Chapter 4-3 IP header and more

Chapter 4: Network Layer 4. 1 Introduction 4.2 Virtual circuit and datagram networks 4.3 What’s inside a router 4.4 IP: Internet Protocol Datagram format IPv4 addressing ICMP IPv6 4.5 Routing algorithms Link state Distance Vector Hierarchical routing 4.6 Routing in the Internet RIP OSPF BGP 4.7 Broadcast and multicast routing IP header and more 2

Internet Protocol (IP) Hour Glass Model Create abstraction layer that hides underlying technology from network application software Make as minimal as possible Allows range of current & future technologies Can support many different types of applications email WWW phone... SMTP HTTP RTP... TCP UDP… IP ethernet PPP… CSMA async sonet... copper fiber radio... Network applications Network technology IP header and more

Internetwork Design How do I designate a distant host? ... ... host host host host host host LAN 1 LAN 2 router router router WAN WAN How do I designate a distant host? Addressing / naming How do I send information to a distant host? What gets sent? What route should it take? Must support: Heterogeneity LAN technologies Scalability  ensure ability to grow to worldwide scale IP header and more

IP Service IP supports the following services: one-to-one (unicast) one-to-all (broadcast) one-to-several (multicast) IP multicast also supports a many-to-many service. IP multicast requires support of other protocols (IGMP, multicast routing) unicast broadcast multicast IP header and more

IP Datagram Format 20 bytes ≤ Header Size < 24 x 4 bytes = 60 bytes 20 bytes ≤ Total Length < 216 bytes = 65536 bytes IP header and more

IP Datagram Format Question: In which order are the bytes of an IP datagram transmitted? Answer: Transmission is row by row For each row: 1. First transmit bits 0-7 2. Then transmit bits 8-15 3. Then transmit bits 16-23 4. Then transmit bits 24-31 This is called network byte order or big endian byte ordering. Note: Many computers (incl. Intel processors) store 32-bit words in little endian format. Others (incl. Motorola processors) use big endian. IP header and more

Big endian vs. small endian Conventions to store a multibyte work Example: a 4 byte Long Integer Byte3 Byte2 Byte1 Byte0 Little Endian Stores the low-order byte at the lowest address and the highest order byte in the highest address. Base Address+0 Byte0 Base Address+1 Byte1 Base Address+2 Byte2 Base Address+3 Byte3 Intel processors use this order Big Endian Stores the high-order byte at the lowest address, and the low-order byte at the highest address. Base Address+0 Byte3 Base Address+1 Byte2 Base Address+2 Byte1 Base Address+3 Byte0 Motorola processors use big endian. IP header and more

The IP Protocol(P363 fig. 4.13) IP Header IP header and more

IP header and more

Fields of the IP Header Version (4 bits): current version is 4, next version will be 6. Header length (4 bits): length of IP header, in multiples of 4 bytes DS/ECN field (1 byte) This field was previously called as Type-of-Service (TOS) field. The role of this field has been re-defined, but is “backwards compatible” to TOS interpretation Differentiated Service (DS) (6 bits): Used to specify service level (currently not supported in the Internet) Explicit Congestion Notification (ECN) (2 bits): New feedback mechanism used by TCP IP header and more

Fields of the IP Header Identification (16 bits): Unique identification of a datagram from a host. Incremented whenever a datagram is transmitted Flags (3 bits): First bit always set to 0 DF bit (Do not fragment) MF bit (More fragments) Will be explained later Fragmentation IP header and more

Fields of the IP Header Time To Live (TTL) (1 byte): Specifies longest paths before datagram is dropped Role of TTL field: Ensure that packet is eventually dropped when a routing loop occurs Used as follows: Sender sets the value (e.g., 64) Each router decrements the value by 1 When the value reaches 0, the datagram is dropped IP header and more

Fields of the IP Header Protocol (1 byte): Specifies the higher-layer protocol. Used for demultiplexing to higher layers. Header checksum (2 bytes): A simple 16-bit long checksum which is computed for the header of the datagram. IP header and more

