Network Layer - Mississippi State Universityweb.cse.msstate.edu/~ramkumar/NLS18.pdf ·...

Routing AlgorithmsCongestion Control

FragmentationIP Protocol

Network Layer

Mahalingam RamkumarMississippi State University, MS

March 14, 2018

Ramkumar NL



Network Layer

Provides services to the transport Layer

Hides topology information from the transport layer

Packet switching

RoutingForwarding

Congestion Control

Ramkumar NL



Types of Network Layer Services

Guaranteed delivery

Guaranteed delivery with bounded delay

In order delivery

Guaranteed minimum bandwidth (QOS)

Guaranteed minimum jitter (spacing between packets atsender vs receiver)

Security services

IP protocol provides no such guarantees

Ramkumar NL



Datagram Switching

Datagram Subnet

A E F Process P2

LAN

Router

1

Carrier's equipment

Process P1

B

H1 H2

D

C

Packet

3

4

2

A –

B B

initially

C C

D B

E C

F C

Dest.

A –

B B

laterA's table

C C

D B

E B

F B

A A

B A

C's table

C –

D D

E E

F E

A C

B D

E's table

C C

D D

E –

F F

Line

Datagram Switching

Routers maintain a routingtable indicating best next hopfor each destination

Routing tables are dynamic

Every packet routedindividually

Paths may change dynamically

Packets not guaranteed to bereceived in the same order.

Ramkumar NL



Virtual Circuit Switching

VC Subnet

E FProcess P2

LAN

Router

1

Carrier's equipment

Process P1

Process P3

B

H1

H3

H2

D

C

3

42

H1 1

H3 1

C 1

C 2

A's table

A 1

A 2

E 1

E 2

C's table

C 1

C 2

F 1

F 2

E's table

A

In Out

Virtual Circuit

A path is established beforeeven the first packet can besent

Path accepted by all routers inthe path

Packets marked with a pathidentifier

Path identifier helps the routerdetermine how to forward thenext packet

Size of routing tables in arouter depends on number ofactive paths through therouter.

Ramkumar NL



Datagram vs VC

Ramkumar NL



IP Layer Datagram Routing

1 IP layer receives

IP packets from link layertransport packets from transport layer, and adds IP header

2 IP packet goes to IP forwarding module

Check IP destination addressIf my own address, pass IP payload to higher layerElse (look up forwarding table, and) decide which interfaceshould be used to relay the packet.

3 When IP packets are created (in response to a transportpacket from a higher layer)

Sender and destination IP address provided by application layer(socket address)TCP/UDP use from/to IP addresses for computing TCPheader checksum

Ramkumar NL



Socket vs Network Interface

Socket in Higher layers (AL, TL and NL); network interface inlower layers (PL,DL,NL)

Socket Address (port and IP) binds an application instance totransport layer port and NL address.

Transport layers keeps track of socketsUDP - socket used for recvfrom()TCP: listening sockets and connected sockets

Network interface binds physical layer (a hardware interfacelike an Ethernet card) to a DL/MAC address and an IPaddress

A computer can have multiple interfaces (each with adifferent IP address and DL address)

Try “ifconfig -a” in command line (”ipconfig /all” in windows)

Ramkumar NL



Network Interface

Routers need to have multiple interfaces (why?)

Each interface has a different IP address.

Your home router has two interfaces (WAN side and LANside)

Most modern computers have multiple interfaces (but usuallyonly one of them is active)

Sometimes interfaces are created without any actual physicalhardware! (VPN: Virtual Private Network)

Ramkumar NL



Network Layer Topics

Ramkumar NL



Basic Considerations

Session Routing vs Forwarding

Adaptive vs non-adaptive

Desired properties

CorrectnessSimplicityRobustnessStabilityFairnessOptimality

Ramkumar NL



Fairness vs Optimality Conflict

X X′

A B C

A' B' C'

Ramkumar NL



Optimality Principle

If router B is on the optimal path to C from A, the path B − A isalso optimalGoal of every routing algorithm - to determine the sink tree forevery destination

B

A

F

D EC

J

N

O

IH

G

L

M

K

(a)

B

A

F

D EC

J

N

O

IH

G

L

M

K

(b)

Ramkumar NL



Sink Tree + Optimality Principle

For any destination, every router needs to know only the next hopin the best path to the destination.

