CPS-356- Computer Networks Class 7: Switching Continued+ Network Layer Theophilus Benson Based partly on lecture notes by Rodrigo Fonseca, David Mazières, Phil Levis, John Jannotti

Today’s Lecture Switching (Take II) Ethernet (datagram) Spanning-Tree ATM (Virtual Circuits) Network layer: Internet Protocol (v4) Forwarding Addressing Fragmentation ARP DHCP NATs

Ethernet Switching Hosts come preconfigured with IDs Each host has a MAC-address Network automatically determines routes Flood to discover who is connected.

Drawbacks of Flooding B1 B4 B3 Alice B5 Brige1 LAN 3 A B Brige4 Brige3 Bob B5

Drawbacks of Flooding B1 Bob A B3 B4 Alice LAN 2 LAN 3 LAN 4 Brige1

Drawbacks of Flooding B1 Bob A B3 B4 Alice LAN 2 LAN 3 LAN 4 Brige1

Drawbacks of Flooding B1 Bob A B3 B4 Alice LAN 2 LAN 3 LAN 4 Brige1

Drawbacks of Flooding B1 Bob A Alice B B3 Alice B B4 Alice A Alice LAN 2 LAN 3 LAN 4 Brige1 Brige5 Brige3 Brige4 A B Bob B5 Bob A

Drawbacks of Flooding B1 Bob A Alice B B3 Alice B Bob A B4 Alice A Bob LAN 2 LAN 3 LAN 4 Brige1 Brige5 Brige3 Brige4 A B Bob B5 Bob A

Drawbacks of Flooding Can not deal with loops Can not scale to a large number of devices.

Drawbacks of Flooding Can not deal with loops Solution: Spanning Tree Can not scale to a large number of devices. Solution: VLANs

Drawbacks of Flooding B1 Bob A Alice B B3 Alice B Bob A B4 Alice A Bob LAN 2 LAN 3 LAN 4 Brige1 Brige5 Brige3 Brige4 A B Bob B5 Bob A

Drawbacks of Flooding B1 Bob A Alice B B3 Alice B Bob A B4 Alice A Bob LAN 2 LAN 3 LAN 4 Brige1 Brige5 Brige3 Brige4 A B Bob B5 Bob A

Drawbacks of Flooding B1 Bob A Alice B B3 Alice B Bob A B4 Alice A Bob LAN 2 LAN 3 LAN 4 Brige1 Brige5 Brige3 Brige4 A B Bob B5 Bob A

Drawbacks of Flooding B1 Bob A Alice B B3 Alice B Bob A B4 Alice A Bob LAN 2 LAN 3 LAN 4 Brige1 Brige5 Brige3 Brige4 A B Bob B5 Bob A

Drawbacks of Flooding Can not deal with loops Solution: Spanning Tree Can not scale to a large number of devices. Solution: VLANs

Spanning-Tree Exchange BPDU messages BPDU = Bridge Protocol Data Unit Discover a routing topology free of loop Eliminates redundancy: wastes extra links root ID cost bridge ID port ID root bridge (what the sender thinks it is) root path cost for sending bridge Identifies sending bridge Identifies the sending port

Building a Spanning Tree: Time 0: Everyone thinks they are ‘root’ B3 think B3 is Root B3 B1 think B1 is Root B1 B4 think B4 is Root B4 Alice LAN 2 LAN 3 LAN 4 Brige1 Brige5 Brige3 Brige4 A B Bob B5 think B5 is Root B5

Building a Spanning Tree: Time 1: Everyone heard from B1 Building a Spanning Tree: Time 1: Everyone heard from B1. B1 has a lower bridge B1 .. Must be root B3 think B1 is Root B3 B1 think B1 is Root B1 B4 think B1 is Root B4 Alice LAN 2 LAN 3 LAN 4 Brige1 Brige5 Brige3 Brige4 A B R R R Bob B5 think B1 is Root B5

