF PAYLOAD (DATA) ... d Offset specifies header size (offset of data) in 32-bit words 17 Internetworking With TCP/IP vol 1 -- Part 12 2005 Code Bits In The TCP Segment Header Bit (left to right) Meaning if bit set to 1 URG ACK PSH RST SYN FIN Urgent pointer field is valid Acknowledgement field is valid This segment requests a push Reset the connection Synchronize sequence numbers Sender has reached end of its byte stream Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES Flow Control And TCP Window d Receiver controls flow by telling sender size of currently available buffer measured in bytes d Called window advertisement d Each segment, including data segments, specifies size of window beyond acknowledged byte d Window size may be zero (receiver cannot accept additional data at present) d Receiver can send additional acknowledgement later when buffer space becomes available Internetworking With TCP/IP vol 1 -- Part 12 19 2005 TCP Checksum Computation d Covers entire segment (header plus data) d Required (unlike UDP) d Pseudo header included in computation as with UDP Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 20 2005 NOTES TCP Pseudo Header 0 8 16 31 SOURCE IP ADDRESS DESTINATION IP ADDRESS ZERO PROTOCOL Internetworking With TCP/IP vol 1 -- Part 12 TCP LENGTH 21 2005 TCP Retransmission d Designed for Internet environment – Delays on one connection vary over time – Delays vary widely between connections d Fixed value for timeout will fail – Waiting too long introduces unnecessary delay – Not waiting long enough wastes network bandwidth with unnecessary retransmission d Retransmission strategy must be adaptive Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 22 2005 NOTES Adaptive Retransmission d TCP keeps estimate of round-trip time (RTT) on each connection d Round-trip estimate derived from observed delay between sending segment and receiving acknowledgement d Timeout for retransmission based on current round-trip estimate Internetworking With TCP/IP vol 1 -- Part 12 23 2005 Difficulties With Adaptive Retransmission d The problem is knowing when to retransmit d Segments or ACKs can be lost or delayed, making roundtrip estimation difficult or inaccurate d Round-trip times vary over several orders of magnitude between different connections d Traffic is bursty, so round-trip times fluctuate wildly on a single connection Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 24 2005 NOTES Difficulties With Adaptive Retransmission (continued) d Load imposed by a single connection can congest routers or networks d Retransmission can cause congestion d Because an internet contains diverse network hardware technologies, there may be little or no control for intranetwork congestion Internetworking With TCP/IP vol 1 -- Part 12 25 2005 Solution: Smoothing d Adaptive retransmission schemes keep a statistically smoothed round-trip estimate d Smoothing keeps running average from fluctuating wildly, and keeps TCP from overreacting to change d Difficulty: choice of smoothing scheme Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 26 2005 NOTES Original Smoothing Scheme d Let RTT be current (old) average round-trip time d Let NRT be a new sample d Compute RTT = α * RTT + β * NRT where α+β=1 d Example: α = .8, β = .2 d Large α makes estimate less susceptible to a single long delay (more stable) d Large β makes estimate track changes in round-trip time quickly Internetworking With TCP/IP vol 1 -- Part 12 27 2005 Problems With Original Scheme d Associating ACKs with transmissions – TCP acknowledges receipt of data, not receipt of transmission – Assuming ACK corresponds to most recent transmission can cause instability in round-trip estimate (Cypress syndrome) – Assuming ACK corresponds to first transmission can cause unnecessarily long timeout – Both assumptions lead to lower throughput Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 28 2005 NOTES Partridge / Karn Scheme† d Solves the problem of associating ACKs with correct transmission d Specifies ignoring round-trip time samples that correspond to retransmissions d Separates timeout from round-trip estimate for retransmitted packets †Also called Karn’s Algorithm Internetworking With TCP/IP vol 1 -- Part 12 29 2005 Partridge / Karn Scheme (continued) d Starts (as usual) with retransmission timer as a function of round-trip estimate d Doubles retransmission timer value for each retransmission without changing round-trip estimate d Resets retransmission timer to be function of round-trip estimate when ACK arrives for nonretransmitted segment Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 30 2005 NOTES Flow Control And Congestion d Receiver advertises window that specifies how many additional bytes it can accept d Window size of zero means sender must not send normal data (ACKs and urgent data allowed) d Receiver can never decrease window beyond previously advertised point in sequence space d Sender chooses effective window smaller than receiver’s advertised window if congestion detected Internetworking With TCP/IP vol 1 -- Part 12 31 2005 Jacobson / Karels Congestion Control d Assumes long delays (packet loss) due to congestion d Uses successive retransmissions as measure of congestion d Reduces effective window as retransmissions increase d Effective window is minimum of receiver’s advertisement and computed quantity known as the congestion window Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 32 2005 NOTES Multiplicative Decrease d In steady state (no congestion), the congestion window is equal to the receiver’s window d When segment lost (retransmission timer expires), reduce congestion window by half d Never reduce congestion window to less than one maximum sized segment Internetworking With TCP/IP vol 1 -- Part 12 33 2005 Jacobson / Karels Slow Start d Used when starting traffic or when recovering from congestion d Self-clocking startup to increase transmission rate rapidly as long as no packets are lost d When starting traffic, initialize the congestion window to the size of a single maximum sized segment d Increase congestion window by size of one segment each time an ACK arrives without retransmission Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 34 2005 NOTES Jacobson / Karels Congestion Avoidance d When congestion first occurs, record one-half of last successful congestion window (flightsize) in a threshold variable d During recovery, use slow start until congestion window reaches threshold d Above threshold, slow down and increase congestion window by one segment per window (even if more than one segment was successfully transmitted in that interval) Internetworking With TCP/IP vol 1 -- Part 12 35 2005 Jacobson / Karels Congestion Avoidance (continued) d Increment window size on each ACK instead of waiting for complete window increase = segment / window Let N be segments per window, or N = congestion_window / max segment size so increase = segment / N = (MSS bytes / N) = MSS / (congestion_window/MSS) or increase = (MSS*MSS)/congestion_window Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 36 2005 NOTES Changes In Delay d Original smoothing scheme tracks the mean but not changes d To track changes, compute DIFF = SAMPLE - RTT RTT = RTT + δ * DIFF DEV = DEV + δ (| DIFF | - DEV) d DEV estimates mean deviation d δ is fraction between 0 and 1 that weights new sample d Retransmission timer is weighted average of RTT and DEV: RTO = µ * RTT + φ * DEV d Typically, µ = 1 and φ = 4 37 Internetworking With TCP/IP vol 1 -- Part 12 2005 Computing Estimated Deviation d Extremely efficient (optimized) implementation possible – Scale computation by 2n – Use integer arithmetic – Choose δ to be 1/2 – Implement multiplication or division by powers of 2 with shifts – Research shows n = 3 works well Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. n 38 2005 NOTES TCP Round-Trip Estimation 100 80 60 40 .. .... . .. . ... .. . . . ... . . . .. .. ... ... ... .. . ... . . .. .. .. ... . .. .. . . . .. . ... . .. .... .. ... . ... .. .. ... . . ... ... .... ........ . .. . .. .... ... ... .. .. .. .. ... ... . ..... .. .. . .. . .. .. .. ....... . ..... .. . . . . .. . ..... .. ... ....... 20 20 40 80 60 100 120 140 160 180 200 Datagram Number 39 Internetworking With TCP/IP vol 1 -- Part 12 2005 Measurement Of Internet Delays For 100 Successive Packets At 1 Second Intervals 12 s 10 s 8s 6s Time 4s 2s . x ... . .. x ... . .x x. .. . . . . . . . . . . . . . . . . . . . . . . . . . .x. xx.x . . .. x . . . . .. . . . x .. . . . . .x . .. . .. . . x . .. . . . . x.x.. . xx . .. . . . . . .. .. x x xx.. . xx ...... . . x. . . xx .. . .. . .x .. . .. .x . . . .. .. .. x .. .. x . . . . .. . .. . .. .. . . . x.. ... x . . . . x ... ... .. . . .. . .. . . .. .. . xx ... .. .. .x . . .. .. . . . .x .. x. ... . . . .. .x . .. . .x . . .. x.. ... xx.xx.. .. ... .. .. .. . .. x x . x. .x .. .. . .. .. . .x x .. .x . .. . . ..x x x. . .. xx . .. . x x ... x 1 10 20 30 40 50 .x x. .. .. .. x . . . . . . . . . . . . . . . . . . x.. . x . .. . . .. . x .. . . x ... . . . . . .. x . .. . . .. . .. . . . .. . . .. . . . .x. x.x ... .. ... . .. . .. . .. . .. . .. . . .. . .. . . x.. . . . x. . .. . . . . .. . x. . . xx x. . . . .. .. . .. . . . . x . . . .x . . . .. . . . . .. . . . .. . .. x . . .. x x ... .. . . . . .. . . . . . . x . . x . x .. . . . . .. .. . x. . . x. . . . .. x . .. x .x . .. . x.. . x .. .. . .. .. .x ... . . .. x . .. x .x . . ... . x x .. .... . .x . x. xx 60 70 80 90 100 Datagram Number Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 40 2005 NOTES TCP Round-Trip Estimation For Sampled Internet Delays 12 s 10 s . x ... . .. x .. .. . x. .. .x 8s 6s Time 4s 2s . .x. xx.x .. . . . . . . . . . . . . . . . . . . . . . x . . . . . . .. x. .. x .. .. . xx . . x .. . x .. . . .. . x. . . x.x.. xx . . . x x xx.. . . . x. . .. . .x .x . .. .x . . x .. .. . . . .. . . .. .. . . . x ... ... . . .. . . .. x.. ..x .. .. . .. ..x . x . .. .. .. .. .. .x . x. .. .. . .. . .. . x. .x . x . x.. . .. .x . .. . x . . .. . .x x.. ... xx.xx.. .. x x .. .. . .. .. . . ..x .. .. . ..x x x 1 10 20 30 . . . . . . . . . . . . . . . . . . . . . . . . . . . . x. .. . . x . .. .. ... x .. . .. .. .x . . . . . . . . . .x .x x. .. .. .. x . . . . . . . . . . . . . . . . . . x.. . x . .. . . .. . x .. . . x ... . . . .. . .. x . .. . . .. . . .. . . . . . .. . . . .x. x.x ... .. ... . .. . .. . .. . .. . .. . .. . .. . . .x . . . . x... . . . . .x .. . x . ... . x . x. . . .. . .. . . . . . .x . . .x . . . .. . . . . .. . . . .. . .. x . . .. x x ... .. . . . . .. . . . . . . x . . x . x .. . . . . x. ... . x.... .. . . . ... .. . . xx .. x .x .x .. x. .. . .x . ... .. . . .. . x.x .. . . . . .. x ..x .. ... .x . x. xx 40 50 60 Datagram Number 70 80 90 100 41 Internetworking With TCP/IP vol 1 -- Part 12 2005 TCP Details d Data flow may be shut down in one direction d Connections started reliably, and terminated gracefully d Connection established (and terminated) with a 3-way handshake Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 42 2005 NOTES 3-Way Handshake For Connection Startup Events At Site 1 Network Messages Events At Site 2 Send SYN seq=x Receive SYN segment Send SYN seq=y, ACK x+1 Receive SYN + ACK segment Send ACK y+1 Receive ACK segment Internetworking With TCP/IP vol 1 -- Part 12 43 2005 3-Way Handshake For Connection Shutdown Events At Site 1 Network Messages Events At Site 2 (application closes connection) Send FIN seq=x Receive FIN segment Send ACK x+1 (inform application) Receive ACK segment (application closes connection) Send FIN seq=y, ACK x+1 Receive FIN + ACK segment Send ACK y+1 Receive ACK segment Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 44 2005 NOTES TCP Finite State Machine anything / reset begin CLOSED passive open close active open / syn LISTEN syn / syn + ack send / syn reset SYN RECVD ack fin / ack close / fin FIN WAIT-1 ack / FIN WAIT-2 fin / ack fin-ack / ack fin / ack Internetworking With TCP/IP vol 1 -- Part 12 close / timeout / reset syn + ack / ack ESTABLISHED close / fin SYN SENT syn / syn + ack CLOSE WAIT close / fin LAST ACK CLOSING ack / ack / timeout after 2 segment. lifetimes . . . . . TIME WAIT 45 2005 TCP Urgent Data d Segment with urgent bit set contains pointer to last octet of urgent data d Urgent data occupies part of normal sequence space d Urgent data can be retransmitted d Receiving TCP should deliver urgent data to application ‘‘immediately’’ upon receipt Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 46 2005 NOTES TCP Urgent Data (continued) d Two interpretations of standard – Out-of-band data interpretation – Data mark interpretation Internetworking With TCP/IP vol 1 -- Part 12 47 2005 Data-Mark Interpretation Of Urgent Data d Has become widely accepted d Single data stream d Urgent pointer marks end of urgent data d TCP informs application that urgent data arrived d Application receives all data in sequence d TCP informs application when end of urgent data reached Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 48 2005 NOTES Data-Mark Interpretation Of Urgent Data (continued) d Application – Reads all data from one stream – Must recognize start of urgent data – Must buffer normal data if needed later d Urgent data marks read boundary 49 Internetworking With TCP/IP vol 1 -- Part 12 2005 Urgent Data Delivery d Receiving application placed in urgent mode d Receiving application leaves urgent mode after reading urgent data d Receiving application acquires all available urgent data when in urgent mode Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 50 2005 NOTES Fast Retransmit d Coarse-grained clock used to implement RTO – Typically 300 to 500ms per tick d Timer expires up to 1s after segment dropped d Fast retransmission – Sender uses three duplicate ACKs as trigger – Sender retransmits ‘‘early’’ – Sender reduces congestion window to half Internetworking With TCP/IP vol 1 -- Part 12 51 2005 Other TCP Details d Silly Window Syndrome (SWS) avoidance d Nagle algorithm d Delayed ACKs d For details, read the text Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 52 2005 NOTES Comparison Of UDP And TCP Reliable Stream (TCP) User Datagram (UDP) Internet (IP) Network Interface d TCP and UDP lie between applications and IP d Otherwise, completely different Internetworking With TCP/IP vol 1 -- Part 12 53 2005 Comparison Of UDP and TCP UDP TCP between apps. and IP packets called datagrams between apps. and IP packets called segments unreliable checksum optional connectionless record boundaries intended for LAN no flow control 1-to-1, 1-many, many-1 allows unicast, multicast or broadcast reliable checksum required connection-oriented stream interface useful over WAN or LAN flow control 1-to-1 unicast only Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 54 2005 NOTES Summary Of TCP d Major transport service in the Internet d Connection oriented d Provides end-to-end reliability d Uses adaptive retransmission d Includes facilities for flow control and congestion avoidance d Uses 3-way handshake for connection startup and shutdown Internetworking With TCP/IP vol 1 -- Part 12 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 55 2005 NOTES PART XIII ROUTING: CORES, PEERS, AND ALGORITHMS Internetworking With TCP/IP vol 1 -- Part 13 1 2005 Internet Routing (review) d IP implements datagram forwarding d Both hosts and routers – Have an IP module – Forward datagrams d IP forwarding is table-driven d Table known as routing table Internetworking With TCP/IP vol 1 -- Part 13 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES How / When Are IP Routing Tables Built? d Depends on size / complexity of internet d Static routing – Fixes routes at boot time – Useful only for simplest cases d Dynamic routing – Table initialized at boot time – Values inserted / updated by protocols that propagate route information – Necessary in large internets Internetworking With TCP/IP vol 1 -- Part 13 3 2005 Routing Tables d Two sources of information – Initialization (e.g., from disk) – Update (e.g., from protocols) d Hosts tend to freeze the routing table after initialization d Routers use protocols to learn new information and update their routing table dynamically Internetworking With TCP/IP vol 1 -- Part 13 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES Routing With Partial Information A host can forward datagrams successfully even if it only has partial routing information because it can rely on a router. Internetworking With TCP/IP vol 1 -- Part 13 5 2005 Routing With Partial Information (continued) The routing table in a given router contains partial information about possible destinations. Routing that uses partial information allows sites autonomy in making local routing changes, but introduces the possibility of inconsistencies that may make some destinations unreachable from some sources. Internetworking With TCP/IP vol 1 -- Part 13 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES Original Internet ARPANET BACKBONE ... R1 R2 Local Net 1 Local Net 2 Core Routers Rn Local Net n d Backbone network plus routers each connecting a local network Internetworking With TCP/IP vol 1 -- Part 13 7 2005 Worst Case If All Routers Contain A Default Route BACKBONE ... R1 R2 ... Local Net 1 Local Net 2 Rn Local Net n d Datagram sent to nonexistent destination loops until TTL expires Internetworking With TCP/IP vol 1 -- Part 13 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES Original Routing Architecture d Small set of ‘‘core’’ routers with complete information about all destinations d Other routers know local destinations and use the core as central router Internetworking With TCP/IP vol 1 -- Part 13 9 2005 Illustration Of Default Routes In The Original Internet Core L1 Ln L2 . . . CORE SYSTEM L7 L6 L3 L4 L5 Internetworking With TCP/IP vol 1 -- Part 13 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES Disadvantage Of Original Core d Central bottleneck for all traffic d No shortcut routes possible d Does not scale Internetworking With TCP/IP vol 1 -- Part 13 11 2005 Beyond A Core Architecture d Single core insufficient in world where multiple ISPs each have a wide-area backbone d Two backbones first appeared when NSF and ARPA funded separate backbone networks d Known as peer backbones Internetworking With TCP/IP vol 1 -- Part 13 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES Illustration Of Peer Backbones HOST 1 ARPANET BACKBONE R1 R2 HOST 3 HOST 2 R3 NSFNET BACKBONE HOST 4 13 Internetworking With TCP/IP vol 1 -- Part 13 2005 Partial Core d Cannot have ‘‘partial core’’ scheme d Proof: default routes from sites behind core 1 default route to sites beyond core 1 PARTIAL CORE #1 PARTIAL CORE #2 default routes from sites behind core 2 default route to sites beyond core 2 d Datagram destined for nonexistent destination loops until TTL expires Internetworking With TCP/IP vol 1 -- Part 13 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES When A Core Routing Architecture Works A core routing architecture assumes a centralized set of routers serves as the repository of information about all possible destinations in an internet. Core systems work best for internets that have a single, centrally managed backbone. Expanding the topology to multiple backbones makes routing complex; attempting to partition the core architecture so that all routers use default routes introduces potential routing loops. 