Chapter 4: outline s... · 4 Virtual-circuit networks need 3rd function Before datagrams can flow, end hosts and routers between them establish arouters between them establish a virtual

1

Chapter 4: outline4.1 Overview of Network

layer data plane

4.4 Generalized Forwarding and SDN

t h data plane control plane

4.2 What’s inside a

match action OpenFlow examples of

router4.3 IP: Internet Protocol

IP 4 d t m f m t

match-plus-action

IPv4 datagram format fragmentation v4 addressing network address

translation IPv6

4-1Network Layer: Data Plane (SSL)

11/2/2017

2

Network layer d li s s ts f delivers segments from

sending to receiving host sender encapsulates segments

applicationtransportnetworkdata linkphysicalp g

into datagrams Receiver de-encapsulates and

delivers segments to

p y

networkdata linkphysical network

data link

networkdata linkphysical

networkdata link


transport layer network layer in every host,

every router

physical physical

network


networkdata linkphysicalevery router

router examines IP header field in every passing d

applicationtransportnetworkdata linkphysical

data linkphysical

networkdata link

networkdata linkphysicalnetwork

datagram (exception: routers running MPLS)

physicalphysicaldata linkphysical

Network Layer: Data Plane (SSL)

4-211/2/2017

3

Key Network-Layer FunctionsKey Network Layer Funct ons forwarding: move a packet from router’s

input interface to an appropriate outputinput interface to an appropriate output interface

routing: determine route taken by packets f m s t d stin ti nfrom source to destination

routing protocols (intra-AS and inter-AS) h AS i f “A t S t ”where AS is acronym for “Autonomous System”

every AS runs the same inter-AS protocol


4-311/2/2017

4

Virtual-circuit networks need 3rd function Before datagrams can flow, end hosts and

routers between them establish a virtualrouters between them establish a virtual circuit Routers maintain state info Earlier networks designed initially to compete

with IP:ATM frame relay X 25 (from old to very old)ATM, frame relay, X.25 (from old to very old)

MPLS protocol designed about 10 years ago to provide virtual circuits supported by IP routers (typically within the same AS); it borrows the idea of “labels”(typically within the same AS); it borrows the idea of labels from ATM and frame relay

Today, such virtual circuits may serve as virtual links in Internetvirtual links in Internet


4-411/2/2017

5

Network layer service models:y m

NetworkA hit t

ServiceM d l B d idth loss Order Ti i

Congestionf db k

Guarantees?

Architecture

Internet

Model

best effort

Bandwidth

none

loss

no

Order

no

Timing

no

feedback

no (TCP infersvia loss)

ATM

ATM

CBR

VBR

constantrateguaranteed

yes

yes

yes

yes

yes

yes

via loss)nocongestionnoATM

ATM

VBR

ABR

guaranteedrateguaranteed minimum

y

no

y

yes

yes

no

nocongestionyes

ATM UBR none no yes no no


4-511/2/2017

6

Origins of datagram and VC Internet (datagram) data exchange between

c mput rs

ATM (VC) evolved from telephony

computers “elastic” service, no strict

timing requirement l k

human conversation: strict timing, loss

requirements many link types

different characteristics uniform service difficult

q need for guaranteed

services “dumb” end systems

“smart” end systems (computers) can adapt, perform

dumb end systems telephones complexity inside

networkcan adapt, performcontrol, error recovery

simplicity inside network, complexity at “edge”

network


4-6

mp y g

11/2/2017

7

Network layer: data plane, control plane

Data plane local, per-router

Control planenetwork-wide logic, p

function determines how

d t i i

gdetermines how datagram is

routed among routers along end-end path from sourcedatagram arriving on an

input port is forwardedto an output port

end end path from source host to destination hostmain approach: routing protocols routing protocols

implemented in routers new approach

f d fi d

values in arriving packet header

software-defined networking (SDN): implemented in logically

t li d s (s)

1

23

0111

centralized server(s)


11/2/2017

8

Per-router control plane (more in Chapter 5)

