Upload
luke-terry
View
219
Download
0
Tags:
Embed Size (px)
Citation preview
Network Layer4-44
IP addresses: how to get one?Q: How does a host get IP address?
hard-coded by system admin in a file Windows: control-panel->network-
>configuration->tcp/ip->properties UNIX: /etc/rc.config
DHCP: Dynamic Host Configuration Protocol: dynamically get address from as server “plug-and-play”
Network Layer4-45
DHCP: Dynamic Host Configuration Protocol
goal: allow host to dynamically obtain its IP address from network server when it joins network can renew its lease on address in use, after lease
expiry•preferably gets the same address, not guaranteed
client can reuse its address support for mobile users who want to join network guarantee one address will be assigned to only one
client retain DHCP client address across reboots
•not guaranteed
retain DHCP client configs across server reboots must coexist with statically assigned addresses interoperate with BOOTP relay agents
DHCP: Dynamic Host Configuration Protocol
DHCP overview: an extension of BOOTP mechanism host broadcasts “DHCP discover” msg
[optional] DHCP server responds with “DHCP offer” msg
[optional]•more than one server can make the offer•client can choose which server to send request to
host requests IP address: “DHCP request” msg
DHCP server sends address: “DHCP ack” msg Renewal happens with DHCP request/ack On completion, client sends DHCP release
msg•practically not seen
Network Layer4-48
DHCP: more than IP addressesDHCP can return more than just allocated IP
address on subnet: address of first-hop router for client name and IP address of DNS sever network mask (indicating network versus host
portion of address)
connecting laptop needs its IP address, addr of first-hop router, addr of DNS server: use DHCP
router with DHCP server built into router
DHCP request encapsulated in UDP, encapsulated in IP, encapsulated in 802.1 Ethernet Ethernet frame broadcast (dest: FFFFFFFFFFFF) on LAN, received at router running DHCP server
Ethernet demuxed to IP demuxed, UDP demuxed to DHCP
168.1.1.1
DHCPUDP
IPEthPhy
DHCP
DHCP
DHCP
DHCP
DHCP
DHCPUDP
IPEthPhy
DHCP
DHCP
DHCP
DHCPDHCP
DHCP: example
src: Kurose & Ross
DCP server formulates DHCP ACK containing client’s IP address, IP address of first-hop router for client, name & IP address of DNS server encapsulation of DHCP server, frame forwarded to client, demuxing up to DHCP at client
DHCP: example
router with DHCP server built into router
DHCP
DHCP
DHCP
DHCP
DHCPUDP
IPEthPhy
DHCP
DHCPUDP
IPEthPhy
DHCP
DHCP
DHCP
DHCP
client now knows its IP address, name and IP address of DSN server, IP address of its first-hop router
src: Kurose & Ross
ver length
32 bits
data (variable length,typically a TCP
or UDP segment)
16-bit identifier
header checksum
time tolive
32 bit source IP address
head.len
type ofservice
flgsfragment
offsetupper layer
32 bit destination IP address
options (if any)
IP datagram formatIP protocol version
numberheader length
(bytes)
upper layer protocolto deliver payload to
total datagramlength (bytes)
“type” of data forfragmentation/reassemblymax number
remaining hops(decremented at
each router)
e.g. timestamp,record routetaken, specifylist of routers to visit.
how much overhead?
20 bytes of TCP 20 bytes of IP = 40 bytes + app
layer overheadsrc: Kurose & Ross
IP fragmentation, reassembly
network links have MTU (max.transfer size) - largest possible link-level frame different link types,
different MTUs large IP datagram
divided (“fragmented”) within net one datagram becomes
several datagrams “reassembled” only at
final destination IP header bits used to
identify, order related fragments
can be refragmented
fragmentation: in: one large datagramout: 3 smaller datagrams
reassembly
…
…
src: Kurose & Ross
IP fragmentation, reassembly
MTU for some networks Hyperchannel - 65535 Token Ring (16Mbps) - 17914 Token Ring (4Mbps) - 4464 FDDI - 4352 Ethernet - 1500 X.25 - 576 PPP - 296
Network Layer4-36
ID=x
offset=0
fragflag=0
length=4000
ID=x
offset=0
fragflag=1
length=1500
ID=x
offset=185
fragflag=1
length=1500
ID=x
offset=370
fragflag=0
length=1040
one large datagram becomesseveral smaller datagrams
example: 4000 byte
datagram MTU = 1500 bytes
1480 bytes in data field
offset =1480/8
IP fragmentation, reassembly
Flags:D - Don’t FragmentM - More Fragments
x D M
Example : Re-fragmentation
Src: Forouzan - Data Communication and Networking
Re-fragmentation ?