Fields of the IP Header Options: Security restrictions Record Route: each router that processes the packet adds its IP address to the header. Timestamp: each router that processes the packet adds its IP address and time to the header. (loose) Source Routing: specifies a list of routers that must be traversed. (strict) Source Routing: specifies a list of the only routers that can be traversed. Padding: Padding bytes are added to ensure that header ends on a 4-byte boundary IP header and more

Maximum Transmission Unit Maximum size of IP datagram is 65535, but the data link layer protocol generally imposes a limit that is much smaller Example: Ethernet frames have a maximum payload of 1500 bytes  IP datagrams encapsulated in Ethernet frame cannot be longer than 1500 bytes The limit on the maximum IP datagram size, imposed by the data link protocol is called maximum transmission unit (MTU) MTUs for various data link protocols: Ethernet: 1500 FDDI: 4352 802.3: 1492 ATM AAL5: 9180 802.5: 4464 PPP: negotiated IP header and more

IP Fragmentation What if the size of an IP datagram exceeds the MTU? IP datagram is fragmented into smaller units. What if the route contains networks with different MTUs? MTUs: FDDI: 4352 Ethernet: 1500 Fragmentation: IP router splits the datagram into several datagram Fragments are reassembled at receiver IP header and more

IP Fragmentation Every network has own Maximum Transmission Unit (MTU) host router router MTU = 1500 host MTU = 4000 Every network has own Maximum Transmission Unit (MTU) Largest IP datagram it can carry within its own packet frame E.g., Ethernet is 1500 bytes Don’t know MTUs of all intermediate networks in advance IP Solution When hit network with small MTU, fragment packets IP header and more

Reassembly Where to do reassembly? End nodes End nodes or at routers? End nodes Avoids unnecessary work where large packets are fragmented multiple times If any fragment missing, delete entire packet Dangerous to do at intermediate nodes How much buffer space required at routers? What if routes in network change? Multiple paths through network All fragments only required to go through destination IP header and more

Where is Fragmentation done? Fragmentation can be done at the sender or at intermediate routers The same datagram can be fragmented several times. Reassembly of original datagram is only done at destination hosts !! IP header and more

Reassembly IP header and more

What’s involved in Fragmentation? The following fields in the IP header are involved: Identification When a datagram is fragmented, the identification is the same in all fragments Flags DF bit is set: Datagram cannot be fragmented and must be discarded if MTU is too small MF bit set: This datagram is part of a fragment and an additional fragment follows this one IP header and more

What’s involved in Fragmentation? The following fields in the IP header are involved: Fragment offset Offset of the payload of the current fragment in the original datagram Total length Total length of the current fragment IP header and more

Example of Fragmentation A datagram with size 2400 bytes must be fragmented according to an MTU limit of 1000 bytes IP header and more

IP header and more

example fragment 1 fragment 2 offset = 1400/8 = 175 total 3800 bytes Data offset = 0/8 = 0 header bytes 0 1400 2800 3799 header 1 header 2 header 3 bytes 0 1399 1400 2799 2800 3799 fragment 1 fragment 2 fragment 3 offset = 0/8 = 0 offset = 1400/8 = 175 offset = 2800/8 = 350 IP header and more

IP Fragmentation Example #1 router host MTU = 4000 IP Header Data Length = 3820, M=0 IP header and more

IP Fragmentation Example #2 MTU = 2000 router router IP Header Data Length = 2000, M=1, Offset = 0 1980 bytes IP Header Data Length = 3820, M=0 3800 bytes IP Data Header Length = 1840, M=0, Offset = 1980 1820 bytes IP header and more

IP Fragmentation Example #3 host router MTU = 1500 IP Header Data Length = 1500, M=1, Offset = 0 1480 bytes IP Header Data Length = 2000, M=1, Offset = 0 1980 bytes IP Header Data Length = 520, M=1, Offset = 1480 500 bytes IP Header Data Length = 1500, M=1, Offset = 1980 1480 bytes IP Data Header Length = 1840, M=0, Offset = 1980 1820 bytes IP Header Data Length = 360, M=0, Offset = 3460 340 bytes IP header and more

