Filling in the gaps we need to make for IP forwarding work ... · Layering Review • Remember how...
61
CSE 461 University of Washington 1 Topic • Filling in the gaps we need to make for IP forwarding work in pracBce – GeDng IP addresses (DHCP) » – Mapping IP to link addresses (ARP) » What link layer address do I use? What’s my IP?
Transcript of Filling in the gaps we need to make for IP forwarding work ... · Layering Review • Remember how...
CSE461UniversityofWashington 1
Topic• FillinginthegapsweneedtomakeforIPforwardingworkinpracBce– GeDngIPaddresses(DHCP)»– MappingIPtolinkaddresses(ARP)»
WhatlinklayeraddressdoIuse?
What’smyIP?
CSE461UniversityofWashington 2
GeDngIPAddresses• Problem:
– AnodewakesupforthefirstBme…– WhatisitsIPaddress?What’stheIPaddressofitsrouter?Etc.
– AtleastEthernetaddressisonNIC
Hey,whereamI?
CSE461UniversityofWashington 3
GeDngIPAddresses(2)1. ManualconfiguraBon(olddays)
– Can’tbefactoryset,dependsonuse2. AprotocolforautomaBcally
configuringaddresses(DHCP)»– ShiXsburdenfromuserstoITfolk
UseA.B.C.DWhat’smyIP?
CSE461UniversityofWashington 4
DHCP• DHCP(DynamicHostConfiguraBon
Protocol),from1993,widelyused
• ItleasesIPaddresstonodes• Providesotherparameterstoo
– Networkprefix– Addressoflocalrouter– DNSserver,Bmeserver,etc.
CSE461UniversityofWashington 5
DHCPProtocolStack• DHCPisaclient-serverapplicaBon
– UsesUDPports67,68
Ethernet
IP
UDP
DHCP
CSE461UniversityofWashington 6
DHCPAddressing• Bootstrapissue:
– HowdoesnodesendamessagetoDHCPserverbeforeitisconfigured?
• Answer:– Nodesendsbroadcastmessagesthatdeliveredtoallnodesonthenetwork
– Broadcastaddressisall1s– IP(32bit):255.255.255.255– Ethernet(48bit):ff:ff:ff:ff:ff:ff
CSE461UniversityofWashington 7
DHCPMessagesClient Server
Onelink
CSE461UniversityofWashington 8
DHCPMessages(2)Client Server
DISCOVER
REQUEST
OFFER
ACK
Broadcast
CSE461UniversityofWashington 9
DHCPMessages(3)• TorenewanexisBnglease,anabbreviatedsequenceisused:– REQUEST,followedbyACK
• Protocolalsosupportsreplicatedserversforreliability
CSE461UniversityofWashington 10
SendinganIPPacket• Problem:
– AnodeneedsLinklayeraddressestosendaframeoverthelocallink
– HowdoesitgetthedesBnaBonlinkaddressfromadesBnaBonIPaddress?
Uhoh… MyIPis1.2.3.4
CSE461UniversityofWashington 11
ARP(AddressResoluBonProtocol)• NodeusestomapalocalIPaddresstoitsLinklayeraddresses
SourceEthernet
Dest.Ethernet
SourceIP
Dest.IP Payload…
Linklayer
FromDHCP
FromNIC
FromARP
CSE461UniversityofWashington 12
ARPProtocolStack• ARPsitsrightontopoflinklayer
– Noservers,justasksnodewithtargetIPtoidenBfyitself
– Usesbroadcasttoreachallnodes
Ethernet
ARP
CSE461UniversityofWashington 13
ARPMessagesNode Target
Onelink
CSE461UniversityofWashington 14
ARPMessages(2)Node Target
REQUEST BroadcastWhohasIP1.2.3.4?