Ramkumar NL



Shortest Path Routing

What is the metric?

Number of hops, geographic distance, delay (propagation,queue, processing), reliability?

The idea is to reduce the metric (whatever is chosen) to getfrom one point to another

Dijkstra’s algorithm

Ramkumar NL



A D1

2

6

G

4

(a)

F (∞, −) D (∞,−)

A

B 7 C

2

H

33

2

2 FE

1

22

6

G

4

A

(c)

A

B (2, A) C (9, B)

H (∞, −)

E (4, B)

G (6, A)

F (6, E) D (∞,−)A

(e)

A

B (2, A) C (9, B)

H (9, G)

E (4, B)

G (5, E)

F (6,E) D (∞,−)A

(f)

A

B (2, A) C (9, B)

H (8, F)

E (4, B)

G (5, E)

F (6, E) D (∞,1)A

(d)

A

B (2, A) C (9, B)

H (∞, −)

E (4, B)

G (5, E)

F (∞, −) D (∞, −)A

H

E

G(b)

B (2, A) C (∞, −)

H (∞, −)

E (∞, −)

G (6, A)

Ramkumar NL



Dijkstra’s Algorithm

To obtain sink tree for a node (start node).

Weight of start node set to 0; weights of all other nodestentatively set to ∞Mark all nodes as unvisited

Set start node as current node

Until there are no unvisited nodes repeat the following steps

Mark tentative weight for all unvisited nodes directlyconnected to the current nodeMark the current node as visitedSet the least-weight unvisited node as current node

Ramkumar NL



Basic Approaches

Problem (from perspective of node A): get to node B

Approaches

1-LS Find the topology of the network and determine the shortestpath

2-DV Find the best next hop to reach any destination (cooperativelybuild tables to determine that)

3-FL Flooding

Which approach is better?

Depends....

Ramkumar NL



Flooding

Every incoming packet is sent on every outgoing line (exceptthe one it arrived on)

Damping - stop flooding packets after a certain number ofhops - hop counter decremented each time

Sequence number for each request - if you have already sentout a packet with the same sequence number - do not sendout duplicates.

Selective flooding - for example using some directionalinformation

Ramkumar NL



Distance Vector (DV) Routing

Bellman-Ford / Ford-Fulkerson

First routing algorithm used in the Internet (then ARPANET)— also used in RIP in Internet.

Each router has an entry for every router in the subnet

Each entry has two components

Preferred neighborNumber of hops (or some other metric) to destination

Distance to all nodes in the subnet periodically conveyed toall neighbors.

Ramkumar NL



DVR in a Subnet

A A 0B B 1C C 1D − −

A − −B − −C C 1D D 0

A A 0B B 1C C 1D C 2

A A 1B B 0C − −D − −

A A 1B B 0C A 2D − −

A A 1B − −C C 0D D 1

A A 1B A 2C C 0D D 1

A C 2B − −C C 1D D 0

A A 1B B 0C A 2D A 3

A C 2B C 3C C 1D D 0

A

BC

D

A B C D

Ramkumar NL



DVR in a Subnet

(a)

A B C D

E

I J K L

F GH

Router

012254014231817219

2429

243618277

2031200

112233

2031198

301960

147

229

2128362422403119221009

820282017301812100615

AAIHIIHHI−

KK

To A I H K Line

New estimated delay from J

ABCDEFGHIJKL

JA JI JH JKdelay delaydelaydelay

is is is is8 10 12 6

New routing table for J

Vectors received from J's four neighbors

(b)Ramkumar NL



Count To Infinity

A B C D E

• • • • • • •

• • • 4

1111

222

33

InitiallyAfter 1 exchangeAfter 2 exchangesAfter 3 exchangesAfter 4 exchanges

A B C D E

1 2 3 4

• • • •

2 3 43 4

46

3355

446

55

67 6 787 8 7

InitiallyAfter 1 exchangeAfter 2 exchangesAfter 3 exchangesAfter 4 exchangesAfter 5 exchangesAfter 6 exchanges

...