IP Reassembly Fragments might arrive out-of-order Header Data Length = 1500, M=1, Offset = 0 Fragments might arrive out-of-order Don’t know how much memory required until receive final fragment Some fragments may be duplicated Keep only one copy Some fragments may never arrive After a while, give up entire process IP Header Data Length = 520, M=1, Offset = 1480 IP Header Data Length = 1500, M=1, Offset = 1980 IP Header Data Length = 360, M=0, Offset = 3460 IP Data IP header and more

Determining the length of fragments To determine the size of the fragments we recall that, since there are only 13 bits available for the fragment offset, the offset is given as a multiple of eight bytes. As a result, the first and second fragment have a size of 996 bytes (and not 1000 bytes). This number is chosen since 976 is the largest number smaller than 1000–20= 980 that is divisible by eight. The payload for the first and second fragments is 976 bytes long, with bytes 0 through 975 of the original IP payload in the first fragment, and bytes 976 through 1951 in the second fragment. The payload of the third fragment has the remaining 428 bytes, from byte 1952 through 2379. With these considerations, we can determine the values of the fragment offset, which are 0, 976 / 8 = 122, and 1952 / 8 = 244, respectively, for the first, second and third fragment. IP header and more

ICMP: Internet Control Message Protocol Used by hosts, routers, gateways to communication network-level information Error reporting: unreachable host, network, port, protocol Echo request/reply (used by ping) Network-layer “above” IP: ICMP msgs carried in IP datagrams ICMP message: type, code plus first 8 bytes of IP datagram causing error Type Code description 0 0 echo reply (ping) 3 0 dest. network unreachable 3 1 dest host unreachable 3 2 dest protocol unreachable 3 3 dest port unreachable 3 6 dest network unknown 3 7 dest host unknown 4 0 source quench (congestion control - not used) 8 0 echo request (ping) 9 0 route advertisement 10 0 router discovery 11 0 TTL expired 12 0 bad IP header IP header and more

Traceroute and ICMP Source sends series of UDP segments to dest First has TTL =1 Second has TTL=2, etc. Unlikely port number When nth datagram arrives to nth router: Router discards datagram And sends to source an ICMP message (type 11, code 0) Message includes name of router& IP address When ICMP message arrives, source calculates RTT Traceroute does this 3 times Stopping criterion UDP segment eventually arrives at destination host Destination returns ICMP “host unreachable” packet (type 3, code 3) When source gets this ICMP, stops. IP header and more Network Layer 4-33 33

IP MTU Discovery with ICMP host router router MTU = 1500 host MTU = 4000 Typically send series of packets from one host to another Typically, all will follow same route Routes remain stable for minutes at a time Makes sense to determine path MTU before sending real packets Operation Send max-sized packet with “do not fragment” flag set If encounters problem, ICMP message will be returned “Destination unreachable: Fragmentation needed” Usually indicates MTU encountered IP header and more

IP MTU Discovery with ICMP Frag. Needed MTU = 2000 MTU = 2000 host MTU = 4000 router router MTU = 1500 host IP Packet Length = 4000, Don’t Fragment IP header and more

IP MTU Discovery with ICMP Frag. Needed MTU = 1500 MTU = 2000 host MTU = 4000 router router MTU = 1500 host IP Packet Length = 2000, Don’t Fragment IP header and more

IP MTU Discovery with ICMP host MTU = 4000 router router MTU = 1500 host IP Packet Length = 1500, Don’t Fragment When successful, no reply at IP level “No news is good news” Higher level protocol might have some form of acknowledgement IP header and more

ARP-The Address Resolution Protocol Situation: Addressing hosts using IP addresses is great, but these addresses are not recognized by the hardware of those hosts. Example: a host on an Ethernet LAN will only read messages encapsulated in frames containing that host’s hardware address. Problem: How do we find out the hardware (i.e. datalink) address of a host, given its Internet address? IP header and more

ARP-The Address Resolution Protocol 1. Router: Ask each host on the LAN whether they have the requested IP address. This is done by encapsulating the query as an ARP message in a datalink frame, and broadcasting it. IP header and more

How ARP works? IP header and more

ARP-The Address Resolution Protocol 2. Host: Recognizes it is dealing with an ARP message, checks whether it has the requested address, and if so, sends a reply back with its datalink address. Question: how can the host recognize an ARP message? 3. Router: Recognizes a reply ARP message, and (generally) caches the IP address with the datalink address. It can then forward IP datagrams to the correct host, encapsulating them in datalink frames. Question: what should the router do when no one replies? IP header and more