Building a Spanning Tree: Time 2: Tell each other B1 is root B3 think B1 is Root B3 1 B B1 think B1 is Root B1 1 B4 think B1 is Root B4 1 A Alice Brige1 LAN 3 A B Brige4 Brige3 R R A LAN 2 B B R A Bob B A Brige5 LAN 4 B5 think B1 is Root B5 1 A

Building a Spanning Tree: Time 3: Discover Duplication Turn off ports. B3 think B1 is Root B3 B1 1 B B1 think B1 is Root B1 1 B4 think B1 is Root B4 B1 1 A Alice Brige1 LAN 3 A B Brige4 Brige3 R R A LAN 2 B D B R A Bob B A Brige5 LAN 4 B5 think B1 is Root B5 B1 1 A Professors

The Spanning Tree Brige1 Brige5 Brige3 Brige4 B

The Spanning Tree Brige1 Port Type Rules R Accept & forward flood traffic. Don’t forward BDPU D Accept & Forward flood traffic. Forward BDPU D D LAN 3 Bob LAN 2 R R Brige4 Brige3 Brige5 R B B D TWO WASTED LINKS IN THIS TOPOLOGY LAN 4 Alice Sent packets Packets not sent

Drawbacks of Flooding Can not deal with loops Solution: Spanning Tree Can not scale to a large number of devices. Solution: VLANs

Virtual LANs Assign switch ports to a VLAN ID (color) Alice Brige1 LAN 3 A B Brige4 Brige3 A LAN 2 B B A Bob B A Brige5 LAN 4 Assign switch ports to a VLAN ID (color) Isolate traffic: only same color Trunk links may belong to multiple VLANs Encapsulate packets: add 12-bit VLAN ID Easy to change, no need to rewire

Virtual LANs Assign switch ports to a VLAN ID (color) Alice Brige1 LAN 3 A B Brige4 Brige3 A LAN 2 B B A Bob B A Brige5 LAN 4 Assign switch ports to a VLAN ID (color) Isolate traffic: only same color Trunk links may belong to multiple VLANs Encapsulate packets: add 12-bit VLAN ID Easy to change, no need to rewire

Virtual LANs Assign switch ports to a VLAN ID (color) Alice Brige1 LAN 3 A B Brige4 Brige3 A LAN 2 B B A Bob B A Brige5 LAN 4 Assign switch ports to a VLAN ID (color) Isolate traffic: only same color Trunk links may belong to multiple VLANs Encapsulate packets: add 12-bit VLAN ID Easy to change, no need to rewire

Other Uses for VLANs (Virtual LANs) Finance: 1 Brige1 LAN 3 A B Brige4 Brige3 A LAN 2 B B A B Finance: 1 A Professors Brige5 LAN 4 Company network, A and B departments May not want traffic between the two departments Topology has to mirror physical locations What if employees move between offices?

What Do Switches Look Like?

Generic Switch Architecture Goal: deliver packets from input to output ports Potential performance concerns: Throughput in bytes/second Throughput in packets/second Latency Different if packets are variable size

Shared Memory Switch 1st Generation – like a regular PC NIC DMAs packet to memory over I/O bus CPU examines header, sends to destination NIC I/O bus is serious bottleneck For small packets, CPU may be limited too Typically < 0.5 Gbps

Shared Bus Switch 2st Generation NIC has own processor, cache of forwarding table Shared bus, doesn’t have to go to main memory Typically limited to bus bandwidth (Cisco 5600 has a 32Gbps bus)

Point to Point Switch 3rd Generation: overcomes single-bus bottleneck Example: Cross-bar switch Any input-output permutation Multiple inputs to same output requires trickery Cisco 12000 series: 60Gbps Layer 3 routers are similar

Cut through vs. Store and Forward Two approaches to forwarding a packet Receive a full packet, then send to output port Start retransmitting as soon as you know output port, before full packet Cut-through routing can greatly decrease latency Disadvantage Can waste transmission (classic optimistic approach) CRC may be bad If Ethernet collision, may have to send runt packet on output link