(a) (b)

Ramkumar NL



Poisoned Reverse

X and Y are neighbors

X has entry [Z , d ,Y ] (Z is distance d from X with next hopY )

X → Y : [Z ,∞] (poisoned reverse)

X → ∗: [Z , d ] (all neighbors except Y ) .

not guaranteed to address the Count-to-infinity problem

Ramkumar NL



Link State Routing

Every node obtains a complete view of the topology of theentire network

then uses shortest path (Dijkstra) algorithm

Ramkumar NL



Link State Routing

Discover neighbors

Measure delays or cost to reach each neighbor

Construct a “link-state” packet

Inform all routers (send link-state packet to all routers -flooding)

Compute shortest path to all routers.

Ramkumar NL



Distributing Link State Packets

(Source, Sequence Number) for each LS packet

Sequence number keeps a check on flooding

Wrapping of sequence numbers? Age solves the problem

Hold for a while before transmission

Each packet is acknowledged

Ramkumar NL



B C

E F

A D61

2

8

5 7

4 3

(a)

ASeq.Age

B C D E F

B 4E 5

Seq.AgeA 4C 2

Seq.AgeB 2D 3

Seq.AgeC 3F 7

Seq.AgeA 5C 1

Seq.AgeB 6D 7

F 6 E 1 F 8 E 8

Link State Packets

(b)

D 21 59 1 0 0 0 1 1

C 20 60 1 0 1 0 1 0

E 21 59 0 1 0 1 0 1

F 21 60 1 1 0 0 0 1

A 21 60 0 1 1 1 0 0

Source Seq. Age A C F A C F Data

Send flags ACK flags

Ramkumar NL



Computing Routes

Each link is represented twice

Dijkstra’s algorithm for computing shortest paths

Could be tricky for large networks

OSPF, ISIS are practical routing protocols based on LS

OSPF - Open Shortest Path First (used widely in the Internet)

IS-IS - Intermediate System - Intermediate System (used bysome Internet backbones)

Ramkumar NL



DV vs LS

Both guarantee determination of best path;

LS determines entire topology; DV finds only the next hop inthe best path to each destination (by comparing distance tothe destination through all neighbors and choosing the bestneighbor)

In LS each router announces a small amount of information(link state) to all routers (by flooding)

In DV each router announces a large amount of information(distance to every destination) to a small number of routers(only neighbors)

DV susceptible to the count-to-infinity problem

Ramkumar NL



Routing Protocols in Practice

Routing protocols can be exterior or interior

Exterior protocols for routing between autonomous systems(AS)

Interior for routing within an AS

Every AS has to follow the same exterior routing protocol

RIP was the first exterior routing protocol

RIP was based on DV

Currently BGP is the exterior protocol

BGP is a Path vector protocol (has some similarities with DV)

OSPF is the most common interior routing protocol.

Ramkumar NL



Prefix Matching

Destinations captured by prefixes

Match prefix to find interface to be used for forwarding

Ramkumar NL



Router Architecture

Inputs

Outputs

Switching Fabric

Some routers may need to handle millions of packets everysecond

Ramkumar NL



Router Architecture

Ramkumar NL



Input Port Processing

Ramkumar NL



Output Port Processing

Ramkumar NL



Switching in Routers

Ramkumar NL



Congestion

Maximum carrying capacity of subnet

Pac

kets

del

iver

ed

Perfect

Desirable

Congested

Packets sentRamkumar NL



Congestion Control

Reasons for congestion

Sudden increase in traffic to a locationSlow processors (longer queues)

Increasing memory (buffer) may not be the answer!

