Addressing Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm
What is Addressing? Providing suitable identifiers to nodes –So you can direct data to a node –So you know which node sent the data –… and how to send data back to that node Addressing in the U.S. mail –Zip code: –Street: Olden Street –Building on street: 35 –Room in building: 306 –Name of occupant: Jennifer Rexford ???
Phone Numbers Hierarchical –Country code (1) –Area code (609) –Local exchange (258) –Subscriber number (5182) Some exceptions –800: indirection service (free for the caller) –900: indirection service (billed to the caller) –Cell phone numbers, where the node is mobile –... blurring distinction between name and address
Overview of Today’s Class Two widely-used addressing schemes –Medium Access Control (MAC) addresses –Internet Protocol (IP) addresses Key concepts in addressing –Number of unique addresses –Allocating addresses to nodes –Flat vs. hierarchical structure –Persistent vs. temporary identifiers –Handling diminishing address space –Spoofing of source addresses Discussion of Clark88 and Saltzer81 papers
Some Questions Could every host on the Internet have an arbitrary, unique numerical address? –Would it scale? Is hierarchy necessary to make it scale? –Tying the addressing to the topology & routing? What about mobile hosts? Who should allocate the addresses? –Network provider? Device manufacturer? Does the sender of the traffic need to authenticate itself? The destination? –What about spoofing and impersonation?
Comparing MAC and IP Addresses MACIP AssignmentHard-coded in the adaptor Configured or learned Size48 bits32 bits (in v4) StructureFlatHierarchical PortabilityConstant over life of the adapter Changes with time and location PurposeDelivery within a single network Delivery across an inter-network E.g., social security number vs. postal address
MAC Addresses
Flat name space of 48 bits –Typically written in six octets in hex –E.g., C A9 for my Ethernet Organizationally unique identifier –Assigned by IEEE Registration Authority –Determines the first 24 bits of the address –E.g., C5 corresponds to “Dell Inc” Remainder of the MAC address –Allocated by the manufacturer –E.g., A9 for my Ethernet card
Scalability Challenges MAC addresses are flat –Multiple hosts on the same network –No relationship between MAC addresses Data plane –Forwarding based on MAC address –Table size? Look-up overhead? Control plane –Determining where the host is located –Keeping the information up-to-date
Forwarding Frames to Destination Adapter Shared media –Forward all frames on the shared media –Adapter grabs frames with matching dest address Multi-hop switched networks –Flood every frame over every link? –Learn where the MAC address is located? host... host
When to Learn? When the adapter connects to the network? –Requires adaptor to register its presence –Overhead even when not sending/receiving –Leading to control messages and large tables When the adapter sends a frame? –Source MAC address is in the frame –Allows switch to learn about the adapter When the adapter needs to receive a frame? –Destination MAC address is in the frame –Switch needs to figure out how to get there
Motivation For Self Learning Switches forward frames selectively –Forward frames only on segments that need them Switch table –Maps dest MAC address to outgoing interface –Goal: construct the switch table automatically switch A B C D
Self Learning: Building the Table When a frame arrives –Inspect the source MAC address –Associate the address with the incoming interface –Store the mapping in the switch table –Use a TTL field to eventually forget the mapping A B C D Switch learns how to reach A.
Self Learning: Handling Misses When frame arrives with unfamiliar dest –Forward the frame out all of the interfaces –… except for the one where the frame arrived –Hopefully, this case won’t happen very often A B C D Switch floods frame that is destined to C.
