Internet Networking Spring 2003 Tutorial 2 IP Checksum, Fragmentation, DHCP Relay
IP Header Diagram
IP Checksum Checksum field in IP header serves to ensure integrity of IP header values Checksum applies only to values in the IP header and not to the data of a packet Advantages (of separation) Reduce processing time at routers Allows higher level protocols to choose their own checksum scheme for the data Disadvantages No checking of data integrity, higher level protocols should implement it by themselves
Algorithm for Counting Checksum (RFC 1071) Adjacent octets to be checksummed are paired to form 16-bit integers, and the 1's complement sum of these 16-bit integers is formed. The checksum field is cleared, the 16-bit 1's complement sum is computed over the octets concerned, and the 1's complement of this sum is placed in the checksum field.
Algorithm for Checking Checksum (RFC 1071) To verify a checksum, the 1's complement sum is computed over the same set of octets, including the checksum field. If the result is all 1 bits, the check succeeds.
Checksum - Example
Checksum - Incremental Update Updating part of the IP header data doesn’t require recomputing the entire Checksum field. (For example: when a router changing the TTL field.) The technique for speed up checksum recomputing in this case called - incremental checksum update (RFC 1071 and corrections in RFC 1141).
Checksum - Incremental Update C - Old Sum, m - Old Data C’ - New Sum, m’ - New Data C’ = C + (-m) + m’ = C + ( m’ – m) For counting the 1's complement of the checksum ~C: ~C' = ~(C + (-m) + m') = ~C + (m - m') = ~C + m + ~m'
Incremental Update - Example Subtracting 1 from TTL field (common case) ~C’ = ~C + (m - m’) = ~C + 0100H (TTL byte is higher byte of integer) If ~C=220dH then ~C’ = 220dH + 0100H = 230dH
IP Fragmentation When a packet sent on the Internet from one point to another it can traverse in its way through different physical networks. We prefer to put the entire IP datagram into one physical frame, but in each technology there is a limit for maximal number of bytes that could be sent in one physical frame. This limit called MTU – Maximal Transfer Unit (for example: in Ethernet MTU is 1500 bytes).
IP Fragmentation When a fragmentation is done? Example: Host A B Net 3 MTU=1500 R1 R2 Net 2 MTU=620 Net 1 MTU=1500
IP Fragmentation IP layer automatically performs fragmentation of a datagram when its too large to be sent on physical network. Reassembling of a datagram performed at the final destination (making it transparent for TCP/UDP layer). A datagram could be fragmented more than one time. There is enough information in IP header to enable reassembling of the datagram.
Fragmentation Control Three fields in the datagram IP header controls fragmentation and reassembly of datagrams: IDENTIFICATION FLAGS FRAGMENT OFFSET
Identification field Unique integer that identifies the datagram When a router fragments a datagram it copies most of the datagram header fields into each fragment. IDENTIFICATION field should be copied It’s primary purpose is to allow the destination to know which arriving packets belongs to which datagram Computers sending IP datagrams must generate a unique Identification value for each datagram Implemented by counter, which increments by one
Fragment Offset field Specifies the offset of the data in a fragment comparing to the original datagram Measured in units of 8 bytes, starting at offset 0 The reason: field size is 13 bits and needs to map a field of 16 bits (ID datagram total length field) Fragments don’t necessarily arrive in order The destination should wait for arriving of all fragments to assembly the packet It limits waiting by Reassemble timer.
Flags field Do not Fragment Bit More Fragments Bit If set to 1 than a datagram shouldn’t be fragmented Can be used, for example, when the receiver doesn’t know how to reassembly packets If fragmentation required, but this bit is set than the packet is discarded and ICMP error is returned More Fragments Bit If there are more fragments or this is the last It has value 1 for all fragments except the last Required to reassembly a packet (why?)
Fragmentation - Example Datagram header Data1 600 octets Data2 Data3 200 octets Fragment 1 offset = 0 Fragment 2 offset = 75 Fragment 3 offset = 150 b a
Fragmentation One of the fragmentation structure advantages is the possibility of additional fragmentation (recursion). Using fragment offset instead of fragment number Fragmentation is not desirable There is no way to resend specific fragment Fragment loss causes entire datagram retransmission Operating systems run Path MTU Discovery protocol (RFC 1191). The protocol uses Don’t Fragment bit and ICMP error messages to discover the MTU of the path.
Router DHCP Relay Agent DHCP server H2 Router DHCP Relay Agent Internet H3 DHCP Relay Agent forwards the DHCP messages to the DHCP server
DHCP Relay Reasons for DHCP Relay Scaling Security The new Relay Agent Information option is inserted by the DHCP relay agent when forwarding client-originated DHCP packets to a DHCP server. Servers recognizing the Relay Agent Information option may use the information to implement IP address or other parameter assignment policies. The DHCP Server echoes the option back verbatim to the relay agent in server-to-client replies, and the relay agent strips the option before forwarding the reply to the client.