15 Internetworking With TCP/IP vol 1 -- Part 13 2005 General Idea d Have a set of core routers know routes to all locations d Devise a mechanism that allows other routers to contact the core to learn routes (spread necessary routing information automatically) d Continually update routing information Internetworking With TCP/IP vol 1 -- Part 13 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES Automatic Route Propagation d Two basic algorithms used by routing update protocols – Distance-vector – Link-state d Many variations in implementation details Internetworking With TCP/IP vol 1 -- Part 13 17 2005 Distance-Vector Algorithm d Initialize routing table with one entry for each directlyconnected network d Periodically run a distance-vector update to exchange information with routers that are reachable over directlyconnected networks Internetworking With TCP/IP vol 1 -- Part 13 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES Dynamic Update With Distance-Vector d One router sends list of its routes to another d List contains pairs of destination network and distance d Receiver replaces entries in its table by routes to the sender if routing through the sender is less expensive than the current route d Receiver propagates new routes next time it sends out an update d Algorithm has well-known shortcomings (we will see an example later) 19 Internetworking With TCP/IP vol 1 -- Part 13 2005 Example Of Distance-Vector Update Destination Net 1 Net 2 Net 4 Net 17 Net 24 Net 30 Net 42 Distance 0 0 8 5 6 2 2 Route direct direct Router L Router M Router J Router Q Router J (a) Destination Net 1 Net 4 Net 17 Net 21 Net 24 Net 30 Net 42 Distance 2 3 6 4 5 10 3 (b) d (a) is existing routing table d (b) incoming update (marked items cause change) Internetworking With TCP/IP vol 1 -- Part 13 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 20 2005 NOTES Link-State Algorithm d Alternative to distance-vector d Distributed computation – Broadcast information – Allow each router to compute shortest paths d Avoids problem where one router can damage the entire internet by passing incorrect information d Also called Shortest Path First (SPF) Internetworking With TCP/IP vol 1 -- Part 13 21 2005 Link-State Update d Participating routers learn internet topology d Think of routers as nodes in a graph, and networks connecting them as edges or links d Pairs of directly-connected routers periodically – Test link between them – Propagate (broadcast) status of link d All routers – Receive link status messages – Recompute routes from their local copy of information Internetworking With TCP/IP vol 1 -- Part 13 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 22 2005 NOTES Summary d Routing tables can be – Initialized at startup (host or router) – Updated dynamically (router) d Original Internet used core routing architecture d Current Internet accommodates peer backbones d Two important routing algorithms – Distance-vector – Link state Internetworking With TCP/IP vol 1 -- Part 13 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 23 2005 NOTES PART XIV ROUTING: EXTERIOR GATEWAY PROTOCOLS AND AUTONOMOUS SYSTEMS (BGP) Internetworking With TCP/IP vol 1 -- Part 14 1 2005 General Principle Although it is desirable for routers to exchange routing information, it is impractical for all routers in an arbitrarily large internet to participate in a single routing update protocol. d Consequence: routers must be divided into groups Internetworking With TCP/IP vol 1 -- Part 14 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES A Practical Limit On Group Size It is safe to allow up to a dozen routers to participate in a single routing information protocol across a wide area network; approximately five times as many can safely participate across a set of local area networks. Internetworking With TCP/IP vol 1 -- Part 14 3 2005 Router Outside A Group d Does not participate directly in group’s routing information propagation algorithm d Will not choose optimal routes if it uses a member of the group for general delivery Internetworking With TCP/IP vol 1 -- Part 14 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES The Extra Hop Problem Local Net 1 R1 participating router BACKBONE R2 R3 participating router Local Net 2 non-participating router d Non-participating router picks one participating router to use (e.g., R2) d Non-participating router routes all packets to R2 across backbone d Router R2 routes some packets back across backbone to R1 Internetworking With TCP/IP vol 1 -- Part 14 5 2005 Statement Of The Problem Treating a group of routers that participate protocol as a default delivery system can hop for datagram traffic; a mechanism is nonparticipating routers to learn routes routers so they can choose optimal routes. Internetworking With TCP/IP vol 1 -- Part 14 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 in a routing update introduce an extra needed that allows from participating 2005 NOTES Solving The Extra Hop Problem d Not all routers can participate in a single routing exchange protocol (does not scale) d Even nonparticipating routers should make routing decisions d Need mechanism that allows nonparticipating routers to obtain correct routing information automatically (without the overhead of participating fully in a routing exchange protocol) Internetworking With TCP/IP vol 1 -- Part 14 7 2005 Hidden Networks d Each site has complex topology d Nonparticipating router (from another site) cannot attach to all networks Internetworking With TCP/IP vol 1 -- Part 14 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES Illustration Of Hidden Networks INTERNET BACKBONE Participating Router R1 Local Net 1 R2 Local Net 2 R3 Local Net 3 R4 Local Net 4 d Propagation of route information is independent of datagram routing d Group must learn routes from nonparticipating routers d Example: owner of networks 1 and 3 must tell group that there is a route to network 4 Internetworking With TCP/IP vol 1 -- Part 14 9 2005 A Requirement For Reverse Information Flow Because an individual organization can have an arbitrarily complex set of networks interconnected by routers, no router from another organization can attach directly to all networks. A mechanism is needed that allows nonparticipating routers to inform the other group about hidden networks. Internetworking With TCP/IP vol 1 -- Part 14 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES Autonomous System Concept (AS) d Group of networks under one administrative authority d Free to choose internal routing update mechanism d Connects to one or more other autonomous systems Internetworking With TCP/IP vol 1 -- Part 14 11 2005 Modern Internet Architecture A large TCP/IP internet has additional structure to accommodate administrative boundaries: each collection of networks and routers managed by one administrative authority is considered to be a single autonomous system that is free to choose an internal routing architecture and protocols. Internetworking With TCP/IP vol 1 -- Part 14 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES EGPs: Exterior Gateway Protocols d Originally a single protocol for communicating routes between two autonomous systems d Now refers to any exterior routing protocol d Solves two problems – Allows router outside a group to advertise networks hidden in another autonomous system – Allows router outside a group to learn destinations in the group Internetworking With TCP/IP vol 1 -- Part 14 13 2005 Border Gateway Protocol d The most popular (virtually the only) EGP in use in the Internet d Current version is BGP-4 d Allows two autonomous systems to communicate routing information d Supports CIDR (mask accompanies each route) d Each AS designates a border router to speak on its behalf d Two border routers become BGP peers Internetworking With TCP/IP vol 1 -- Part 14 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES Illustration Of An EGP (Typically BGP) Common an EGP used Network R1 Internetworking With TCP/IP vol 1 -- Part 14 R2 15 2005 Key Characteristics Of BGP d Provides inter-autonomous system communication d Propagates reachability information d Follows next-hop paradigm d Provides support for policies d Sends path information d Permits incremental updates d Allows route aggregation d Allows authentication Internetworking With TCP/IP vol 1 -- Part 14 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES Additional BGP Facts d Uses reliable transport (i.e., TCP) – Unusual: most routing update protocols use connectionless transport (e.g., UDP) d Sends keepalive messages so other end knows connection is valid (even if no new routing information is needed) Internetworking With TCP/IP vol 1 -- Part 14 17 2005 Four BGP Message Types Type Code Message Type Description 1 2 3 4 OPEN UPDATE NOTIFICATION KEEPALIVE Initialize communication Advertise or withdraw routes Response to an incorrect message Actively test peer connectivity Internetworking With TCP/IP vol 1 -- Part 14 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES BGP Message Header 0 16 24 31 MARKER LENGTH TYPE d Each BGP message starts with this header 19 Internetworking With TCP/IP vol 1 -- Part 14 2005 BGP Open Message 0 8 16 31 VERSION AUTONOMOUS SYSTEMS NUM HOLD TIME BGP IDENTIFIER PARM. LEN Optional Parameters (variable) d Used to start a connection d HOLD TIME specifies max time that can elapse between BGP messages Internetworking With TCP/IP vol 1 -- Part 14 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 20 2005 NOTES BGP Update Message 0 16 31 WITHDRAWN LEN Withdrawn Destinations (variable) PATH LEN Path Attributes (variable) Destination Networks (variable) d Sender can advertise new routes or withdraw old routes Internetworking With TCP/IP vol 1 -- Part 14 21 2005 Compressed Address Entries d Each route entry consists of address and mask d Entry can be compressed to eliminate zero bytes Internetworking With TCP/IP vol 1 -- Part 14 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 22 2005 NOTES Format Of BGP Address Entry That Permits Compression 0 8 31 LEN IP Address (1-4 octets) d LEN field specifies size of address that follows Internetworking With TCP/IP vol 1 -- Part 14 23 2005 Third-Party Routing Information d Many routing protocols extract information from the local routing table d BGP must send information ‘‘from the receiver’s perspective’’ Internetworking With TCP/IP vol 1 -- Part 14 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 24 2005 NOTES Example Of Architecture In Which BGP Must Consider Receiver’s Perspective To peer in other Autonomous System Net 5 R1 R2 R3 Net 1 Runs BGP Net 2 Net 3 R4 Net 4 Internetworking With TCP/IP vol 1 -- Part 14 25 2005 Metric Interpretation d Each AS can use its own routing protocol d Metrics differ – Hop count – Delay – Policy-based values d EGP communicates between two separate autonomous systems Internetworking With TCP/IP vol 1 -- Part 14 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 26 2005 NOTES Key Restriction On An EGP An exterior gateway protocol does not communicate or interpret distance metrics, even if metrics are available. d Interpretation: ‘‘my autonomous system provides a path to this network’’ Internetworking With TCP/IP vol 1 -- Part 14 27 2005 The Point About EGPs Because an Exterior Gateway Protocol like BGP only propagates reachability information, a receiver can implement policy constraints, but cannot choose a least cost route. A sender must only advertise paths that traffic should follow. Internetworking With TCP/IP vol 1 -- Part 14 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 28 2005 NOTES Summary d Internet is too large for all routers to participate in one routing update protocol d Group of networks and routers under one administrative authority is called Autonomous System (AS) d Each AS chooses its own interior routing update protocol d Exterior Gateway Protocol (EGP) is used to communicate routing information between two autonomous systems d Current exterior protocol is Border Gateway Protocol version 4, BGP-4 d An EGP provides reachability information, but does not associate metrics with each route Internetworking With TCP/IP vol 1 -- Part 14 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 29 2005 NOTES PART XV ROUTING: INSIDE AN AUTONOMOUS SYSTEM (RIP, OSPF, HELLO) Internetworking With TCP/IP vol 1 -- Part 15 1 2005 Static Vs. Dynamic Interior Routes d Static routes – Initialized at startup – Never change – Typical for host – Sometimes used for router d Dynamic router – Initialized at startup – Updated by route propagation protocols – Typical for router – Sometimes used in host Internetworking With TCP/IP vol 1 -- Part 15 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES Illustration Of Topology In Which Static Routing Is Optimal Net 1 R1 Net 2 R2 Net 3 R3 R4 Net 4 Net 5 d Only one route exists for each destination 3 Internetworking With TCP/IP vol 1 -- Part 15 2005 Illustration Of Topology In Which Dynamic Routing Is Needed Net 1 R1 Net 2 R2 R5 Net 3 R3 R4 Net 4 Net 5 d Additional router introduces multiple paths Internetworking With TCP/IP vol 1 -- Part 15 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES Exchanging Routing Information Within An Autonomous System d Mechanisms called interior gateway protocols, IGPs d Choice of IGP is made by autonomous system d Note: if AS connects to rest of the world, a router in the AS must use an EGP to advertise network reachability to other autonomous systems. 5 Internetworking With TCP/IP vol 1 -- Part 15 2005 Example Of Two Autonomous Systems And the Routing Protocols Used IGP1 IGP2 BGP used R2 R1 IGP1 Internetworking With TCP/IP vol 1 -- Part 15 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. IGP2 6 2005 NOTES Example IGPs d RIP d HELLO d OSPF Internetworking With TCP/IP vol 1 -- Part 15 7 2005 Routing Information Protocol (RIP) d Implemented by UNIX program routed d Uses hop count metric d Distance-vector protocol d Relies on broadcast d Assumes low-delay local area network d Uses split horizon and poison reverse techniques to solve inconsistencies d Current standard is RIP2 Internetworking With TCP/IP vol 1 -- Part 15 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES Two Forms Of RIP d Active – Form used by routers – Broadcasts routing updates periodically – Uses incoming messages to update routes d Passive – Form used by hosts – Uses incoming messages to update routes – Does not send updates 9 Internetworking With TCP/IP vol 1 -- Part 15 2005 Illustration Of Hosts Using Passive RIP To Some Parts Of Internet To Some Parts Of Internet R1 128.10.0.200 R2 128.10.0.209 128.10.0.0 ... d Host routing table initialized to: Destination 128.10.0.0 default Route direct 128.10.0.200 d Host listens for RIP broadcast and uses data to update table d Eliminates ICMP redirects Internetworking With TCP/IP vol 1 -- Part 15 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES RIP Operation d Each router sends update every 30 seconds d Update contains pairs of (destination address, distance) d Distance of 16 is infinity (i.e., no route) 11 Internetworking With TCP/IP vol 1 -- Part 15 2005 Slow Convergence Problem (Count To Infinity) Network N R1 R2 R3 Routers with routes to network N Network N R1 R2 R3 R1 erroneously routes to R2 after failure Internetworking With TCP/IP vol 1 -- Part 15 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES RIP1 Update Format 0 8 COMMAND 16 31 VERSION (1) RESERVED FAMILY OF NET 1 NET 1 ADDR., OCTETS 1 - 2 NET 1 ADDRESS, OCTETS 3 - 6 NET 1 ADDRESS, OCTETS 7 - 10 NET 1 ADDRESS, OCTETS 11 - 14 DISTANCE TO NETWORK 1 FAMILY OF NET 2 NET 2 ADDR., OCTETS 1 - 2 NET 2 ADDRESS, OCTETS 3 - 6 NET 2 ADDRESS, OCTETS 7 - 10 NET 2 ADDRESS, OCTETS 11 - 14 DISTANCE TO NETWORK 2 ... d Uses FAMILY field to support multiple protocols d IP address sent in octets 3 - 6 of address field d Message travels in UDP datagram Internetworking With TCP/IP vol 1 -- Part 15 13 2005 Changes To RIP In Version 2 d Update includes subnet mask d Authentication supported d Explicit next-hop information d Messages can be multicast (optional) – IP multicast address is 224.0.0.9 Internetworking With TCP/IP vol 1 -- Part 15 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES RIP2 Update Format 0 8 COMMAND 16 31 VERSION (1) UNUSED FAMILY OF NET 1 ROUTE TAG FOR NET 1 NET 1 IP ADDRESS NET 1 SUBNET MASK NET 1 NEXT HOP ADDRESS DISTANCE TO NETWORK 1 FAMILY OF NET 2 ROUTE TAG FOR NET 2 NET 2 IP ADDRESS NET 2 SUBNET MASK NET 2 NEXT HOP ADDRESS DISTANCE TO NETWORK 2 ... d Packet format is backward compatible d Infinity still limited to 16 d RIP2 can be broadcast Internetworking With TCP/IP vol 1 -- Part 15 15 2005 Measures Of Distance That Have Been Used d Hops – Zero-origin – One-origin (e.g., RIP) d Delay d Throughput d Jitter Internetworking With TCP/IP vol 1 -- Part 15 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES HELLO: A Protocol That Used Delay d Developed by Dave Mills d Measured delay in milliseconds d Used by NSFNET fuzzballs d Now historic Internetworking With TCP/IP vol 1 -- Part 15 17 2005 How HELLO Worked d Participants kept track of delay between pairs of routers d HELLO propagated delay information across net d Route chosen to minimize total delay Internetworking With TCP/IP vol 1 -- Part 15 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES Route Oscillation d Effective delay depends on traffic (delay increases as traffic increases) d Using delay as metric means routing traffic where delay is low d Increased traffic raises delay, which means route changes d Routes tend to oscillate Internetworking With TCP/IP vol 1 -- Part 15 19 2005 Why HELLO Worked d HELLO used only on NSFNET backbone d All paths had equal throughput d Route changes damped to avoid oscillation Internetworking With TCP/IP vol 1 -- Part 15 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 20 2005 NOTES Open Shortest Path First (OSPF) d Developed by IETF in response to vendors’ proprietary protocols d Uses SPF (link-state) algorithm d More powerful than most predecessors d Permits hierarchical topology d More complex to install and manage Internetworking With TCP/IP vol 1 -- Part 15 21 2005 OSPF Features d Type of service routing d Load balancing across multiple paths d Networks partitioned into subsets called areas d Message authentication d Network-specific, subnet-specific, host-specific, and CIDR routes d Designated router optimization for shared networks d Virtual network topology abstracts away details d Can import external routing information Internetworking With TCP/IP vol 1 -- Part 15 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 22 2005 NOTES OSPF Message Header 0 8 VERSION (1) 16 24 TYPE 31 MESSAGE LENGTH SOURCE ROUTER IP ADDRESS AREA ID CHECKSUM AUTHENTICATION TYPE AUTHENTICATION (octets 0-3) AUTHENTICATION (octets 4-7) d Each message starts with same header 23 Internetworking With TCP/IP vol 1 -- Part 15 2005 OSPF Message Types Type Meaning 1 2 3 4 5 Hello (used to test reachability) Database description (topology) Link status request Link status update Link status acknowledgement Internetworking With TCP/IP vol 1 -- Part 15 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 24 2005 NOTES OSPF HELLO Message Format 0 8 16 24 31 OSPF HEADER WITH TYPE = 1 NETWORK MASK DEAD TIMER HELLO INTER GWAY PRIO DESIGNATED ROUTER BACKUP DESIGNATED ROUTER NEIGHBOR1 IP ADDRESS NEIGHBOR2 IP ADDRESS ... NEIGHBORn IP ADDRESS d Used to test reachability 25 Internetworking With TCP/IP vol 1 -- Part 15 2005 OSPF Database Description Message Format 0 8 16 24 29 31 OSPF HEADER WITH TYPE = 2 MUST BE ZERO I MS DATABASE SEQUENCE NUMBER LINK TYPE LINK ID ADVERTISING ROUTER LINK SEQUENCE NUMBER LINK CHECKSUM LINK AGE ... d Fields starting at LINK TYPE are repeated Internetworking With TCP/IP vol 1 -- Part 15 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 26 2005 NOTES Values In The LINK Field Link Type Meaning 1 2 3 4 5 Router link Network link Summary link (IP network) Summary link (link to border router) External link (link to another site) 27 Internetworking With TCP/IP