Introduction to the IP protocol and IP networks Martin rot
[email protected]
Slide 2
Characteristics of IP protocol IP (Internet Protocol) is a
Network Layer Protocol IP is a connectionless, unreliable,
best-effort delivery protocol. IP accepts whatever data is passed
down to it from the upper layers and forwards the data in the form
of IP Packets. All the nodes are identified using an IP address.
IPs current version is Version 4 (IPv4) with 32-bit IP addresses.
It is specified in RFC 891. Newest version - IPv6 has 128-bit
addresses and enhanced characteristics Packets are delivered from
the source to the destination using IP address IP protocol include
routing of packets (IP datagrams)
Slide 3
Features of IP protocol is universal, offers a simple
transmission services does not use the specifics of the physical
transmission technologies - requires a "common minimum" trying to
cover up the differences - creates a unified environment for all
applications is focused on the simplicity, efficiency and speed
operates with variable packet size the size of the packet is
specified by the sender (application) - but it can lead to
fragmentation, is a connectionless transmitted packets are not
numbered, and there is no guarantee of the order or delivery time
Operates as unreliable - "best-effort" no guarantee of delivery no
guarantee of undamaged of the data does not use acknowledgment does
not support flow control may discard datagram - wrong checksum,
exceeding the life of a packet, network congestion threatens
Slide 4
Format of IP datagram The size is variable max. 64 K (65535
bytes) minimum supported size: 576 bytes without fragmentation
corresponds to 512 bytes of payload, the other is the overhead
headerdata part HLEN (Header LENgth, 4 bits) TOTAL LENGTH (16
bits), max. 65535 bytes the size of the heades is also variable
(typical size ist 20 B)
Slide 5
The problem of fragmentation Cause of the problem: different
transmission technologies work with different sizes of line frames
datagrams the size is specified by the MTU (Maximum Transfer Unit)
e.g. 48 : ATM 576: X.25 1492: IEEE 802.3 1500: Ethernet II 1500,
2048, 4096: Token Ring 4325, 2048: FDDI the one who determines the
size of the data packet can adapt to the known size of MTU Where is
the problem: knowledge of the MTU refers only to the local network
(segment), does not apply to the whole connection!! Thanks to
connectionless nature of IP protocol (not open connections) the
fragmentation can not be excluded even if tle local MTU will be
respected!
Slide 6
ICMP (Internet Control Message Protocol) IP protocol is not
"heartless" do not discard datagrams for no reason has the right to
discard datagram in non- standard situations - loops, bad header
checksum, overload, if it can not be fragmented,... But when
something is discarded, IP does not care about correcting but
trying to inform you that something has happened for information
about the non-standard situations there is ICMP protocol except
incorrect header checksum, then you can not rely on information
about the sender and other content
Slide 7
ICMP ICMP is an integral part of the IP protocol must be
mandatorily implemented together with the IP is mutually
interconnected with the IP protocol - the recipient of ICMP
messages is the sender's IP protocol ICMP packets traveling
networks embedded in IP datagrams - loss of datagrams containing
the ICMP packets are not reported (risk of looping) Overview
situations / information that ICMP reports: Source Quench (analogy
of flow control at the level of routers) Time exceeded Destination
unreachable Redirect Parametr problem echo request/reply address
mask request/reply router advertisement
Slide 8
IP addresses
Slide 9
Symbolic notation of IP addresses IP V4 address is a 32-bit
binary number. Use single way of writing: content of each byte is
expressed as a decimal number, the individual parts are connected
by a dot. For example: 193.84.57.34 IP V4 - class A: 1.x.x.x to
126.x.x.x IP V4 - class B: 128.0.x.x to 191.255.x.x IP V4 - class
C: 192.0.0.x to 223.255.255.x IP V6 address is 128-bit binary
number V6 is written in hexadecimal, separated by colons in
quadruples. The quadruple does not write a zero, if there is a
composition of one or more of quaternions of zeros, the presence of
zeros is identified only separating colon. For example:
4ef5:ffff:1::baf/64, where the number after the slash specifies the