Why? (hosts will resend packets)

Ramkumar NL



General Principles of CC

Closed loop control

Monitor to system to detect congestionPass this information to places where corrective action couldbe takenAdjust system operation

Open loop

Rules for deciding when to accept packets for onwardtransmissionNo explicit feedback (except that the sender may not get anACK from the destination).

Ramkumar NL



Congestion Prevention Policies

Ramkumar NL



Congestion Control in Datagram Subnets

Monitor utilization of each line

For each lineunew = auold + (1− a)f

u - utilization, f - current traffic rate, a - “forget history”factor

0 ≤ a ≤ 1. Large a - give more weight to past traffic

u is the warning. Depending on u decide on an appropriatecourse of action

Warning bitChoke packetsHop-by-hop choke packets

Ramkumar NL



Warning Bit

Router sets a warning bit in the packet forwarded

Destination sends the warning back to the source (when itsends ACK - transport layer)

Source slows down

Any router on the way could set the warning bit

If a series of ACKs do not have warning bit set, sourceincreases rate

Ramkumar NL



Choke Packets

Router sends a choke packet to source (IP layer)

Original packet is tagged with a special bit before forwarding(to indicate to other routers on the way that a choke hasalready been sent)

Source reduces output to that destination by a fraction

Source may receive many choke packets from the same router(too much of a task for the router to maintain a history thatit has sent a choke packet to a source)

Source ignores other choke packets.

Ramkumar NL



Choke Packets - Continued

If for some time there are no choke packets, source increasesoutput to the destination

Several variations of the algorithm - mild warning, sternwarning, ultimatum

Router can also use queue length instead of u as the triggerfor choke packets

Ramkumar NL



Hop-by-Hop Choke Packets

Choke packets not effective for long distances under hightraffic

Significant delay before the host’s reaction improves thesituation!

Router X experiencing heavy traffic in the line from router Y

Router X sends choke packet to Y .

Router Y expected to reduce the traffic in the line to X

Provides quick relief at the point of congestion.

Router Y buffers packets to reduce traffic

If buffering does not solve the problem, router Y sends chokepackets to it’s neighboring routers.

may send choke packets to multiple neighbors is necessary.

Ramkumar NL



Evolution of Mechanisms With Internet Growth

Warning bit — suitable if end-to-end delay is small, and/orlow reaction time is acceptable

For early Internet/Arpanet this was the case — small numberof hops; low bandwidth implies even a few seconds of delaywill not result in too many buffered packets in routers.

Choke packets — suitable for medium sized networks whereimmediate feed back is provided to source to preventcongestion

Hop-by-hop choke — suitable for current Internet. Chokingthe sources directly may have very little impact as thecontribution of each source is small (compared to the totalrouter traffic).

Ramkumar NL



RED - Random Early Detection/Drop/Discard

Main idea - react well before congestion starts

Discard random packets say when 75% of the capacity isreached

Transport layer should slow down when it realizes that packetsare being lost

open loop control

Ramkumar NL



Load Shedding for RED

Which packets to drop?

Will be useful if the router knows the type of application

For FTP traffic makes sense to drop newer packets

Wine policy - older is better!

For multimedia traffic makes better sense to drop older packet

Milk policy - newer is better!

Ramkumar NL



Fragmentation

IP packet too big to fit into a DL frame

Different DL layers can have different max payload size(Ethernet is 1500 bytes)

Good reasons to limit DL frame size

Error rateFair channel useReduce end-to-end delay (by reducing packet duration)

Ramkumar NL



Fragmentation in IP

IP packets broken into smaller fragments

Not ideal due to overhead — each fragment needs a header(every fragment is an independent datagram)

Who does the reassembly?