Individual routing process in every router. They interact by exchanging routing protocol messages

RoutingRoutingAlgorithm

datal

controlplane

plane

1

2

0111



23

11/2/2017

9

Logically centralized control plane(more in Chapter 5)

A distinct (typically remote) controller interacts with local control agents (CAs). The controller computes

troutes.Remote Controller

datapl n

controlplane

plane

CA

CA CA CA CACA CA CA CA

10111



1

2

0111

311/2/2017

10


layer data plane





router 4.3 IP: Internet Protocol

d t m f m t

match-plus-action

datagram format fragmentation v4 addressing network address

translation IPv6


11/2/2017

11

Router architecture overview

routing processor

routing, managementcontrol plane (software)

forwarding tables computed, then pushed to input ports p

forwarding d t l

n r p n ( f w )to input ports

input ports output portshigh-speed

switchingfabric

data plane (hardware)

fabric

Physical layer Link

layer

buffering and table lookup

queueing and packet

h d li

Link layer

Physical layer

Network Layer: Data Plane (SSL) 4-11

layer lookup scheduling

11/2/2017

12

IPv4 addressing: CIDRClassful addressing (now obsolete): fixed-length subnet portion of 8, 16 or 24 bits

CIDR: Classless InterDomain Routing

p f ,

m subnet portion of address of variable lengthm address format: a.b.c.d/x, where x is # bits in

subnet portion of addresssubnet portion of address

11001000 00010111 00010000 00000000

subnetpart

hostpart

11001000 00010111 00010000 00000000

200.23.16.0/23


4-1211/2/2017

13

Datagram networks IP 4 IPv4 no network-level concept of “connection” or “flow” each packet forwarded independently using each packet forwarded independently using

destination host address packets between same source-dest pair may take

diff t thdifferent paths

application lapplicationtransportnetworkdata link

applicationtransportnetworkdata link

1. Send data 2. Receive dataphysical data link

physical. c ata


4-1311/2/2017

14

Forwarding table 4 billion possible entriesp

Destination Address Range Link Interface

11001000 00010111 00010000 00000000through 0

11001000 00010111 00010111 11111111

11001000 00010111 00011000 00000000through 1

11001000 00010111 00011000 1111111111001000 00010111 00011000 11111111

11001000 00010111 00011000 00000000through 2through 2

11001000 00010111 00011111 11111111

otherwise 3


4-1411/2/2017

15

Longest prefix matchPrefix Link Interface

11001000 00010111 00010 0

11001000 00010111 00011000 111001000 00010111 00011000 1

11001000 00010111 00011 2

otherwise 3

DA: 11001000 00010111 00010110 10100001

otherwise 3Examples

Which interface?

DA: 11001000 00010111 00011000 10101010

DA: 11001000 00010111 00010110 10100001 f

Which interface?

A forwarding table in an Internet core router has more than 400,000 IP prefixes (from 2014 data)

Fast implementation uses Ternary Content


4-1511/2/2017

Fast implementation uses Ternary Content Addressable Memory (TCAM), prefixes sorted in decreasing order (in length)

16

Virtual circuits: signaling protocolsg g p used to set up, maintain, tear down VC not used in Internet’s network layer but may be not used in Internet s network layer, but may be

used underneath the IP layer to provide a virtual link (e.g., MPLS tunnel)

applicationt nsp t application5 D t fl b i s 6 Receive datatransportnetworkdata linkphysical

appl cat ontransportnetworkdata link

1. Initiate call 2. incoming call3. Accept call4. Call connected

5. Data flow begins 6. Receive data

physical physical


4-1611/2/2017

17

Virtual circuit (VC) call setup, teardown for each call before data can

flowflow each packet carries a VC identifier which

is fixed length and short only needs to be unique for a link is carried in an additional header inserted between link and

network layer headers (called layer 2½)y y

every router on source-dest path maintains state information for each passing VCinformation for each passing VC incoming and outgoing VC identifiers, resources allocated to VC (bandwidth, buffers)


4-1711/2/2017

18

VC Forwarding table12 22 32

VC number

12 22 321 2

3

Forwarding table in interfacenumber

Incoming interface Incoming VC # Outgoing interface Outgoing VC #

gnorthwest router:

1 12 3 222 63 1 18 3 7 2 173 7 2 171 97 3 87… … … …

Forwarding is fast because short fixed-length VC numbers are Forwarding is fast because short fixed length VC numbers are used vs. IP forwarding table with variable-length prefixes. (This is not forwarding in IP layer but it is considered to be in data plane.)