length of the prefix, ie the number of bits from left to addresses
that identify addresses belonging to the network. 2 C0 H A8 H 0H0H
2H2H 1921680 192.168.0.2
Slide 10
IP addresses configuration Static vs. DHCP (Dynamic Host
Configuration Protocol)
Slide 11
The concept of IP V4 addresses class A, B a C 0 network address
10 110 A B C 24 bits 16 bits 8 bits 1+7 bits = 1B 2+14 bits = 2B
3+21 bits = 3B node address
Slide 12
Special addresses there are two special classes of IP
addresses: Class D is used for the multicast (group transmission)
Class D consists of 224.0.0.0 to 239.255.255.255 address Class E is
reserved for future use Class E consists of 240.0.0.0 to
255.255.255.255 address Class E was not actually used for expansion
(IP addresses in IPv6) addresses Class D and E are not logically
binary can be allocated individually 00 = this computer 0 =
computer on this(local) network x x0 x 1..1 = this network as a
whole piece = controlled broadcast (only for network x) 1..1 =
limited broadcast (only for selected network) 127.x.x.x = loopback
(interfaces that do not go out")
Slide 13
Special addresses A whole class A is assigned to specific
entities Eg. 6.0.0.0 / 8 belongs to U.S. Army; 17.0.0.0 / 8 Apple,
etc. There are two exceptions: 0.0.0.0 / 8 is not in use, 127.0.0.0
/ 8 is reserved for loopback (loopback address) Public vs. private
IP addresses Unspecified IP addresses are used as public Private
networks use these networks: 10.0.0.0 / 8 (10.0.0.0 to
10.255.255.255) 172.16.0.0/12 (172.16.0.0 to 172.31.255.255)
192.168.0.0/16 (192.168.0.0 to 192.168.255.255) 169.254.0.0/16
(169.254.0.0 to 169.254.255.255) This network is dedicated to a
network without DHCP service to automatically assign IP addresses
in the failure to obtain an IP address automatically
Slide 14
Subnet Mask The subnet mask describes the distribution of
addresses into subnets The subnet mask in binary format has the
ones from the left to the point where the network number ends and
on the location of the number of network interfaces are the zeros
Using a subnet mask router decides on the routing of IP datagram
Example: IP address 192.168.68.233/24 The mask in binary:
11111111.11111111.11111111.00000000 (network number by CIDR is the
first 24-bits) Mask decimal: 255. 255. 255. 0 IP addresses of the
network: 192.168.68.0 192.168.68.255
Slide 15
Subnet Mask The mask can determine the number of network IP
address decimal: 192. 168. 68. 233 IP address binary:
11000000.10101000.01000100.11101001 Subnet mask:
11111111.11111111.11110000.00000000 Logical producit (AND):
11000000.10101000.01000000.00000000 (Logical product of the
previous two lines) Network number (decimal): 192. 168. 64. 0 If we
know the network number and mask, we can calculate the range of IP
addresses that can be used in the network
Slide 16
Subnet Mask The mask can determine the number of network Eg. -
What IP addresses can be used in network 192.168.64.0/20 Mask
binary: 11111111.11111111.11110000.00000000 (20 bits) Network
number binary: 11000000.10101000.01000000.00000000 (192.168.64.0)
1. IP address: 11000000.10101000.01000000.00000001 (192.168.64.1 -
1 higher than the number of network) 2. IP address:
11000000.10101000.01000000.00000010 (192.168.64.2 - 1 higher than
the previous)... Last IP address:
11000000.10101000.01001111.11111110 (192.168.79.254 - 1 less than
the broadcast) Broadcast: 11000000.10101000.01001111.11111111
(192.168.79.255) TOTAL # OF IP ADDRESS: 4094 (2 12 - 2 (network
number and broadcast))
Slide 17
Subnet Mask EXERCISE: Try to determine the mask and range of IP
addresses for these examples 10.102.0.0/23; 192.168.0.140/25;
192.168.100.1/29
Slide 18
Subnet Mask EXERCISE: Try to determine the mask and range of IP
addresses for these examples: 10.102.0.0/23; 192.168.0.140/25;
192.168.100.1/29
Slide 19
Subnet Mask EXERCISE: Try to determine the mask and range of IP
addresses for these examples: 10.102.0.0/23; 192.168.0.140/25;
192.168.100.1/29 10.102.0.0/23: Mask 255.255.254.0 IP range
10.102.0.0 10.102.1.255 (510 addresses) 192.168.0.140/25 : Mask
255.255.255.128 IP range 192.168.0.128 192.168.0.255 (126
addresses) 192.168.100.1/29: Mask 255.255.255.248 IP range
192.168.100.0 192.168.100.7 (6 addresses)
Slide 20
Way of distributing IP addresses No IP address can not be
assigned twice although nowadays there are some exceptions The