Transparent fragmentation: transparent to the destination;fragmented packets reassembled by next hop router (usedwithin ATM gateways in the Internet)Non-transparent fragmentation: destination does thereassembly (used in IP)

Ramkumar NL



Transparent vs Non-transparent Fragmentation

G1 G2 G3 G4

G1 G2 G3 G4

Packet

Network 1

G1 fragments a large packet

G2 reassembles the fragments

G3 fragments

again

G4 reassembles

again

Network 2

(a)

Packet

G1 fragments a large packet

The fragments are not reassembled until the final destination (a host) is reached

(b)

Ramkumar NL



Non Transparent Fragmentation

IP uses non transparent fragmentation to reduce routeroverhead

Each fragment will travel as an independent IP datagram(possibly over different paths)

A fragment may undergo further fragmentation in anotherrouter.

Fragmented packets reassembled at the desination

IP Header requires fields to help the destination reassemblefragments correctly

Some kind of numbering required for each fragment.

Hierarchical or Flat numbering?

Ramkumar NL



Hierarchical Numbering

Packet 0 split into 0.0, 0.1, 0.2 and 0.3

0.0 split into 0.0.0, 0.0.1

What happens if 0.1 does not reach destination?

0 is retransmitted.

Say 0 was split into 0.0 and 0.1 this time

Destination gets 0.1 — but how does it know it is not the old0.1?

Ramkumar NL



Flat Numbering

Hierarchical numbering not suitable

Used in IP.

Every fragment has the same identification number

Each fragment indicates an offset

Each fragment has a flag to indicate if it is the last fragment

Ramkumar NL



Flat numbering

Number of the first elementary fragment in this packet

Packet number

End of packet bit

27 0 1 A B C D E F G H I J

27 0 0 A B C D E F G H 27 8 1 I J

27 0 0 A B C D E 27 5 0 F G H 27 8 1 I J

Header

1 byte

Header Header

Header Header Header

(a)

(b)

(c)

Ramkumar NL



IP HeaderIP AddressesNATNL ReviewMisc. Topics

IP Header

Version IHL Type of service Total length

Identification

Time to live Protocol

Fragment offset

Header checksum

Source address

Destination address

Options (0 or more words)

D F

M F

32 Bits

Ramkumar NL




IP Header Fields

Version

IHL: 4 bits: header length in 32-bit words (4 bytes) - up to15× 4 = 60 bytes

Type of service: 6 bits: rarely used in practice

Total length: 16 bits: maximum length of datagram in bytes(including header) — max length 65,536 bytes

Identification (16 bits) packet number, one unused bit, DF,MF, Offset (13 bits)

Offset is a multiple of 8 (bytes)DF - don’t fragment, MF - more fragmentsMF is zero for last fragment (or unfragmented IP packets)

Ramkumar NL




IP Header Fields

TTL: Time-to-live: actually number of hops; decremented byeach router en-route; if zero, packet is dropped

Protocol (8 bits): Specifies upper layer protocol employing IP(or protocol of payload); eg TCP, UDP

Check http://www.iana.org/assignments/protocol-numbers

Header checksum: one’s complement addition of all headerfields

Recomputed at each hop: Remeber, TTL is changed at everyhop.

Source and Destination addresses

Options: up to 40 bytes; padded to be a multiple of 4 bytes

Ramkumar NL




IP Fragments

Ramkumar NL




IP Options

Ramkumar NL




IP and TCP Headers

Version IHL Type of service Total length

Identification

Time to live Protocol

Fragment offset

Header checksum

Source address

Destination address

Options (0 or more words)

D F

M F

32 Bits32 Bits

Source port Destination port

Sequence number

Acknowledgement number

TCP header length

U R G

A C K

P S H

R S T

S Y N

F I N

Window size

Checksum Urgent pointer

Options (0 or more 32-bit words)

Data (optional)

Ramkumar NL




IP Header vs TL Header

An entire TL packet (TL header+ payload) has to be includedas the IP payload (why?)If the resulting IP packet is too big for DL layer, then the IPpacket is fragmentedRouters don’t look at TL headers (they dont even know itexists); only TTL and IP checksum in IP header modified atevery hop.Both IP and TCP headers 20 bytes default + 40 optionalbytes (UDP: 8 byte header, no options)Both use 4 bits to identity header length in terms of numberof 32-bit words (max 15 words = 60 bytes)IP options are not used in practice; TCP options(WS,SRP,MTU size) very frequently usedIP has total packet length; TCP does not