vol 1 -- Part 15 2005 OSPF Link Status Request Message Format 0 16 31 OSPF HEADER WITH TYPE = 3 LINK TYPE LINK ID ADVERTISING ROUTER ... Internetworking With TCP/IP vol 1 -- Part 15 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 28 2005 NOTES OSPF Link Status Update Message Format 0 16 31 OSPF HEADER WITH TYPE = 4 NUMBER OF LINK STATUS ADVERTISEMENTS LINK STATUS ADVERTISEMENT1 ... LINK STATUS ADVERTISEMENTn Internetworking With TCP/IP vol 1 -- Part 15 29 2005 Header Used In OSPF Link Status Advertisements 0 16 LINK AGE 31 LINK TYPE LINK ID ADVERTISING ROUTER LINK SEQUENCE NUMBER LINK CHECKSUM LENGTH d Four possible formats follow – Links from a router to given area – Links from a router to physical net – Links from a router to physical nets of a subnetted IP network – Links from a router to nets at other sites Internetworking With TCP/IP vol 1 -- Part 15 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 30 2005 NOTES Discussion Question d What are the tradeoffs connected with the issue of routing in the presence of partial information? Internetworking With TCP/IP vol 1 -- Part 15 31 2005 Summary d Interior Gateway Protocols (IGPs) used within an AS d Popular IGPs include – RIP (distance vector algorithm) – OSPF (link-state algorithm) Internetworking With TCP/IP vol 1 -- Part 15 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 32 2005 NOTES PART XVI INTERNET MULTICASTING Internetworking With TCP/IP vol 1 -- Part 16 1 2005 Hardware Multicast d Form of broadcast d Only one copy of a packet traverses the net d NIC initially configured to accept packets destined to – Computer’s unicast address – Hardware broadcast address d User can dynamically add (and later remove) – One or more multicast addresses Internetworking With TCP/IP vol 1 -- Part 16 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES A Note About Hardware Multicast Although it may help to think of multicast addressing as a generalization that subsumes unicast and broadcast addresses, the underlying forwarding and delivery mechanisms can make multicast less efficient. Internetworking With TCP/IP vol 1 -- Part 16 3 2005 Ethernet Multicast d Determined by low-order bit of high-order byte d Example in dotted decimal: 01.00.00.00.00.0016 d Remaining bits specify a multicast group Internetworking With TCP/IP vol 1 -- Part 16 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES IP Multicast d Group address: each multicast group assigned a unique class D address d Up to 228 simultaneous multicast groups d Dynamic group membership: host can join or leave at any time d Uses hardware multicast where available d Best-effort delivery semantics (same as IP) d Arbitrary sender (does not need to be a group member) Internetworking With TCP/IP vol 1 -- Part 16 5 2005 Facilities Needed For Internet Multicast d Multicast addressing scheme d Effective notification and delivery mechanism d Efficient Internet forwarding facility Internetworking With TCP/IP vol 1 -- Part 16 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES IP Multicast Addressing d Class D addresses reserved for multicast d General form: 0 1 2 3 1 1 1 0 4 31 Group Identification d Two types – Well-known (address reserved for specific protocol) – Transient (allocated as needed) Internetworking With TCP/IP vol 1 -- Part 16 7 2005 Multicast Addresses d Address range 224.0.0.0 through 239.255.255.255 d Notes – 224.0.0.0 is reserved (never used) – 224.0.0.1 is ‘‘all systems’’ – 224.0.0.3 is ‘‘all routers’’ – Address up through 224.0.0.255 used for multicast routing protocols Internetworking With TCP/IP vol 1 -- Part 16 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES Example Multicast Address Assignments Address Meaning 224.0.0.0 224.0.0.1 224.0.0.2 224.0.0.3 224.0.0.4 224.0.0.5 224.0.0.6 224.0.0.7 224.0.0.8 224.0.0.9 224.0.0.10 224.0.0.11 224.0.0.12 224.0.0.13 224.0.0.14 224.0.0.15 224.0.0.16 224.0.0.17 224.0.0.18 Base Address (Reserved) All Systems on this Subnet All Routers on this Subnet Unassigned DVMRP Routers OSPFIGP All Routers OSPFIGP Designated Routers ST Routers ST Hosts RIP2 Routers IGRP Routers Mobile-Agents DHCP Server / Relay Agent All PIM Routers RSVP-Encapsulation All-CBT-Routers Designated-Sbm All-Sbms VRRP Internetworking With TCP/IP vol 1 -- Part 16 9 2005 Example Multicast Address Assignments (continued) Address Meaning 224.0.0.19 through 224.0.0.255 Other Link Local Addresses 224.0.1.0 through 238.255.255.255 Globally Scoped Addresses 239.0.0.0 through 239.255.255.255 Scope restricted to one organization Internetworking With TCP/IP vol 1 -- Part 16 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES Mapping An IP Multicast Address To An Ethernet Multicast Address d Place low-order 23 bits of IP multicast address in low-order 23 bits of the special Ethernet address: 01.00.5E.00.00.0016 d Example IP multicast address 224.0.0.2 becomes Ethernet multicast address 01.00.5E.00.00.0216 Internetworking With TCP/IP vol 1 -- Part 16 11 2005 Transmission Of Multicast Datagrams d Host does not install route to multicast router d Host uses hardware multicast to transmit multicast datagrams d If multicast router is present on net – Multicast router receives datagram – Multicast router uses destination address to determine routing Internetworking With TCP/IP vol 1 -- Part 16 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES Multicast Scope d Refers to range of members in a group d Defined by set of networks over which multicast datagrams travel to reach group d Two techniques control scope – IP’s TTL field (TTL of 1 means local net only) – Administrative scoping Internetworking With TCP/IP vol 1 -- Part 16 13 2005 Host Participation In IP Multicast d Host can participate in one of three ways: Level Meaning 0 1 2 Host can neither send nor receive IP multicast Host can send but not receive IP multicast Host can both send and receive IP multicast d Note: even level 2 requires additions to host software Internetworking With TCP/IP vol 1 -- Part 16 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES Host Details For Level 2 Participation d Host uses Internet Group Management Protocol (IGMP) to announce participation in multicast d If multiple applications on a host join the same multicast group, each receives a copy of messages sent to the group d Group membership is associated with a specific network: A host joins a specific IP multicast group on a specific network. Internetworking With TCP/IP vol 1 -- Part 16 15 2005 IGMP d Allows host to register participation in a group d Two conceptual phases – When it joins a group, host sends message declaring membership – Multicast router periodically polls a host to determine if any host on the network is still a member of a group Internetworking With TCP/IP vol 1 -- Part 16 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES IGMP Implementation d All communication between host and multicast router uses hardware multicast d Single query message probes for membership in all active groups d Default polling rate is every 125 seconds d If multiple multicast routers attach to a shared network, one is elected to poll d Host waits random time before responding to poll (to avoid simultaneous responses) d Host listens to other responses, and suppresses unnecessary duplicate responses Internetworking With TCP/IP vol 1 -- Part 16 17 2005 IGMP State Transitions d Host uses FSM to determine actions: another host responds / cancel timer timer expires / send response join group / start timer NONMEMBER DELAYING MEMBER MEMBER query arrives / start timer leave group / cancel timer reference count becomes zero / leave group d Separate state kept for each multicast group Internetworking With TCP/IP vol 1 -- Part 16 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES IGMP Message Format 0 8 TYPE 16 31 RESP TIME CHECKSUM GROUP ADDRESS (ZERO IN QUERY) d Message TYPE field is one of: Type Group Address Meaning 0x11 0x11 0x16 0x17 unused (zero) used used used General membership query Specific group membership query Membership report Leave group 0x12 used Membership report (version 1) 19 Internetworking With TCP/IP vol 1 -- Part 16 2005 Multicast Forwarding Example network 1 B C D F R E G network 3 network 2 A d Hosts marked with dot participate in one group d Hosts marked with X participate in another group d Forwarding depends on group membership Internetworking With TCP/IP vol 1 -- Part 16 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 20 2005 NOTES The Complexity Of Multicast Routing Unlike unicast routing in which routes change only when the topology changes or equipment fails, multicast routes can change simply because an application program joins or leaves a multicast group. Internetworking With TCP/IP vol 1 -- Part 16 21 2005 Multicast Forwarding Complication Multicast forwarding requires a router to examine more than the destination address. d In most cases, forwarding depends on the source address as well as the destination address Internetworking With TCP/IP vol 1 -- Part 16 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 22 2005 NOTES Final Item That Complicates IP Multicast A multicast datagram may originate on a computer that is not part of the multicast group, and may be forwarded across networks that do not have any group members attached. Internetworking With TCP/IP vol 1 -- Part 16 23 2005 Multicast Routing Paradigms d Two basic approaches d Flood-and-prune – Send a copy to all networks – Only stop forwarding when it is known that no participant lies beyond a given point d Multicast trees – Routers interact to form a ‘‘tree’’ that reaches all networks of a given group – Copy traverses branches of the tree Internetworking With TCP/IP vol 1 -- Part 16 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 24 2005 NOTES Reverse Path Forwarding d Early flood-and-prune approach d Actual algorithm is Truncated Reverse Path Forwarding (TRPF) Internetworking With TCP/IP vol 1 -- Part 16 25 2005 Example Topology In Which TRPF Delivers Multiple Copies network 1 R1 network 2 R2 A R3 network 3 R4 network 4 B Internetworking With TCP/IP vol 1 -- Part 16 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 26 2005 NOTES Multicast Trees A multicast forwarding tree is defined as a set of paths through multicast routers from a source to all members of a multicast group. For a given multicast group, each possible source of datagrams can determine a different forwarding tree. Internetworking With TCP/IP vol 1 -- Part 16 27 2005 Examples Of Multicast Routing Protocols d Reverse Path Multicasting (RPM) d Distance-Vector Multicast Routing Protocol (DVMRP) d Core-Based Trees (CBT) d Protocol Independent Multicast - Dense Mode (PIM-DM) d Protocol Independent Multicast - Sparse Mode (PIM-SM) Internetworking With TCP/IP vol 1 -- Part 16 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 28 2005 NOTES Reverse Path Multicasting (RPM) d Early form d Routers flood datagrams initially d Flooding pruned as group membership information learned Internetworking With TCP/IP vol 1 -- Part 16 29 2005 Distance-Vector Multicast Routing Protocol (DVMRP) d Early protocol d Defines extension of IGMP that routers use to exchange multicast routing information d Implemented by Unix mrouted program – Configures tables in kernel – Supports tunneling – Used in Internet’s Multicast backBONE (MBONE) Internetworking With TCP/IP vol 1 -- Part 16 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 30 2005 NOTES Topology In Which Tunneling Needed net 1 net 2 INTERNET R1 (with no support for multicast) Internetworking With TCP/IP vol 1 -- Part 16 R2 31 2005 Encapsulation Used With Tunneling DATAGRAM HEADER DATAGRAM HEADER MULTICAST DATAGRAM DATA AREA UNICAST DATAGRAM DATA AREA d IP travels in IP Internetworking With TCP/IP vol 1 -- Part 16 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 32 2005 NOTES Core-Based Trees (CBT) d Proposed protocol d Better for sparse network d Does not forward to a net until host on the net joins a group d Request to join a group sent to ‘‘core’’ of network d Multiple cores used for large Internet Internetworking With TCP/IP vol 1 -- Part 16 33 2005 Division Of Internet Because CBT uses a demand-driven paradigm, it divides the internet into regions and designates a core router for each region; other routers in the region dynamically build a forwarding tree by sending join requests to the core. Internetworking With TCP/IP vol 1 -- Part 16 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 34 2005 Protocol Independent Multicast - Dense Mode (PIM-DM) d Allows router to build multicast forwarding table from information in conventional routing table d Term ‘‘dense’’ refers to density of group members d Best for high density areas d Uses flood-and-prune approach Internetworking With TCP/IP vol 1 -- Part 16 35 2005 Protocol Independent Multicast - Sparse Mode (PIM-SM) d Allows router to build multicast forwarding table from information in conventional routing table d Term ‘‘sparse’’ refers to relative density of group members d Best for situations with ‘‘islands’’ of participating hosts separated by networks with no participants d Uses tree-based approach Internetworking With TCP/IP vol 1 -- Part 16 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 36 2005 NOTES NOTES Question For Discussion d How can we provide reliable multicast? Internetworking With TCP/IP vol 1 -- Part 16 37 2005 Summary d IP multicasting uses hardware multicast for delivery d Host uses Internet Group Management Protocol (IGMP) to communicate group membership to local multicast router d Two forms of multicast routing used – Flood-and-prune – Tree-based Internetworking With TCP/IP vol 1 -- Part 16 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 38 2005 NOTES Summary (continued) d Many multicast routing protocols have been proposed – TRPF – DVMRP – CBT – PIM-DM – PIM-SM Internetworking With TCP/IP vol 1 -- Part 16 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 39 2005 NOTES PART XVII IP Switching And MPLS Internetworking With TCP/IP vol 1 -- Part 17 1 2005 Switching Technology d Designed as a higher-speed alternative to packet forwarding d Uses array lookup instead of destination address lookup d Often associated with Asynchronous Transfer Mode (ATM) Internetworking With TCP/IP vol 1 -- Part 17 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES Switching Concept S2 0 S1 0 1 S3 0 (a) label action 0 send out interface 1 1 send out interface 1 2 send out interface 0 3 send out interface 1 . . . (b) d Part (b) shows table for switch S1 d Identifier in packet known as label d All labels except 2 go out interface 1 3 Internetworking With TCP/IP vol 1 -- Part 17 2005 Extending Switching To A Large Network S2 S0 S1 0 0 0 1 action label action label → 1; send out 0 0 label → 0; send out 0 1 label → 4; send out 1 2 label → 3; send out 0 2 label → 1; send out 0 3 label → 2; send out 0 3 0 label → 2; send out 1 1 S3 label → 3; send out 1 label 0 d Label replacement known as label swapping d A path through the network corresponds to a sequence of labels Internetworking With TCP/IP vol 1 -- Part 17 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES An Important Note Switching uses a connection-oriented approach. To avoid the need for global agreement on the use of labels, the technology allows a manager to define a path of switches without requiring that the same label be used across the entire path. Internetworking With TCP/IP vol 1 -- Part 17 5 2005 Potential Advantages Of Switching For IP Forwarding d Faster forwarding d Aggregated route information d Ability to manage aggregate flows Internetworking With TCP/IP vol 1 -- Part 17 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES IP Switching d Pioneered by Ipsilon Corporation d Originally used ATM hardware d Variants by others known as – Layer 3 switching – Tag switching – Label switching d Ideas eventually consolidated into Multi-Protocol Label Switching (MPLS) Internetworking With TCP/IP vol 1 -- Part 17 7 2005 MPLS Operation d Internet divided into – Standard routers – MPLS core d Datagram encapsulated when entering the MPLS core and de-encapsulated when leaving d Within the core, MPLS labels are used to forward packets Internetworking With TCP/IP vol 1 -- Part 17 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES Processing An Incoming Datagram d Datagram classified – Multiple headers examined – Example: classification can depend on TCP port numbers as well as IP addresses d Classification used to assign a label d Note: each label corresponds to ‘‘flow’’ that may include may TCP sessions Internetworking With TCP/IP vol 1 -- Part 17 9 2005 Hierarchical MPLS d Multi-level hierarchy is possible d Example: corporation with three campuses and multiple buildings on each campus – Conventional forwarding within a building – One level of MPLS for buildings within a campus – Additional level of MPLS between campuses d To accommodate hierarchy, MPLS uses stack of labels Internetworking With TCP/IP vol 1 -- Part 17 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES MPLS Label Processing d Only top label is used to forward d When entering new level of hierarchy, push addtional label on stack d When leaving a level of the hierarchy, pop the top label from the stack Internetworking With TCP/IP vol 1 -- Part 17 11 2005 MPLS Encapsulation MPLS header DATAGRAM HEADER FRAME HEADER DATAGRAM DATA AREA FRAME DATA AREA d MPLS can run over conventional networks d Shim header contains labels Internetworking With TCP/IP vol 1 -- Part 17 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES Fields In An MPLS Shim Header 0 20 LABEL 22 EXP 24 S 31 TTL d Shim header – Prepended to IP datagram – Only used while datagram in MPLS core d MPLS switches use LABEL in shim when forwarding packet Internetworking With TCP/IP vol 1 -- Part 17 13 2005 Label Switching Router (LSR) d Device that connects between conventional Internet and MPLS core d Handles classification d Uses data structure known as Next Hop Label Forwarding Table (NHLFT) to choose an action Internetworking With TCP/IP vol 1 -- Part 17 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES Next Hop Label Forwarding Entry d Found in NHLFT d Specifies – Next hop information (e.g., the outgoing interface) – Operation to be performed – Encapsulation to use (optional) – How to encode the label (optional) – Other information needed to handle the packet (optional) Internetworking With TCP/IP vol 1 -- Part 17 15 2005 Possible Operations d Replace label at top of stack d Pop label at top of stack d Replace label at top of stack, and then push one or more new labels onto stack Internetworking With TCP/IP vol 1 -- Part 17 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES Control Processing And Label Distribution d Needed to establish Label Switched Path (LSP) – Coordinate labels along the path – Configure next-hop forwarding in switches d Performed by Label Distribution mechanism d Series of labels selected automatically Internetworking With TCP/IP vol 1 -- Part 17 17 2005 Protocols For MPLS Control d Two primary protocols proposed – Label Distribution Protocol (MPLS-LDP) – Constraint-Based Routing LDP (CR-LDP) d Other proposals to extend routing protocols – OSPF – BGP Internetworking With TCP/IP vol 1 -- Part 17 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES Notes About Fragmentation d Outgoing – MPLS prepends shim header to each datagram – If datagram fills network MTU, fragmentation will be required d Incoming – Classification requires knowledge of headers (e.g., TCP port numbers) – Only first fragment contains needed information – LSR must collect fragments and reassemble before classification Internetworking With TCP/IP vol 1 -- Part 17 19 2005 Mesh Topology d Used in many MPLS cores