REPLY
Idoat1:2:3:4:5:6
CSE461UniversityofWashington 15
DiscoveryProtocols• Helpnodesfindeachother
– Therearemoreofthem!• E.g.,zeroconf,Bonjour
• OXeninvolvebroadcast– Sincenodesaren’tintroduced– Veryhandyglue
CSE461UniversityofWashington 16
OtherAspectsofForwarding• It’snotallaboutaddresses…
Payload(e.g.,TCPsegment)
CSE461UniversityofWashington 17
OtherAspects(2)• DecrementTTLvalue
– Protectsagainstloops• Checksheaderchecksum
– Toaddreliability• Fragmentlargepackets
– Splittofititonnextlink• SendcongesBonsignals
– WarnshostsofcongesBon• Generateserrormessages
– Tohelpmangenetwork• HandlevariousopBons
Cominglater
Bigpacket
CSE461UniversityofWashington 18
Topic• Howdoweconnectnetworkswithdifferentmaximumpacketsizes?– Needtosplituppackets,ordiscoverthelargestsizetouse
It’stoobig!Takethat
CSE461UniversityofWashington 19
PacketSizeProblem• Differentnetworkshavedifferentmaximumpacketsizes– OrMTU(MaximumTransmissionUnit)– E.g.,Ethernet1.5K,WiFi2.3K
• Preferlargepacketsforefficiency– Butwhatsizeistoolarge?– Difficultbecausenodedoesnotknowcompletenetworkpath
CSE461UniversityofWashington 20
PacketSizeSoluBons• FragmentaBon(now)
– Splituplargepacketsinthenetworkiftheyaretoobigtosend
– Classicmethod,dated
• Discovery(next)– Findthelargestpacketthatfitsonthenetworkpathanduseit
– IPusestodayinsteadoffragmentaBon
IPv4FragmentaBon• Routersfragmentpacketsthataretoolargetoforward• Receivinghostreassemblestoreduceloadonrouters
CSE461UniversityofWashington 21
Fragment! Reassemble!
Fitsonfirstlink
IPv4FragmentaBonFields• Headerfieldsusedtohandlepacketsizedifferences
– IdenBficaBon,Fragmentoffset,MF/DFcontrolbits
CSE461UniversityofWashington 22
Payload(e.g.,TCPsegment)
CSE461UniversityofWashington 23
IPv4FragmentaBonProcedure• Routerssplitapacketthatistoolarge:
– Typicallybreakintolargepieces– CopyIPheadertopieces– Adjustlengthonpieces– SetoffsettoindicateposiBon– SetMF(MoreFragments)onallpiecesexceptlast
• Receivinghostsreassemblesthepieces:– IdenBficaBonfieldlinkspiecestogether,MFtellsreceiverwhenithasallpieces
IPv4FragmentaBon(2)
CSE461UniversityofWashington 24
ID=0x12efDataLen=2300Offset=0MF=0
ID=DataLen=Offset=MF=
ID=DataLen=Offset=MF=
BeforeMTU=2300
AXerMTU=1500
(Ignorelengthofheaders)
IPv4FragmentaBon(3)
CSE461UniversityofWashington 25
ID=0x12efDataLen=2300Offset=0MF=0
ID=0x12efDataLen=1500Offset=0MF=1
ID=0x12efDataLen=800Offset=1500MF=0
BeforeMTU=2300
AXerMTU=1500
CSE461UniversityofWashington 26
IPv4FragmentaBon(4)• Itworks!
– AllowsrepeatedfragmentaBon
• ButfragmentaBonisundesirable– Moreworkforrouters,hosts– Tendstomagnifylossrate– SecurityvulnerabiliBestoo
CSE461UniversityofWashington 27
PathMTUDiscovery• DiscovertheMTUthatwillfit
– SowecanavoidfragmentaBon– Themethodinusetoday
• Hosttestspathwithlargepacket– Routersprovidefeedbackiftoolarge;theytellhostwhatsizewouldhavefit
PathMTUDiscovery(2)
CSE461UniversityofWashington 28
Try1200 Try900
MTU=1200bytes MTU=900MTU=1400
PathMTUDiscovery(3)
CSE461UniversityofWashington 29
Try1200 Try900
Test#2 Test#3Test#1
MTU=1200bytes MTU=900MTU=1400
CSE461UniversityofWashington 30
PathMTUDiscovery(4)• Processmayseeminvolved
– Butusuallyquicktofindrightsize
• PathMTUdependsonthepathandsocanchangeoverBme– Searchisongoing
• ImplementedwithICMP(next)– SetDF(Don’tFragment)bitinIPheadertogetfeedbackmessages
CSE461UniversityofWashington 31
Topic• Whathappenswhensomethinggoeswrongduringforwarding?– Needtobeabletofindtheproblem
Yikes!Whathappened?
