4: Network Layer4a-1 12: IP Multicast, VPN, IPV6, NAT, MobileIP Last Modified: 9/3/ :38:58 AM Adapted from Gordon Chaffee’s slides

4: Network Layer4a-2 What is multicast? r 1 to N communication r Bandwidth-conserving technology that reduces traffic by simultaneously delivering a single stream of information to multiple recipients r Examples of Multicast m Network hardware efficiently supports multicast transport Example: Ethernet allows one packet to be received by many hosts m Many different protocols and service models Examples: IETF IP Multicast, ATM Multipoint

4: Network Layer4a-3 Unicast R Sender r Problem m Sending same data to many receivers via unicast is inefficient r Example m Popular WWW sites become serious bottlenecks m Especially bad for audio/video streams

4: Network Layer4a-4 Multicast R Sender r Efficient one to many data distribution

4: Network Layer4a-5 IP Multicast Introduction r Efficient one to many data distribution m Tree style data distribution m Packets traverse network links only once r Location independent addressing m IP address per multicast group r Receiver oriented service model m Applications can join and leave multicast groups m Senders do not know who is listening m Similar to television model m Contrasts with telephone network, ATM

4: Network Layer4a-6 IP Multicast r Service m All senders send at the same time to the same group m Receivers subscribe to any group m Routers find receivers r Unreliable delivery r Reserved IP addresses m to reserved for multicast m Static addresses for popular services (e.g. Session Announcement Protocol)

4: Network Layer4a-7 Internet Group Management Protocol (IGMP) r Protocol for managing group membership m IP hosts report multicast group memberships to neighboring routers m Messages in IGMPv2 (RFC 2236) Membership Query (from routers) Membership Report (from hosts) Leave Group (from hosts) r Announce-Listen protocol with Suppression m Hosts respond only if no other hosts has responded r Soft State protocol

4: Network Layer4a-8 IGMP Example (1) Network 1 r Host 1 begins sending packets m No IGMP messages sent m Packets remain on Network 1 r Router periodically sends IGMP Membership Query Network 2 Router

4: Network Layer4a-9 IGMP Example (2) Network 1 r Host 3 joins conference m Sends IGMP Membership Report message r Router begins forwarding packets onto Network 2 r Host 3 leaves conference m Sends IGMP Leave Group message m Only sent if it was the last host to send an IGMP Membership Report message Network 2 Router Membership Report 33 Leave Group

4: Network Layer4a-10 Source Specific Filtering: IGMPv3 r Adds Source Filtering to group selection m Receive packets only from specific source addresses m Receive packets from all but specific source addresses r Benefits m Helps prevent denial of service attacks m Better use of bandwidth r Status: Internet Draft?

4: Network Layer4a-11 Multicast Routing Discussion r What is the problem? m Need to find all receivers in a multicast group m Need to create spanning tree of receivers r Design goals m Minimize unwanted traffic m Minimize router state m Scalability m Reliability

4: Network Layer4a-12 Data Flooding r Send data to all nodes in network r Problem m Need to prevent cycles m Need to send only once to all nodes in network m Could keep track of every packet and check if it had previously visited node, but means too much state Sender R3R1 R2

4: Network Layer4a-13 Reverse Path Forwarding (RPF) r Simple technique for building trees r Send out all interfaces except the one with the shortest path to the sender r In unicast routing, routers send to the destination via the shortest path r In multicast routing, routers send away from the shortest path to the sender

4: Network Layer4a-14 Reverse Path Forwarding Example R5R6 R3R2 R1 R4R7 Sender 2. Router R2 accepts packets sent from Router R1 because that is the shortest path to the Sender. The packet gets sent out all interfaces. 1. Router R1 checks: Did the data packet arrive on the interface with the shortest path to the Sender? Yes, so it accepts the packet, duplicates it, and forwards the packet out all other interfaces except the interface that is the shortest path to the sender (i.e the interface the packet arrived on). Drop 3. Router R2 drops packets that arrive from Router R3 because that is not the shortest path to the sender. Avoids cycles.

