Introduction to the IP protocol and IP networks Martin Šrotýř [email protected].

Introduction to the IP protocol and IP networks Martin rot [email protected]

Characteristics of IP protocol IP (Internet Protocol) is a Network Layer Protocol IP is a connectionless, unreliable, best-effort delivery protocol. IP accepts whatever data is passed down to it from the upper layers and forwards the data in the form of IP Packets. All the nodes are identified using an IP address. IPs current version is Version 4 (IPv4) with 32-bit IP addresses. It is specified in RFC 891. Newest version - IPv6 has 128-bit addresses and enhanced characteristics Packets are delivered from the source to the destination using IP address IP protocol include routing of packets (IP datagrams)

Features of IP protocol is universal, offers a simple transmission services does not use the specifics of the physical transmission technologies - requires a "common minimum" trying to cover up the differences - creates a unified environment for all applications is focused on the simplicity, efficiency and speed operates with variable packet size the size of the packet is specified by the sender (application) - but it can lead to fragmentation, is a connectionless transmitted packets are not numbered, and there is no guarantee of the order or delivery time Operates as unreliable - "best-effort" no guarantee of delivery no guarantee of undamaged of the data does not use acknowledgment does not support flow control may discard datagram - wrong checksum, exceeding the life of a packet, network congestion threatens

Format of IP datagram The size is variable max. 64 K (65535 bytes) minimum supported size: 576 bytes without fragmentation corresponds to 512 bytes of payload, the other is the overhead headerdata part HLEN (Header LENgth, 4 bits) TOTAL LENGTH (16 bits), max. 65535 bytes the size of the heades is also variable (typical size ist 20 B)

The problem of fragmentation Cause of the problem: different transmission technologies work with different sizes of line frames datagrams the size is specified by the MTU (Maximum Transfer Unit) e.g. 48 : ATM 576: X.25 1492: IEEE 802.3 1500: Ethernet II 1500, 2048, 4096: Token Ring 4325, 2048: FDDI the one who determines the size of the data packet can adapt to the known size of MTU Where is the problem: knowledge of the MTU refers only to the local network (segment), does not apply to the whole connection!! Thanks to connectionless nature of IP protocol (not open connections) the fragmentation can not be excluded even if tle local MTU will be respected!

ICMP (Internet Control Message Protocol) IP protocol is not "heartless" do not discard datagrams for no reason has the right to discard datagram in non- standard situations - loops, bad header checksum, overload, if it can not be fragmented,... But when something is discarded, IP does not care about correcting but trying to inform you that something has happened for information about the non-standard situations there is ICMP protocol except incorrect header checksum, then you can not rely on information about the sender and other content

ICMP ICMP is an integral part of the IP protocol must be mandatorily implemented together with the IP is mutually interconnected with the IP protocol - the recipient of ICMP messages is the sender's IP protocol ICMP packets traveling networks embedded in IP datagrams - loss of datagrams containing the ICMP packets are not reported (risk of looping) Overview situations / information that ICMP reports: Source Quench (analogy of flow control at the level of routers) Time exceeded Destination unreachable Redirect Parametr problem echo request/reply address mask request/reply router advertisement

IP addresses

Symbolic notation of IP addresses IP V4 address is a 32-bit binary number. Use single way of writing: content of each byte is expressed as a decimal number, the individual parts are connected by a dot. For example: 193.84.57.34 IP V4 - class A: 1.x.x.x to 126.x.x.x IP V4 - class B: 128.0.x.x to 191.255.x.x IP V4 - class C: 192.0.0.x to 223.255.255.x IP V6 address is 128-bit binary number V6 is written in hexadecimal, separated by colons in quadruples. The quadruple does not write a zero, if there is a composition of one or more of quaternions of zeros, the presence of zeros is identified only separating colon. For example: 4ef5:ffff:1::baf/64, where the number after the slash specifies the length of the prefix, ie the number of bits from left to addresses that identify addresses belonging to the network. 2 C0 H A8 H 0H0H 2H2H 1921680 192.168.0.2

IP addresses configuration Static vs. DHCP (Dynamic Host Configuration Protocol)

The concept of IP V4 addresses class A, B a C 0 network address 10 110 A B C 24 bits 16 bits 8 bits 1+7 bits = 1B 2+14 bits = 2B 3+21 bits = 3B node address