Cut through Store and forward

Buffering Buffering of packets can happen at input ports, fabric, and/or output ports Queuing discipline is very important Consider FIFO + input port buffering Only one packet per output port at any time If multiple packets arrive for port 2, they may block packets to other ports that are free Head-of-line blocking: can limit throughput to ~ 58% under some reasonable conditions* Also allows QoS, Fairness, Prioritization For independent and uniform traffic 2 Port 1 1 2 Port 2 * For independent, uniform traffic, with same-size frames

Head-of-Line Blocking 2 1 Port 1 Port 2 Solution: Virtual Output Queueing Each input port has n FIFO queues, one for each output Switch using matching in a bipartite graph Shown to achieve 100% throughput* *MCKEOWN et al.: ACHIEVING 100% THROUGHPUT IN AN INPUT-QUEUED SWITCH, 1999

Today’s Lecture Switching (Take II) Ethernet (datagram) Spanning-Tree ATM (Virtual Circuits) Network layer: Internet Protocol (v4) Forwarding Addressing Fragmentation ARP DHCP NATs

ATM Cells Fixed-size packets If payload smaller than 48B, uses padding 5 bytes header 48 bytes payload If payload smaller than 48B, uses padding If greater than 48B, breaks it

Why small, fixed-length packets? Cons: maximum efficiency 48/53=90.6% Pros: Suitable for high-speed hardware implementation Many switching elements doing the same thing in parallel Reducing priority packet latency Good for QoS Reducing transmission latency

Reduce queuing latency Reducing preemption latency Transmission + propagation + queuing Reducing preemption latency

Why 48 bytes It’s from the telephone technology Thought data would be mostly voice A compromise US: 64 bytes Europe: 32 bytes 64+32 = 48 bytes

Virtual paths 24-bit virtual circuit identifiers (VCIs) Discussed in our previous lecture Two-levels of VCIs 8-bit virtual path, 16-bit VCI Virtual paths shared by multiple connections

Today’s Lecture Switching (Take II) Ethernet (datagram) Spanning-Tree ATM (Virtual Circuits) Network layer: Internet Protocol (v4) Forwarding Addressing Fragmentation ARP DHCP NATs

Internet Protocol Goal How to connect everybody? New global network or connect existing networks? Glue lower-level networks together: allow packets to be sent between any pair or hosts Wasn’t this the goal of switching? Le Theo Net (ATM) Le Duke Net (Token Ring)

Internetworking Challenges Heterogeneity Different addresses Different service models Different allowable packet sizes Scaling Congestion control

How would you design such a protocol? Circuits or packets (datagram)? Predictability Service model Reliability, timing, bandwidth guarantees Any-to-any Finding nodes: naming, routing Maintenance (join, leave, add/remove links,…) Forwarding: message formats

How would you design such a protocol? Circuits or packets (datagram)? Predictability Service model Reliability, timing, bandwidth guarantees Any-to-any Finding nodes: naming, routing Maintenance (join, leave, add/remove links,…) Forwarding: message formats What happens when people join/leave What should the format of a message be?

IP’s Decisions Packet switched Service model Any-to-any Unpredictability, statistical multiplexing Service model Lowest common denominator: best effort, connectionless datagram Any-to-any Common message format Separated routing from forwarding Naming: uniform addresses, hierarchical organization Routing: hierarchical, prefix-based (longest prefix matching) Maintenance: delegated, hierarchical

A Bit of History Packet switched networks: Arpanet’s IMPs Late 1960’s RFC 1, 1969! Segmentation, framing, routing, reliability, reassembly, primitive flow control Network Control Program (NCP) Provided connections, flow control Assumed reliable network: IMPs Used by programs like telnet, mail, file transfer Wanted to connect multiple networks Not all reliable, different formats, etc… Interface Message Processors

TCP/IP Introduced Vint Cerf, Robert Kahn Replace NCP Initial design: single protocol providing a unified reliable pipe Could support any application Different requirements soon emerged, and the two were separated IP: basic datagram service among hosts TCP: reliable transport UDP: unreliable multiplexed datagram service

