Instructor: Dr. Son T. Vuong Email: [email protected] The World Connected

Cics 515 – Summer 2012 © Dr. Son Vuong 1

University of British Columbia

CICS 515 (Part 2)CICS 515 (Part 2) Computer NetworksLecture 5b-c – IPv6 and Other Protocols

Instructor: Dr. Son T. VuongEmail: [email protected]

The World Connected


IPv6 Initial motivation: 32-bit address space soon to

be completely allocated. Additional motivation:

header format helps speed processing/forwarding header changes to facilitate QoS

IPv6 datagram format: fixed-length 40 byte header no fragmentation specified in basic header


IPv6 Header (Cont)Priority: identify priority among datagrams in flowFlow Label: identify datagrams in same “flow.” (concept of“flow” not well defined).Next header: identify upper layer protocol for data


Other Changes from IPv4

Checksum: removed entirely to reduce processing time at each hop

Options: allowed, but outside of header, indicated by “Next Header” field

ICMPv6: new version of ICMP additional message types, e.g. “Packet Too Big” multicast group management functions


Transition From IPv4 To IPv6

Not all routers can be upgraded simultaneous no “flag days” How will the network operate with mixed IPv4 and

IPv6 routers? Tunneling: IPv6 carried as payload in IPv4

datagram among IPv4 routers


TunnelingA B E F

IPv6 IPv6 IPv6 IPv6

tunnelLogical view:

Physical view:A B E F

IPv6 IPv6 IPv6 IPv6

C D

IPv4 IPv4

Flow: XSrc: ADest: F

data


data


data

Src:BDest: E


data

Src:BDest: E

A-to-B:IPv6

E-to-F:IPv6

B-to-C:IPv6 inside

IPv4

B-to-C:IPv6 inside

IPv4

Dual IPv6/IPv4 Router



IPv6 – Peer Instruction – Question 5.2

IPv6 supports the following features:A. 128-bit IP address B. Auto-configuration (plug-and-play) (stateless)

as well as dynamic IP address via a DHCPv6 server (stateful) C. More options via extension headers including Jumbogram of greater than 64KB D. Efficient header processing E. All the above F. A, B and C



An IPv6 datagram is 80,000 bytes. What extension header must be used?

A. Destination option

B. Fragmentation

C. Authentication

D. Hop-by-hop

E. None of the above



The IPv6 jumbogram option gives rise to the following issues:

A. Fragmentation

B. 16-bit length of UDP

C. 16-bit MSS option of TCP

D. Checksum calculation

E. All of the above

F. B and C


Ch 4: Network Layer and Routing The IP Protocol

IP Format, Addressing, fragmentation, Internet Control Protocols (ICMP)

Routing RIP (Routing Information Protocol) OSPF (Open Shortest Path First) The Interior Gateway Routing Protocol BGP – The Exterior Gateway Routing Protocol

IPv6 Internet Multicasting Mobile IP


What’s next ?

IPv4, IPv6

Internet Control Message Protocol (ICMP) Address resolution (ARP) Getting (dynamic) addresses (DHCP) DNS

What have we covered?

Routing protocols (RIP, OSPF, BGP)


University of British Columbia

CICS 515 (Part 2)CICS 515 (Part 2) Computer NetworksLecture 5c – ICMP, ARP, DHCP, DNS

Instructor: Dr. Son T. VuongEmail: [email protected]

The World Connected


Lect. 5c – Other IP protocols

ICMP, ARP, DHCP (Sect. 4.4.3, 5.4) DNS (Sect. 2.5 )

Internet Control Message Protocol (ICMP) (Sect 4.4.3)

Address Resolution (ARP) (Sect 5.4)

Dynamic IP address assignment (DHCP) (Sect 5.4)

Domain Name System (DNS) (Sect2.5)


ICMP: Internet Control Message ProtocolICMP: Internet Control Message ProtocolRFC 792RFC 792 Used by hosts & routers to communicate

network-level information error reporting: unreachable host, network, port,

protocol echo request/reply (used by ping)

Network-layer “above” IP: ICMP msgs carried in IP datagrams

ICMP message: type (1B), code (1B), checksum (2B) plus part of IP datagram causing error (header + first 8 bytes of data)