4: Network Layer4a-15 Distance Vector Multicast Routing (DVMRP) r Steve Deering, 1988 r Source rooted spanning trees m Shortest path tree m Minimal hops (latency) from source to receivers r Extends basic distance vector routing r Flood and prune algorithm m Initial data sent to all nodes in network(!) using Reverse Path Forwarding m Prunes remove unwanted branches m State in routers for all unwanted groups m Periodic flooding since prune state times out (soft state)

4: Network Layer4a-16 DVMRP Algorithm r Truncated Reverse Path Multicast m Optimized version of Reverse Path Forwarding m Truncating No packets sent onto leaf networks with no receivers m Still how “truncated” is this? r Pruning m Prune messages sent if no downstream receivers m State maintained for each unwanted group r Grafting m On join or graft, remove prune state and propagate graft message

4: Network Layer4a-17 Protocol Independent Multicast (PIM) r Uses unicast routing table for topology r Dense mode (PIM-DM) m For groups with many receivers in local/global region m Like DVMRP, a flood and prune algorithm r Sparse mode (PIM-SM) m For groups with few widely distributed receivers m Builds shared tree per group, but may construct source rooted tree for efficiency m Explicit join

4: Network Layer4a-18 IP Multicast in the Real World

4: Network Layer4a-19 Commercial Motivation r Problem m Traffic on Internet is growing about 100% per year m Router technology is getting better at 70% per year m Routers that are fast enough are very expensive r ISPs need to find ways to reduce traffic r Multicast could be used to… m WWW: Distribute data from popular sites to caches throughout Internet m Send video/audio streams multicast m Software distribution

4: Network Layer4a-20 ISP Concerns r Multicast causes high network utilization m One source can produce high total network load m Experimental multicast applications are relatively high bandwidth: audio and video m Flow control non-existent in many multicast apps r Multicast breaks telco/ISP pricing model m Currently, both sender and receiver pay for bandwidth m Multicast allows sender to buy less bandwidth while reaching same number of receivers m Load on ISP network not proportional to source data rate

4: Network Layer4a-21 Economics of Multicast r One packet sent to multiple receivers r Sender + Benefits by reducing network load compared to unicast + Lower cost of network connectivity r Network service provider - One packet sent can cause load greater than unicast packet load + Reduces overall traffic that flows over network r Receiver = Same number of packets received as unicast

4: Network Layer4a-22 Multicast Problems r Multicast is immature m Immature protocols and applications m Tools are poor, difficult to use, debugging is difficult m Routing protocols leave many issues unresolved Interoperability of flood and prune/explicit join Routing instability r Multicast development has focused on academic problems, not business concerns m Multicast breaks telco/ISP traffic charging and management models m Routing did not address policy PIM, DVMRP, CBT do not address ISP policy concerns BGMP addresses some ISP concerns, but it is still under development

4: Network Layer4a-23 Current ISP Multicast Solution r Restrict senders of multicast data r Charge senders to distribute multicast traffic m Static agreements r Do not forward multicast traffic m Some ISP’s offer multicast service to customers (e.g. UUNET UUCast) m ISP beginning to discuss peer agreements

4: Network Layer4a-24 Multicast Tunneling r Problem m Not all routers are multicast capable m Want to connect domains with non-multicast routers between them r Solution m Encapsulate multicast packets in unicast packet m Tunnel multicast traffic across non-multicast routers m We will see more examples of tunneling later

4: Network Layer4a-25 Multicast Tunneling Example (1) UR1UR2 Multicast Router 1 Multicast Router 2 Sender 1 Encapsulated Data Packet Unicast Routers Multicast Router 1 encapsulates multicast packets for groups that have receivers outside of network 1. It encapsulates them as unicast IP-in-IP packets. Network 1 Receiver Network 2 Multicast Router 2 decapsulates IP-in-IP packets. It then forwards them using Reverse Path Multicast.

