Fragmentation issues in IPv4/IPv6 translation

Slides:



Advertisements
Similar presentations
CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Advertisements

CS 457 – Lecture 16 Global Internet - BGP Spring 2012.
IP Fragmentation. MTU Maximum Transmission Unit (MTU) –Largest IP packet a network will accept –Arriving IP packet may be larger IP Packet MTU.
Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.
CSE 461: IP/ICMP and the Network Layer. Next Topic  Focus:  How do we build large networks?  Introduction to the Network layer  Internetworks  Service.
Chapter 20 Network Layer: Internet Protocol Stephen Kim 20.1.
Network Layer Packet Forwarding IS250 Spring 2010
EEC-484/584 Computer Networks Lecture 10 Wenbing Zhao (Part of the slides are based on Drs. Kurose & Ross ’ s slides for their Computer.
EEC-484/584 Computer Networks Lecture 11 Wenbing Zhao (Part of the slides are based on Drs. Kurose & Ross ’ s slides for their Computer.
1 Internet Networking Spring 2005 Tutorial 2 IP Checksum, Fragmentation.
1 Internet Networking Spring 2004 Tutorial 2 IP Checksum, Fragmentation.
Internet Networking Spring 2003
1 Internet Networking Spring 2002 Tutorial 2 IP Checksum, Fragmentation.
EEC-484/584 Computer Networks Lecture 13 Wenbing Zhao (Part of the slides are based on Drs. Kurose & Ross ’ s slides for their Computer.
Notes for IPv6 Terrance Lee. Transition Mechanisms for IPv6 Hosts and Routers (RFC 2893)
IP/ICMP Translation Algorithm (IIT) Xing Li, Congxiao Bao, Fred Baker
Petrozavodsk State University, Alex Moschevikin, 2003NET TECHNOLOGIES Internet Control Message Protocol ICMP author -- J. Postel, September The purpose.
© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking Network Layer ICMP and fragmentation.
The Network Layer. Network Projects Must utilize sockets programming –Client and Server –Any platform Please submit one page proposal Can work individually.
1 IP: putting it all together Part 2 G53ACC Chris Greenhalgh.
Fragmentation Fragmentation and reassembly are done by the IP layer Fragmentation and reassembly are done by the IP layer Identification (16 bits) Identification.
CSE4213 Computer Networks II
 The basis the Internet is built upon  Very simple, but allows more complex stuff to be layered on top.
Chapter 81 Internet Protocol (IP) Our greatest glory is not in never failing, but in rising up every time we fail. - Ralph Waldo Emerson.
ECE 4110 – Internetwork Programming IP Protocol. 2 * From TCP/IP Protocol Suite, B. A. Forouzan, Prentice Hall Position of IP in TCP/IP Protocol Suite.
CS4550 Computer Networks II IP : internet protocol, part 2 : packet formats, routing, routing tables, ICMP read feit chapter 6.
1 Network Layer Lecture 16 Imran Ahmed University of Management & Technology.
EECB 473 DATA NETWORK ARCHITECTURE AND ELECTRONICS PREPARED BY JEHANA ERMY JAMALUDDIN Basic Packet Processing: Algorithms and Data Structures.
Communications Services Connection Oriented Service  A connection is established  Data is sent or received over this connection  Connection may be terminated.
Chapter 21 IP Encapsulation, Fragmentation, and Reassembly.
CSC 600 Internetworking with TCP/IP Unit 5: IP, IP Routing, and ICMP (ch. 7, ch. 8, ch. 9, ch. 10) Dr. Cheer-Sun Yang Spring 2001.
1 Requirements for Internet Routers (Gateways) and Hosts Relates to Lab 3. (Supplement) Covers the compliance requirements of Internet routers and hosts.
ICMPv6 Error Message Types Informational Message Types.
1 Computer Communication & Networks Lecture 19 Network Layer: IP and Address Mapping Waleed Ejaz.
ZyXEL Confidential ICMPv6 Feng Zhou SW2 ZyXEL Communications Corp. 03/27/2006.
INTERNET CONTROL MESSAGE PROTCOL. ICMP n allows router to send error or control messages to another router or host n provides communication between IP.
Uni Innsbruck Informatik th IETF, PMTUD WG: Path MTU Discovery Using Options draft-welzl-pmtud-options-01.txt Michael Welzl
Understanding IPv6 Slide: 1 Lesson 5 ICMPv6. Understanding IPv6 Slide: 2 Lesson Objectives Purpose of ICMPv6 and the structure of all ICMPv6 messages.
Network Layer Protocols COMP 3270 Computer Networks Computing Science Thompson Rivers University.
Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Network Layer/IP Protocols 1. Outline IP Datagram (IPv4) NAT Connection less and connection oriented service 2.
Security Implications of Predictable Fragment Identification Values
A Fragmentation Strategy for Generic Routing Encapsulation (GRE)
Graciela Perera Department of Computer Science and Information Systems Slide 1 of 18 INTRODUCTION NETWORKING CONCEPTS AND ADMINISTRATION CSIS 3723 Graciela.
Ethernet switches and IP routers
Introduction to Networks
IP Fragmentation. MTU Maximum Transmission Unit (MTU) –Largest IP packet a network will accept –Arriving IP packet may be larger IP Packet MTU.
Network Layer & IP Protocol.
Ingress Filtering, Site Multihoming, and Source Address Selection
COMPUTER NETWORKS CS610 Lecture-33 Hammad Khalid Khan.
IP (slides derived from past EE122 sections)
Internet Networking Spring 2002
Extending Option Space Discussion Overview and its requirements
Stateless Source Address Mapping for ICMPv6 Packets
Byungchul Park ICMP & ICMPv DPNM Lab. Byungchul Park
CS 457 – Lecture 10 Internetworking and IP
Internet Control Message Protocol (ICMP)
IP - The Internet Protocol
IP : Internet Protocol Surasak Sanguanpong
EEC-484/584 Computer Networks
IP Encapsulation, Fragmentation, and Reassembly
IP - The Internet Protocol
Net 323 D: Networks Protocols
IP - The Internet Protocol
DHCP: Dynamic Host Configuration Protocol
IP - The Internet Protocol
NET 323D: Networks Protocols
draft-venaas-bier-mtud-01
Chapter 4: outline 4.1 Overview of Network layer data plane
Presentation transcript:

Fragmentation issues in IPv4/IPv6 translation marcelo bagnulo behave WG – IETF76

Incoming IPv4 packet - Full pkt, DF=1 Resulting IPv6 packet does NOT include the fragment header (PMUTD should work e2e) Issue: If the packet is too big for the outgoing MTU in IPv6, should the translator generate and ICMP error Packet too big? Proposed solution: both stateless and stateful translator MUST behave as a router on this I.e. Send packet too big errors

Incoming IPv4 packet - Full pkt, DF=0 As currently defined: Resulting IPv6 packets MUST fit in 1280 bytes, so add the fragment header if needed. The fields of the fragment header are copied from the IPv4 fields. Issue: Would this result in significant amount of fragmentation? Should the translator perform PMUTD for IPv6 destinations? This affects both stateless and stateful, should we use the same approach to both? My reading so far is that we should send 1280 byte long packets (i.e. as currently defined in stateless)

Incoming IPv4 packet – Fragment (I) Fragment: Add fragment header, copy fields from IPv4 header, make sure that the packet does not exceeds 1280 bytes. Issue: how to determine the session for fragments? We need the TCP/UDP header (which is not available in fragments other than the first one) Opt 1: reassembly Opt 2: keep state. Specific to the stateful case

Incoming IPv4 packet – Fragment (II) Opt 1: reassemble Fragments arrive to the translator Translator reassembles the packets Processes the packet once the full packet is reassembled. Pros: simple Cons: requires memory for storing fragments, which needs to be limited to avoid DoS attacks against the translator

Incoming IPv4 packet – Fragment (III) Opt 2: Keep state Store state that allows to translate packets containing fragments other than the first one. The state needed is the ID value. The state is learned from the packet containing the first segment. If packets that contain fragments that are not the first arrive and the ID does not match to any of the stored ID values for the src and dst addreses, then store the packets. If packets that contain fragments that are not the first arrive and the ID does match to any of the stored ID values for the src and dst addresses, then use the corresponding session to translate the packet. If packet that contain the first fragment arrive, then store the ID value in the session state and forward the packet. Pro: requires less memory to store packets Con: more complex and needs to deal with attacks like the ones defined in RFC3128 and RFC1858 So, what shall we do?

Incoming IPv6 packet – No frag Hdr Stateless draft defines: IPv4 pkt Id set to all zeros and DF set to 1. Issue #1: Some moddle boxes fragment even if DF is set to 1 Do we care about boxes that don’t follow the spec? Issue #2: blackhole Next slide

Incoming IPv6 packet – No frag Hdr Xlate sends DF=1 and ID=0 IPv6 Router that filters ICMP errors IPv6 Only Host That send only 1280B long pakts IPv4 router Link with MTU smaller than 1280 B xlate IPv4 Only Host IPv6 host sends IPv6 pakt of 1280 B Xlate sends IPv4 pkt with DF=1 and ID=0 IPv4 router with MTU<1280 discard IPv4 pkt and sends ICMP pkt too big error IPv6 router discards ICMP error Black hole!

Incoming IPv6 packet – No frag Hdr Alternative approach Set the DF=0 and use ID other than 0 At least for packets of 1280B or smaller Need to keep a counter for the ID number Simple counter per source address is enough? Question: Should the stateless and the stateful have the same behaviour? If no, which behaviour should each one have? If yes, which should be the common behaviour?

Incoming IPv6 packet – Frag Hdr Current behaviour: copy fields from the fragment header to the IPv4 header fragmentation fields Higher probabilty clash if we decide to use a non zero value for the IPv6 packets wihtout fragment header. We can split the ID space in two With MSb set- for IPv6 pkts with frag header With MSb reset- for IPv6 pkts wihtou frag header Is it worth it?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.