Embed Size (px)
Citation preview
ITI-510
Computer
Networks ITI 510 – Computer NetworksMeeting 2
Rutgers University Internet InstituteInstructor: Chris Uriarte
ITI-510
Computer
Networks
Agenda for Meeting 2
• IP (Internet Protocol)• ARP and RARP (Address Resolution
Protocol, Reverse Address Resolution Protocol)
• ICMP (Internet Control Messaging Protocol)• IP Routing• traceroute, ping and arp utilities, host
routing tables
ITI-510
Computer
Networks
Some Very Basic Network Terms
• Node – generally refers to any addressable device on a network like a workstation, server, router, etc.
• Source – any nodes that initiates a network connection - “the sender” (source host, source node, etc.)
• Destination – any node that receives a network packet or is intened as the recipient of a network packet (destination host, destination node, etc.)
• Packet, Frame or Datagram - The unit of data that is routed between an source and a destination node on a network.
ITI-510
Computer
Networks
IP – Internet Protocol
• Developed by the DOD – quickly became the network protocol for governments, universities and businesses.
• Allows for the seamless integration of major network segments, new subnetworks and LANs without disrupting existing infrastructures.
• The protocol that defines the IP Addresses• Operates at the Network layer of the OSI
model
ITI-510
Computer
Networks
Nodes on an IP Network
• Nodes on an IP network each have a unique address – an IP Address
• Recall, IP addresses contain (4) eight bit numbers separated by decimal places – e.g. 126.6.4.4
• IP address blocks can be divided into subnets – small networks that contain a range of IP addresses.
• The Subnet Mask is used to define IP subnetworks within an IP Block.
• For example, a network 126.6.4.0 with a Subnet Mask of 255.255.255.0 contains the IP addresses 126.6.4.0 to 126.6.4.255.
ITI-510
Computer
Networks
IP Networks – Special Addresses
• Each IP Subnetwork contains 2 special addresses that cannot be used by hosts on the network.– The network address is the first IP address in a
subnetwork and can be used to describe the “name” of a particular IP subnetwork (e.g. the 128.6.4.0 network). Using a network address in conjunction with a subnet mask tells you EXACTLY the IP addresses contained in a subnetwork.
– The broadcast address is the last IP address in a subnetwork range and is used to send a packet to ALL hosts on a subnetwork. For example, sending a packet to 128.6.4.255 on the 128.6.4.0/255.255.255.0 network sends a packet to every host on that network)
ITI-510
Computer
Networks
Tying it All Together: Network Subnet, Broadcast Addresses
• For example:• If you have an IP network with a network
address of 64.220.31.0 and a subnet mask of 255.255.255.0, this means:– The Network address is 64.220.31.0– The Broadcast address is 64.220.31.255– The range of useable host IP addresses within
this network is 64.220.31.1 to 64.220.31.254.
ITI-510
Computer
Networks
Calculating IP Addresses in a Subnet
• Given a particular IP network address and a subnet mask, you can calculate IP addresses by comparing the Binary equivalents of the network address and the subnet address. Example:
• Network 128.4.3.0 with a subnet of 255.255.255.0Net: 10000000.00000100.00000011.00000000Mask: 11111111.11111111.11111111.00000000• The all-ones portion of the netmask corresponds to
the “network address” portion of an IP address. • The all-zeros portion of the netmask correspond to
the valid range of host IP addresses in a network.• In this example 128.4.3.0
(10000000.00000100.00000011.00000000) to 128.4.3.255 (10000000.00000100.00000011.11111111) are in the subnetwork described above.
ITI-510
Computer
Networks
Moving IP Packets from One Host to Another – IP Routing
• Sending an IP packet from one host to another host on network is known as IP Routing.
• In a computer network, the host sending a packet is known as the source host. The host receiving the packet is known as the destination host.
• When a host wants to transmit a packet to another host on an IP Network, several checks are made:– If the destination host is on the same subnet as the
source host, the packet is transmitted directly to the destination host.