4-1811/2/2017

May have additional state information about service guarantees

19


layer data plane






d t m f m t

match-plus-action


translation IPv6


11/2/2017

20

The Internet Network layerHost, router network layer functions:

Routing protocols IP protocol

Transport layer: TCP, UDP

f di

Routing protocols•path selection•RIP, OSPF, BGP

p•addressing conventions•datagram format•packet handling conventionsNetwork

layer forwardingtable ICMP protocol

•error reporting•router “signaling”

layer

Link layer

physical layer


4-2011/2/2017

21

IP datagram format32 bitIP protocol version

l d

ver length

32 bitspnumber

header lengthfor

total datagramlength (bytes)head.

lentype ofservice

fragment16-bit identifier

headerchecksum

time tolivemax number

remaining hops

fragmentation/reassembly

“type” of data flgsfragment

offsetupperlayer

32 bit source IP addressremaining hops

(decremented at each router) 32 bit destination IP address

E idata

(variable length,upper layer protocolto deliver payload to

Options (if any) E.g. timestamp,record routetaken, specifylist of routersg

typically a TCP or UDP segment)

p y list of routers to visit.


4-2111/2/2017

22

IP Fragmentation & Reassembly MTU (max.transfer size)

different link types, different MTUsdifferent MTUs

Support MTU of at least 576 bytes

fragmentation: in: one large datagramout: 3 smaller datagrams

too large IP datagram “fragmented” within net

ss bl d l t fi l reassembly reassembled only at final destination host

IP header bits used to id ntif d l t didentify, order related fragments


4-2211/2/2017

23

IP Fragmentation and Reassembly

ID=x

offset=0

fragflag=0

length=4000Ex mple

3980 bytes of data=x =0=0=4000

One large datagram becomesseveral smaller datagrams

Example 4000 byte

datagramMTU 1500 b

ID=x

offset=0

fragflag=1

length=1500

MTU = 1500 bytes

1480 bytes inID=x

offset=185

fragflag=1

length=1500

1480 bytes in data field

offset =ID=x

offset=370

fragflag=0

length=1040

1480/8


4-2311/2/2017

24


layer data plane






d t m f m t

match-plus-action


translation IPv6


11/2/2017

25

IP Addressing: introduction IP address: 32-bit

identifier for an f

223.1.1.1

223 1 2 1interface interface: connection

between host/router

223.1.1.2223.1.1.4 223.1.2.9

223 1 2 2

223.1.2.1

between host/router and physical link (wired or wireless)

ll h

223.1.1.3223.1.2.2

223.1.3.27

a router typically has multiple interfaces

a host typically has one f

223.1.3.2223.1.3.1

interface223.1.1.1 = 11011111 00000001 00000001 00000001Dotted decimal notation


4-25

223 1 11

11/2/2017

26

Subnets IP address: IP address:

subnet part (high order bits)

223.1.1.1

223 1 2 1 host part (low order

bits) What’s a subnet ?

223.1.1.2223.1.1.4 223.1.2.9

223.1.2.2

223.1.2.1

What s a subnet ? device interfaces

with same subnet

223.1.1.3223.1.2.2

223.1.3.27

subnet

part of IP address can physically reach

h th ith t

223.1.3.2223.1.3.1

each other without a router network consisting of 3 subnets

A layer-2 switch is considered part of a link


4-2611/2/2017

ay r sw tch s cons r part of a n

27

Subnets 223.1.1.0/24 223.1.2.0/24

Recipe To determine the

subnets, detach each interface from its host or routerhost or router, creating islands of isolated networks. E h i l d k

223.1.3.0/24

Each isolated network is a subnet.