Special addresses there are two special classes of IP addresses: Class D is used for the multicast (group transmission) Class D consists of 224.0.0.0 to 239.255.255.255 address Class E is reserved for future use Class E consists of 240.0.0.0 to 255.255.255.255 address Class E was not actually used for expansion (IP addresses in IPv6) addresses Class D and E are not logically binary can be allocated individually 00 = this computer 0 = computer on this(local) network x x0 x 1..1 = this network as a whole piece = controlled broadcast (only for network x) 1..1 = limited broadcast (only for selected network) 127.x.x.x = loopback (interfaces that do not go out")

Special addresses A whole class A is assigned to specific entities Eg. 6.0.0.0 / 8 belongs to U.S. Army; 17.0.0.0 / 8 Apple, etc. There are two exceptions: 0.0.0.0 / 8 is not in use, 127.0.0.0 / 8 is reserved for loopback (loopback address) Public vs. private IP addresses Unspecified IP addresses are used as public Private networks use these networks: 10.0.0.0 / 8 (10.0.0.0 to 10.255.255.255) 172.16.0.0/12 (172.16.0.0 to 172.31.255.255) 192.168.0.0/16 (192.168.0.0 to 192.168.255.255) 169.254.0.0/16 (169.254.0.0 to 169.254.255.255) This network is dedicated to a network without DHCP service to automatically assign IP addresses in the failure to obtain an IP address automatically

Subnet Mask The subnet mask describes the distribution of addresses into subnets The subnet mask in binary format has the ones from the left to the point where the network number ends and on the location of the number of network interfaces are the zeros Using a subnet mask router decides on the routing of IP datagram Example: IP address 192.168.68.233/24 The mask in binary: 11111111.11111111.11111111.00000000 (network number by CIDR is the first 24-bits) Mask decimal: 255. 255. 255. 0 IP addresses of the network: 192.168.68.0 192.168.68.255

Subnet Mask The mask can determine the number of network IP address decimal: 192. 168. 68. 233 IP address binary: 11000000.10101000.01000100.11101001 Subnet mask: 11111111.11111111.11110000.00000000 Logical producit (AND): 11000000.10101000.01000000.00000000 (Logical product of the previous two lines) Network number (decimal): 192. 168. 64. 0 If we know the network number and mask, we can calculate the range of IP addresses that can be used in the network

Subnet Mask The mask can determine the number of network Eg. - What IP addresses can be used in network 192.168.64.0/20 Mask binary: 11111111.11111111.11110000.00000000 (20 bits) Network number binary: 11000000.10101000.01000000.00000000 (192.168.64.0) 1. IP address: 11000000.10101000.01000000.00000001 (192.168.64.1 - 1 higher than the number of network) 2. IP address: 11000000.10101000.01000000.00000010 (192.168.64.2 - 1 higher than the previous)... Last IP address: 11000000.10101000.01001111.11111110 (192.168.79.254 - 1 less than the broadcast) Broadcast: 11000000.10101000.01001111.11111111 (192.168.79.255) TOTAL # OF IP ADDRESS: 4094 (2 12 - 2 (network number and broadcast))

Subnet Mask EXERCISE: Try to determine the mask and range of IP addresses for these examples 10.102.0.0/23; 192.168.0.140/25; 192.168.100.1/29

Subnet Mask EXERCISE: Try to determine the mask and range of IP addresses for these examples: 10.102.0.0/23; 192.168.0.140/25; 192.168.100.1/29

Subnet Mask EXERCISE: Try to determine the mask and range of IP addresses for these examples: 10.102.0.0/23; 192.168.0.140/25; 192.168.100.1/29 10.102.0.0/23: Mask 255.255.254.0 IP range 10.102.0.0 10.102.1.255 (510 addresses) 192.168.0.140/25 : Mask 255.255.255.128 IP range 192.168.0.128 192.168.0.255 (126 addresses) 192.168.100.1/29: Mask 255.255.255.248 IP range 192.168.100.0 192.168.100.7 (6 addresses)

Way of distributing IP addresses No IP address can not be assigned twice although nowadays there are some exceptions The original solution: the central authority - originally resort SRI NIC (at Univ. Stanford of the USA) - each candidate from all over the world asked directly SRI NIC, assign the addresses directly - over time it became unacceptable organizationally Next developmental stage: the central authority became IANA organization that allocates blocks of IP addresses across regional providers: RIPE (Europe and parts of Asia) APNIC (Asia, Pacific) ARIN (USA, Canada) LACNIC (Central and South America) AFRINIC (Africa) IANA RIPEAPNIC ARIN allocation of entire blocks of addresses allocation of IP address class B and C