– If the destination host is on a different subnet, the packet is sent to a gateway device, which is the essentially a packet’s “exit ramp” to other networks. This device is usually an IP router. The router ties multiple networks together.
– The source host uses the IP address/subnet mask calculations, demonstrated earlier, to determine if the destination host is on the same subnet or on a different subnet.
ITI-510
Computer
Networks
Basic IP Routing Example
ITI-510
Computer
Networks
Basic Rules for IP Routing
• ALL devices connecting to an IP network follow some very basic rules when determining where to send a packet:– If the destination host is part of the the local
network or a network the host is directly attached to, send the packet directly to the host.
– If the destination host is NOT attached to a local network, send the packet to a gateway device, which can determine what path the packet should take next.
• The rules above illustrate the concept of “next-hop routing”
ITI-510
Computer
Networks
Next-hop Routing
• IP does not need to know the complete route that must be followed to reach a destination host – It only needs to find the next hop that will take responsibility for delivering the packet.
ITI-510
Computer
Networks
Which Gateway Device?
• How does a host know what gateway device to use? What’s the IP address of the gateway device?– Remember, if a source host determines the
destination host is not on the local network, it must forward the packet to a gateway device.
• Can there be multiple gateway devices on a network?– What if we want our host to send packets
destined for network “A” to gateway device “A” and packets destined for network “B” to gateway device “B”.
• The use of Host Routing Tables allow us to address these specific questions.
ITI-510
Computer
Networks
Routing Tables
• Every device on an IP network has a routing table, which is essentially a roadmap for IP packets.
• The routing table tells the host where to send IP packets destined for a specific IP address or network and the addresses of any associated gateway devices.
• Simple logical IP Routing Table:Destination Address Address of Gateway
Device
128.6.5.0 128.6.4.254
128.7.7.0 128.6.4.128
Any other host/network 128.6.4.1
ITI-510
Computer
Networks
Example: Use of a Host Routing Table
ITI-510
Computer
Networks
Default Routes
• In the previous examples, the “Any other host/network” destination address is known as the default route.
• The default route is the gateway address all packets are sent to if the host cannot find a more specific route for the destination.
• Sometimes, the “Any other host/network” is displayed as “0.0.0.0” in the “Destination” column of the routing table.
• Most PCs on a network are only setup with one route – the default route. If a destination host is not on the local network, the packet is passed on to the default route.
• In the previous slide (diagram), the router 128.6.4.1 is setup as the default route for host “A”.
ITI-510
Computer
Networks
Examining Host Routing Tables
• You can view the routing table on your IP host. Use:– netstat –rn (UNIX hosts)– route print (Windows hosts)
• For example, on the UNIX host iti.rutgers.edu (165.230.30.68):
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
165.230.30.68 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
165.230.30.64 0.0.0.0 255.255.255.192 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 165.230.30.65 0.0.0.0 UG 0 0 0 eth0
ITI-510
Computer
Networks
The IP Packet
• The actual IP packet sent from one host to another is an arrangement of bits in a very specific format.
• The packet contains the most basic data needed to send a packet: the address of the source host, the address of the destination host and the actual data being sent.
• The packet also contains a number of additional mandatory and optional fields that describe protocol versions, packet size, checksums, and more.
ITI-510
Computer
Networks
Anatomy of an IP Packet
• An IP Packet contains a 20-byte header, followed by the actual data, sometimes referred to as the payload.
BIT 0 BIT 31
20 Bytes
Total
ITI-510
Computer
Networks
Examining some of the IP Header Fields
• Version - Always set to the value ‘4’, which is the current version of IP
• IHL (IP Header Length) – The number of 32-bit words (rows) that form the header
• Type of Service (TOS) - Usually set to 0, but may indicate particular Quality of Service needs from the network. There are essentially “handling instructions” for routers the can treat packets differently based on the contents of this field. This value can be set, for example, by the host operating system, a router or an application.– TOS Examples include:
• 0000 – Default• 0001 – “Minimize Monetary Cost”• 0010 – “Minimize Reliability”• 0100 – “Maximize Throughput”• 1000 - “Minimize Delay”• 1111 – “Maximize Security”
ITI-510
Computer
Networks
IP Header Fields con’t.
