View
215
Download
0
Tags:
Embed Size (px)
Citation preview
AddressingAddressing
Jennifer RexfordJennifer Rexford
Advanced Computer NetworksAdvanced Computer Networkshttp://www.cs.princeton.edu/courses/archive/fall08/http://www.cs.princeton.edu/courses/archive/fall08/
cos561/cos561/Tuesdays/Thursdays 1:30pm-2:50pmTuesdays/Thursdays 1:30pm-2:50pm
What is Addressing?
• Providing suitable identifiers to nodes– So you can direct data to a node– So you know which node sent the data– … and how to send data back to that node
• Addressing in the U.S. mail– Zip code: 08540– Street: Olden Street– Building on street: 35– Room in building: 306– Name of occupant: Jennifer Rexford
???
Phone Numbers
• Hierarchical– Country code (1)– Area code (609)– Local exchange (258)– Subscriber number (5182)
• Some exceptions– 800: indirection service (free for the caller)– 900: indirection service (billed to the caller)– Cell phone numbers, where the node is
mobile– ... blurring distinction between name and
address
Overview of Today’s Class
• Two widely-used addressing schemes– Medium Access Control (MAC) addresses– Internet Protocol (IP) addresses
• Key concepts in addressing– Number of unique addresses– Allocating addresses to nodes– Flat vs. hierarchical structure– Persistent vs. temporary identifiers– Handling diminishing address space– Spoofing of source addresses
• Discussion of Clark88 and Saltzer81 papers
Some Questions
• Could every host on the Internet have an arbitrary, unique numerical address?– Would it scale?
• Is hierarchy necessary to make it scale?– Tying the addressing to the topology &
routing?• What about mobile hosts? • Who should allocate the addresses?
– Network provider? Device manufacturer?• Does the sender of the traffic need to
authenticate itself? The destination?– What about spoofing and impersonation?
Comparing MAC and IP Addresses
MAC IP
Assignment Hard-coded in the adaptor
Configured or learned
Size 48 bits 32 bits (in v4)
Structure Flat Hierarchical
Portability Constant over life of the adapter
Changes with time and location
Purpose Delivery within a single network
Delivery across an inter-network
E.g., social security number vs. postal address
MAC Addresses
• Flat name space of 48 bits– Typically written in six octets in hex– E.g., 00-15-C5-49-04-A9 for my Ethernet
• Organizationally unique identifier– Assigned by IEEE Registration Authority– Determines the first 24 bits of the
address– E.g., 00-15-C5 corresponds to “Dell Inc”
• Remainder of the MAC address– Allocated by the manufacturer– E.g., 49-04-A9 for my Ethernet card
Scalability Challenges
• MAC addresses are flat– Multiple hosts on the same network– No relationship between MAC
addresses
• Data plane– Forwarding based on MAC address– Table size? Look-up overhead?
• Control plane– Determining where the host is located– Keeping the information up-to-date
Forwarding Frames to Destination Adapter
• Shared media– Forward all frames on the shared media– Adapter grabs frames with matching dest
address
• Multi-hop switched networks– Flood every frame over every link?– Learn where the MAC address is located?
host host host...
host host
host host
When to Learn?
• When the adapter connects to the network?– Requires adaptor to register its presence– Overhead even when not sending/receiving– Leading to control messages and large tables
• When the adapter sends a frame?– Source MAC address is in the frame– Allows switch to learn about the adapter
• When the adapter needs to receive a frame?– Destination MAC address is in the frame– Switch needs to figure out how to get there
Motivation For Self Learning
• Switches forward frames selectively– Forward frames only on segments that need
them
• Switch table– Maps dest MAC address to outgoing
interface– Goal: construct the switch table
automatically
switch
A
B
C
D
Self Learning: Building the Table
• When a frame arrives– Inspect the source MAC address
– Associate the address with the incoming interface
– Store the mapping in the switch table
– Use a TTL field to eventually forget the mapping
A
B
C
D
Switch learns how to reach A.