4: Network Layer4a-26 Multicast Tunneling Example (2) MR1MR2 Virtual Interfaces Virtual Network Topology

4: Network Layer4a-27 MBone r MBONE m Multicast capable virtual network, subset of Internet m Native multicast regions connection with tunnels r In 1992, the MBone was created to further the development of IP multicast m Experimental, global multicast network m Served as a testbed for multicast applications development vat -- audio tool vic -- video tool wb -- shared whiteboard

4: Network Layer4a-28 Virtual Private Networks (VPN)

4: Network Layer4a-29 Virtual Private Networks r Definition m A VPN is a private network constructed within the public Internet r Goals m Connect private networks using shared public infrastructure r Examples m Connect two sites of a business m Allow people working at home to have full access to company network

4: Network Layer4a-30 How accomplished? r IP encapsulation and tunneling r Same as we saw for Multicast r Router at one end of tunnel places private IP packets into the data field of new IP packets (could be encrypted first for security) which are unicast to the other end of the tunnel

4: Network Layer4a-31 Motivations r Economic m Using shared infrastructure lowers cost of networking m Less of a need for leased line connections r Communications privacy m Communications can be encrypted if required m Ensure that third parties cannot use virtual network r Virtualized equipment locations m Hosts on same network do not need to be co-located m Make one logical network out of separate physical networks r Support for private network features m Multicast, protocols like IPX or Appletalk, etc

4: Network Layer4a-32 Examples r Logical Network Creation r Virtual Dial-Up

4: Network Layer4a-33 Logical Network Creation Example r Remote networks 1 and 2 create a logical network r Secure communication at lowest level Internet Tunnel Gateway Network 1 Network 2

4: Network Layer4a-34 Virtual Dial-up Example r Worker dials ISP to get basic IP service r Worker creates tunnel to Home Network Internet Tunnel Gateway Internet Service Provider Public Switched Telephone Network (PSTN) Worker Machine Home Network

4: Network Layer4a-35 IPv6

4: Network Layer4a-36 History of IPv6 r IETF began thinking about the problem of running out of IP addresses in 1991 r Requires changing IP packet format - HUGE deal! r While we’re at it, lets change X too r “NGTrans” (IPv6 Transition) Working Group of IETF - June 1996

4: Network Layer4a-37 IPv6 Wish List r From “The Case for IPv6” r Scalable Addressing and Routing r Support for Real Time Services r Support of Autoconfiguration (get your own IP address and domain name to minimize administration r Security Support r Enhanced support for routing to mobile hosts

4: Network Layer4a-38 IPv4 Datagram VersionHLen TOSLength IdentFlagsOffset TTLProtocolChecksum SourceAddr DestinationAddr Options (variable) Pad (variable) Data

4: Network Layer4a-39 IPv6 Datagram VersionTrafficClassFlowLabel PayloadLenNextHeaderHopLimit SourceAddress DestinationAddress Next header/data

4: Network Layer4a-40 IPv6 Base Header Format r VERS = IPv6 r TRAFFICE CLASS: specifies the routing priority or QoS requests r FLOW LABEL: to be used by applications requesting performance guarantees r PAYLOAD LENGTH: like IPv4’s datagram length, but doesn’t include the header length like IPv4 r NEXT HEADER: indicates the type of the next object in the datagram either type of extension header or type of data r HOP LIMIT: like IPv4’s TimeToLive field but named correctly r NO CHECKSUM (processing efficiency)

4: Network Layer4a-41 Address Space r 32 bits versus 128 bits - implications? m 4 billiion vesus 3.4 X10 38 m 1500 addresses per square foot of the earth surface

4: Network Layer4a-42 Addresses r Still divide address into prefix that designates network and suffix that designates host r But no set classes, boundary between suffix and prefix can fall anywhere (CIDR only) r Prefix length associated with each address

4: Network Layer4a-43 Addresses Types r Unicast: delivered to a single computer r Multicast: delivered to each of a set of computers (can be anywhere) m Conferencing, subscribing to a broadcast r Anycast: delivered to one of a set of computers that share a common prefix m Deliver to one of a set of machines providing a common servicer

4: Network Layer4a-44 Address Notation r Dotted sixteen? m r Colon hexadecimal notation (8 groups) m 69DC:8768:9A56:FFFF:0:5634:343 r Or even better with zero compression (replace run of all 0s with double ::) r Makes host names look even more attractive huh?