Subnet mask: /24Note: There are also virtual LANs (VLANs) –see Chapter 6


4-2711/2/2017

see Chapter 6

28

Subnets 223.1.1.2SubnetsHow many? 223.1.1.1 223.1.1.4

223.1.1.3

223.1.7.0223.1.9.0

223 1 2 6 223 1 3 27

223.1.7.1223.1.8.0223.1.8.1

223.1.9.1

223.1.2.2223.1.2.1

223.1.2.6

223.1.3.2223.1.3.1

223.1.3.27


4-2811/2/2017

29

IP addresses: how to get one?g

Q: How does host get IP address?Q g

hard-coded by system admin in a filey y

DHCP: Dynamic Host Configuration Protocol: d i ll t dd fdynamically get address from a server “plug-and-play”


4-2911/2/2017

30

DHCP client-server scenario

223.1.1.1 223.1.2.1A DHCPserver

223.1.1.2223.1.1.4 223.1.2.9

B223.1.1.3

223.1.2.2

223.1.3.2223.1.3.1

223.1.3.27 E arriving DHCP client needsaddress in thisaddress in thisnetwork

A router may act as a relay agent


4-3011/2/2017

31

DHCP client-server scenarioDHCP 223 1 2 5 i iDHCP server: 223.1.2.5 arriving

clientDHCP discoversrc : 0.0.0.0, 68 dest.: 255.255.255.255,67yiaddr: 0.0.0.0transaction ID: 654DHCP offer

src: 223.1.2.5, 67 dest: 255.255.255.255, 68yiaddr: 223.1.2.4transaction ID: 654Lifetime: 3600 secsDHCP request

time

src: 0.0.0.0, 68 dest:: 255.255.255.255, 67yiaddr: 223.1.2.4transaction ID: 655Lifetime: 3600 secsLifetime: 3600 secs

DHCP acksrc: 223.1.2.5, 67 dest: 255.255.255.255, 68yiaddr: 223 1 2 4

Discover & offer messages are optional


4-31

yiaddr: 223.1.2.4transaction ID: 655Lifetime: 3600 secs11/2/2017

messages are optional

32

DHCP: more than IP addressDHCP more than IP address

DHCP can return more than just an allocatedDHCP can return more than just an allocated IP address on subnet: address of first-hop router for clientp name and IP address of DNS server network mask (indicating subnet portion of

dd )address)


4-3211/2/2017

33

IP addresses: how to get them? ICANN (Internet Corporation for Assigned Names

and Numbers)/IANA (Internet Assigned Numbers A th it )Authority) allocates IP address blocks (IPv4 address exhaustion on

1/31/2011, IPv6), ) oversees DNS

root name servers, top level domain name servers (domain name registries)name registries)

domain name registrars, resolves disputes

Regional, national, and local Internet registries, and ISPs End-user organization can be assigned IP address space from


4-33

End user organization can be assigned IP address space from one of the above

11/2/2017

34

IP address prefix: how to get one?p f g

A: Typically a customer network gets allocatedA: Typically, a customer network gets allocated a portion of its provider ISP’s address space

ISP's block 11001000 00010111 00010000 00000000 200.23.16.0/20

Organization 0 11001000 00010111 00010000 00000000 200 23 16 0/23Organization 0 11001000 00010111 00010000 00000000 200.23.16.0/23 Organization 1 11001000 00010111 00010010 00000000 200.23.18.0/23 Organization 2 11001000 00010111 00010100 00000000 200.23.20.0/23

... ….. …. ….Organization 7 11001000 00010111 00011110 00000000 200.23.30.0/23


4-3411/2/2017

35

Hierarchical addressing: route aggregationallows efficient advertisement of routing information

“Send me anythingwith address beginning

200.23.16.0/23Organization 0

Organization 1 g g200.23.16.0/20 ”200.23.18.0/23

Fly-By-Night-ISP

Organization 1


..