original solution: the central authority - originally resort SRI
NIC (at Univ. Stanford of the USA) - each candidate from all over
the world asked directly SRI NIC, assign the addresses directly -
over time it became unacceptable organizationally Next
developmental stage: the central authority became IANA organization
that allocates blocks of IP addresses across regional providers:
RIPE (Europe and parts of Asia) APNIC (Asia, Pacific) ARIN (USA,
Canada) LACNIC (Central and South America) AFRINIC (Africa) IANA
RIPEAPNIC ARIN allocation of entire blocks of addresses allocation
of IP address class B and C
Slide 21
Way of distributing IP addresses IP V4 already ran out in 2012
(under the IANA) Pressure on providers of the IPv6 Solution using
NAT (network address translation)
Slide 22
NAT NAT Network Address Translation From one external IP
address can create another extensive (private) internal network It
saves public IP addresses The security element Management of the
internal network port forwarding + firewall
Slide 23
IP V6 Due to the structure of TCP / IP, it will be replaced
only by the network transport layer - ie IP datagrams. The
subsequent necessary changes will occur therefore only in a limited
set of protocols (such as DHCP, ICMP, etc.). Removed NAT - huge
address space (3.410 38 addresses) The high number of addresses
allows hierarchical organization, which simplifies routing and
renumbering Stateless address autoconfiguration Multicast -
broadcast to the all-hosts (FF02 :: 1) Support for mobile devices
security mechanisms directly in the IP support services with
guaranteed quality
Slide 24
IP V6 - special addresses eg.
2001:0db8:7654:3210:fedc:ba98:7654:3210 prefixmeaning ::/128
undefined address ::1/128 local loop (loopback) fc00::/7unique
individual local - used only locally, but likely are globally
unique fe80::/10 individual local link addresses - are unique only
within the link ff00::/8group - multicast otherindividual
global
Slide 25
IP V4 MAC address egd. 00:16:17:e1:28:5f MAC (Media Access
Control) address is a unique identifier of the device used by
protocols on the second layer of the OSI RM (network interface
layer of TCP / IP) alias "physical address The Ethernet MAC address
has an 48 bits - six two-digit hexadecimal numbers (Used in most
technologies) Assigned by the manufacturer, is unique (as defined)
has two parts. First part define the manufacturer and the second
part define particular piece of hardware Special MAC addresses
Broadcast (ff: ff: ff: ff: ff: ff), multicast, locally managed
(rarely)
Slide 26
Routing / switching in IP environment link layer end node The
network on the L2 (switches) network layer transport. layer link
layer network layer transport. layer link layer end node The
network IP routers (router) - L3 network layer transport. layer
link layer network layer transport. layer link layer network layer
link layer Header of link layer IP header TCP header data link
layer network layer
Slide 27
The principle of switching frames - L2 The switch analyzes the
addresses and provides: Switch (Turn Frame) to the appropriate
destination port Filters out / canceled (Drop Frame) if the address
does not match the transmitting port Switch (Bridge Frame) switch
to higher network if the MAC address is not in the table Standard
offers two types of switching: Store and forward - the entire frame
is loaded into the internal memory, then it checks and according to
the destination address is transferred by the specified port Cut
Through - fast switching - reads only the frame header and then
after sending headers directly re-sends the data part
Slide 28
Routing Routing is a choice of direction in each router for
onward transmission of packets based on the routing information
permanently regenerated. Routing involves besides its own executive
function of forwarding packets even: storage of routing information
- ie keeping routing tables calculation of optimal routes, which is
a combinatorial problem of finding the shortest path in the graph,
and the result is "basis for choice of the direction" maintenance
of routing information - updating data for calculating routes
Routing Static Vs. dynamic Each router tests the availability of
its neighbors - ie, line status, compiles "link state packet" about
the availability of neighbors (line status and its evaluation) and
sends these packets to all nodes in the network.
