19531 - telematics · ipv4 recapitulation address block description reference 0.0.0.0/8 current...
TRANSCRIPT
19531 - Telematics8th Tutorial - IP, ARP, ICMP, DHCP & NAT
Bastian Blywis
Department of Mathematics and Computer ScienceInstitute of Computer Science16. December, 2010
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 1
Outline
1. Network Components
2. End of the Ethernet Frame
3. LLC Classes
4. MTU
5. Network Components
6. Subnets
7. Internet Protocol Version 4
8. Checksum
9. Address Resolution Protocol
10. Self-Configuration
11. Tracing
12. Address Translation
13. ICMP
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 2
Network Components
Name the function(-s) of the following network compo-nents:
– Repeater– Hub– Switch– Bridge– Router– Gateway
Which “data” do they handle and on which layer of theISO/OSI reference model do they operate?
?? ?Institute of Computer Science – Telematics Tutorial – 16. December, 2010 3
Network Components
– Repeater– Receives a signal and retransmits it at a higher power
(amplifies)– Dumb device, does not know and care about frames– Increases range of network– Layer 1
– Hub– Connects multiple stations together– Creates a network segment (bus topology)– Also called multi-port repeater– Dumb device, does not know and care about frames– Collisions can happen; single collision domain– Usually do not amplify signals– Layer 1
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 4
Network Components
– Switch– Connects multiple stations together– Connects network segments– Evaluates header of frames– Learns topology and limits broadcasts– Checks for frame errors– Several forwarding techniques, e.g., (virtual) cut-through– Layer 2– Managed switches provide much more, e.g., telnet or web
interface (and thus layer 3-7 services)
– Bridge– Same as switch but connect different LANs– Usually behaves as defined in IEEE 802.1d– Bridges create different collision domains at their ports– Term often times synonymously used like switch– Layer 2
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 5
Network Components
– Router– Software and/or hardware for routing and forwarding data of packets (datagrams)– Connects logical subnets– Router knows output interface for each destination based on IP configuration of
interfaces (usually also stored in routing table) or learned by routing protocol– Routing is often implemented in the application layer although it is a network layer
service– Routers usually do not flood datagrams if output interface is unknown but use default
route– Layer 3
– Gateway– “Protocol translator”– Several different definitions– Layer 4-7 (sometimes also includes lower layers)
Note: Hardware routers usually also contain a switch/bridgeQuestion: Are there actually layer 3 and layer 4 switches?
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 6
End of the Ethernet Frame
– Compared to the IEEE 802.3 frame the Ethernetframe has no length but a type field.
– How can a network interface card actually detectthe end of the frame? ?? ?
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 7
End of the Ethernet Frame
– Frame end detection depends on particular host-to-network technology– Ethernet II: idle state detection of Manchester line code, no raising or falling edge
for some specific time– Interframe gap (12 bytes = 9.6 µs in older Ethernet variants)– Alternative: Stop flag at the end of the frame (line signaling)– Alternative: Out-of-band signaling, separate clock line
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 8
LLC Classes
– As discussed in the 5th tutorial, there are differentLogical Link Control classes.
– How do stations actually know which classes aresupported by the others? ?? ?
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 9
LLC Classes
– All LLC implementations must support class 1 (unacknowledged, connection-less)– Required support of unnumbered format commands
– Unnumbered information (UI)– eXchange IDentification (XID)– TEST link (TEST)
– XID response contains supported LLC class/types (see page 52 in IEEE802.2-1998)
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 10
MTU
What is the Maximum Transfer Unit (MTU) and why is itrelevant for bridging and routing? ?? ?Institute of Computer Science – Telematics Tutorial – 16. December, 2010 11
MTU
– MTU defines maximum size of payload in frame– Packets have to be fragmented if MTU is too low– Not all host-to-network technologies support fragmentation
– IEEE 802.3 does not support fragmentation– IEEE 802.11 supports fragmentation to increase reliability
– Packets will be dropped if fragmentation is not supported
MTU Technology
1,5001 Ethernet4,352 FDDI4,464 IEEE 802.5 (4 Mbps)
17,914 IEEE 802.5 (16 Mbps)2,312 IEEE 802.11
Table: Some MTU values
1MTU can actually be larger to enable VLANs and there are also so-called Jumbo frames
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 12
Network Components
– Discuss the tasks of the network layer and how itdiffers from the lower and upper layers.