Switch Filtering/Forwarding When switch receives a frame: index switch table using MAC dest address if entry found for destination then { if dest on segment from which frame arrived then drop the frame else forward the frame on interface indicated } else flood forward on all but the interface on which the frame arrived
MAC Addresses Disadvantages –Large forwarding tables in the data plane –Flooding overhead to learn location information –Lack of privacy Advantages –Persistent identifier (well, except for spoofing) –Mobile hosts are easy to handle –Forwarding-table look-up is a simple match
COS 461: Internet Control Protocols (#8) Dynamic Host Configuration Protocol (DHCP) –End host learns how to send packets –Learn IP address, DNS servers, and gateway Address Resolution Protocol (ARP) –Others learn how to send packets to the end host –Learn mapping between IP and MAC addresses host DNS... host DNS... router / / ??? router
COS 461: Hubs and Switches (#10) Different devices switch different things –Physical layer: electrical signals (repeaters, hubs) –Link layer: frames (bridges, switches) –Network layer: packets (routers) Key ideas in switches –Self learning of the switch table –Cut-through switching –Spanning trees Virtual LANs (VLANs) Frame header Packet header TCP header User data Application gateway Transport gateway Router Bridge, switch Repeater, hub
IP Addresses
IP Addressing: Scalability Through Hierarchy Hierarchy through IP prefixes –Routing between networks –Allocation of address blocks Non-uniform hierarchy –More efficient address allocation –More complex packet forwarding Dealing with limited address space –Larger address space (IPv6 with 128 bits) –Sharing a small set of addresses (NAT) –Dynamic assignment of addresses (DHCP)
Grouping Related Hosts The Internet is an “inter-network” –Used to connect networks together, not hosts –Needs a way to address a group of hosts host LAN 1... host LAN 2... router WAN LAN = Local Area Network WAN = Wide Area Network
Scalability Challenge Suppose hosts had arbitrary IP addresses –Then every router would need a lot of information –…to know how to direct packets toward the host host LAN 1... host LAN 2... router WAN forwarding table
Hierarchy Through Prefixes Divided into network and host portions /24 is 24-bit prefix (2 8 addresses) Network (24 bits)Host (8 bits)
Example IP Address and Subnet Mask Address Mask
Scalability Improved Number related hosts from a common subnet – /24 on the left LAN – /24 on the right LAN host LAN 1... host LAN 2... router WAN / /24 forwarding table
Easy to Add New Hosts No need to update the routers –E.g., adding a new host on the right –Doesn’t require adding a new forwarding entry host LAN 1... host LAN 2... router WAN / /24 forwarding table host
Classful Addressing (and Dotted Quad Notation) In the olden days… –Class A: 0* Very large /8 blocks (e.g., MIT has /8) –Class B: 10* Large /16 blocks (e.g,. Princeton has /16) –Class C: 110* Small /24 blocks (e.g., AT&T Labs has /24) –Class D: 1110* Multicast groups –Class E: 11110* Reserved for future use (sounds a bit scary…) And then, address space became scarce…
Classless Inter-Domain Routing (CIDR) IP Address : IP Mask: Address Mask for hostsNetwork Prefix Use two 32-bit numbers to represent a network. Network number = IP address + Mask Usually written as /15
CIDR = Hierarchy in Address Allocation / / / / / /16 :::::: / / /24 :::: / / / / / / / /19 :::::: Prefixes are key to Internet scalability –Routing protocols and packet forwarding based on prefixes –Today, routing tables contain ~150, ,000 prefixes
Obtaining a Block of Addresses Separation of control –Prefix: assigned to an institution –Addresses: assigned to nodes by the institution Who assigns prefixes? –Internet Corp. for Assigned Names and Numbers Allocates large blocks to Regional Internet Registries –Regional Internet Registries (RIRs) E.g., ARIN (American Registry for Internet Numbers) Allocated to ISPs and large institutions in a region –Internet Service Providers (ISPs) Allocate address blocks to their customers Who may, in turn, allocate to their customers…
whois –h whois.arin.net OrgName: Princeton University OrgID: PRNU Address: Office of Information Technology Address: 87 Prospect Avenue City: Princeton StateProv: NJ PostalCode: Country: US NetRange: CIDR: /16 NetName: PRINCETON NetHandle: NET Parent: NET NetType: Direct Allocation RegDate:
Longest Prefix Match Forwarding Forwarding tables in IP routers –Maps each IP prefix to next-hop link(s) Destination-based forwarding –Packet has a destination address –Router identifies longest-matching prefix –Pushing complexity into forwarding decisions / / / / / destination forwarding table Serial0/0.1 outgoing link
Are 32-bit Addresses Enough? Not all that many unique addresses –2 32 = 4,294,967,296 (just over four billion) –Plus, some are reserved for special purposes –And, addresses are allocated in larger blocks And, many devices need IP addresses –Computers, PDAs, routers, tanks, toasters, … Long-term solution: a larger address space –IPv6 has 128-bit addresses (2 128 = × )
Short-Term Solutions: Limping Along Network Address Translation (COS 461 lecture #9) –Allowing multiple hosts to share an IP address –IP addresses not unique and not end-to-end NAT inside outside
Short-Term Solutions: Limping Along Dynamic Host Configuration Protocol (lecture #8) –Share a pool of addresses among many hosts –Dynamically assign an IP address upon request arriving client DHCP server DHCP discover (broadcast) DHCP offer DHCP request DHCP ACK (broadcast)
Growth in the Number of IP Prefixes CIDR pre-CIDR Internet boom Internet bust recovery?