Internet

“Send me anything

.....

ISPs-R-Us Send me anythingwith address beginning 199 31 0 0/16 ”


4-35

199.31.0.0/16

11/2/2017

36

Hierarchical addressing: more specific routesISPs-R-Us has a more specific route to Organization 1 Hole(s) in a block of addresses <- reason for longest

fi t hprefix match

“Send me anything200.23.16.0/23Organization 0

y gwith address beginning 200.23.16.0/20 ”

Fly-By-Night-ISP200 23 20 0/23Organization 2

.

200.23.30.0/23

Fly-By-Night-ISP

Organization 7Internet

200.23.20.0/23...

...


ISPs-R-Us “Send me anythingwith addressbeginning 199.31.0.0/16or 200.23.18.0/23 ”


4-3611/2/2017

37

NAT: Network Address Translation

local networkrest of

10.0.0.1

10 0 0 4

10.0.0/24Internet

10.0.0.210.0.0.4

138.76.29.7

10.0.0.3

Datagrams with source or destination within network

All datagrams leaving localnetwork have same single source destination within network

have 10.0.0/24 addresses for source, destination

network have same single source NAT IP address: 138.76.29.7,different source port numbers


4-3711/2/2017

38


Motivation: local network uses just one IP address as f id ld i dfar as outside world is concerned

h dd f d i i l l t k can change addresses of devices in local network without notifying outside world

can change ISP without changing addresses of can change ISP without changing addresses of devices in local network

devices inside local net not explicitly dd bl / i ibl b t id ld ( it l )addressable/visible by outside world (a security plus).


4-3811/2/2017

39


1: host 10.0.0.1 s nds d t m ith

NAT translation tableWAN side addr LAN side addr2: NAT router

sends datagram withport number 3345

WAN side addr LAN side addr138.76.29.7, 5001 10.0.0.1, 3345…… ……

changes datagram’ssource addr and portnumber

10.0.0.1

S: 10.0.0.1, 3345D: 128.119.40.186, 80

110 0 0 4

S: 138.76.29.7, 5001210.0.0.2

10.0.0.4

138.76.29.7 S: 128.119.40.186, 80 D: 10.0.0.1, 3345 4

D: 128.119.40.186, 802

S: 128 119 40 186 80 3 10.0.0.3S: 128.119.40.186, 80 D: 138.76.29.7, 5001 33: Reply arrives for138.76.29.7, 5001

4: NAT routerchanges datagram’sdest addr and port number


4-39

to 10.0.0.1, 334511/2/2017

40


16-bit port-number field: 60 000 i lt ti ith i l 60,000+ simultaneous connections with a single IP address

NAT is controversial:NAT is controversial: routers should only process up to layer 3

o violates “end-to-end argument” NAT possibility must be taken into account by

app designers, e.g., P2P, IPsec applications, etc.dd h t h ld i t d b l d b address shortage should instead be solved by

IPv6


4-4011/2/2017

41

NAT traversal problem client wants to connect to

server with address 10.0.0.1 only one externally visible IPonly one externally visible IP

address: 138.76.29.7

configure NAT to forward

10.0.0.1Client ?

configure NAT to forward incoming connection requests at given port to server e g (123 76 29 7 port 2500)

10.0.0.4

NAT t

138.76.29.7 e.g., (123.76.29.7, port 2500)

always forwarded to 10.0.0.1 port 2500

router


4-4111/2/2017

42

NAT traversal problem solution used in original Skype (note:current Skype is no

longer P2P)ith h l f ( ) l with help of a super peer (server) as relay

1. connection to2. connectionClient B

Cli t A

10.0.0.1

relay initiatedby client B

2. connection to relay initiatedby client A 3. Relay provides

138.76.29.7Client A

NAT router

y 3. Relay provides A’s address to B, which can then open a direct

B h h b b hi d NAT

pconnection to A


4-42

Both hosts may be behind NATs11/2/2017

43


layer data plane






d t m f m t

match-plus-action


translation IPv6

4-43


11/2/2017

44

IPv6IPv6 Initial motivation: 32-bit address space soon

l l ll dto be completely allocated. Additional motivation:

simpler header format to speed up processing/forwarding

header change to facilitate QoS header change to facilitate QoS IPv6 datagram format:

fixed-length 40 byte header fixed length 40 byte header no fragmentation allowed


4-4411/2/2017

45

IPv6 Header (Cont)P ( b ) d f f d h flPriority (8 bits): identify priority of datagrams within flow

or in different appsFlow Label (20 bits): identify datagrams in same “flow.” ( ) fy g f

(concept of “flow” not defined).Next header: identify upper layer protocol for data


4-4511/2/2017

46

Other Changes from IPv4Other Changes from IPv4

Checksum: removed entirely to reduce Checksum: removed entirely to reduce processing time at each hop

Options: allowed, but outside of header, p , f ,indicated by “Next Header” field

ICMPv6: new version of ICMP additional message types, e.g. “Packet Too Big” including multicast group management functions


4-4611/2/2017

47

Transition From IPv4 To IPv6Trans t on From IPv4 To IPv6

Not all routers can be upgraded simultaneouslyNot all routers can be upgraded simultaneously no “flag day” How will the network operate with mixed IPv4 and p

IPv6 routers?

T li IP 6 i d l d i IP 4 Tunneling: IPv6 carried as payload in IPv4 datagram among IPv4 routers (also vice versa)


4-4711/2/2017

48

TunnelinggA B E F

IPv6 IPv6 IPv6 IPv6

tunnelLogical view:IPv6 IPv6 IPv6 IPv6

Physical view:A B E F

P 6 PIPv6 IPv6 IPv6 IPv6IPv4 IPv4


4-4811/2/2017

49

TunnelingA B E FA B E F

IPv6 IPv6 IPv6 IPv6

tunnelLogical view:

Physical view:A B E F

IPv6 IPv6/v4 IPv6/v4 IPv6

C D

IPv4 IPv4

Flow: XSrc: ADest: F

Flow: XSrc: ADest: F

Flow: XS A

Src:BDest: E

Flow: XS A

Src:BDest: E

Routers B and Ehave dual stacks.

In this exampledata data

Src: ADest: F

data

Src: ADest: F

data

In this example, B encapsulates v6 packet in v4 packet.

B-to-C:IPv6 inside

D-to-E:IP 6 i id

A-to-B:IPv6

E-to-F:IPv6

p

E extracts v6 packet from v4 packet.


4-49

IPv6 insideIPv4

IPv6 insideIPv4

11/2/2017

50

Concept – Tunnel as a virtual link

Many possibilities:

IPv6 in IPv4 tunnel (previous example)

IPv4 in IPv6 tunnel

IPv4 in IPv4 tunnel (new routing path) IPv4 in IPv4 tunnel (new routing path)

IPv4 in MPLS tunnel (virtual circuit)

…

11/2/2017Network Layer: Data Plane

(SSL)4-50

51


layer data plane






d t m f m t

match-plus-action


translation IPv6


11/2/2017

52

Generalized Forwarding and SDNEach router contains a flow table that is computed andEach router contains a flow table that is computed and distributed by a logically centralized routing controller

logically-centralized routing controller

t l lcontrol plane

data planelocal flow table headers for

link networkheaders counters actions link, network, transport layers

230100 1101

1

23

values in arrivingPacket’s header 4-52Network Layer: Data Plane

(SSL)

11/2/2017

53

OpenFlow abstractionh i ifi diff ki d f d i

Router (layer3)t h l t

Firewallt h IP dd

match+action: unifies different kinds of devices

• match: longest destination IP prefix

• action: forward to

• match: IP addresses and protocol field, TCP/UDP port

one or more ports

Switch (layer 2)

pnumbers

• action: permit or deny Switch (layer 2)