ICMP datagram structure

ICMP msgs carried in IP datagrams ICMP data contains part of IP datagram

causing error (IP header + first 8 bytes of data)


ICMP: Internet Control Message ProtocolType Code description0 0 echo reply (ping)3 0 dest. network unreachable3 1 dest host unreachable3 2 dest protocol unreachable3 3 dest port unreachable3 6 dest network unknown3 7 dest host unknown4 0 source quench (congestion control - not

used)5 0-3 redirect a host to a better router8 0 echo request (ping)9 0 route advertisement10 0 router discovery (solicitation)11 0 TTL expired12 0 bad IP header


“Real” Internet delays and routes What do “real” Internet delay & loss look like? traceroute (tracert) program: provides delay

measurement from source to router along end-end Internet path towards destination. For all i: sends three UDP packets that will reach router i on

path towards destination router i will return packets to sender sender times interval between transmission and

reply.

3 probes

3 probes

3 probes


Traceroute and ICMP Source sends series of UDP

segments to dest First has TTL =1 Second has TTL=2, etc. Unlikely port number

When nth datagram arrives to nth router: Router discards datagram And sends to source an ICMP

message (type 11, code 0) Message includes name of router&

IP address

When ICMP message arrives, source calculates RTT

Traceroute does this 3 times

Stopping criterion UDP segment eventually arrives

at destination host Destination returns ICMP “port

unreachable” packet (type 3, code 3)

When source gets this ICMP, stops.


Address Resolution Protocol (ARP)Address Resolution Protocol (ARP)

How do we convert the IP address of each node (either the destination node, or a router) into the address on the local network? E.g. IP -> Ethernet.

Each machine keeps a mapping of IP address to physical addresses in a cache.

E.g. cascade.cs.ubc.ca 08:00:20:79:70:f5dragon.cs.ubc.ca 08:00:09:27:b4:73

etc… What if the mapping isn’t known, or has expired?

Send an ARP (Address Resolution Protocol) broadcast message over the network.


ARP Packet Format

TargetHardwareAddr (bytes 2-5)

TargetProtocolAddr (bytes 0-3)

SourceProtocolAddr (bytes 2-3)

Hardware type = 1 ProtocolType = 0x0800

SourceHardwareAddr (bytes 4-5)

TargetHardwareAddr (bytes 0-1)

SourceProtocolAddr (bytes 0-1)

HLen = 48 PLen = 32 Operation

SourceHardwareAddr (bytes 0-3)

0 8 16 31


ARP Fields Request format

HardwareType - Type of physical network (e.g., Ethernet)

ProtocolType - Type of higher layer protocol (e.g., IP)

HLEN & PLEN - Length of physical and protocol addresses (measured in bits)

Operation - Request for an address, or response to a request.

Source/Target Physical/Protocol addresses


ARP Comments An ARP packet sits at the same level in the

protocol graph as an IP packet. However ARP service is used by IP; thus ARP can also be viewed as a sublayer below IP.

ARP table entries timeout in about 10 minutes

Update the ARP table with information about the source when you are the target. Hence, both source/target physical/protocol addresses are in the packet.


How does a host get an IP address?

Fixed – assigned Dynamic – changeable: via DHCP why?

Dynamic Host Configuration Protocol Dynamic Host Configuration Protocol (DHCP)(DHCP)


Dynamic Host Configuration Protocol (DHCP)

DHCP allows config info (IP address etc) stored in DHCP server to be retrieved automatically by each host when booted or connected to network (via broadcast DHCPDiscover message)

that is, special IP address 255.255.255.255 ignored by everyone except the DHCP server


DHCP (cont’d)

DHCP also allows dynamic assignment of IP addresses to hosts (DHCP server maintains a pool of available IP addresses to lease to host and host need to renew lease periodically).

It is not desirable to have a DHCP server on every network – instead, uses a relay agent for each network.