Way of distributing IP addresses IP V4 already ran out in 2012 (under the IANA) Pressure on providers of the IPv6 Solution using NAT (network address translation)

NAT NAT Network Address Translation From one external IP address can create another extensive (private) internal network It saves public IP addresses The security element Management of the internal network port forwarding + firewall

IP V6 Due to the structure of TCP / IP, it will be replaced only by the network transport layer - ie IP datagrams. The subsequent necessary changes will occur therefore only in a limited set of protocols (such as DHCP, ICMP, etc.). Removed NAT - huge address space (3.410 38 addresses) The high number of addresses allows hierarchical organization, which simplifies routing and renumbering Stateless address autoconfiguration Multicast - broadcast to the all-hosts (FF02 :: 1) Support for mobile devices security mechanisms directly in the IP support services with guaranteed quality

IP V6 - special addresses eg. 2001:0db8:7654:3210:fedc:ba98:7654:3210 prefixmeaning ::/128 undefined address ::1/128 local loop (loopback) fc00::/7unique individual local - used only locally, but likely are globally unique fe80::/10 individual local link addresses - are unique only within the link ff00::/8group - multicast otherindividual global

IP V4 MAC address egd. 00:16:17:e1:28:5f MAC (Media Access Control) address is a unique identifier of the device used by protocols on the second layer of the OSI RM (network interface layer of TCP / IP) alias "physical address The Ethernet MAC address has an 48 bits - six two-digit hexadecimal numbers (Used in most technologies) Assigned by the manufacturer, is unique (as defined) has two parts. First part define the manufacturer and the second part define particular piece of hardware Special MAC addresses Broadcast (ff: ff: ff: ff: ff: ff), multicast, locally managed (rarely)

Routing / switching in IP environment link layer end node The network on the L2 (switches) network layer transport. layer link layer network layer transport. layer link layer end node The network IP routers (router) - L3 network layer transport. layer link layer network layer transport. layer link layer network layer link layer Header of link layer IP header TCP header data link layer network layer

The principle of switching frames - L2 The switch analyzes the addresses and provides: Switch (Turn Frame) to the appropriate destination port Filters out / canceled (Drop Frame) if the address does not match the transmitting port Switch (Bridge Frame) switch to higher network if the MAC address is not in the table Standard offers two types of switching: Store and forward - the entire frame is loaded into the internal memory, then it checks and according to the destination address is transferred by the specified port Cut Through - fast switching - reads only the frame header and then after sending headers directly re-sends the data part

Routing Routing is a choice of direction in each router for onward transmission of packets based on the routing information permanently regenerated. Routing involves besides its own executive function of forwarding packets even: storage of routing information - ie keeping routing tables calculation of optimal routes, which is a combinatorial problem of finding the shortest path in the graph, and the result is "basis for choice of the direction" maintenance of routing information - updating data for calculating routes Routing Static Vs. dynamic Each router tests the availability of its neighbors - ie, line status, compiles "link state packet" about the availability of neighbors (line status and its evaluation) and sends these packets to all nodes in the network.

Direct and indirect routing Direct routing: the sender and the recipient are located in the same IP network - This can be recognized by the fact that they have the same network part of their IP addresses Do not care about routing selection. The data link layer (layer network interface) take care about the delivery of the data - the sender sends a datagram "directly" to the end terminal. indirect routing sender and recipient are located in different IP networks the sender must determine the most appropriate outbound direction (router located in this direction) - the sender sends a datagram to router in the selected outgoing direction IP Direct routing Indirect routing router

The concept of routing tables in the routing table is not the full path to the destination, but only "next hop", ie the address of the nearest router prefix in the address of the destination network corresponding to the mask - "CIDR prefix" represents the number of bits with ones in mask IP netw. (192.168.0) IP netw. (192.168.1) IP netw. (192.168.2) IP netw. (192.168.3) IP netw. (192.168.4) IP netw. (192.168.5) IP netw. (192.168.6) IP netw. (192.168.7) target network / prefix send over 192.168.0/24send directly 192.168.1/24192.168.0.3 192.168.2/24192.168.0.4 192.168.3/24192.168.0.5 192.168.4/24192.168.0.4 192.168.5/24192.168.0.4 192.168.6/24192.168.0.4 192.168.7/24192.168.0.4 192.168.0.3 192.168.0.5 192.168.0.4 routing table of node addresses of the next hop