Slide 29
Direct and indirect routing Direct routing: the sender and the
recipient are located in the same IP network - This can be
recognized by the fact that they have the same network part of
their IP addresses Do not care about routing selection. The data
link layer (layer network interface) take care about the delivery
of the data - the sender sends a datagram "directly" to the end
terminal. indirect routing sender and recipient are located in
different IP networks the sender must determine the most
appropriate outbound direction (router located in this direction) -
the sender sends a datagram to router in the selected outgoing
direction IP Direct routing Indirect routing router
Slide 30
The concept of routing tables in the routing table is not the
full path to the destination, but only "next hop", ie the address
of the nearest router prefix in the address of the destination
network corresponding to the mask - "CIDR prefix" represents the
number of bits with ones in mask IP netw. (192.168.0) IP netw.
(192.168.1) IP netw. (192.168.2) IP netw. (192.168.3) IP netw.
(192.168.4) IP netw. (192.168.5) IP netw. (192.168.6) IP netw.
(192.168.7) target network / prefix send over 192.168.0/24send
directly 192.168.1/24192.168.0.3 192.168.2/24192.168.0.4
192.168.3/24192.168.0.5 192.168.4/24192.168.0.4
192.168.5/24192.168.0.4 192.168.6/24192.168.0.4
192.168.7/24192.168.0.4 192.168.0.3 192.168.0.5 192.168.0.4 routing
table of node addresses of the next hop
Autonomous systems Large amounts of transmitted routing
information is solved with the "decomposition" based on autonomous
system (AS). AS do not spread detailed routing information, but
provides only information about the available AS network. Each
autonomous system has a certain (small) number of input / output
points of interconnection with other autonomous systems. These
points exchange information about the availability (of its content)
and also tests the mutual existence, Originally the stru ture of AS
was strictly tree-like. The new protocols nowadays do not limit AS
in choosing how ("which way") wants to communicate with the other
autonomous systems. This enables the potential peering, ie direct
interconnection of autonomous systems, bypassing the default
connection via the backbone AS4 AS1 AS2 AS3
Slide 33
Autonomous systems on the network backbone autonomous system
(AS) externally does not inform about their internal structure or
the detailed routing information is "autonomous" in the sense that
it can itself determine its own routing policy, including how it is
handled within the AS routing information update AS externally only
publishes information about availability in terms of: AS1 "inside
me is a network A to B" AS2 "inside me is a network C and G A B C
DE F G backbone part of the Internet autonomous system AS1
autonomous system AS2
Slide 34
Exterior Gateway Protocols autonomous systems must exchange
information about the availability, existence, "the establishment
of mutual relations"... This requires appropriate protocols Almost
exclusively is used protocol BGP (Border Gateway Protocol) in
version BGP4, which replaced the earlier EGP: supports the general
interconnection of autonomous systems and not just "a tree topology
allows you to set different criteria in choosing between
alternative directions - AS administrator can set priorities. for
example depending on the speed, capacity of lines, the reliability,
etc.