– Name network layer protocols and their historicalas well as current relevance. ?? ?
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 13
Network Components
Tasks of the network layer:– Data transmission over large distances, between heterogenous sub-networks– Addressing– Routing– Quality of Service (QoS) issues– Usually connection-less communication
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 14
Network Components
– Layer 1-2 protocol for communication between adjacent hosts on LAN– Layer 1-2 protocol is specific for LAN⇒ protocol header is not preserved but replaced
– Layer 3 protocol for communication between distant hosts– Layer 3 protocol supported by all nodes between source and destination⇒
protocol header is preserved and modified in network– Layer 4-7 protocols for communication between source and destination
Layer 3
Layer 7to
Layer 4
Layer 2and
Layer 1
Layer 3
Layer 7to
Layer 4
Layer 2and
Layer 1
Layer 3
Layer 2and
Layer 1
Layer 3
Layer 2and
Layer 1Source DestinationRouter Router
But: much more complex today with tunneling, NAT, traffic shaping, load balancing, . . .
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 15
Network Components
Network layer protocols:– DoD Standard Internet Protocol (IPv3)– Internetwork Packet Exchange (IPX), ISO/OSI– Datagram Delivery Protocol (DDP), AppleTalk– Internet Protocol Security (IPsec)– Internet Group Management Protocol (IGMP)– The swIPe IP Security Protocol (SwIPe)– ARP, ICMP, . . .
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 16
IPv4 Recapitulation
– 32 bit addresses, but not 232 for unicast or routable– Four octets: A.B.C.D– Network and Host part, defined by subnet mark (deprecated)– Class-less Inter-Domain Routing (CIDR); format: 160.45.128.0/17
Information Sciences Institute University of Southern California InternetProtocolRFC 791, 1981
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 17
IPv4 Recapitulation
Address block Description Reference
0.0.0.0/8 Current network (only valid as source address) RFC 170010.0.0.0/8 Private network RFC 191814.0.0.0/8 Public data networks (reclaimed) RFC 1700127.0.0.0/8 Loopback RFC 3330128.0.0.0/16 Reserved RFC 3330169.254.0.0/16 Link-Local RFC 3927172.16.0.0/12 Private network RFC 1918191.255.0.0/16 Reserved RFC 3330192.0.0.0/24 Reserved RFC 3330192.0.2.0/24 Documentation and example code (TEST-NET) RFC 3330192.88.99.0/24 IPv6 to IPv4 relay RFC 3068192.168.0.0/16 Private network RFC 1918198.18.0.0/15 Network benchmark tests RFC 2544223.255.255.0/24 Reserved RFC 3330224.0.0.0/4 Multicasts (former Class D network) RFC 3171240.0.0.0/4 Reserved (former Class E network) RFC 1700255.255.255.255 Broadcast
Table: Reserved IPv4 Address Blocks (excerpt)
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 18
IPv4 Recapitulation0 4 8 16 19 31
Version IHL Diff. Service Total Length
Identification Flags Fragment Offset
Time to Live Protocol = 17 Header Checksum
Source
Destination
Options
Payloadhhhhhhhhhhhhhhhhhhhhhhhh
hhhhhhhhhhhhhhhhhhhhhhhh
Figure: IPv4 Header Format with marked “problematic” fields
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 19
IPv4 Recapitulation
Copy Class Option Length Description RFC