Self Learning: Handling Misses
• When frame arrives with unfamiliar dest– Forward the frame out all of the interfaces
– … except for the one where the frame arrived
– Hopefully, this case won’t happen very often
A
B
C
D
Switch floods frame that is destined to C.
Switch Filtering/Forwarding
When switch receives a frame:
index switch table using MAC dest addressif entry found for destination
then { if dest on segment from which frame arrived
then drop the frame else forward the frame on interface
indicated } else flood
forward on all but the interface on which the frame arrived
MAC Addresses
• Disadvantages– Large forwarding tables in the data plane– Flooding overhead to learn location
information– Lack of privacy
• Advantages– Persistent identifier (well, except for
spoofing)– Mobile hosts are easy to handle– Forwarding-table look-up is a simple match
COS 461: Internet Control Protocols (#8)
• Dynamic Host Configuration Protocol (DHCP)– End host learns how to send packets– Learn IP address, DNS servers, and gateway
• Address Resolution Protocol (ARP)– Others learn how to send packets to the end
host– Learn mapping between IP and MAC
addresseshost host DNS... host host DNS...
router router
1.2.3.0/24 5.6.7.0/24
1.2.3.7 1.2.3.156???
1.2.3.19
router
COS 461: Hubs and Switches (#10)
• Different devices switch different things– Physical layer: electrical signals (repeaters,
hubs)– Link layer: frames (bridges, switches)– Network layer: packets (routers)
• Key ideas in switches– Self learning of the switch table– Cut-through switching– Spanning trees
• Virtual LANs (VLANs)Frameheader
Packetheader
TCPheader
Userdata
Application gateway
Transport gateway
Router
Bridge, switch
Repeater, hub
IP Addressing: Scalability Through Hierarchy
• Hierarchy through IP prefixes– Routing between networks– Allocation of address blocks
• Non-uniform hierarchy– More efficient address allocation– More complex packet forwarding
• Dealing with limited address space– Larger address space (IPv6 with 128 bits)– Sharing a small set of addresses (NAT)– Dynamic assignment of addresses (DHCP)
Grouping Related Hosts
• The Internet is an “inter-network”– Used to connect networks together, not
hosts– Needs a way to address a group of hosts
host host host
LAN 1
... host host host
LAN 2
...
router router routerWAN WAN
LAN = Local Area NetworkWAN = Wide Area Network
Scalability Challenge
• Suppose hosts had arbitrary IP addresses– Then every router would need a lot of information– …to know how to direct packets toward the host
host host host
LAN 1
... host host host
LAN 2
...
router router routerWAN WAN
1.2.3.4 5.6.7.8 2.4.6.8 1.2.3.5 5.6.7.9 2.4.6.9
1.2.3.4
1.2.3.5
forwarding table
Hierarchy Through Prefixes
• Divided into network and host portions• 12.34.158.0/24 is 24-bit prefix (28
addresses)
00001100 00100010 10011110 00000101
Network (24 bits) Host (8 bits)
12 34 158 5
Example IP Address and Subnet Mask
00001100 00100010 10011110 00000101
12 34 158 5
11111111 11111111 11111111 00000000
255 255 255 0
Address
Mask
Scalability Improved
• Number related hosts from a common subnet– 1.2.3.0/24 on the left LAN– 5.6.7.0/24 on the right LAN
host host host
LAN 1
... host host host
LAN 2
...
router router routerWAN WAN
1.2.3.4 1.2.3.7 1.2.3.156 5.6.7.8 5.6.7.9 5.6.7.212
1.2.3.0/24
5.6.7.0/24
forwarding table
Easy to Add New Hosts
• No need to update the routers– E.g., adding a new host 5.6.7.213 on the right– Doesn’t require adding a new forwarding entry
host host host
LAN 1
... host host host
LAN 2
...