Relay agent unicasts DHCP request to server


DHCP with relay agent

DHCP

relay

DHCP

serverOther networks

Unicast to server

Broadcast

Host


DHCP Packet Format

DHCP is derived from an earlier protocol called BOOTP

Operation HType HLen Hops

Transaction ID (Xid)

Client IP addr

Your IP addr (yiaddr)Server IP addr

Gateway IP addr

Client hardware addr (chaddr) (16 bytes)

Server name (64 bytes)

file (128 bytes)

options

No. of secs Flags/unused


DHCP (cont’d)

Sent using UDP Client puts hardware address in chaddr Server replies with IP address in yiaddr (and

other config info, e.g. gateway addr, server IP address, etc)

Types of DHCP packets (spec’d as options): Discover, Offer, Request, Decline, Ack,

Nack, Release Scalability/manageability -- recurring theme

(via relay/proxy)


DHCP Scenario DHCP Client DHCP Server

Discover

Offer

Request (or Decline)

Ack (or Nack)

Request

Ack (or Nack)

Release

. . .. . .


Layering Relationships between ICMP, ARP, DHCP and IP, UDP

ICMP/IP IP calls ARP/Link(Ethernet) DHCP(BOOTP) / UDP(67/68) (for simple

configinfo)

DHCP(BOOTP) / TFTP/UDP(69) (to get config file)


DNS: Domain Name System


Chapter 2: Application layer 2.1 Principles of network applications 2.2 Web and HTTP 2.3 FTP 2.4 Electronic Mail

SMTP, POP3, IMAP 2.5 DNS 2.6 P2P file sharing 2.7 Socket programming with TCP 2.8 Socket programming with UDP 2.9 Building a Web server


Domain Name System (DNS)Domain Name System (DNS) OverviewOverview What do names do?

identify objects help locate objects define membership in a group specify a role convey knowledge of a secret

Name space defines set of possible names consists of a set of name to value bindings


Properties

Names versus addresses Location transparent versus location-

dependent Flat versus hierarchical Global versus local Absolute versus relative By architecture versus by convention Unique versus ambiguous


Examples

Hostscheltenham.cs.princeton.edu 192.12.69.17

192.12.69.17 80:23:A8:33:5B:9F Files

/usr/llp/tmp/foo (server, fileid)

Users Larry Peterson [email protected]


Summary of “Naming” or identification

Domain name: a name that makes sense to a human -- e.g. “cascade.cs.ubc.ca”

IP address: an identifier that makes sense to hosts and routers -- e.g. “142.103.7.7”

Physical address: an identifier that makes sense to the interface card -- e.g. “8:0:2b:e4:b1:2”



People: many identifiers: SSN, name, passport #

Internet hosts, routers: IP address (32 bit) - used

for addressing datagrams “name”, e.g.,

www.yahoo.com - used by humans

Q: map between IP addresses and name ?

Domain Name System: distributed database

implemented in hierarchy of many name servers

application-layer protocol host, routers, name servers to communicate to resolve names (address/name translation) note: core Internet function,

implemented as application-layer protocol

complexity at network’s “edge”



Why not centralize DNS? single point of failure traffic volume distant centralized database Maintenance doesn’t scale!

DNS services Hostname to IP address

translation Host aliasing

Canonical and alias names

Mail server aliasing Load distribution

Replicated Web servers: set of IP addresses for one canonical name


Examples (cont) Mailboxes

Servicesnearby ps printer with short queue and 2MB

Nameserver

Mailprogram

User

TCP

IP

2cs.ubc.ca

142.103.7.513

vuong @ cs.ubc.ca1

142.103.7.51 4

142.103.7.51 5


Domain Naming System

Hierarchy

Namechinstrap.cs.princeton.edu

edu com

princeton … mit

cs ee

ux01 ux04

physics

cisco … yahoo nasa … nsf arpa … navy acm … ieee

gov mil org net uk fr


Root DNS Servers

com DNS servers org DNS servers edu DNS servers

poly.eduDNS servers

umass.eduDNS servers

yahoo.comDNS servers

amazon.comDNS servers

pbs.orgDNS servers

Distributed, Hierarchical Database

Client wants IP for www.amazon.com; 1st approx: Client queries a root server to find com DNS server Client queries com DNS server to get amazon.com DNS

server Client queries amazon.com DNS server to get IP address

for www.amazon.com


Name Servers Partition hierarchy into zones

edu com

princeton … mit

cs ee

ux01 ux04

physics

cisco … yahoo nasa … nsf arpa … navy acm … ieee

gov mil org net uk fr

Rootname server

UBCname server

Cisconame server

CSname server

ECEname server

…

…

Each zone corresponds to an admin authority (implemented by two or more name servers for redundancy)

