basic ip.pdf

© Alcatel University 8AS 90200 1124 VH ZZA Ed.02 .1

© Alcatel University - 8AS 90200 1124 VT ZZA Ed.02 1.1

TCP/IP protocols

© Alcatel University 8AS 90200 1124 VH ZZA Ed.02 Page 1.2

2

Page intentionally left blank


3

TCP/IP protocolsSession presentation

Objective: analyse IP messages coming from different applications and locate these messages within a procedure . program: 1 Introduction 2 Physical and link layers 3 ARP protocol 4 Repeaters, Bridges and Switches 5 IP protocol 6 ICMP protocol 7 Client-Server model 8 UDP protocol 9 TCP protocol


4

TCP/IP protocolsObjectives

By the end of this course, the participant will be able to :By the end of this course, the participant will be able to :

•• List the characteristics of TCP transport layer protocolList the characteristics of TCP transport layer protocol•• List the characteristics of UDP transport layers protocolList the characteristics of UDP transport layers protocol-- Describe the operation of the client/server model at the transpoDescribe the operation of the client/server model at the transport layerrt layer

-- Analyze an ICMP message and explain the operation of the Ping anAnalyze an ICMP message and explain the operation of the Ping and d Trace_route programsTrace_route programs

-- Describe the role of the various IP header fieldsDescribe the role of the various IP header fields-- Describe IP addressing modes, handle the Describe IP addressing modes, handle the subnet subnet masks masks -- Describe the operation of repeaters, bridges and switchesDescribe the operation of repeaters, bridges and switches-- Describe the ARP protocol,Describe the ARP protocol, analyseanalyse an ARP trace an ARP trace -- Describe the Ethernet frame formatDescribe the Ethernet frame format



1 Introduction2 Physical and link layers3 ARP protocol 4 Repeaters, Bridges and Switches 5 IP protocol 6 ICMP protocol 7 Client-Server model 8 UDP protocol 9 TCP protocol


6

1 IntroductionNetwork interconnection

LANLAN

LANLAN

WANWAN

TCP/IPTCP/IPnetworknetwork

interconnectioninterconnection

LANLAN

The main design goal of TCP/IP was to build an interconnection of networks, referred to as an inter-network, or internet, that provided universal communication services over heterogeneous physical networks.

The Internet consists of the following groups of networks: • Backbones: Large networks that exist primarily to interconnect other networks. Currently the backbones are

NSFNET in the US, EBONE in Europe, and large commercial backbones. • Regional networks connecting, for example, universities and colleges.


7

- Point-to-Point (leased lines, PSTN, …)

- Point-to-multipoint (Local Area Networks),

- Virtual connections (Wide Area Networks),

1 Introduction Communication needs

Some rSome rules areules areessential foressential for

communications communications

The protocols

Some additionalsoftware’s areoffered

The services

•• Many kinds of connections :Many kinds of connections :

DOS, UNIX, LINUX, ….•• Various Operating SystemsVarious Operating Systems

To facilitate the user tasks : file transfer ,

mail exchanges ,

surf on the Net , ….

TCP/IP has been popular with developers and users alike because of its inherent openness and perpetual renewal.


8

Physical

Link

Network

Transport

Session

Application

Presentation

HTTP TELNET FTP SMTP DNS TFTP SNMP

TCP UDP

ARPARPIPIEEE 802.2 (LLC)

IEEE 802.3 (CSMA/CD)4Mb/s 16 Mb/s

IEEE 802.5Token Ring

FDDI,ATM,PPP ...

10 base 5 10 base 2 10 base T FOIRL 100Mb/s

1 Introduction The TCP/IP model

ICMPICMP

Like most networking software, TCP/IP is modelled in layers. OSI: In contrast to TCP/IP, the OSI approach started from a clean slate and defined standards, using a formal

committee process without requiring implementations. The OSI protocols developed slowly, and because running the full protocol stack is resource intensive, they have

not been widely deployed. The seven OSI layers are: Application Network applications such as terminal emulation and file transfer Presentation Formatting of data and encryption Session Establishment and maintenance of sessions Transport Provision of reliable and unreliable end-to-end delivery Network Packet delivery, including routing Data Link Framing of units of information and error checking Physical Transmission of bits on the physical hardware

TCP/IP: Internet protocols use a less formal engineering approach, where anybody can propose and implementations are required to verify feasibility. TCP/IP and the Internet were developing rapidly, with deployment occurring at a very high rate. The TCP/IP protocol suite has become the de facto standard for computer communications in today’s networked world.

The mains services offered by TCP/IP are : TELNET for interactive terminal access to remote internet hosts. FTP (file transfer protocol) for high-speed disk-to-disk file transfers. SMTP (simple mail transfer protocol) as an internet mailing system. TFTP is an extremely simple protocol to transfer files. SNMP: allows the management of IP units (bridges, routers…) DNS: electronic directory book NFS: offers a direct access to remote file system HTTP: The hypertext transfer protocol is a protocol designed to allow the transfer of Hypertext Markup Language

(HTML) documents.


9

1 Introduction TCP/IP and Internet

new concept of packet switchingnew concept of packet switching19601960

ARPANET initial design1967

ARPANET: first deployment(4 nodes, 50kb/s)1969-1971

Connection to Europe1973

ARPANET (600 nodes) splited into ARPANET and MILNETTCP/IP inclusion in UNIX BSD kernel1983

New TCP and IP protocolsNew TCP and IP protocols19781978--19811981

NSFNET1986

Commercial Internet backbone serviceCommercial Internet backbone service19911991

ARPANET:First TCP implementation1974TELENET: New commercial packet network using X25

IPv6IPv619951995 Prior to the 1960s, what little computer communication existed comprised simple text and binary data, carried by circuit

switching. Because most data traffic is bursty in nature, circuit switching results in highly inefficient use of network resources. The fundamental technology that makes the Internet work is called packet switching, network communication resources

appear to be dedicated to individual users but, in fact, statistical multiplexing. 1967. U.S. Department of Defense (DoD) funded experiment to interconnect DoD-funded research sites. The initial design for

the so-called ARPANET — named for the DoD's Advanced Research Projects Agency (ARPA) In September 1969, the first node of the ARPANET was installed at the University of California at Los Angeles (UCLA),

followed monthly with nodes at Stanford Research Institute (SRI), the University of California at Santa Barbara (UCSB), and the University of Utah. With four nodes by the end of 1969, the ARPANET spanned the continental U.S. by 1971 and had connections to Europe by 1973.

One of the most lasting results of the ARPANET was X25. Telenet, a commercial packet-switched data service, in 1974, a part of Sprint's X.25 service.

In 1974, a new, more robust suite of communications protocols was proposed and implemented throughout the ARPANET, based upon the Transmission Control Protocol (TCP)

in 1978 a new design split responsibilities between a pair of protocols; the new Internet Protocol (IP) for routing packets and device-to-device communication (i.e., host-to-gateway or gateway-to-gateway) and TCP for reliable, end-to-end host communication. The original versions of both TCP and IP that are in common use today were written in September 1981.

In 1983, the ARPANET was split into two components. One component, still called ARPANET, was used to interconnect research/development and academic sites; the other, called MILNET, was used to carry military traffic. That year also saw a huge boost in the popularity of TCP/IP with its inclusion in the communications kernel for the University of California s UNIX implementation, 4.2BSD


10

1 Introduction Internet growth

The ARPANET started with four nodes in 1969 and grew to just under 600 nodes before it was split in 1983. The NSFNET also started with a modest number of sites in 1986. After that, the network has experienced literally exponential growth. Internet growth between 1981 and 1991 is documented in "Internet Growth (1981-1991)" (RFC 1296).

Network Wizard's distributes a semi-annual Internet Domain Survey. According to them, the Internet had nearly 30 million reachable hosts by January 1998 and over 50 million by January 1999. Other sources estimate that the actual number is much higher (I have heard estimates as high as 200 million!) and dedicated residential access methods, such as cable modem and asymmetrical digital subscriber line (ADSL) technologies, will make the numbers grow even more. The Internet is growing at a rate of about a new network attachment every half-hour, interconnecting hundreds of thousands of networks. It is estimated that the Internet is doubling in size every ten to twelve months, and has been for the last several years; traffic is doubling every 100 days (for 1000% annual growth).


11

ISOCISOC

1 IntroductionStandardisation

RFC editorRFC editor

IABInternet Architecture Board

Internet Engineering Task Force

IESGIESGInternet Engineering Steering Group

Area 1WG

Working Group

WGWorking Group

Area 7WG

Working Group

WGWorking Group http://www.http://www.rfcrfc--editor.org/editor.org/rfcsearchrfcsearch.html.html

IANA IANA www.iana.orgInternet Assigned Numbers Authority

IANA IANA www.iana.orgInternet Assigned Numbers Authority

Internet Internet CorporationCorporationfor for Assigned Assigned Names and Names and NumbersNumbers

www.icann.org

The Internet Society (ISOC) is a non-profit, non-governmental, international, professional membership organization. Its more than 150 organizations and 11,000 individual members in over 180 nations world wide represent a veritable who's who of the Internet community. You should be a member, too. ISOC serves as the standardizing body for the Internet community. It is organized and managed by the Internet Architecture Board (IAB).

The IAB itself relies on the Internet Engineering Task Force (IETF) for issuing new standards, and on the Internet Assigned Numbers Authority (IANA) for co-ordinating values shared among multiple protocols. 13 members for a 2 year term.

The IETF itself is governed by the Internet Engineering Steering Group (IESG) and is further organised in the form of Areas and Working Groups (http://www.ietf.org/) - Applications: (FTP extensions, HTTP, Fax over Internet…) - Internet: (encapsulations over physical medium, IPv6, L2TP extensions , PPP extensions, ...) - Operation and management (SNMP evolution, aaa…) - Routing (rip, ospf, …) - Security (ciphering,, IPsec …) - Transport (voice over IP, performances, …) - Sub-IP (performances measurements, mpls, …)

ICANN The Internet Corporation for Assigned Names and Numbers was formed to assume responsibility for the IP address space allocation, protocol parameter assignment, domain name system management, and root server system management functions previously performed under U.S. Government contract by IANA and other entities.

IETF web site : http://www.ietf.org/ ETF RFC Editor web site : http://www.rfc-editor.org/overview.html IAB web site : http://www.iab.org


12

IntroductionProcess of standardization

New specification IESG

Intern

etdra ft

IETFIETF

xxxxxxxxx xxxxxxxRFCRFC xxxxxxxx•Proposed standard

xxxxxxxxx xxxxxxxRFCRFC yyyyyyyy•Draft standard

xxxxxxxxx xxxxxxxRFCRFC yyyyyyyy•Standard

In order to have a new specification approved as a standard, applicants have to submit that specification to the IESG where it will be discussed and reviewed for technical merit and feasibility and also published Internet draft document. (The largest source of IDs is the IETF)

An Internet draft is recommended to the Internet Engineering Taskforce (IETF) for inclusion into the standards track and for publication as a Request for Comment. Internet-Drafts are draft documents valid for a maximum of six months.

Once published as an RFC, a contribution may advance in status : Proposed standard These are protocol proposals that may be considered by the IAB for standardisation in the

future. Implementations and testing by several groups are desirable. Revision of the protocol is likely. Draft standard A specification from which at least two independent and interoperable implementations from different

code bases have been developed, and for which sufficient successful operational experience has been obtained. The IAB is actively considering this protocol as a possible standard protocol. Substantial and widespread testing and comments are desired.

Standard is characterized by a high degree of technical maturity and by a generally held belief that the specified protocol or service provides significant benefit to the Internet community.When a specification has been adopted as an Internet Standard, it is given the additional label "STDxxx", but it keeps its RFC number and its place in the RFC series.

Other particular statuses of a RFC: Experimental A system should not implement an experimental protocol unless it is participating in the experiment and

has co-ordinated its use of the protocol with the developer of the protocol. Informational Protocols developed by other standard organizations, Historic A specification that has been superseded by a more recent specification


13

IntroductionRFC: Request For Comments

Network Working Group Bill Croft (Stanford University)Request for Comments: 951 John Gilmore (Sun Microsystems)

September 1985

BOOTSTRAP PROTOCOL (BOOTP)

Network Working Group W. WimerRequest for Comments: 1532 Carnegie Mellon UniversityUpdates: 951 October 1993Category: Standards Track

Clarifications and Extensions for the Bootstrap Protocol

Network Working Group W. WimerRequest for Comments: 1542 Carnegie Mellon UniversityUpdates: 951 October 1993Obsoletes: 1532Category: Standards Track

Clarifications and Extensions for the Bootstrap Protocol

Once an RFC has been published, all revisions and replacements are published as new RFCs. A new RFC which revises or replaces an existing RFC is said to "update" or to "obsolete" that RFC. The existing RFC is said to be "updated by" or "obsoleted by" the new one.

For example RFC 1542, which describes the BOOTP protocol, is a "second edition," being a revision of RFC 1532 and an amendment to RFC 951. RFC 1542 is therefore labelled like this: "Obsoletes RFC 1532; Updates RFC 951." Consequently, there is never any confusion over whether two people are referring to different versions of an RFC, since there is never more than one current version.

To get : RFC : http://www.rfc-editor.org/rfcsearch.html RFC index : http://www.ietf.org/iesg/1rfc_index.txt


14

1 Introduction Main topologies

RingRingCentral

StarStarBusBus

Topologies Bus Ring Star

Tree main access methods : :

Carrier Sense: example, CSMA/CD (listening the media, collision detection)

Polling : A master host gives the right to speak. Example: SNA IBM.

Token : a token travel the LAN given the authorisation to take the control of the LAN Examples: Token Ring, FDDI


15

IPIPNetworkNetwork

HostHost

HostHost

1 IntroductionThe use of layers in a TCP/IP communication

Port sαααα→→→→dββββ

IP@ sa→→→→db

Phys@ s1→→→→d2



Phys@ s4→→→→d15Phys@ s1→→→→d2


dataPort sαααα→→→→dββββ


dataNetwork

Transport

Link

Network

Transport

Link

datadata Appliββββ

Appliλλλλ

Appliδδδδ

@@IPbIPb@@IPaIPaIP@ sa→→→→db

Phys@ s8→→→→d7 Phys@ s4→→→→d15Phys@2 Phys@6 Phys@8 Phys@7Phys@: 1

Phys@3

Phys@4 Phys@: 15

Phys@12

Phys@9

Phys@34Phys@ 18

clientclient serverserver

Application layer The application layer is provided by the program that uses TCP/IP for communication. An application is a user process cooperating with another process usually on a different host

Transport layer The transport layer provides the end-to-end data transfer by delivering data from an application to its remote peer. Multiple applications can be supported simultaneously.

Internetwork layer Internet Protocol (IP) is the most important protocol in this layer. It is a connectionless protocol that doesn't assume reliability from lower layers. IP does not provide reliability, flow control, or error recovery. These functions must be provided at a higher level.

Network interface layer The network interface layer, also called the link layer or the data-link layer, is the interface to the actual network hardware.

Router Interconnects networks at the internetwork layer level and routes packets between them.


16

1 IntroductionExercise

11-- Among these protocols, which are level 4 protocols ?Among these protocols, which are level 4 protocols ?9 ICMPICMP 9 UDPUDP 9 IPIP 9 TELNETTELNET 9 TCPTCP9 ARPARP 9 FTPFTP 9 LLCLLC

22-- Who is responsible for the number assignment in the Internet Who is responsible for the number assignment in the Internet

33-- What is first status given to a new RFCWhat is first status given to a new RFC

Network Working Group P. MockapetrisRequest for Comments: 1034 ISIObsoletes: RFCs 882, 883, 973 November 1987

DOMAIN NAMES - CONCEPTS AND FACILITIES

Network Working Group P. MockapetrisRequest for Comments: 1101 ISIUpdates: RFCs 1034, 1035 April 1989

DNS Encoding of Network Names and Other Types

44-- Given these RFC header, which RFC have to be taken in account fGiven these RFC header, which RFC have to be taken in account for a new DNS or a new DNS implementation ?implementation ?

Network Working Group P. MockapetrisRequest for Comments: 1035 ISIObsoletes: RFCs 882, 883, 973 November 1987DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION

9 IETF9 IETF9 IANA9 IANA9 ICANN9 ICANN 9 IAB9 IAB9 IESG9 IESG

9 Standard9 Standard 9 Proposed standard9 Proposed standard 9 Draft standard9 Draft standard

9 8829 882 9 9739 973 9 10359 10359 8839 883 9 10349 1034 9 11019 1101



2.1 CSMA/CD2.2 Cabling2.3 MAC Addressing 2.4 Frame Ethernet V22.5 Frame IEEE 802.3 and associated protocols

2 Physical and link layers


19

Jamming

2 Physical and link layers 2.1 CSMA/CDCSMA/CD : Principle

Transmission

« transmission»

delay (Backoff)

< maxi

CollisiondetectionTransmission OK

Monitoring = transmission ? NoYes

Nb of retries> maxiFailure

free ?

MediamonitoringNoYes

CSMA/CD: Carrier Sense Multiple Access / Collision Detection

The waiting delay is exponential « Binary Exponential Backoff »: Selection of a number among 2, then 4, then 8, .. Up to 216

Time between frame > 9.6us


20

2 Physical and link layers 2.1 CSMA/CDMultiple access

Propagationtime

FrameFrametransmissiontransmission+ monitoring+ monitoring

Frametransmission+ monitoring

CollisionCollisiondetection!!detection!!no collisiondetection!!

Note : propagation speed over cable ≈ 2/3 light speed

A host wishes to send a message on the cable has to listen to if there is any traffic. The media being free, it can start the transmission. A second host located far from the first one could proceeds the same procedure, few microseconds later because the message of the first host has not yet reached the second host.

As a consequence, there will be a collision. This collision will be detected by the second host because it is listening its transmitted message but not by the first one if its message was short.?


21

2 Physical and link layers 2.1 CSMA/CDCollision detection

Minimumframesize

Collision domain

Propagationtime

Propagationtime

Mini transmission time of the frame = 2 x propagation time

ƒ (distance)

minimum frame size = mini transmission time x 10Mbps

Collisiondetection

Collisiondetection

The solution is to impose a minimum time of transmission for any host. So, a minimum frame length is mandatory.


22

2 Physical and link layers 2.1 CSMA/CDMinimum size of the frame

minimumframesize

Collision

mini transmission time of the frame = 51,2 mini transmission time of the frame = 51,2 µµµµµµµµss

2.5km

Propagationtime

25.6µµµµsPropagation

time25.6µµµµs

minimum frame sizeminimum frame size = (51.2µs x 10-6) x (10 x 106) = 512bits = 64 bytes64 bytes

10 Mb/s

If the network length is long => the minimum size of the frame should be long. This involves the transmitter to make padding if its message is short.

On Ethernet, the maximum distance between 2 hosts is 2.5 km.Therefore, the minimum length frame should be 64 bytes.

On Ethernet 10Mb/s : Time to transmit 1 bit : 0.1us 1 bit occupies 23 meters A short frame occupies 13.3km long


24

2 Physical and link layers 2.2 Cabling10 base 5 : LAN constitution

No more than 4 repeaters

repeater repeater

repeater repeater

Segment 500m Segment 500m

Segment 500m

Segment500m

≤ 2.5km

≥≥≥≥≥≥≥≥ 2.5m2.5m

≤ 100 hosts per segment

1010 base base 5510 Mb/s

Segment 500m

Maxi size size of segment : 500m

Base band

Cabling rules over 10 base 5 (yellow coaxial) :

maximum distance between 2 hosts : 2.5km. Maximum size of a segment : 500m (maximum distance without repeater) No more than 4 repeaters (Round trip time = 49us. If 5 repeaters then 59.2us) 100 hosts per segment minimum 2.5m between 2 hosts


25

2 Physical and link layers 2.2 Cabling10 base 5 : Connection to medium

1 0 1 1 0 1 0 0 1Manchester

code0 volt-2.05 volt

Coaxial 50 Ω

AUI: Attachment Unit Interface

AUIAUIcablecable

15 pins

15 pins

Length ≤ 50m

Transceiver

≥≥≥≥≥≥≥≥ 2.5m2.5m

Center wire

Polyethylene fillerBraided metal shield

10 base 5 or (yellow coaxial) : vampire connectors

AUI cable pin-out (In: transceiver to host, Out: host to transceiver) 3-10 DATA-OUT 11 DATA-OUT shield 5-12 DATA-IN 4 DATA-IN shield 7-15 Control Out

Idle: noise level. CS0: signal frequency = 1/2 bit frequency CS1: signal frequency = bit frequency

11 Control Out shield 2-9: Control In

Idle: (Available) available Transceiver, CS0: (Signal Quality Error) error detection: collision, ... CS1: unavailable transceiver

1: shield 6 DC common 13 shield + 14 shield


26

1010 base base 2210 Mb/s

Base band

2 Physical and link layers 2.2 Cabling 10 base 2 : LAN constitution

No more than 4 repeaters

repeater repeater

repeater repeater

Segment 185m Segment 185m

Segment 185m

Segment185m

≤ 925m

≥≥≥≥≥≥≥≥ 0.5m0.5m

≤ 30 hosts per segment

Segment 185m

Maxi size size of segment : 200m

Cabling rules over 10Base2 (thin coaxial) :

maximum distance between 2 hosts : 925m. Maximum size of a segment : 185m (maximum length without repeaters) 30 hosts per segment minimum 0.5m between 2 hosts


27

2 Physical and link layers 2.2 Cabling 10 base 2 : Medium connection

Center wire

Polyethylene fillerBraided metal shield

Thin coaxialcable (5 mm)

« T »

Terminator

10Base2 (thin coaxial) : BNC connectors


28

2 Physical and link layers 2.2 Cabling 10/100 base T : HUB purpose (1)

HUB= multiport repeater

T

RR

T

RRT

RR

T

RR

Connector RJ45

hub

HUB 4 ports

1 32

<100m

HUB: functions Assure the frame broadcast towards all hosts oat the same level and towards the upper level such as a bus. Re-amplify the signals. Detects the collisions and informs all host. Supervises the status of the links (Link Test Pulse) thanks to the transmission of pulses (≈400ns) every 16ms when

there is no traffic (idle). Could make unavailable a defective port.


29

hub

2 Physical and link layers 2.2 Cabling 10/100 base T : HUB purpose (2)


T

RR

T

RR T

RR

T

RR

HUB 4 ports

46 5


30

2 Physical and link layers 2.2 Cabling 10/100 base T : cables

UTP category 5STP category 5

RJ-45

100100 base base TT100 Mb/s

Base band

Telephone wire

1010 base base TT10 Mb/s

UTP : Unshielded Twisted Pair

STP : Shielded Twisted Pair

Cable categories : Unshielded Twisted Pair (UTP) and Shielded Twisted Pair (STP) category 3: Bp 16Mhz (not used anymore) cable and associated connecting hardware whose transmission

characteristics are specified up to 16 MHz. It is used by 10BASE-T and 100BASE-T4 installations category 4: Bp 20Mhz cable and associated connecting hardware whose transmission characteristics are specified up

to 20 MHz. It is used by 10BASE-T and 100BASE-T4 installations. The cable normally has four pairs of wire. This grade of UTP is not common.

category 5: Bp 100Mhz cable and associated connecting hardware whose transmission characteristics are specified up to 100 MHz. It is used by 10BASE-T, 100BASE-T4, and 100BASE-TX installations. The cable normally has four pairs of copper wire. Category 5 is the most popular cable used in new installations today.

100BASE-T media specifications, which include 100BASE-TX, 100BASE-T4, and 100BASE-FX, allow Fast Ethernet to run on the most common Ethernet wiring, including Categories 3, 4, and 5 unshielded twisted-pair, shielded twisted-pair, and fiber-optic. 100BASE-TX designates the IEEE 802.3 specification for 100 Mbps Ethernet signaling with CSMA/CD over two pairs

of Category 5 UTP or STP wire. The pairs of wires used for transmitting and receiving signals are the same as those used for 10BASE-T. Therefore, the same (Category 5 UTP or better) cable used for 10BASE-T can be used for 100BASE-TX with no change to cable termination.

100BASE-T4 is the IEEE 802.3u specification for 100 Mbps Ethernet signaling over four pairs of Category 3 or better UTP cable. This physical layer standard was specifically defined to allow 100BASE-T to be deployed over the large installed base of Category 3 voice-grade UTP. 100BASE-T4 uses four-pair Category 3, 4, or 5 UTP cable for distances of up to 100 meters. Transmission requires four pairs of cable to reduce electrical emissions and meet FCC requirements.

100BASE-FX is the IEEE 802.3 specification for 100 Mbps Ethernet signaling over two strands of multimode fiber-optic cable. 100BASE-FX is used for transmissions over extended distances, downlinks, and backbones, and is especially useful in any environment subject to electrical interference.


31

2 Physical and link layers 2.2 Cabling Repeater

RepeaterRepeater

••Signal amplifierSignal amplifier••media adaptation media adaptation

Segment

10base2 AUI (10base5)10baseT

Repeater:

Located at the physical level, it acts at the electrical level: Amplifier media adapter


32

2 Physical and link layers 2.2 Cabling 10/100 base T : Access control and collision detection

Transmit

Receive

Collisiondetection Loopback

transmission

Collisiondetection

Monitoring = transmission ?Transmission

OK

NoYes

free ?

Mediamonitoring

NoYes

TransmissionTransmission

On a half duplex channel :

Looping back of transmitted data onto the receiver input,

Carrier Sense function as it is normally used to defer transmissions. That is, the reception of data on the receive channel should cause the transmitter to defer any pending transmissions. A normal (half duplex) Ethernet interface will withhold its own transmissions in order to avoid interfering with transmissions in progress under control of the carrier sense signal.

Collision Detect function, which would normally cause the transmitter to abort, jam, and reschedule its transmission if it detects a receive signal while transmitting.


33

8 7 6 5 4 3 2 1

2 Physical and link layers 2.2 Cabling 10/100 base T : Connector RJ45

1 236

Data Reception Rx+Data Reception Rx -Data Transmission Tx +Data Transmission Tx -

Pins Function(Transmission and reception are crossed)

8 7 6 5 4 3 2 1

DCE

MDI-X

MDI-X : Media-dependent interface crossoverMDI : Media-dependent interface

MDI

1 236

Data Reception Rx +Data Reception Rx -

Data Transmission Tx +Data Transmission Tx -

Pins Function

DTE (Router,

PC, …)(Hub, Sw itch)

Connector RJ-45

• hardware aspect : connector RJ 45 (ISO 8877) with 8 pins• Two types of ports:•MDI (on DTE like routers et hosts)•MDI-X (on DCE like Hubs, switches), Transmission and reception pins are crossed.

•Note: Hubs and Switches have usually one MDI (not crossed) port among their ports in order to allow a connection between hubs or switches.


34

2 Physical and link layers 2.2 Cabling 10/100 base T : Straight cable

RouterRouter(DTE)(DTE)

hosthost(DTE)(DTE)

hosthost(DTE)(DTE)

Straight cable (MDI-X to MDI)

1236

Tx

Rx

Port MDIPort MDI

1236Rx

Tx

Port MDIPort MDI

1236T xRxPort MDIPort MDI

1236Tx

Rx1236

Rx

Tx1236

T x Rx

Ports MDIPorts MDI--XX

PortPortMDIMDI--XX

Hub/Switch(DCE)

Straight cables

•connection between DTE and DCE•Usually between Hub (or switch) and host (or router)


35

hosthost(DTE)(DTE)

RouterRouter(DTE)(DTE)

1236Rx

Tx

Port MDIPort MDI

1236

Port MDIPort MDI

Rx

Tx

2 Physical and link layers 2.2 Cabling 10/100 base T : Crossover cable

hosthost(DTE)(DTE) hosthost

(DTE)(DTE)

Crossover (DTE to DTE)

1236Rx

Tx

Port MDIPort MDI

1236

Port MDIPort MDI

Rx

Tx

Crossover(DTE to DTE)

Crossover cables

•connection between two DTE’s without using Hub or Switch


36

2 Physical and link layers 2.2 Cabling 10/100 base T : How to recognise the cable types

12345678

1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8

Crossover

12345678

TxTx++TxTx--Rx+Rx+

RxRx--

Rx+Rx+

RxRx--

TxTx++TxTx--

Rolled over

12345678

87654321

1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8

Straight

12345678

12345678

TxTx++TxTx--Rx+Rx+

RxRx--

TxTx++TxTx--Rx+Rx+

RxRx--

1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8

“Rolled over” cable : used on Cisco in particular cases (console and auxiliary port).