• Total Length – Represents, in bytes, the size of the entire IP packet, including the header and data.
• Identification – A 16-bit number which, together with the source address, uniquely identifies this packet - used during reassembly of fragmented datagrams.
• Flags - a sequence of three flags (one of the 4 bits is unused) used to control whether routers are allowed to fragment, or break apart, a packet, and to indicate the parts of a packet to the receiver
• Fragmentation Offset - a byte count from the start of the original sent packet, set by any router which performs IP router fragmentation.
ITI-510
Computer
Networks
IP Header Fields con’t.
• *Time To Live – The total number of hops /links which the packet may be routed over. When the packet hits a router, this value is decremented by most routers. Therefore, this value will enforce a maximum hop-count on a packet. This is used to prevent routing loops.
• *Protocol - A value used to represent what type of transport-level (layer 4) protocol or messaging protocol packet is being used with this IP packet:– 1 = ICMP; 2= IGMP; 6 = TCP; 17= UDP– e.g. TCP/IP packets always set to 6, UDP/IP
packets always set to 17, etc.
ITI-510
Computer
Networks
IP Header Fields con’t
• Header Checksum - A mathematical checksum inserted by the sender and updated whenever the packet header is modified by a router. Used to detect processing errors introduced into the packet inside a router. Packets with an invalid checksum are discarded by all nodes in an IP network.
• *Source Address - the IP address of the original sender of the packet.
• *Destination Address - the IP address of the final destination of the packet.
• Options - Not normally used, but when used the IP header length will be > 5 32-bit words to indicate the size of the options field
ITI-510
Computer
Networks
Sending IP Packets on Local Networks
• Before sending an IP packet directly to a host on a local LAN, it must first be “wrapped up” in a frame that is compatible with a lower-level protocol that operates on the Data Link Layer of the OSI model - this is usually the Ethernet protocol.
• The Data Link layer is responsible for moving packets from node to node on a local network.
• In addition to a network address, like an IP address, every node on an Ethernet network has a special hardware address.
ITI-510
Computer
Networks
Ethernet Node Hardware Addresses
• Each Ethernet node has a unique hardware address that is built into the Network Interface Card (NIC) that connects it to the network.
• This address is sometimes referred to as a MAC Address.
• A MAC Address is usually displayed as six groups of two hexadecimal digits, separated by colons:– 08:00:20:10:d2:ae
• This existence of this address is usually transparent to the end user.
ITI-510
Computer
Networks
Transmission of IP Packets over Ethernet
• When an IP packet is transmitted over an Ethernet LAN, the packet is encapsulated by an Ethernet packet, which contains the source and destination MAC address of the packet.
• The Ethernet packet (which contains the IP Packet) is sent across the LAN to the destination host.
• The destination host receives the Ethernet packet and extracts the IP packet it contains, which also contains the data (payload).
ITI-510
Computer
Networks
Sending an IP Packet over a LAN
ITI-510
Computer
Networks
MAC address and IP Address Pairings
• Therefore, a host must not only know the IP address of the host it is sending IP data to, but it must also know the MAC address associated with that destination IP address.
• How does a host determine the MAC address associated with a particular IP address???– Answer: ARP (Address Resolution Protocol)
ITI-510
Computer
Networks
APR – The Address Resolution Protocol
• ARP is a protocol for mapping an IP address to a physical machine address that is recognized in the local network. Most commonly, this is used to associated IP addresses (32-bits long) with Ethernet MAC addresses (48-bits long)
• A host usually keeps a table, known as the ARP cache, which maintains a correlation between each MAC address and its corresponding IP address.
• You can view a host’s ARP cache by issuing the “arp –a” command on UNIX and Windows hosts. (UNIX users may have to specify the full path to the arp utility: /sbin/arp –a)
ITI-510
Computer
Networks
ARP – How the Protocol Works
• After an IP packet is formed, the host must pass the packet down to the Data Link Layer (Layer 2), which is responsible for the Ethernet LAN protocol.
