Classless and Subnet Address Extensions (CIDR) Chapter 9

32-bit addresses are carefully assigned Chapter 4 Discussed original Internet addressing scheme This chapter See 4 extensions to conserve network prefixes REVIEW 32-bit addresses are carefully assigned All hosts on given physical network share a common prefix Remainder of the address is the host portion Chief advantage: keeps routing tables small Router keeps one entry per network

Original scheme divided by network size Class A: 8-bit network, 24-bit host Class B: 16-bit network, 16-bit host Class C: 24-bit network, 8-bit host Need to understand: Individual sites may modify addresses & routes Modifications must be invisible to the outside Hosts & routers at the site agree on addressing Other sites can treat addresses as a normal netid and hostid combination

Minimizing Network Numbers Weakness in original scheme: growth Internet size doubling every 9-15 months Large admin overhead to manage addresses Large routing tables High load on Internet to exchange router information Eventual exhaustion of the address space Particularly Class B

How to minimize within the scheme? Look at three ways Unnumbered point-to-point Proxy ARP Subnet addressing Extend subnet ideas to network prefixes Classless addressing Footnote: was predicted that IPv4 space would be exhausted by 2000; now appears that with careful allocation and this chapter’s techniques, it will last until around 2019

Proxy ARP (1) Technique has various names Proxy ARP; promiscuous ARP; the ARP hack Used to map a single IP network prefix into two physical addresses Only applies to networks that use ARP to bind IP addresses to physical addresses

R knows which hosts are on which network Uses ARP to maintain illusion that only one network exists Intercepts ARP requests from one network to the other Gives its own physical address Gets datagram Uses special routing table to route the datagram Main Network Router running proxy ARP H1 H2 H3 R H4 H5 Hidden Network

Routers running proxy ARP lie Take advantage of trust in ARP protocol Mappings are usually installed: Without checking their validity Without maintaining consistency So, ARP table can map several IP addresses to the same physical address Some ARP implementations tell Complain about possible security violations Spoofing: one machine claims to be another Cannot use on networks with proxy ARP routers

Advantage of proxy ARP: Can be added to a single router without disturbing the other routing tables on the net Disadvantages: Only works on networks that use ARP address resolution Does not generalize to more complex networks Does not support reasonable form of routing Managers must maintain tables of machines and addresses manually

Subnet Addressing (2) Most common of the 3 address extension techniques Is a required part of IP addressing General idea: Site has single IP network address Actually has two or more physical networks Only local routers know this To other routers: single physical network

Example of Class B network using subnetting Third octet distinguishes between the two networks Fourth octet distinguishes between hosts 128.10.1.1 128.10.1.2 H1 H2 Rest of the Internet R Network 128.10.2.0 all traffic to 128.10.0.0 128.10.2.1 128.10.2.2 H3 H4

IP address now divided into: Network portion Remains the same as for networks not subnetting Local portion Interpretation left up to the site Identifies the physical network and host at the site

Result is hierarchical addressing Top routing hierarchy uses first two octets Next level (local) uses an additional octet Lowest level uses the whole address Advantage of hierarchical addressing: Accommodates large growth Disadvantage: Choosing hierarchical structure is difficult Hierarchy hard to change once established

Flexibility in subnet addressing TCP/IP standard allows flexibility Don’t have to divide local portion into two even parts for physical net and host Can partition in any desired fashion Defines number of subnets Defines hosts per subnet

Possible fixed-length subnets for Class B Subnet Bits Number of Subnets Hosts per Subnet 1 65534 2 16382 3 6 8190 4 14 4094 5 30 2046 62 1022 7 126 510 8 254 9 10 11 12 13 * Avoids all 0s and all 1s subnet and host addresses

Variable-length subnets Choosing a partition chooses a subnet scheme Most sites use fixed-length But, some sites need more internal flexibility May select a subnet partition on a per-network basis Partitions do not vary over time; only between networks All hosts and routers attached must honor the scheme Too many disadvantages; we will not consider