router router routerWAN WAN
1.2.3.4 1.2.3.7 1.2.3.156 5.6.7.8 5.6.7.9 5.6.7.212
1.2.3.0/24
5.6.7.0/24
forwarding table
host
5.6.7.213
Classful Addressing (and Dotted Quad Notation)
• In the olden days…– Class A: 0*
• Very large /8 blocks (e.g., MIT has 18.0.0.0/8)
– Class B: 10*• Large /16 blocks (e.g,. Princeton has
128.112.0.0/16)
– Class C: 110*• Small /24 blocks (e.g., AT&T Labs has
192.20.225.0/24)
– Class D: 1110*• Multicast groups
– Class E: 11110*• Reserved for future use (sounds a bit scary…)
• And then, address space became scarce…
04/18/23
Classless Inter-Domain Routing (CIDR)
IP Address : 12.4.0.0 IP Mask: 255.254.0.0
00001100 00000100 00000000 00000000
11111111 11111110 00000000 00000000
Address
Mask
for hosts Network Prefix
Use two 32-bit numbers to represent a network. Network number = IP address + Mask
Usually written as 12.4.0.0/15
04/18/23
CIDR = Hierarchy in Address Allocation
12.0.0.0/8
12.0.0.0/16
12.254.0.0/16
12.1.0.0/1612.2.0.0/1612.3.0.0/16
:::
12.253.0.0/16
12.3.0.0/2412.3.1.0/24
::
12.3.254.0/24
12.253.0.0/1912.253.32.0/1912.253.64.0/1912.253.96.0/1912.253.128.0/1912.253.160.0/1912.253.192.0/19
:::
• Prefixes are key to Internet scalability– Routing protocols and packet forwarding based on
prefixes– Today, routing tables contain ~150,000-200,000
prefixes
Obtaining a Block of Addresses
• Separation of control– Prefix: assigned to an institution– Addresses: assigned to nodes by the institution
• Who assigns prefixes?– Internet Corp. for Assigned Names and
Numbers• Allocates large blocks to Regional Internet Registries
– Regional Internet Registries (RIRs)• E.g., ARIN (American Registry for Internet Numbers)• Allocated to ISPs and large institutions in a region
– Internet Service Providers (ISPs)• Allocate address blocks to their customers• Who may, in turn, allocate to their customers…
whois –h whois.arin.net 128.112.136.35
OrgName: Princeton University OrgID: PRNU Address: Office of Information Technology Address: 87 Prospect Avenue City: Princeton StateProv: NJ PostalCode: 08544-2007 Country: US NetRange: 128.112.0.0 - 128.112.255.255 CIDR: 128.112.0.0/16 NetName: PRINCETON NetHandle: NET-128-112-0-0-1 Parent: NET-128-0-0-0-0 NetType: Direct AllocationRegDate: 1986-02-24
Longest Prefix Match Forwarding
• Forwarding tables in IP routers– Maps each IP prefix to next-hop link(s)
• Destination-based forwarding– Packet has a destination address– Router identifies longest-matching prefix– Pushing complexity into forwarding
decisions
4.0.0.0/84.83.128.0/1712.0.0.0/812.34.158.0/24126.255.103.0/24
12.34.158.5destination
forwarding table
Serial0/0.1outgoing link
Are 32-bit Addresses Enough?
• Not all that many unique addresses– 232 = 4,294,967,296 (just over four billion)– Plus, some are reserved for special purposes– And, addresses are allocated in larger
blocks• And, many devices need IP addresses
– Computers, PDAs, routers, tanks, toasters, …
• Long-term solution: a larger address space– IPv6 has 128-bit addresses (2128 = 3.403 ×
1038)
Short-Term Solutions: Limping Along
• Network Address Translation (COS 461 lecture #9)
– Allowing multiple hosts to share an IP address– IP addresses not unique and not end-to-end
NAT
inside
outside
10.0.0.1
10.0.0.2
138.76.29.7
Short-Term Solutions: Limping Along
• Dynamic Host Configuration Protocol (lecture #8)
– Share a pool of addresses among many hosts
– Dynamically assign an IP address upon request
arrivingclient
DHCP server233.1.2.5
DHCP discover(broadcast)
DHCP offer
DHCP request
DHCP ACK
(broadcast)
Continued Growth in the Number of Prefixes
• Since 2005– Now up to 250,000-300,000 prefixes
• Increased concern about scalability– Data plane: longest-prefix match lookup times– Control plane: memory and messages for
routing protocols– http://trac.tools.ietf.org/group/irtf/trac/wiki/
RoutingResearchGroup
• Exploration of architectural alternatives– Avoid routers needing to know all prefixes– Routing on ASes, using tunnels, caching, etc.