0 0 0 1 End of options list. RFC 7910 0 1 1 NOP RFC 7911 0 130 11 Security RFC 791, RFC 11081 0 131 variable Loose Source Route RFC 7910 2 68 variable Time stamp RFC 781, RFC 7911 0 133 3 to 31 Extended Security RFC 11081 0 134 Commercial Security0 0 7 variable Record Route RFC 7911 0 136 4 Stream Identifier RFC 791, RFC 11221 0 137 variable Strict Source Route RFC 7910 0 10 Experimental Measurement0 0 11 4 MTU Probe. (obsolete) RFC 1063, RFC 11910 0 12 4 MTU Reply. (obsolete) RFC 1063, RFC 11911 2 205 Experimental Flow Control1 0 142 Expermental Access Control0 0 15 ENCODE1 0 144 IMI Traffic Descriptor1 0 145 variable Extended Internet Protocol RFC 13850 2 82 12 Traceroute RFC 13931 0 147 10 Address Extension RFC 14751 0 148 4 Router Alert RFC 21131 0 149 6 to 38 Selective Directed Broadcast
ModeRFC 1770
1 0 150 Unassigned1 0 151 Dynamic Packet State1 0 152 Upstream Multicast Packet0 0 25 QS, Quick-Start RFC 47820 0 30 EXP - RFC3692-style Experiment RFC 47270 2 94 EXP - RFC3692-style Experiment RFC 47271 0 158 EXP - RFC3692-style Experiment RFC 47271 2 222 EXP - RFC3692-style Experiment RFC 4727
Table: IPv4 OptionsInstitute of Computer Science – Telematics Tutorial – 16. December, 2010 20
IPv4 Recapitulation
IPv4 Issues:– Checksum only for header, usually layer 2 (e.g. Ethernet) and layer 4 (e.g. TCP)
provide error detection– Variable length header– Three fields required for fragmentation– Fragmentation is not desired and should be avoided– Type of Service was not widely implemented⇒ Differentiated Services– Many options seldom used or implemented by routers– Fragmentation and options may require padding– Time To Live (TTL) field does not refer to time anymore but limits the number of
hops– Address depletion⇒ IPv6– Address space is fragmented– Address Resolution Protocol (ARP) for layer 3 to layer 2 mapping required– Security (IPsec), traffic shaping, and virtual connections are optional and not
integral components
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 21
Subnets
– Assign IP addreses for the devices in the networkdepicted above. You have the IP block137.226.0.0/16 available and should come up witha good assignment of addresses for the networks.
– Specify the routing tables of all routers. Assumethat Router 1 has an additional connection to theInternet. Based on the routing information, eachrouter should be able to determine where allpackets have to be forwarded to.
?? ?Institute of Computer Science – Telematics Tutorial – 16. December, 2010 22
Subnets ?? ?Institute of Computer Science – Telematics Tutorial – 16. December, 2010 23
Subnets
The overall plan:– All entities in each LAN are in the same IP subnet– Each router has two network interface cards: one in each subnetwork it connects– Hosts in a particular LAN get an IP that belongs to the particular subnet– The default route goes through Router 1 into the Internet– The minimal number of bits is used for the subnet addressing to maximize the
number of host addresses for each subnet– Some few subnets will remain unused
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 24
Subnets
The network mask network 137.226.0.0/16 is:
11111111.11111111.00000000.00000000 (= 255.255.0.0)
There are five subnets and thus need 3 bits are required to address the subnets. Thesubnet masks is:
11111111.11111111.11100000.00000000 (= 255.255.224.0)
The following address ranges can be used by the subnets:
LAN Address Range