• Before the Ethernet packet is formed, a host looks in its ARP Cache to see if it has a MAC address entry that corresponds to the IP destination address.
• If an entry is found, the Ethernet packet is written, which contains the source and destination MAC addresses and the IP packet.
ITI-510
Computer
Networks
How ARP Works, con’t.
• If the host does not find a corresponding MAC address entry in the ARP cache, it sends a broadcast message to all hosts on the network, literally asking “Who has IP address 123.4.5.6?”.
• If host 123.4.5.6 is alive on the network, it will respond to the source host with it’s MAC address. At this point, the destination host will also update its ARP cache with the MAC address of the sender.
• Once the source host receives the MAC address, it updates its ARP cache, writes the Ethernet frame and sends it to the destination host over the network.
• Each host will maintain the IP-MAC address entry in the ARP cache for a period of time before it is expired.
ITI-510
Computer
Networks
Reverse ARP (RARP)
• A variant of ARP, called Reverse ARP, was developed to help a network node determine its own IP address.
• Upon bootup, diskless workstations may not contain any IP address setting. The workstation can issue a RARP broadcast that says “My MAC address is 08:00:20:10:d2:ae , what is my IP address??”, in hopes that some other server is listening and will provide and answer.
• In this cases, a centralized server needs to be configured with the necessary IP Address/MAC Address pairs.
• RARP, has been superseded by two superior protocols, which perform the same functionality – BOOTP and DHCP.
ITI-510
Computer
Networks
ICMP – Internet Control Message Protocol
• ICMP is a message control and error-reporting protocol between a host server and a gateway to the Internet.
• ICMP uses IP datagrams to transport its messages.
• ICMP messages are processed by the IP software portion of the operating system, are not directly apparent to the application user.
ITI-510
Computer
Networks
ICMP Message Generation
• There are a number of situations that may cause an ICMP message to be generated– A link is down to a host– The TTL (Time-to-Live) IP Hop-count have have
expired.
• When an error is detected, the IP packet is discarded by the router and an ICMP message is returned directly to the source host.
ITI-510
Computer
Networks
Types of ICMP Error Messages
• There are several types of ICMP Messages:– Destination Unreachable – A packet cannot
reach it’s destination host, service or application. Usually caused by a network link, host or application being down.
– Time Exceeded – The Time-To-Live for a packet has expired, i.e. the packet hit too many routers in its travels. Usually caused by routing loops.
– Parameter Problem – Some piece of data in the IP header just doesn’t make sense.
– Redirect – The router notifies the host sender to use another gateway for the desired path.
ITI-510
Computer
Networks
Transmission of ICMP Messages
• ICMP Messages are sent in the “Data” portion of an IP packet.
• The Protocol field in the IP packet is set to ’1’, signifies to a host that the data portion of the packet contains an ICMP message.
• The format of an ICMP message will vary based on the type of ICMP message.
• Refer to Feit’s TCP/IP, Signature Edition pp. 190 to 198 for specific formats.
ITI-510
Computer
Networks
When ICMP Messages are NOT Sent
• When a particular problem is encountered sending an ICMP message back to a host (we don’t want ICMP errors to create more ICMP packets).
• When a problem is encountered with broadcast or multicast packets (packets sent to all hosts on a network). (we don’t want multiple hosts responding with ICMP errors)
• Messages whose source addresses does not identify a unique hosts, like 0.0.0.0 or 127.0.0.1
ITI-510
Computer
Networks
The ping Utility
• Ping is a basic Internet program that lets you verify that a particular IP address exists and can accept requests.
• Generally used for network troubleshooting and to verify connectivity between hosts.
• Ping uses the ICMP ECHO function, which simply sends ICMP messages round-trip between hosts. When a destination host receives an ICMP ECHO request, it returns an ICMP ECHO message back to the source host.
ITI-510
Computer
Networks
The traceroute Utility
• Traceroute is a network debugging utility that attempts to trace the path a packet takes through the network - its route.