Address Resolution Protocol (ARP) op: Operation 1: request 2: reply Sender Host sending ARP message Target Intended receiver of message op Sender MAC address Sender IP Address Target MAC address Target IP Address Diagrammed for Ethernet (6-byte MAC addresses) Low-Level Protocol Operates only within local network Determines mapping from IP address to hardware (MAC) address Mapping determined dynamically No need to statically configure tables Only requirement is that each host know its own IP address IP header and more

ARP Request Requestor Mapping Sending op: Operation 1: request Sender Host that wants to determine MAC address of another machine Target Other machine op Sender MAC address Sender IP Address Target MAC address Target IP Address Requestor Fills in own IP and MAC address as “sender” Why include its MAC address? Mapping Fills desired host IP address in target IP address Sending Send to MAC address ff:ff:ff:ff:ff:ff Ethernet broadcast IP header and more

ARP Reply Responder becomes “sender” Fill in own IP and MAC address op: Operation 2: reply Sender Host with desired IP address Target Original requestor op Sender MAC address Sender IP Address Target MAC address Target IP Address Responder becomes “sender” Fill in own IP and MAC address Set requestor as target Send to requestor’s MAC address IP header and more

ARP Example Exchange Captured with windump Requestor: Desired host: Time Source MAC Dest MAC 09:37:53.729185 0:2:b3:8a:35:bf ff:ff:ff:ff:ff:ff 0806 60: arp who-has 128.2.222.198 tell 128.2.194.66 09:37:53.729202 0:3:47:b8:e5:f3 0:2:b3:8a:35:bf 0806 42: arp reply 128.2.222.198 is-at 0:3:47:b8:e5:f3 Exchange Captured with windump Windows version of tcpdump Requestor: blackhole-ad.scs.cs.cmu.edu (128.2.194.66) MAC address 0:2:b3:8a:35:bf Desired host: bryant-tp2.vlsi.cs.cmu.edu (128.2.222.198) MAC address 0:3:47:b8:e5:f3 IP header and more

Caching ARP Entries Efficiency Concern Would be very inefficient to use ARP request/reply every time need to send IP message to machine Each Host Maintains Cache of ARP Entries Add entry to cache whenever get ARP response Set timeout of ~20 minutes IP header and more

ARP Cache Example Show using command “arp -a” Interface: 128.2.222.198 on Interface 0x1000003 Internet Address Physical Address Type 128.2.20.218 00-b0-8e-83-df-50 dynamic 128.2.102.129 00-b0-8e-83-df-50 dynamic 128.2.194.66 00-02-b3-8a-35-bf dynamic 128.2.198.34 00-06-5b-f3-5f-42 dynamic 128.2.203.3 00-90-27-3c-41-11 dynamic 128.2.203.61 08-00-20-a6-ba-2b dynamic 128.2.205.192 00-60-08-1e-9b-fd dynamic 128.2.206.125 00-d0-b7-c5-b3-f3 dynamic 128.2.206.139 00-a0-c9-98-2c-46 dynamic 128.2.222.180 08-00-20-a6-ba-c3 dynamic 128.2.242.182 08-00-20-a7-19-73 dynamic 128.2.254.36 00-b0-8e-83-df-50 dynamic IP header and more

ARP Cache Surprise How come 3 machines have the same MAC address? Interface: 128.2.222.198 on Interface 0x1000003 Internet Address Physical Address Type 128.2.20.218 00-b0-8e-83-df-50 dynamic 128.2.102.129 00-b0-8e-83-df-50 dynamic 128.2.194.66 00-02-b3-8a-35-bf dynamic 128.2.198.34 00-06-5b-f3-5f-42 dynamic 128.2.203.3 00-90-27-3c-41-11 dynamic 128.2.203.61 08-00-20-a6-ba-2b dynamic 128.2.205.192 00-60-08-1e-9b-fd dynamic 128.2.206.125 00-d0-b7-c5-b3-f3 dynamic 128.2.206.139 00-a0-c9-98-2c-46 dynamic 128.2.222.180 08-00-20-a6-ba-c3 dynamic 128.2.242.182 08-00-20-a7-19-73 dynamic 128.2.254.36 00-b0-8e-83-df-50 dynamic IP header and more