37

HUB10baseT

HUB10baseT

100m1 0 0 m

2 Physical and link layers 2.2 Cabling 10 base T : HUB connections

≤ 500m≤ 4 repeaters

100m

1 0 0 m

HUB10baseT

1 0 0 m

HUB10baseT

100m

1 00 m

100m

1 0 0 m

1 0 0m

HUB10baseT

1 0 0 m100m

Ethernet 10 BaseT 2 unshielded twisted pairs (Rx, Tx) (UTP) category 3 or 5 4 HUBs at the maximum Maximum network diameter 500m Maximum segment length 100m Bw 20MHz, 10 Mbauds, Manchester Code


38

hubPortPort

MDIMDI--XX

2 Physical and link layers 2.2 Cabling 10/100 base T : Hub interconnection

hub

PortPortMDIMDI

TxRxRx

1-2

3-6

TxRxRx

1-2

3-6

Tx1-2

3-6 RxRx

1-2

3-6

1-2

3-6

1-2

3-6

RxRx

RxRx

RxRxTx

Tx

Tx

1-2

3-6

RxRxTx

1-2

3-6

TxRxRx

PortPortMDIMDI--XX

Tx 1-2

3-6RxRx

TxRxRx

1-2

3-6 Tx

RxRxStraight cable

1-2

3-6

1-2

3-6

RxRxTx

Usually, a Hub has got at least one port MDI or a configurable port (MDI/MDI-X) by means of a switch. Therefore, the connection between two Hubs can be made by means of a straight cable connected to a MDI port

at one end and to a MDI-X port at the other end. Another possibility consists of connecting two MDI-X ports but by means of crossover cable.


39

2 Physical and link layers 2.2 Cabling 10/100 base T : HUB

MDIMDI--X ports X ports MDIMDI--XXor MDI portor MDI portfunction of

switch position


40

2 Physical and link layers 2.2 CablingFastEthernet 100Mb/s : what problem?

Bandwidth = 100 Mb/sBandwidth = 100 Mb/sDuration of the minimum size frame transmission :

64 Bytes x 8 bits / 100 x 106 = 5.12µs5.12µs

64 by

tes

CollisionCollisiondetection!!detection!!

no collisionno collisiondetection!!detection!!

100 Mb/s

2.5km

Propagationtime

25.6µµµµs

5.12µs5.12µs

How to solve this problem?How to solve this problem? If the bandwidth is multiplied per 10 (100Mb/s instead 10Mb/s) either :

the minimum frame length should be multiply per 10 or, the maximum distance between 2 hosts must be divided per 10 (<250m)

That is the second solution which has been chosen.


41

2 Physical and link layers 2.2 CablingFastEthernet 100Mb/s : LAN diameter reduction

minimumframe

size: 64 bytes

250 m250 m

100 Mb/sPropagation

time2.5µµµµs

5.12µs5.12µs

Propagationtime2.5µµµµsCollisionCollision

If the network length is long => the minimum size of the frame should be long. This involves the transmitter to make padding if its message is short.

On Ethernet, the maximum distance between 2 hosts is 2.5 km.Therefore, the minimum length frame should be 64 bytes.

On Ethernet 10Mb/s : Time to transmit 1 bit : 0.1us 1 bit occupies 23 meters A short frame occupies 13.3km long


42

2 Physical and link layers 2.2 CablingFastEthernet 100 base T : Hub interconnection

HUB100 base T

100m

1 0 0 m

≤ 220m≤ 2 repeaters

1 0 0 m

1 0 0 m

1 00 m

1 0 0 m

100m

100m

HUB100 base T

20m

Ethernet 100 Base T 2 shielded twisted pairs (Rx, Tx) (STP) category 5 Maximum 2 consecutive HUBs 20 m from each other Maximum network diameter 220m Maximum segment length 100m Bp 30MHz, 62,5 Mbauds, 4B/5T code or MLT3 (3 levels) or NRZI

Ethernet 100 base T4 4 unshielded twisted pairs UTP (1 Rx, 1 Tx, 2 bi-directional ) category 3 per port Bp 20MHz, 25 Mbauds , 8B/6T code or MLT3 (3 levels) or NRZI


43

2 Physical and link layers 2.2 Cabling 100 base Fx : Optical fibers

Fiber

Connector STConnector ST

Connector SCConnector SC

100100 basebase FxFx100 Mb/s

Base band

Fiber

100BASE-FX is the IEEE 802.3 specification for 100 Mbps Ethernet signaling over two strands of multimodefiber-optic cable. 100BASE-FX is used for transmissions over extended distances, downlinks, and backbones, and is especially useful in any environment subject to electrical interference.

ST (an AT&T Trademark) is the most popular connector for multimode networks, like most buildings and

campuses. It has a bayonet mount and a long cylindrical ferrule to hold the fiber. Most ferrules are ceramic, but some are metal or plastic. And because they are spring-loaded, you have to make sure they are seated properly.

SC is a snap-in connector that is widely used in singlemode systems for it's excellent performance. It's a snap-in connector that latches with a simple push-pull motion. It is also available in a duplex configuration.

Besides the SC Duplex, you may occasionally see the FDDI and ESCON duplex connectors which mate to their specific networks. They are generally used to connect to the equipment from a wall outlet, but the rest of the network will have ST or SC connectors.

FC/PC has been one of the most popular singlemode connectors for many years. It screws on firmly, but make sure you have the key aligned in the slot properly before tightening. It's being replaced by SCs and LCs

LC is a new connector that uses a 1.25 mm ferrule, half the size of the ST. Otherwise, it's a standard ceramic ferrule connector, easily terminated with any adhesive. Good performance, highly favored for singlemode.

MT-RJ is a duplex connector with both fibers in a single polymer ferrule. It uses pins for alignment and has male and female versions. Multimode only, field terminated only by prepolished/splice method.


45IP: Internet ProtocolMAC: Medium Access Control

2 Physical and link layers 2.3 MAC addressing Logical address and physical address

IP @ = logical addressIP @ = logical addressxz

Alice Bob

MAC @ = Physical addressMAC @ = Physical address

IP addresses are logical addresses. IP address is assigned to each port. Therefore a host (especially routers) could get several IP addresses if it is connected to network(s) through several boards.

MAC addresses are physical addressesAt the Ethernet level, the frames are exchanged by means of physical addresses (called MAC address).

So, it is essential to associate IP address and MAC address.


46

MAC

2 Physical and link layers 2.3 MAC addressing “unicast”

MAC

MAC MAC MAC

00.6f.66.32.0b.0800.6f.66.32.0b.08

00.80.9f.00.02.0300.80.9f.00.02.03 00.53.27.32.02.c800.53.27.32.02.c800.18.55.92.a2.0800.18.55.92.a2.08

00.35.d6.39.00.35.d6.39.cbcb.0a.0a

DestDest :: 00.53.27.32.02.c8 ……..00.53.27.32.02.c8 ……..

Ethernet MAC address is 6 bytes length

Unicast address Address assigned to only one Ethernet board over the world.

A unicast address identifies a single device or network interface. When frames are sent to an individual station on a LAN, the unicast identifier of the target is typically used as the

destination address in all transmitted frames. The source address in transmitted frames (the identifier of the sender) is always unicast. Unicast addresses are sometimes called individual addresses, physical addresses, or hardware addresses; these terms are all synonymous.


47

MAC00.6f.66.32.0b.0800.6f.66.32.0b.08

2 Physical and link layers 2.3 MAC addressing “broadcast”

MAC

00.53.27.32.02.c800.53.27.32.02.c8MAC MAC

00.18.55.92.a2.0800.18.55.92.a2.08

00.35.d6.39.00.35.d6.39.cbcb.0a.0a

DestDest :: ffff..ffff..ffff..ffff..ffff..ffff

00.80.9f.00.02.0300.80.9f.00.02.03MAC

Broadcast A broadcast frame is a frame having the destination MAC address all “1’s”. This frame will be interpreted by all host connected to the LAN.

Note : This kind of frame never goes through a router


48

MAC00.6f.66.32.0b.0800.6f.66.32.0b.08

2 Physical and link layers 2.3 MAC addressing “Multicast”

MAC

00.53.27.32.02.c800.53.27.32.02.c8MAC MAC

00.18.55.92.a2.0800.18.55.92.a2.08

00.35.d6.39.00.35.d6.39.cbcb.0a.0a

DestDest :: 01.00.5e.00.00.09 ……..01.00.5e.00.00.09 ……..

00.80.9f.00.02.0300.80.9f.00.02.03MAC 01.00.5e.00.00.0901.00.5e.00.00.09

01.00.5e.00.00.0901.00.5e.00.00.09

Multicast address In addition to unicast address, some hosts could get one or several multicast addresses because they belong to

one or several groups. Usually, Multicast address is programmable.

Therefore a multicast address can be used as a destination address when a sender wants to send a frame to a group of receivers. Most LAN technologies provide many-to-many connectivity among multiple stations on a shared communications channel; multicast addressing provides the means to send a frame to multiple destinations with a single transmission Multicast addresses are sometimes called group addresses or logical addresses.

Multicast addresses are assigned by an international organisation. Some well-known examples include:

- The Spanning Tree Protocol uses a multicast address to define the logical group of all bridges that implement the protocol. (01-80-C2-xx-yy-zz)

- The Open Shortest-Path-First routing protocol (OSPF) uses a multicast address ( 5E-xx-yy-zz).

Most of routing protocols use multicast addresses to exchange their database. In this case, this method is more efficient than broadcast because it does not disturb hosts which are not concerned by the data exchanged between routers.

A multicast address identifies a group of logically-related devices.


49

2 Physical and link layers 2.3 MAC addressing Details of the MAC address

Serial number (24 bits)

• 6 bytes (48 bits)

•hexadecimal representation (12 digits)•• Examples :Examples : CISCO : CISCO : 0 0 . 1 0 . 7 B0 0 . 1 0 . 7 B . . x x . x x . x xx x . x x . x x

AlcatelAlcatel : : 0 0 .8 0 . 9 F .0 0 .8 0 . 9 F . x x . x x . x xx x . x x . x xmanaged by manufacturermanaged by manufacturer

I/G: Bit 0: Individual (or Unicast), associated to only one equipment 1: Group (or Multicast), associated to a set of equipment

U/L: BitU/L: Bit 0: 0: UniversalUniversal, unique address, unique address1: Local, local significant1: Local, local significant

Manufacturer Code (22 bits)

O.U.I.: Organizational Unit Identifier (Assigned by IEEE)

The bits are presented in the order they are transmitted Universal / Global address

Universal address : managed by international organisation (IETF). Globally unique addresses are assigned by equipment manufacturers at the time a device is produced.

Local Global Address : Locally unique addresses are manually assigned by a network administrator (Mainly used in Token Ring network). When the Ethernet address scheme was incorporated into the IEEE LAN standards, political considerations forced the adoption of a means to allow network administrators to manually assign addresses in a locally-unique manner. The second bit of an address ( called the Global/Local or G/L bit in the standards16) indicates whether the identifier is globally-unique (G/L = 0) or unique only to the LAN on which the station resides (G/L = 1).

Unicast / Multicast address : Unicast address : identifies a single device or network interface Multicast address : address pointing to a group of host

Written address conventions Addresses are normally written as a sequence of 12 hexadecimal digits separated by hyphens or colons. Is 48 bits the right number? A 48-bit address provides about 281 million million, unique points in the address space. Even allowing for half of these to be

used for multicast addresses, and further eliminating half of what is left for locally-unique assignments, there is still enough space for almost 12,000 network-addressable devices for every man, woman, and child on the planet. (Even you don't have that many computers on your desk!)

Looked at another way, if the industry produced 100 million LAN devices every day of the year (more than 500 times the current level of production), it would still take nearly 2,000 years to exhaust the address space.

How unicast Addresses are assigned Globally-unique unicast addresses are assigned by the manufacturer of the networking device. Typically, this address is

burned into a read-only memory or the interface controller itself. Device driver software can read this hardwired address and configure the interface controller appropriately. If a company builds devices that need globally-unique addresses assigned to them ( e.g., network interfaces), the company must first obtain an OUI from the IEEE. This is a relatively straightforward procedure involving the filling out of a simple form and an exchange of currency.Information on obtaining OUIs can be found at http://standards.ieee.org/


50

MAC addressHexadecimal representation e 1 0 3 c 9 4 a f 0 8 2

2 Physical and link layers 2.3 MAC addressing Transmission of the bits

10000111

11100001

11000000

00000011

10010011

11001001

01010010

1111000001001010

00001111 01000001

10000010

Serial number (24 bits)Serial number (24 bits)Manufacturer code (22 bits)Manufacturer code (22 bits)Bit multicastBit multicast

11stst byte odd => multicast addressbyte odd => multicast address

For each byte, that is the less significant bit which is sent first =>the first transmitted bit being U/L, this bit is in fact the less significant bit of the first byte of the MAC

address. Consequently when a MAC address has its first byte odd => it is a multicast address.

Example : MAC@: 01-80-9F-D1-45-00 is a multicast address.


52

Trame ethernetTrame ethernet

2 Physical and link layers 2.4 Frame Ethernet V2

MAC @ dest.6

MAC @ src.6

Ethertype>5DC

2

Indicates the upper layer protocolValue > 5DCH or 1500D.Examples :IP: 0800

ARP: 0806IPv6:086D

FCS4

Control

SFD1

Start Frame Delimiter10101011

Data Padding46 to 1500

Max Trans. Unit (MTU): 1500Mini. size : 46 (possibly padding)

MTU: Maximum Transmission UnitIP: Internet ProtocolARP: Address Resolution ProtocolFCS: Frame Check Sequence

1518 ≥≥≥≥ length ≥≥≥≥ 64

Preamble7 x ‘AA’

Bytes 7

Synchronisation

Ethernet protocol Designed by Digital, Intel, Xerox (DIX ethernet)

The original release has been updated and the current version is « Eth V2 »

The field “Ether types” allows the receiver to forward the frame contains to the correct protocol of the next layer. The type value is standardised and is always higher than 600 hexa or 1536déc The standardised values of “ether type” can be obtained from IANA the Internet Assigned Numbers Authority

which is the central co-ordinator for the assignment of unique parameter values for Internet protocols. http://www.iana.org/numbers.html

Directory of General Assigned Numbers (replace RFC1700)

The data field must not convey more than 1500 bytes. At the opposite, data field must have 46 bytes at least in order to respect the minimum frame length for collision

detection (64 bytes). Therefore, ethernet protocol will sometimes have to make padding.

Maximum traffic of short frames : 14880 frames/s Maximum traffic of long frames : 812 frames/s





1 2


54

2 Physical and link layers - 2.5 Frame 802.3 and associated protocols Situation of the MAC 802.3 sub-layer

NetworkNetwork

LinkLink

PhysicalPhysicalLLC: Logical Link ControlSNAP: Sub Network Attachment Point

10 Base T 10 Base 2 10 Base 5

MAC Ethernet ISO802.3

Other protocols IP ARP

FDDI

Optical Fibre

token Ring802.5

Shield twistedpairs

Ethernet V2

SNAP802.1a

Other protocols

LLC IEEE 802.2LLC

connectionlessLLC type 1 Connected modeLLC type 2connectionless+ack

LLC type 3

When IP protocol was designed it was dedicated to operate over Ethernet which run over bus topology. The IEEE wished use other topologies to convey IP (FDDI, Token Ring, …) in addition to the bus CSMA/CD.

But, for theses other topologies, the maximum frame length was variable. So, a field “frame length” should be present inside the frame header.

In addition, IP being not reliable, IEEE decided to add a protocol capable of offering reliability: LLC sub protocol

Purpose of LLC sub protocol : offers various services :

LLC1- connectionless without flow control neither acknowledgment (LAN 802.3 Ethernet et 802.5 Token Ring)

LLC2- with connection, acknowledgment … (TokenRing, SNA) LLC3- connectionless with acknowledgment (factory network) It is the role of the layer 3 to select the appropriate service.

provides Services Access Point to the upper layers. Note: IP use LLC1.

Purpose of the SNAP sub-protocol : Due to a growing number of applications using LLC (IEEE 802) as lower protocol layers, an extension was made

to the IEEE 802.2 protocol in the form of the Sub-Network Attachment Point (SNAP).


55

2 Physical and link layers - 2.5 Frame 802.3 and associated protocols Frame IEEE 802.3

EtherType>600

Indicates the data length Indicates the data length (without padding)(without padding)Value Value ≤≤≤≤≤≤≤≤1500 1500 ((decdec).).

≤≤≤≤≤≤≤≤ 5DC 5DC ((hexahexa))

Length≤≤≤≤1500D

2


Flag MAC @ dest. MAC @ src. Data Padding FCSBytes 7 1 6 6 46 to 1500 4

synchronisation Control

End of preamble Max. Trans. Unit (MTU): 1500mini size : 46 (possibly padding)

Standardised by IEEE In the 802.3 MAC frame, the length of the data field is indicated in the 802.3 header (instead type of protocol) The length of the 802.3 data field is also limited to 1500 bytes for 10 Mbps networks, but is different for other

transmission speeds.


56

2 Physical and link layers - 2.5 Frame 802.3 and associated protocols IEEE 802.2 LLC encapsulation

802.3 frame802.3 frameDataMAC @ dest. MAC @ src. Length

<5DC FCS6 6 2 446 to 1500

Padding

Data DSAP SSAP ControlBytes 1 1 1 ≤ 1497

LLC 802.2LLC 802.2

Bytes

Data Bytes

O. U. I PID3 2 ≤ 1492

SNAPSNAP802.1a802.1a

AAAA

OSIOSI

FEFE

Protocol codesSNASNA

0404

IPIPARPARPother protocol codes using 2 bytes

0800080008060806

The field “type” of Eth.V2 protocol having been lost in IEEE802.3, the 802.3 protocol forwards systematically the data field to the 802.2 LLC protocol.

LLC protocol 802.2 The 802.2 Logical Link Control (LLC) layer above IEEE 802.3 uses a concept known as link service access point

(LSAP), which uses a 3-byte header, where DSAP and SSAP stand for destination and source service Access Point respectively. Numbers for these fields are assigned by an IEEE committee.

Control : type of frame I, RR, REJ, DM, … (note: LLC1 uses only the value: 03= UI). DSAP/SSAP identifies the encapsulated protocol. A problem arises with the use of LLC in its pure form.

LLC SAPs (LSAPs11) are only 1 byte long; as a result, they can multiplex only among a maximum of 256 clients. However, the SAP space is further subdivided. Half of the space is reserved for group (Le., multicast) SAPs, leaving only 128 multiplexing points for most purposes. Even within this restricted space, it is also common practice to use the second bit of the SAP to divide the space further, allowing for 64 publicly-administered, globally-unique SAPs and only 64 identifiers that can be locally administered for private use.

To overcome this limitation, an escape mechanism was built into the LLC SAP identifier. If the SAP is set equal to OxAA, this indicates that the SubNetwork Access Protocol (SNAP) is in use.


57

2 Physical and link layers - 2.5 Frame 802.3 and associated protocols SNAP 802.1a sub-layer

OrganisationalOrganisational Unit IdUnit Id

O. U. IO. U. I0 0 . 0 0 . 0 0Bytes 3

PIDPID:encapsulated :encapsulated protocolprotocol((809B= AppleTalk809B= AppleTalk0800= IP, … ) 0800= IP, … )

PID2

DSAP(AA) SSAP(AA)

Control(03)

Bytes 1 1 1

IP packetIP packet

802.1a802.1aSNAPSNAP Data

≤ 1492

802.2LLC Data

≤ 1497

Data46 to 1500802.3

frameLength<5DC

2

FCS4

MAC @ dest. MAC @ src.6 6Bytes

Padding

SNAP (Sub Network Access Protocol) Allows to indicate the encapsulated protocol.

OUI (Organisation Unit Id= vendor code ) : usually 000000PID (Protocol Identifier) : the same values used in the Ethernet type field. Example : 0800 IP, 809B AppleTalk, …


58

2 Physical and link layers - 2.5 Frame 802.3 and associated protocols Other advantages of SNAP

Bridge BridgeFR, ATM, ...

network

MAC@dest.

MAC@src.

Type(IP) Data FCS

Data

Encapsulation FR, ATM, ... De-encapsulation FDDI, ATM, ...

Data

MAC@dest.

MAC @src. Type Data FCS?

When Ethenet data have to cross a WAN, a new encapsulation has to be done and only data field will be encapsulated in the new protocol so, the type field has been lost.

At the other end of the WAN no indication about the “type” of data.

In this case, the use of LLC/SNAP becomes crucial.


59

IPIP

ADSLModem

Ethernet

Ligne

MACdestination

MACsource Length

6 6 2 4

2 Physical and link layers - 2.5 Frame 802.3 and associated protocols IP encapsulation into AAL5 (LLC/SNAP)

DSAPAA

SSAPAA

Cntl03

1 1 1LLC 802.2

46 - 1500IEEE 802.3IEEE 802.3 FCS

SNAP 801.aSNAP 801.a OUI00 00 00

PID08000800

3 2

Cellules ATM48octets5oct.ATMATM

AAL 5AAL 5 PAD0 à 47

UU1

Leng. CRC2 4

CPI1

IP encapsulation into ATM

LLC: DSAP et SSAP= AA AA => use of SNAP Ctl: 03= UI frame(Unnumbered Information)

SNAP OUI:000000 ethertype PID= 0800: IP PID= 0806: ARP, ….


60

2 Physical and link layers - 2.5 Frame 802.3 and associated protocols Comparison between Eth. V2 and IEEE 802

IP packet IP packet

O. U. I0 0 . 0 0 . 0 0Bytes 3

PID08002

SNAPSNAPData ≤≤≤≤ 1492

DSAP(AA) SSAP(AA) Control(03)Bytes 1 1 1

LLCLLCData ≤1497

data46 to 1500

802.3 frame802.3 frameMAC@ dest. MAC@ src. Leng.

<600 FCS6 6 2 4Bytes

PaddingBytes

Ethertype0800

2

MAC @dest.

MAC @src. Data Padding FCS

6 6 46 to 1500 4

EthEth V2 frameV2 frame

Note: the maximum size of IP packet depends on the lower layers : Eth V2 : 1500 bytes IEEE 802.3 : 1492 bytes


61

2 Physical and link layers - 2.5 Frame 802.3 and associated protocols Protocol recognition

>1500dec or > 5DChex

Ethernet V2

≤ 1500dec or ≤ 5DChex

802.3

Field value:type / length

?


Flag MAC @ dest. MAC @ src. Type/Leng

Data Padding FCSBytes 7 1 6 6 2 46 to 1500 4

Length Ether type

Ethernet V2 or IEEE 802.3 ?Ethernet V2 or IEEE 802.3 ?

Both frame formats can coexist on the same physical coax. This is done by using protocol type numbers (type field) greater than 1500 (decimal) in the Ethernet frame. However, different device drivers are needed to handle each of these formats.


62

Thank you for answeringthe self-assessment

of the objectives sheet

2 Physical and link layers Evaluation

Objective: to be able to describe the Ethernet frame format


64

3 ARP protocolARP protocol location

IP

SNAP

LLC 802.2

FDDI token Ring Ethernet ISO802.3


Ethernet V2

Optical fibre Shieldtwisted pair

NetworkNetwork

LLCLLC

MACMAC

LinkLink

PhysicalPhysical

ARP

The address resolution protocol is responsible for converting the higher level protocol addresses (IP addresses) to physical network addresses. It is described in RFC 826.


65

MAC@dest.

MAC@src.

Type FCSData

MAC@dest.

MAC@src.

Type FCSData

3 ARP protocol ARP protocol : @IP / @MAC association

ARP Request

IP @ :1.1.1.1IP @ :1.1.1.1 IP @ : 1.1.1.21.1.1.2MAC @:MAC @: 102030102030 MAC @ : MAC @ : 908070908070

ARP Response ?

IP @ MAC @1.1.1.2

ARP cache

?908070908070

IP protocolIP@:1.1.1.1IP@:1.1.1.1 IP @ :1.1.1.2

Search MAC@ of 1.1.1.21.1.1.2

102030102030ffffff......ffffARP RequestARP Request

@IPsrc:@MACsrc:@IPdest:@MACdest:

1.1.1.11.1.1.11.1.1.2

08060806(ARP)(ARP) 102030102030

????????????????(Broadcast)

12

3

456

102030102030ARP ReplyARP Reply


1.1.1.21.1.1.2

1.1.1.11.1.1.108060806(ARP)(ARP) 908070908070908070908070

102030102030

A module (ARP) is provided that will translate the IP address to the physical address of the destination host. It uses a lookup table (sometimes referred to as the ARP cache) to perform this translation.

When the address is not found in the ARP cache, a broadcast is sent out on the network, with a special format called the ARP request. If one of the machines on the network recognises its own IP address in the request, it will send an ARP reply back to the requesting host. The reply will contain the physical hardware address of the host and source route information (if the packet has crossed bridges on its path). Both this address and the source route information are stored in the ARP cache of the requesting host. All subsequent datagrams to this destination IP address can now be translated to a physical address, which is used by the device driver to send out the datagram on the network.

Principle: 1- A host (IP@=ZIPO, MAC@=1234) which would like to send an IP packet to IP@=Yaka as to find out the

corresponding MAC@. 2- This information not being in its cache memory, 3- ARP protocol broadcast an ARP Request over the LAN. 4- All the hosts connected on the LAN have to decode the ethernet frame because it is broadcasted. But only the

host having got the IP@= Yaca, answers. 5- The ARP Response in sent back to unicast MAC@=1234, conveying the MAC@ of Yaca. 6- The response is memorised in the cache memory


66

3 ARP protocol Transmission of IP packet

IP @ :1.1.1.1IP @ :1.1.1.1 IP @ : 1.1.1.2 MAC @ : 102030MAC @ : 102030 MAC @ : 908070MAC @ : 908070

?IP @ MAC @

1.1.1.2

ARP cache

908070908070

IP protocol

8

9

7

MAC@dest.

MAC@src.

Type FCSData

102030102030908070908070 08000800(IP)(IP)

IP@:1.1.1.1IP@:1.1.1.1 IP @ :1.1.1.2

IP PacketIP Packet@IPsrc:→→→→@IPdest

1.1.1.11.1.1.1: 1.1.1.2: 1.1.1.2

7-Only now, the IP packet conveying the message can be transmitted to Yaka. 8- To achieved that, the IP packet is encapsulated into an Ethernet frame with the unicast destination MAC@

(=9876) 9- The host having the MAC@=9876 receives the ethernet frame.


67

MAC@dest.

MAC@src.

Type FCSDataARP ReplyARP Reply


08060806(ARP)(ARP)

MAC@dest.

MAC@src.

Type FCSData

123123 08060806(ARP)(ARP)

ARP RequestARP Request@IPsrc:@MACsrc:@IPdest:@MACdest:

ffffff......ffff(Broadcast)

3 ARP protocol Cache updating

IP @ :Z IP @ : YMAC @ : 123MAC @ : 123 MAC @ : 456MAC @ : 456

IP @ MAC @Y ?456456

ARP cache IP @ MAC @ARP cache

IP @ MAC @

ZZ 123123

ZZ 123123

ARP cache

IP @ : XMAC @ : 1MAC @ : 11

2’

2

4

5

3

ZZ123123Y

????????????????

123123YY456456456456 ZZ123123

Whenever an ARP Request is sent over the LAN, all hosts connected to this LAN can update their ARP cache memory (IP@ <=> MAC) because the destination of the frame is a broadcast address.


68

3 ARP protocol Time to live of ARP entry

IP @ : ZIP @ : YMAC @ : 123MAC @ : 123 MAC @ : 456MAC @ : 456

IP @ MAC @ARP cache

IP @ MAC @

ZZ 123123

ZZ 123123

ARP cache

IP @ : XMAC @ : 1MAC @ : 1

1

123123 888888

888888

2

MAC@dest.

MAC@src.