4: Network Layer4a-45 Special addresses r Ipv4 addresses all reserved for compatibility m 96 zeros + IPv4 address = valid IPv6 address r Local Use Addresses m Special prefix which means “this needn’t be globally unique” m Allow just to be used locally m Aids in autoconfiguration

4: Network Layer4a-46 Datagram Format r Base Header + 0 to N Extension Headers + Data Area

4: Network Layer4a-47 Extensible Headers r Why? r Saves Space and Processing Time m Only have to allocate space for and spend time processing headers implementing features you need r Extensibility m When add new feature just add an extension header type - no change to existing headers m For experimental features, only sender and receiver need to understand new header

4: Network Layer4a-48 Flow Label r Virtual circuit like behaviour over a datagram network r A sender can request the underlying network to establish a path with certain requirements Traffic class specifies the general requirements (ex. Delay < 100 msec.) r If the path can be established, the network returns an identifier that the sender places along with the traffic class in the flow label r Routers use this identifier to route the datagram along the prearranged path

4: Network Layer4a-49 ICMPv6 r New version of ICMP r Additional message types, like “Packet Too Big” r Multicast group management functions

4: Network Layer4a-50 Summary like IPv6 m Connectionless (each datagram contains destination address and is routed seperately) m Best Effort (possibility for virtual circuit behaviour) m Maximum hops field so can avoid datagrams circulating indefinitely

4: Network Layer4a-51 Summary New Features r Bigger Address Space (128 bits/address) m CIDR only m Any cast addresses r New Header Format to help speed processing and forwarding m Checksum: removed entirely to reduce processing time at each hop m No fragmentation r Simple Base Header + Extension Headers m Options: allowed, but outside of header, indicated by “Next Header” field r Ability to influence the path a datagram will take through the network (Quality of service)

4: Network Layer4a-52 Transition From IPv4 To IPv6 r Not all routers can be upgraded simultaneous m no “flag days” m How will the network operate with mixed IPv4 and IPv6 routers? r Two proposed approaches: m Dual Stack: some routers with dual stack (v6, v4) can “translate” between formats m Tunneling: IPv6 carried as payload n IPv4 datagram among IPv4 routers

4: Network Layer4a-53 Dual Stack Approach

4: Network Layer4a-54 Tunneling IPv6 inside IPv4 where needed

4: Network Layer4a-55 6Bone r The 6Bone: an IPv6 testbed r Started as a virtual network using IPv6 over IPv4 tunneling/encapsulation r Slowly migrated to native links fo IPv6 transport r RFC 2471

4: Network Layer4a-56 Recent History r First blocks of IPv6 addresses delegated to regional registries - July 1999 r 10 websites in the.com domain that can be reached via an IPv6 enhanced client via an IPv6 TCP connection ( - it was 5 a year ago (not a good sign?)

4: Network Layer4a-57 IPv5? r New version of IP temporarily named “IP - The Next Generation” or IPng r Many competing proposals; name Ipng became ambiguous r Once specific protocol designed needed a name to distinguish it from other proposals r IPv5 has been assigned to an experimental protocol ST

4: Network Layer4a-58 Network Address Translation (NAT)

4: Network Layer4a-59 Background r IP defines private intranet address ranges m (Class A) m (Class B) m (Class C) r Addresses reused by many organizations r Addresses cannot be used for communication on Internet

4: Network Layer4a-60 Problem Discussion r Hosts on private IP networks need to access public Internet r All traffic travels through a gateway to/from public Internet r Traffic needs to use IP address of gateway r Conserves IPv4 address space m Private IP addresses mapped into fewer public IP addresses m Will this beat Ipv6?

4: Network Layer4a-61 Scenario Gateway Host A BMRC Server All Private Network hosts must use the gateway IP address Private Network Public Internet Public network IP address, globally unique Same private network IP addresses may be used by many organizations

4: Network Layer4a-62 Network Address Translation Solution r Special function on gateway m IP source and destination addresses are translated m Internal hosts need no changes r No changes required to applications r TCP based protocols work well r Non-TCP based protocols more difficult r Provides some security m Hosts behind gateway difficult to reach m Possibly vulnerable to IP level attacks

4: Network Layer4a-63 NAT Example NAT Gateway Server Address Translator bmrc.berkeley.edu TCP Connection 1

4: Network Layer4a-64 TCP Protocol Diagram ClientServer SYN, ACK Packet 0:50 ACK 0:50 FIN FIN, ACK Source IP Address Destination IP Address Checksum Sequence Number Dest Port NumberSource Port Number TCP Header..... IP Header..... ACK SYN SYN flag indicates a new TCP connection