d LSP established between each pair of LSRs d Parallel LSPs can be used for levels of service d Example – One LSP reserved for VOIP traffic – Another LSP used for all other traffic Internetworking With TCP/IP vol 1 -- Part 17 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 20 2005 NOTES Service Differentiation Because MPLS classification can use arbitrary fields in a datagram, including the IP source address, the service a datagram receives can depend on the customer sending the datagram as well as the type of data being carried. Internetworking With TCP/IP vol 1 -- Part 17 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 21 2005 NOTES PART XVIII MOBILE IP Internetworking With TCP/IP vol 1 -- Part 18 1 2005 Mobility And IP Addressing d Recall: prefix of IP address identifies network to which host is attached d Consequence: when moving to a new network either – Host must change its IP address – All routers install host-specific routes Internetworking With TCP/IP vol 1 -- Part 18 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES Mobile IP d Technology to support mobility – Allows host to retain original IP address – Does not require routers to install host-specific routes Internetworking With TCP/IP vol 1 -- Part 18 3 2005 Characteristics Of Mobile IP d Transparent to applications and transport protocols d Interoperates with standard IPv4 d Scales to large Internet d Secure d Macro mobility (intended for working away from home rather than moving at high speed) Internetworking With TCP/IP vol 1 -- Part 18 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES General Approach d Host visiting a foreign network obtains second IP address that is local to the site d Host informs router on home network d Router at home uses second address to forward datagrams for the host to the foreign network – Datagrams sent in a tunnel – Uses IP-in-IP encapsulation Internetworking With TCP/IP vol 1 -- Part 18 5 2005 Two Broad Approaches d Foreign network runs system known as foreign agent – Visiting host registers with foreign agent – Foreign agent assigns host a temporary address – Foreign agent registers host with home agent d Foreign network does not run a foreign agent – Host uses DHCP to obtain temporary address – Host registers directly with home agent Internetworking With TCP/IP vol 1 -- Part 18 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES Foreign Agent Advertisement Extension d Sent by router that runs foreign agent d Added to ICMP router advertisement d Format: 0 8 TYPE (16) 16 24 LENGTH 31 SEQUENCE NUM LIFETIME CODE RESERVED CARE-OF ADDRESSES Internetworking With TCP/IP vol 1 -- Part 18 7 2005 CODE Field In Advertisement Message Bit Meaning 0 Registration with an agent is required; co-located care-of addressing is not permitted The agent is busy and is not accepting registrations Agent functions as a home agent Agent functions as a foreign agent Agent uses minimal encapsulation Agent uses GRE-style encapsulation Agent supports header compression when communicating with mobile Unused (must be zero) 1 2 3 4 5 6 7 Internetworking With TCP/IP vol 1 -- Part 18 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES Host Registration Request 0 8 TYPE (1 or 3) 16 31 FLAGS LIFETIME HOME ADDRESS HOME AGENT CARE-OF ADDRESS IDENTIFICATION EXTENSIONS Internetworking With TCP/IP vol 1 -- Part 18 ... 9 2005 FLAGS Field In Host Registration Request Bit Meaning 0 This is a simultaneous (additional) address rather than a replacement. Mobile requests home agent to tunnel a copy of each broadcast datagram Mobile is using a co-located care-of address and will decapsulate datagrams itself Mobile requests agent to use minimal encapsulation Mobile requests agent to use GRE encapsulation Mobile requests header compression Reserved (must be zero) 1 2 3 4 5 6-7 Internetworking With TCP/IP vol 1 -- Part 18 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES Consequence Of Mobile IP Because a mobile uses its home address as a source address when communicating with an arbitrary destination, each reply is forwarded to the mobile’s home network, where an agent intercepts the datagram, encapsulates it in another datagram, and forwards it either directly to the mobile or to the foreign agent the mobile is using. Internetworking With TCP/IP vol 1 -- Part 18 11 2005 Illustration Of The Two-Crossing Problem Home Site Foreign Site R2 R1 INTERNET home agent mobile’s original home Internetworking With TCP/IP vol 1 -- Part 18 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. R3 D destination foreign agent M 12 R4 mobile 2005 NOTES A Severe Problem Mobile IP introduces a routing inefficiency known as the twocrossing problem that occurs when a mobile visits a foreign network far from its home and then communicates with a computer near the foreign site. Each datagram sent to the mobile travels across the Internet to the mobile’s home agent which then forwards the datagram back to the foreign site. Eliminating the problem requires propagating host-specific routes; the problem remains for any destination that does not receive the host-specific route. Internetworking With TCP/IP vol 1 -- Part 18 13 2005 Summary d Mobile IP allows a host to visit a foreign site without changing its IP address d A visiting host obtains a second, temporary address which is used for communication while at the site d The chief advantage of mobile IP arises from transparency to applications d The chief disadvantage of mobile IP arises from inefficient routing known as a two-crossing problem Internetworking With TCP/IP vol 1 -- Part 18 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES PART XIX PRIVATE NETWORK INTERCONNECTION (NAT AND VPN) 1 Internetworking With TCP/IP vol 1 -- Part 19 2005 Definitions d An internet is private to one group (sometimes called isolated) if none of the facilities or traffic is accessible to other groups – Typical implementation involves using leased lines to interconnect routers at various sites of the group d The global Internet is public because facilities are shared among all subscribers Internetworking With TCP/IP vol 1 -- Part 19 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES Hybrid Architecture d Permits some traffic to go over private connections d Allows contact with global Internet Internetworking With TCP/IP vol 1 -- Part 19 3 2005 Example Of Hybrid Architecture Site 1 Site 2 INTERNET R1 R3 128.10.1.0 192.5.48.0 leased circuit R2 R4 128.10.2.0 Internetworking With TCP/IP vol 1 -- Part 19 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 128.210.0.0 4 2005 NOTES The Cost Of Private And Public Networks d Private network extremely expensive d Public Internet access inexpensive d Goal: combine safety of private network with low cost of global Internet Internetworking With TCP/IP vol 1 -- Part 19 5 2005 Question How can an organization that uses the global Internet to connect its sites keep its data private? d Answer: Virtual Private Network (VPN) Internetworking With TCP/IP vol 1 -- Part 19 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES Virtual Private Network d Connect all sites to global Internet d Protect data as it passes from one site to another – Encryption – IP-in-IP tunneling Internetworking With TCP/IP vol 1 -- Part 19 7 2005 Illustration Of Encapsulation Used With VPN ENCRYPTED INNER DATAGRAM DATAGRAM HEADER Internetworking With TCP/IP vol 1 -- Part 19 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. OUTER DATAGRAM DATA AREA 8 2005 NOTES The Point A Virtual Private Network sends data across the Internet, but encrypts intersite transmissions to guarantee privacy. 9 Internetworking With TCP/IP vol 1 -- Part 19 2005 Example Of VPN Addressing And Routing Site 1 Site 2 INTERNET R1 R3 128.10.1.0 192.5.48.0 destination 128.10.1.0 direct 128.10.2.0 R2 192.5.48.0 R2 128.10.2.0 next hop tunnel to R3 128.210.0.0 128.210.0.0 tunnel to R3 default R4 ISP’s router Routing table in R1 Internetworking With TCP/IP vol 1 -- Part 19 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES Example VPN With Private Addresses valid IP address Site 1 using subnet 10.1.0.0 R1 valid IP address INTERNET 10.1 address R2 Site 2 using subnet 10.2.0.0 10.2 address d Advantage: only one globally valid IP address needed per site Internetworking With TCP/IP vol 1 -- Part 19 11 2005 General Access With Private Addresses d Question: how can a site provide multiple computers at the site access to Internet services without assigning each computer a globally-valid IP address? d Two answers – Application gateway (one needed for each service) – Network Address Translation (NAT) Internetworking With TCP/IP vol 1 -- Part 19 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES Network Address Translation (NAT) d Extension to IP addressing d IP-level access to the Internet through a single IP address d Transparent to both ends d Implementation – Typically software – Usually installed in IP router – Special-purpose hardware for highest speed 13 Internetworking With TCP/IP vol 1 -- Part 19 2005 Network Address Translation (NAT) (continued) d Pioneered in Unix program slirp d Also known as – Masquerade (Linux) – Internet Connection Sharing (Microsoft) d Inexpensive implementations available for home use Internetworking With TCP/IP vol 1 -- Part 19 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES NAT Details d Organization – Obtains one globally valid address per Internet connection – Assigns nonroutable addresses internally (net 10) – Runs NAT software in router connecting to Internet d NAT – Replaces source address in outgoing datagram – Replaces destination address in incoming datagram – Also handles higher layer protocols (e.g., pseudo header for TCP or UDP) Internetworking With TCP/IP vol 1 -- Part 19 15 2005 NAT Translation Table d NAT uses translation table d Entry in table specifies local (private) endpoint and global destination. d Typical paradigm – Entry in table created as side-effect of datagram leaving site – Entry in table used to reverse address mapping for incoming datagram Internetworking With TCP/IP vol 1 -- Part 19 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES Example NAT Translation Table Private Address Private Port External Address External Port NAT Port Protocol Used 10.0.0.5 10.0.0.1 10.0.2.6 10.0.0.3 21023 386 26600 1274 128.10.19.20 128.10.19.20 207.200.75.200 128.210.1.5 80 80 21 80 14003 14010 14012 14007 tcp tcp tcp tcp d Variant of NAT that uses protocol port numbers is known as Network Address and Port Translation (NAPT) Internetworking With TCP/IP vol 1 -- Part 19 17 2005 Use Of NAT By An ISP ISP using NAT hosts using dialup access INTERNET Internetworking With TCP/IP vol 1 -- Part 19 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES Higher Layer Protocols And NAT d NAT must – Change IP headers – Possibly change TCP or UDP source ports – Recompute TCP or UDP checksums – Translate ICMP messages – Translate port numbers in an FTP session Internetworking With TCP/IP vol 1 -- Part 19 19 2005 Applications And NAT NAT affects ICMP, TCP, UDP, and other higher-layer protocols; except for a few standard applications like FTP, an application protocol that passes IP addresses or protocol port numbers as data will not operate correctly across NAT. Internetworking With TCP/IP vol 1 -- Part 19 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 20 2005 NOTES Summary d Virtual Private Networks (VPNs) combine the advantages of low cost Internet connections with the safety of private networks d VPNs use encryption and tunneling d Network Address Translation allows a site to multiplex communication with multiple computers through a single, globally valid IP address. d NAT uses a table to translate addresses in outgoing and incoming datagrams Internetworking With TCP/IP vol 1 -- Part 19 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 21 2005 NOTES PART XX CLIENT-SERVER MODEL OF INTERACTION Internetworking With TCP/IP vol 1 -- Part 20 1 2005 Client-Server Paradigm d Conceptual basis for virtually all distributed applications d One program initiates interaction to which another program responds d Note: ‘‘peer-to-peer’’ applications use client-server paradigm internally Internetworking With TCP/IP vol 1 -- Part 20 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES Definitions d Client – Any application program – Contacts a server – Forms and sends a request – Awaits a response d Server – Usually a specialized program that offers a service – Awaits a request – Computes an answer – Issues a response Internetworking With TCP/IP vol 1 -- Part 20 3 2005 Server Persistence A server starts execution before interaction begins and (usually) continues to accept requests and send responses without ever terminating. A client is any program that makes a request and awaits a response; it (usually) terminates after using a server a finite number of times. Internetworking With TCP/IP vol 1 -- Part 20 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES Illustration Of The Client-Server Paradigm . . . . . . request sent to well-known port client . . . . . . server Client sends request . . . . . . response sent to client’s port client . . . . . . server Server sends response Internetworking With TCP/IP vol 1 -- Part 20 5 2005 Use Of Protocol Ports A server waits for requests at a well-known port that has been reserved for the service it offers. A client allocates an arbitrary, unused, nonreserved port for its communication. Internetworking With TCP/IP vol 1 -- Part 20 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES Client Side d Any application program can become a client d Must know how to reach the server – Server’s Internet address – Server’s protocol port number d Usually easy to build 7 Internetworking With TCP/IP vol 1 -- Part 20 2005 Server Side d Finds client’s location from incoming request d Can be implemented with application program or in operating system d Starts execution before requests arrive d Must ensure client is authorized d Must uphold protection rules d Must handle multiple, concurrent requests d Usually complex to design and build Internetworking With TCP/IP vol 1 -- Part 20 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES Concurrent Server Algorithm d Open well-known port d Wait for next client request d Create a new socket for the client d Create thread / process to handle request d Continue with wait step Internetworking With TCP/IP vol 1 -- Part 20 9 2005 Complexity Of Servers Servers are usually more difficult to build than clients because, although they can be implemented with application programs, servers must enforce all the access and protection policies of the computer system on which they run and must protect themselves against all possible errors. Internetworking With TCP/IP vol 1 -- Part 20 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES Summary d Client-server model is basis for distributed applications d Server is specialized, complex program (process) that offers a service d Arbitrary application can become a client by contacting a server and sending a request d Most servers are concurrent Internetworking With TCP/IP vol 1 -- Part 20 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 11 2005 NOTES PART XXI THE SOCKET INTERFACE Internetworking With TCP/IP vol 1 -- Part 21 1 2005 Using Protocols d Protocol software usually embedded in OS d Applications run outside OS d Need an Application Program Interface (API) to allow application to access protocols Internetworking With TCP/IP vol 1 -- Part 21 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES API d TCP/IP standards – Describe general functionality needed – Do not give details such as function names and arguments d Each OS free to define its own API d In practice: socket interface has become de facto standard API 3 Internetworking With TCP/IP vol 1 -- Part 21 2005 Socket API d Defined by U.C. Berkeley as part of BSD Unix d Adopted (with minor changes) by Microsoft as Windows Sockets Internetworking With TCP/IP vol 1 -- Part 21 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES Characteristics Of Socket API d Follows Unix’s open-read-write-close paradigm d Uses Unix’s descriptor abstraction – First, create a socket and receive an integer descriptor – Second, call a set of functions that specify all the details for the socket (descriptor is argument to each function) d Once socket has been established, use read and write or equivalent functions to transfer data d When finished, close the socket Internetworking With TCP/IP vol 1 -- Part 21 5 2005 Creating A Socket result = socket(pf, type, protocol) d Argument specifies protocol family as TCP/IP Internetworking With TCP/IP vol 1 -- Part 21 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES Terminating A Socket close(socket) d Closing a socket permanently terminates the interaction Internetworking With TCP/IP vol 1 -- Part 21 7 2005 Specifying A Local Address For The Socket bind(socket, localaddr, addrlen) Internetworking With TCP/IP vol 1 -- Part 21 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES Format Of A Sockaddr Structure (Generic) 0 16 ADDRESS FAMILY 31 ADDRESS OCTETS 0-1 ADDRESS OCTETS 2-5 ADDRESS OCTETS 6-9 ADDRESS OCTETS 10-13 Internetworking With TCP/IP vol 1 -- Part 21 9 2005 Format Of A Sockaddr Structure When Used With TCP/IP 0 16 ADDRESS FAMILY (2) 31 PROTOCOL PORT IP ADDRESS Internetworking With TCP/IP vol 1 -- Part 21 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES Connecting A Socket To A Destination Address connect(socket, destaddr, addrlen) d Can be used with UDP socket to specify remote endpoint address Internetworking With TCP/IP vol 1 -- Part 21 11 2005 Sending Data Through A Socket send(socket, message, length, flags) d Note – Function write can also be used – Alternatives exist for connectionless transport (UDP) Internetworking With TCP/IP vol 1 -- Part 21 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES Receiving Data Through A Socket recv(socket, buffer, length, flags) d Note – Function read can also be used – Alternatives exist for connectionless transport (UDP) Internetworking With TCP/IP vol 1 -- Part 21 13 2005 Obtaining Remote And Local Socket Addresses getpeername(socket, destaddr, addrlen) and getsockname(socket, localaddr, addrlen) Internetworking With TCP/IP vol 1 -- Part 21 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES Set Maximum Queue Length (Server) listen(socket, qlength) d Maximum queue length can be quite small Internetworking With TCP/IP vol 1 -- Part 21 15 2005 Accepting New Connections (Server) newsock = accept(socket, addr, addrlen) d Note: – Original socket remains available for accepting connections – New socket corresponds to one connection – Permits server to handle requests concurrently Internetworking With TCP/IP vol 1 -- Part 21 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 Handling Multiple Services With One Server d Server – Creates socket for each service – Calls select function to wait for any request – Select specifies which service was contacted d Form of select nready = select(ndesc, indesc, outdesc, excdesc, timeout) Internetworking With TCP/IP vol 1 -- Part 21 17 2005 Socket Functions Used For DNS d Mapping a host name to an IP address gethostname(name, length) d Obtaining the local domain getdomainname(name, length) Internetworking With TCP/IP vol 1 -- Part 21 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES NOTES Illustration Of A Socket Library application program bound with library routines it calls Application Program Code Library Routines Used System Calls In Computer’s Operating System Internetworking With TCP/IP vol 1 -- Part 21 19 2005 Byte Order Conversion Routines d Convert between network byte order and local host byte order d If local host uses big-endian, routines have no effect localshort = ntohs(netshort) locallong = ntohl(netlong) netshort = htons(localshort) netlong = htonl(locallong) Internetworking With TCP/IP vol 1 -- Part 21 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 20 2005 NOTES IP Address Manipulation Routines d Convert from dotted decimal (ASCII string) to 32-bit binary value d Example: address = inet_addr(string) Internetworking With TCP/IP vol 1 -- Part 21 21 2005 Other Socket Routines d Many other functions exist d Examples: obtain information about – Protocols – Hosts – Domain name Internetworking With TCP/IP vol 1 -- Part 21 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 22 2005 NOTES Example Client Program /* whoisclient.c - main */ #include #include #include #include #include <stdio.h> <sys/types.h> <sys/socket.h> <netinet/in.h> <netdb.h> /*---------------------------------------------------------------------* Program: whoisclient * * Purpose: UNIX application program that becomes a client for the * Internet "whois" service. * * Use: whois hostname username * * Author: Barry Shein, Boston University * * Date: Long ago in a universe far, far away * *---------------------------------------------------------------------*/ 23 Internetworking With TCP/IP vol 1 -- Part 21 2005 Example Client Program (Part 2) main(argc, argv) int argc; char *argv; { int s; int len; struct sockaddr_in sa; struct hostent *hp; struct servent *sp; char buf[BUFSIZ+1]; char *myname; char *host; char *user; /* standard UNIX argument declarations */ /* /* /* /* /* /* /* /* /* socket descriptor length of received data Internet socket addr. structure result of host name lookup result of service lookup buffer to read whois information pointer to name of this program pointer to remote host name pointer to remote user name */ */ */ */ */ */ */ */ */ myname = argv[0]; Internetworking With TCP/IP vol 1 -- Part 21 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 24 2005 NOTES Example Client (Part 3) /* * Check that there are two command line arguments */ if(argc != 3) { fprintf(stderr, "Usage: %s host username\n", myname); exit(1); } host = argv[1]; user = argv[2]; /* * Look up the specified hostname */ if((hp = gethostbyname(host)) == NULL) { fprintf(stderr,"%s: %s: no such host?