XXXXXXX
CSE461UniversityofWashington 32
InternetControlMessageProtocol• ICMPisacompanionprotocoltoIP
– Theyareimplementedtogether– SitsontopofIP(IPProtocol=1)
• ProvideserrorreportandtesBng– Errorisatrouterwhileforwarding– AlsotesBngthathostscanuse
ICMPErrors• Whenrouterencountersanerrorwhileforwarding:
– ItsendsanICMPerrorreportbacktotheIPsourceaddress– ItdiscardstheproblemaBcpacket;hostneedstorecBfy
CSE461UniversityofWashington 33
Reportthentossit!Oh,nowIsee…XXXXXXX
ICMPreport
ICMPMessageFormat• EachICMPmessagehasaType,Code,andChecksum• OXencarrythestartoftheoffendingpacketaspayload• EachmessageiscarriedinanIPpacket
CSE461UniversityofWashington 34
ICMPMessageFormat(2)• EachICMPmessagehasaType,Code,andChecksum• OXencarrythestartoftheoffendingpacketaspayload• EachmessageiscarriedinanIPpacket
CSE461UniversityofWashington 35
Src=router,Dst=AProtocol=1 Type=X,Code=Y Src=A,Dst=B
XXXXXXXXXXXXXXX
PorBonofoffendingpacket,starBngwithitsIPheader
ICMPheaderIPheader ICMPdata
ExampleICMPMessages
CSE461UniversityofWashington 36
Name Type / Code Usage Dest. Unreachable (Net or Host) 3 / 0 or 1 Lack of connectivity Dest. Unreachable (Fragment) 3 / 4 Path MTU Discovery Time Exceeded (Transit) 11 / 0 Traceroute Echo Request or Reply 8 or 0 / 0 Ping
TesBng,notaforwardingerror:HostsendsEchoRequest,anddesBnaBonrespondswithanEchoReply
Traceroute• IPheadercontainsTTL(Timetolive)field
– Decrementedeveryrouterhop,withICMPerrorifithitszero– Protectsagainstforwardingloops
CSE461UniversityofWashington 37
Traceroute(2)• TracerouterepurposesTTLandICMPfuncBonality
– SendsprobepacketsincreasingTTLstarBngfrom1– ICMPerrorsidenBfyroutersonthepath
CSE461UniversityofWashington 38
...LocalHost
RemoteHost1hop 2hops 3hops N-1hops Nhops
CSE461UniversityofWashington 39
Topic• IPversion6,thefutureofIPv4thatisnow(sBll)beingdeployed
WhydoIwantIPv6again?
CSE461UniversityofWashington 40
• AtleastabillionInternethostsandgrowing…
• Andwe’reusing32-bitaddresses!
InternetGrowth
TheEndofNewIPv4Addresses• NowrunningonleXoverblocksheldbytheregionalregistries;muchBghterallocaBonpolicies
CSE461UniversityofWashington 41
IANA(AllIPs)
ARIN(US,Canada)
APNIC(AsiaPacific)
RIPE(Europe)LACNIC
(LaBnAmer.)AfriNIC(Africa)
ISPs
Companies
Exhaustedon2/11! Endoftheworld?12/21/12?
Exhaustedon4/11and9/12!
CSE461UniversityofWashington 42
IPVersion6totheRescue• EffortstartedbytheIETFin1994
– Muchlargeraddresses(128bits)– Manysundryimprovements
• BecameanIETFstandardin1998– Nothingmuchhappenedforadecade– Hamperedbydeploymentissues,andalackofadopBonincenBves
– Bigpush~2011asexhausBonlooms
IPv6Deployment
CSE461UniversityofWashington 43
Timeforgrowth!
Source:GoogleIPv6StaBsBcs,30/1/13
PercentageofusersaccessingGoogleviaIPv6
CSE461UniversityofWashington 44
IPv6• Featureslargeaddresses
– 128bits,mostofheader
• NewnotaBon– 8groupsof4hexdigits(16bits)– Omitleadingzeros,groupsofzeros
Ex:2001:0db8:0000:0000:0000:ff00:0042:8329à
32bits
CSE461UniversityofWashington 45
IPv6(2)• Lotsofother,smallerchanges
– Streamlinedheaderprocessing– Flowlabeltogroupofpackets– Beserfitwith“advanced”features(mobility,mulBcasBng,security)
32bits
CSE461UniversityofWashington 46
IPv6TransiBon• TheBigProblem:
– HowtodeployIPv6?– FundamentallyincompaBblewithIPv4
• Dozensofapproachesproposed– Dualstack(speakIPv4andIPv6)– Translators(convertpackets)– Tunnels(carryIPv6overIPv4)»
Tunneling• NaBveIPv6islandsconnectedviaIPv4
– TunnelcarriesIPv6packetsacrossIPv4network
CSE461UniversityofWashington 47
Tunneling(2)• TunnelactsasasinglelinkacrossIPv4network
CSE461UniversityofWashington 48
User UserTunnel
Tunneling(3)• TunnelactsasasinglelinkacrossIPv4network
– DifficultyistosetuptunnelendpointsandrouBng
CSE461UniversityofWashington 49
IPv6
Link
User User
IPv4Link
IPv6IPv6
Link
IPv6
LinkIPv4Link
IPv6 IPv6
Link
NaBveIPv4NaBveIPv6 NaBveIPv6
Tunnel
CSE461UniversityofWashington 50
Topic• WhatisNAT(NetworkAddressTranslaBon)?Howdoesitwork?– NATiswidelyusedattheedgesofthenetwork,e.g.,homes
I’maNATboxtoo!