LAN 1 137.226.32.0 - 137.226.63.255 32 = 00100000, 63 = 00111111LAN 2 137.226.64.0 - 137.226.95.255 64 = 01000000, 95 = 01011111LAN 3 137.226.96.0 - 137.226.127.255 96 = 01100000, 127 = 01111111LAN 4 137.226.128.0 - 137.226.159.255 128 = 10000000, 159 = 10011111LAN 5 137.226.160.0 - 137.226.191.255 160 = 10100000, 191 = 10111111
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 25
Subnets
Each router has two network interface cards:
IF1IF2IF2
IF3
IF3
IF4IF4
IF5
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 26
Subnets
Device Adress
Router 1 IF1: 137.226.32.1IF2: 137.266.64.1
Router 2 IF2: 137.226.64.2IF3: 137.226.96.1
Router 3 IF3: 137.226.96.2IF4: 137.226.128.1
Router 4 IF4: 137.226.128.2IF5: 137.226.160.1
Host 1 137.226.64.3Host 2 137.226.128.3
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 27
Subnets
Router Target network Interface Gateway
Router 1 137.226.32.0/19 IF1 *137.226.64.0/19 IF2 *137.226.96.0/19 IF2 137.226.64.2137.226.128.0/19 IF2 137.226.64.2137.226.160.0/19 IF2 137.226.64.2default IFI “Internet”
Router 2 137.226.32.0/19 IF2 137.226.64.1137.226.64.0/19 IF2 *137.226.96.0/19 IF3 *137.226.128.0/19 IF3 137.226.96.2137.226.160.0/19 IF2 137.226.96.2default IF2 137.226.64.1
Table: Routing tables for routers 1 and 2
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 28
Subnets
Router Target network Interface Gateway
Router 3 137.226.32.0/19 IF3 137.226.96.1137.226.64.0/19 IF3 137.226.96.1137.226.96.0/19 IF3 *137.226.128.0/19 IF4 *137.226.160.0/19 IF4 137.226.128.2default IF3 137.226.96.1
Router 4 137.226.32.0/19 IF4 137.226.128.1137.226.64.0/19 IF4 137.226.128.1137.226.96.0/19 IF4 137.226.128.1137.226.128.0/19 IF4 *137.226.160.0/19 IF5 *default IF4 137.226.128.1
Table: Routing tables for routers 3 and 4
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 29
Internet Protocol Version 4
1. How large are IPv4 datagrams usually? Capturesome datagrams with Wireshark and evaluate yoursample.
2. What is the maximum size of IPv4 datagrams?
3. What happens when datagrams get very large?
4. Consider the following scenario. 13.5 kByte of datashall be send from host A to host B using IP asnetwork layer protocol. How large is the protocoloverhead? What happens when the datagramshave to pass a network with a MTU of 500 Bytesand how does this change the overhead?
5. How are datagrams handled by routers when theDF flag is set in the flag field?
6. What purpose has the Type of Service (TOS) fieldin the IP header?
?? ?Institute of Computer Science – Telematics Tutorial – 16. December, 2010 30
Internet Protocol Version 4
– Common length of IPv4 datagrams is [1− 1500] Byte, due to the assumption thatthe MTU is 1500
– Maximum length of datagram is 216 (16 bit length field in header)– Routers have to be prepared to accept datagrams of up to 576 Bytes (see
RFC 791)– Fragmentation of datagrams by routers when MTU is to low– Fragments are reassembled at destination– In some specific cases, e.g., NAT the fragments are not reassembled by the
destination– Routers shall generate the minimum number of fragments
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 31
Internet Protocol Version 4
S D
m n
MTU=1500 MTU=500
X
MTU1500 case:
13.5 kB/1480 ⇒ 10 datagrams (9 ∗ 1480 + 1 ∗ 180) (1)
header overhead = 10 ∗ 20 Byte (2)
200/13.700 ≈ 0.015 (3)
MTU1500 + MTU500 case:
(overhead MTU1500 path + overhead MTU500 path)/(m + n) (4)
9 ∗ 1480 Byte packet ⇒ 9 ∗ (3 ∗ 480 + 1 ∗ 40 Byte) + 9 ∗ 4 ∗ 20 Byte (5)