Example : Re-fragmentation
Src: Forouzan - Data Communication and Networking
Re-fragmentation
IP fragmentation, reassembly
Questions A pkt has arrived with an M bit of 0. Is this the
first, last of middle segment? Can we say if pkt was fragmented?
A pkt has arrived with an M bit of 1. Is this the first, last of middle segment? Can we say if pkt was fragmented?
A pkt has arrived with an M bit of 1 and offset value 0. Is this the first, last of middle segment? Can we say if pkt was fragmented?
A pkt has arrived with offset value 100, and HLEN value of 5, value of total length field is 100. What are the numbers of the first byte and last byte?
IP Fragmentation IP Fragmentation is avoided in generalPath MTU (PMTU) discovery is used
to find the max segment size for a given pathFragment is a costly process
especially for NAT address•is configured by default in any enterprise
Network Layer4-65
ICMP: internet control message protocolRFC 792
used by hosts & routers to communicate network-level information error reporting:
unreachable host, network, port, protocol
echo request/reply (used by ping)
network-layer “above” IP: ICMP msgs carried in IP
datagrams ICMP message: type,
code plus first 8 bytes of IP datagram causing error
Query Messages:Type Code description0/8 0 Echo reply/request (ping)13/14 0 Timestamp request/reply10/9 0 Router solicitation/advt
Error Reporting Messages3 0 dest. network unreachable3 1 dest host unreachable3 2 dest protocol unreachable3 3 dest port unreachable3 6 dest network unknown3 7 dest host unknown4 0 source quench (congestion control - not used)5 0 Redirect11 0 TTL expired12 0 bad IP header
ICMP Redirect
Src: Forouzan - Data Communication and Networking
Traceroute and ICMP source sends series of
UDP segments to dest first set has TTL =1 second set has TTL=2,
etc. unlikely port number
when nth set of datagrams arrives to nth router: router discards
datagrams and sends source ICMP
messages (type 11, code 0)
ICMP messages includes name of router & IP address
when ICMP messages arrives, source records RTTs
stopping criteria: UDP segment
eventually arrives at destination host
destination returns ICMP “port unreachable” message (type 3, code 3)
source stops3 probes
3 probes
3 probes
src: Kurose & Ross
PMTU DiscoveryPMTU Discovery
source finds out the max fragment size on the path to destination
it is actually a misnomer•no actual discovery packet is sent from source
source sets ‘D’ (don’t fragment) bit in IP header
when a router is required to fragment • i.e. MTU of o/g link is small•packet is dropped and ICMP error is sent to source
– with the supported fragment size
source retransmits the packet with smaller fragment size•PMTU discovery continues till packet reaches
destination
PMTU Discovery Implementation on Linux machines
enabled by default$ sysctl net.ipv4.ip_no_pmtu_disc
net.ipv4.ip_no_pmtu_disc = 0
no PMTU discovery is disabled i.e. •PMTU discovery is enabled
To disable PMTU discovery$sudo sysctl -w net.ipv4.ip_no_pmtu_disc=1
NAT: network address translation
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
138.76.29.7
local network(e.g., home network)
10.0.0/24
rest ofInternet
datagrams with source or destination in this networkhave 10.0.0/24 address for source, destination (as usual)
all datagrams leaving local
network have same single source NAT IP
address: 138.76.29.7,different source port numbers
src: Kurose & Ross
Network Layer4-57
motivation: local network uses just one IP address as far as outside world is concerned: range of addresses not needed from ISP: just one IP address for all devices
can change addresses of devices in local network without notifying outside world
