Chapter 5: Internet Protocols BITS 2513: Internet Technology
Some protocols that we will look at: IP IPv6 To support the Internet and all its services, many protocols are necessary. Some protocols that we will look at: IP IPv6 ARP: Address Resolution Protocol ICMP: Internet Control Message Protocol TCP (Transmission Control Protocol) UDP (User Datagram Protocol) SMTP (Simple Mail Transfer Protocol) SNMP (Simple Network Management Protocol)
Protocol A protocol is set of rules and conventions used to impose a standardized, structured language for the communication between multiple parties. For example, a protocol might define the order in which information is exchanged between two parties. In fact, a data exchange can only take place between two computers using the same protocol.
IP : Internet Protocol IP is the standard that defines the manner in which the network layers of two hosts interact. These hosts may be on the same network or reside on physically distinct heterogeneous networks. IP provides a connectionless, unreliable, best-effort packet delivery service. A best-effort delivery service means that packets might be discarded during transmission, but not without a good reason. It has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through a network and providing fragmentation and reassembly of datagrams to support data links with different maximum-transmission unit (MTU) sizes. The IP addressing scheme is integral to the process of routing IP datagrams through an internetwork. Each IP address has specific components and follows a basic format. These IP addresses can be subdivided and used to create addresses for subnetworks.
The Internet Protocol (IP) IP prepares a packet for transmission across the Internet. The IP header is encapsulated onto a transport data packet. The IP packet is then passed to the next layer where further network information is encapsulated onto it.
IP Packet
IPv6 IPv6 is also called next generation IP or IPng. The increasing in Web-based business has created immense demand for Internet addresses. Currently, most Web sites use IPv4 networking, but this protocol is running out of address space. The IPv6 networking foundation, which is compatible and interoperable with IPv4, was created to solve these problems: Exhaustion of the IPv4 address space Exhaustion of the capacity for global routing tables Complexities in configurations Poor security at the IP level Poor delivery of real-time data
ASSIGNMENT 2 (Part 1) Please submit latest by 24th October 2011 IPv6 is now gaining popularity compared to IPv4 addressing. What do you understand about IPv6? List down and describe the differences between IPv4 and IPv6 addressing List down and describe the similarities between IPv4 and IPv6 What are the advantages of using IPv6 addressing? Please submit latest by 24th October 2011
ARP (address resolution protocol) Address resolution provides a mapping between two different forms of addresses 32-bit IP addresses and whatever the data link uses ARP is a protocol used to do address resolution in the TCP/IP protocol suite (RFC826) ARP provides a dynamic mapping from an IP address to the corresponding hardware address
Why it is needed? ARP The address resolution protocol is needed because IP addresses only make sense to the TCP/IP protocol suite. A data link, such as Ethernet, has its own addressing scheme to which any network layer using the data link must conform.
Basic Idea ARP is required on multi-access channels and relies on the ability to broadcast The protocol is simple: broadcast a packet containing the IP address of the destination machine the machine with that address, or possibly a server, sends a reply containing the hardware address upon receipt the hardware address is used to send the original packet
ARP Cache Essential to the efficient operation of ARP is the maintenance of a cache on each host The cache maintains the recent IP to physical address mappings Each entry is aged (usually the lifetime is 20 minutes) forcing periodic updates of the cache ARP replies are often broadcast so that all hosts can update their caches
Step when ARP request packet generated The IP module sends a packet, destined for another host in the network, to the ARP module. The ARP module looks up the ARP table (cache) to resolve the IP address. If the supplied IP address is present in the ARP cache, it is resolved into its Ethernet address. If the ARP module is not able to find an entry for this IP address in the ARP cache, then it sends an ARP request packet to the Ethernet driver, to resolve the IP address to the Ethernet address. After the IP address is resolved by the ARP module, the packet is sent to the Ethernet driver for transmission.
Step for ARP request packet is received by a host If the IP address to be resolved is for this host, then the ARP module sends an ARP reply packet with its Ethernet MAC address. If the IP address to be resolved is for this host, then the ARP module updates its ARP cache with the source Ethernet MAC address to source IP address mapping present in the ARP request packet. If the entry is already present in the cache, it is overwritten. If it is not present, it is added. If the IP address to be resolved is not for this host, then the ARP module discards the ARP request packet.