1 ∗ 180 Byte packet ⇒ 1 ∗ 180 Byte + 1 ∗ 20 Byte (6)0.015 ∗m + 0.055 ∗ n
m + n; m = 8, n = 5⇒ 0.030 (7)
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 32
Internet Protocol Version 4
0 1 2
reserved = 0 Don’t Fragment More Fragments
Figure: Flag field in the IPv4 header (3 bits)
– If the DF flag is set and the datagram is > MTU, the router drops the packet– ICMP Destination Unreachable message generated (Code = 4)– Can be used for (path) MTU discovery but there is also an IP option (see
RFC 1063)– Most applications do not set the DF flag– IPv6 does not support fragmentation any more
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 33
Internet Protocol Version 4
0 2 3 4 5 6 7
Precedence D T R 0 0
Figure: Type of service field in the IPv4 header (8 bits)
Precedence: priority from 0 (normal) to 7 (network control packet)
Delay: specify delay as metric
Throughput: specify throughput as metric
Reliability: specify reliability as metric
Network Working Group Type of Service in the Internet Protocol SuiteRFC 1349, 1992
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 34
Internet Protocol Version 4
0 5 6 7
DSCP ECN
Figure: Differentiated service field in the IPv4 header
DSCP: differentiated services codepoint to select Per-hop Behavior (PHB)
ECN: Explicit Congestion Notification
Network Working Group Definition of the Differentiated Services Field (DS Field)in the IPv4 and IPv6 HeadersRFC 2474, 1998
Network Working Group An Architecture for Differentiated ServicesRFC 2475, 1998
Network Working Group The Addition of Explicit Congestion Notification (ECN)to IPRFC 3168, 2001
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 35
Internet Protocol Version 4
– Coarse-grained, class-based mechanism– Classification based on e.g. source or destination addresses– Priority configuration left to the network administrator– DiffServ domain (group of routers) implements common, administratively defined
DiffServ policies
Network Working Group An Expedited Forwarding PHB (Per-Hop Behavior)RFC 3246, 2002
Network Working Group Assured Forwarding PHB GroupRFC 2597, 1999
Network Working Group New Terminology and Clarifications for DiffservRFC 3260, 2002
See also: http://www.iana.org/assignments/dscp-registry/
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 36
Checksum
The Internet Protocol as well as other protocols use acommon checksum algorithm.
1. How is the algorithm called?
2. Give a (pseudo) code implementation.
3. Calculate the checksum over the followingsequence of bytes: 0x00, 0x01, 0xf2, 0x03, 0xf4,0xf5, 0xf6, 0xf7
?? ?Institute of Computer Science – Telematics Tutorial – 16. December, 2010 37
Checksum
– RFC 1071 - Computing the Internet checksum– RFC 1144 - Incremental Updating of the Internet Checksum– RFC 1624 - Computation of the Internet Checksum via Incremental Update
Used by: IPv4, UDP, and TCP
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 38
Checksum
u i n t 1 6 t inetcsum ( u i n t 8 t ∗ addr , u i n t 1 6 t count ) {u i n t 3 2 t sum = 0; / / accumulator
while ( count > 1 ) { / / add a l l 16 b i t wordssum += ∗ ( ( u i n t 1 6 t ∗) addr ) ; / / to the accumulatoraddr += 2;count −= 2;
}
i f ( count > 0 ) / / add the l a s t 8 b i t to the accumulatorsum += ∗addr ; / / i f count % 2 = 1
while (sum>>16) / / add upper 16−b i t o f accumulator tosum = (sum & 0 x f f f f ) + (sum >> 16 ) ; / / lower ones , u n t i l r e s u l t