\n", myname, host); exit(1); } /* * Put host’s address and address type into socket structure */ bcopy((char *)hp->h_addr, (char *)&sa.sin_addr, hp->h_length); sa.sin_family = hp->h_addrtype; Internetworking With TCP/IP vol 1 -- Part 21 25 2005 Example Client (Part 4) /* * Look up the socket number for the WHOIS service */ if((sp = getservbyname("whois","tcp")) == NULL) { fprintf(stderr,"%s: No whois service on this host\n", myname); exit(1); } /* * Put the whois socket number into the socket structure. */ sa.sin_port = sp->s_port; /* * Allocate an open socket */ if((s = socket(hp->h_addrtype, SOCK_STREAM, 0)) < 0) { perror("socket"); exit(1); } Internetworking With TCP/IP vol 1 -- Part 21 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 26 2005 NOTES Example Client (Part 5) /* * Connect to the remote server */ if(connect(s, &sa, sizeof sa) < 0) { perror("connect"); exit(1); } /* * Send the request */ if(write(s, user, strlen(user)) != strlen(user)) { fprintf(stderr, "%s: write error\n", myname); exit(1); } /* * Read the reply and put to user’s output */ while( (len = read(s, buf, BUFSIZ)) > 0) write(1, buf, len); close(s); exit(0); } Internetworking With TCP/IP vol 1 -- Part 21 27 2005 Example Server Program /* whoisserver.c - main */ #include #include #include #include #include #include <stdio.h> <sys/types.h> <sys/socket.h> <netinet/in.h> <netdb.h> <pwd.h> /*---------------------------------------------------------------------* Program: whoisserver * * Purpose: UNIX application program that acts as a server for * the "whois" service on the local machine. It listens * on well-known WHOIS port (43) and answers queries from * clients. This program requires super-user privilege to * run. * * Use: whois hostname username * Internetworking With TCP/IP vol 1 -- Part 21 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 28 2005 NOTES Example Server (Part 2) * Author: Barry Shein, Boston University * * Date: Long ago in a universe far, far away * *---------------------------------------------------------------------*/ #define BACKLOG #define MAXHOSTNAME 5 32 /* # of requests we’re willing to queue */ /* maximum host name length we tolerate */ main(argc, argv) int argc; /* char *argv; { int s, t; /* int i; /* struct sockaddr_in sa, isa; /* struct hostent *hp; /* char *myname; /* struct servent *sp; /* char localhost[MAXHOSTNAME+1];/* Internetworking With TCP/IP vol 1 -- Part 21 standard UNIX argument declarations */ socket descriptors general purpose integer Internet socket address structure result of host name lookup pointer to name of this program result of service lookup local host name as character string 29 */ */ */ */ */ */ */ 2005 Example Server (Part 3) myname = argv[0]; /* * Look up the WHOIS service entry */ if((sp = getservbyname("whois","tcp")) == NULL) { fprintf(stderr, "%s: No whois service on this host\n", myname); exit(1); } /* * Get our own host information */ gethostname(localhost, MAXHOSTNAME); if((hp = gethostbyname(localhost)) == NULL) { fprintf(stderr, "%s: cannot get local host info?\n", myname); exit(1); } Internetworking With TCP/IP vol 1 -- Part 21 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 30 2005 NOTES Example Server (Part 4) /* * Put the WHOIS socket number and our address info * into the socket structure */ sa.sin_port = sp->s_port; bcopy((char *)hp->h_addr, (char *)&sa.sin_addr, hp->h_length); sa.sin_family = hp->h_addrtype; /* * Allocate an open socket for incoming connections */ if((s = socket(hp->h_addrtype, SOCK_STREAM, 0)) < 0) { perror("socket"); exit(1); } /* * Bind the socket to the service port * so we hear incoming connections */ if(bind(s, &sa, sizeof sa) < 0) { perror("bind"); exit(1); } Internetworking With TCP/IP vol 1 -- Part 21 31 2005 Example Server (Part 5) /* * Set maximum connections we will fall behind */ listen(s, BACKLOG); /* * Go into an infinite loop waiting for new connections */ while(1) { i = sizeof isa; /* * We hang in accept() while waiting for new customers */ if((t = accept(s, &isa, &i)) < 0) { perror("accept"); exit(1); } whois(t); /* perform the actual WHOIS service */ close(t); } } Internetworking With TCP/IP vol 1 -- Part 21 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 32 2005 NOTES Example Server (Part 6) /* * Get the WHOIS request from remote host and format a reply. */ whois(sock) int sock; { struct passwd *p; char buf[BUFSIZ+1]; int i; /* * Get one line request */ if( (i = read(sock, buf, BUFSIZ)) <= 0) return; buf[i] = ’\0’; /* Null terminate */ Internetworking With TCP/IP vol 1 -- Part 21 33 2005 Example Server (Part 7) /* * Look up the requested user and format reply */ if((p = getpwnam(buf)) == NULL) strcpy(buf,"User not found\n"); else sprintf(buf, "%s: %s\n", p->pw_name, p->pw_gecos); /* * Return reply */ write(sock, buf, strlen(buf)); return; } Internetworking With TCP/IP vol 1 -- Part 21 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 34 2005 NOTES Summary d Socket API – Invented for BSD Unix – Not official part of TCP/IP – De facto standard in the industry – Used with TCP or UDP – Large set of functions d General paradigm: create socket and then use a set of functions to specify details Internetworking With TCP/IP vol 1 -- Part 21 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 35 2005 NOTES PART XXII BOOTSTRAP AND AUTOCONFIGURATION (DHCP) Internetworking With TCP/IP vol 1 -- Part 22 1 2005 System Startup d To keep protocol software general – IP stack designed with many parameters – Values filled in when system starts d Two possible sources of information – Local storage device (e.g., disk) – Server on the network Internetworking With TCP/IP vol 1 -- Part 22 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES Bootstrapping d BOOTstrap Protocol (BOOTP) – Early alternative to RARP – Provided more than just an IP address – Obtained configuration parameters from a server – Used UDP d Dynamic Host Configuration Protocol (DHCP) – Replaces and extends BOOTP – Provides dynamic address assignment Internetworking With TCP/IP vol 1 -- Part 22 3 2005 Apparent Contradiction d DHCP used to obtain parameters for an IP stack d DHCP uses IP and UDP to obtain the parameters d Stack must be initialized before being initialized Internetworking With TCP/IP vol 1 -- Part 22 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES Solving The Apparent Contradiction d DHCP runs as application d Only needs basic facilities d In particular: An application program can use the limited broadcast IP address to force IP to broadcast a datagram on the local network before IP has discovered the IP address of the local network or the machine’s IP address. d Note: server cannot use ARP when replying to client because client does not know its own IP address Internetworking With TCP/IP vol 1 -- Part 22 5 2005 DHCP Retransmission d Client handles retransmission d Initial timeout selected at random d Timeout for successive retransmissions doubled Internetworking With TCP/IP vol 1 -- Part 22 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES Two-Step Bootstrap d DHCP provides information, not data d Client receives – Name of file that contains boot image – Address of server d Client must use another means to obtain the image to run (typically TFTP) Internetworking With TCP/IP vol 1 -- Part 22 7 2005 Dynamic Address Assignment d Needed by ISPs – Client obtains an IP address and uses temporarily – When client finishes, address is available for another client d Also used on many corporate networks Internetworking With TCP/IP vol 1 -- Part 22 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES DHCP Address Assignment d Backward compatible with BOOTP d Can assign addresses in three ways – Manual (manager specifies binding as in BOOTP) – Automatic (address assigned by server, and machine retains same address) – Dynamic (address assigned by server, but machine may obtain new address for successive request) d Manager chooses type of assignment for each address Internetworking With TCP/IP vol 1 -- Part 22 9 2005 DHCP Support For Autoconfiguration Because it allows a host to obtain all the parameters needed for communication without manual intervention, DHCP permits autoconfiguration. Autoconfiguration is, of course, subject to administrative constraints. Internetworking With TCP/IP vol 1 -- Part 22 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES Dynamic Address Assignment d Client is granted a lease on an address d Server specifies length of lease d At end of lease, client must renew lease or stop using address d Actions controlled by finite state machine Internetworking With TCP/IP vol 1 -- Part 22 11 2005 Server Contact To use DHCP, a host becomes a client by broadcasting a message to all servers on the local network. The host then collects offers from servers, selects one of the offers, and verifies acceptance with the server. Internetworking With TCP/IP vol 1 -- Part 22 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES DHCP Finite State Machine Host Boots INITIALIZE / DHCPDISCOVER DHCPNACK DHCPNACK SELECT or Lease Expires Lease Reaches 87.5% Expiration / DHCPOFFER DHCPREQUEST REBIND RENEW Select Offer / DHCPREQUEST DHCPACK DHCPACK REQUEST Lease Reaches 50% Expiration / DHCPREQUEST DHCPACK BOUND Cancel Lease / DHCPRELEASE 13 Internetworking With TCP/IP vol 1 -- Part 22 2005 DHCP Message Format 0 8 16 OP HTYPE 24 HLEN 31 HOPS TRANSACTION ID SECONDS FLAGS CLIENT IP ADDRESS YOUR IP ADDRESS SERVER IP ADDRESS ROUTER IP ADDRESS CLIENT HARDWARE ADDRESS (16 OCTETS) . . . SERVER HOST NAME (64 OCTETS) . . . BOOT FILE NAME (128 OCTETS) . . . OPTIONS (VARIABLE) . . . Internetworking With TCP/IP vol 1 -- Part 22 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES Message Type Field 0 8 CODE (53) TYPE FIELD 16 LENGTH (1) 23 TYPE (1 - 7) Corresponding DHCP Message Type 1 2 3 4 5 6 7 8 Internetworking With TCP/IP vol 1 -- Part 22 DHCPDISCOVER DHCPOFFER DHCPREQUEST DHCPDECLINE DHCPACK DHCPNACK DHCPRELEASE DHCPINFORM 15 2005 Questions For Discussion d Explain the relationship between DHCP and DNS d What basic facility is needed? Why? Internetworking With TCP/IP vol 1 -- Part 22 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES Summary d Two protocols available for bootstrapping – BOOTP (static binding of IP address to computer) – DHCP (extension of BOOTP that adds dynamic binding of IP addresses) d DHCP – Server grants lease for an address – Lease specifies length of time – Host must renew lease or stop using address when lease expires – Actions controlled by finite state machine Internetworking With TCP/IP vol 1 -- Part 22 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 17 2005 NOTES PART XXIII DOMAIN NAME SYSTEM (DNS) Internetworking With TCP/IP vol 1 -- Part 23 1 2005 Names For Computers d Humans prefer pronounceable names rather than numeric addresses d Two possibilities – Flat namespace – Hierarchical namespace Internetworking With TCP/IP vol 1 -- Part 23 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES Naming Hierarchy d Two possibilities – According to network topology – By organizational structure (independent of physical networks) d Internet uses the latter Internetworking With TCP/IP vol 1 -- Part 23 3 2005 Internet Hierarchy In a TCP/IP internet, hierarchical machine names are assigned according to the structure of organizations that obtain authority for parts of the namespace, not necessarily according to the structure of the physical network interconnections. Internetworking With TCP/IP vol 1 -- Part 23 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES Internet Domain Names d Flexible hierarchy – Universal naming scheme (same everywhere) – Each organization determines internal naming structure d Mechanism known as Domain Name System (DNS) d Name assigned to a computer known as domain name 5 Internetworking With TCP/IP vol 1 -- Part 23 2005 Domain Name Syntax d Set of labels separated by delimiter character (period) d Example cs . purdue . edu d Three labels: cs, purdue, and edu d String purdue . edu is also a domain d Top-level domain is edu Internetworking With TCP/IP vol 1 -- Part 23 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES Original Top-Level Domains Domain Name com edu gov mil net org arpa int country code Assigned To Commercial organizations Educational institutions (4-year) Government institutions Military groups Major network support centers Organizations other than those above Temporary ARPANET domain (obsolete) International organizations Each country (geographic scheme) d Meaning assigned to each d Three domains considered generic .com .net .org Internetworking With TCP/IP vol 1 -- Part 23 7 2005 New Top-Level Domains Domain Name Assigned To aero biz coop info museum name pro Air-Transport Industry Businesses Non-Profit Cooperatives Unrestricted Museums Individuals Professionals (accountants, lawyers, physicians) d Proponents argued (incorrectly) that DNS would collapse without additional TLDs d New TLDs created legal nightmare Internetworking With TCP/IP vol 1 -- Part 23 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES Illustration Of Part Of The DNS Tree unnamed root com edu gov dec purdue nsf cc cs ... ecn us va reston cnri Internetworking With TCP/IP vol 1 -- Part 23 9 2005 Authority For Names d Authority delegated down the tree d Example – Purdue University registers under top level domain .edu and receives authority for domain purdue . edu – Computer Science Department at Purdue registers with the Purdue authority, and becomes the authority for cs . purdue . edu – Owner of a lab in the CS Department registers with the departmental authority, and becomes the authority for xinu . cs . purdue . edu Internetworking With TCP/IP vol 1 -- Part 23 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES DNS Database d Record has (name, class) d Class specifies type of object (e.g., computer, email exchanger) d Consequence: A given name may map to more than one item in the domain system. The client specifies the type of object desired when resolving a name, and the server returns objects of that type. Internetworking With TCP/IP vol 1 -- Part 23 11 2005 Mapping Domain Names To Addresses d DNS uses a set of on-line servers d Servers arranged in tree d Given server can handle entire subtree – Example: ISP manages domain names for its clients (including corporations) Internetworking With TCP/IP vol 1 -- Part 23 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES Terminology d DNS server known as name server d DNS client software known as resolver Internetworking With TCP/IP vol 1 -- Part 23 13 2005 Illustration Of Topology Among DNS Servers Root Server server for .com server for .edu server for .gov server for dec.com server for purdue.edu server for nsf.gov Internetworking With TCP/IP vol 1 -- Part 23 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 ... server for .us server for va.us 2005 NOTES In Practice d Single server can handle multiple levels of the naming tree d Example: root server handles all top-level domains Internetworking With TCP/IP vol 1 -- Part 23 15 2005 Domain Name Resolution d Conceptually, must search from root of tree downward d In practice – Every name server knows location of a root server – Only contacts root if no subdomain known – Lookup always starts with local server first (host can learn address of DNS server from DHCP) Internetworking With TCP/IP vol 1 -- Part 23 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES Efficient Translation d Facts – Most lookups refer to local names – Name-to-address bindings change infrequently – User is likely to repeat same lookup d To increase efficiency – Initial contact begins with local name server – Every server caches answers (owner specifies cache timeout) Internetworking With TCP/IP vol 1 -- Part 23 17 2005 Domain Server Message Format 0 16 31 IDENTIFICATION PARAMETER NUMBER OF QUESTIONS NUMBER OF ANSWERS NUMBER OF AUTHORITY NUMBER OF ADDITIONAL QUESTION SECTION ... ANSWER SECTION ... AUTHORITY SECTION ... ADDITIONAL INFORMATION SECTION ... Internetworking With TCP/IP vol 1 -- Part 23 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES Parameter Bits Bit of PARAMETER field 0 1-4 5 6 7 8 9 10 11 12-15 Internetworking With TCP/IP vol 1 -- Part 23 Meaning Operation: 0 Query 1 Response Query Type: 0 Standard 1 Inverse 2 Server status request 3 Completion (now obsolete) 4 Notify 5 Update Set if answer authoritative Set if message truncated Set if recursion desired Set if recursion available Set if data is authenticated Set if checking is disabled Reserved Response Type: 0 No error 1 Format error in query 2 Server failure 3 Name does not exist 5 Refused 6 Name exists when it should not 7 RR set exists 8 RR set that should exist does not 9 Server not authoritative for the zone 10 Name not contained in zone 19 2005 Format Of Question Section 0 16 31 QUERY DOMAIN NAME ... QUERY TYPE Internetworking With TCP/IP vol 1 -- Part 23 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. QUERY CLASS 20 2005 NOTES Format Of Resource Records 0 16 31 RESOURCE DOMAIN NAME ... TYPE CLASS TIME TO LIVE RESOURCE DATA LENGTH RESOURCE DATA ... Internetworking With TCP/IP vol 1 -- Part 23 21 2005 Abbreviation Of Domain Names d DNS only recognizes full domain names d Client software allows abbreviation Internetworking With TCP/IP vol 1 -- Part 23 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 22 2005 NOTES Example Of Domain Name Abbreviation d Client configured with suffix list – . cs . purdue . edu – . cc . purdue . edu – . purdue . edu – null d User enters abbreviation xinu d Client tries the following in order – – – – xinu. cs . purdue . edu xinu. cc . purdue . edu xinu. purdue . edu xinu Internetworking With TCP/IP vol 1 -- Part 23 23 2005 The Point About Abbreviation The Domain Name System only maps full domain names into addresses; abbreviations are not part of the Domain Name System itself, but are introduced by client software to make local names convenient for users. Internetworking With TCP/IP vol 1 -- Part 23 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 24 2005 NOTES Inverse Query d Map in reverse direction d Excessive overhead d May not have unique answer d Not used in practice Internetworking With TCP/IP vol 1 -- Part 23 25 2005 Pointer Query d Special case of inverse mapping d Convert IP address to domain name d Trick: write IP address as a string and look up as a name Internetworking With TCP/IP vol 1 -- Part 23 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 26 2005 NOTES Example Of Pointer Query d Start with dotted decimal address such as aaa . bbb . ccc . ddd d Rearrange dotted decimal representation as a string: ddd . ccc . bbb . aaa . in-addr . arpa d Look up using a pointer query type Internetworking With TCP/IP vol 1 -- Part 23 27 2005 Object Types That DNS Supports Type Meaning Contents A CNAME HINFO MINFO MX Host Address Canonical Name CPU & OS Mailbox info Mail Exchanger NS PTR SOA Name Server Pointer Start of Authority TXT AAAA Arbitrary text Host Address 32-bit IP address Canonical domain name for an alias Name of CPU and operating system Information about a mailbox or mail list 16-bit preference and name of host that acts as mail exchanger for the domain Name of authoritative server for domain Domain name (like a symbolic link) Multiple fields that specify which parts of the naming hierarchy a server implements Uninterpreted string of ASCII text 128-bit IPv6 address Internetworking With TCP/IP vol 1 -- Part 23 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 28 2005 NOTES Summary d Domain Name System provides mapping from pronounceable names to IP addresses d Domain names are hierarchical; top-level domains are dictated by a central authority d Organizations can choose how to structure their domain names d DNS uses on-line servers to answer queries d Lookup begins with local server, which caches entries Internetworking With TCP/IP vol 1 -- Part 23 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 29 2005 NOTES PART XXIV APPLICATIONS: REMOTE LOGIN (TELNET AND RLOGIN) Internetworking With TCP/IP vol 1 -- Part 24 1 2005 Remote Interaction d Devised when computers used (ASCII) terminals d Terminal abstraction extended to remote access over a network Internetworking With TCP/IP vol 1 -- Part 24 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES Client-Server Interaction d Client – Invoked by user – Forms connection to remote server – Passes keystrokes from user’s keyboard to server and displays output from server on user’s screen d Server – Accepts connection over the network – Passes incoming characters to OS as if they were typed on a local keyboard – Sends output over connection to client Internetworking With TCP/IP vol 1 -- Part 24 3 2005 TELNET d Standard protocol for remote terminal access d Three basic services – Defines network virtual terminal that provides standard interface – Mechanism that allows client and server to negotiate options (e.g., character set) – Symmetric treatment that allows either end of the connection to be a program instead of a physical keyboard and display Internetworking With TCP/IP vol 1 -- Part 24 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES Illustration Of TELNET server sends to pseudo terminal client reads from keyboard user’s screen & keyboard telnet client operating system client sends to server server receives from client Internet Internetworking With TCP/IP vol 1 -- Part 24 telnet server appl. operating system the input reaches an application through the pseudo terminal 5 2005 Accommodating Heterogeneity d Network Virtual Terminal (NVT) describes systemindependent encoding d TELNET client and server map NVT into local computer’s representation Internetworking With TCP/IP vol 1 -- Part 24 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES Illustration Of How NVT Accommodates Heterogeneity user’s keyboard & display Client TCP connection across internet Client System format used Internetworking With TCP/IP vol 1 -- Part 24 NVT format used Server Server’s System Server System format used 7 2005 Definition Of TELNET NVT ASCII Control Code NUL BEL BS HT LF VT FF CR other control Decimal Value 0 7 8 9 10 11 12 13 – Internetworking With TCP/IP vol 1 -- Part 24 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. Assigned Meaning No operation (has no effect on output) Sound audible/visible signal (no motion) Move left one character position Move right to the next horizontal tab stop Move down (vertically) to the next line Move down to the next vertical tab stop Move to the top of the next page Move to the left margin on the current line No operation (has no effect on output) 8 2005 NOTES TELNET NVT Control Functions Signal IP AO AYT EC EL SYNCH BRK Meaning Interrupt Process (terminate running program) Abort Output (discard any buffered output) Are You There (test if server is responding) Erase Character (delete the previous character) Erase Line (delete the entire current line) Synchronize (clear data path until TCP urgent data point, but do interpret commands) Break (break key or attention signal) Internetworking With TCP/IP vol 1 -- Part 24 9 2005 TELNET Commands Command Decimal Encoding IAC 255 DON’T DO WON’T WILL SB GA EL EC AYT AO IP BRK DMARK 254 253 252 251 250 249 248 247 246 245 244 243 242 NOP SE EOR 241 240 239 Internetworking With TCP/IP vol 1 -- Part 24 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. Meaning Interpret next octet as command (when the IAC octet appears as data, the sender doubles it and sends the 2-octet sequence IAC-IAC) Denial of request to perform specified option Approval to allow specified option Refusal to perform specified option Agreement to perform specified option Start of option subnegotiation The ‘‘go ahead’’ signal The ‘‘erase line’’ signal The ‘‘erase character’’ signal The ‘‘are you there’’ signal The ‘‘abort output’’ signal The ‘‘interrupt process’’ signal The ‘‘break’’ signal The data stream portion of a SYNCH (always accompanied by TCP Urgent notification) No operation End of option subnegotiation End of record 10 2005 NOTES TELNET Control Sequences And TCP TELNET cannot rely on the conventional data stream alone to carry control sequences between client and server because a misbehaving application that needs to be controlled might inadvertently block the data stream. d Solution: use TCP’s urgent data to send control sequences Internetworking With TCP/IP vol 1 -- Part 24 11 2005 TELNET Option Negotiation TELNET uses a symmetric option negotiation mechanism to allow clients and servers to reconfigure the parameters controlling their interaction. Because all TELNET software understands a basic NVT protocol, clients and servers can interoperate even if one understands options another does not. Internetworking With TCP/IP vol 1 -- Part 24 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES Remote Login (rlogin) d Invented for BSD Unix d Includes facilities specifically for Unix d Allows manager to configure a set of computers so that if two or more computers have same login id, X, the logins are owned by the same individual d Permits other forms of authentication Internetworking With TCP/IP vol 1 -- Part 24 13 2005 Remote Shell (rsh) d Similar to rlogin d Also part of BSD Unix d Allows remote execution of a single command Internetworking With TCP/IP vol 1 -- Part 24 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES Secure Remote Login (ssh) d Alternative to TELNET/rlogin d Transport layer protocol with service authentication d User authentication protocol d Connection protocol – Multiplexes multiple transfers – Uses encryption for privacy Internetworking With TCP/IP vol 1 -- Part 24 15 2005 Port Forwarding d Novel aspect of ssh d Similar to NAT d Permits incoming TCP connection to be forwarded across secure tunnel Internetworking With TCP/IP vol 1 -- Part 24 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES Remote Desktop d Intended for systems that have a GUI interface d Allows a remote user to see screen of remote system and use mouse as well as keyboard d Examples include – Virtual Network Computing (VNC) – Remote Desktop Protocol (RDP) Internetworking With TCP/IP vol 1 -- Part 24 17 2005 Summary d Remote interaction allows client software to connect local keyboard and screen to remote system d Standard protocol is TELNET d Alternatives include rlogin, rsh, and ssh d Remote desktop extends remote access to handle GUI inteface Internetworking With TCP/IP vol 1 -- Part 24 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES PART XXV APPLICATIONS: FILE TRANSFER AND ACCESS (FTP, TFTP, NFS) Internetworking With TCP/IP vol 1 -- Part 25 1 2005 On-Line File Sharing d Always a popular application d Two basic paradigms – Whole-file copying – Piecewise file access d Piecewise access mechanism – Opaque: application uses special facilities to access remote file – Transparent: application uses same facilities to access local and remote files Internetworking With TCP/IP vol 1 -- Part 25 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES File Transfer d Whole file copying d Client – – Specifies file – – Contacts server Specifies transfer direction Server – Maintains set of files on local disk – Waits for contact – Honors request from client Internetworking With TCP/IP vol 1 -- Part 25 3 2005 File Transfer Protocol (FTP) d Major TCP/IP protocol for whole-file copying d Uses TCP for transport d Features – Interactive access – Format specification (ASCII or EBCDIC) – Authentication control (login and password) Internetworking With TCP/IP vol 1 -- Part 25 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES FTP Process Model client system data transfer control process client data connection server system client control connection operating system server control connection control process data transfer server data connection operating system TCP/IP internet d Separate processes handle – Interaction with user – Individual transfer requests Internetworking With TCP/IP vol 1 -- Part 25 5 2005 FTP’s Use of TCP Connections Data transfer connections and the data transfer processes that use them can be created dynamically when needed, but the control connection persists throughout a session. Once the control connection disappears, the session is terminated and the software at both ends terminates all data transfer processes. Internetworking With TCP/IP vol 1 -- Part 25 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES Control Connection Vs. Data Connection d For data transfer, client side becomes server and server side becomes client d Client – Creates process to handle data transfer – Allocates port and sends number to server over control connection – Process waits for contact d Server – Receives request – Creates process to handle data transfer – Process contacts client-side Internetworking With TCP/IP vol 1 -- Part 25 7 2005 Question For Discussion d What special relationship is required between FTP and NAT? Internetworking With TCP/IP vol 1 -- Part 25 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES Interactive Use Of FTP d Initially a command-line interface – User invokes client and specifies remote server – User logs in and enters password – User issues series of requests – User closes connection d Currently – – – – Most FTP initiated through browser User enters URL or clicks on link Browser uses FTP to contact remote server and obtain list of files User selects file for download Internetworking With TCP/IP vol 1 -- Part 25 9 2005 Anonymous FTP d Login anonymous d Password guest d Used for ‘‘open’’ FTP site (where all files are publicly available d Typically used by browsers Internetworking With TCP/IP vol 1 -- Part 25 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES Secure File Transfer Protocols d Secure Sockets Layer FTP (SSL-FTP) – Uses secure sockets layer technology – All transfers are confidential d Secure File Transfer Program (sftp) – Almost nothing in common with FTP – Uses ssh tunnel d Secure Copy (scp) – Derivative of Unix remote copy (rcp) – Uses ssh tunnel Internetworking With TCP/IP vol 1 -- Part 25 11 2005 Trivial File Transfer Protocol (TFTP) d Alternative to FTP d Whole-file copying d Not as much functionality as FTP d Code is much smaller d Intended for use on Local Area Network d Runs over UDP d Diskless machine can use to obtain image at bootstrap Internetworking With TCP/IP vol 1 -- Part 25 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES TFTP Packet Types 2-octet opcode n octets 1 octet n octets 1 octet READ REQ. (1) FILENAME 0 MODE 0 2-octet opcode n octets 1 octet n octets 1 octet WRITE REQ. (2) FILENAME 0 MODE 0 2-octet opcode 2 octets up to 512 octets DATA (3) BLOCK # DATA OCTETS... 2-octet opcode 2 octets ACK (4) BLOCK # 2-octet opcode 2 octets n octets 1 octet ERROR (5) ERROR CODE ERROR MESSAGE 0 Internetworking With TCP/IP vol 1 -- Part 25 13 2005 TFTP Retransmission d Symmetric (both sides implement timeout and retransmission) d Data block is request for ACK d ACK is request for next data block Internetworking With TCP/IP vol 1 -- Part 25 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES Sorcerer’s Apprentice Bug d Consequence of symmetric retransmission d Duplicate packet is perceived as second request, which generates another transmission d Duplicate response triggers duplicate packets from the other end d Cycle continues Internetworking With TCP/IP vol 1 -- Part 25 15 2005 Network File System (NFS) d Protocol for file access, not copying d Developed by Sun Microsystems, now part of TCP/IP standards d Transparent (application cannot tell that file is remote) Internetworking With TCP/IP vol 1 -- Part 25 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES NFS Implementation application local / remote decision local file system NFS client network connection to NFS server local disk Internetworking With TCP/IP vol 1 -- Part 25 17 2005 Remote Procedure Call (RPC) d Also developed by Sun Microsystems, now part of TCP/IP standards d Used in implementation of NFS d Relies on eXternal Data Representation (XDR) standard for conversion of data items between heterogeneous computers Internetworking With TCP/IP vol 1 -- Part 25 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES Summary d Two paradigms for remote file sharing – Whole file copying – Piecewise file access d File Transfer Protocol (FTP) – Standard protocol for file copying – Separate TCP connection for each data transfer – Client and server roles reversed for data connection d Examples of secure alternatives to FTP – SSL-FTP, sftp, and scp 19 Internetworking With TCP/IP vol 1 -- Part 25 2005 Summary (continued) d Trivial File Transfer Protocol (TFTP) – Alternative to FTP that uses UDP – Symmetric retransmission scheme – Packet duplication can result in Sorcerer’s Apprentice problem d Network File System (NFS) – Standard protocol for piecewise file access – Uses RPC and XDR Internetworking With TCP/IP vol 1 -- Part 25 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 20 2005 NOTES PART XXVI APPLICATIONS: ELECTRONIC MAIL (SMTP, POP, IMAP, MIME) Internetworking With TCP/IP vol 1 -- Part 26 1 2005 Electronic Mail d Among most widely used Internet services d Two major components – User interface – Mail transfer software d Paradigm: transfer is separate background activity Internetworking With TCP/IP vol 1 -- Part 26 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES Illustration Of Email System Components user sends mail outgoing mail spool area client (background transfer) TCP connection for outgoing mail mailboxes for incoming mail ............ server (to accept mail) TCP connection for incoming mail user interface user reads mail ............ Internetworking With TCP/IP vol 1 -- Part 26 3 2005 Mailbox Names And Aliases d Email destination identified by pair ( mailbox, computer ) d Aliases permitted (user enters alias that is expanded) Internetworking With TCP/IP vol 1 -- Part 26 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES Forwarding d Powerful idea d Email arriving on a computer can be forwarded to an ultimate destination Internetworking With TCP/IP vol 1 -- Part 26 5 2005 Illustration Of Aliases And Forwarding alias database user sends mail ... ......... alias expansion and forwarding outgoing mail spool area mailboxes for incoming mail server (to accept mail) client (background transfer) user interface user reads mail ... ......... Internetworking With TCP/IP vol 1 -- Part 26 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES TCP/IP Standards For Email d Syntax for email addresses d Format of email message d Protocols for email transfer and mailbox access Internetworking With TCP/IP vol 1 -- Part 26 7 2005 Email Address Syntax d Mailbox identified by string mailbox@computer d String computer is domain name of computer on which a mailbox resides d String mailbox is unique mailbox name on the destination computer Internetworking With TCP/IP vol 1 -- Part 26 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES Format Of Email Message d Message consists of – Header – Blank line – Body of message d Headers have form keyword : information d Standard given in RFC 2822 Internetworking With TCP/IP vol 1 -- Part 26 9 2005 Protocol For Email Transfer d Specifies interaction between transfer components – Transfer client – Transfer server d Standard protocol is Simple Mail Transfer Protocol (SMTP) Internetworking With TCP/IP vol 1 -- Part 26 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES SMTP d Application-level protocol d Uses TCP d Commands and responses encoded in ASCII Internetworking With TCP/IP vol 1 -- Part 26 11 2005 Example Of SMTP S: 220 Beta.GOV Simple Mail Transfer Service Ready C: HELO Alpha.EDU S: 250 Beta.GOV C: MAIL FROM:<Smith@Alpha.EDU> S: 250 OK C: RCPT TO:<Jones@Beta.GOV> S: 250 OK C: RCPT TO:<Green@Beta.GOV> S: 550 No such user here C: RCPT TO:<Brown@Beta.GOV> S: 250 OK C: S: C: C: C: S: DATA 354 Start mail input; end with <CR><LF>.<CR><LF> ...sends body of mail message... ...continues for as many lines as message contains <CR><LF>.