Ramkumar NL




TL Checksum

Both IP and TL checksum is ones-complement addition of allheader fieldsChecksum in TCP/UDP includes a conceptual pseudo-headerthat includes fields NOT present in the TCP header

IP addresses: in the IP packet that carried (or will carry) theTCP/UDP packetTCP segment length: IP packet size - IP header size - TCPheader sizeProtocol number (6 for TCP, 17 for UDP)

TCP does not try to understand what the IP addresses mean(only used to distinguish between TCP connections)For outgoing packets created by a host AL provides IPaddresses to TL (specified as address bound to a socket)Incoming packets: IP layer provides TCP segment + segmentlength + source/destination IP to TL.

Ramkumar NL




IP Addresses - Classful Addressing

32 Bits

Range of host addresses

1.0.0.0 to 127.255.255.255

128.0.0.0 to 191.255.255.255

192.0.0.0 to 223.255.255.255

224.0.0.0 to 239.255.255.255

240.0.0.0 to 255.255.255.255

Class

0 Network Host

10 Network Host

110 Network Host

1110 Multicast address

1111 Reserved for future use

A

B

C

D

E

Ramkumar NL




Special IP Addresses

This host

A host on this network

Broadcast on the local network

0

Host

Network

127 (Anything)

Broadcast on a distant network

Loopback

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1

0 0 0 0. . .

. . .1 1 1 1 1 1 1 1

Ramkumar NL




IP Prefix Notation

IP Prefix — a set of 2b consecutive IP addresses

Example: 130.58.126.0 / 30 represents a chunk of 232−30 = 4addresses (b = 32− 30)

All addresses for which the first 30 bits are the same as thestarting address 130.58.126.0

the last two bits can be 00 or 01 or 10 or 11 — giving fourdifferent addresses (130.58.126.0 — 130.58.126.3)

130.58.126.0 / 28 represents a chunk of 232−28 = 16addresses (the last 4 bits are free to change, (130.58.126.0 —130.58.126.15)

Ramkumar NL




CIDR: Classless Inter-Domain Routing

CIDR permits networks of any size 2b (where b can be 1 to31).

Not restricted to 3 sizes (as in class A, B, and C whereb = 24, 16 or 8)

How is CIDR efficient?

Allocation closer to what is required — less wastage ofaddresses

Increase in number of networks does not increase routingtable size as addresses can be aggregated

130.58.126.0/28 and 130.58.128.16 / 28 can be aggregated to130.58.126.0/27

130.58.126.0/27 and 130.58.128.31 / 27 can be aggregated to130.58.126.0/26

Ramkumar NL




IP Interface Addresses and Subnets

Ramkumar NL




Subnet Address

Ramkumar NL




Interconnection of Subnets

Ramkumar NL




Aggregation

Ramkumar NL




Exceptions in Aggregations

Ramkumar NL




Network Address Translation

We started running out of IP addresses in the early nineties.

CIDR helped postpone the problem.

NATs to the rescue; Private IP addresses

Private addresses can be reused as they are internal to anetwork.

Can be reused in different networks:

How do we send packets to them? (How do routers outsideknow where to send the packet?)

Packets with private addresses never go out into the Internet.

Private IP address changed by a NAT to a public address.

Reserved IP address ranges - 10.x.x.x, 172.16.x.x to172.31.255.255, and 192.168.x.x

Ramkumar NL




NAT

An organization has thousands of employees and thousands ofcomputers which need Internet connectivity

They have just one public IP address —say 198.60.42.12.

Each machine inside the company is assigned a unique IPaddress in the private IP range

All outbound packets are sent thorough a NAT box

NAT box modifies the IP header — changes the IP to its ownpublic IP

All responses from the outside world are received by the NATbox — which forwards the response back to the private IPaddresses

Applications running on a computer with a private addresscan be completely unaware of this fact.