4: Network Layer4a-65 TCP NAT Example Server Internet NAT Gateway PROTO SADDR DADDR SPORT DPORT FLAGS CKSUM TCP SYN 0x NAT gateway sees SYN flag set, adds new entry to its translation table. It then rewrites the packet using gateway’s external IP address, Updates the packet checksum PROTO SADDR DADDR SPORT DPORT FLAGS CKSUM TCP SYN, ACK 0x Server responds to SYN packet with a SYN,ACK packet. The packet is sent to the NAT gateway’s IP address. Client Server IPAddr Port IPAddr Port NATPort NAT Translation Table PROTO SADDR DADDR SPORT DPORT FLAGS CKSUM TCP SYN 0x Host tries to connect to web server at It sends out a SYN packet using its internal IP address, PROTO SADDR DADDR SPORT DPORT FLAGS CKSUM TCP SYN, ACK 0x NAT gateway looks in its translation table, finds a match for the source and destination addresses and ports, and rewrites the packet using the internal IP address.

4: Network Layer4a-66 Load Balancing Servers with NAT r Single IP address for web server r Redirects workload to multiple internal servers Server NAT Gateway (Virtual Server) Private Intranet Public Internet

4: Network Layer4a-67 Load Balancing Networks with NAT NAT Gateway r Connections from Private Intranet split across Service Providers 1 and 2 r Load balances at connection level m Load balancing at IP level can cause low TCP throughput Private Intranet Service Provider 1 Service Provider 2 Network X

4: Network Layer4a-68 NAT Discussion r NAT works best with TCP connections r NAT breaks End-to-End Principle by modifying packets r Problems m Connectionless UDP (Real Audio) m ICMP (Ping) m Multicast m Applications use IP addresses within data stream (FTP) r Need to watch/modify data packets

4: Network Layer4a-69 MobileIP

4: Network Layer4a-70 MobileIP r Goal: Allow machines to roam around and maintain IP connectivity r Problem: IP addresses => location m This is important for efficient routing r Solutions? m DHCP? ok for relocation but not for ongoing connections m Dynamic DNS (mobile nodes update name to IP address mapping as they move around)? ok for relocation but not for ongoing connections

4: Network Layer4a-71 Mobile IP r Allows computer to roam and be reachable r Basic architecture m Home agent (HA) on home network m Foreign agent (FA) at remote network location m Home and foreign agents tunnel traffic m Non-optimal data flow

4: Network Layer4a-72 MobileIP r Mobile nodes have a permanent home address and a default local router called the “home agent” r The router nearest a nodes current location is called the “foreign agent” m Register with foreign agent when connect to network m Located much like the DHCP server

4: Network Layer4a-73 Forwarding Packets r Home agent impersonates the mobile host by changing the mapping from IP address to hardware address (“proxy ARP”) r Sends any packets destined for mobile host on to the foreign agent with IP encapsulation r Foreign agent strips off and does a special translation of the mobile nodes IP address to its current hardware address

4: Network Layer4a-74 Mobile IP Example Home Agent Foreign Agent Internet Foreign Subnet Home Subnet Mobile Node Fixed Node Register 1. The Mobile Node registers itself with the Foreign Agent on the Foreign Subnet. The Foreign Agent opens an IP-IP tunnel to the Home Agent. The Home Agent begins listening for packets sent to The Fixed Node initiates a connection to the Mobile Node. It sends packets to the Mobile Node’s home IP address, The packets are routed to the Home Subnet. 4. The Foreign Agent decapsulates the IP-IP packets, and it sends them out on the Foreign Subnet. These packets will be addressed to The Mobile Node receives the packets, and it sends responses directly to the Fixed Node at The Home Agent receives them, encapsulates them in IP-IP packets, and it sends them to the Foreign Agent. Encapsulated packets are addressed to

4: Network Layer4a-75 Avoiding the Foreign Agent r Mobile host can also obtain a new IP address on the remote network and inform the home agent r The home agent can then resend the packet to the new IP address

4: Network Layer4a-76 Optimizations r What if two remote hosts are temporarily close together r If they want to send traffic to each other, why should it have to go all the way to their home agents and back again r Optimizations exist to allow the sending node to learn and cache the current location of a recipient to avoid this problem

4: Network Layer4a-77 Roadmap r Finished with the network layer and IP specifics r Next on to the link layer r If two hosts are on the same network how do they send data directly to one another