• match: destination MAC address

ti f d t

deny NAT

• match: IP address d t• action: forward to

port or floodand port

• action: rewrite address and portp


11/2/2017

54

OpenFlow data plane abstraction fl d fi d b h d fi ld (f li k k flow: defined by header fields (for link, network, transport

layers - with wildcards) generalized forwardingg g

Flow entry: match fields, priority, counters Actions: for matched packet - forward (to 1 or more

) d dif h k d iports), drop, modify the packet, or send it to controller

Flow table in a router/packet switch (computed and distributed by controller) defines router’s match+action rulesby controller) defines router s match+action rules


11/2/2017

55

OpenFlow data plane abstraction flow: defined by header fields flow: defined by header fields generalized forwarding

Flow entry: match fields, priority, counters Actions: for matched packet – forward (to 1 or more ports), drop, modify p ( p ), p, y

the packet, or send it to controller

Flow entry examples:

1. src=1.2.*.*, dest=3.4.5.* drop * : wildcard

2. src = *.*.*.*, dest=3.4.*.* forward(2)

3. src=10.1.2.3, dest=*.*.*.* send to controller

: wildcard

3. src 10.1.2.3, dest . . . send to controller

4-5511/2/2017


56

Destination-based layer-3 forwarding:Examples

y g

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt S port D port Action

* * * * * 51.6.0.* * * * port65 .6.0. port6forward IP datagrams with destination IP address 51.6.0.* to router

output port 6 Firewall:

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt S port D port Action

* * * * * * 17 * * dropdrop all IP datagrams containing UDP segments

Switch MAC MAC Eth VLAN IP IP IP A ti

*

Port src dst type ID Src Dst Prot S port D port Action

* * * * * * * 35601 dropdrop all IP datagrams that match src 128.119.1.* and D port 35601

128.119.1.*p g p

4-5611/2/2017


57

Examples (cont.)

Destination-based layer 2 (switch) forwarding:Switch MAC MAC Eth VLAN IP IP IP S port Action

*

Port src dst type ID Src Dst Prot S port D port Action

* * * * * * * port3

forward layer 2 frames destined for MAC address

22:A7:23:11:E1:02*

forward layer 2 frames destined for MAC address 22:A7:23:11:E1:02 to output port 3

4-57


11/2/2017

58

OpenFlow example Example: datagrams from hosts h5 and h6should be sent to h3 or

IP Src = 10.3.*.*IP Dst 10 2 * * forward(3)

match action

Host h6

should be sent to h3 or h4, via s1 and from there to s2 (avoiding s3-s2 link)IP Dst = 10.2.*.* f ( )

s312

3 4

10.3.0.6controller

)

Allow rules that cannot be

Host h510.3.0.5

3accomplished by IP forwarding

Host h110 1 0 1

Host h410.2.0.4

s1 s212

34

12

34

ingress port = 2IP Dst = 10 2 0 3 forward(3)

match action

ingress port = 1match action

10.1.0.1Host h210.1.0.2

Host h310.2.0.3 IP Dst = 10.2.0.3

ingress port = 2IP Dst = 10.2.0.4 forward(4)

ingress port = 1IP Src = 10.3.*.*IP Dst = 10.2.*.*

forward(4). . .

4-5811/2/2017 Network Layer: Data Plane (SSL)

59

Chapter 4Chapter 44.1 Overview of Network

layer: data plane and t l l

4.4 Generalized Forward and SDN

m t h pl s ti ncontrol plane4.2 What’s inside a

router

• match plus action• OpenFlow examples

Question: how are forwarding tables (destinati n based

4.3 IP: Internet Protocol• datagram format• fragmentation tables (destination-based

forwarding) or flow tables (generalized forwarding)

fragmentation• v4 addressing• NAT

P computed?Answer: by the control plane (next chapter)

• IPv6

(next chapter)


11/2/2017

60

End of Chapter 4End of Chapter 4

Documents

Chapter 4: outline s... · 4 Virtual-circuit networks need 3rd function Before datagrams can flow, end hosts and routers between them establish arouters between them establish a virtual