Root name serversTop Level Domain (TLD) Servers

Authoritative Servers

Local Name Servers (LNS)


DNS: Root name servers contacted by local name server that can not resolve name root name server:

contacts authoritative name server if name mapping not known gets mapping returns mapping to local name server

13 root name servers worldwide

b USC-ISI Marina del Rey, CAl ICANN Los Angeles, CA

e NASA Mt View, CAf Internet Software C. Palo Alto, CA (and 17 other locations)

i Autonomica, Stockholm (plus 3 other locations)

k RIPE London (also Amsterdam, Frankfurt)

m WIDE Tokyo

a Verisign, Dulles, VAc Cogent, Herndon, VA (also Los Angeles)d U Maryland College Park, MDg US DoD Vienna, VAh ARL Aberdeen, MDj Verisign, ( 11 locations)


TLD and Authoritative Servers

Top-level domain (TLD) servers: responsible for com, org, net, edu, etc, and all top-level country domains uk, fr, ca, jp. Verisign controls .com and .net TLDs

Many companies act as intermediaries Educause for edu TLD

Authoritative DNS servers: organization’s DNS servers, providing authoritative hostname to IP mappings for organization’s servers (e.g., Web and mail). Can be maintained by organization or service provider


Local Name Server

Does not strictly belong to hierarchy Each ISP (residential ISP, company,

university) has one. Also called “default name server”

When a host makes a DNS query, query is sent to its local DNS server Acts as a proxy, forwards query into

hierarchy.


requesting hostcis.poly.edu

gaia.cs.umass.edu

root DNS server

local DNS serverdns.poly.edu

1

23

4

5

6

authoritative DNS serverdns.cs.umass.edu

78

TLD DNS server

Example: Iterative queries Host at cis.poly.edu wants IP

address for gaia.cs.umass.edu

iterative query:contacted server replies with name of server to contact“I don’t know this name, but ask this server”


requesting hostcis.poly.edu

gaia.cs.umass.edu

root DNS server

local DNS serverdns.poly.edu

1

2

45

6

authoritative DNS serverdns.cs.umass.edu

7

8

TLD DNS server

3

Recursive queries

recursive query: puts burden of name

resolution on contacted name server

heavy load?


DNS: caching and updating records

once (any) name server learns mapping, it caches mapping cache entries timeout (disappear) after some time TLD servers typically cached in local name servers

Thus root name servers not often visited

update/notify mechanisms under design by IETF RFC 2136 http://www.ietf.org/html.charters/dnsind-charter.html


DNS records

DNS: distributed db storing resource records (RR)

Type = NS name is domain (e.g. foo.com) value is IP address of

authoritative name server for this domain

RR format: (name, value, type, ttl)

Type = A name is hostname value is IP address

Type = CNAME name is alias name for some

“cannonical” (the real) name

www.ibm.com is really servereast.backup2.ibm.com value is cannonical name

Type = MX value is name of

mailserver associated with name


Example: Root Server

(princeton.edu, cit.princeton.edu, NS, IN) [in the Princeton domain](cit.princeton.edu, 128.196.128.233, A, IN)

(cisco.com, thumper.cisco.com, NS, IN) [in the Cisco domain](thumper.cisco.com, 128.96.32.20, A, IN)

…


Further example: Princeton Server [within Princeton domain]

(cs.princeton.edu, optima.cs.princeton.edu, NS, IN)

[name server]

(optima.cs.princeton.edu, 192.12.69.5, A, IN)

(ee.princeton.edu, helios.ee.princeton.edu, NS, IN)

[another name server]

(helios.ee.princeton.edu, 128.196.28.166, A, IN)

(jupiter.physics.princeton.edu, 128.196.4.1, A, IN)

(saturn.physics.princeton.edu, 128.196.4.2, A, IN)

(mars.physics.princeton.edu, 128.196.4.3, A, IN)

(venus.physics.princeton.edu, 128.196.4.4, A, IN)


Further example: CS Server [within the CS domain in the Princeton domain]

(cs.princeton.edu, optima.cs.princeton.edu, MX, IN)

[mail server]

(cheltenham.cs.princeton.edu, 192.12.69.60, A, IN)

(che.cs.princeton.edu, cheltenham.cs.princeton.edu, CNAME, IN) [alias/actual]