• It provides a visual depiction of each router a packet encounters between a source and destination host. Example:
iti% /usr/sbin/traceroute www.upenn.edutraceroute to NISC9.upenn.edu (128.91.2.28), 30 hops max, 38 byte packets 1 nb-gw (165.230.30.65) 0.824 ms 0.809 ms 0.718 ms 2 rucs-gw (128.6.227.1) 0.850 ms 0.629 ms 0.588 ms 3 transition2-gw (165.230.12.145) 0.994 ms 1.417 ms 1.188 ms 4 pcp01-hill012-svcs.Rutgers.EDU (198.151.130.2) 1.395 ms 1.046 ms 1.092 ms 5 rutgers-gw.Rutgers.EDU (198.151.130.194) 8.809 ms 110.798 ms 1.546 ms 6 jn1-at1-1-0-502.wor.vbns.net (204.147.128.26) 3.182 ms 3.041 ms 2.917 ms 7 jn1-so7-0-0-0.wae.vbns.net (204.147.136.136) 9.027 ms 8.344 ms 8.481 ms 8 abilene-vbns.abilene.ucaid.edu (198.32.11.9) 12.166 ms 11.791 ms 12.325 ms 9 local.abilene.magpi.net (198.32.42.133) 15.652 ms 15.592 ms 15.284 ms10 less.upenn.magpi.net (198.32.42.234) 15.283 ms 15.567 ms 15.652 ms11 DEFAULT1-GW-FE2.UPENN.EDU (165.123.217.2) 20.907 ms DEFAULT1-GW-FE.UPENN.EDU
(165.123.237.2) 16.578 ms DEFAULT1-GW-FE2.UPENN.EDU (165.123.217.2) 16.421 ms12 NISC9.UPENN.EDU (128.91.2.28) 17.149 ms 16.147 ms 16.265 ms
ITI-510
Computer
Networks
Traceroute, con’t.
• How traceroute works:– Traceroute transmits packets with small TTL values.
Recall that the TTL (Time To Live) is an IP header field that is designed to prevent packets from running in loops. Every router that handles a packet subtracts one from the packet's TTL. If the TTL reaches zero, the packet has expired and is discarded.
– Traceroute depends on the common router practice of sending an ICMP Time Exceeded message, back to the sender when a TTL timeout occurs.
– By using small TTL values which quickly expire, traceroute causes routers along a packet's normal delivery path to generate these ICMP messages which identify the router.
– A TTL value of one should produce a message from the first router; a TTL value of two generates a message from the second; etc.
ITI-510
Computer
Networks
Traceroute, con’t.
• In a typical traceroute session, a group of packets with TTL=1 are sent. A single router should respond, using the IP address of the interface it transmits the ICMP Timeout messages on.
• The user is told this IP address, and DNS is used to convert this into a hostname, if available. Also, round trip times are reported for each packet in the group.
• Traceroute reports any additional ICMP messages (such as destination unreachable errors) using a rather cryptic syntax: – - !N means network unreachable, !H means host
unreachable, etc. • Once this first group of packets has been processed
(this can take 10 seconds or no time at all), the second group (TTL=2) begins transmitting, and the whole process repeats
ITI-510
Computer
Networks
Traceroute, usage:
• UNIX Hosts:– traceroute <IP Address or Hostname> - e.g.– traceroute www.yahoo.com
• Windows Hosts:– tracert <IP Address or Hostname> - e.g.:– tracert www.yahoo.com
ITI-510
Computer
Networks
Recommended Reading
• Chapters 4, 6, 7, and 8 in TCP/IP, Signature Edition by Sidnie Feit.
ITI-510
Computer
Networks
Next Meeting…
• Introduction to Interconnection Devices (routers, hubs, switches, bridges, etc.)
• Dynamic Routing Protocols• UDP (User Datagram Protocol0• TCP (Transmission Control Protocol)
![Presenters: Stella Kim Ashley Lee Freddalicia Escobar Christian Uriarte :]](https://img.pdfslide.us/doc/110x75/56649ecb5503460f94bd9746/presenters-stella-kim-ashley-lee-freddalicia-escobar-christian-uriarte-.jpg)