<CR><LF> 250 OK C: QUIT S: 221 Beta.GOV Service closing transmission channel Internetworking With TCP/IP vol 1 -- Part 26 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES Protocol For Mailbox Access d Used when user’s mailbox resides on remote computer d Especially helpful when user’s local computer is not always on-line d Two protocols exist – Post Office Protocol version 3 (POP3) – Internet Message Access Protocol (IMAP) d Each provides same basic functionality – User authentication – Mailbox access commands Internetworking With TCP/IP vol 1 -- Part 26 13 2005 Multipurpose Internet Mail Extensions (MIME) d Permits nontextual data to be sent in email – Graphics image – Voice or video clip d Sender – Encodes binary item into printable characters – Places in email message for transfer d Receiver – Receives email message containing encoded item – Decodes message to extract original binary value Internetworking With TCP/IP vol 1 -- Part 26 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES MIME Header d Header in email message describes encoding used d Example From: bill@acollege.edu To: john@example.com MIME-Version: 1.0 Content-Type: image/jpeg Content-Transfer-Encoding: base64 ...data for the image... Internetworking With TCP/IP vol 1 -- Part 26 15 2005 Seven Basic MIME Types Content Type Used When Data In the Message Is text image audio video application multipart Textual (e.g. a document). A still photograph or computer-generated image A sound recording A video recording that includes motion Raw data for a program Multiple messages that each have a separate content type and encoding An entire e-mail message (e.g., a memo that has been forwarded) or an external reference to a message (e.g., an FTP server and file name) message Internetworking With TCP/IP vol 1 -- Part 26 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES Example Of Mixed / Multipart Message From: bill@acollege.edu To: john@example.com MIME-Version: 1.0 Content-Type: Multipart/Mixed; Boundary=StartOfNextPart --StartOfNextPart Content-Type: text/plain Content-Transfer-Encoding: 7bit John, Here is the photo of our research lab I promised to send you. You can see the equipment you donated. Thanks again, Bill --StartOfNextPart Content-Type: image/jpeg Content-Transfer-Encoding: base64 ...data for the image... Internetworking With TCP/IP vol 1 -- Part 26 17 2005 Summary d Email operates at application layer d Conceptual separation between – User interface – Mail transfer components d Simple Mail Transfer Protocol (SMTP) – Standard for transfer – Uses ASCII encoding d Post Office Protocol (POP) And Internet Mail Access Protocol (IMAP) allow access of remote mailbox. d Multipurpose Internet Mail Extensions (MIME) permits transfer of nontextual information (e.g., images) Internetworking With TCP/IP vol 1 -- Part 26 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES PART XXVII APPLICATIONS: WORLD WIDE WEB (HTTP) Internetworking With TCP/IP vol 1 -- Part 27 1 2005 World Wide Web d Distributed hypermedia paradigm d Major service on the Internet d Use surpassed file transfer in 1995 Internetworking With TCP/IP vol 1 -- Part 27 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES Web Page Identifier d Known as Uniform Resource Locator (URL) d Encodes – Access protocol to use – Domain name of server – Protocol port number (optional) – Path through server’s file system (optional) – Parameters (optional) – Query (optional) d Format http: // hostname [: port] / path [; parameters] [? query] Internetworking With TCP/IP vol 1 -- Part 27 3 2005 Web Standards d Separate standards for – Representation – Transfer Internetworking With TCP/IP vol 1 -- Part 27 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES Representation d HyperText Markup Language (HTML) d Document contains text plus embedded links d HTML gives guidelines for display, not details d Consequence: two browsers may choose to display same document differently Internetworking With TCP/IP vol 1 -- Part 27 5 2005 Transfer d Used between browser and web server d Protocol is HyperText Transfer Protocol (HTTP) d Runs over TCP Internetworking With TCP/IP vol 1 -- Part 27 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES HTTP Characteristics d Application level d Request / response paradigm d Stateless d Permits bi-directional transfer d Offers capability negotiation d Support for caching d Support for intermediaries Internetworking With TCP/IP vol 1 -- Part 27 7 2005 HTTP Operation d Browser sends requests to which server replies d Typical request: GET used to fetch document d Example GET http://www.cs.purdue.edu/people/comer/ HTTP/1.1 d Relative URL also permitted GET /people/comer/ HTTP/1.1 Internetworking With TCP/IP vol 1 -- Part 27 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES Error Messages d HTTP includes set of error responses d Server can format error as HTML message for user or use internal form and allow browser to format message Internetworking With TCP/IP vol 1 -- Part 27 9 2005 Persistent Connections d HTTP version 1.0 uses one TCP connection per transfer – Browser forms TCP connection to server – Browser sends GET request – Server returns header describing item – Server returns item – Server closes connection d HTTP version 1.1 permits connection to persist across multiple requests Internetworking With TCP/IP vol 1 -- Part 27 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES HTTP Headers HTTP uses MIME-like headers to carry meta information. Both browsers and servers send headers that allow them to negotiate agreement on the document representation and encoding to be used. Internetworking With TCP/IP vol 1 -- Part 27 11 2005 Handing Persistence To allow a TCP connection to persist through multiple requests and responses, HTTP sends a length before each response. If it does not know the length, a server informs the client, sends the response, and then closes the connection. Internetworking With TCP/IP vol 1 -- Part 27 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES Headers And Length Encoding d HTTP headers use same syntax as email headers – Lines of text followed by blank line – Lines of text have form keyword:information d For persistent connection header specifies length (in octets) of data item that follows Internetworking With TCP/IP vol 1 -- Part 27 13 2005 Items That Can Appear In An HTTP Header Header Meaning Content-Length Content-Type Content-Encoding Content-Language Size of item in octets Type of item Encoding used for item Language(s) used in item Internetworking With TCP/IP vol 1 -- Part 27 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES Example Of Header Content-Length: 34 Content-Language: english Content-Encoding: ascii <HTML> A trivial example. </HTML> d Note: if length is not known in advance, server can inform browser that connection will close following transfer Connection: close 15 Internetworking With TCP/IP vol 1 -- Part 27 2005 Negotiation d Either server or browser can initiate d Items sent in headers d Can specify representations that are acceptable with preference value assigned to each d Example Accept: text/html, text/plain; q=0.5, text/x-dvi; q=0.8 Internetworking With TCP/IP vol 1 -- Part 27 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES Items For Negotiation Accept-Encoding: Accept-Charset: Accept-Language: Internetworking With TCP/IP vol 1 -- Part 27 17 2005 Conditional Request d Allows browser to check cached copy for freshness d Eliminates useless latency d Sends If-Modified-Since in header of GET request d Example If-Modified-Since: Wed, 31 Dec 2003 05:00:01 GMT Internetworking With TCP/IP vol 1 -- Part 27 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES Proxy Servers d Browser can be configured to contact proxy d Permits caching for entire organization d Server can specify maximum number of proxies along path (including none) Internetworking With TCP/IP vol 1 -- Part 27 19 2005 Caching Of Web Pages d Caching essential to efficiency d Server specifies – Whether page can be cached – Maximum time page can be kept d Intermediate caches and browser cache web pages d Browser can specify maximum age of page (forces intermediate caches to revalidate) Internetworking With TCP/IP vol 1 -- Part 27 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 20 2005 NOTES Summary d Web is major application in the Internet d Standard for representation is HTML d Standard for transfer is HTTP – Request-response protocol – Header precedes item – Version 1.1 permits persistent connections – Server specifies length of time item can be cached – Browser can issue conditional request to validate cached item Internetworking With TCP/IP vol 1 -- Part 27 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 21 2005 NOTES PART XXVIII APPLICATIONS: VOICE AND VIDEO OVER IP (VOIP, RTP, RSVP) Internetworking With TCP/IP vol 1 -- Part 28 1 2005 TCP/IP Protocols d Designed for data d Can also handle voice and video d Industry excited about Voice Over IP (VOIP) Internetworking With TCP/IP vol 1 -- Part 28 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES Representation d Voice and video must be converted between analog and digital forms d Typical device is codec (coder / decoder) d Example encoding used by phone system is Pulse Code Modulation (PCM) – Note: 128 second audio clip encoded in PCM requires one megabyte of memory d Codec for voice, known as vocodec, attempts to recognize speech rather than just waveforms 3 Internetworking With TCP/IP vol 1 -- Part 28 2005 Playback d Internet introduces burstiness d Jitter buffer used to smooth bursts d Protocol support needed Internetworking With TCP/IP vol 1 -- Part 28 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES Requirements For Real-Time Because an IP Internet is not isochronous, additional protocol support is required when sending digitized real-time data. In addition to basic sequence information that allows detection of duplicate or reordered packets, each packet must carry a separate timestamp that tells the receiver the exact time at which the data in the packet should be played. Internetworking With TCP/IP vol 1 -- Part 28 5 2005 Illustration Of Jitter Buffer items inserted at a variable rate items extracted at a fixed rate K d Data arrives in bursts d Data leaves at steady rate Internetworking With TCP/IP vol 1 -- Part 28 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES Real-Time Transport Protocol (RTP) d Internet standard d Provides playback timestamp along with data d Allows receiver to playback items in sequence 7 Internetworking With TCP/IP vol 1 -- Part 28 2005 RTP Message Format d Each message begins with same header 0 1 VER 3 P X 8 CC 16 M PTYPE 31 SEQUENCE NUM TIMESTAMP SYNCHRONIZATION SOURCE IDENTIFIER CONTRIBUTING SOURCE ID ... Internetworking With TCP/IP vol 1 -- Part 28 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES Terminology And Layering d Name implies that RTP is a transport-layer protocol d In fact – RTP is an application protocol – RTP runs over UDP 9 Internetworking With TCP/IP vol 1 -- Part 28 2005 Mixing d RTP can coordinate multiple data streams d Intended for combined audio and video d Up to 15 sources d Header specifies mixing Internetworking With TCP/IP vol 1 -- Part 28 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES RTP Control Protocol (RTCP) d Required part of RTP d Allows sender and receiver to exchange information about sessions that are in progress d Separate data stream d Uses protocol port number one greater than port number of data stream 11 Internetworking With TCP/IP vol 1 -- Part 28 2005 RTCP Message Types Type Meaning 200 201 202 203 204 Sender report Receiver report Source description message Bye message Application specific message Internetworking With TCP/IP vol 1 -- Part 28 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES RTCP Interaction d Receivers generate receiver report messages d Inform sender about reception and loss d Senders generate sender report d Provide absolute timestamp and relate real time to relative playback timestamp Internetworking With TCP/IP vol 1 -- Part 28 13 2005 VOIP d RTP used for encoding and transfer d Also need signaling protocol for – Dialing – Answering a call – Call forwarding d Gateway used to connect IP telephone network to Public Switched Telephone Network (PSTN) d PSTN uses SS7 for signaling Internetworking With TCP/IP vol 1 -- Part 28 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES Standards For IP Telephony d H.323 d SIP Internetworking With TCP/IP vol 1 -- Part 28 15 2005 H.323 d ITU standard d Set of many protocols d Major protocols specified by H.323 include Protocol Purpose H.225.0 H.245 RTP T.120 Signaling used to establish a call Control and feedback during the call Real-time data transfer (sequence and timing) Exchange of data associated with a call Internetworking With TCP/IP vol 1 -- Part 28 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES How H.323 Protocols Fit Together audio / video applications video codec audio codec data applications signaling and control RTCP H.225 Registr. H.225 Signaling H.245 Control T.120 Data RTP UDP TCP IP Internetworking With TCP/IP vol 1 -- Part 28 17 2005 Session Initiation Protocol (SIP) d IETF standard d Alternative to H.323 – Less functionality – Much smaller d Permits SIP telephone to make call d Does not require RTP for encoding Internetworking With TCP/IP vol 1 -- Part 28 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES Session Description Protocol (SDP) d Companion to SIP d Specifies details such as – Media encoding – Protocol port numbers – Multicast addresses Internetworking With TCP/IP vol 1 -- Part 28 19 2005 Quality Of Service (QoS) d Statistical guarantee of performance d Requires changes to underlying Internet infrastructure d Proponents claim it is needed for telephony d Others claim only larger bandwidth will solve the problem Internetworking With TCP/IP vol 1 -- Part 28 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 20 2005 NOTES Resource ReSerVation Protocol (RSVP) d IETF response to ATM d End-to-end QoS guarantees d Abstraction is unidirectional flow d Initiated by endpoint Internetworking With TCP/IP vol 1 -- Part 28 21 2005 RSVP Requests An endpoint uses RSVP to request a simplex flow through an IP internet with specified QoS bounds. If routers along the path agree to honor the request, they approve it; otherwise, they deny it. If an application needs QoS in two directions, each endpoint must use RSVP to request a separate flow. Internetworking With TCP/IP vol 1 -- Part 28 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 22 2005 NOTES Note About RSVP d RSVP defines – Messages endpoint sends to router to request QoS – Messages routers send to other routers – Replies d RSVP does not specify how enforcement done d Separate protocol needed Internetworking With TCP/IP vol 1 -- Part 28 23 2005 Common Open Policy Services (COPS) d Proposed enforcement protocol for RSVP d Known as traffic policing d Uses policy server d Checks data sent on flow to ensure the flow does not exceed preestablished bounds Internetworking With TCP/IP vol 1 -- Part 28 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 24 2005 NOTES Summary d Codec translates between analog and digital forms d RTP used to transfer real-time data d RTP adds timestamp that sender uses to determine playback time d RTCP is companion protocol for RTP that senders and receivers use to control and coordinate data transfer d Voice Over IP uses – RTP for digitized voice transfer – SIP or H.323 for signaling d RSVP and COPS provide quality of service guarantees Internetworking With TCP/IP vol 1 -- Part 28 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 25 2005 NOTES PART XXIX APPLICATIONS: INTERNET MANAGEMENT (SNMP) Internetworking With TCP/IP vol 1 -- Part 29 1 2005 Management Protocols d Early network systems used two approaches – Separate, parallel management network – Link-level management commands d TCP/IP pioneered running management protocols at the application layer – Motivation: provide internet-wide capability instead of single network capability Internetworking With TCP/IP vol 1 -- Part 29 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES The Point About Internet Management In a TCP/IP internet, a manager needs to examine and control routers and other network devices. Because such devices attach to arbitrary networks, protocols for internet management operate at the application level and communicate using TCP/IP transport-level protocols. 3 Internetworking With TCP/IP vol 1 -- Part 29 2005 Architectural Model Devices being managed MA MA MA MA MA MC MA MA Manager’s Host Router being managed Other devices Internetworking With TCP/IP vol 1 -- Part 29 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES Terminology d Agent – Runs on arbitrary system (e.g., a router) – Responds to manager’s requests d Management software – Runs on manager’s workstation – Sends requests to agents as directed by the manager Internetworking With TCP/IP vol 1 -- Part 29 5 2005 TCP/IP Network Management Protocols d Management Information Base (MIB) d Structure Of Management Information (SMI) d Simple Network Management Protocol (SNMP) Internetworking With TCP/IP vol 1 -- Part 29 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES Management Information Base (MIB) d All management commands are encoded as fetch or store operations on ‘‘variables’’ d Example: to reboot, store a zero in a variable that corresponds to the time until reboot. d A MIB is a set of variables and the semantics of fetch and store on each Internetworking With TCP/IP vol 1 -- Part 29 7 2005 MIB Categories MIB category Includes Information About system interfaces at ip icmp tcp udp ospf bgp rmon rip-2 dns The host or router operating system Individual network interfaces Address translation (e.g., ARP mappings) Internet Protocol software Internet Control Message Protocol software Transmission Control Protocol software User Datagram Protocol software Open Shortest Path First software Border Gateway Protocol software Remote network monitoring Routing Information Protocol software Domain Name System software Internetworking With TCP/IP vol 1 -- Part 29 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES Examples of MIB Variables MIB Variable Category sysUpTime ifNumber ifMtu ipDefaultTTL ipInReceives ipForwDatagrams ipOutNoRoutes ipReasmOKs ipFragOKs ipRoutingTable icmpInEchos tcpRtoMin tcpMaxConn tcpInSegs udpInDatagrams system interfaces interfaces ip ip ip ip ip ip ip icmp tcp tcp tcp udp Meaning Time since last reboot Number of network interfaces MTU for a particular interface Value IP uses in time-to-live field Number of datagrams received Number of datagrams forwarded Number of routing failures Number of datagrams reassembled Number of datagrams fragmented IP Routing table Number of ICMP Echo Requests received Minimum retransmission time TCP allows Maximum TCP connections allowed Number of segments TCP has received Number of UDP datagrams received Internetworking With TCP/IP vol 1 -- Part 29 9 2005 Structure of Management Information (SMI) d Set of rules for defining MIB variable names d Includes basic definitions such as – Address (4-octet value) – Counter (integer from 0 to 232 - 1) d Specifies using Abstract Syntax Notation 1 (ASN.1) Internetworking With TCP/IP vol 1 -- Part 29 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES ASN.1 d ISO standard d Specifies – Syntax for names (user-readable format) – Binary encoding (format used in a message) d Absolute, global, hierarchical namespace 11 Internetworking With TCP/IP vol 1 -- Part 29 2005 Position of MIB In The ASN.1 Hierarchy unnamed iso 1 itu 2 jointiso-itu 3 org 3 dod 6 internet 1 directory 1 mgmt 2 experimental 3 private 4 mib 1 Internetworking With TCP/IP vol 1 -- Part 29 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES Syntactic Form d Variable name written as sequence of labels with dot (period as delimiter) d Numeric encoding used in messages d Example: prefix for mgmt node is 1.3.6.1.2.1 13 Internetworking With TCP/IP vol 1 -- Part 29 2005 ASN.1 Hierarchy For TCP/IP . . . label from the root to this point is 1 . 3 . 6 internet 1 directory 1 mgmt 2 experimental 3 private 4 mib 1 system 1 interfaces 2 addr. trans. 