(optima.cs.princeton.edu, 192.12.69.5, A, IN)

(opt.cs.princeton.edu, optima.cs.princeton.edu, CNAME, IN) [another alias]

(baskerville.cs.princeton.edu, 192.12.69.35, A, IN)

(bas.cs.princeton.edu, baskerville.cs.princeton.edu, CNAME, IN)


DNS protocol, messagesDNS protocol : query and reply messages, both with same message format

msg header identification: 16-bit id for

query, reply to query uses same id

flags: query or reply recursion desired recursion available reply is authoritative


DNS protocol, messages

Name, type fields for a query

RRs in reponseto query

records forauthoritative servers

additional “helpful”info that may be used


Inserting records into DNS

Example: just created startup “Network Utopia” Register name networkuptopia.com at a registrar (e.g.,

Network Solutions) Need to provide registrar with names and IP addresses of

your authoritative name server (primary and secondary) Registrar inserts two RRs into the com TLD server:

(networkutopia.com, dns1.networkutopia.com, NS)(dns1.networkutopia.com, 212.212.212.1, A)

Put in authoritative server Type A record for www.networkuptopia.com and Type NS record for networkutopia.com

How do people get the IP address of your Web site?


Dig www.telus.ca;; QUESTION SECTION:;www.telus.ca. IN A;; ANSWER SECTION:www.telus.ca. 86400 IN CNAME www.telus.com.www.telus.com. 600 IN A 205.206.163.16;; AUTHORITY SECTION:telus.com. 600 IN NS dns1.cidc.telus.com.telus.com. 600 IN NS dns2.cidc.telus.com.;; ADDITIONAL SECTION:dns1.cidc.telus.com. 59695 IN A 216.123.224.131dns2.cidc.telus.com. 59695 IN A 66.203.199.203

DNS DDoS, Poisoning and Hijacking


Layering Relationships between ICMP, ARP, DHCP, DNS and IP, UDP

ICMP/IP, ICMPv6/IPv6 IP calls ARP/Link(Ethernet) DHCP(BOOTP) / UDP(68) (for simple configinfo)

DHCP(BOOTP) / TFTP/UDP(69) (to get config file) DNS / UDP(53)


What’s next ?

IPv4, IPv6 Internet Control Message Protocol (ICMP) Address resolution (ARP) and getting

(dynamic) addresses (DHCP)




IPv6 Initial motivation: 32-bit address space soon to

be completely allocated. Additional motivation:

header format helps speed processing/forwarding header changes to facilitate QoS

IPv6 datagram format: fixed-length 40 byte header no fragmentation specified in basic header


IPv6 Header (Cont)Priority: identify priority among datagrams in flowFlow Label: identify datagrams in same “flow.” (concept of“flow” not well defined).Next header: identify upper layer protocol for data


Other Changes from IPv4

Checksum: removed entirely to reduce processing time at each hop

Options: allowed, but outside of header, indicated by “Next Header” field

ICMPv6: new version of ICMP additional message types, e.g. “Packet Too Big” multicast group management functions


Transition From IPv4 To IPv6

Not all routers can be upgraded simultaneous no “flag days” How will the network operate with mixed IPv4 and

IPv6 routers? Tunneling: IPv6 carried as payload in IPv4

datagram among IPv4 routers


TunnelingA B E F

IPv6 IPv6 IPv6 IPv6

tunnelLogical view:

Physical view:A B E F

IPv6 IPv6 IPv6 IPv6

C D

IPv4 IPv4


data


data


data

Src:BDest: E


data

Src:BDest: E

A-to-B:IPv6

E-to-F:IPv6

B-to-C:IPv6 inside

IPv4

B-to-C:IPv6 inside

IPv4




Ch 4: Network Layer and Routing The IP Protocol

IP Format, Addressing, fragmentation, Internet Control Protocols (ICMP)

Routing RIP (Routing Information Protocol) OSPF (Open Shortest Path First) The Interior Gateway Routing Protocol BGP – The Exterior Gateway Routing Protocol

IPv6 Internet Multicasting Mobile IP


What’s next ?

IPv4, IPv6 Internet Control Message Protocol (ICMP) Address resolution (ARP) and getting

(dynamic) addresses (DHCP) DNS



Documents

Instructor: Dr. Son T. Vuong Email: [email protected] The World Connected