ARP cheat IP header and more

ARP cheat-middle people IP header and more

ARP single-way cheat IP header and more

ARP Man-in-the-Middle Attack，MITM IP header and more

IPv6 Initial motivation: 32-bit address space soon to be completely allocated. Additional motivation: header format helps speed processing/forwarding header changes to facilitate QoS IPv6 datagram format: fixed-length 40 byte header no fragmentation allowed IP header and more 53

IPv6 Header Note: The flow label is used to set up a pseudo connection between source and destination. It identifies a flow for which, for example, bandwidth has been reserved. IP header and more

IPv6 Header (Cont) Priority: identify priority among datagrams in flow Flow Label: identify datagrams in same “flow.” (concept of“flow” not well defined). Next header: identify upper layer protocol for data IP header and more

Other Changes from IPv4 Checksum: removed entirely to reduce processing time at each hop Options: allowed, but outside of header, indicated by “Next Header” field ICMPv6: new version of ICMP additional message types, e.g. “Packet Too Big” multicast group management functions IP header and more

IPv6 header vs. IPv4 header IP header and more

IPv6 Note: A simpler header is almost impossible – further info is provided by next headers. Note: No checksum, and no fragmentation fields. IPv6 – Address Space Big difference: IPv6 uses 16-byte addresses. This is really a lot: 7x1023addresses per square meter. It does allow us to be less efficient with address allocation: 72% is unassigned. IP header and more

IP header and more

IPv6 – Extension Headers Basic idea: Keep the main header as simple as possible, and provide any further information in an (optional) extension header: Important: Note that fragmentation is still supported, but that only the source host can do it. Routers never fragment datagrams anymore. IP header and more

IPv6 – Security Illustrative example: There was a lot of discussion on where and how to incorporate security in IPv6: If you are really concerned about security, would you trust anything else but end–to–end encryption? Having security in the network layer offers a generally useful service to many applications. Those that don’t want to use it, just ignore it. Network-layer protocols have to run in every country. Some countries disallow cryptosystems that the government can’t decrypt easily. Are the default crypto-algorithms good enough? For example, MD5 has recently been cracked. IP header and more

IPv6 – Security The main issue here, as with almost every protocol, is to decide in which layer we should put functionality. There are many people who argue that only end–to–end solutions should be applied. The rest (i.e. general solutions) will never be good enough. IP header and more

Transition From IPv4 To IPv6 Not all routers can be upgraded simultaneous no “flag days” How will the network operate with mixed IPv4 and IPv6 routers? Tunneling: IPv6 carried as payload in IPv4 datagram among IPv4 routers IP header and more

Tunneling A B E F Logical view: Physical view: A B E F tunnel IPv6 IP header and more

Tunneling A B E F Logical view: A B C D E F Physical view: Src:B IPv6 IPv6 IPv6 IPv6 A B C D E F Physical view: IPv6 IPv6 IPv4 IPv4 IPv6 IPv6 Flow: X Src: A Dest: F data Flow: X Src: A Dest: F data Src:B Dest: E Flow: X Src: A Dest: F data Src:B Dest: E Flow: X Src: A Dest: F data A-to-B: IPv6 E-to-F: IPv6 B-to-C: IPv6 inside IPv4 B-to-C: IPv6 inside IPv4 IP header and more

Dual Stack IP header and more

IPv4 client TCP Datalink IPv6 client TCP Datalink IPv6 server IPv4-mapped IPv6 address TCP IPv4 IPv6 Datalink IP header and more

The 6Bone IP header and more

Next 4. 1 Introduction 4.2 Virtual circuit and datagram networks 4.3 What’s inside a router 4.4 IP: Internet Protocol Datagram format IPv4 addressing ICMP IPv6 4.5 Routing algorithms Link state Distance Vector Hierarchical routing 4.6 Routing in the Internet RIP OSPF BGP 4.7 Broadcast and multicast routing IP header and more Network Layer 4-69 69