The concept of routing tables Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.102.0.248 10.102.1.49 255.255.255.255 UGH 20 0 0 eth1 172.24.255.3 10.102.1.49 255.255.255.255 UGH 20 0 0 eth1 10.102.0.249 10.102.1.49 255.255.255.255 UGH 4 0 0 eth1 172.24.255.2 10.102.1.49 255.255.255.255 UGH 20 0 0 eth1 10.102.0.110 10.102.1.49 255.255.255.255 UGH 88 0 0 eth1 10.102.0.250 10.102.1.49 255.255.255.255 UGH 13 0 0 eth1 10.102.0.253 10.102.1.49 255.255.255.255 UGH 4 0 0 eth1 224.0.0.6 127.0.0.1 255.255.255.255 UGH 0 0 0 lo 10.102.0.254 10.102.1.49 255.255.255.255 UGH 20 0 0 eth1 224.0.0.5 127.0.0.1 255.255.255.255 UGH 0 0 0 lo 10.102.0.140 10.102.1.49 255.255.255.255 UGH 20 0 0 eth1 172.24.255.4 10.102.1.49 255.255.255.255 UGH 20 0 0 eth1 10.102.0.69 10.102.1.49 255.255.255.255 UGH 20 0 0 eth1 10.102.0.240 10.102.1.49 255.255.255.255 UGH 20 0 0 eth1 10.102.0.241 10.102.1.49 255.255.255.255 UGH 4 0 0 eth1 172.25.0.250 10.102.1.49 255.255.255.255 UGH 20 0 0 eth1 224.0.0.9 127.0.0.1 255.255.255.255 UGH 0 0 0 lo 10.102.223.191 10.102.1.49 255.255.255.255 UGH 32 0 0 eth1 172.30.2.2 10.102.1.49 255.255.255.255 UGH 20 0 0 eth1 10.102.0.65 10.102.1.49 255.255.255.255 UGH 14 0 0 eth1 172.25.0.252 10.102.1.49 255.255.255.255 UGH 20 0 0 eth1 172.25.0.253 10.102.1.49 255.255.255.255 UGH 4 0 0 eth1 10.102.0.64 10.102.1.49 255.255.255.255 UGH 24 0 0 eth1 10.102.0.1 10.102.1.49 255.255.255.255 UGH 4 0 0 eth1 10.102.0.66 10.102.1.49 255.255.255.255 UGH 15 0 0 eth1 IPv4 Smrovac tabulka ============================================================== ============= Aktivn smrovn: Cl v sti Sov maska Brna Rozhran Metrika 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.3 20 127.0.0.0 255.0.0.0 Propojen 127.0.0.1 306 127.0.0.1 255.255.255.255 Propojen 127.0.0.1 306 127.255.255.255 255.255.255.255 Propojen 127.0.0.1 306 192.168.0.0 255.255.255.0 Propojen 192.168.0.3 276 192.168.0.3 255.255.255.255 Propojen 192.168.0.3 276 192.168.0.255 255.255.255.255 Propojen 192.168.0.3 276 224.0.0.0 240.0.0.0 Propojen 127.0.0.1 306 224.0.0.0 240.0.0.0 Propojen 192.168.0.3 276 255.255.255.255 255.255.255.255 Propojen 127.0.0.1 306 255.255.255.255 255.255.255.255 Propojen 192.168.0.3 276 ============================================================== ============= Trval trasy: dn Extensive routing tables represent a burden for routing IP datagrams in the network -> the need for aggregation of individual networks

Autonomous systems Large amounts of transmitted routing information is solved with the "decomposition" based on autonomous system (AS). AS do not spread detailed routing information, but provides only information about the available AS network. Each autonomous system has a certain (small) number of input / output points of interconnection with other autonomous systems. These points exchange information about the availability (of its content) and also tests the mutual existence, Originally the stru ture of AS was strictly tree-like. The new protocols nowadays do not limit AS in choosing how ("which way") wants to communicate with the other autonomous systems. This enables the potential peering, ie direct interconnection of autonomous systems, bypassing the default connection via the backbone AS4 AS1 AS2 AS3

Autonomous systems on the network backbone autonomous system (AS) externally does not inform about their internal structure or the detailed routing information is "autonomous" in the sense that it can itself determine its own routing policy, including how it is handled within the AS routing information update AS externally only publishes information about availability in terms of: AS1 "inside me is a network A to B" AS2 "inside me is a network C and G A B C DE F G backbone part of the Internet autonomous system AS1 autonomous system AS2

Exterior Gateway Protocols autonomous systems must exchange information about the availability, existence, "the establishment of mutual relations"... This requires appropriate protocols Almost exclusively is used protocol BGP (Border Gateway Protocol) in version BGP4, which replaced the earlier EGP: supports the general interconnection of autonomous systems and not just "a tree topology allows you to set different criteria in choosing between alternative directions - AS administrator can set priorities. for example depending on the speed, capacity of lines, the reliability, etc.