3 Internetworking With TCP/IP vol 1 -- Part 29 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. ip 4 14 icmp 5 tcp 6 udp 7 2005 NOTES Example MIB Variables d Prefix for variable ipInReceives is iso . org . dod . internet . mgmt . mib . ip . ipInReceives d Numeric value is 1.3.6.1.2.1.4.3 15 Internetworking With TCP/IP vol 1 -- Part 29 2005 MIB Tables d Correspond to data structures programmers think of as arrays or structs d ASN.1 definition uses keyword SEQUENCE d Array index is appended to MIB variable name Internetworking With TCP/IP vol 1 -- Part 29 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES Example Of SEQUENCE Definition IpAddrEntry ::= SEQUENCE { ipAdEntAddr IpAddress, ipAdEntIfIndex INTEGER, ipAdEntNetMask IpAddress, ipAdEntBcastAddr IpAddress, ipAdEntReasmMaxSize INTEGER (0..65535) } Internetworking With TCP/IP vol 1 -- Part 29 17 2005 Simple Network Management Protocol (SNMP) d Specifies communication between manager’s workstation and managed entity d Uses fetch-store paradigm Internetworking With TCP/IP vol 1 -- Part 29 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES Operations That SNMP Supports Command get-request get-next-request get-bulk-request response set-request inform-request snmpv2-trap report Meaning Fetch a value from a specific variable Fetch a value without knowing its exact name Fetch a large volume of data (e.g., a table) A response to any of the above requests Store a value in a specific variable Reference to third-part data (e.g., for a proxy) Reply triggered by an event Undefined at present Internetworking With TCP/IP vol 1 -- Part 29 19 2005 SNMP Message Format d Defined using ASN.1 notation d Similar to BNF grammar Internetworking With TCP/IP vol 1 -- Part 29 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 20 2005 NOTES Example ASN.1 Definition SNMPv3Message ::= SEQUENCE { msgVersion INTEGER (0..2147483647), -- note: version number 3 is used for SNMPv3 msgGlobalData HeaderData, msgSecurityParameters OCTET STRING, msgData ScopedPduData } Internetworking With TCP/IP vol 1 -- Part 29 21 2005 Definition Of HeaderData Area In SNMP Message HeaderData ::= SEQUENCE { msgID INTEGER (0..2147483647), -- used to match responses with requests msgMaxSize INTEGER (484..2147483647), -- maximum size reply the sender can accept msgFlags OCTET STRING (SIZE(1)), -- Individual flag bits specify message characteristics -- bit 7 authorization used -- bit 6 privacy used -- bit 5 reportability (i.e., a response needed) msgSecurityModel INTEGER (1..2147483647) -- determines exact format of security parameters that follow } Internetworking With TCP/IP vol 1 -- Part 29 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 22 2005 NOTES Discriminated Union d ASN.1 uses CHOICE keyword for a discriminated union d Example ScopedPduData ::= CHOICE { plaintext ScopedPDU, encryptedPDU OCTET STRING -- encrypted ScopedPDU value } Internetworking With TCP/IP vol 1 -- Part 29 23 2005 Summary d TCP/IP management protocols reside at application layer d Management Information Base (MIB) specifies set of variables that can be accessed d Structure Of Management Information (SMI) specifies rules for naming MIB variables d Simple Network Management Protocol (SNMP) specifies format of messages that pass between a manager’s workstation and managed entity d Variables named using ASN.1 (absolute, global, hierarchical) d Message format defined with ASN.1 (similar to BNF grammar) Internetworking With TCP/IP vol 1 -- Part 29 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 24 2005 NOTES PART XXX INTERNET SECURITY AND FIREWALL DESIGN (IPsec, SSL) Internetworking With TCP/IP vol 1 -- Part 30 1 2005 Network Security d Refers in broad sense to confidence that information and services available on a network cannot be accessed by unauthorized users d Implies – Safety – Freedom from unauthorized access or use – Freedom from snooping or wiretapping – Freedom from disruption of service – Assurance that outsiders cannot change data d Also called information security Internetworking With TCP/IP vol 1 -- Part 30 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES A Crucial Point Just as no physical property is absolutely secure against crime, no network is completely secure. Internetworking With TCP/IP vol 1 -- Part 30 3 2005 Aspects Of Protection d Data integrity d Data availability d Privacy or confidentiality d Authorization d Authentication d Replay avoidance Internetworking With TCP/IP vol 1 -- Part 30 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES Information Policy d Defines what is allowed d Special note: Humans are usually the most susceptible point in any security scheme. A worker who is malicious, careless, or unaware of an organization’s information policy can compromise the best security. Internetworking With TCP/IP vol 1 -- Part 30 5 2005 Internet Security d Especially difficult d Data travels across many networks owned by many groups from source to destination d Computers in the middle can change data Internetworking With TCP/IP vol 1 -- Part 30 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES A Point About Authentication An authorization scheme that uses a remote machine’s address to authenticate its identity does not suffice in unsecure internet. An imposter who gains control of intermediate router can obtain access by impersonating authorized client. Internetworking With TCP/IP vol 1 -- Part 30 7 IP an an an 2005 Two Basic Techniques For Internet Security d Encryption d Perimeter Security Internetworking With TCP/IP vol 1 -- Part 30 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES IP Security Protocol (IPsec) d Devised by IETF d Actually a set of protocols d Name IPsec applies collectively d Works with IPv4 or IPv6 d Gives framework, but does not specify exactly which encryption or authentication algorithms to use d Choice between authentication and encryption Internetworking With TCP/IP vol 1 -- Part 30 9 2005 IPsec Authentication Header (AH) d Not an IP option d Added after IP header d Follows IPv6 format (more on IPv6 later in the course) Internetworking With TCP/IP vol 1 -- Part 30 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 Illustration of Authentication Header Insertion IPv4 TCP HEADER HEADER TCP DATA (a) IPv4 AUTHENTICATION TCP HEADER HEADER HEADER TCP DATA (b) d (a) shows datagram and (b) shows same datagram after header has been inserted Internetworking With TCP/IP vol 1 -- Part 30 11 2005 Type Information d IPv4 PROTOCOL field is modified so the type is IPsec d Authentication header contains NEXT HEADER field that specifies original type Internetworking With TCP/IP vol 1 -- Part 30 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES NOTES Illustration Of Type Information With Authentication 0 8 NEXT HEADER 16 PAYLOAD LEN 31 RESERVED SECURITY PARAMETERS INDEX SEQUENCE NUMBER AUTHENTICATION DATA (VARIABLE) ... Internetworking With TCP/IP vol 1 -- Part 30 13 2005 Security Association d Not all information related to security can fit in header d Sender and receiver communicate, agree on security parameters, assign small index to each parameter, and then use index values in headers Internetworking With TCP/IP vol 1 -- Part 30 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES IPsec Encapsulating Security Payload (ESP) d Used to encrypt packet contents d More complex than authentication header Internetworking With TCP/IP vol 1 -- Part 30 15 2005 Illustration Of ESP IPv4 TCP HEADER HEADER TCP DATA (a) authenticated encrypted IPv4 ESP TCP HEADER HEADER HEADER TCP DATA ESP ESP TRAILER AUTH (b) Internetworking With TCP/IP vol 1 -- Part 30 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES ESP Header 0 16 31 SECURITY PARAMETERS INDEX SEQUENCE NUMBER d Eight octets d Precedes payload 17 Internetworking With TCP/IP vol 1 -- Part 30 2005 ESP Trailer 0 16 0 - 255 OCTETS OF PADDING 24 PAD LENGTH 31 NEXT HEADER ESP AUTHENTICATION DATA (VARIABLE) ... d Authentication data variable size d Padding optional Internetworking With TCP/IP vol 1 -- Part 30 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES Mutable Header Fields d Some IP header fields change (e.g., TTL) d IPsec designed to ensure end-to-end integrity d One possibility: IPsec tunneling – Place IPsec datagram inside normal datagram – Often used in VPNs 19 Internetworking With TCP/IP vol 1 -- Part 30 2005 Illustration Of IPsec Tunneling OUTER IP AUTHENTICATION HEADER HEADER INNER IP DATAGRAM (INCLUDING IP HEADER) (a) authenticated encrypted OUTER IP ESP HEADER HEADER INNER IP DATAGRAM (INCLUDING IP HEADER) ESP ESP TRAILER AUTH (b) d (a) when used with authentication d (b) when used with encapsulated security payload Internetworking With TCP/IP vol 1 -- Part 30 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 20 2005 NOTES Mandatory Security Algorithms For IPsec Authentication HMAC with MD5 HMAC with SHA-1 RFC 2403 RFC 2404 Encapsulating Security Payload DES in CBC mode HMAC with MD5 HMAC with SHA-1 Null Authentication Null Encryption Internetworking With TCP/IP vol 1 -- Part 30 RFC 2405 RFC 2403 RFC 2404 21 2005 Secure Sockets Layer (SS) d Created by Netscape, Inc. d Widely used d Not formally adopted by IETF d Same API as sockets d Provides authentication and encryption d De facto standard for web browsers Internetworking With TCP/IP vol 1 -- Part 30 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 22 2005 NOTES Transport Layer Security (TLS) d Created by IETF d So closely related to SSL that the same protocol port is used d Most implementations of SSL also support TLS Internetworking With TCP/IP vol 1 -- Part 30 23 2005 Perimeter Security d Form of access control d Mechanism is Internet firewall d Firewall placed at each connection between site and rest of Internet d All firewalls use coordinated policy d Blocks unwanted packets Internetworking With TCP/IP vol 1 -- Part 30 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 24 2005 NOTES Firewall Implementation d Basic technique is packet filter d Typically runs in a router d Manager specifies restrictions on incoming packets d Filter drops packets that are not allowed 25 Internetworking With TCP/IP vol 1 -- Part 30 2005 Illustration Of Packet Filter OUTSIDE R 2 INSIDE 1 ARRIVES ON INTERFACE IP SOURCE IP DEST. PROTOCOL SOURCE PORT DEST. PORT 2 2 1 2 2 2 * * * * * * * * TCP TCP TCP UDP UDP TCP * * * * * * 21 23 25 43 69 79 128.5.0.0 / 16 * * * Internetworking With TCP/IP vol 1 -- Part 30 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 26 2005 NOTES Effective Filtering To be effective, a firewall that uses datagram filtering should restrict access to all IP sources, IP destinations, protocols, and protocol ports except those computers, networks, and services the organization explicitly decides to make available externally. A packet filter that allows a manager to specify which datagrams to admit instead of which datagrams to block can make such restrictions easy to specify. Internetworking With TCP/IP vol 1 -- Part 30 27 2005 Consequences Of A Restrictive Filter If an organization’s firewall restricts incoming datagrams except for ports that correspond to services the organization makes available externally, an arbitrary application inside the organization cannot become a client of a server outside the organization. Internetworking With TCP/IP vol 1 -- Part 30 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 28 2005 NOTES Proxy Access d Allows specific clients to access specific services d Handles problems like virus detection on incoming files d Uses bastion host 29 Internetworking With TCP/IP vol 1 -- Part 30 2005 Illustration Of Proxy Access bastion host GLOBAL INTERNET (OUTSIDE) INTRANET (INSIDE) manually enabled bypass d Two firewall filters restrict – Incoming packets from Internet to proxy – Outgoing packets from site to proxy Internetworking With TCP/IP vol 1 -- Part 30 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 30 2005 NOTES Stateful Firewalls d Allow clients inside an organization to contact servers in the Internet d Firewall – Watches outgoing packets – Records source and destination information – Uses recorded information when admitting packets d Communication still subject to policies Internetworking With TCP/IP vol 1 -- Part 30 31 2005 Managing Firewall State d Connection tracking – Uses FIN to remove state for TCP connection – Does not work well with UDP d Soft state – Timer set when entry created – Idle entry removed after timeout Internetworking With TCP/IP vol 1 -- Part 30 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 32 2005 NOTES Content Protection With Proxies d Firewall only operates at packet level d Mechanism known as application proxy protects against incoming – Viruses – Other illicit content d Proxy can examine entire content (e.g., mail message) Internetworking With TCP/IP vol 1 -- Part 30 33 2005 Summary d Two basic techniques used for Internet security – Encryption – Perimeter security d IETF has defined IPsec as a framework for security d IPsec offers choice of – Authentication header (AH) – Encapsulated Security Payload (ESP) Internetworking With TCP/IP vol 1 -- Part 30 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 34 2005 NOTES Summary (continued) d Firewall is mechanism used for perimeter security d Packet filter specified by manager d Firewall rejects packets except those explicitly allowed d Stateful firewall allows clients in organization to initiate communication d Application proxy can be used to check content Internetworking With TCP/IP vol 1 -- Part 30 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 35 2005 NOTES PART XXXI THE FUTURE OF TCP/IP (IPv6) Internetworking With TCP/IP vol 1 -- Part 31 1 2005 Current Version d TCP/IP has worked well for over 25 years d Design is flexible and powerful d Has adapted to – New computer and communication technologies – New applications – Increases in size and load Internetworking With TCP/IP vol 1 -- Part 31 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 2 2005 NOTES Most Significant Technical Problem d Address space limitation d IPv4 address space may be exhausted by the year 2020 Internetworking With TCP/IP vol 1 -- Part 31 3 2005 History Of The New Version d Developed by IETF d Started in early 1990s d Input from many groups, including: computer manufacturers, hardware and software vendors, users, managers, programmers, telephone companies, and the cable television industry Internetworking With TCP/IP vol 1 -- Part 31 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 4 2005 NOTES History Of The New Version (continued) d Three main proposals d Eventually new version emerged d Assigned version number 6, and known as IPv6 d RFC in 1994 d Defined over 10 years ago! Internetworking With TCP/IP vol 1 -- Part 31 5 2005 Major Changes From IPv4 d Larger addresses d Extended address hierarchy d Variable header format d Facilities for many options d Provision for protocol extension d Support for autoconfiguration and renumbering d Support for resource allocation Internetworking With TCP/IP vol 1 -- Part 31 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 6 2005 NOTES IPv6 Address Size d 128 bits per address d Absurd increase in capacity d IPv6 has 1024 addresses per square meter of the Earth’s surface! 7 Internetworking With TCP/IP vol 1 -- Part 31 2005 General Form Of IPv6 Datagram optional Base Header Extension Header 1 ... Extension Header N DATA . . . d Base header required d Extension headers optional Internetworking With TCP/IP vol 1 -- Part 31 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 8 2005 NOTES IPv6 Base Header Format 0 4 VERS 12 16 24 TRAFFIC CLASS 31 FLOW LABEL PAYLOAD LENGTH NEXT HEADER HOP LIMIT SOURCE ADDRESS DESTINATION ADDRESS d Alignment is on 64-bit multiples d Fragmentation in extension header d Flow label intended for resource reservation Internetworking With TCP/IP vol 1 -- Part 31 9 2005 Size Of Base Header Each IPv6 datagram begins with a 40-octet base header that includes fields for the source and destination addresses, the maximum hop limit, the traffic class, the flow label, and the type of the next header. Thus, an IPv6 datagram must contain at least 40 octets in addition to the data. Internetworking With TCP/IP vol 1 -- Part 31 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 10 2005 NOTES IPv6 Extension Headers d Sender chooses zero or more extension headers d Only those facilities that are needed should be included 11 Internetworking With TCP/IP vol 1 -- Part 31 2005 Parsing An IPv6 Datagram Base Header TCP Segment NEXT=TCP (a) Base Header Route Header NEXT=ROUTE NEXT=TCP TCP Segment (b) Base Header NEXT=ROUTE Route Header NEXT=AUTH Auth Header NEXT=TCP TCP Segment (c) d Each header includes NEXT HEADER field d NEXT HEADER operates like type field Internetworking With TCP/IP vol 1 -- Part 31 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 12 2005 NOTES IPv6 Fragmentation And Reassembly d Like IPv4 – Ultimate destination reassembles d Unlike IPv4 – Routers avoid fragmentation – Original source must fragment Internetworking With TCP/IP vol 1 -- Part 31 13 2005 How Can Original Source Fragment? d Option 1: choose minimum guaranteed MTU of 1280 d Option 2: use path MTU discovery Internetworking With TCP/IP vol 1 -- Part 31 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 14 2005 NOTES Path MTU Discovery d Guessing game d Source sends datagram without fragmenting d If router cannot forward, router sends back ICMP error message d Source tries smaller MTU 15 Internetworking With TCP/IP vol 1 -- Part 31 2005 Fragmentation Details 0 8 NEXT HEADER 16 RESERVED 29 FRAG. OFFSET RS 31 M DATAGRAM IDENTIFICATION d Fragmentation information carried in extension header Internetworking With TCP/IP vol 1 -- Part 31 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 16 2005 NOTES Discussion Questions d Is fragmentation desirable? d What are the consequences of the IPv6 design? Internetworking With TCP/IP vol 1 -- Part 31 17 2005 IPv6 Colon Hexadecimal Notation d Replaces dotted decimal d Example: dotted decimal value 104.230.140.100.255.255.255.255.0.0.17.128.150.10.255.255 d Becomes 68E6:8C64:FFFF:FFFF:0:1180:96A:FFFF Internetworking With TCP/IP vol 1 -- Part 31 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 18 2005 NOTES Zero Compression d Successive zeroes are indicated by a pair of colons d Example FF05:0:0:0:0:0:0:B3 d Becomes FF05::B3 Internetworking With TCP/IP vol 1 -- Part 31 19 2005 IPv6 Destination Addresses d Three types – Unicast (single host receives copy) – Multicast (set of hosts each receive a copy) – Anycast (set of hosts, one of which receives a copy) d Note: no broadcast (but special multicast addresses (e.g., ‘‘all hosts on local wire’’) Internetworking With TCP/IP vol 1 -- Part 31 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 20 2005 NOTES Proposed IPv6 Address Space Binary Prefix Type Of Address Part Of Address Space 0000 0000 0000 0001 Reserved (IPv4 compatibility) Unassigned 1/256 1/256 0000 001 NSAP Addresses 1/128 0000 01 0000 1 0001 Unassigned Unassigned Unassigned 1/64 1/32 1/16 001 010 011 100 101 110 Global Unicast Unassigned Unassigned Unassigned Unassigned Unassigned 1/8 1/8 1/8 1/8 1/8 1/8 1110 1111 1111 1111 1111 0 10 110 1110 0 1111 1110 10 1111 1110 11 1111 1111 Unassigned Unassigned Unassigned Unassigned Unassigned 1/16 1/32 1/64 1/128 1/512 Link-Local Unicast Addresses IANA - Reserved Multicast Addresses 1/1024 1/1024 1/256 Internetworking With TCP/IP vol 1 -- Part 31 21 2005 Backward Compatibility d Subset of IPv6 addresses encode IPv4 addresses d Dotted hex notation can end with 4 octets in dotted decimal 80 zero bits 16 bits 32 bits 0000 . . . . . . . . . . . . . . . . . . 0000 0000 IPv4 Address 0000 . . . . . . . . . . . . . . . . . . 0000 FFFF IPv4 Address Internetworking With TCP/IP vol 1 -- Part 31 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 22 2005 NOTES Summary d IETF has defined next version of IP to be IPv6 d Addresses are 128 bits long d Datagram starts with base header followed by zero or more extension headers d Sender performs fragmentation d Many myths abound about the advantages of IPv6 d No strong technical motivation for change Internetworking With TCP/IP vol 1 -- Part 31 Copyright (c) 2005 by Douglas E. Comer. All rights reserved. 23 2005 ...
View Full Document

Page1 / 419

vol1_printable_notes - Internetworking With TCP/IP Douglas...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online