Slide 35
IGP Interior Gateway Protocols within itself, each autonomous
system can solve the routing as it deems appropriate - can apply
their own routing policy and way of updating routing information
there are several alternative protocols that can be used to update
the routing information inside the AS the IGP (Interior Gateway
Protocols) are RIP (Routing Information Protocol) works on the
principle of "distance vector" suitable for small to medium sized
networks, not large OSPF (Open Shortest Path First) - the most
widespread protocol: works on the principle "link state" suitable
also for larger networks (larger autonomous systems)
Slide 36
Protocol OSPF (Open SPF) It is an "open older version of the
protocol SPF (Shortest Path First) - the specifications are
publicly available, originates from the IETF, is the link-state
type each node tests the availability of its neighbors - ie, link
status, Each node compiles a link state packet, stating the
information about the availability of its neighbors - the state of
line and its evaluation, These packets are sent to all nodes in the
network immediately only when data is changed, otherwise for
refreshing every 30 minutes (optional). All nodes in the network
have full information about the individual links and can calculate
the optimal path - everyone counts "for themselves", the error
affects only themself. OSPF supports alternative routes allows to
define different paths for different types of traffic supports load
balancing OSPF supports other "decomposition" - allows subdividing
networks into smaller areas (area) which are analogous to
autonomous systems that their topology is not distributed outside
the area - minimizing the amount of information of updates
Slide 37
Protocol OSPF (Open SPF)
Slide 38
Slide 39
OSPF CESNET
Slide 40
Protocol OSPF (Open SPF) - CESNET
Slide 41
Slide 42
TCP / IP does not provide a security The main idea of TCP / IP
is that the transmission mechanisms should mainly transmitted data
and not have to worry about additional features: transmitted data
are unprotected against "eavesdropping" - not encrypted or
otherwise protected If an application requires a certain level of
security, it must provide itself it is therefore the same
"compromise" as confidence - either to provide security to all
(even those who do not need it), or it will provide for each
candidate by itself. The result is that transmission infrastructure
is simpler, faster and cheaper than when it operated in a secure
manner Security must be addressed at the application level,
especially by authentication, encryption, tunneling, separation by
firewall, etc. or tools for MPLS L3 or L2 to exploit the
capabilities of L2, which allow each packet / frame to prioritize
their belonging to the closed group.
Slide 43
TCP / IP does not solve the specific requirements of multimedia
These applications need to receive their data with small and
regular delays, i.e. with regular spacings between them, This
concerns, for example, the transmission of images or sound, ie
VoIP, TV broadcasts, radio, video-on-demand, the problem is with
the functioning of the transmission mechanisms of TCP (UDP) / IP on
the principle of "best effort, but non-guaranteed result It is
necessary to support QoS (Quality of Service) - QoS is essentially
a "counterpart" principle of best effort (BE): "quantitative":
increasing the available capacity - they operate on the principle
of "best effort..." remains, improvement is statistical, ie it is
less likely that it will have to be a reduction requirements
concerns both the transmission capacity (ie lines) and "switching
capacity" (routers, switches) 'qualitative': the implementing of
QoS support - the principle of "best effort " is replaced by
another mode of operations - the improvement is guaranteed, but
expensive and difficult
Slide 44
QoS in TCP / IP - possible approaches Prioritization -
different types of traffic are assigned different priority and is
handled differently - traffic with higher priority get "better
handling" (and allocation) at the expense of lower priority
traffic. Examples of solutions include: MPLS (Multiprotocol Label
Switching) implemented either tool third or as a second layer (MPLS
/ ATM, etc.), Using tools L2 layer (s Network Interface) - eg L3/L2
switching IEEE 802.11e - Certification 1 and 2 Grades - WMM, WMM-PS
Reservation - the need for specific parameters can be dedicate
(reserve) required resources and then use those - this includes
reservation of transmission capacity, switching capacity, etc. An
example solution is RSVP (Resource Reservation Protocol) and it
adjoins the transport protocol RTP (Real-Time Protocol), which
operates over UDP protocol
Slide 45
Protocols above the IP protocol UDP Simple highspeed low-level
protocol connectionless No reliability guarantee typically small
packets TCP Connection-oriented, reliable Not as efficient as UDP
Data is guaranteed to arrive, and in the correct order without
duplications Or the connection will be dropped Imposes significant
overheads A lot of applications (http, ftp, )