An excellent read David D. Clark, “The design Philosophy of the DARPA Internet Protocols”, 1988 Primary goal: multiplexed utilization of existing interconnected networks Other goals (works and works): Communication continues despite loss of networks or gateways Support a variety of communication services Accommodate a variety of networks Permit distributed management of its resources Be cost effective Low effort for host attachment Resources must be accountable In order. Missing: security

Still An excellent read David D. Clark, “The design Philosophy of the DARPA Internet Protocols”, 1988 Primary goal: multiplexed utilization of existing interconnected networks None-Other goals (other real world issues): Security Privacy Flow money In order. Missing: security

Internet Protocol IP Protocol running on all hosts and routers Routers are present in all networks they join Uniform addressing Forwarding/Fragmentation Complementary: Routing, Error Reporting, Address Translation Routing Switch (diff framing)

IP Protocol Provides addressing and forwarding Addressing is a set of conventions for naming nodes in an IP network e.g. your name: Theo Forwarding is a local action by a router: passing a packet from input to output port e.g. how to get to theo IP forwarding finds output port based on destination address (based on mapping) Also defines certain conventions on how to handle packets (e.g., fragmentation, time to live) Contrast with routing (defines mapping) Routing is the process of determining how to map packets to output ports (topic of next two lectures)

Service Model Connectionless (datagram-based) Best-effort delivery (unreliable service) packets may be lost packets may be delivered out of order duplicate copies of packets may be delivered packets may be delayed for a long time It’s the lowest common denominator A network that delivers no packets fits the bill! All these can be dealt with above IP (if probability of delivery is non-zero…)

Format of IP addresses Globally unique (or made seem that way) 32-bit integers, read in groups of 8-bits: 128.148.32.110 Hierarchical: network + host Originally, routing prefix embedded in address Class A (8-bit prefix), B (16-bit), C (24-bit) Routers need only know route for each network

128.*.*.*.. Class A 128.62.*.* .. Class B 128.12.*.* .. Class B 128.62.*.* 128.12.*.*

Forwarding Tables Exploit hierarchical structure of addresses: need to know how to reach networks, not hosts Keyed by network portion, not entire address Next address should be local: router knows how to reach it directly* (we’ll see how soon) Network Next Address 212.31.32.* 0.0.0.0 18.*.*.* 212.31.32.5 128.148.*.* 212.31.32.4 Default 212.31.32.1

Classed Addresses Hierarchical: network + host Saves memory in backbone routers (no default routes) Originally, routing prefix embedded in address Routers in same network must share network part Inefficient use of address space Class C with 2 hosts (2/255 = 0.78% efficient) Class B with 256 hosts (256/65535 = 0.39% efficient) Shortage of IP addresses Makes address authorities reluctant to give out class B’s Still too many networks Routing tables do not scale Routing protocols do not scale

Subnetting Add another level to address/routing hierarchy Subnet mask defines variable portion of host part Subnets visible only within site Better use of address space Much better efficiency: can break large networks without increasing global routing table size

Scaling: Supernetting Problem: routing table growth Idea: assign blocks of contiguous networks to nearby networks Called CIDR: Classless Inter-Domain Routing Represent blocks with a single pair (first network address, count) Restrict block sizes to powers of 2 Use a bit mask (CIDR mask) to identify block size Address aggregation: reduce routing tables

CIDR Forwarding Table Network Next Address 212.31.32/24 0.0.0.0 18/8 212.31.32.5 128.148/16 212.31.32.4 128.148.128/17 212.31.32.8 0/0 212.31.32.1

Example H1-> H2: H2.ip & H1.mask != H1.subnet => no direct path 128.96.34.139 = 10000000 01100000 00100010 10001011 Mask: 11111111 11111111 11111111 10000000 H1-> H2: H2.ip & H1.mask != H1.subnet => no direct path

R1’s Forwarding Table Network Subnet Mask Next Address 128.96.34.0 255.255.255.128 128.96.34.1 128.96.34.128 128.96.34.130 128.96.33.0 255.255.255.0 128.96.34.129