can change ISP without changing addresses of devices in local network
devices inside local net not explicitly addressable, visible by outside world (a security plus)
NAT: network address translation
Network Layer4-58
implementation: NAT router must:
outgoing datagrams: replace (source IP address, port #) of every outgoing datagram to (NAT IP address, new port #)
. . . remote clients/servers will respond using (NAT IP address, new port #) as destination addr
remember (in NAT translation table) every (source IP address, port #) to (NAT IP address, new port #) translation pair
incoming datagrams: replace (NAT IP address, new port #) in dest fields of every incoming datagram with corresponding (source IP address, port #) stored in NAT table
NAT: network address translation
Address Allocation for private networks
RFC 1918•One Class A network
• 10.0.0.0 - 10.255.255.255 (224)•16 Class B Networks
• 172.16.0.0 - 172.31.255.255 (220)•256 Class C Networks
• 192.168.0.0 - 192.168.255.255 (216)
Private addresses without NAT
Special purpose addresses
Loopbackaddress
Network Layer4-59
10.0.0.1
10.0.0.2
10.0.0.3
S: 10.0.0.1, 3345D: 128.119.40.186, 80
1
10.0.0.4
138.76.29.7
1: host 10.0.0.1 sends datagram to 128.119.40.186, 80
NAT translation tableWAN side addr LAN side addr
138.76.29.7, 5001 10.0.0.1, 3345…… ……
S: 128.119.40.186, 80 D: 10.0.0.1, 3345 4
S: 138.76.29.7, 5001D: 128.119.40.186, 802
2: NAT routerchanges datagramsource addr from10.0.0.1, 3345 to138.76.29.7, 5001,updates table
S: 128.119.40.186, 80 D: 138.76.29.7, 5001 3
3: reply arrives dest. address: 138.76.29.7, 5001
4: NAT routerchanges datagramdest addr from138.76.29.7, 5001 to 10.0.0.1, 3345
NAT: network address translation
+Protocol
src: Kurose & Ross
Network Layer4-60
16-bit port-number field: simultaneous connections on one NAT address!•65,535
NAT is controversial: routers should only process up to layer 3violates end-to-end argument
•NAT possibility must be taken into account by app designers, e.g., P2P applications
address shortage should instead be solved by IPv6
gets complicated with IP fragmentation
NAT: network address translation
Network Layer4-61
NAT traversal problem client wants to connect to
server with address 10.0.0.1 server address 10.0.0.1 local
to LAN (client can’t use it as destination addr)
only one externally visible NATed address: 138.76.29.7
solution1: statically configure NAT to forward incoming connection requests at given port to server e.g., (123.76.29.7, port 2500)
always forwarded to 10.0.0.1 port 25000
10.0.0.1
10.0.0.4
NAT router
138.76.29.7
client
?
src: Kurose & Ross
Network Layer4-62
NAT traversal problem solution 2: Universal Plug
and Play (UPnP) Internet Gateway Device (IGD) Protocol. Allows NATed host to:learn public IP address
(138.76.29.7)add/remove port
mappings (with lease times)
i.e., automate static NAT port map configuration
10.0.0.1
NAT router
IGD
src: Kurose & Ross
Network Layer4-63
NAT traversal problem solution 3: relaying (used in Skype)
NATed client establishes connection to relay external client connects to relay relay bridges packets between to
connections
138.76.29.7
client
1. connection torelay initiatedby NATed host
2. connection torelay initiatedby client
3. relaying established
NAT router
10.0.0.1
src: Kurose & Ross
NAT: network address translationTwo type of NAT
SNAT (Source NAT) Destination NAT
NAT for TCP Data entering from outside is allowed after
connection establishment NAT Entry is removed for connection close
NAT for UDP makes a short entry for small duration (30s ?)
Good Tutorial for Linux NAT http://www.frozentux.net/iptables-tutorial/
iptables-tutorial.html#NATINTRO
Thank You