http://trac.tools.ietf.org/group/irtf/trac/wiki/RoutingResearchGroup
Fundamental Goal
• Effective technique for multiplexed utilization of existing interconnected networks
• Concrete objective: connect the ARPAnet and the ARPA packet radio network
• Must grapple with– Diverse technologies, including legacy
networks– Separate administrative control
Second-Level Goals
• Main goals– Survivability in the face of failure– Multiple types of communication service– Wide variety of network technologies
• Other goals– Distributed management of resources– Cost effectiveness– Host attachment with low level of effort– Accountability of resources
Design Consequences of the Goals
• Effective multiplexed utilization of existing networks– Packet switching, not circuit switching
• Continued communication despite network failures– Routers don’t store state about ongoing transfers– End hosts provide key communication services
• Support for multiple types of communication service– Multiple transport protocols (e.g., TCP and UDP)
• Accommodation of a variety of different networks– Simple, best-effort packet delivery service– Packets may be lost, corrupted, or delivered out of order
• Distributed management of network resources– Multiple institutions managing the network– Intradomain and interdomain routing protocols
Different Goals, Different Outcomes
• What about the unique needs of:– Network operators for commercial carriers– Secure, mission-critical networks (e.g.,
military)
• Different goals, and different priorities– How would the goals differ?– How would the priorities differ?
• Different outcomes– What design decisions would change?
Mismatch With Network Operators
• Accountability of network resources– But, routers don’t maintain state about transfers– But, measurement isn’t part of the infrastructure
• Reliability/predictability of services– But, IP doesn’t provide performance guarantees– But, equipment is not very reliable (no “five-9s”)
• Fine-grain control over the network– But, routers don’t do fine-grain resource allocation– But, network self-configures after failures
• End-to-end control over communication– But, end hosts adapt to congestion– But, traffic may traverse multiple domains
Mismatch With Security
• The Internet must support multiplexed utilization of existing interconnected networks– Doesn’t consider the need to balance trade-offs
between interconnectivity and security– Required security mechanisms are driven by
the limitations of the least capable legacy network
• Internet communication must continue despite loss of networks or gateways– Oversimplifies the nature of modern threats by
not including cyberattacks, signals intelligence, …http://www.darpa.mil/STO/solicitations/AGN/index.html
Mismatch With Security
• The Internet must support multiple types of communications service – Mission-specific secure networks are not an
appropriate arena for experimentation/innovation
– Lack of separation between user applications and network services needlessly exposes essential services to easy attack by users
• The Internet architecture must accommodate a variety of networks – Cross-domain security solutions are
particularly difficult to design
Mismatch With Security
• The Internet architecture must permit distributed management of its resources – Existing distributed management is largely
based on assumptions of trust, allowing a single inept or malicious user or administrator to create chaos
– Protocols do not have ways to limit damage from errors or malicious users
– Defensive systems are layered upon protocols at additional cost and complexity, instead of being jointly designed with those protocols
– Configuration complexity and human error are the largest source of vulnerability in many networks
Mismatch With Security
• Internet architecture must be cost effective – To the extent that economic considerations
may be a root cause of poor security, a criterion concerning the cost of network defense should perhaps have a higher priority
• Internet architecture must permit host attachment with a low level of effort– It is unclear what minimum requirements must
be imposed on end systems in a secure network• Resources used must be accountable
– Authentication and accountability are central to availability, integrity, and confidentiality