/ / f i t s i n 16 b i t
return htons ( ˜ sum ) ; / / r e t u r n one ’ s complement}
inetcsum ({0x00 ,0 x01 ,0 xf2 ,0 x03 ,0 xf4 ,0 xf5 ,0 xf6 ,0 x f7 } , 8)=0x220D
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 39
Address Resolution Protocol
1. What is the task of ARP?
2. How does the protocol work?
3. Are there security issues? ?? ?Institute of Computer Science – Telematics Tutorial – 16. December, 2010 40
Address Resolution Protocol
– Layer 3 protocol, link local usage– Determines layer 2 address for layer 3 address– Mostly used with Ethernet and IP but can be used with other addresses– Vital for communication– Internet Standard STD 37– Used to detect layer 3 address conflicts– ARP-Proxies enable layer 2 communication in spatially divided LANs
Network Working Group An Ethernet Address Resolution ProtocolRFC 826, 1982
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 41
Address Resolution Protocol
0 7 8 15
Hardware Type
Protocol Type
Hardware Address Length Protocol Address Length
Operation
Sender Hardware Address
Sender Protocol Address
Target Hardware Address
Target Protocol Address
Figure: ARP packet format
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 42
Address Resolution Protocol
Address resolution:
1. Host A = AIP , AMAC wants to send a datagram to BIP on the same LAN
2. BIP to BMAC mapping is not in ARP cache of host A3. Host A sends ARP request, opcode = 0x01: “Who has BIP? Tell AIP ”
– Sender MAC address: AMAC– Sender IP address: AIP– Target MAC address: 00:00:00:00:00:00– Target IP address: BIP
4. Host B receives ARP request and replies, opcode = 0x02: “AIP is at AMAC ”– Sender MAC address: BMAC– Sender IP address: BIP– Target MAC address: AMAC– Target IP address: AIP
5. BIP → BMAC is stored in A’s ARP cache
6. Other host on the LAN also learn mapping
7. Ethernet frame for datagram is created and send to B
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 43
Address Resolution Protocol
ARP announcements:– Host can announce IP or MAC address changes– Detection of conflicts– Gratuitous ARP messages
– Request– Sender protocol address := target protocol addresses– Sender hardware address := sender hardware address– Target hardware address := FF:FF:FF:FF:FF:FF
– Reply– Sender protocol address := target protocol addresses– Sender hardware address := target hardware addresses
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 44
Address Resolution Protocol
– Basically no security– ARP spoofing/ARP cache poisoning
– Denial of service attack– Man in the middle attack
– ARP cache flooding (and also MAC flooding)– ARP table size has often a limit– Older/unused entries can be removed to free space– Some dump switches go into hub mode when table overflows– Can be prevented when switches accept only one MAC address at a time per port
– ARP Flux
Listing 1: MAC Flooding Examplefrom scapy . a l l import ∗while 1:
eth = Ether ( )eth . s rc = RandMAC( )eth . ds t = RandMAC( )eth . type = 0x0800data = [0 xFF]∗128sendp ( eth / data , i f a c e = ’ eth0 ’ )
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 45
Address Resolution Protocol
Task Tools
Monitoring arpwatch, arpalert, XArpDefense ArpONSpoofing arpspoof, ettercap, nemesis, scapy
Miscellaneous arping, arptables
Table: ARP-related Tools
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 46
Self-Configuration
– How can hosts self-configure their network layeraddress?
– Name and discuss three protocols. ?? ?Institute of Computer Science – Telematics Tutorial – 16. December, 2010 47
Self-Configuration
Reverse look-up: get layer 3 address based on layer 2 address– Reverse-ARP (RARP): RFC 903– Bootstrap Protocol (BOOTP): RFC 951, RFC 1048, RFC 1084– Dynamic Host Configuration Protocol (DHCP): RFC 2131, RFC 2132
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 48
Self-Configuration
Reverse-ARP (RARP)– RARP server has list of mappings– Clients sends request, opcode = 0x03
– Sender protocol address := undefined– Sender hardware address := sender hardware address– Target protocol address := undefined– Target hardware address := FF:FF:FF:FF:FF:FF
– RARP server replies, opcode = 0x04– Sender protocol address := RARP server layer 3 address– Sender hardware address := RARP server layer 2 address– Target protocol address := assigned layer 3 address– Target hardware address := hardware address of the requester
– RARP server required in each network– Broadcast not forwarded, no proxy function– Limited to IP– Limited IP configuration (no subnet mask and gateway)
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 49
Self-Configuration
Bootstrap Protocol (BOOTP)– Uses UDP– Messages are forwarded by routers– Supports diskless workstations– Provides subnet mask for IP address and gateway– Requires manual configuration of the mapping
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 50
Self-Configuration
Dynamic Host Configuration Protocol (DHCP)– Extension of BOOTP– For large networks with changing topology– Supports manual, automatic, and dynamic IP assignment– Addresses are leased for a certain time, leases have to be updated– Messages are forwarded by DHCP relay agents
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 51
Tracing
– How can IP be used to trace the route between twohosts?
– Discuss different approaches and if they alwayswork! ?? ?