Implementing subnets with masks 32-bit mask is used to specify the division of the IP address Mask bit set: treat as part of subnet prefix Mask bit 0: treat as part of host id Example: 11111111 11111111 11111111 00000000 First three octets identify the network Fourth octet identifies a host on the network Don’t have to use contiguous bits in the mask Makes understanding routing tricky

Subnet mask representation Specifying masks in binary is difficult Awkward Error prone Most IP sw uses dotted decimal representation Works best when subnetting is aligned on octets Class B: 3rd octet for physical net; 4th for host Notation: 255.255.255.0 Another way is a 3-tuple representation {<network number>, <subnet mask>, <host number>} Value –1 means “all ones” Above example: {-1, -1, 0}

Forwarding with subnets Must modify our standard routing algorithm All hosts and routers attached to a network using subnet addressing must use subnet forwarding Not so obvious: Other hosts & routers at the site may have to as well Unless restrictions on using subnetting are followed

Theoretically simple subnet rule Illegal topology H would have to use subnet routing even though Net 1 does not have a subnet address Theoretically simple subnet rule For optimal forwarding Machine M must use subnet forwarding for an IP network address N Unless there is a single path P such that P is a shortest path between M and every physical network that is a subset of N Net 1 (not a subnet address) R1 H R2 Net 2 (subnet of address N) Net 3 (subnet of address N)

Still, hard to assign subnets Shortest path can change (HW fail; re-routing) Rule does not consider site boundaries Subnetting should be kept as simple as possible All subnets of a given network IP address should be contiguous The masks should be uniform across all networks All machines should participate in subnet routing

Subnet forwarding algorithm Algorithm searches a table of routes like before Normal entries for standard algorithm: (network address, next hop address) Per-host and default routes are special cases Must be checked explicitly Algorithm compares network portion of destination to the network address field Knows how address is partitioned With subnets, not possible to know the partitioning from the address alone

Modified algorithm needs additional information Must have the subnet mask Table entries are of the form: (address mask, network address, next hop address) Address mask used in routing Extracts right bits for comparison with network address entry Performs bit-wise Boolean and 32-bit destination IP address Subnet mask field Checks to see if result matches entry’s network address field If so, next hop address is used to route the datagram

Example: route to single host By using arbitrary masks, will not need the special case checking of the standard algorithm Example: route to single host Mask of all 1’s Network address equal to host’s IP address Example: default route Mask of all 0’s Network address of all 0’s Example: route to non-subnetted Class B Mask of two octets of 1’s and two octets of 0’s Thus, the “unified” routing algorithm will contain fewer special cases

Forward_IP_Datagram (datagram, routing_table) Algorithm: Forward_IP_Datagram (datagram, routing_table) Extract destination IP address, ID, from datagram; If prefix of ID matches address of any directly connected network send datagram to destination over that network (This involves resolving ID to a physical address, encapsulating the datagram, and sending the frame.) else for each entry in routing table do Let N be the bitwise-and of ID and the subnet mask If N equals the network address field of the entry then forward the datagram to the specified next hop address endforloop If no matches were found, declare a routing error

Maintenance of subnet masks How do subnet masks get propagated? Answer that question later How do subnet masks get assigned? Harder question Each site free to choose masks for own networks Nonuniform masks give more flexibility, but may cause ambiguity Valid assignments may become invalid as hosts are added Usually: Select contiguous bits from the local portion to ID a network Use the same partition for all local physical networks on site

Broadcasting to subnets More difficult Router cannot just send broadcast packet to all interfaces that share the subnet prefix Will cause a routing loop Use reverse path forwarding to prevent loops Router extracts source of broadcast datagram Looks up source in routing table Discards datagram unless it arrived on the interface used to route to the source (the shortest path) Is possible to broadcast to a specific subnet Consistent subnets masks are critical