Type FCSData

123123 08000800(I P)(I P)456456

5

IP PacketIP PacketIP Y→→→→ Z

IP Y→→→→ Z3

4

6

Time to live of an ARP entry

1- When an Ethernet board has to be replaced in a host therefore, the MAC@ changes. 2- Another host wishing send an IP packet to Z and having in its ARP cache a MAC@ (but the previous one)

corresponding to this IP@ wil not perform an ARP procedure. 3- Consequently, the Ethernet frame with the now wrong destination address will never reach the desired host

So, to solve this problem, the ARP entries are deleted if they are not used for a time (configurable). For instance, in Cisco router, the default ARP TTL is 4 hours while it is only some seconds in PC. Note: a host could get the suppression of an entry (the oldest one) if there is no enough place in its ARP cache

memory


69

MAC@dest.

MAC@src.

Type FCSData

ffffff......ffff(Broadcast)

08060806(ARP)(ARP)

3

ARP RequestARP Request@IPsrc:@MACsrc:@IPdest:@MACdest:

ZZ3’

888888 888888ZZ

????????????????

3 ARP protocol Gratuitous ARP

IP @ : Z IP @ : YMAC @: 123MAC @: 123 MAC @ : 456MAC @ : 456

IP @ MAC @ARP cache

IP @ MAC @

ZZ 123123

ZZ 123123

ARP cache

IP @ : XMAC @ : 1MAC @ : 1

1

123123 888888

888888

2

4

888888

888888

4’

ARP gratuitous

An ARP gratuitous is an ARP Request having as destination IP@ its own IP@. This particular ARP Request has got to objectives :

To update the ARP cache memory of the other hosts on the LAN To detect whether there is another host having the same IP@ (normally no one host should answer to this

request).


70

3 ARP protocol Various encapsulations of ARP

@MAC Src@MAC Dest

ARP Message

SNAP

802.2 LLC

802.3

@MAC Src@MAC Dest

ARP Message

Eth.V2

ARP in SNAP/LLC

ARP in Eth V2


71

3 ARP protocol ARP format and encapsulation in Ethernet V2

1:Ethernet6:Token Ring...

0800 (IP)0001:ARP Request0002:ARP Response

Eth V2 frame6

MAC @Dest.

MAC @Source

6FCS4

Type2

0806:ARP

Protocol

2Operation

2 6

MAC @Source

MAC @length1

MAC @Dest.6

IP @dest.4

IP @length1

Hardwartype2

ARP Message IP @source4

ARP Message

46

Byte

ARP message format

Hardware address space: Specifies the type of hardware; examples are Ethernet or Packet Radio Net. • Protocol address space: Specifies the type of protocol, same as the EtherType field in the IEEE 802 header (IP

or ARP). • Hardware address length: Specifies the length (in bytes) of the hardware addresses in this packet. For IEEE

802.3 and IEEE 802.5 this will be 6. • Protocol address length: Specifies the length (in bytes) of the protocol addresses in this packet. For IP this will

be 4. • Operation code: Specifies whether this is an ARP request (1) or reply (2). • Source/target hardware address: Contains the physical network hardware addresses. For IEEE 802.3 these are

48-bit addresses. • Source/target protocol address: Contains the protocol addresses. For TCP/IP these are the 32-bit IP addresses. Note: « MAC address destination » is set to 0 in any ARP request.


72

3 ARP protocol The various fields

@MAC dest:ff:ff:ff:ff:ff:ff(Broadcast)

@MAC src:0:0:c0:6f:6d:40Type:0806 (ARP)

IP @ :192.10.21.2 IP @ :192.10.21.1MAC @ :0:0:c0:6f:6d:40 MAC @ :0:0:c0:c2:9b:26

IP @ MAC @192.10.21.1

IP @ MAC @192.10.21.2ARP Response

ARP Request

? ?0:0:c0:6f:6d:400:0:c0:c2:9b:26

Hardware type:1(Ethernet)Protocol: 800 (IP)Hw address length: 6Protocol address length: 4Operation: 1 (request)Sender’s hw address:0:0:c0:6f:6d:40Sender’s protocol address:192.10.21.1Target hw address:0:0:0:0:0:0Target protocol address:192.10.21.2

@MAC dest 0:0:c0:6f:6d:40

@MAC src:0:0:c0:c2:9b:26

Type:0806 (ARP)

Hardware type:1(Ethernet)Protocol: 800 (IP)Hw address length: 6Protocol address length: 4Operation: 2 (response)Sender’s hw address: 0:0:c0:c2:9b:26Sender’s protocol address:192.10.21.1Target hw address: 0:0:c0:6f:6d:40Target protocol address:192.10.21.2

1

2

345

Details of ARP Protocol


73

3 ARP protocol Exercise :Trace of ARP protocol

Addr. Hex. Data Time:07:33:06.0450000: FF FF FF FF FF FF 00 60 08 56 F4 E5 08 06 00 010010: 08 00 06 04 00 01 00 60 08 56 F4 E5 0A 00 00 8C0020: 00 00 00 00 00 00 0A 00 00 8A

Given the following trace :

1) Below, indicate the name of various fields and their value1) Below, indicate the name of various fields and their value

Eth frame

ARPMessage

6 6 42

62 6 42 41

3) Which kind of operation is it?3) Which kind of operation is it?

1 20001Hw type

0800Type type

06Length @MAC 04

length@IP 0001

Operation0A00008C@IP src

0A00008A@IP dest

00600856F4E5@MAC src

000000000000@MAC dest


ffffffffffff@MAC dest

0806Protocol

EthV2EthV2RequestRequest

2) Which Ethernet protocol is it (IEEE802.3 or Ethernet V2)?2) Which Ethernet protocol is it (IEEE802.3 or Ethernet V2)?


74


Eth. V2 [0000:000D]0000:0005 Destination Address: FFFFFFFFFFFF (Broadcast)0006:000B Source Address: 00600856F4E5 (3Com56F4E5)000C:000D Ethernet Type: Address Resolution Protocol (ARP)

ARP [000E:0029]000E:000F Hardware Type: Ethernet (10Mbps)0010:0011 Protocol Type: DOD Internet Protocol (IP)0012:0012 Hardware Address Length: 60013:0013 Protocol Address Length: 40014:0015 Opcode: Request0016:001B Source HW Address: 00600856F4E5001C:001F Source IP Address: 10.0.0.1400020:0025 Destination HW Address: 0000000000000026:0029 Destination IP Address: 10.0.0.138

3 ARP protocol ARP protocole trace (Request)

HexadecimalTrace

The analyzer can decode the OUI code i.e. vendor

code

Ethernetheader

Decoded ARP message

0in the request


75

Addr. Hex. Data Time:07:33:06.0590000: 00 60 08 56 F4 E5 00 80 9F 21 32 A9 08 06 00 010010: 08 00 06 04 00 02 00 80 9F 21 32 A9 0A 00 00 8A0020: 00 60 08 56 F4 E5 0A 00 00 8C 00 8A 00 8A 00 8A0030: 00 8A 00 8A 00 8A 00 8A 00 8A 00 8A F9 EF C6 D8

Eth.V2 [0000:000D]0000:0005 Destination Address: 00600856F4E5 (3Com56F4E5)0006:000B Source Address: 00809F2132A9 (Alcatel2132A9)000C:000D Ethernet Type: Address Resolution Protocol (ARP)

ARP [000E:0029]000E:000F Hardware Type: Ethernet (10Mbps)0010:0011 Protocol Type: DOD Internet Protocol (IP)0012:0012 Hardware Address Length: 60013:0013 Protocol Address Length: 40014:0015 Opcode: Reply0016:001B Source HW Address: 00809F2132A900809F2132A9001C:001F Source IP Address: 10.0.0.1380020:0025 Destination HW Address: 00600856F4E50026:0029 Destination IP Address: 10.0.0.140

3 ARP protocol ARP protocol trace (Reply)

Expected MAC address


76



3 ARP protocol Evaluation

Objective: to be able to describe the ARP protocol and analyze an ARP trace


78

4 Repeaters, Bridges and Switches Repeater

RepeaterRepeater

Segment Segment

••Signal amplifierSignal amplifier••Media adaptation Media adaptation

AUI (10base5)10base210baseT

Repeater:

Located at the physical level, it acts at the electrical level: Amplifier media adapter

It does not interprets addresses


79

4 Repeaters, Bridges and Switches Bridge principle

LAN 1 LAN 2

BridgeBridge

•Filtering on MAC addresses

Bridge

Interconnects LAN segments at the network interface layer level and forwards frames between them. A bridge performs the function of a MAC relay, and is independent of any higher layer protocol (including the logical link protocol).

It provides MAC protocol conversion, if required. A bridge is said to be transparent to IP. That is, when an IP host sends an IP datagram to another host on a network connected by a bridge, it sends the datagram directly to the host and the datagram "crosses" the bridge without the sending IP host being aware of it.


80

4 Repeaters, Bridges and Switches Bridge architecture

PhysicalMAC

Transceiver

COAXIAL

Transceiver

Bridge

PhysiqueMAC

PhysiqueMAC

••Filtering on MAC addressesFiltering on MAC addresses

Address filtering

••Media adaptationMedia adaptation

PhysicalMAC

HUB

It acts at the level 2

Advantages increase the bandwidth thanks to the filtering, increase the reliability ( a fault is not forwarded) ensure the topology adaptation.(Ethernet, Token-Ring,…)


81

4 Repeaters, Bridges and Switches Manual filtering

LAN 1 LAN 2

aa bb

cc

dd

ee

ff

PortMAC@aa eth0bbcc

eth0eth0

ddeeff

eth1eth1eth1eth1eth1eth1

BridgeEth0Eth0 EthEth 11

cc →→→→→→→→ ff

cc →→→→→→→→ aa


82

(any WAN : FR, X25, (any WAN : FR, X25, PSTN,…)PSTN,…)

4 Repeaters, Bridges and Switches Remote bridge

LAN 1 LAN 2

aa bb

cc

dd

ee

ff

PortMAC@aabbccddeeff

eth0eth0eth0

S0S0--1/321/32S0S0--1/321/32S0S0--1/321/32

PortMAC@aabbccddeeff

S1S1--8/458/45S1S1--8/458/45S1S1--8/458/45eth0eth0eth0

1/2 bridgeEthEth00 1/2 bridge

EthEth00

ATMATMSerial 0Serial 0VPI/VCIVPI/VCI

1/321/32Serial 1Serial 1

VPI/VCI VPI/VCI 8/45 8/45

1/2 bridges :

Have to maintain the relationship between : @Mac <=> Virtual Channel number (X25) or Telephone number (PSTN) or DLCI (Frame Relay) or, Virtual Connection (ATM), ...


83

Port@MACfilter

Port@MACfilter

Port@MACfilter

4 Repeaters, Bridges and Switches Self learning transparently bridge (1)

Self- learning Bridge 1 Self- learning

Bridge 2

Self- learning Bridge 3

a 1

1 2

12

1 2MAC @ : a MAC @ : b

a b a b

a b

a b

a 2

a 1

a b

a ba b

a b

a ba b

« a » sends a frame to « b »

In order to perform a filtering, a bridge must know the location of the MAC@. Two possibilities :

Manually, MAC addresses are introduced by the administrator, Automatically, by means of the self learning or the spanning tree protocol.

Principle of the self learning bridge : When a bridge receives a frame, it stores in its cache memory the MAC@ and the reception port then, examines

the MAC@ destination. If it knows this MAC@, it forwards the Ethernet frame only on corresponding port if it is not the reception

port. otherwise, it forwards the frame on all its ports (except the reception port)


84

4 Repeaters, Bridges and Switches Self learning transparently bridge(2)

PortMAC @filter

PortMAC@ filter

PortMAC@ filter

Self- learning Bridge 1 Self- learning

Bridge 2

Self- learning Bridge 3

a 1

1 2

2 1

1 2MAC @ : a MAC @ : b

b a

a 2

a 1

« b » answers to « a »

b 2

b a

b 2

b a

@MAC: C

b 2

As one goes along of the exchanges, the bridge table enhance.

Note : If a host stay quiet for a long time, (e.g.: 10mn), the entry is removed from the bridge table


85

4 Repeaters, Bridges and Switches Self learning transparently bridge and loops

!!!

!!!

PortMAC @filter

PortMAC @filter

PortMAC @filter

a 1

1 2

1

MAC @ : a

MAC @:b

a ba 2/1?

a b

« a » sends a frame to « b »

PortMAC @filter

a 2/1?

PortMAC @filter

a 2

a 2

a b

2

2 1

a b

a ba b

a b

1

12

2

Self learning bridge limitation : Self learning bridge cannot work correctly if their is a loop made by bridges.

The solution is to use the protocol :« Spanning Tree »:


86

Tree representationTree representation

4 Repeaters, Bridges and Switches Spanning Tree

234234175175

447447

109109

492492

562562

114114

TopologyTopologyRootRoot109109

234234

175175 447447

114114

562562492492LoopLoop

eliminationelimination

LoopLoop

LoopLoop

In order to solve the problem of loop in a bridged network, a protocol has been designed: Spanning Tree Protocol (STP)

the standard is IEEE802.1D Tree topology

There is a root, plus branches (actually, a hierarchy of progressively smaller branches), and ultimately leaves. On a given tree, there are no disconnected parts that are still considered part of the tree; that is, the tree encompasses all of its leaves. In addition, there are no loops in a tree. If you trace a path from any leaf to any other leaf, you will find that there is one, and only one, possible path.


87

4 Repeaters, Bridges and Switches Switch : Principle

T

RR

T

RR T

RR

T

RR

Switch 4 ports

1’1

Switch 4 ports => The traffic could reach 2 x 10 Mb/sSwitch 4 ports => The traffic could reach 2 x 10 Mb/s

Simultaneous communication

A bridge analyze the MAC@ destination to forward the frame to the correct outgoing port.

Early LAN bridges rarely had more than 2 ports.

During the 1990 ’s ASIC, microprocessors, memory technology advanced to the point where it was feasible to built LAN bridges with large numbers of ports capable of forwarding frames at wire-speed on all ports.

A switch is a bridge

(the distinction between bridge and switch is a marketing distinction)


88

SWITCH

4 Repeaters, Bridges and Switches Switch : LAN segmentation

Segmenthub

Port 1

hub

Segment

Port 6

Micro-segment

Micro-segment

Micro-segment

Micro-segment

Port 4

Port 5

Port 3

Port 2

A switch can be used to segment traditional shared LANs

Alternatively, a switch ca be used to interconnect single end stations . This is refferd to as microsegmentation.

A microsegmentated environment has a number of interesting characteristics that we will study later.


89

CollisionCollision

Switch

4 Repeaters, Bridges and Switches Switch : Half duplex operation on switch

Transmit

Receive

LoopbackCollisiondetection

Transmit

Receive Buffer

CollisiondetectionLoopback

Buffer

Transmit

Receive


HUB

When a LAN is shared by several stations, mechanisms have to be implemented to get the control of the medium detect a possibly collision and take the appropriate decision.

The operation mode is half duplex because under normal operation only one end station can transmit at one time.


90

Switch

4 Repeaters, Bridges and Switches Switch : Full duplex operation

Transmit

Receive


Transmit

Receive Buffer


Buffer

10 Base Tx provides two ways for communication : one pair for Tx and another pair for reception.

Just providing a full duplex-capable media and topology is not sufficient to achieve full duplex operation. Unless we also modify the behavior of the LAN interfaces in the switch and the attached devices, we cannot use the channel in any manner other than the normal shared-LAN mode. This is because the LAN interface does not know that the channel is now dedicated for its private use. We must essentially disable the access control mechanism inherent in the LAN interface.

We can modify the behavior of the Ethernet MAC controller in both the switch and the attached devices to take advantage of their unique situation. We need to:

Disable the Carrier Sense function as it is normally used to defer transmissions. That is, the reception of data on the receive channel should not cause the transmitter to defer any pending transmissions. A normal (half duplex) Ethernet interface will withhold its own transmissions in order to avoid interfering with transmissions in progress under control of the carrier sense signal.

Disable the Collision Detect function, which would normally cause the transmitter to abort, jam, and reschedule its transmission if it detects a receive signal while transmitting.

Disable the looping back of transmitted data onto the receiver input, as is done on a half duplex channel.

Neither end of the link needs to defer to received traffic, nor is there any interference between transmissions and receptions, avoiding the need for collision detection, backoff, and retry. In this environment, we can operate the LAN in full duplex mode; stations can both transmit and receive simultaneously

Note: the two parties must have the same operation mode otherwise, the device operating in half duplex will detect collision if it sends a frame at the same time the other device sends another in the other direction.


91

SWITCH

4 Repeaters, Bridges and Switches Switch : Collision domains

hub

hub

Port 1

Port 3

Port 4

Port 5

Port 6

Port 2

A switching hub (unlike a repeater) has a MAC entity for each of its ports. Architecturally, each of the connections to the switching hub constitutes a distinct LAN , with access to each LAN arbitrated independently of all others. A repeater with n ports constitutes a single LAN; a switch with n ports constitutes n LANs, one for each switch port.

In a shared Ethernet LAN, the CSMA/CD algorithm is used to arbitrate for use of the shared channel. The set of stations contending for access to a shared Ethernet LAN is known as a collision domain.

A switch separates the access domains of each port.


92

Half duplex

Full duplex Switch

4 Repeaters, Bridges and Switches Switch : Full and half duplex

Transmit

Receive Transmit

Receive Buffer

Buffer

Transmit

Receive


Transmit

Receive Buffer


Buffer

Transmit

Receive


HUB

Whereas with a repeater all of the devices connecting to the hub share the available channel and have to arbitrate for access, with a switching hub each of the attached devices has a dedicated channel between itself and the hub.

In the case of a micro segmented switched LAN , each port comprises a two-station network composed of the attached device and the switch port itself. If we consider that two-station LAN in isolation, we can see that it appears exactly the same (architecturally) as the simple RS-422 connection. Each device has a private, independent channel to the other device; there is no possibility of contention for the use of the underlying communications channel.


93

SegmentationSegmentationhub

Switch

MicroMicro--segmentationsegmentation

10Mb/s

4 Repeaters, Bridges and Switches Switch : Advantages of full duplex operation

Shared bandwidthShared bandwidth

Full bandwidthFull bandwidth

100 Mb/s

100 Mb/s10 Mb/s

10 Mb/s

IndedendentIndedendent rate of each stationrate of each station

Is medium free

No need accessNo need accesscontentioncontention

Transmission=reception

Collision detectionCollision detection

no

delay

Extended distance Extended distance limitationslimitations

Access contentionAccess contention

Is medium freeno

No need collisionNo need collisiondetectiondetection

Transmission=receptionno

delay

Switch

HalfHalf--duplexduplex

FullFull--duplexduplex

Implication of full duplex operation

The use of microsegmentation associated to full duplex mode have a number of important implications:

eliminate the link length restrictions of CSMA/CD. A shared ethernet LAN operating at 10 Mb/s has the full 2;5 km distance limit available. This is especially important for technologie such asFastEthernet (length ≤ 250 m) and Gigabit Ethernet

increase the aggregate channel capacity. In the best case the the aggregate capacity of a switch will equal the sum of the data rate of all attached ports.

increase the potential load on a switch. The transmission is not delayed because there is no access contention neither collision.

Allow variaous data rate for each station


94

4 Repeaters, Bridges and Switches Switch : The need for flow control

SWITCH

Buffer

Buffer

Buffer

Buffer

Buffer

SERVER

The need for flow control If the ports connected to a switch are operating in half duplex mode, there are some tricks to control the flow : Backpressure. To prevent buffer overflow from traffic arriving on its input ports, a switch can use the underlying

access control method to throttle stations on the shared LAN and forestall incoming traffic. Force collisions with incoming frames. The disadvantage of this method is the collision will cause

the end station to calculate an exponentially-increasing backoff. The station will select a time, initially in the range of 0 to 1 slot Tirnes, but increasing to 0 to 1,023 slot times for later collisions. It is likely that switch input buffers will become available during this very long time, as the switch will be emptying its queue onto the output ports in the meantime. Even though the queue is so emptied, the channel will remain idle until the backoff timer expires. It seems a shame to waste bandwidth solely due to an inefficient backpressure algorithm.

.Make it appear as if the channel is busy. This uses the deferral mechanism rather than the collision backoff mechanism of the Ethernet MAC. As long as the station sees that the channel is busy (i.e., Carrier Sense is asserted) it will defer transmission, but it imposes no additional backoftdelay.

Aggressive transmission policy. On the output side, a switch can empty its transmit queue in an expedited manner by using an access control algorithm more aggressive than that permitted by the standard. This effectively gives the switch priority over other traffic sources on its output ports.


95

4 Repeaters, Bridges and Switches Cabling with HUB

e x p o r t

d e p a r tm e n t

Im p o r t

d e p a r tm e n tFina nces

Fina nces

R&D

R&D

Sells

sells

HUB

HUB

CablingCabling1

CommunicationCommunication22

Any frame sent by a host through a Hub and whatever the MAC@ type (unicast, broadcast, multicast) will be systematically broadcasted to all Hub ports.


96

4 Repeaters, Bridges and Switches Cabling with HUB and LAN segmentation (1)

e x p o r t

d e p a r tm e n t

Im p o r t


Fina nces

R&D

R&D

Sells

sells

HUB

HUB

BridgeBridgeFilteringFiltering

LAN segmentation can be made by adding Bridge unit. A frame sent by a host to another host located on the same LAN will not be broadcasted. The bridge performing

filtering. Nevertheless, all hosts connected to this LAN segment will be disturbed.


97

4 Repeaters, Bridges and Switches Cabling with HUB and LAN segmentation (2)

e x p o r t

d e p a r tm e n t

Im p o r t


Fina nces

R&D

R&D

Sells

sells

HUB

HUB

BridgeBridge

In spite of the presence of a bridge, any communication between two hosts located on two LAN segments will lead to a monopolisation of the two LAN segments.


98

4 Repeaters, Bridges and Switches Cabling with Switch and operation

Fina nces

Fina nces

R&D

R&D

Sells

Sells

Switch

CablingCabling1Im p o r t

d e p a r tm e n t

e x p o r t

d e p a r tm e n tCommunicationCommunication2

2

MicroMicro--segmentationsegmentation

Switch allows micro-segmentation ( ≡ a bridge between each host) A switch receiving a unicast frame from a host will forward that frame to only the involved port.


99

4 Repeaters, Bridges and Switches Protocol analysis over a Hub

Pr ot oc olan alyz e r

hub


T

RR

T

RR T

RR

T

RR

HUB 4 ports

On a shared bandwidth hub, all of the traffic appears on every port of the hub. As a result, a protocol analysershould function properly when attached to any port of the hub.


100

4 Repeaters, Bridges and Switches Protocol analysis over a switch (port & switch mirroring)

SWITCH

hub

Port 1

Port 3

Port 4

Port 5

Port 6

Port 2

Pr ot oc olan alyz e r

TrafficTraffic

CopyCopy

Port mirroringPort mirroringCraft

Mirror port : 1Monitored port: 6

When a LAN switch is used in place of hub, devices connected to a given port will see only that traffic destined to them (known unicast destinations, multicast and broadcast destinations as well as unknown unicastdestinations). Thus, as a result of normal operation, it is no longer possible to monitor all of the traffic by attaching a protocol analyser to a single port.

Alternatives are commonly used to solve this problem: Port mirroring, it is possible for a switch to replicate the traffic from any single port onto another port, Switch mirroring, some switches provide the capability of mirroring all of the traffic being forwarded by the

switch. As a variation of switch mirroring, some switches allow a network administrator to configure the mirror port to reflect a subset of the ports on the switch./


101



4 Repeaters, Bridges and Switches Evaluation

Objective: To be able to describe the operation of repeaters, bridges and switches


102




5.1 IP addressing5.2 IP routing5.3 IP header

5 IP protocol


105

Telephone numberingTelephone numbering

IP numberingIP numbering

5 IP protocol 5.1 IP Addressing Analogy between PSTN numbering and IP numbering

French PSTNFrench PSTN Finnish PSTNFinnish PSTN

Telephone number : Telephone number :

medium IPNetworkmedium IP

Networkmedium IPNetworkmedium IPNetwork

Large IPNetworkLarge IP

NetworkLarge IPNetwork

Small IPNetwork

Country Code = 33Country Code = 33 Country Code = 358Country Code = 358

Country code Designation number

BorderBarbados PSTNBarbados PSTN Russian PSTNRussian PSTN

Country Code = 7Country Code = 7Country Code =Country Code =12461246

IP address : IP address : Network ID Host ID

Border ƒƒƒƒ (class)

Class A networksClass A networks Class B networksClass B networks Class C networksClass C networks

Analogy between PSTN numbering and IP numbering

Public Switched Telephone Network On telephone networks the number of digits assigned to Country Code is variable. Some Country have a country

code of 1 digit, others 2, 3 or 4 digits.

IP Network On IP networks, address is composed of 2 parts :

Network Identifier Host Identifier

The Net Id length is function of the “class”. Class A has a short Net ID leaving a longer part for Host ID. So, this class is dedicated for very large

network where many many hosts can be connected to. Class B is suitable for a medium size of networks Class C is suitable for small networks.


106

5 IP protocol 5.1 IP Addressing IP address classes

0Class A

1 0Class B

Net ID (7bits) Host Id (24 bits)

1 1 0Class C

Net ID (14bits) Host Id (16 bits)

Host Id (8 bits)Net ID (21bits)

1 1 1 0Class D

Multicast group id (28 bits)

1 1 1 1 0Class E

Reserved for future use (27 bits)

1 8 9 16 17 24 25 32

Generalities IP@ is more an interface address rather than a host address. When the host is attached to more than one network, it is called multi-homed and has one IP address for each network interface. An address is composed of 32 bits. An IP@ is composed of 2 parts:

Network Identifier Host Identifier

IP addresses are structured into classes. IP@ is usually expressed in a dotted decimal format. For example, 145.167.5.9 is a valid IP address There are five classes of IP addresses. A Class A address is suitable for networks with an extremely large number of hosts. Class C addresses are

suitable for networks with a small number of hosts.


107

5 IP protocol 5.1 IP Addressing Network sizes

Number of Networks :126Number of Networks :126Number of Hosts :16 777 214Number of Hosts :16 777 214

Net ID(7bits) Host Id (24bits)

1

8 9 16 17 24 25 32

00

Class ANetwork

Number of Networks :16 384Number of Networks :16 384Number of Hosts :65 534Number of Hosts :65 534

Net ID (14bits) Host Id (16bits)Class B

Network1010

Number of Networks :2 097 152Number of Networks :2 097 152Number of Hosts :254Number of Hosts :254

Class CNetwork1 1 01 1 0 Host Id(8bits)Net ID (21bits)

Net Id from : Net Id from : 128.0128.0.0.0 to .0.0 to 191.255191.255.0.0.0.0

Net Id from : Net Id from : 192.0.0192.0.0.0 to .0 to 223.255.255.223.255.255.00

Net Id from : Net Id from : 11.0.0.0 to .0.0.0 to 126126.0.0.0.0.0.0

Some Net ID and Host ID are reserved

The IP address exhaustion problem 32 bits of IP address give 4.294.967.296 possible addresses. 32 bits seems a suitable length to cover all IP

devices over the world. Nearly all of the new networks assigned in the late 1980s were Class B, and in 1990 it became apparent that if

this trend continued, the last Class B network number would be assigned during 1994. The reason for this trend was that most potential users found a Class B network to be large enough for their

anticipated needs, since it accommodates up to 65534 hosts, whereas a class C network, with a maximum of 254 hosts, severely restricts the potential growth of even a small initial network. Furthermore, most of the class B networks being assigned were small ones. There are relatively few networks that would need as many as 65,534 host addresses, but very few for which 254 hosts would be an adequate limit.