Ramkumar NL




NAT

1

2

3

4

5

6

7NAT box/firewall

PC Leased line

Packet after translation

Packet before translationCompany

LAN

Company router

Server

ISP's router

10.0.0.1 198.60.42.12

Boundary of company premises

Ramkumar NL




NAT Tables

The challenge: How does the NAT know to which machine toforward the response to?

Change port number in outgoing packets

Each packet coming into the NAT (from inside) has threeunique identifiers for the source — source IP, source portnumber, protocol (TCP/UDP)

From IP + protocol field in IP header; src port in TCP/UDPheader

NAT replaces the src port number

Ramkumar NL




NAT Tables

Makes an entry in NAT Table with five columns (src IP, srcport, Protocol, Assigned Port, TS)

The entry is consulted whenever subsequent outgoing packetswith the same IP, protocol and port are received.

For all such packets the src port is set to the same “assignedport” number in the table.

Entry also consulted for incoming packets with the sameprotocol and assigned port — to modify the destination IPand port

Whenever the entry is consulted the time-stamp for the entryis updated.

What is the need for the time-stamp?

Ramkumar NL




NAT Table

Source IP Source Port Protocol Assigned Port TS

10.1.1.2 1234 TCP 12000 500

10.1.1.2 1234 UDP 12000 632

10.1.1.3 1435 TCP 12001 596

10.1.1.4 1234 TCP 12002 600

Ramkumar NL




NAT

Ramkumar NL




NAT

Solves the IP explosion problem

Your service provider can theoretically give you a private IP,but is not allowed to do that (except for mobile dataproviders)

Every home connection is still provided a public IP (yoursmart phone with a data plan will typically have a private IP).

NAT used for sharing Internet connection with multiplecomputers at home

NAT is widely used within organizations

Ramkumar NL




NAT Problems

1 Violates layered architectural model (which layer do NATsbelong to?)

2 NAT has to keep track of connections (while IP is datagram)3 NAT needs to know the transport protocol: what if some one

decides to use a new protocol over IP?4 Breaks some applications: like FTP and H.2635 Limited port numbers: only 65536, with 4096 reserved for

special uses6 The number of machines behind a NAT with a single public

IP is not an issue.7 Limitation is the number of active entries in the NAT table;8 Only about 60K active sessions or connections (60K

TCP+60K UDP) possible

Ramkumar NL




NAT - A Firewall

How do you access a private IP address from outside?

Can you run a server with a private IP address?

Port forwarding.

Impractical if ISPs give you a private IP (unless your ISPagrees to do port forwarding)

Ramkumar NL




NL Review

Functional components: Routing, congestion control,fragmentation

Routing mechanisms are applications (like RIP BGP, OSPF,ISIS, etc.) that construct routing tables

Two broad types of routing (DV and LS)

Congestion Control: (Open loop and Closed loop)

Closed Loop: Warning bit, Choke packets, Hop-by-hop choke

Open loop: RED (works in conjunction with TCP congestioncontrol mechanisms)

Fragmentation: linear non-transparent fragmentation

Common identifier for all fragments, Offset, More Fragments(MF) flag

Ramkumar NL




NL Addressing

32-bit IP address

Classful addressing (Class A, B, C): not used any more

Classless Inter-Domain Routing (CIDR) used currently

CIDR makes IP allocation more efficient; and reduces routingtable size by aggregating prefixes

CIDR not sufficient to address IP explosion problem

NATs (Network Address Translators)

NATs is an awkward solution; violates architectural hierarchy;some applications broken by NATs.