Anonymous Point-to-Point (3) Original IP scheme Each network was assigned a unique prefix Point-to-point connections viewed as networks Different view as addresses became scarce Anonymous networking Invented to avoid assigning such prefixes Does not number leased lines Does not assign host address to routers at each end No HW address needed; next hop address ignored

Called unnumbered or anonymous network Figure 9.8 Called unnumbered or anonymous network Possible since only one destination

Classless Addressing (4) (Supernetting) Subnetting invented in early 1980s By 1993, saw address space still in trouble New IP version in works with bigger addresses Needed something until new version standardized Temporary solution was classless addressing Permits a network prefix to be of arbitrary length Also invented forwarding & route propagation techniques Entire technology: Classless Inter-Domain Routing

Early use of classless: supernetting Was adopted because: Different number of networks in each class Class C number were being requested slowly Class B numbers were running out quickly Early use of classless: supernetting Organization wants Class B address Instead, give block of Class C addresses Suppose organization wanted 200 networks With Class B, want to subnet with 3rd octet Assign 256 contiguous Class C numbers instead

CIDR address blocks and bit masks Intended use beyond single organization For hierarchical Internet ISPs get large part of the address space They, in turn, allocate to their subscribers Uses a bit mask to identify the size of the block For 2048 addresses starting at 128.211.168.0 lowest: 128.211.168.0 10000000 11010011 10101000 00000000 highest: 128.211.175.255 10000000 11010011 10101111 11111111 Mask: 11111111 11111111 11111000 00000000 To specify the block of addresses, CIDR needs 32-bit value of lowest address 32-bit mask Mask delineates the end of the prefix Above, need 21 bits set in the mask

CIDR notation Also called slash notation Used to specify the address and mask For the previous example: 128.211.168.0/21 /21 denotes 21 bits in a mask

Classless addressing provides complete flexibility in allocating various size blocks ISP can choose to assign each customer a block of appropriate size If it owns a block of N bits, can assign a customer any piece of more than N bits Example: ISP has 128.211.0.0/16 Can give a customer the 2048 addresses in the /21 range Or, small customer with 2 computers, use 128.211.176.212/30 Lowest: 128.211.176.212 10000000 11010011 10110000 11010100 Highest: 128.211.176.215 10000000 11010011 10110000 11010111

Recap: Classless addressing is used by ISPs Treats IP addresses as arbitrary integers Allows network admin to assign addresses in contiguous blocks Number of addresses in each block is a power of two

Data structures and algorithms Want speed Primary: speed for finding next hop Secondary: speed of making changes in table CIDR address in not self-identifying Router cannot determine division between prefix and suffix by just looking at the address For classful addressing, only needed hashing Router extracts network portion, N, and uses as hash key Computes hash function h(N) Result is index Router cannot find hash key for arbitrary address

Alternatives: Search by mask length Iterates over all possible divisions between prefix/suffix Disadvantage: iteration is slow Better alternative: binary trie structure Hierarchical data structure Successive address bits determine a path from the root down PATRICIA and level compressed tries Are optimized to allow skipping of levels that do not distinguish between routes

32-bit Address Unique Prefix 00110101 00000000 00000000 00000000 00 01000110 00000000 00000000 00000000 0100 01010110 00000000 00000000 00000000 0101 01100001 00000000 00000000 00000000 011 10101010 11110000 00000000 00000000 1010 10110000 00000010 00000000 00000000 10110 10111011 00001010 00000000 00000000 10111

Interior node Exterior node

Summary Four techniques to conserve IP addresses Proxy ARP Router impersonates computer on another physical net Subnet addressing TCP/IP standard Sites can share a single IP network address among multiple physical networks Unnumbered point-to-point Point-to-point links have no prefix

CIDR Major shift in IP technology Classless addressing with arbitrary prefix and suffix boundaries Not self-identifying like classful addresses Significant changes to algorithms and data structures