108

IP

MAC

5 IP protocol 5.1 IP Addressing Special IP @ : Limited broadcast on the network

MAC@destffff::ffff::ffff::ffff::ffff::ffff

MAC@src01:00:2a:01:22:11

Type0800 FCS

172.245.0.1→→→→ 255.255.255.255255.255.255.255 dataIP src IPIP destdest

Network172.245.0.0

A broadcast at the IP levelinvolves

a broadcast at Ethernet level

1 1 1 1 1 1 1 11 1 1 1 1 1 1 1

2 5 52 5 5 .. .. ..2 5 52 5 5 2 5 52 5 52 5 52 5 51 1 1 1 1 1 1 11 1 1 1 1 1 1 1 1 1 1 1 1 1 1 11 1 1 1 1 1 1 1 1 1 1 1 1 1 1 11 1 1 1 1 1 1 1DestinationDestination

IP@IP@

Broadcast limited to the network Can be uesd only as a destination IP address. This broadcast does not go trough routers. A broadcast at IP level leads to a broadcast at the Ethernet level


109

5 IP protocol 5.1 IP Addressing Special IP @ : Directed broadcast to a network

1 01 0 0 0 1 0 1 00 0 1 0 1 01 3 81 3 8

0 0 0 0 0 1 0 10 0 0 0 0 1 0 155..

directed towards all hosts of this networknetwork

..

Network 138.5.0.0138.5.0.0

Network 172.245.0.0

172.245.0.1→→→→ 138.5.138.5.255.255255.255 dataIP src IPIP destdest

.0.1

..1 1 1 1 1 1 1 11 1 1 1 1 1 1 1 1 1 1 1 1 1 1 11 1 1 1 1 1 1 1

2 5 52 5 5 2 5 52 5 5BroadcastBroadcast

1 0

ExampleExampleclass Bclass B

Net id (14bits) Host id (16bits)DestinationDestinationIP@IP@

This is called a directed broadcast address because it contains both a valid <network address> and a broadcast <host address>.

Most of network administrator configure their router to prevent this kind of directed broadcast because its an easy way for a hacker to perturb a network.


110

5 IP protocol 5.1 IP Addressing Special IP @ : (loopback)

The IP @ : The IP @ : 127. _._._127. _._._ allows a communication between 2 applicationsallows a communication between 2 applications

IP @ :Z

IP @ : Y

IP protocolIP protocol @IP:Z @IP:127.0.0.1

this address is not sent this address is not sent over the networkover the network

Application 2 Application 1

Loopback:

The class A network 127.0.0.0 is defined as the loopback network. Addresses from that network are assigned to interfaces that process data within the local system. These loopback interfaces do not access a physical network.


111

5 IP protocol 5.1 IP Addressing Special IP @ : unknown IP @ source

DHCP Server (Server of IP@)

•IP@=0.0.0.0 can be used at the host start-up in order to get an IP @ from BOOTP or DHCP server.

MAC

MAC: 01:00:2a:01:22:11

@ pool

IP@= ?IP@= ?1 IP 0.0.0.0→→→→ 255.255.255.255255.255.255.255DHCP:

IP@ RequestIP src IPIP destdest2

MAC@destffff::ffff::ffff::ffff::ffff::ffff

MAC@src01:00:2a:01:22:11

Type0800 FCS

3

4

5

Source IP@]= 0.0.0.0 is used by a host which has no IP address.


112

5 IP protocol 5.1 IP AddressingNetID

192.100.17.0200.98.76200.98.76.0eth0 eth1 Hub

192.100.17.254

192.100.17.253

192.100.17.1

192.100.17.2

192.100.17.3

200.98.76.254Hub

200.98.76.1

200.98.76.2

200.98.76.3

200.98.76.253Classe C network => maximum of 254 hosts=> maximum of 254 hosts

Each network has got an uniqueEach network has got an unique NetIDNetIDRouter interface has also an IP@


113

Private IP@Private IP@

Public IP@Public IP@

5 IP protocol 5.1 IP Addressing Public addresses - Private addresses

InternetInternet

IP @ : 9.1.2.3IP @ : 9.1.2.3

IP @ : 154.11.22.33IP @ : 154.11.22.33

IP @ : 195.51.63.1IP @ : 195.51.63.1

Private network10.0.0.0

IP @ : 10.6.7.8IP @ : 10.6.7.8


IP @ : 10.6.7.8IP @ : 10.6.7.8

••assigned by IANAassigned by IANA

••Address ranges reserved by ICANNAddress ranges reserved by ICANN

••unique over the worldunique over the world

••Can be used several timesCan be used several times

••Cannot travel InternetCannot travel Internet

Public IP@ A Public IP@ is an Internet IP@ assigned by ICANN (IInternet nternet CCorporation for orporation for AAssigned ssigned NNames and ames and NNumbers)umbers)

which is the organisation in charge of IP@ allocation on Internet.

Private IP@ ICANN reserved some ranges of IP@ which are not assigned to any Host connected to Internet. Any organization can use any address in these ranges. However, because these addresses are not globally

unique, they are not defined to any external routers. Routers in networks not using private addresses, particularly those operated by Internet service providers, are expected to quietly discard all routing information regarding these addresses. Routers in an organization using private addresses are expected to limit all references to private addresses to internal links. They should neither externally advertise routes to private addresses nor forward IP datagrams containing private addresses to external routers.


114

5 IP protocol 5.1 IP Addressing Private address ranges

Internet

public IP @public IP @Private Net.

class A : 10.0.0.0 to 10.255.255.255class A : 10.0.0.0 to 10.255.255.255 (1 class)(1 class)

PrivateNetworks

class B : 172.16.0.0 to 172.31.255.255class B : 172.16.0.0 to 172.31.255.255 (16 classes)(16 classes)

class C: 192.168.0.0 to 192.168.255.255 class C: 192.168.0.0 to 192.168.255.255 (256 classes)(256 classes)

PrivateNetworks

private IP @ private IP @

Internet reserves part of the global address space for use in networks that do not require connectivity to the Internet. Typically these networks are administered by a single organization.

Three ranges of addresses have been reserved for this purpose:

• 10.0.0.0: A single Class A network • 172.16.0.0 through 172.31.0.0: 16 contiguous Class B networks • 192.168.0.0 through 192.168.255.0: 256 contiguous Class C networks


115

IP @ : 154.11.22.33IP @ : 154.11.22.33

IP @ : 154.11.12.13IP @ : 154.11.12.13

@IP: 154.11.63.1@IP: 154.11.63.1


5 IP protocol 5.1 IP Addressing Other private addresses

Public IP@Public IP@

InternetInternet

IP @ : 9.1.2.3IP @ : 9.1.2.3

IP @ : 154.11.22.33IP @ : 154.11.22.33

IP @ : 195.51.63.1IP @ : 195.51.63.1

IP@ not assigned IP@ not assigned by IANAby IANA Private IP@Private IP@

Private IP@ Is also considered as “Private IP address” any IP address not assigned by ICANN. These type of addresses can be used inside a private network. They cannot travel Internet.


116

InternetInternet

5 IP protocol 5.1 IP Addressing Private IP networks and Internet connections

Intranet 1Intranet 1NetID: 10.10.10.0

IP@ :IP@ :10.10.10.810.10.10.8

Private IPaddresses

10.10.10.810.10.10.8 194.5.3.12194.5.3.12

data

1

DiscardDiscardpacketpacket

2

194.5.3.12194.5.3.12

A private IP@ cannot travel Internet.


117

5 IP protocol 5.1 IP Addressing NAT : Network Address Translation

41

Private IP@ Public IP@

NATNATPrivate Network

10.10.10.010.10.10.0

.1.1.3.3

.2.2

212.17.22.21212.17.22.21212.17.22.22212.17.22.22212.17.22.23212.17.22.23

.4.4

10.10.10.410.10.10.4

IPdest: 194.5.3.12194.5.3.12IPsrc: 212.17.22.21212.17.22.21

2 3

IPdest: 194.5.3.12194.5.3.12IPsrc: 10.10.10.410.10.10.4

InternetInternet194.5.3.12194.5.3.12

5IPdest:212.17.22.21212.17.22.21IPsrc: 194.5.3.12194.5.3.12

6IPdest : 10.10.10.410.10.10.4IPsrc: 194.5.3.12194.5.3.12

Basically, Network Address Translation allows a single device, such as a router, to act as agent between the Internet (or "public network") and a local (or "private") network.

The private router connected to Internet must be configured with NAT function and one or several Public IP@. 1 - A computer of the private network send an IP packet to a server connected to Internet. The IP packet contains

a private IP@ as a source IP@ and cannot travel Internet 2 - The Internet gateway router translates the source private IP@ into a public IP@ and forwards the packet to

Internet. 3 - The Internet gateway router keeps in its memory the assaciation privateIP@ and public IP@. 4 - The IP packet can travel Internet because the IP addresses are valid. 5 - The server can answer. It knows the other party by only the public IP@. 6 - The NAT router operates the inverse translation before forwarding the packet to the private network.

This means that only a single unique IP address is required to represent an entire group of computers to anything outside their network.


118

NetID: 10.10.10.0 NetID: 10.10.20.0IP@ :IP@ :10.10.10.810.10.10.8

IP@ :IP@ :10.10.20.410.10.20.4

Private net.Private net. Private net.Private net.

VVirtual irtual PPrivate rivate NNetworketwork

5 IP protocol 5.1 IP Addressing VPN: Virtual Private Network

InternetInternet

Private net.Private net.

NetID: 10.10.20.0

IP@ :IP@ :10.10.20.410.10.20.4

Leased lineLeased linePrivate net.Private net.NetID: 10.10.10.0

IP@ :IP@ :10.10.10.810.10.10.8

Private networkPrivate network

Tunneling

A private network expended over several distant sites has to use very expensive leased lines.

To reduce the cost, the infrastructure of Internet can be used while keeping the advantages of a private network (security, …). This concept is called “Virtual Private Network”.

To achieve that a tunnel has to be created between the private networks.


119

10.10.10.810.10.10.8 20.10.20.420.10.20.4data

194.3.2.1194.3.2.1 198.6.7.2198.6.7.2

InternetInternet

5 IP protocol 5.1 IP Addressing VPN: Tunneling principle

Intranet 1Intranet 1Intranet 2Intranet 2

NetID: 10.10.10.0 NetID: 10.10.20.0

IP@ :IP@ :10.10.10.810.10.10.8

IP@ :IP@ :10.10.20.410.10.20.4

10.10.10.810.10.10.8 10.10.20.410.10.20.4data

IP@ : 194.3.2.1IP@ : 194.3.2.1

IP@ : 198.6.7.2IP@ : 198.6.7.2

10.10.10.810.10.10.8 10.10.20.410.10.20.4data

1

194.3.2.1194.3.2.1 198.6.7.2198.6.7.22

4 De-encapsulation 5

6

Encapsulation

3

10.10.10.810.10.10.8 10.10.20.410.10.20.4data

The solution consists of encapsulating the original IP packet into another IP packet.

1- the original IP packet using private IP addresses is sent to the border router. 2- the border router makes an IP packet using public IP addresses known by INET 3- the border router encapsulates in this packet the original IP packet as a data 4- Internet can convey the IP packet towards the border router of the remote Intranet because it examine

the header and not the data. 5- the Intranet 2 access router examines the received IP packet and because the destination is its own

address, it extracts the data. This data being an IP packet, it submits the destination IP address to its routing table.

6- the original IP packet can travel the Intranet up to the destination.


120

5 IP protocol 5.1 IP Addressing IP address allocation

IInternet nternet CCorporation for orporation for AAssigned ssigned NNames and ames and NNumbersumbers

www.icann.org

AAmerican RRegistry for IInternet NNumbers

AAsia PPacific NNetwork IInformationCCentre

RRéseauxIPIPEEuropéensNNetwork CCoordinationCCentre

www.ripe.net

www.iana.org IInternet nternet AAssigned ssigned NNumbersumbersAuthorityAuthority

ICANN: Responsible for : IP address assignment, protocol parameter assignment, Domain Name System management

ICANN replaces IANA which was an US organisation.

The network number portion of the IP address is administered by one of three Regional Internet Registries (RIR): • American Registry for Internet Numbers (ARIN): This registry is responsible for the administration and

registration of Internet Protocol (IP) numbers for North America, South America, the Caribbean and sub-Saharan Africa.

• Réseaux IP Européens (RIPE): This registry is responsible for the administration and registration of Internet Protocol (IP) numbers for Europe, Middle East, parts of Africa.

• Asia Pacific Network Information Centre (APNIC): This registry is responsible for the administration and registration of Internet Protocol (IP) numbers within the Asia Pacific region.


121

5 IP protocol 5.1 IP Addressing Regional coverage

ARINARINRIPE NCCRIPE NCC

APNICAPNIC


122

11--Number of networks : Number of networks : 22--Network number from :Network number from : toto

3-Number of hosts : 4-Host number from : to

5 IP protocol 5.1 IP Addressing Exercise : IP class A

Host Id (24bits)Net Id (7bits)0class Aclass A

•With 7 bits for Net Id, what is the maximum number ofcombinaisons ?•What are the reserved Net Id?

128127 (loopback) 0

126126126126.0.0.0.0.0.011.0.0.0.0.0.0

•With 24 bits for Host Id, what is the maximum number of combinations ?•What are the reserved Host Id?

16 777 2160 .255.255.255

n.0.0.1 n.255.255.25416 777 214

•Private addresses of the class A : 10.0.0.0 (1 class) Class A addresses:

These addresses use 7 bits for the <network> and 24 bits for the <host> portion of the IP address. This allows for 2 7 -2 (126) networks each with 2 24 -2 (16777214) hosts; a total of over 2 billion addresses.


123

5 IP protocol 5.1 IP Addressing IP addresses of the class D and E

1 1 1 1 0class E

1 1 1 0class D

Group Id from Group Id from 224224.0.0.0 to .0.0.0 to 239239.255.255.255.255.255.255

Multicast group id (28bits)

Reserved for future use (27bits)

de de 240240.0.0.0 to .0.0.0 to 247247.255.255.255.255.255.255

Class D addresses:

These addresses are reserved for multicasting (a sort of broadcasting, but in a limited area, and only to hosts using the same class D address).

Class E addresses:

These addresses are reserved for future use.


124

RIPRIP22 (Routing Protocol) Routing table

MAC@dest MAC@src00:46:a5:e7:02:3c

Type0800 FCSMACMAC

172.245.0.254→→→→IP src IPIP destdestIPIP data224.224.0.0.90.0.9

00:00:0900:00:0901:00:5e:01:00:5e:

5 IP protocol 5.1 IP Addressing Multicast in IP protocol and MAC protocol

MACMACMM==01.00. 5e.01.00. 5e.00.00.0900.00.09

MACMACUU= 00.53.27.32.02.c8= 00.53.27.32.02.c8 MACMACUU= = 00.a6.b7.30.00.a6.b7.30.eeee.01.01MACMACUU= = 00.46 .a5.e7.02.3c00.46 .a5.e7.02.3c

MACMACUU= 00.6f. 66.32.0b.08= 00.6f. 66.32.0b.08 MACMACUU= 00.35 .d6.39.= 00.35 .d6.39.cbcb.0a.0aMACMACUU= 00.18.55.92.a2.08= 00.18.55.92.a2.08

IP@=172 .245.0.254MACMACMM==01.00.5e. 01.00.5e. 00.00.0900.00.09

MACMACMM==01.00 .5e. 01.00 .5e. 00.00.0900.00.09

RIPRIP22 RIPRIP22 How Multicast addresses are assigned Multicast addresses are assigned by higher-layer protocols or applications. If an application needs the ability to

communicate with a group of devices running an identical ( or cooperating) application, it can assign a multicast address for that purpose. Some well-known examples include:

- The RIPv2 uses a MAC multicast address : 01-00-5E-00-00-09 - The Open Shortest-Path-First routing protocol (OSPF) uses a MAC multicast address (01-00-5E- 00-00-

05 and 01-00-5E-00-00-06 ). Of course, if the designer wants the application to interoperate with implementations built by others, then any

such address selection must be made public knowledge. In the case of the Spanning Tree Protocol done through the publication of the IEEE 802.1D standard.

It is also possible to have a multicast address assigned dynamically at the time an application is invoked. There are multicasting applications that a only sporadically and whose logical grouping changes with each inv good example would be a network video conferencing application. We would like to be able to use multicast techniques to distribute voice and video among a group of conference members (all of whom are running the cooperating conference application), but the parties involved will surely change from conference-to-conference. There is no easy way to pre-ordain the multicast be used by any arbitrary group of conference attendees, nor do use a single multicast address for all possible conferences. One solution is conference server, which can, upon request from the conference application, create the conference, connect all of the parties, and assign a unique multicast address for this particular conference from a pool of addresses available to the conference application. When the conference is over, the address can go back into the pool. The pool range would likely be assigned by the design conference application, but the particular multicast address used for conference would be dynamically assigned at the time the application is invoked. Thus, multicast groups define a logical grouping of devices on an application basis, not on a physical basis.


125

5 IP protocol 5.1 IP Addressing Multicast : impact on frame level

1 1 1 0 x x x x x y y y y y y y y y y y y y y y y y y y y y y y

0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 1 1 1 1 0 0

0 1 - 0 0 5 E- - - -

224 to 239. . .IP Multicast address IP Multicast address

Multicast MAC address

class D

y y y y y y y y y y y y y y y y y y y y y y y

Address translation

Group address

Multicast : Like broadcast at IP level leads to a broadcast at the Ethernet level, a multicast at the IP level leads to a

multicast at the Ethernet level. This is achieved by a copy of 23 less significant bits of the IP multicast address into the 23 bits of the MAC

address. The most significant bits taking the hexadecimal value 01:00:5E Some IP multicast @ :

224.0.0.5 OSPFIGP OSPFIGP All Routers 224.0.0.6 OSPFIGP OSPFIGP Designated Routers 224.0.0.7 ST Routers 224.0.0.8 ST Hosts 224.0.0.9 RIP2 Routers 224.0.0.10 IGRP Router 224.0.0.11 Mobile-Agents 224.0.0.12-224.0.0.255 Unassigned 224.0.1.10 IETF-1-LOW-AUDIO 224.0.1.11 IETF-1-AUDIO 224.0.1.12 IETF-1-VIDEO 224.0.1.13 IETF-2-LOW-AUDIO 224.0.1.14 IETF-2-AUDIO 224.0.1.15 IETF-2-VIDEO 224.0.1.16 MUSIC-SERVICE


126

5 IP protocol 5.1 IP Addressing Classes and Net ID - Exercise ( 1)

Fill in this table :Fill in this table :

@IP class Net Id

131.108.2.10131.108.2.10159.173.90.134159.173.90.134

145.78.185.18145.78.185.18125.83.10.3125.83.10.3

195.32.6.219195.32.6.219

__________

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

BB 131.108131.108.0.0.0.0


127

Other network

IP@ : 2.0.0.2IP@ : 2.0.0.2

5

IP levelIP level

5 IP protocol 5.1 IP Addressing Default gateway (1)

IP@: 1.0.0.1IP@: 1.0.0.1

IP@:1.0.0.2IP@:1.0.0.2

MAC@: 102030MAC@: 102030

MAC@:405060MAC@:405060

MAC@: 908070MAC@: 908070IP@:1. 0.0.254IP@:1. 0.0.254

IP @ MAC @ARP cache 1.0.0.21.0.0.2 405060405060

Router

@IPsrc:@IPdest

1.0.0.11.0.0.1: 2.0.0.2: 2.0.0.21

ARP Request IP @ : 1.0.0.254IP @ : 1.0.0.254

4 ARP Response MAC@ : 908070MAC@ : 908070

6

FCS

102030102030908070908070 08000800(IP)(IP)

@IPsrc:@IPdest

1.0.0.11.0.0.1: 2.0.0.2: 2.0.0.2MAC@dest.

MAC@src.

Type Data

8

1.0.0.2541.0.0.2543 ????????????908070908070 7

9

Default gateway=@IP: 1.0.0.254=@IP: 1.0.0.254

IP dest.within local net ?NoNoYesYes 2

Default gateway:

The transmission of an IP packet to a host located in another network cannot only use the ARP procedure because the ARP request is a broadcast frame which does not go through any router.

The only way to reach the destination is via one or more IP gateways. (Note that in TCP/IP terminology, the terms gateway and router are used interchangeably.

If the destination IP@ is out of the sender network, the sender has to forward the IP packet to a router. Normally, any host should know the IP@ of a router on its network (default gateway).

1- A packet has to be transmitted to a host out of the local network. That is the role of the sender to determine if the destination IP@ is in or out of the local network.

2- If the destination IP@ is out, first it must transmit the IP packet to a router. It knows the IP@ of at least one router (configuration parameter of the host).

3- If the host does not know the MAC@ corresponding to the IP@ of the router, 4, 5, 6- It carries out an ARP procedure 7- To update its ARP cache memory. 8- Now, it is capable of transmitting the IP packet encapsulated into an Ethernet frame leading to the router. 9- Then, the router will consult its routing table to know on which outgoing interface it has to forward this IP

packet and what is the next router leading to the destination. The process (3-8) is carried out between this router and the next one and so on up to the final destination.


128

5 IP protocol 5.1 IP Addressing PC-NT configuration

1

2

3

4

5

6

7

8

C:\ ipconfigipconfig /all/all9


129

7

5 IP protocol 5.1 IP Addressing ‘is destination IP@ “in” or “out” of the LAN ? ’ (1)

Internet IP@: 128.5.15.5IP@: 128.5.15.5MAC@: 405060

MAC@:102030MAC@:102030

ARP cache ARP cache 128.5.26.2128.5.26.2 908070908070128.5.15.5128.5.15.5 405060

MAC@IP @

IP@ :128.5.4.1IP@ :128.5.4.1

IP@: 128.5.26.2IP@: 128.5.26.2

IP@IP@ destdest: 128.5.26.2: 128.5.26.21class Bclass B 3

Host IP@: 128.5.4.1Host IP@: 128.5.4.1Default gateway :128.5.15.5

Host configuration

FCS102030102030908070908070 08000800

(IP)(IP)@IPsrc:@Ipdest: 128.5.4.1128.5.4.1128.5.26.2128.5.26.2

MAC@dest.

MAC@src.

Type Data

MAC @:908070MAC @:908070

Samenetwork5

=6

24

If the destination host is attached to the same physical network as the source host, IP datagrams can be directly exchanged. This is done by encapsulating the IP datagram in the physical network frame. This is called direct delivery and is referred to as direct routing.

How to determine if a destination IP@ is in or out the local network?

The transmitter compares the NetID of its IP@ with the NetID of the destination IP@. The transmitter can know the border between NetID and HostID by examining the IP@ class of its own address.

In this picture, the destination IP@ is located on the same network than the transmitter.


130

8

5 IP protocol 5.1 IP Addressing ‘is destination IP@ “in” or “out” of the LAN ? ’ (2)

Internet IP@: 128.5.15.5IP@: 128.5.15.5MAC@:405060405060

MAC@:102030MAC@:102030

ARP cache ARP cache 128.5.26.2128.5.26.2 908070908070128.5.15.5128.5.15.5 405060

MAC@IP @

IP@ :128.5.4.1IP@ :128.5.4.1

IP@: 128.5.26.2IP@: 128.5.26.2

IP@IP@ destdest: : 128.6.6.6128.6.6.61class Bclass B 3

Host IP@: 128.5.4.1 Host IP@: 128.5.4.1 Default gateway :128.5.15.5128.5.15.5

Host configuration

FCS102030102030405060405060 08000800

(IP)(IP)@IPsrc:@Ipdest: 128.5.4.1128.5.4.1128.6.6.6 128.6.6.6

MAC@dest.

MAC@src.

Type Data

MAC @:908070MAC @:9080707

24

Othernetwork

≠≠≠≠5

6

Indirect routing occurs when the destination host is not connected to a network directly attached to the source host. The only way to reach the destination is via one or more IP gateways. (Note that in TCP/IP terminology, the terms gateway and router are used interchangeably. This describes a system that performs the duties of a router.)

In this picture, the destination IP@ is located out of the transmitter network. So, the IP packet will be sent towards the default gateway.

Router Interconnects networks at the internetwork layer level and routes packets between them. The router must

understand the addressing structure associated with the networking protocols it supports and take decisions on whether, or how, to forward packets. Routers are able to select the best transmission paths and optimal packet sizes. The basic routing function is implemented in the IP protocol of the TCP/IP protocol stack, so any host orworkhost running TCP/IP over more than one interface could, in theory and also with most of today's TCP/IP implementations, forward IP datagrams. However, dedicated routers provide much more sophisticated routing than the minimum functions implemented by IP. Because IP provides this basic routing function, the term "IP router," is often used. ther, older terms for router are "IP gateway," "Internet gateway," and "gateway." The term gateway isnow normally used for connections at a higher layer than the internetwork layer. A router is said to be visible to IP. That is, when a host sends an IP datagram to another host on a network connected by a router, it sends the datagram to the router so that it can forward it to the target host.


131

Network 128.5.Network 128.5.0.00.0

5 IP protocol 5.1 IP Addressing Sub-network

InternetInternet

128.5.4.2128.5.4.2

128.5.4.3128.5.4.3

128.5.4.4128.5.4.4

128.5.4.5128.5.4.5

128.5.4.1128.5.4.1

128.5.8.2128.5.8.2 128.5.8.4128.5.8.4

128.5.8.3128.5.8.3 128.5.8.5128.5.8.5128.5.8.1128.5.8.1

S/Net S/Net 128.5128.5..44.0.0

S/Net S/Net 128.5128.5..88.0.0

Subnetting:

Due to the explosive growth of the Internet, the principle of assigned IP addresses became too inflexible to allow easy changes to local network configurations. Those changes might occur when:

• A new type of physical network is installed at a location. • Growth of the number of hosts requires splitting the local network into two or more separate networks. • Growing distances require splitting a network into smaller networks, with gateways between them.

To avoid having to request additional IP network addresses, the concept of IP subnetting was introduced in 1984. The assignment of subnets is done locally. The entire network still appears as one IP network to the outside world.

The host number part of the IP address is subdivided into a second network number and a host number. This second network is termed a subnetwork or subnet. The main network now consists of a number of subnets.


132

5 IP protocol 5.1 IP Addressing Sub-net addressing example

Net Id Host Id (16bits)Net ID (class B) : 128.5.0.0

254 sub-nets of 254 hosts eachSub-Net Id8 bits

Host Id8 bits

1 0 1 0 0 0 0 0 0 00 0 0 0 0 01 2 81 2 8

0 0 0 0 0 1 0 10 0 0 0 0 1 0 155.. ..

0 0 0 0 0 0 00 0 0 0 0 0 000 00

0 0 0 0 0 0 00 0 0 0 0 0 0

Divided into sub-networksNet Id (14bits)

1 2 81 2 8 55..

1 0 0 0 0 0 0 01 2 81 2 8

0 0 0 0 0 1 0 155.. .

0 0 0 0 0 1 0 00 0 0 0 0 1 0 0 0 0 0 0 0 1 0 144 55

Example of Host IP address

Net IDNet ID Host IDHost ID

The division of the local part of the IP address into a subnet number and host number is chosen by the local administrator. Any bits in the local portion can be used to form the subnet

The subnets all bits 0 and all bits A are not valid.


133

Host IP@: 128.5.4.3 Host IP@: 128.5.4.3 Default gateway :Default gateway :128.5.4.1128.5.4.1

PC configuration

5 IP protocol 5.1 IP Addressing Sub-net addressing : class problem

Sub-net 128.5.8.0

Sub-net 128.5.4.0

IP@:128.5.4.3IP@:128.5.4.3

IP@: 128.5.4.5

IP@: 128.5.8.4

IP@: 128.5.4.1

IP@: 128.5.8.1

Mac@:102030Mac@:102030

ARP cache ARP cache 128.5.4.5 708090128.5.4.1 304050

MAC@IP @

Mac@: 304050

Mac@: 708090

IP@IP@ destdest: 128.5.8.4: 128.5.8.41

An ARP request does not go through router

7

Mac@: aabbcc

2class Bclass B3

128.5.8.4 ?5

This host believes the remote Host is in the same network

=

4

102030102030ffffff....ffffff 08060806(ARP)(ARP)

MAC@dest.

MAC@src.

Type FCS

66ARP Request

IPdestIPdest : 128.5.8.4: 128.5.8.4MAC@ : ??????MAC@ : ??????

How a host can know the border between NetID and HostID?

1- For a destination IP@, if the host take in account only the address class to know whether the destination is in or out its network,

2- thus, it believes that the host destination is in its local network 3- It consults its ARP cache memory 4- because the cache memory does not know the MAC@ corresponding the destination IP@, it carries out an

ARP procedure 5- The ARP request will stay without any response because it is not forwarded to the other network (a broadcast

does not go through a router.