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 52
Tracing
Approaches:– Time-To-Live (TTL) field + ICMP Time Exceeded message– IP Traceroute Option: RFC 1393– IP Record Route Option: RFC 791
Tracing can fail:– Routers do not support IP options– Routers send no ICMP Time Exceeded message– Tunnels, e.g., MPLS not visible for the network layer
Selection of Tools:– ping -R– traceroute, traceroute6, tracert– tracepath, tracepath6– mtr– pathping– traceproto– lft
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 53
Address Translation
– What is NAT and why is it necessary?– What types of NAT are available and what are their
differences?– What problems can arise when using NAT? ?? ?
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 54
Address Translation
– Limited space of routable addresses– Not all computers require network access all the time– Translation between public and a private network address– Often also port translation: NAPT or PAT
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 55
Address Translation
– Source-NAT– Address translation because of limited address space– Private subnetworks– Increases security a little bit
– Destination-NAT– Address translation to provide service with one particular address– Clients are assigned to one of many servers
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 56
Address Translation
NAT Variations– Full Cone
– NAT devices stores mapping between internal and external address and port number– Any inbound traffic is allowed to this internal address and port once mapping learned– Services can be provided to any external host
– Restricted Cone– NAT devices stores mapping between internal and external address and port number– Inbound traffic from unknown external address and port is blocked– Prevents provision of services
– Symmetric– Mappings from internal to external address and port are dependent on destination
address– Inbound traffic from unknown external address and port is blocked– Limits tracking of user behavior– Prevents provision of services
Network Working Group STUN - Simple Traversal of User Datagram Protocol(UDP) Through Network Address Translators (NATs)RFC 3489, 2003
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 57
Address Translation
Problems– Violation of the architectural model of IP (address for unique identification of a
host)– Introduces connection-oriented aspects in a connection-less “environment”– NAT device as point of failure→ TCP– Violates fundamental rule of protocol layering→ TCP– NAT devices often only support TCP and UDP– Some application layer protocols embed network address in message– Applications that open second (inbound) connection might fail– Mapping based on port number limits number of hosts– For some applications detection of the NAT variant is required
Tanenbaum, Computer Networks:
“. . . many people in the IP community regard it as anabomination-on-the-face-of-the-earth.”
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 58
ICMP
– What services are provided by ICMP?– Which of these services are superseded by other
protocols or used very rarely? ?? ?Institute of Computer Science – Telematics Tutorial – 16. December, 2010 59
ICMP
0 7 15 23
Type Code Checksum
ID Sequence number
Data (optional)
Figure: ICMP packet format
Network Working Group STUN - Simple Traversal of User Datagram Protocol(UDP) Through Network Address Translators (NATs)RFC 3489, 2003
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 60
ICMP
Code Description
0 net unreachable1 host unreachable2 protocol unreachable3 port unreachable4 fragmentation needed and DF set5 source route failed
Table: Code field example for Destination Unreachable messages
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 61
ICMP
Type Message Commonly used
0 Echo Reply ×1-2 Reserved
3 Destination Unreachable ×4 Source Quench ×5 Redirect ×8 Echo Request ×9 Router Advertisement ×
10 Router Solicitation ×11 Time Exceeded ×12 Parameter Problem ×13 Timestamp - (replaced by NTP)14 Timestamp Reply - (replaced by NTP)15 Information Request - (replaced by DHCP)16 Information Reply - (replaced by DHCP)17 Address Mask Request ×18 Address Mask Reply ×19 Reserved (for Security)
20-29 Reserved (for Robustness Experiment)30 Traceroute ×31 Datagram Conversion Error ×32 Mobile Host Redirect -33 IPv6 Where-Are-You - (replaced by ICMPv6)34 IPv6 I-Am-Here - (replaced by ICMPv6)35 Mobile Registration Request -36 Mobile Registration Reply -37 Domain Name Request - (replaced by DNS)38 Domain Name Reply - (replaced by DNS)39 SKIP - (replaced by IKE)40 Photuris - (replaced by IKE)41 ICMP messages utilized by experimental mobility protocols such as Seamoby -
42-255 Reserved
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 62
The Last SlideTM
Thank you for your attention.Questions?
Institute of Computer Science – Telematics Tutorial – 16. December, 2010 63