Continued Growth in the Number of Prefixes Since 2005 –Now up to 250, ,000 prefixes Increased concern about scalability –Data plane: longest-prefix match lookup times –Control plane: memory and messages for routing protocols – Exploration of architectural alternatives –Avoid routers needing to know all prefixes –Routing on ASes, using tunnels, caching, etc.
Design Philosophy of the DARPA Internet Protocols David Clark Proc. ACM SIGCOMM, 1988
Fundamental Goal Effective technique for multiplexed utilization of existing interconnected networks Concrete objective: connect the ARPAnet and the ARPA packet radio network Must grapple with –Diverse technologies, including legacy networks –Separate administrative control
Second-Level Goals Main goals –Survivability in the face of failure –Multiple types of communication service –Wide variety of network technologies Other goals –Distributed management of resources –Cost effectiveness –Host attachment with low level of effort –Accountability of resources
Design Consequences of the Goals Effective multiplexed utilization of existing networks –Packet switching, not circuit switching Continued communication despite network failures –Routers don’t store state about ongoing transfers –End hosts provide key communication services Support for multiple types of communication service –Multiple transport protocols (e.g., TCP and UDP) Accommodation of a variety of different networks –Simple, best-effort packet delivery service –Packets may be lost, corrupted, or delivered out of order Distributed management of network resources –Multiple institutions managing the network –Intradomain and interdomain routing protocols
Different Goals, Different Outcomes What about the unique needs of: –Network operators for commercial carriers –Secure, mission-critical networks (e.g., military) Different goals, and different priorities –How would the goals differ? –How would the priorities differ? Different outcomes –What design decisions would change?
Mismatch With Network Operators Accountability of network resources –But, routers don’t maintain state about transfers –But, measurement isn’t part of the infrastructure Reliability/predictability of services –But, IP doesn’t provide performance guarantees –But, equipment is not very reliable (no “five-9s”) Fine-grain control over the network –But, routers don’t do fine-grain resource allocation –But, network self-configures after failures End-to-end control over communication –But, end hosts adapt to congestion –But, traffic may traverse multiple domains
Mismatch With Security The Internet must support multiplexed utilization of existing interconnected networks –Doesn’t consider the need to balance trade-offs between interconnectivity and security –Required security mechanisms are driven by the limitations of the least capable legacy network Internet communication must continue despite loss of networks or gateways –Oversimplifies the nature of modern threats by not including cyberattacks, signals intelligence, …
Mismatch With Security The Internet must support multiple types of communications service –Mission-specific secure networks are not an appropriate arena for experimentation/innovation –Lack of separation between user applications and network services needlessly exposes essential services to easy attack by users The Internet architecture must accommodate a variety of networks –Cross-domain security solutions are particularly difficult to design
Mismatch With Security The Internet architecture must permit distributed management of its resources –Existing distributed management is largely based on assumptions of trust, allowing a single inept or malicious user or administrator to create chaos –Protocols do not have ways to limit damage from errors or malicious users –Defensive systems are layered upon protocols at additional cost and complexity, instead of being jointly designed with those protocols –Configuration complexity and human error are the largest source of vulnerability in many networks
Mismatch With Security Internet architecture must be cost effective –To the extent that economic considerations may be a root cause of poor security, a criterion concerning the cost of network defense should perhaps have a higher priority Internet architecture must permit host attachment with a low level of effort –It is unclear what minimum requirements must be imposed on end systems in a secure network Resources used must be accountable –Authentication and accountability are central to availability, integrity, and confidentiality
Trade-Offs in Goals Is it possible to address these problems –Decentralized management of the Internet –Diverse layer-2 technologies like wireless –Naïve, selfish, or malicious hosts Without sacrificing the other goals? Without a major change to the architecture?