134

5 IP protocol 5.1 IP Addressing The Subnet Mask

IP@ : 128.5.4.3IP@ : 128.5.4.3

IP@:128.5.4.5

MAC@ : 102030MAC@ : 102030MAC@:708090

Other network

Routeur

IP @ : 128.5.8.4IP @ : 128.5.8.4

IP levelIP level@IPsrc:@IPdest 128.5.4.3128.5.4.3: 128.5.8.4: 128.5.8.41

IP dest.within local net ? Default gateway=@IP: 128.5.4.1=@IP: 128.5.4.1

NoNoYesYes 2

The “Subnet Mask” indicates the length of the network address part

IP@: 128.5.4.1IP@: 128.5.4.1Mac@: 304050

The border between HostID and NetID being now variable a new concept has been addedto the IP@:“NETMASK”


135

5 IP protocol 5.1 IP AddressingNetmask operation

2 5 52 5 5 .. .. ..252252 002 5 52 5 5MaskMask ::

138138 55.. ..1717 55..IP@IP@srcsrc ::

138138 55.. . 0. 0..Net IdNet Id :: 1616

1 0 0 0 1 0 1 0 0 0 0 0 0 1 0 1 0 0 1 0 0 1 0 1 0 0 0 1 0 0 1 1138138 55.. ..1919 3 73 7..IP@IP@destdest ::

1 0 0 0 1 0 1 01 0 0 0 1 0 1 0 0 0 0 0 0 1 0 10 0 0 0 0 1 0 1 0 0 0 0 0 1 0 10 0 0 0 0 1 0 10 0 0 0 0 0 1 0 0 0 11 0 0 0 1

1 1 1 1 1 1 0 0 1 1 1 1 1 1 0 0 1 1 1 1 1 1 1 11 1 1 1 1 1 1 11 1 1 1 1 1 1 11 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

24 20212223

Now, in addition to the IP@, a Net mask is provided to any host This mask will be applied on both source IP@ and destination IP@ in order to compare the NETID of these 2

addresses and determine if they are located on the same network. The division of the local part of the IP address into a subnet number and host number is chosen by the local

administrator. Any bits in the local portion can be used to form the subnet. The division is done using a 32-bitsubnet mask. Bits with a value of zero bits in the subnet mask indicate positions ascribed to the host number. Bits with a value of one indicate positions ascribed to the subnet number.

When assigning the subnet part of the local address, the objective is to assign a number of bits to the subnetnumber and the remainder to the local address. Therefore, it is normal to use a contiguous block of bits at the beginning of the local address part for the subnet number.


136

“Dotted“Dotted decimaldecimal “notation“notation

“prefix” notation“prefix” notation

5 IP protocol 5.1 IP Addressing IP @ notation and netmask

1 1 1 1 1 1 0 0 1 1 1 1 1 1 1 11 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0

255255 252252255255 00NetmaskNetmask ::138138 55 1919 3 73 7IPIP @@ ::

138138 55 1919 3 73 7@ IP@ IP :: 2222


137

5 IP protocol 5.1 IP Addressing Router searching

Host IP@: 128. 5 . 4 .3 Host IP@: 128. 5 . 4 .3 Default gateway :Default gateway :128.5.4.1128.5.4.1PC configuration

Sub-net 128.5.8.0

Sub-net 128.5.4.0

IP@:128.5.4.3IP@:128.5.4.3

IP@: 128.5.4.5

IP@: 128.5.8.4

IP@: 128.5.4.1

IP@: 128.5.8.1

Mac@:102030Mac@:102030

ARP cache ARP cache 128.5.4.5 708090128.5.4.1 304050

MAC@IP @

Mac@: 304050

Mac@: 708090

IP@IP@ destdest: 128. 5 . 8 .4: 128. 5 . 8 .42

Mac@: aabbcc

1 SubnetSubnet Mask: 255.255.255.0 Mask: 255.255.255.0

3

≠≠≠≠

45

66

102030102030304050304050 08000800(IP)(IP)

MAC@dest.

MAC@src.

Type FCS

IP PacketIPdestIPdest : 128.5.8.4: 128.5.8.4IPsrcIPsrc : 128.5.4.3: 128.5.4.3

IP@ in or out the sub-network : 1- Thanks to netmask, the sender can know where is the border between NetID and HostID. . 2- Because the sender determined that the destination IP@ is out of the local network, it uses the default

gateway parameter to get the next hop 3- in this example, the cache memory already knows the MAC@ of the router (otherwise it should

achieve an ARP procedure) 4- The IP packet is encapsulated in an Ethernet frame pointing to the MAC@ of the router which is the

next hop.


138

5 IP protocol 5.1 IP AddressingSubnet Mask and Net ID - Exercise ( 2)

Attempt to find out:11-- thethe SubnetSubnet Mask expressed in dotted decimalMask expressed in dotted decimal22-- the Net ID expressed in dotted decimalthe Net ID expressed in dotted decimal

@IP SubnetSubnetMaskMask Net IdNet Id

145.78.185.18145.78.185.18

bits for sub-net

33. . . . . . . . . . . .


139

SubnetSubnetMaskMask ::

@ IP@ IP :: 145145 7878. .185185 1818.

5 IP protocol 5.1 IP Addressing Exercise (2) solving demonstration

2 5 52 5 5 . . .224224 002 5 52 5 51 1 1 1 1 0 0 0 0 0 1 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 11 11 1 1 1 1 1 1 1 1 1 1 11 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

1 0 0 1 0 0 0 11 0 0 1 0 0 0 1 0 1 0 0 1 1 1 00 1 0 0 1 1 1 0 0 0 0 1 0 0 1 00 0 0 1 0 0 1 011 0 1 1 1 0 0 10 1 1 1 0 0 1

1 0 0 1 0 0 0 11 0 0 1 0 0 0 1 0 1 0 0 1 0 0 1 1 0 1 1 1 01 0 0 0 0 1 0 0 1 0 0 0 1 0 0 1 0 0 11 0 1 1 1 0 1 1 1 0 0 0 10 1145145 7878. .160160 00.

Net ID Net ID ::(128 + 32)

class B network Sub-net


140

5 IP protocol 5.1 IP AddressingSubnet Mask and Net ID - Exercise (3)

@IP Sub-net Mask Net Id

131.108.2.10131.108.2.10

159.173.90.134159.173.90.134

159.173.90.34159.173.90.34

195.32.6.219195.32.6.219

255.255.255.128255.255.255.128

255.255.255.128255.255.255.128

bits for sub-net

88

55

__

__

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .



141

5 IP protocol 5.1 IP Addressing Net broadcast and Subnet broadcast Mask - Exercise (4)

After at least 5 minutes, see next for the demonstration→→→→

Network 145.78.Network 145.78.0.00.0/16/16

InternetInternet

S/Net 145.78.192.0/19S/Net 145.78.192.0/19

S/Net 145.78.160.0/19S/Net 145.78.160.0/19145.78. 185.18145.78. 185.18

Net maskNet maskNetwork Network BroadcastBroadcast

255.255.224.0255.255.224.0

SubSub--net net BroadcastBroadcast

Attempt to fill in :Attempt to fill in :


142

1 0 0 1 0 0 0 11 0 0 1 0 0 0 1 0 1 0 0 1 1 1 00 1 0 0 1 1 1 0 0 0 0 1 0 0 1 00 0 0 1 0 0 1 011 0 1 1 1 0 0 10 1 1 1 0 0 1

1 0 0 1 0 0 0 11 0 0 1 0 0 0 1 0 1 0 0 1 1 1 00 1 0 0 1 1 1 0 0 0 0 1 0 0 1 00 0 0 1 0 0 1 011 0 1 1 1 0 0 10 1 1 1 0 0 1

5 IP protocol 5.1 IP Addressing Exercise (4) solving demonstration

2 5 52 5 5 . . .224224 002 5 52 5 5

145145 7878. .185185 1818.@@ IPsrcIPsrc ::1 0 0 1 0 0 0 11 0 0 1 0 0 0 1 0 1 0 0 1 1 1 00 1 0 0 1 1 1 0 0 0 0 1 0 0 1 00 0 0 1 0 0 1 011 0 1 1 1 0 0 10 1 1 1 0 0 1

Network Network directed directed broadcast broadcast ::

SubSub--netnetdirected directed broadcast broadcast ::

1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 11 1 1 1 1 1 1 1145145 7878. .191191 255255.

Net Id Host Id

Class B1 1 1 1 1 1 1 11 1 1 1 1 1 1 1 1 1 1 1 1 1 1 11 1 1 1 1 1 1 1

.255255 255255145145 7878. .Host Id

1 1 1 0 0 0 1 1 1 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 11 1 1 1 1 11 1 1 1 1 1 1 1 1 1 1 1 1 11 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

SubSub--netnetMaskMask ::


143

5 IP protocol 5.1 IP Addressing Net broadcast and Subnet broadcast Mask - Exercise (5)

@IP Net maskNetwork Broadcast

131.108.2.10131.108.2.10

159.173.90.134159.173.90.134

159.173.90.34159.173.90.34

195.32.6.219195.32.6.219

255.255.255.128

255.255.255.128

255.255.255.0

255.255.255.248

. . .

Sub-net Broadcast

. . .

. . .

. . .

. . .

. . .

. . .

. . .



144

164.213.32.0/24164.213.32.0/24

5 IP protocol 5.1 IP Addressing Static subnetting - Exercise 7

1-Host Id being on 8 bits, theoretically, what is the max number of hosts ? …..

Department b50 hosts

Department c50 hosts

Department d50 hosts

Department a50 hosts

2- Four subnets have to be created. How many bits are required for Subnet ID?….

3- How many bits remain forHostID? …..

44-- What will be the maximum What will be the maximum number of hosts /number of hosts /SubnetSubnet ? ….? ….

Answer the questions :Answer the questions :

Static subnetting

Static subnetting implies that all subnets obtained from the same network use the same subnet mask. While this is simple to implement and easy to maintain, it may waste address space in small networks.


145

5 IP protocol 5.1 IP Addressing Static subnetting - Exercise 7 (continued)

164 . 213 . 32 .164 . 213 . 32 .

NetID 1 : . . .NetID 2 : . . .NetID 3 : . . .NetID 4 : . . .

NetID NetID

NetID 1 ?

Netmask ?

NetIDNetID 22 ?

NetIDNetID 33 ?

NetIDNetID 44 ?

___ . ___ . ___ . ___ . ___ . ___ . ______

___ . ___ . ___ . ___ . ___ . ___ . ______

___ . ___ . ___ . ___ . ___ . ___ . ______

___ . ___ . ___ . ___ . ___ . ___ . ______

___ . ___ . ___ . ___ . ___ . ___ . ______

5- Fill in this diagram


146

5 IP protocol 5.1 IP Addressing IP calculator Example

http://support.3com.support.3com.comcom/software//software/utilitiesutilities_for__for_windowswindows_32_bit._32_bit.htmhtm

Select some Select some parametersparameters

•Bits in mask or,•subnet mask or,•number of subnets or,•hosts per subnets.

Enter an IP addressEnter an IP addressFreeware : 3CIPCalc


147

164.213.32.0/24164.213.32.0/24

In this network, In this network, 210210 hosts will be hosts will be connected. connected.

5 IP protocol 5.1 IP Addressing Limits of static subnetting

Department e30 hosts30 hosts

Department d

Department b50 hosts

Department c50 hosts

Department a50 hosts

Host Id being on 8 bits, theoretically, the max number of hosts is 254.

2- How many bits remain forHostID? …..

33-- What will be the maximum What will be the maximum number of hosts /number of hosts /SubnetSubnet ? ….? ….

1- Five subnets have to be created. How many bits are required for Subnet ID?….

Answer the questions:Answer the questions:

44-- What is the problem ? ….What is the problem ? ….

30 hosts30 hosts3

5

30Static Subnetting

_

_

________________

Static subnetting

Static subnetting implies that all subnets obtained from the same network use the same subnet mask. While this is simple to implement and easy to maintain, it may waste address space in small networks.

In this example : either 4 subnets with a maximum of 62 hosts or 8 subnets with a maximum of 30 hosts


148

1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 11 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0

62 hosts

255 255 255 192Mask

164 . 213 . 32 164 . 213 . 32 ..1 0 1 0 0 1 0 01 0 1 0 0 1 0 0 1 1 0 1 0 1 0 11 1 0 1 0 1 0 1 0 0 1 0 0 0 0 00 0 1 0 0 0 0 0

30 hosts

30 hosts

1 11 1164 . 213 . 32 164 . 213 . 32 ..

1 0 1 0 0 1 0 01 0 1 0 0 1 0 0 1 1 0 1 0 1 0 11 1 0 1 0 1 0 1 0 0 0 0 1 0 0 0 0 01 0 0 0 0 0

SubnetID

5 IP protocol 5.1 IP Addressing VLSM : Variable Length Subnet Mask

255255 255255 255255 192192

62 hosts

1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 11 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 Mask

00

11

164 . 213 . 32 164 . 213 . 32 ..1 0 1 0 0 1 0 01 0 1 0 0 1 0 0 1 1 0 1 0 1 0 11 1 0 1 0 1 0 1 0 0 1 0 0 0 0 00 0 1 0 0 0 0 0

00

6464

128128

192192

224224

1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 11 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0

62 hosts

255 255 255 192Mask

164 . 213 . 32 164 . 213 . 32 ..1 0 1 0 0 1 0 01 0 1 0 0 1 0 0 1 1 0 1 0 1 0 11 1 0 1 0 1 0 1 0 0 1 0 0 0 0 00 0 1 0 0 0 0 0

0 00 0

0 10 1

1 01 0

1 11 11 0 1 0 0 1 0 01 0 1 0 0 1 0 0 1 1 1 1 0 1 0 1 0 10 1 0 1 0 1 0 0 1 0 0 0 0 1 0 0 0 0 00 0 0164 . 213 . 32 164 . 213 . 32 ..

255 255 255 2241 1 1 1 1 1 1 1 1 1 1 1 1 1 1 11 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 Mask

255 255 2551 1 1 1 1 1 1 1 1 1 1 1 1 1 1 11 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 Mask 224

VLSM

When variable length subnetting is used, allocated subnets within the same network can use different subnetmasks. A small subnet with only a few hosts can use a mask that accommodates this need. A subnet with many hosts requires a different subnet mask. The ability to assign subnet masks according to the needs of the individual subnets helps conserve network addresses. Variable length subnetting divides the network so that each subnet contains sufficient addresses to support the required number of hosts.


149

5 IP protocol 5.1 IP Addressing Serial link and sub-network

One serial linkOne serial link==one subone sub--networknetwork

RNIS,Frame Relay

Question :Question : How many network are there ?How many network are there ?

A serial link is considered as a network having only 2 hosts connected to.


150

An IP address to each end of the serial linkAn IP address to each end of the serial link

1SDN

5 IP protocol 5.1 IP Addressing Serial link : one IP@ to each end

192.192.100.0/24 192.192.200.0/24192.192.1.0/24

192.192.1.1192.192.1.1 192.192.1.2192.192.1.2

R1 R2

Two IP addresses used in the class C sub-net 192.192.1192.192.1.0.0252 unusable IP addresses

If a complete class C is assigned to a network made of a serial link, many host IP@ will be wasted


151

Question : How many bits for Host Id are requested to get 2 IP@ ?How many bits for Host Id are requested to get 2 IP@ ?

NetID HostID

5 IP protocol 5.1 IP Addressing Serial link and sub-net mask

ISDN

Net ID

R1 R2

HostID =0HostID =1 are invalid

This network needs 2 IP@This network needs 2 IP@

1 bit forHost Id seems correct but,

192.192.1.0/30

1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 11 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 255 255 255 252

0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 10 11 1 0 0 0 0 0 0

0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 1 01 01 1 0 0 0 0 0 0

192.192.1.1192.192.1.1 192.192.1.2192.192.1.2

192 192 . 192 . 1 . 192 . 1 . 2. 2192 . 192 . 192 . 192 . 1 . 11 . 1

The best way is to assigned a 30 bits netmask.


152



5 IP protocol 5.1 IP Addressing Evaluation

Objective: to be able to describe IP addressing modes, handle the subnetmasks




5 IP protocol


154

Network Mask Next hop If

204.92.75204.92.75.0.0

192.168.201192.168.201.0.0204.92.76204.92.76.0.0204.92.77204.92.77.0.0

5 IP protocol 5.2 IP routing Routing table : principle

R2 R1R1.1.1 .1.1 .1.1.2.2

0.0.0.0(default) 0.0.0.0192.168.201.0 255.255.255.0

204.92.76.0 255.255.255.0 e1e1

204.92.76.1e0

.2.2e0e0e1 e1e2

e1e1

An important function of the IP protocol is IP routing. This provides the basic mechanism for routers to interconnectdifferent physical networks.

The router only has information about various kinds of destinations: • networks that are directly attached to one of the physical networks to which the router is attached. • Hosts or networks for which the router has been given explicit definitions.


155


204.92.75204.92.75.0/24.0/24

192.168.201192.168.201.0/24.0/24204.92.76204.92.76.0/24.0/24204.92.77204.92.77.0/24.0/24

5 IP protocol 5.2 IP routing Routing table - Exercise 8

R2 R1R1.1.1 .1.1 .1.1.2.2

0.0.0.0(default) 0.0.0.0192.168.201.0 255.255.255.0

204.92.76.0 255.255.255.0 e1e1

204.92.76.1e0

.2.2e0e0e1 e1e2

e1e1FillFill--in this tablein this table



156

Answer



204.92.77.0 255.255.255.0

192.168.201.0 255.255.255.0

204.92.76.0 255.255.255.0 e0e1

204.92.76.2204.92.75.0 255.255.255.0 e2

204.92.75204.92.75.0/24.0/24

192.168.201192.168.201.0/24.0/24204.92.76204.92.76.0/24.0/24204.92.77204.92.77.0/24.0/24

5 IP protocol 5.2 IP routing Routing table - Exercise 8 (answer)

R2 R1R1.1.1 .1.1 .1.1.2.2

0.0.0.0(default) 0.0.0.0192.168.201.0 255.255.255.0

204.92.76.0 255.255.255.0 e1e1

204.92.76.1e0

.2.2e0e0e1 e1e2

e1e1

e0


157

204.92.75204.92.75.0.0

192.168.201192.168.201.0.0

204.92.76204.92.76.0.0

204.92.77204.92.77.0.0

5 IP protocol 5.2 IP routing Routing table - Default route

R2.1.1 .1.1 .1.1.2.2.2.2

e0e0e1 e1e2


0.0.0.0(default) 0.0.0.0192.168.201.0 255.255.255.0

204.92.76.0 255.255.255.0 e1e1

204.92.76.1e0e1e1

Network Mask Next hop If204.92.77.0 255.255.255.0204.92.76.0 255.255.255.0 e0

e1204.92.75.0 255.255.255.0 e2

204.92.76.2 e00.0.0.0(default) 0.0.0.0

R1R1

.3.3

Note : Avoid loops with default routes !Note : Avoid loops with default routes !

What will be the path of this IP packet ?What will be the path of this IP packet ?@IPsrc:@IPdest

204.92.75.3204.92.75.3: : 128.5.8.4128.5.8.4

1

23

4


158

5 IP protocol 5.2 IP routing Routing table : the metric

R1

R2

192.168.201.0

204.92.76.0

204.92.77.0

.1 .1 .1.2

204.92.75.0

.2

.2

Network Mask Next hop metric

204.92.77.0 255.255.255.0192.168.201.0 255.255.255.0204.92.76.0 255.255.255.0

204.92.76.1

204.92.75.0 255.255.255.0 204.92.76.1 e1204.92.77.0 255.255.255.0 e2

001

10

Secondary routePrimary routePrimary route

204.92.75.0 255.255.255.0 204.92.77.1 e2 1

Ife1e1e0e1e1

e0e0e1 e1e2e2

The metrics provide indication about cost of a route to a destination. Metrics are based on :

the number of hops, the bandwidth, the delay, ...


159

IPIPNetworkNetwork

HostHost

HostHost

5 IP protocol 5.2 IP routing IP packet transfer synthesis








Phys@2 Phys@6 Phys@8 Phys@7Phys@: 1

Phys@3

Phys@4 Phys@: 15

Phys@12

Phys@9

Phys@34

Network

Transport

Link

Network

Transport

Link

IP@bIP@bIP@aIP@a


Application Application









5 IP protocol


161

Version Headerlength

Type OfService Datagram length

Identification Flag Datagram offsetTTL Protocol Checksum

Source IP addressDestination IP address

Options

Data

byte byte byte byte

5 IP protocol 5.3 IP header IP datagramme format

The unit of transfer in an IP network is called an IP datagram. It consists of an IP header and data relevant to higher level protocols.

The maximum length of an IP datagram is 65,535 bytes. All IP hosts must support 576 bytes datagrams without fragmentation.

The size of the IP header is between 20 bytes 60 bytes.


162

5 IP protocol 5.3 IP header Version



Identification Flag Datagram OffsetTTL Protocol Checksum


Options

byte byte byte byte

Data

4 = IPv44 = IPv46 = IPv66 = IPv6

Version

The field contains the IP protocol version. The current version is 4. 5 is an experimental version. 6 is the version for IPv6


163

5 IP protocol 5.3 IP header Header length

•The unit is the word of 4 bytes

Version HeaderHeaderlengthlength




Options

byte byte byte byte

Data

Header length

The length of the IP header counted in word (=32-bit quantities). This does not include the data field. Value between 5 and 15


164

5 IP protocol 5.3 IP header Packet length

•The unit is the byte


Type OfService DatagramDatagram lengthlength



Options

Data

•Maximum value = 65535

Total Length

The total length of the datagram, header and data. Expressed in bytes The maximum length of an IP datagram is 65,535 bytes.


165

Version Headerlength Datagram lengthIdentification Flag Datagram Offset

TTL Protocol ChecksumSource IP address

Destination IP addressOptions

byte byte byte byte

5 IP protocol 5.3 IP header Type of Service

0 1 2 3 4 5 6 7BitsPrecedence Delay Through-put Reliability Cost 0

RFC 791RFC 791 RFC 1349RFC 1349DSCP (RFC 2474)DSCP (RFC 2474)

•Informs crossed networks about the desired Quality of Service

Type OfService

Service Type:

The service type is an indication of the quality of service requested for this IP datagram The Type of Service is used to indicate the quality of the service desired. The type of service is an abstract or

generalized set of parameters which characterize the service choices provided in the networks that make up the internet. This type of service indication is to be used by gateways to select the actual transmission parameters for a particular network, the network to be used for the next hop, or the next gateway when routing an internetdatagram.


166

5 IP protocol 5.3 IP headerToS : Precedence (rfc791)

Precedence0 1 2 3 4 5 6 7Bits

Indicates the priority of theIndicates the priority of thedatagramdatagram::000 : Routine000 : Routine001 : Priority001 : Priority010 : Immediate010 : Immediate011 : Flash011 : Flash100 : Flash override100 : Flash override101 : not used101 : not used110 : Inter110 : Inter--network controlnetwork control111 : Network control111 : Network control

Precedence: is intended to denote the importance or priority of the datagram. This field specifies the nature and priority of the datagram:

• 000: Routine • 001: Priority • 010: Immediate • 011: Flash • 100: Flash override • 101: Critical • 110: Internetwork control • 111: Network control


167

5 IP protocol 5.3 IP headerToS : Precedence management

Router

Prec4

Prec3

Prec2

Prec0

Prec1

IPnetworkCongestion


168

5 IP protocol 5.3 IP headerToS : (rfc1349)

0CostReliabilityDelay Throughput00 11 22 33 44 55 66 77BitsBits

0= normal0= normal1= low1= low

0= normal0= normal1= low1= low

0= normal0= normal1= high1= high

0= normal0= normal1= high1= high

- TOS:

Specifies the type of service value: • 1000: Minimize delay • 0100: Maximize throughput • 0010: Maximize reliability • 0001: Minimize monetary cost • 0000: Normal service


169

5 IP protocol 5.3 IP headerToS : rfc1349 suggested values

Application Minimisethe delay

Maximisethe throughput

Minimisethe cost

FTPcontroldata

TFTPSMTPcontrol

dataDNSUDP dns request

TCP dns request zone transfer

ICMPErrorrequest

IGPSNMPBOOTPNNTP

10100

00

000

01001

00

000

00000

00

001

Maximisethe reliability

Telnet/Rlogin 1 0 001 0 000 1 001 0 00

00000

00

100

0 0 01

Suggested TOS values for various applications


170

5 IP protocol 5.3 IP header Differentiated Services Code Point (rfc-2474)

Code point pool

Version Headerlength Type OfService Datagram lengthIdentification Flag Datagram Offset



0 1 2 3 4 5 6 7Bits

DSCPDSCP (Differentiated Services Code Point) Unused

Class Selector Code PointsClass Selector Code Points

0: standard1: experimental or local use

Differentiated Services

New IETF definition of the IPv4 Type of Service (ToS) byte in the IP packet-header by utilising the Differentiated Services Code Point (DSCP) field to classify packets into classes.

To preserve backward-compatibility with any IP Precedence scheme currently in use on the network, DiffServhas defined the three left bits as “Class-Selector Code Points”.

Packets can be marked with an arbitrary DSCP value. 6 bits allow to select up to 64 PHP « Per Hop Behavior »

Packets with the same PHB and sent in a particular direction follow the same packet scheduling, queuing, policing, or shaping behaviour of a node

The packets are classified IETF-defined per-hop behaviors (PHBs) including assured forwarding (AF) expedited forwarding (EF) and Best effort

Traffic that is characterised as EF will receive the lowest latency, jitter and assured bandwidth services which is suitable for applications such as VoIP.

AF allows carving out the bandwidth between multiple classes in a network according to desired policies. The default PHB essentially specifies that a packet marked with a DSCP value of 000000 receives the

traditional best-effort service


171

5 IP protocol 5.3 IP headerDiffserv mechanism

Scheduler

Queue management

EF

AF2

AF1

BE

Input

Output5/100

10/100

20/100

65/100

Linkutilisation

ratioTraffic conditioning(Meter, Marker, Dropper)

Classifier

Classifier: Packets which have to be classified according to the traffic class (conversational, streaming, interactive, background).

Traffic conditioning: includes mechanisms for: traffic metering (verification of the traffic contract) Dropper (discarding packets)

Queue management : allows to prevent congestion

Scheduler : assign a specific rate to each class


172

5 IP protocol 5.3 IP header Time To Live

Version Headerlength Type OfService Datagram lengthIdentification Flag Datagram Offset

TTLTTL Protocol ChecksumSource IP address


Data

TTL=641

TTL=63

2

TTL=62 3

TTL=60

5TTL=614

2TTL=0

3

TTL=321

Time to Live:

This field specifies the time (in seconds) the datagram is allowed to travel. Theoretically, each router processing this datagram is supposed to subtract its processing time from this field. In practise, a router processes thedatagram in less than 1 second. Thus the router subtracts one from the value in this field. The TTL becomes a hop-count metric rather than a time metric. When the value reaches zero, it is assumed that this datagram has been travelling in a closed loop and is discarded. The initial value should be set by the higher level protocol that creates the datagram.


173

5 IP protocol 5.3 IP header Encapsulated protocol

Upper protocolsUpper protocols

Data

MACMAC Data@MAC dest. @MAC src. Type08000800(IP)

FCS

IP protocolIP protocol

ICMPICMP

11Version Headerlength ToS Datagram length

Identification Flag Datagram OffsetTTL Checksum


OptionsData

ProtocolProtocol

TCPTCP66

UDPUDP

1717

Protocol Number:

This field indicates the higher level protocol to which IP should deliver the data in this datagram. These include: - 0: Reserved - 1: Internet Control Message Protocol (ICMP) - 2: Internet Group Management Protocol (IGMP) - 3: Gateway-to-Gateway Protocol (GGP) - 4: IP (IP encapsulation) - 5: Stream - 6: Transmission Control Protocol (TCP) - 8: Exterior Gateway Protocol (EGP) - 9: Private Interior Routing Protocol - 17: User Datagram Protocol (UDP) - 41: IP Version 6 (IPv6) - 50: Encap Security Payload for IPv6 (ESP) - 51: Authentication Header for IPv6 (AH) - 89: Open Shortest Path First


174

5 IP protocol 5.3 IP header Flags

Version Headerlength Type OfService Datagram lengthIdentification Datagram Offset



Flag

0 DF MF0 1 2Bits

MF: More Fragment 0 last fragment, 1 a fragment follows.