Internet
LayeringReview• Rememberhowlayeringismeanttowork?
– “Routersdon’tlookbeyondtheIPheader.”Well…
CSE461UniversityofWashington 51
TCP
IP
802.11
App
IP
802.11
IPEthernet
TCP
IP
802.11
App
IP
802.11
IPEthernet
Router
Middleboxes• Sit“insidethenetwork”butperform“morethanIP”processingonpacketstoaddnewfuncBonality– NATbox,Firewall/IntrusionDetecBonSystem
CSE461UniversityofWashington 52
TCP
IP
802.11
App
IP
802.11
IPEthernet
TCP
IP
802.11
App
IP
802.11
IPEthernet
Middlebox
App/TCP
CSE461UniversityofWashington 53
Middleboxes(2)• Advantages
– ApossiblerapiddeploymentpathwhenthereisnootheropBon
– Controlovermanyhosts(IT)
• Disadvantages– BreakinglayeringinterfereswithconnecBvity;strangesideeffects
– Poorvantagepointformanytasks
CSE461UniversityofWashington 54
NAT(NetworkAddressTranslaBon)Box• NATboxconnectsaninternalnetworktoanexternalnetwork– Manyinternalhostsareconnectedusingfewexternaladdresses
– Middleboxthat“translatesaddresses”
• MoBvatedbyIPaddressscarcity– Controversialatfirst,nowaccepted
CSE461UniversityofWashington 55
NAT(2)• Commonscenario:
– Homecomputersuse“private”IPaddresses– NAT(inAP/firewall)connectshometoISP
usingasingleexternalIPaddress
ISP
Unmodifiedcomputersathome Lookslikeonecomputeroutside
NATbox
CSE461UniversityofWashington 56
HowNATWorks• Keepsaninternal/externaltable
– TypicallyusesIPaddress+TCPport– ThisisaddressandporttranslaBon
• Needportstomakemapping1-1sincetherearefewerexternalIPs
Internal IP:port External IP : port 192.168.1.12 : 5523 44.25.80.3 : 1500 192.168.1.13 : 1234 44.25.80.3 : 1501 192.168.2.20 : 1234 44.25.80.3 : 1502
WhatISPthinksWhathostthinks
HowNATWorks(2)• InternalàExternal:
– LookupandrewriteSourceIP/port
CSE461UniversityofWashington 57
Internal IP:port External IP : port 192.168.1.12 : 5523 44.25.80.3 : 1500
NATbox
ExternaldesBnaBonIP=X,port=Y
Internalsource
Src=Dst=
Src=Dst=
HowNATWorks(3)• ExternalàInternal
– LookupandrewriteDesBnaBonIP/port
CSE461UniversityofWashington 58
Internal IP:port External IP : port 192.168.1.12 : 5523 44.25.80.3 : 1500
NATbox
Externalsource
IP=X,port=YInternal
desBnaBon
Src=Dst=
Src=Dst=
HowNATWorks(4)• NeedtoentertranslaBonsinthetableforittowork
– CreateexternalnamewhenhostmakesaTCPconnecBon
CSE461UniversityofWashington 59
Internal IP:port External IP : port 192.168.1.12 : 5523
NATbox
ExternaldesBnaBonIP=X,port=Y
Internalsource
Src=Dst=
Src=Dst=
CSE461UniversityofWashington 60
NATDownsides• ConnecBvityhasbeenbroken!
– CanonlysendincomingpacketsaXeranoutgoingconnecBonissetup
– Difficulttorunserversorpeer-to-peerapps(Skype)athome
• Doesn’tworksowellwhentherearenoconnecBons(UDPapps)
• BreaksappsthatunwiselyexposetheirIPaddresses(FTP)
CSE461UniversityofWashington 61
NATUpsides• RelievesmuchIPaddresspressure
– ManyhomehostsbehindNATs• Easytodeploy
– Rapidly,andbyyoualone• UsefulfuncBonality
– Firewall,helpswithprivacy
• Kinkswillgetworkedouteventually– “NATTraversal”forincomingtraffic