IGP Interior Gateway Protocols within itself, each autonomous system can solve the routing as it deems appropriate - can apply their own routing policy and way of updating routing information there are several alternative protocols that can be used to update the routing information inside the AS the IGP (Interior Gateway Protocols) are RIP (Routing Information Protocol) works on the principle of "distance vector" suitable for small to medium sized networks, not large OSPF (Open Shortest Path First) - the most widespread protocol: works on the principle "link state" suitable also for larger networks (larger autonomous systems)

Protocol OSPF (Open SPF) It is an "open older version of the protocol SPF (Shortest Path First) - the specifications are publicly available, originates from the IETF, is the link-state type each node tests the availability of its neighbors - ie, link status, Each node compiles a link state packet, stating the information about the availability of its neighbors - the state of line and its evaluation, These packets are sent to all nodes in the network immediately only when data is changed, otherwise for refreshing every 30 minutes (optional). All nodes in the network have full information about the individual links and can calculate the optimal path - everyone counts "for themselves", the error affects only themself. OSPF supports alternative routes allows to define different paths for different types of traffic supports load balancing OSPF supports other "decomposition" - allows subdividing networks into smaller areas (area) which are analogous to autonomous systems that their topology is not distributed outside the area - minimizing the amount of information of updates

Protocol OSPF (Open SPF)

OSPF CESNET

Protocol OSPF (Open SPF) - CESNET

TCP / IP does not provide a security The main idea of TCP / IP is that the transmission mechanisms should mainly transmitted data and not have to worry about additional features: transmitted data are unprotected against "eavesdropping" - not encrypted or otherwise protected If an application requires a certain level of security, it must provide itself it is therefore the same "compromise" as confidence - either to provide security to all (even those who do not need it), or it will provide for each candidate by itself. The result is that transmission infrastructure is simpler, faster and cheaper than when it operated in a secure manner Security must be addressed at the application level, especially by authentication, encryption, tunneling, separation by firewall, etc. or tools for MPLS L3 or L2 to exploit the capabilities of L2, which allow each packet / frame to prioritize their belonging to the closed group.

TCP / IP does not solve the specific requirements of multimedia These applications need to receive their data with small and regular delays, i.e. with regular spacings between them, This concerns, for example, the transmission of images or sound, ie VoIP, TV broadcasts, radio, video-on-demand, the problem is with the functioning of the transmission mechanisms of TCP (UDP) / IP on the principle of "best effort, but non-guaranteed result It is necessary to support QoS (Quality of Service) - QoS is essentially a "counterpart" principle of best effort (BE): "quantitative": increasing the available capacity - they operate on the principle of "best effort..." remains, improvement is statistical, ie it is less likely that it will have to be a reduction requirements concerns both the transmission capacity (ie lines) and "switching capacity" (routers, switches) 'qualitative': the implementing of QoS support - the principle of "best effort " is replaced by another mode of operations - the improvement is guaranteed, but expensive and difficult

QoS in TCP / IP - possible approaches Prioritization - different types of traffic are assigned different priority and is handled differently - traffic with higher priority get "better handling" (and allocation) at the expense of lower priority traffic. Examples of solutions include: MPLS (Multiprotocol Label Switching) implemented either tool third or as a second layer (MPLS / ATM, etc.), Using tools L2 layer (s Network Interface) - eg L3/L2 switching IEEE 802.11e - Certification 1 and 2 Grades - WMM, WMM-PS Reservation - the need for specific parameters can be dedicate (reserve) required resources and then use those - this includes reservation of transmission capacity, switching capacity, etc. An example solution is RSVP (Resource Reservation Protocol) and it adjoins the transport protocol RTP (Real-Time Protocol), which operates over UDP protocol

Protocols above the IP protocol UDP Simple highspeed low-level protocol connectionless No reliability guarantee typically small packets TCP Connection-oriented, reliable Not as efficient as UDP Data is guaranteed to arrive, and in the correct order without duplications Or the connection will be dropped Imposes significant overheads A lot of applications (http, ftp, )

Thank you for your attention

Introduction to the IP protocol and IP networks Martin Šrotýř [email protected].

Documents

Transcript of Introduction to the IP protocol and IP networks Martin Šrotýř [email protected].