0 can be fragmented, 1 cannot be fragmentedDF: Don't fragment

MTU: 1500 MTU: 500

1400 bytes(DF=0, MF=0MF=0)1

1400 bytes(DF=1DF=1)1’ 2’

500 bytes(DF=0, MF=1MF=1)

2400 bytes

(DF=0, MF=0MF=0)4

500 bytes(DF=0, MF=1MF=1)

3

Flags :

DF (Do not Fragment): 0 means allow fragmentation; 1 means do not allow fragmentation. MF (More Fragments): 0 means that this is the last fragment of the datagram; 1 means that additional fragments

will follow.


175

5 IP protocol 5.3 IP header Identification

Version Headerlength Type OfService Datagram lengthFlag Datagram Offset



IdentificationIdentification

1

MTU: 1500

MTU: 500

500 bytes ID=6700ID=6700(DF=0, MF=1MF=1)

2

400 bytes ID=6700ID=6700(DF=0, MF=0MF=0)

4500 bytes ID=6700ID=6700

(DF=0, MF=1MF=1)

3

300 bytes ID=6701ID=6701(DF=0, MF=0MF=0) 300 bytes ID=6701ID=6701

(DF=0, MF=0MF=0)51400 bytes ID=6700ID=6700

(DF=0, MF=0MF=0)

Identification :

A unique number assigned by the sender to aid in reassembling a fragmented datagram. Each fragment of adatagram has the same identification number.


176

5 IP protocol 5.3 IP header Offset field

•Expressed in word of 8 bytes



Identification FlagTTL Protocol Checksum


Options

DatagramDatagram OffsetOffset

Fragment Offset:

This is used to aid the reassembly of the full datagram. The value in this field contains the number of 64-bit segments (8 bytes) contained in earlier fragments.

Header bytes are not counted. If this is the first (or only) fragment, this field contains a value of zero.


177

0800

5 IP protocol 5.3 IP header Use of the offset

MTU: 2000MTU: 800

Offset= 200FragFrag. 3. 3

FragFrag. 2. 2Byte 0

Byte 800

Byte 1600

Offset= 100

Offset= 0

FragFrag. 1. 1

Offset= 0

data

x 8 =800

x 8 =1600

1880 octets

Frag.1Frag.2

Frag.1

Frag.3

Frag.1Frag.2

Frag.2 Frag.1Frag.2 Frag.2 Frag.1Frag.3

Byte 1879

Frag.31600

Fragmentation When an IP datagram travels from one host to another, it may pass through different physical networks. Each

physical network has a maximum frame size. This is called the maximum transmission unit (MTU). It limits the length of a datagram that can be placed in one physical frame. IP implements a process to fragment datagramsexceeding the MTU. The process creates a set of datagrams within the maximum size. The receiving host reassembles the original datagram.


178

5 IP protocol 5.3 IP header Fragmentation synthesis (3)

Identification

Total lengthOffset

20391234 000 012

FlagTTL

10201234 001 011

1000 bytes

MTU = 4096 MTU = 1024

1234 001 12511

1234 000 25011

19 bytes

Optional exercise:What will be the value of the various fields ifthe next MTU is 512.

Data2019 bytes

20 oct 20 oct

1020

1000 bytes

20 oct

3920 oct

source address

4 5 06 xxxx

dest address.source address

4 5 06 xxxx

dest address.

source address

4 5 06 xxxx

dest address.

source address

4 5 06 xxxx

dest address.

Must be a multiple of 8 bytes

The following steps are performed to fragment the datagram: • The DF flag bit is checked to see if fragmentation is allowed. If the bit is set, the datagram will be discarded and an

ICMP error returned to the originator. • Based on the MTU value, the data field is split into two or more parts. All newly created data portions must have a

length that is a multiple of 8 bytes, with the exception of the last data portion. • Each data portion is placed in an IP datagram. The headers of these datagrams are minor modifications of the

original:- The more fragments flag bit is set in all fragments except the last.- The fragment offset field in each is set to the location this data portion occupied in the original datagram, relative to the beginning of the original unfragmented datagram. The offset is measured in 8-byte units.- If options were included in the original datagram, the high order bit of the option type byte determines if this information is copied to all fragment datagrams or only the first datagram. For example, source route options are copied in all fragments.- The header length field of the new datagram is set.- The total length field of the new datagram is set.- The header checksum field is re-calculated.

Each of these fragmented datagrams is now forwarded as a normal IP datagram. IP handles each fragment independently. The fragments can traverse different routers to the intended destination. They can be subject to further fragmentation if they pass through networks specifying a smaller

MTU.At the destination host, the data is reassembled into the original datagram. The identification field set by the sending host is used together with the source and destination IP addresses in the datagram. Fragmentation does not alter this field. In order to reassemble the fragments, the receiving host allocates a storage buffer when the first fragment arrives. The host also starts a timer. When subsequent fragments of the datagram arrive, the data is copied into the buffer storage at the location indicated by the fragment offset field. When all fragments have arrived, the complete original unfragmented datagram is restored. Processing continues as for unfragmented datagrams.


179

5 IP protocol 5.3 IP header Check of the header



Identification Flag Datagram OffsetTTL Protocol


Options

Data

ChecksumChecksum

Header Checksum:

This field is a checksum for the information contained in the header. If the header checksum does not match the contents, the datagram is discarded.


180

5 IP protocol 5.3 IP header IP Addresses





Options

•IP address using 32 bits

Source IP Address:

The 32-bit IP address of the host sending this datagram.

• Destination IP Address:

The 32-bit IP address of the destination host for this datagram.


181

5 IP protocol 5.3 IP header Options





OptionsOptions•variable field, maxi length 40 bytes, rarely used

Padding

•Main options :-Route recording-Route + Time stamp -strict routing-no strict routing

IP datagram routing options The IP datagram Options field provides two methods for the originator of an IP datagram to explicitly provide

routing information. It also provides a method for an IP datagram to determine the route that it travels. Loose source routing also called the loose source and record route (LSRR) option, provides a means for the source of an IP

datagram to supply explicit routing information. Strict source routing also called the strict source and record route (SSRR) option, uses the same principle as loose source

routing except the intermediate router must send the datagram to the next IP address in the source route via a directly connected network.

Record route This option provides a means to record the route traversed by an IP datagram. Internet timestamp A timestamp is an option forcing some (or all) of the routers along the route to the destination to put a

timestamp in the option data.


182

5 IP protocol 5.3 IP header IP encapsulation in Ethernet V2

IP protocolIP protocol

6

MAC @Dest.

MAC @Source

6

Type0800

2

Eth V2 frame FCS4

0800 = IP

IP datagram

Data

20 bytes

IdentifTypeserv.

IP @source OptionsIP @

dest.Headleng. FlagTotal

LengOffset

fragment TTL Protocol CRCVer.

0≤≤≤≤ length≤≤≤≤40

MAC protocolMAC protocol

Data


183

5 IP protocol Synthesis

no reliability,no reliability,

no error recoveryno error recovery

connectionlessconnectionless--orientedoriented

Best effort


184

5 IP protocol 5.3 IP header Exercise

Addr. Hex. Data 0000: FF FF FF FF FF FF 00 80 9F 21 32 A9 08 00 45 000010: 01 48 00 00 00 00 0F 11 AA A6 00 00 00 00 FF FF0020: FF FF 00 44 00 43 01 34 EF 12 01 01 06 00 00 000030: 7E BA 00 00 00 00 00 00 00 00 00 00 00 00 00 000040: 00 00 00 00 00 00 00 80 9F 21 32 A9 00 00 00 000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000150: 00 00 00 00 00 00Eth v2 [0000:000D]

0000:0005 Destination Address: FFFFFFFFFFFF (Broadcast)0006:000B Source Address: 00809F2132A9 (Alcatel2132A9)000C:000D Ethernet Type: DOD Internet Protocol (IP)

IP [000E:0021]000E:000E Version: 4; Header Length: 20000F:000F TOS, Precedence: Routine; Delay:Normal;Throughput:Normal;0010:0011 Packet Length: 328 Reliability:Normal0012:0013 Identification: 0x00000014:0014 DF: May Fragment; MF: Last Fragment0014:0015 Fragment Offset: 00016:0016 Time to Live: 150017:0017 Transport: User Datagram0018:0019 Header Checksum: 0xAAA6 (correct)001A:001D Source Address: 0.0.0.0001E:0021 Destination Address: 255.255.255.255

•1-What is the encapsulated protocol in this IP packet?•2-What is the byte representing this protocol in the hexadecimal trace ?


185


Addr. Hex. Data ASCII0000: 01 00 5E 00 00 09 00 10 7B 81 9E 9A 08 00 45 C0 ..^..........E.0010: 00 34 00 00 00 00 02 11 CD DD 0A 0E 00 05 E0 00 .4..............0020: 00 09 02 08 02 08 00 20 05 73 02 02 00 00 00 02 ....... .s......0030: 00 00 0A 0A 00 00 FF FF 00 00 00 00 00 00 00 00 ................0040: 00 01

11-- Look for the destination IP @ and indicate which class is itLook for the destination IP @ and indicate which class is it

22-- Look for the destination MAC @ and explain its valueLook for the destination MAC @ and explain its value

Ethernet Frame


186



5 IP protocol Evaluation

Objective: To be able to describe the role of the various IP header fields


188

6 ICMP protocol ICMP protocol situation

ICMPIP

ARP

SNAP

802.2



Ethernet V2

Fibre optique Paires torsadéesblindées

Network

LLC

MAC

Link

Physical

ICMP uses IP as if ICMP were a higher level protocol (that is, ICMP messages are encapsulated in IP datagrams). However, ICMP is an integral part of IP and must be implemented by every IP module.

ICMP messages are described in RFC 792 and RFC 950, belong to STD 5 and are mandatory.


189

6 ICMP protocol Main function

IP @ :ZIP @ :ZRouter

IP @ : YIP @ : Y

IP @ : MIP @ : MRouter

@IP:Z@IP:Z @IP:Y@IP:Y Data1

@IP:M@IP:M @IP:Z@IP:Z ICMPmessage

2

When a router or a destination host must inform the source host about errors in datagram processing, it uses the Internet Control Message Protocol

ICMP is used to report errors, not to make IP reliable. Datagrams may still be undelivered without any report on their loss. Reliability must be implemented by the higher-level protocols using IP services.

ICMP cannot be used to report errors with ICMP messages. This avoids infinite repetitions.ICMP responses are sent in response to ICMP query messages (ICMP types 0, 8, 9, 10 and 13 through 18).

ICMP messages are never sent in response to datagrams with a broadcast or a multicast destination address.

ICMP is also used to perform tests (see ping, traceroute).


190

6 ICMP protocol Format of the ICMP message

CRC DataParameters1

Type Code1 2 4

ICMP message ICMP message

20 bytes

Protocol= 1 (ICMP)

Header IP

MAC @Dest.

MAC @Source

6

Type0800

2

Eth V2 frame FCSDatagram IP4

Type=0800 (IP)

6


191

6 ICMP protocol Type - Code

0: network unreachable 1: host unreachable 2: Protocol unreachable3: Port unreachable 4: fragmentation needed but don’t frag=05: Source route failed6: Unknown destination network 7: Unknown destination host8: (obsolete)9: destination network administratively forbidden10: destination host administratively forbidden11: network unreachable for this TOS12: host unreachable for this TOS13: Communication forbidden (filter)14: Violation of the precedence15: precedence

Type Code

3:unreachabledestination

0: Redirection for a network1: Redirection for a host2: Redirection for a service and a network3: Redirection for service and a host

5:Redirection

0: Response0:Echo

0: Source Quench4: flow control

0: Request8: Echo

0:9: Router Advertisement

0:10: Router solicitation

0: time to live exceeded in transit1: during reassembly

11: Time to live

0: IP header1: Option missing

12: parameter error

0:13: Timestamp Request

0:14: Timestamp response

0:15: Information request

0:16: Information Response

(obsolete)(obsolete)

0:17: Netmask request

0:18: Netmask response

Type Code


192

6 ICMP protocol Parameter Error

0: Bad IP header1: Requested option missing

CRC dataParameters01Type12 Code0 or 1

1 2 4

ICMP Message

Header IP+ 64 first bits

ICMP•Parameter error :

•bad IP header

2

IP Packet IP Packet 11

Router

Parameter Problem (12)

This message indicates that a problem was encountered during processing of the IP header parameters. The pointer field indicates the byte in the original IP datagram where the problem was encountered. The ICMP header code field may have the one of the following values:

• 0: unspecified error • 1: required option missing


193

6 ICMP protocol Unreachable destination

NetworkNetwork

Type =3 (unreachable destination)Type =3 (unreachable destination)Code= 0 (unreachable network)Code= 0 (unreachable network)

Host not existing

Type =3 (unreachable destination)Type =3 (unreachable destination)Code= 1 (unreachable Host)Code= 1 (unreachable Host)Type =3Type =3 (unreachable destination)(unreachable destination)

Code= 1 (unreachable Host)Code= 1 (unreachable Host)

Application

Type =3 (unreachable destination)Type =3 (unreachable destination)Code= 3 (non valid Port)Code= 3 (non valid Port)

non active

Type =3 Type =3 (unreachable destination)(unreachable destination)Code= 2 (non valid protocol )Code= 2 (non valid protocol )

non implemented

Unreachable destination (3)

If this message is received from an intermediate router, it means that the router regards the destination IP address as unreachable.

If this message is received from the destination host, it means that either the protocol specified in the protocol number field of the original datagram is not active or the specified port is inactive.


194

6 ICMP protocol Unreachable destination «fragmentation needed»

MTU=512MTU=1500

CRC DataIP header+ 64 first bitsParameter0

1Type3 Code41 2

ICMP Message ICMP Message

fragmentation needed

4

MTU=256Flag df(don’t fragment)

1500 oct

1 2

ICMPunreachable destination (fragmentation needed)

3



195

MT U =1536 M T U =1 0 2 4 MTU= 512

6 ICMP protocol MTU discovery (option rfc 1191)

CRC DataIP header+ 64 first bits01Type3 Code4

1 2 2ICMP Message ICMP Message

fragmentation needed

2next hopMTU

Flag df(don’t fragment)1500

1 2

ICMPUnreachable destination (Path MTU Discovery:1024)

3

M T U =1 0 2 4 MTU= 512MT U =1536

ICMPUnreachable destination (Path MTU Discovery:512)

7

Flag df(don’t fragment)1024

4 5 6


Path MTU Discovery is a draft standard protocol with a status of elective. It is described in RFC 1191. If a router implements the Path MTU Discovery protocol, the format of the destination unreachable message is

changed for code 4. This includes the MTU of the link that did not accept the datagram.


196

6 ICMP protocol Time overflow (overflow TTL)

Network

2

ICMP 4

CRC DataIP header + 64 first bitsParameters0

1

Type11 Code01 2 4


TTL (Time to Live)

overflow generated by a router

1

3

Time Exceeded (11)

If this message is received from an intermediate router, it means that the time to live field of an IP datagram has expired. If this message is received from the destination host, it means that the

IP fragment reassembly time to live timer has expired while the host is waiting for a fragment of the datagram. The ICMP header code field may have the one of the following values:

• 0: transit TTL exceeded • 1: reassembly TTL exceeded


197

6 ICMP protocol Time overflow (overflow time to reassemble)

MTU=512MTU=1536

1

ICMPoverflow time to reassemble

2


1

Type11 Code11 2 4


TTL (Time to Live)

overflow (during reassembly) generated by a host

Time Exceeded (11)

The ICMP header code field may have the one of the following values:• 0: transit TTL exceeded• 1: reassembly TTL exceeded


198

6 ICMP protocol Redirection

CRC DataIP header + 64 first bitsParameters@IP router

1Type55 Code00 ....33

1 2 4


0: Network redirection0: Network redirection1: Host redirection1: Host redirection2: Network redirection for the requested service2: Network redirection for the requested service3: Host redirection for the requested service3: Host redirection for the requested service

ICMPRedirection

(R2R2)

2

Defaultgateway : R1R1

R1R1

R2R2

1

4

3

Redirect (5)

If this message is received from an intermediate router, it means that the host should send future datagrams for the network to the router whose IP address is specified in the ICMP message. This preferred router will always be on the same subnet as the host that sent the datagram and the router that returned the IP datagram. The router forwards the datagram to its next hop destination. This message will not be sent if the IP datagramcontains a source route.


199

Destination Gateway Flags Interface

6 ICMP protocol Example of redirection

140.252.1.0/24 U eth0eth0default 140.252.1.4 UG

127.0.0.1 UH lo0127.0.0.1

140.252. 1.92 140.252.1.32 140.252.1.11140.252.1.4

Internet

140.252.1.183

140.252.1.29

140.252.13.33140.252.13.35

140.252.13.66

140.252.13.65Network

140.252.13.32

Network140.252.1

140.252. 13.34

% ping 140.252.13.341

355 ICMP host redirection

140.252.1.183

2140.252.13.34140.252.13.34/32 140.252.1.183140.252.1.183 eth0eth0UGHDUGHD66

77

flag D: route made by flag D: route made by redirection ICMPredirection ICMP

44

flag H: the destination is a Hostflag G: route through Gatewayflag U: the route is Up

Redirect (5)

Example


200

6 ICMP protocol Source Quench

ICMPSource quench

21

Flowcontrol


1

Type4 Code01 2 4

ICMP message ICMP message

Source Quench

Source Quench (4)

If this message is received from an intermediate router, it means that the router did not have the buffer space needed to queue the datagram. If this message is received from the destination host, it means that the incomingdatagrams are arriving too quickly to be processed.

The ICMP header code field is always zero.


201

6 ICMP protocolSubnet mask

ICMP: Responsenetmask of network

2RouterRouter

ICMP: Responsenetmask of network

2

IP @ :A1 ICMP: Request

netmask@IP:A Broadcast

RouterRouterSubnetSubnet

17: Request18: Response

CRC Netmask1

Type17 ou 18

Code01 2 2

ICMP message ICMP message Identification Sequence number

2 32

Address Mask Request (17) and Address Mask Reply (18)

An address mask request is used by a host to determine the subnet mask used on an attached network. Most hosts are configured with their subnet mask(s). However some, such as diskless workhosts, must obtain this information from a server. A host uses RARP to obtain its IP address. To obtain a subnet mask, the host broadcasts an address mask request. Any host on the network that has been configured to send address mask replies will fill in the subnet mask, convert the packet to an address mask reply and return it to the sender. The ICMP header code field is zero.


202

6 ICMP protocol Time stamp

1

ICMP timestampRequest

CRC Origintime

1

Type13 Code01 2 4

Identification Sequencenumber

Transit timeProcessing time

2ICMP timestampResponse

CRC1

Type14 Code01 2 4

Identification Sequencenumber transmissiontime

reception time

Origintime

Timestamp Request (13) and Timestamp Reply (14)

These two messages are for debugging and performance measurements. They are not used for clock synchronization. The sender initializes the identifier and sequence number (which is

used if multiple timestamp requests are sent), sets the originate timestamp and sends the datagram to the recipient. The receiving host fills in the receive and transmit timestamps, changes the type to timestamp reply and returns it to the original sender. The datagram has two timestamps if there is a perceptible time difference between the receipt and transmit times. In practice, most implementations perform the two (receipt and reply) in one operation. This sets the two timestamps to the same value. Timestamps are the number of milliseconds elapsed since midnight UT (GMT).


203

6 ICMP protocol Advertisement/ Solicitation of Routers

CRCParameter0

1Type10 Code01 2

SolicitationSolicitation

CRCNumber ofaddresses

1Type9 Code01 2

Entry size (=2) TTLrouter address (1)Preference level (1)router address(2)Preference level(2)router address(n)Preference level (n)

AdvertisementAdvertisement

Router Advertisement (9) and Router Solicitation (10) (RFC 1256) These two messages are used if a host or a router supports the router discovery protocol. Routers periodically

advertise their IP addresses on those subnets where they are configured to do so. Advertisements are made on the all-systems multicast address (224.0.0.1) or the limited broadcast address (255.255.255.255). The default behavior is to send advertisements every 10 minutes with a TTL value of 1800 (30 minutes). Routers also reply to solicitation messages they receive. They may reply directly to the soliciting host, or they may wait a short random interval and reply with a multicast. Hosts may send solicitation messages.

Solicitation messages are sent to the all-routers multicast address (224.0.0.2) or the limited broadcast address (255.255.255.255). Typically, three solicitation messages are sent at 3-second intervals. Alternatively a host may wait for periodic advertisements. Each time a host receives an advertisement with a higher preference value, it updates its default router. The host also sets the TTL timer for the new entry to match the value in the advertisement. When the host receives a new advertisement for its current default router, it resets the TTL value to that in the new advertisement. This process also provides a mechanism for routers to declare themselves unavailable. They send an advertisement with a TTL value of zero.

• number: The number of entries in the message. • entry length: The length of an entry in 32-bit units. This is 2 (32 bits for the IP address and 32 bits for the preference

value). • TTL: The number of seconds that an entry will be considered valid. • router address: One of the sender's IP addresses. • preference level: A signed 32-bit level indicating the preference to be assigned to this address when selecting a

default router. Each router on a subnet is responsible for advertising its own preference level. Larger values imply higher preference; smaller values imply lower. The default is zero, which is in the middle of the possible range. A value of X'80000000’ (-231) indicates the router should never be used as a default router.


204

6 ICMP protocol Echo (PING)

CRC Data1

Type0 ou 8 Code01 2 4


0: Echo Response8: Echo Request

Identification Sequencenumber

IP @ : A@IP: B

1

ICMPEcho Request

IP@A IP@B

2

ICMPEcho Response

@IPB @IPA

Echo (0) (8) is used to detect if another host is active on the network. It is used bythe Ping command.The sender initializes

the identifier, sequence number, and data field. The datagram is then sent to the destination host. The recipient changes the type to Echo Reply and returns the datagram to the sender.

PING (Packet Internet Groper ) Ping is the simplest of all TCP/IP applications. It sends IP datagrams to a specified destination host and

measures the round trip time to receive a response. The word ping, which is used as a noun and a verb, is taken from the sonar operation to locate an underwater object. It is also an abbreviation for Packet InterNet Groper.

Traditionally, if you could successfully ping a host, other applications such as Telnet or FTP could reach that host. With the advent of security measures on the Internet, particularly firewalls, which control access to networks by application protocol and/or port number, this is no longer necessarily true. Nonetheless, the first test ofreachability for a host is still to attempt to ping it.

Ping is useful for verifying an IP installation. The following variations of the command each require the operation of an different portion of an IP installation:

• ping loopback: Verifies the operation of the base TCP/IP software. • ping my-IP-address: Verifies whether the physical network device can be addressed. • ping a-remote-IP-address: Verifies whether the network can be accessed. • ping a-remote-host-name: Verifies the operation of the name server (or the flat namespace resolver, depending on the installation).


205

6 ICMP protocol Trace route program

@IPA @IPB TTL=1

IP @ : A IP@: x IP @ :y

IP @ : BIP @ : BICMP: Type 11code 0: overflowTTL

@IPA@IPx

IP @: z

@IPA @IPB TTL=2

ICMP: Type 11code 0: overflowTTL@IPA@IPy

@IPA @IPB TTL=3

ICMP: Type 11code 0: overflowTTL@IPA@IPz

@IPA @IPBTTL=4

ICMP: Type 0code 0: Echo Response@IPA@IPB

Traceroute

The Traceroute program is used to determine the route IP datagrams follow through the network. Traceroute is based upon ICMP and UDP. It sends an IP datagram with a TTL of 1 to the destination host. The

first router decrements the TTL to 0, discards the datagram and returns an ICMP Time Exceeded message to the source. In this way, the first router in the path is identified. This process is repeated with successively larger TTL values to identify the exact series of routers in the path to the destination host. Traceroute sends UDPdatagrams to the destination host. These datagrams reference a port number outside the standard range. When an ICMP Port Unreachable message is received, the source determines the destination host has been reached.


206

6 ICMP protocol Exercise: Ping and Trace route program

>> pingping <<ipip--addraddr>>>> pingping icannicann.org.org

1

2

cmd 3

4>> tracerttracert <<ipip--addraddr>>oror>> tracert tracert isocisoc.org.org

On Unix orOn Unix or LinuxLinuxtracerouteping

On WindowsOn Windows--NTNT


207

HackerHacker

P ing P ing inext i

For i = f i r st _IP@f i r st _IP@ t o l ast _IP@l ast _IP@

6 ICMP protocol Attacks against security with ICMP (1)

ICMP Source Quench request to reduce the throughput

Destination unreachable allows to know who is unreachable and why.Traceroute allows to know the IP addresses of the routers

Ping allows the scan of IP addresses

ICMP Redirects modifies the routing table of the hosts ( DoS attack).

tr ac er outetr ac er oute

ICMP can be used by hackers to know more about a network as well as to damage the correct operation of a network.

That is why, usually, the firewalls connected to the border between Private network and Internet will discard any ICMP messages.

Note : DoS attack- This name is given to this kind of attack because only Microsoft DoS (not Unix nor Linux) take in account the redirect ICMP message.

http://www.sys-security.com/archive/papers/ICMP_Scanning_v1.0.pdf


208

6 ICMP protocol Attacks against security with ICMP (2)

DoSDoS

UNIXUNIX

ICMP allows to detect the type of Operating System :ICMP allows to detect the type of Operating System :

ICMP Address Mask Requests (type 16)ICMP Address Mask Requests (type 16) Allows to detect routers Allows to know the subnets

HackerHacker

A

B

Destination Destination unreachable

unreachable2’

IC MP timesta mp IC MP timesta mp

R espo nseR espo nse2

ICMP timestamp Request 1

A: MicrosoftB: Unix

3

ICMP with type=echo and code ≠0 : is accepted by UNIX leads to a response with code=0 on Microsoft


209

6 ICMP protocol Exercise ICMP(1)

NetworkNetwork10.10.0.0/1610.10.0.0/16

MAC@ :00.10.7b.81.9d.15MAC@ :00.10.7b.81.9d.15

MAC@ :00.10.7b.81.9c.f9MAC@ :00.10.7b.81.9c.f9

Given this interconnection diagram and the trace (next page) of messages made on the network 10.10.0.0 when a ping is sent from this PC :

MAC@: 00.a0.24.00.a0.24.eaea.16.7e.16.7eIP@ : . . .. . .

default/gateway: 10.10.0.1110.10.0.11

PC configuration

11-- Fill in this diagram (IP@ of various units)Fill in this diagram (IP@ of various units)

IP@ : . . .IP@ : . . .

IP@ : . . .IP@ : . . .

ping @IP:10.12.0.1ping @IP:10.12.0.1 22-- Draw the exchanges Draw the exchanges (see the page following the trace)(see the page following the trace)

Exercise: A ping has been launch to the IP@:10.12.0.1

Given the following trace: 1- Draw the events 2 - on the diagram,

- write down the IP @ of the host, - draw with arrows the exchanges.