arp Commnd The arp command on a Unix system can be used to see the contents of the ARP cache kiev> arp -a Net to Media Table Device IP Address Mask Flags Phys Addr ------ -------------------- --------------- ----- --------------- hme0 redshirt 255.255.255.255 00:60:08:8b:e9:aa hme0 tiger 255.255.255.255 08:00:20:85:f6:8d hme0 thunderbolt 255.255.255.255 08:00:20:9a:af:60 hme0 starfury 255.255.255.255 08:00:20:9a:af:79 hme0 cs3-router 255.255.255.255 00:10:11:09:f0:28 hme0 epsilon3-38 255.255.255.255 08:00:20:86:71:c0 hme0 mordor-38 255.255.255.255 08:00:20:96:01:ad hme0 itlabman 255.255.255.255 00:00:c0:65:d7:b9 hme0 joanne 255.255.255.255 00:05:02:59:51:52 hme0 laurie 255.255.255.255 00:05:02:79:c4:20 hme0 kiev 255.255.255.255 SP 08:00:20:9e:f2:99
ARP Packet Format 8 16 31 Hardware Type Protocol Type Hardware Size Protocol Size Operation Sender’s Hardware Address (for Ethernet 6 bytes) Sender’s Hardware Address Sender’s Protocol Address Sender’s Protocol Address Target Hardware Address Target Hardware Address Target Protocol Address
Proxy ARP Proxy ARP lets a router answer ARP requests on one of its networks for a host on another of its networks This fools the sender of the ARP request into thinking that the router is the destination The router is acting as a proxy agent for the destination, relaying packets to it from other hosts
Proxy ARP Proxy ARP is also known as promiscuous ARP or the ARP hack The names come from the other use of proxy ARP: to hide two physical networks from each other, with a router between the two This has been used to separate hosts running two different versions of TCP/IP
Gratuitous ARP Gratuitous (Unnecessary ) ARP occurs when a host sends an ARP request looking for its own IP address This can happen at bootstrap time Gratuitous ARP provides two features it lets a host determine if another host is already configured with the same IP address if the host sending the gratuitous ARP has just changed its hardware address, the packet causes other hosts on the net to update their ARP cache entries
Issues ARP will be a dangerous protocol Broadcasting can be expensive a bogus host can issue a gratuitous ARP and change cache entries a bogus host can send replies giving its own hardware address (instead of the target) Broadcasting can be expensive excessive use of bandwidth CPU costs
ICMP Internet Control Message Protocol is used by routers and nodes, performs the error reporting for the Internet Protocol. is a helper protocol that supports IP with facility for Error reporting (invalid IP address, invalid port address and the packet has hopped too many times) Simple queries
ICMP (Cont) ICMP messages are encapsulated as IP datagrams:
ICMP message format 4 byte header: Type (1 byte): type of ICMP message Code (1 byte): subtype of ICMP message Checksum (2 bytes): similar to IP header checksum. Checksum is calculated over entire ICMP message If there is no additional data, there are 4 bytes set to zero. each ICMP messages is at least 8 bytes long
ICMP Query message ICMP query: Request sent by host to a router or host Reply sent back to querying host
ICMP Error message ICMP error messages report error conditions Typically sent when a datagram is discarded Error message is often passed from ICMP to the application program
ASSIGNMENT 2 (Part 2) Please submit latest by 24th October 2011 TCP and UDP are the most used transport protocol in the network. What are the advantages of using TCP over UDP? List down and describe. TCP is a reliable method because it creates connection first before sending data through the 3-way handshake. Describe. UDP is not a reliable method to transport data because it does not have Acknowledgement (ACK) packet. However, it is still used in the Internet as one of the most popular transport method. Describe why. Please submit latest by 24th October 2011
SMTP Simple Mail Transfer Protocol is the protocol which the majority of all mails are transferred around the Internet. For Ability Mail Server to be able to receive mails it uses a built in SMTP server which handles and processes all incoming mail. SMTP is an essential part of Ability Mail Server and in most circumstances should always be enabled. The SMTP service can generally be used in 2 different ways. To accept mail from the Internet, usually from other mail servers, and then deliver it to local accounts (incoming mail traffic). To allow local users to use the SMTP for their outbound mail, which the mail server should deliver to the correct local or external account
Network Management
SNMP -History
Simple Network Management Protocol SNMP is the prevailing standard for management of TCP/IP networks. SNMP is layered on top of UDP, the User Datagram Protocol. An SNMP management station monitors and controls a managed node by issuing requests directed to the agent residing in the managed node. The agent interprets the request and performs the function accordingly. All SNMP transactions take place using PDUs (Protocol Data Units).
IETF RFCs 1155, 1156, and 1157 define the Simple Network Management Protocol (SNMP) The Internet community developed SNMP to allow diverse network objects to participate in a global network management architecture. Network managing systems can poll network entities implementing SNMP for information relevant to a particular network management implementation. Network management systems learn of problems by receiving traps or change notices from network devices implementing SNMP.
Security in SNMP SNMP v1 – very limited security Security in SNMP is commonly referred to as trivial authentication. You must know the device’s IP address in order to talk to it. Your must also know the community string, a “password” that is sent in clear text as part of the SNMP message.
Security improvements – SNMP V3 SNMPv3 provides encryption and authentication as part of the core protocol. Specifically, SNMPv3 with USM (User based security model) recognizes three levels of security: 1. Without authentication and without privacy (noAuthNoPriv) 2. With authentication but without privacy (authNoPriv) 3. With authentication and privacy (authPriv)