IP v4 packet format

IP header details Forwarding based on destination address TTL (time-to-live) decremented at each hop Originally was in seconds (no longer) Mostly prevents forwarding loops Other cool uses… Fragmentation possible for large packets Fragmented in network if crossing link w/ small frame MF: more fragments for this IP packet DF: don’t fragment (returns error to sender) Following IP header is “payload” data Typically beginning with TCP or UDP header

Other fields Version: 4 (IPv4) for most packets, there’s also 6 Header length: in 32-bit units (>5 implies options) Type of service (won’t go into this) Protocol identifier (TCP: 6, UDP: 17, ICMP: 1, …) Checksum over the header

Fragmentation & Reassembly Each network has maximum transmission unit (MTU) Strategy Fragment when necessary (MTU < size of datagram) Source tries to avoid fragmentation (why?) Re-fragmentation is possible Fragments are self-contained datagrams Delay reassembly until destination host No recovery of lost fragments Fragmentation: loss of one fragment implies all fragments discarded Delay of entire packet is worst case delay over all fragments

Fragmentation Example Ethernet MTU is 1,500 bytes PPP MTU is 576 bytes R2 must fragment IP packets to forward them

Fragmentation Example (cont) IP addresses plus ident field identify fragments of same packet MF (more fragments bit) is 1 in all but last fragment Fragment offset multiple of 8 bytes Multiply offset by 8 for fragment position original packet

Today’s Lecture Switching (Take II) Ethernet (datagram) Spanning-Tree ATM (Virtual Circuits) Network layer: Internet Protocol (v4) Forwarding Addressing Fragmentation ARP DHCP NATs

Translating IP to lower level addresses or… How to reach these local addresses? Map IP addresses into physical addresses E.g., Ethernet address of destination host or Ethernet address of next hop router Techniques Encode physical address in host part of IP address (IPv6) Each network node maintains lookup table (IP->phys)

ARP – address resolution protocol Dynamically builds table of IP to physical address bindings for a local network Broadcast request if IP address not in table All learn IP address of requesting node (broadcast) Target machine responds with its physical address Table entries are discarded if not refreshed

ARP Ethernet frame format Why include source hardware address?

Obtaining Host IP Addresses - DHCP Networks are free to assign addresses within block to hosts Tedious and error-prone: e.g., laptop going from CIT to library to coffee shop Solution: Dynamic Host Configuration Protocol Client: DHCP Discover to 255.255.255.255 (broadcast) Server(s): DHCP Offer to 255.255.255.255 (why broadcast?) Client: choose offer, DHCP Request (broadcast, why?) Server: DHCP ACK (again broadcast) Result: address, gateway, netmask, DNS server

Obtaining IP Addresses Blocks of IP addresses allocated hierarchically ISP obtains an address block, may subdivide ISP: 128.35.16/20 10000000 00100011 00010000 00000000 Client 1: 128.35.16/22 10000000 00100011 00010000 00000000 Client 2: 128.35.20/22 10000000 00100011 00010100 00000000 Client 3: 128.35.24/21 10000000 00100011 00011000 00000000 Global allocation: ICANN, /8’s (ran out!) Regional registries: ARIN, RIPE, APNIC, LACNIC, AFRINIC

Network Address Translation (NAT) Despite CIDR, it’s still difficult to allocate addresses (232 is only 4 billion) We’ll talk about IPv6 later NAT “hides” entire network behind one address Hosts are given private addresses Routers map outgoing packets to a free address/port Router reverse maps incoming packets Problems? Incoming flows Shared ports Breaks assumptions

Internet Control Message Protocol (ICMP) Echo (ping) Redirect Destination unreachable (protocol, port, or host) TTL exceeded Checksum failed Reassembly failed Can’t fragment Many ICMP messages include part of packet that triggered them See http://www.iana.org/assignments/icmp-parameters

ICMP message format

Example: Time Exceeded Code usually 0 (TTL exceeded in transit) Discussion: traceroute

Example: Can’t Fragment Sent if DF=1 and packet length > MTU What can you use this for? Path MTU Discovery Can do binary search on packet sizes But better: base algorithm on most common MTUs Path MTU discovery