Ramkumar NL




NL Module (IP Module) Tasks

1 Create IP packets: when TL provides Transport packet + packet length+ sender and destination IP + protocol

1 Or accept IP packets from DL layer

2 Check destination address and decide what to do with the IP packet

Am I the destination? (if so look at the protocol field andhand it over to the appropriate TL module)Is the destination directly reachable? (then determine thenetwork interface to be used to send the IP packet to thedestination)If the destination is not directly reachable consult routingtables to determine the next-hop (then determine the interfaceto be used to send the IP packet to the next-hop)

3 Is the packet too big for this interface? (if so fragment the packet)

4 The packet (or packets for each fragment) need to be put inside a DLframe. What is the DL address of the next-hop? ARP (AddressResolution Protocol)

Ramkumar NL




ARP - Address Resolution Protocol

How is an IP packet sent from one machine to another?

Using DL layer

If 10.2.3.1 needs to send a packet to 10.2.3.4 (same LAN) itneeds to know the DL address (MAC address) of thedestination

What if 10.2.3.1 needs to send the packet to 194.2.3.67?

It needs the MAC address of the router / NAT

How do machines determine each others MAC addresses?

Ramkumar NL




ARP

MAC layer broadcast (use broadcast address in MAC layer —all ones).

Broadcast a query (I’m 10.2.3.1, my MAC address is X , whatis MAC address of 10.2.3.4?)

10.2.3.4 responds with its MAC address

Cache all learnt IP-MAC correspondences

Listen to all requests/responses made and cache them too.

The protocol used for the query and response is ARP

Each machine usually broadcasts its MAC / IP address whenit boots up

What happens if an Ethernet card in a machine is changed?

Cache is periodically flushed clean.

Ramkumar NL




RARP, BOOTP, DHCP

MAC to IP.

Used during booting up

My MAC address is 14.04.06.15.02.24 - what is my IP? ARARP/BOOTP/DHCP server is expected to respond.

Uses broadcast IP addresses and MAC addresses for the query

Useful for storage-less work stations

Some machines may even boot up over the Ethernet card!

RARP - Reverse Address Resolution Protocol

Ramkumar NL




BOOTP

RARP requests are not forwarded outside the LAN

RARP is a MAC layer protocol. RARP server has to be in thesame LAN

Every LAN needs a RARP server

BOOTP is a higher level protocol — runs over UDP!

Requests can forwarded to BOOTP servers outside the LAN.

BOOTP needs manual configuration of MAC / IP mappingsin the BOOTP server.

Ramkumar NL




DHCP

Dynamic Host Configuration Protocol

Allows both manual and automatic address allocation

DHCP servers, DHCP relay agents

Relay agents just need to know the IP address of the DHCPserver

DHCP DISCOVER packet broadcast by hosts when they bootup

How long are the assigned IP addresses valid?

IP addresses-es are leased. Have to be renewed periodically.

Ramkumar NL




DHCP Clients and Servers

Ramkumar NL




DHCP Exchanges

Ramkumar NL




ICMP - Internet Control Message Protocol

Ramkumar NL




Internet Multicasting

Class D addresses

Supports over 250 million groups 224.x.x.x to 239.x.x.x

Permanent and temporary multicast groups

Temporary groups created before they can be used

Hosts “subscribe” to groups

Usually special multicast routers are used

Have to inform all upstream routers on the way (to the sourceof multicast) about existence of subscribers for the groupdownstream.

IGMP - Internet Group Management Protocol

Spanning tree, tunneling

Ramkumar NL




IPv6

Driving forces

Practically unrestricted number of hostsYet reduce size of routing tablesSimplify protocol - faster processing by routersSecurity!Redefine type of serviceMake multicasting simplerAllow for modification of protocolsCoexist with IPv4

Ramkumar NL




IPv6 Header

32 Bits

Version Traffic class Flow label

Payload length Next header Hop limit

Source address (16 bytes)

Destination address (16 bytes)

Ramkumar NL




Optional IPv6 Headers

Ramkumar NL

Network Layer - Mississippi State Universityweb.cse.msstate.edu/~ramkumar/NLS18.pdf ·...

Documents

Transcript of Network Layer - Mississippi State Universityweb.cse.msstate.edu/~ramkumar/NLS18.pdf ·...