210


802.3 Destination Address: 00107B819CF9Source Address: 00107B819D15Ethernet Type: (IP)

IP Source Address: 10.10.10.10Destination Address: 10.12.0.1

ICMP Type: EchoCode: 0x00Checksum: 0xFB5BIdentifier: 0x0001Sequence Number: 81

Frame 3

802.3 Destination Address: 00A024EA167E Source Address: 00107B819CF9Ethernet Type: (IP)


ICMP Type: Echo ReplyCode: 0x00Checksum: 0x035CIdentifier: 0x0001Sequence Number: 81

Frame 4

802.3 Destination Address: 00107B819CF9Source Address: 00A024EA167EEthernet Type: (IP)


ICMP Type: EchoCode: 0x00Checksum: 0xFA5BIdentifier: 0x0001Sequence Number: 82

Frame 5

802.3 Destination Address: 00A024EA167E Source Address: 00107B819D15Ethernet Type: DOD Internet Protocol (IP)


ICMP Type: RedirectCode: Redirect datagrams for the NetworkChecksum: 0x9B8DGateway Internet Address: 10.10.0.12IP - Version: 4, Header Length: 20IP - Service Type: 0x00IP - Packet Length: 60IP - Identification: 0xB941IP - Fragment Offset: 0x0000IP - Time to Live: 31IP - Transport: Internet Control MessageIP - Header Checksum: 0xC45FIP - Source Address: 10.10.10.10IP - Destination Address: 10.12.0.1Others: 8 bytes of data

Frame 2

802.3 Destination Address: 00107B819D15Source Address: 00A024EA167E (3ComEA167E)Ethernet Type: DOD Internet Protocol (IP)


ICMP Type: EchoCode: 0x00Checksum: 0xFB5BIdentifier: 0x0001Sequence Number: 81

Frame 1

% ping IP @ :10.12.0.1ping IP @ :10.12.0.1

MAC @ :00.a0.24.ea.16.7e

Network 10.10.0.0/16Network 10.10.0.0/16

MAC @ :00.10.7b.81.9d.15

MAC @ :00.10.7b.81.9c.f9

IP @ : @IP:

IP @ :

default/gateway: 10.10.0.11


211


time time time

IC M P ( echo, . . .

MAC@ :00.10.7b.81.9c.f9MAC@ :00.10.7b.81.9c.f9IP@ : . . .IP@ : . . .

MAC @ :00.10.7b.81.9d.15MAC @ :00.10.7b.81.9d.15IP@ : . . .IP@ : . . .

MAC@:00.a0.24.MAC@:00.a0.24.eaea.16.7e.16.7eIP@ : . . .IP@ : . . .


212



6 ICMP protocol Evaluation

Objective: to be able to analyze an ICMP

message and explain the operation of the Ping and Trace_route programs



3



214

7 Client-Server ModelOverview

File File

Client :File transferServer :File transfer

Network IPExample:tftptftp <server<server--IP@>IP@>

The “Server” is the party The “Server” is the party providing a serviceproviding a service

The “Client” is the party The “Client” is the party requesting a servicerequesting a service

Whatever the direction of the transferWhatever the direction of the transfer

tftp> put/getput/get <file_name>…….…….Transfer completedtftp> quit

A server is an application that offers a service to internet users; a client is a requester of a service. An application consists of both a server and a client part, which can run on the same or on different systems. Users usually invoke the client part of the application, which builds a request for a particular service and sends it to the server part of the application using TCP/IP as a transport vehicle.

The server is a program that receives a request, performs the required service and sends back the results in a reply. A server can usually deal with multiple requests and multiple requesting clients at the same time.


215

7 Client-Server Model Overview of UDP / TCP

Finance departmentFinance departmentAlcatelAlcatel

22300 LANNION22300 LANNION

Rhône-Alpes

Provence-Côted'Azur

Midi-Pyrénées

Languedoc-Roussillon

Auvergne

LorraineAlsace

Franche-Comté

Poitou-Charentes

Pays de la Loire

Basse-Normandie Île de France

Picardie

Haute-Normandie

Artois

Champagne-Ardenne

Bretagne

Savoie

NORDSOMME

AISNEOISE

SEINE-

MARITIME

EURE

EURE-

ET-LOIR

ARDENNES

MARNEMEUSE

AUBE

LOIRET

LOIR-

ET-CHE R

CHER

YONNE

HAUTE-

MARNE

CÔTE-D'OR

NIÈVREINDRE-

ET-LOIR

INDRE

ALLIER

PUY-DE-DÔMELOIRE

HAUTE-

LOIRE

VIENNE

HAUTE-

VIENNE

CREUSE

SAÔNE-ET-

LOIRE

RHÔNE

AIN

JURA

ISÈRECORRÈZE

CANTAL

LOT

DORDOGNE

CHARENTE

GIRONDE

VENDÉE

CHARENTE-

MARITIME

LOZÉRE

SARTHE

MAYENNE

MAINE-ET-

LOIRE

LOIRE-

ATLANTIQUE

ILLE-ET-

VILAINEMORBIHAN

CÔTES D'ARMOR

D E U X - S È V R E S

FINISTÈRE

LANDES

GERSTARN

LOT-ET-

GARONNE

TARN-ET-

GARONNE

AVEYRON

PYRÉNÉES-

ATLANTIQUES

ARIÈGE

AUDE

H AU T

E S-

P YR É

N ÉE S

H AU T E

- GA R

O NN E

HÉRAULT

PYRÉNÉES-

ORIENTALES

VAR

GARD

ARDÈCHEDRÔME

VAUCLUSE

ALPES-DE-

HAUTE-

PROVENCE

ALPES-

MARITIMES

SAVOIE

HAUTES-ALPES

HAUTE

SAVOIE

DOUBS

HAUTE-

SAÔNE

VOSGES

BELFORT

HAUT-

RHIN

MOSELLE

ME U R T H E - E T -

MOSELLE

CALVADOS

ORNE

NCH

E

SEINE-ET-

MARNE

VAL D'OISE

YVELINES

ESSONE

BAS-

RHIN

BOUCHES-

DU-RHÔNEBayonne

Paris

FRANCE

Pau

Tarbes

Toulouse

Bordeaux

Perpignan

Béziers

Montpell ier

Nîmes

Avignon

Marsei l les

Toulon

Cannes

Nice

Valence

Grenoble

Lorient

Quimper

Brest St-BrieucÎ led'Oussant

MAC address MAC address ≡≡≡≡≡≡≡≡IP address IP address ≡≡≡≡≡≡≡≡UDP port UDP port ≡≡≡≡≡≡≡≡

Multiplexing Sender: accounting departmentTelecom Company75000 PARIS

1

Alcatel

3

Finance Business Research

4

2

Analogy

The city/post code ≡ MAC@Company name ≡ IP@Department ≡ UDP port Note : the company could move to another city => modification of the City/post code but no modification of the company name (logical address)The post office pay attention only on the city/post code (MAC@) and the Company name (IP@) but not the department (UDP port)Only the private companies (users) pay attention to the department (UDP port).

UDP/TCP portsallows multiplexing. Delivering data from an application to its remote peer. Multiple applications can be supported simultaneously.


216

7 Client-Server Model« Ephemeral » ports and « well-known » ports

TFTP serverTFTP serverFileFiletransfertransfer

IP network

UDP/TCP UDP/TCP

Well known port69

a b

SocketSocket@@IPaIPa, , Port1843Port1843@@IpbIpb, Port69 , Port69 SocketSocket@@IPaIPa,,Port1955Port1955@IPb,Port69

« Well-known » port <1024Ephemeral port ≥≥≥≥ 1024

IP IP

FileFile

ClientClientFileFiletransfertransfer1

Ephemeral port18432

3

4

5

6

ClientClientFileFiletransfertransfer1’

Ephemeral port1955

2’

@IPa @IPbPORTsrc:1955PORTdest: 69

3’

4’

5’

6’

@IPa @IPbPORTsrc:1843PORTdst: 69

The well-known ports are controlled and assigned by the Internet Assigned Number Authority (IANA)Most servers wait for requests at a well-known port so that their clients know which port (and in turn, which application) they must direct their requests.

The reason for well-known ports is to allow clients to be able to find servers without configuration information. The well-known port numbers are defined in STD 2 – Assigned Internet Numbers.

The client typically uses an arbitrary port called an ephemeral port for its communication. Clients that wish to communicate with a server that does not use a well-known port must have another mechanism for learning to which port they must address their requests. This mechanism might employ a registration service such asportmap, which does use a well-known port.

Ephemeral: Clients do not need well-known port numbers because they initiate communication with servers and the port number they are using is contained in the UDP datagrams sent to the server. Each client process is allocated a port number for as long as it needs it by the host it is running on. Ephemeral port numbers have values greater than 1023, normally in the range 1024 to 65535. A client can use any number allocated to it, as long as the combination of <transport protocol, IP address, port number> is unique.

Ephemeral ports are not controlled by IANA and can be used by ordinary user-developed programs on most systems.


217

7 Client-Server Model Multiplexing

(TCP / UDP)(TCP / UDP)

ApplicationApplicationlayerlayer

Layer 4Layer 4

Layer 3Layer 3IPIP

ServerApplication y Application z

Port 2 Port nPort 1

Multiplexing based on port numberApplication x

IP packet

IP headerIP header@IPsrc @Ipdest

1

Portsrc:…., Portdest: nLayer 4 header Data

2Portsrc:…., Portdest: nUDP header DataPortsrc:…., Portdest: nLayer 4 header

3

Data4

In both transport layer UDP and TCP, the destination port is used to determine the target application.


218

7 Client-Server Model Simultaneous access to a server

FileFile

ServerFile transfer

IP network

IPUDP:TCP UDP/TCP

a c

IP IPUDP/TCP

b

File

ClientFile transfer1

Ephemeral port10252


3

Well known port694

SocketSocket@@IPaIPa,Port1025,Port1025@@IPbIPb,Port69,Port69

55

ClientFile transfer1’

Ephemeral port10252’

@IPc @IPbPORTsrc:1025PORTdest: 69

3’

4’

SocketSocket@@IPcIPc,Port1025,Port1025@@IPbIPb,Port69,Port69

5’5’

The concepts of port and socket, determine which local process at a given host actually communicates with which process, at which remote host, using which protocol. If this sounds confusing, consider the following:

• An application process is assigned a process identifier number (process ID), which is likely to be different each time that process is started.

• Process IDs differ between operating system platforms, hence they are not uniform. • A server process can have multiple connections to multiple clients at a time, hence simple connection identifiers

would not be unique. The concept of ports and sockets provides a way to uniformly and uniquely identify connections and the

programs and hosts that are engaged in them, irrespective of specific process IDs.

A socket address is the triple: <protocol, local-address, local-process> For example, in the TCP/IP suite: <tcp, 193.44.234.3, 12345>

A conversation is the communication link between two processes. An association is the 5-tuple that completely specifies the two processes that comprise a connection: <protocol, local-address, local-process, foreign-address, foreign-process> In the TCP/IP suite, the following could be a valid association: <tcp, 193.44.234.3, 1500, 193.44.234.5, 21>


219

7 Client-Server Model Host being both Server and Client

File FileFileServerServerFileFiletransfertransfer

IP network

IPUDP/TCP UDP/TCP

a c

IP IPUDP/TCP

b

ClientClientFileFiletransfertransfer1

Ephemeral port10252


3

Well known port694

Socket@IPa,Port1025@IPb,Port 695

ServerServerFileFiletransfertransferSocket@IPb,Port1542@IPc,Port 695’

Well known port694’

@IPb @IPcPORTsrc:1542PORTdest: 69

3’

Ephemeral port1542 2’

ClientClientFileFiletransfertransfer1’

A server could be a client for another communication.


220

7 Client-Server ModelPort distribution

7: Echo9: Discard11: Systat- logged users13: Daytime15: Netstat19: Chargen37: Temps (time)43: whois-53: DNSDNS Domain Name Server (Query)67: BOOTPBOOTPs Bootstrap Protocol- Server68: BOOTPBOOTPc Bootstrap Protocol- Client69: TFTPTFTP Trivial File Transfer Protocol111: RPCRPC remote Procedure Call123: NTPNTP Network Time Protocol161: SNMPSNMP Simple Network Management Protocol162: SNMPSNMP - Traps

UDP «UDP « WellWell--known » portsknown » ports5: RJE- Remote Job Entry7: Echo9: Discard11: Systat- logged users13: Daytime15: Netstat19: Chargen-20: FTP FTP File Transfer Protocol- Data21: FTPFTP File Transfer Protocol- Commands23: TELNETTELNET- Remote connection25: SMTP SMTP Simple Mail Transfer Protocol-53: DNS DNS Domain Name Server (zone transfer)80: HTTP HTTP Hypertext Transfer Protocol110: POP3 POP3 Post Office Protocol111: SUNRPCSUNRPC139: NetbiosNetbios

TCP «TCP « WellWell--known » portsknown » ports

WellWell--known portsknown ports11 10231023

Ephemeral portsEphemeral ports65535655354915249152

Registered portsRegistered ports10241024 4915149151

In the past, only two ranges of ports : well-known and ephemeral Now, because so many new services have been born :

Well-known ports are assigned by IANA. range between 1 and 1023. Registered ports are displayed bu IANA Ephemeral ports

Well-known port numbers are typically odd, because early systems using the port concept required an odd/even pair of ports for duplex operations.

Client uses an ephemeral port, exception is the BOOTP client, which uses well known port 68 Most servers require only a single well known port. Exception is the FTP server, which uses two: 20 and 21 An application could run on both TCP or UDP transport layer. But in fact each application runs always to only

one transport protocol some exception like DNS running on server which uses both UDP port 53 (for query operation) and TCP port 53 (for database transfer between 2 DNS servers).


221

IPIPNetworkNetwork

HostHost

HostHost

7 Client-Server Model TCP/IP communication synthesis

datadata

Port sαααα→→→→dββββ







dataPort sαααα→→→→dββββ


Phys@2 Phys@6 Phys@8 Phys@7Phys@: 1

Phys@3

Phys@4 Phys@: 15

Phys@12

Phys@9

Phys@34

dataNetwork

Transport

Link

Network

Transport

Link

AppliββββAppliλλλλ

Appliδδδδ

@@IPbIPb@@IPaIPa








222



7 Client-Server Model Evaluation

Objective: to be able to describe the operation

of the client/server model at the transport layer


224

8 User Datagram Protocol Situation of the UDP protocol

ICMPIP

ARP

SNAP

802.2



Ethernet V2

Opticalfibre

Shield twisted pair

NetworkNetwork

LLCLLC

MACMAC

LinkLink

PhysicalPhysical

UDPTransportTransport TCP

ApplicationApplication FTP SMTP HTTPTelnetDNSTFTP SNMPNTP

Usually, UDP is used by applications •that need a fast transport mechanism (time synchronisation, voice over IP)•that have a very short communication (one question, one response)•that can tolerate the loss of some data.

The main applications using UDP are :TFTP: Trivial File Transfer ProtocolDNS : Domain Name SystemNTP : Network Time Protocol


225

IPIP IPIP

9 User Datagram Protocol “Connectionless service”

IP networkIP networkOffers Connectionless service Offers Connectionless service

P1

P2

P3

UDPUDP UDPUDPP1P2

P3P1P2P3

P1P2P3P1

P2P3

UDP offers Connectionless service UDP offers Connectionless service

UDP does not reorder the received packets UDP does not reorder the received packets


226

8 User Datagram Protocol UDP not a reliable protocol

Nevertheless people appreciate mail services Nevertheless people appreciate mail services Not reliableNot reliable

Classical mailClassical mail

User

User

Bill1 5 0 $

That is the role of users to implement a procedure if they want a reliable communication( i.e. : if no response in 3 day time, the letter is retransmit)

UDP provides connectionless, unreliable, best-effort service.

UDP provides a mechanism for one application to send a datagram to another. The UDP protocol can be regarded as being extremely thin and consequently has low overheads, but it requires the application to take responsibility for error recovery and so on.

As a result, applications using UDP as the transport protocol have to provide their own end-to-end integrity, flow control, and congestion control, if it is so desired. Usually, UDP is used by applications that need a fast transport

mechanism and can tolerate the loss of some data.


227

Network managementIP network

8 User Datagram Protocol Applications tolerating the loss of some data

Co nv er sa ti on

ConversationConvsation

IP network

Network Time Server

NTPDate & time

E v ery 1 0 s

UDP is suitable for application tolerating loss of some data. Example:

Voice over IP - If a part of the conversation is lost during the transmission, the ear is capable of understanding. In addition if the part of lost conversation is repeated, it will be out of sequence and will cause the worst effect.

Time synchronisation is necessary to well manage a network. A Network Time Server delivers recurrently the time. If a message conveying the current time is lost, it is crazy to repeat this message because the time run.


228

DNSDNSapplicationapplicationneedsneedsreliabilityreliability

UDPUDPnotnotreliablereliable

DNSDNSapplicationapplicationneedsneedsreliabilityreliability

UDPUDPnotnotreliablereliable

Internet

8 User Datagram Protocol Applications using simple exchange

What is t he IP@ of “alc at e lalc at e l.c om.c om” ?

Wha t is the IP@ o f “ a lca tela lca tel.co m.co m” ?

“alc ate lalc ate l.c om.c om” = 169.109.33.06169.109.33.06

AlcatelIP@=169.109.33.06169.109.33.06

NName SServer

http://alcatelalcatel.com.com

The application has to implement an error recovery procedureThe application has to implement an error recovery procedure

Applications using a communication type “Question / Response” can easily implement a simple procedure to assure a correct exchange. Let’s cite : DNS, TFTP, ...


229

8 User Datagram Protocol Main UDP « Well-known » ports

7: Echo9: Discard11: Systat- logged users13: Daytime15: Netstat19: Chargen37: Temps (time)43: whois-53: DNSDNS Domain Name Server67: BOOTPBOOTPs Bootstrap Protocol- Serveur68: BOOTPBOOTPc Bootstrap Protocol- Client69: TFTPTFTP Trivial File Transfer Protocol111: RPCRPC remote Procedure Call123: NTPNTP Network Time Protocol161: SNMPSNMP Simple Network Management Protocol162: SNMPSNMP - Traps

«« WellWell--known portsknown ports »»

Well-known port are assigned by ICANN. Well-known: Well-known ports belong to standard servers, for example, DNS uses port 53. Well-known port

numbers range between 1 and 1023 Well-known port numbers are typically odd, because early systems using the port concept required an odd/even

pair of ports for duplex operations. Most servers require only a single port. Exceptions are the BOOTP server, which uses two: 67 and 68


230

8 User Datagram Protocol Optional services

ServersServers

UDPUDPPortsrc, PortPortdestdest DataDiscard

Port 9

Echo

Port 7Port 7Port 13Port 13

Daytime Chargen

Port 19Port 19Port 11Port 11

Finger

Port 37Port 37

Time

DNSDNS

Port 53

TFTPTFTP

Port 69

AppliAppli. n. n

Port n

Character Generator : The Character Generator service is designed to send a set of ASCII characters. Upon receipt of adatagram (the contents of which are ignored), the Character Generator service returns a list of all printable ASCII characters. The UDP Character Generator service monitors port 19 for an incoming datagram and responds with a datagram containing a random number of characters. Up to 512 characters can be sent.

Daytime : The Daytime service returns a message with the current date and time. The format it uses is the day of the week, month of the year, day of the month, time, and theyear. Time is specified in a HH:MM:SS format. Each field is separated by spaces to enable parsing of the contents. Both TCP and UDP versions monitor port 13 and, upon receipt of a datagram, return the message. The Daytime service can be used for several purposes, including setting system calendars and clocks to minimize variations. It also can be used by applications.

Discard The Discard service simply discards everything it receives. TCP waits for a connection on port 9, whereas UDP receives datagrams through that port. Anything incoming is ignored. No responses are sent. The Discard service might seem pointless, but it can be useful for routing test messages during system setup and configuration. It can also be used by applications in place of a discard service of the operating system (such as /dev/null in UNIX).

Echo : The Echo service returns whatever it receives. It is called through port 7. With TCP, it simply returns whatever data comes down the connection, whereas UDP returns an identical datagram (except for the source and destination addresses). The echoes continue until the port connection is broken or no datagrams are received. The Echo service provides very good diagnostics about the proper functioning of the network and the protocols themselves. The reliability of transmissions can be tested this way, too. Turnaround time from sending to receiving the echo provides useful measurements of response times and latency within the network.

Finger The Active Users service returns a message to the originating user that contains a list of all users currently active on the remote machine. The behavior of the TCP and UDP versions is the same. When requested, the Active Users service monitors port 11 and, upon establishment of a connection, responds with a list of the currently active users and then closes the port. UDP sends a datagram, and TCP uses the connection itself. Time

Time : The Time service returns the number of seconds that have elapsed since January 1, 1990. Port 37 is used to listed for a request (TCP) or receive an incoming datagram (UDP). When a request is received, the time is sent as a 32-bit binary number. It is up to the receiving application to convert the number to a useful figure. The Time service is often used for synchronizing network machines or for setting clocks within an application.

Quote of the Day : The Quote of the Day service does as its name implies. It returns a quotation from a file of quotes, randomly selecting one a day when a request arrives on port 17. If a source file of quotations is not available, the service fails.

Note : Users can directly access their service of choice (assuming it is supported) by using Telnet.


231

8 User Datagram Protocol Format of the UDP message

UDP source port UDP destination portUDP message length Checksum UDP

Data

byte byte byte byte

UDP datagram format

Each UDP datagram is sent within a single IP datagram. Although, the IP datagram may be fragmented during transmission, the receiving IP implementation will reassemble it before presenting it to the UDP protocol. All IP implementations are required to accept datagrams of 576 bytes, which means that, allowing for maximum-size IP header of 60 bytes, a UDP datagram of 516 bytes is acceptable to all implementations. Many implementations will accept larger datagrams, but this is not guaranteed. The UDP datagram has a 16-byte header.

Source Port: Indicates the port of the sending process. It is the port to which replies should be addressed. • Destination Port: Specifies the port of the destination process on the destination host. • Length: The length (in bytes) of this user datagram, including the header. • Checksum: An optional 16-bit one's complement of the one's complement sum of a pseudo-IP header, the UDP

header, and the UDP data. The pseudo-IP header contains the source and destination IP addresses, the protocol, and the UDP length:


232

UDPUDP(17)(17)

ApplicationApplicationlayerlayer

Layer 4Layer 4

Layer 3Layer 3IPIP

TCPTCP(6)(6)

8 User Datagram ProtocolIP packet processing

IP headerIP header@IPsrc→→→→@Ipdest

Prot=1717

IP packet 1

ServerApplication y Application z

Port 2 Port nPort 1

Multiplexing based on port numberApplication x

3Portsrc:…., Portdest: nUDP header DataPortsrc:…., Portdest: nUDP header

4

Data5

2

Portsrc:…., Portdest: nUDP header Data

It simply serves as a multiplexer/demultiplexer for sending and receiving datagrams, using ports to direct thedatagrams.

Applications sending datagrams to a host need to identify a target that is more specific than the IP address, sincedatagrams are normally directed to certain processes and not to the system as a whole. UDP provides this by using ports.


233

8 User Datagram Protocol Checksum calculation

UDP src Port UDP dest PortUDP message length Checksum UDP

DataCalculation

pseudoIP header12 bytes

Datagram length 00 ProtocolIP address destination IP address source

Ver Headerlength Type Of

Service Datagramlength

Identification Flag DatagramOffset

TTL Protocol17 Checksum

Source IP address

Destination IP address

UDPUDP IPIP

UDPDatagram

Checksum: An optional 16-bit one's complement of the one's complement sum of a pseudo-IP header, the UDP header, and the UDP data. The pseudo-IP header contains the source and destination IP addresses, the protocol, and the UDP length.

Why is this header added? It is because the TCP header doesn¢t contain IP addresses and just includes source and destination port numbers. This

means if a TCP segment is delivered to the wrong system (wrong destination IP address), the TCP module on that systemcould not notice it by looking at the TCP header. Including the IP address information in checksum using the pseudo-header prevents this problem. If a problem is detected after the checksum calculation (validation) in a receiving system, the TCP segment is silently discarded. Nothing informs the sending system.


234

8 User Datagram ProtocolSynthesis

UDP added value :UDP added value :

no reliability,no reliability,

no flowno flow--control,control,

no error recoveryno error recovery

UDP simply serves as aUDP simply serves as a multiplexermultiplexer//demultiplexerdemultiplexer

Application1

Application2

Application3

connectionlessconnectionless--orientedoriented


235

8 User Datagram Protocol Exercise - UDP trace

Addr. Hex. Data 0000: FF FF FF FF FF FF 00 80 9F 21 32 A9 08 00 45 000010: 01 48 00 00 00 00 0F 11 AA A6 00 00 00 00 FF FF0020: FF FF 00 44 00 43 01 34 EF 12 01 01 06 00 00 000030: 7E BA 00 00 00 00 00 00 00 00 00 00 00 00 00 000040: 00 00 00 00 00 00 00 80 9F 21 32 A9 00 00 00 000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000150: 00 00 00 00 00 00Eth V2 [0000:000D]



UDP [0022:0029]0022:0023 Source Port: Bootstrap Protocol Client0024:0025 Destination Port: Bootstrap Protocol Server0026:0027 Packet Length: 3080028:0029 Checksum: 0xEF12 (correct)

11-- At each level, look for the At each level, look for the field allowing to know the field allowing to know the encapsulated protocol.encapsulated protocol.


236

UDPUDP IPIPBOOTPBOOTP--clientclient BOOTPBOOTP--serverserver

8 User Datagram Protocol UDP trace

Addr. Hex. Data 0000: FF FF FF FF FF FF 00 80 9F 21 32 A9 08 00 45 000010: 01 48 00 00 00 00 0F 11 AA A6 00 00 00 00 FF FF0020: FF FF 00 44 00 43 01 34 EF 12 01 01 06 00 00 000030: 7E BA 00 00 00 00 00 00 00 00 00 00 00 00 00 000040: 00 00 00 00 00 00 00 80 9F 21 32 A9 00 00 00 000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000150: 00 00 00 00 00 00Eth v2 [0000:000D]



UDP [0022:0029]0022:0023 Source Port: Bootstrap Protocol Client0024:0025 Destination Port: Bootstrap Protocol Server0026:0027 Packet Length: 3080028:0029 Checksum: 0xEF12 (correct)

11-- At each level, look for the At each level, look for the field allowing to know the field allowing to know the encapsulated protocol.encapsulated protocol.


237



8 User Datagram Protocol Evaluation

Objective: to be able to to be able to list the

characteristics of UDP transport layer protocol


238



240

9 TCP protocol Situation of the TCP protocol

ICMPIP

ARP

SNAP

802.2



Ethernet V2

Opticalfibre

Shield twisted pair

NetworkNetwork

LLCLLC

MACMAC

LinkLink

PhysicalPhysical

UDPTransportTransport TCP

TFTP SNMPApplicationApplication FTP SMTP HTTPTelnetDNSNTPNTP

Transmission Control Protocol (TCP)

TCP provides connection-oriented reliable data delivery, duplicate data suppression, congestion control, and flow control.

TCP is a standard protocol with STD number 7. TCP is described by RFC 793–transmission Control Protocol. Its status is recommended, but in practice, every TCP/IP implementation that is not used exclusively for routing will include TCP.

TCP provides considerably more facilities for applications than UDP, notably : error recovery, flow control, reliability. TCP is a connection-oriented protocol, unlike UDP, which is connectionless.


241

9 TCP protocol “Connection-oriented service”

IP networkIP networkConnectionless service Connectionless service

P1

P2

P3

TCPTCP

IPIP

TCPTCP

IPIP

P1P2P3P1

P2P3

P1P2P3P1

P2P3

TCP offers ConnectionTCP offers Connection--oriented service oriented service

TCP reorder the received packets TCP reorder the received packets

Sequence numbers have to Sequence numbers have to be introduced and be introduced and managed by TCPmanaged by TCP


242

ApplicationApplication

TCPTCP

IPIPTCPTCP

IPIP

ApplicationApplication

9 TCP protocol Error recovery

C as hC as hdi s pens

erdi s pens

erCentral Bank

Withdraw: 50$

P1

IP networkIP network(not reliable)(not reliable)

P1

Withdraw: 50$

1

P1P1--OKOK

2

TCP is reliable TCP is reliable


243

9 TCP protocol TCP Format

Data (optional)

ReservedHeaderHeaderlengthlength

destination port number source Port numberSequence numberAcknowledge number

ChecksumWindow size

Options (optional)

Byte Byte Byte Byte

urgent PointerURG

PSHACK

RSTSYNFIN

MinMin20 bytes20 bytesmax max

60 bytes60 bytes

Header lengthHeader length : : expressed in word of 4 bytesexpressed in word of 4 bytes

A unit of transmission in a TCP layer is called a segment

Header length : The number of 32-bit words in the TCP header. It indicates where the data begins.


244

9 TCP protocol TCP port number

ReservedHeaderlength

Destination port number Source port numberSequence numberAcknowledge number

ChecksumWindow size

Options (optional)

Data (optional)

Bytes Bytes Bytes Bytes

urgent PointerURG

PSHACK

RSTSYNFIN

Ports :

Allow multiplexing: Achieved through the use of ports, just as with UDP.


245

9 TCP protocol Some « Well known ports » using TCP

Network TCP/IP

TCPTCPIP

serverserverFTPFTP

port21Ctrl

port20Data

ServerServerTelnetTelnet

port23

ServerServerSMTPSMTP

port25

ServerServerDNSDNS

port53

ServerServerHTTPHTTP

port80

ServerServer

Unix display /etc/services to see port assignments.


246

9 TCP protocol Main TCP « well-known » ports

5: RJE- Remote Job Entry7: Echo9: Discard11: Systat- logged users13: Daytime15: Netstat19: Chargen-20: FTP FTP File Transfer Protocol- Data21: FTPFTP File Transfer Protocol- Commands23: TELNETTELNET- Remote connection25: SMTP SMTP Simple Mail Transfer Protocol-53: DNS DNS Domain Name Server (zone transfer)80: HTTP HTTP Hypertext Transfer Protocol110: POP3 POP3 Post Office Protocol111: SUNRPCSUNRPC139: NetbiosNetbios

Most servers require only a single port. Exception is the FTP server, which uses two: 20 and 21

Normally, a server will use either TCP or UDP, but there are exceptions. For example, domain name servers use both UDP port 53 (for query) and TCP port 53 (for database transfer between Domain name servers).


247

9 TCP protocol Sequence numbers and flags



ChecksumWindow size

Options (optional)

Data (optional)


urgent PointerURG

PSHACK

RSTSYN

FIN

Sequence Number: The sequence number of the first data byte in this segment. If the SYN control bit is set, the sequence number is

the initial sequence number (n) and the first data byte is n+1.

Acknowledgement Number: If the ACK control bit is set, this field contains the value of the next sequence number that the receiver is

expecting to receive.

URG: Indicates that the urgent pointer field is significant in this segment.

PSH: Sometimes, an application needs to be sure that all the data passed to TCP has actually been transmitted to the destination. For that reason, a push function is defined. It will push all remaining TCP segments still in storage to the destination host. The normal close connection function also pushes the data to the destination.

ACK: Indicates that the acknowledgement field is significant in this segment.

• RST: Resets the connection.

SYN: Synchronise the sequence numbers.

FIN: No more data from sender.


248

9 TCP protocolConnection establishment

((SeqSeq.: x).: x)

SYNSYN ((SeqSeq.= y).= y)

((SeqSeq.= X + 1).= X + 1)

Connect-Indication

Connect-ResponseConnect-Confirm

Connect-RequestSeqSeq. X . X SeqSeq. : y. : yThree-way handshake

SYNSYN

TCPTCP TCPTCPAppli Appli

/ ACKACK (( AckAck.= x + 1 ).= x + 1 )

ACKACK (( AckAck.= y + 1 ).= y + 1 ) //

Once established, data can flow reliably on both directions


249

9 TCP protocolReordering data

Data-Request(“abcdabcd”)

SeqSeq. : 40. : 40

((SeqSeq.= 40 ) .= 40 ) / Data/ Data ““abcdabcd”” Data-Indication(“abcdabcd”)

Data-Request(“efgefg”)

(( S eqS eq .= 44 ) .= 44 ) / Dat a/ Dat a ““ef gef g”” ACKACK =4444

Data-Request(“hihi”)

((SeqSeq.= 47) .= 47) / Data/ Data ““hihi””Data-Request

(“jkljkl”)((SeqSeq.= 49 ) .= 49 ) / Data/ Data ““jkljkl””

Data-Indication(“efghijklefghijkl”)ACKACK =5252

Establishment phaseTransfer phase

TCP is in charge of reordering the received data.


250

9 TCP protocol Reliability thanks to sequence and acknowledge numbers

ClientClient ServerServer

SYN / Seq nb :4 0 0 /……..

Seq nb:4 0 1 / /1 0 by tes

n°n° séqséq:101:101/ /20 bytesSeq nb :4 1 1 / /1 0 by tes

n°n° séqséq:121:121/ /2 bytes

400 100100

+1A C K : a c k nb: 4 0 1SYN / seq nbseq nb :100 :100 //

ACK / a ck nba ck nb : 1 0 1 /+1

delivery10 bytes

delivery22 bytes

101

401

411

421

121

PSH /ACK /a ck nba ck nb:: 1 0 11 0 1

ACK: ack nb : 411

123

ACK / a ck nba ck nb : 1 2 1

PSH/ ACK ack nb : 421

::

Seq nb :4 2 1 / ACK / a ck nba ck nb : 1 2 3

The primary purpose of TCP is to provide reliable logical circuit or connection service between pairs of processes. It does not assume reliability from the lower-level protocols (such as IP), so TCP must guarantee this itself.

TCP can be characterised by the following facilities it provides for the applications using it: Stream Data Transfer: From the application's viewpoint, TCP transfers a contiguous stream of bytes through the

network. The application does not have to bother with chopping the data into basic blocks or datagrams. TCP does this by grouping the bytes in TCP segments, which are passed to IP

TCP assigns a sequence number to each byte transmitted and expects a positive acknowledgement (ACK) from the receiving TCP. If the ACK is not received within a timeout interval, the data is retransmitted. Since the data is transmitted in blocks (TCP segments), only the sequence number of the first data byte in the segment is sent to the destination host. The receiving TCP uses the sequence numbers to rearrange the segments when they arrive out of order, and to eliminate duplicate segments.

Sometimes, an application needs to be sure that all the data passed to TCP has actually been transmitted to the destination. For that reason, a push function is defined. It will push all remaining TCP segments still in storage to the destination host. The normal close connection function also pushes the data to the destination.


251

9 TCP protocol Session termination

ClientClient ServerServer

FIN / Seq nb :4 2 1 / ACK / a ck nba ck nb : 1 2 31 2 3

A C K : a c k nb: 4 2 2

FIN / Seq nbSeq nb :123:123 / ACK/ ack nback nb : 422422

ACK: ack nback nb: 124: 124

+1

+1

123421

The primary purpose of TCP is to provide reliable logical circuit or connection service between pairs of processes. It does not assume reliability from the lower-level protocols (such as IP), so TCP must guarantee this itself.

TCP can be characterised by the following facilities it provides for the applications using it: Stream Data Transfer: From the application's viewpoint, TCP transfers a contiguous stream of bytes through the

network. The application does not have to bother with chopping the data into basic blocks or datagrams. TCP does this by grouping the bytes in TCP segments, which are passed to IP

TCP assigns a sequence number to each byte transmitted and expects a positive acknowledgement (ACK) from the receiving TCP. If the ACK is not received within a timeout interval, the data is retransmitted. Since the data is transmitted in blocks (TCP segments), only the sequence number of the first data byte in the segment is sent to the destination host. The receiving TCP uses the sequence numbers to rearrange the segments when they arrive out of order, and to eliminate duplicate segments.

Sometimes, an application needs to be sure that all the data passed to TCP has actually been transmitted to the destination. For that reason, a push function is defined. It will push all remaining TCP segments still in storage to the destination host. The normal close connection function also pushes the data to the destination.


252

9 TCP protocol Urgent Pointer



ChecksumWindow size

Options (optional)


urgent PointerURG

PSHACK

RSTSYNFIN

Urgent dataUrgent data

Urgent Pointer : Points to the first data byte following the urgent data. Only significant when the URG control bit is set.

URG: Indicates that the urgent pointer field is significant in this segment


253

9 TCP protocolFlow control

IP networkIP networkTCP gives a credit TCP gives a credit

to each senderto each sender

a window sizea window size


254

9 TCP protocol Window size



ChecksumWindow size

Options (optional)

Data (optional)


urgent PointerURG

PSHACK

RSTSYNFIN

Window:

The window size is determined by the receiver when the connection is established and is variable during the data transfer. Each ACK message will include the window size that the receiver is ready to deal with at that particular time.

Flow Control: The receiving TCP, when sending an ACK back to the sender, also indicates to the sender the number of bytes it can receive beyond the last received TCP segment, without causing overrun and overflow in its internal buffers. This is sent in the ACK in the form of the highest sequence number it can receive without problems. This mechanism is also referred to as a window-mechanism.


255

WINDOWWINDOW

WINDOW

9 TCP protocol Window : End-to-end flow control

Ack nb=5500

Ack nb=6500 / Window: 0

500 bytes

500 bytes

350 bytes

500 bytes Seg m ent 1 ( Seq. nb=5 0 0 0 ) 5 0 0 by t es

S e gme n t 2 (Se q . nb =5500) 500 b yte s

Ack nb=6500 / Window: 800Se gme nt 4 (Se q. nb=6500) 350 byte s

ReceiverReceiverAck nb=5000 Buffer500 bytes

500 bytes

500 bytes

350 bytes

5000

5500

6000

5000

5500

6000

S e gme n t 3 (Se q . nb =6000) 500 b yte sAck nb=6000 / W indow: 500

6850

65006500

Ack nb=6850 / Window: 4506850

/ Window: 1000

/ W i ndo w: 1 0 0 0

TCP sends data in variable length segments. Sequence numbers are based on a byte count. Acknowledgements specify the sequence number of the next byte that the receiver expects to receive.

The sender can send all packets within the window without receiving an ACK, but must start a timeout timer for each of them.

• The receiver must acknowledge each packet received, indicating the sequence number of the last well-received packet.

• The sender slides the window on each ACK received.

This window mechanism ensures: • Reliable transmission. • Better use of the network bandwidth (better throughput). • Flow-control, since the receiver may delay replying to a packet with an acknowledgment, knowing its free

buffers are available and the window-size of the communication.


256

9 TCP protocol ‘ Checksum ’ calculation


port destinationport sourceSequence numberAck number

ChecksumWindow size

Options (optional)

Data (optional)

Urgent pointeur

URGPSH

ACKRSTSYNFINCalculation

PseudoIP header

Datagramme length00 ProtocolDestination IP address 12 bytes

Source IP addressVer Header

length Type OfService Datagram

lengthIdentification Flag Datagram

OffsetTTL Protocol

17 Checksum

Source IP address

Destination IP address

IPIP

TCPDatagram

TCPTCP

Checksum:

The 16-bit one's complement of the one's complement sum of all 16-bit words in a pseudo-header, the TCP header, and the TCP data. While computing the checksum, the checksum field itself is considered zero.

The pseudo-header is the same as that used by UDP for calculating the checksum. It is a pseudo-IP-header, only used for the checksum calculation.


257


destination portsource portSequence numberAcknowledge number

ChecksumWindow size

Options (optional)

Data (optional)

urgent PointeurURG

PSHACK

RSTSYNFIN

9 TCP protocol Options

Type Length Value1 1 2

0: end of option list 4 : Sack-Permitted 1 : No-Operation 5 : Sack(Selective ACK)2 : Maximum segment size 8 : Timestamps3 : Window scale

Options:

Maximum Segment Size option: This option is only used during the establishment of the connection (SYN control bit set) and is sent from the side that is to receive data to indicate the maximum segment length it can handle.

Window Scale option: This option is not mandatory. Both sides must send the Windows Scale Option in their SYN segments to enable windows scaling in their direction. The Window Scale expands the definition of the TCP window to 32 bits. It defines the 32-bit window size by using scale factor in the SYN segment over standard 16-bit window size. The receiver rebuild the 32-bit window size by using the 16-bit window size and scale factor. This option is determined while handshaking. There is no way to change it after the connection has been established.

SACK-Permitted option: This option is set when selective acknowledgement is used in that TCP connection. SACK option: Selective Acknowledgement (SACK) allows the receiver to inform the sender about all the

segments that are received successfully. Thus, the sender will only send the segments that actually got lost. If the number of the segments that have been lost since the last SACK is too large, the SACK option will be too large. As a result, the number of blocks that can be reported by the SACK option is limited to four. To reduce this, the SACK option should be used for the most recent received data.

Timestamps option: The timestamps option sends a timestamp value that indicates the current value of the timestamp clock of the TCP sending the option. Timestamp Echo Value can only be used if the ACK bit is set in the TCP header.


258

9 TCP protocol Retransmit Timeout

INTERNETINTERNETINTERNETINTERNET

RRound TTrip TTime

RRetransmitTTimeOOut_ x β =

segment

Ack

segment

Waiting for ack

Variable timeout intervals Each TCP should implement an algorithm to adapt the timeout values to be used for the round trip time of the segments. To

do this, TCP records the time at which a segment was sent, and the time at which the ACK is received. A weighted average is calculated over several of these round trip times, to be used as a timeout value for the next segment(s) to be sent.

In Internet, the path between a pair of hosts may traverse a single high speed network or, it may wind across multiple intermediate networks. Thus it is impossible to know a priori how quickly an acknowledge will return.

TCP uses an adaptive retransmission algorithm.

The TCP sender records the time at which each segment is sent, and the time at which an acknowledgement arrives. The elapsed time is called RTT “Round Trip Time” .


259

9 TCP protocol Average RTT

INTERNETINTERNETINTERNETINTERNET

RRTTTT0AA00 ==

AA11 ==0,9 x0,9 x AA00 + + 0,1 x0,1 x

segment

Acksegment

AckRRTTTT1segment

AckRRTTTT2AA22 ==0,9 x0,9 x AA11 + + 0,1 x0,1 x

A : A : average RTTaverage RTT

A =A =αααααααα xx A A + (1+ (1-- αααααααα ) x ) x RTTRTT αααααααα : smooth factor: smooth factor1< 1< αααααααα <0<0

The TCP sender records the time at which each segment is sent, and the time at which an acknowledgement arrives. The elapsed time is called RTT “Round Trip Time” .

Whenever it measures a new RTT, TCP adjusts its notion of the average RTT for the connection. The algorithm is : RTT being the latest measured Round Trip Time, T0 being the average RTT calculated on the previous RTTs

The new average T1 is given by :- T1 = αααα T0 + (1- αααα ) RTT α : weighing factor 0< α <1

Choosing a value for α close to 0 makes the weighted average respond to changes in delay very quickly. Usually, α is chosen closer to 1 to prevent a single RTT to affect average dramatically.

Example: if α =0.9 then the last RTT contribute in only 10% of the new Timeout calculation.

Van Jackobson suggested in 1990 a new method of timeout calculation. Karn algorithm suggested not to take in account the measured RTT after a retransmission because one cannot know if the received ack is

the response to the initial segment or the retransmit segment.


260

9 TCP protocol Congestion control: algorithm « Slow Start »

Ex a mple: 5 1 2 by tesEx a mple: 5 1 2 by tes

Ack, Wi ndow si ze =x

exponential increasing

5101520

(Round Trip Time)

Segments

Transmitter Receiver

TCP congestion control algorithms The TCP congestion algorithm prevents a sender from overrunning the capacity of the network Several congestion control enhancements have been added and suggested to TCP over the years. This is still an

active and ongoing research area, but modern implementations of TCP contain four intertwined algorithms as basic Internet standards: • Slow start • Congestion avoidance • Fast retransmit • Fast recovery

The assumption of the algorithm is that packet loss caused by damage is very small (much less than 1 percent). Therefore, the loss of a packet signals congestion somewhere in the network between the source and destination. There are two indications of packet loss:

1. A timeout occurs. 2. Duplicate ACKs are received. slow start It operates by observing that the rate at which new packets should be injected into the network is the rate at

which the acknowledgements are returned by the other end. Slow start adds another window to the sender's TCP: the congestion window, called cwnd. The sender starts by transmitting one segment and waiting for its ACK. When that ACK is received, the congestion window is incremented from one to two, and two segments can be sent. When each of those two segments is acknowledged, the congestion window is increased to four. This provides an exponential growth, although it is not exactly exponential, because the receiver may delay its ACKs, typically sending one ACK for every two segments that it receives.


261

slow startslow start

9 TCP protocol Algorithm ‘Slow Start’ and ‘Congestion Avoidance’

5

10

15

20

(Round Trip Time)

segments25

congestion Detection

Congestion avoidanceCongestion avoidance

ssthresh= 16/2= 8 L inear growth

Congestion avoidance Congestion avoidance and slow start are independent algorithms with different objectives. But when congestion

occurs TCP must slow down its transmission rate of packets into the network, and invoke slow start to get things going again. In practice, they are implemented together. Congestion avoidance and slow start require that two variables be maintained for each connection: A congestion window, cwnd A slow start threshold size, ssthresh

The combined algorithm operates as follows: 1. Initialization for a given connection sets cwnd to one segment and ssthresh to 65535 bytes. 2. The TCP output routine never sends more than the lower value of cwnd or the receiver's advertised window. 3. When congestion occurs (timeout or duplicate ACK), one-half of the current window size is saved in ssthresh.

Additionally, if the congestion is indicated by a timeout, cwnd is set to one segment. 4. When new data is acknowledged by the other end, increase cwnd, but the way it increases depends on

whether TCP is performing slow start or congestion avoidance. If cwnd is less than or equal to ssthresh, TCP is in slow start; otherwise, TCP is performing congestion avoidance.


262

9 TCP protocolSummary

TCP adds :TCP adds :

reliability,reliability, flowflow--control,control,

error recoveryerror recoverymultiplexing/multiplexing/demultiplexingdemultiplexing

connectionconnection--orientedoriented

Reliability: CP assigns a sequence number to each byte transmitted and expects a positive acknowledgment (ACK) from the receiving TCP. If the ACK is not received within a timeout interval, the data is retransmitted. Since the data is transmitted in blocks (TCP segments), only the sequence number of the first data byte in the segment is sent to the destination host.

The receiving TCP uses the sequence numbers to rearrange the segments when they arrive out of order, and to eliminate duplicate segments.

• Flow Control: The receiving TCP, when sending an ACK back to the sender, also indicates to the sender the number of bytes it can receive beyond the last received TCP segment, without causing overrun and overflow in its internal buffers. This is sent in the ACK in the form of the highest sequence number it can receive without problems. This mechanism is also referred to as a window-mechanism.

• Multiplexing: Achieved through the use of ports, just as with UDP. • Logical Connections: The reliability and flow control mechanisms described above require that TCP initializes

and maintains certain status information for each data stream. The combination of this status, including sockets, sequence numbers and window sizes, is called a logical connection. Each connection is uniquely identified by the pair of sockets used by the sending and receiving processes.

• Full Duplex: TCP provides for concurrent data streams in both directions.


263



9 TCP protocolEvaluation

Objective: to be able to to be able to list the

characteristics of TCP transport layer protocol


264



265

Exercise solutions


266

3 ARP protocol Exercise :Trace of ARP protocol


Given the following trace :

1) What is the Ethernet protocol (IEEE802.31) What is the Ethernet protocol (IEEE802.3 ouou Ethernet V2)?Ethernet V2)?

2) Indicate the name of various fields and their value below2) Indicate the name of various fields and their value below

Eth frame

ARPMessage

6 6 42

62 6 42 41

3) Which kind of operation is it?3) Which kind of operation is it?

1 2

>600hexa =>EthV2

0001Hw type

0800Type type

06Legth@MAC 04

length@IP 0001

Operation0A00008C

@IP src0A00008A@IP dest


000000000000@MAC dest


ffffffffffff@MAC dest

0806Protocol

EthV2EthV2

RequestRequest


267

@IP class Net Id

131.108.2.10131.108.2.10159.173.90.134159.173.90.134

145.78.185.18145.78.185.18125.83.10.3125.83.10.3

195.32.6.219195.32.6.219

__________

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

5 IP protocol 5.1 IP Addressing Exercise ( 1)

BBABC

131.108.0. 0159.173.0.0

145.78.0.0125.0. 0.0

195.32.6.0


268

@IP Sub-net Mask Net Id

131.108.2.10131.108.2.10

159.173.90.134159.173.90.134

159.173.90.34159.173.90.34

195.32.6.219195.32.6.219

255.255.255.128255.255.255.128

255.255.255.128255.255.255.128

bits for sub-net

88

55

__

__

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .


255.255.255.0255.255.255.0

255.255.255.248255.255.255.248

99

99

131.108.2.0131.108.2.0

159.173.90.128159.173.90.128

159.173.90.0159.173.90.0

195.32.6.216195.32.6.216


269

@IP Net maskNetwork Broadcast

131.108.2.10131.108.2.10

159.173.90.134159.173.90.134

159.173.90.34159.173.90.34

195.32.6.219195.32.6.219

255.255.255.128

255.255.255.128

255.255.255.0

255.255.255.248

. . .

Sub-net Broadcast

. . .

. . .

. . .

. . .

. . .

. . .

. . .


131.108.255.255

159.173.255.255

159.173.255.255

195.32.6.255

131.108.2.255

159.173.90.255

159.173.90.127

195.32.6.223


270

5 IP protocol 5.1 IP Addressing Static subnetting - Exercise 2 - Answer

164 . 213 . 32 .164 . 213 . 32 .

NetmaskNetmask

NetID 1 : 164.213.32.0 / 26

NetID 2 : 164.213.32.64 / 26164.213.32.64 / 26

NetID 3 : 164.213.32.128 / 26164.213.32.128 / 26

NetID 4 : 164.213.32.192 / 26164.213.32.192 / 26

NetIDNetID 1 1

NetIDNetID 22

NetIDNetID 33

NetIDNetID 44

255 . 255 . 255 . 255 . 255 . 255 . 192192

0 00 0

0 10 1

1 11 1

1 01 0

164 . 213 . 32 . 164 . 213 . 32 . 00

164 . 213 . 32 . 164 . 213 . 32 . 6464

164 . 213 . 32 . 164 . 213 . 32 . 128128

164 . 213 . 32 . 164 . 213 . 32 . 192192

1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1

1 0 1 0 0 1 1 0 1 0 0 1 0 0 0 0 1 1 0 1 0 1 0 1 1 1 0 1 0 1 0 1 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0

1 0 1 0 0 1 0 0 1 0 1 0 0 1 0 0 1 1 0 1 0 1 0 1 1 1 0 1 0 1 0 1 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0

1 0 1 0 0 1 0 1 0 0 1 0 0 1 0 0 1 1 0 1 0 1 0 1 1 1 0 1 0 1 0 1 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0

1 0 1 0 0 1 0 0 1 0 1 0 0 1 0 0 1 1 0 1 0 1 0 1 1 1 0 1 0 1 0 1 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0

NetID NetID 1 0 1 0 0 1 0 01 0 1 0 0 1 0 0 1 1 0 1 0 1 0 1 1 1 0 1 0 1 0 1 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

1 11 1


271

Fill-in this table



204.92.77.0 255.255.255.0

192.168.201.0 255.255.255.0

204.92.76.0 255.255.255.0 e0e1

204.92.76.2204.92.75.0 255.255.255.0 e2

204.92.75204.92.75.0.0

192.168.201192.168.201.0.0204.92.76204.92.76.0.0204.92.77204.92.77.0.0

5 IP protocol 5.2 IP routing Routing table - Exercise 8 (answer)

R2 R1R1.1.1 .1.1 .1.1.2.2

0.0.0.0(default) 0.0.0.0192.168.201.0 255.255.255.0

204.92.76.0 255.255.255.0 e1e1

204.92.76.1e0

.2.2e0e0e1 e1e2

e1e1

e0

Fill-in this table


An important function of the IP protocol is IP routing. This provides the basic mechanism for routers to interconnectdifferent physical networks.

The router only has information about various kinds of destinations: • networks that are directly attached to one of the physical networks to which the router is attached. • Hosts or networks for which the router has been given explicit definitions.

The metrics provide indication about cost of a route to a destination. Metrics are based on :

the number of hops, the bandwidth, the delay, ...


272

IP headerIP headerEthernet headerEthernet header


Addr. Hex. Data ASCII0000: 01 00 5E 00 00 09 00 10 7B 81 9E 9A 08 00 45 C0 ..^..........E.0010: 00 34 00 00 00 00 02 11 CD DD 0A 0E 00 05 E0 00 .4..............0020: 00 09 02 08 02 08 00 20 05 73 02 02 00 00 00 02 ....... .s......0030: 00 00 0A 0A 00 00 FF FF 00 00 00 00 00 00 00 00 ................0040: 00 01

11-- Look for the destination IP @ and indicate which class is itLook for the destination IP @ and indicate which class is it

22-- Look for the destination MAC @ and explain its valueLook for the destination MAC @ and explain its value

Ethernet Frame

IP@IP@destdest

MAC@MAC@destdest

Answer : E0.00.00.09 ≡≡≡≡ 224.0.0.9 Class D (multicast)

01:00:5E:00:00:09Copy of lower significant bits from IP@

Multicast @


AAA Authentication, Authorization and AccountingAAL ATM Adaptation LayerAPI Application Programming InterfaceARP Address Resolution ProtocolARPA Advanced Research Projects AgencyAS Autonomous SystemASN.1 Abstract Syntax Notation 1

BGP Border Gateway ProtocolBIND Berkeley Internet Name DomainBSD Berkeley Software Distribution

CHAP Challenge Handshake Authentication ProtocolCIDR Classless Inter-Domain RoutingCLNP Connectionless Network ProtocolCORBA Common Object Request Broker ArchitectureCOS Class of ServiceCPCS Common Part Convergence SublayerCSMA/CD Carrier Sense Multiple Access with Collision Detection

DARPA Defense Advanced Research Projects AgencyDCE Data Circuit-terminating EquipmentDDNS Dynamic Domain Name SystemDES Digital Encryption StandardDHCP Dynamic Host Configuration ProtocolDLC Data Link ControlDLCI Data Link Connection IdentifierDMZ Demilitarized ZoneDNS Domain Name ServerDOD U.S. Department of DefenseDSA Digital Signature AlgorithmDSAP Destination Service Access PointDSS Digital Signature StandardDTE Data Terminal EquipmentDVMRP Distance Vector Multicast Routing Protocol

EGP Exterior Gateway ProtocolESP Encapsulating Security Payload

FDDI Fiber Distributed Data InterfaceFQDN Fully Qualified Domain NameFR Frame RelayFTP File Transfer Protocol

GGP Gateway-to-Gateway ProtocolGUI Graphical User Interface

HDLC High-level Data Link ControlHMAC Hashed Message Authentication CodeHTML Hypertext Markup LanguageHTTP Hypertext Transfer Protocol

IAB Internet Activities BoardIANA Internet Assigned Numbers AuthorityICMP Internet Control Message ProtocolICSS Internet Connection Secure ServerIDEA International Data Encryption Algorithm

IDLC Integrated Data Link ControlIDRP Inter-Domain Routing ProtocolIEEE Institute of Electrical and Electronics EngineersIESG Internet Engineering Steering GroupIETF Internet Engineering Tas k Fo r ceIGMP Internet Group Management ProtocolIGP Interior Gateway ProtocolIKE Internet Key ExchangeIMAP Internet Message Access ProtocolIMS Information Management SystemIP Internet ProtocolIPSec IP Security ArchitectureIPX Internetwork Packet ExchangeIRFT Internet Research Task ForceISAKMP Internet Security Association and Key Management ProtocolISDN Integrated Services Digital NetworkISO International Organization for StandardizationISP Internet Service ProviderJPEG Joint Photographic Experts GroupLAC L2TP Access ConcentratorLAN Local Area NetworkLAPB Link Access Protocol BalancedLCP Link Control ProtocolLDAP Lightweight Directory Access ProtocolLE LAN Emulation (ATM)LLC Logical Link LayerLNS L2TP Network ServerLPD Line Printer DaemonLPR Line Printer RequesterLSAP Link Service Access PointL2F Layer 2 ForwardingL2TP Layer 2 Tunnelling ProtocolMAC Medium Access ControlMD2 RSA Message Digest 2 AlgorithmMD5 RSA Message Digest 5 AlgorithmMIB Management Information BaseMILNET Military NetworkMIME Multipurpose Internet Mail ExtensionsMLD Multicast Listener DiscoveryMOSPF Multicast Open Shortest Path FirstMPC Multi-Path ChannelMPEG Moving Pictures Experts GroupMPLS Multiprotocol Label SwitchingMPOA Multiprotocol over ATMMPTN Multiprotocol Transport NetworkMS-CHAP Microsoft Challenge Handshake Authentication ProtocolMTA Message Transfer AgentMTU Maximum Transmission UnitNAT Network Address Tr an sl a t i o nNBDD NetBIOS Datagram DistributorNBNS NetBIOS Name ServerNCP Network Control ProtocolNCSA National Computer Security Association

Glossary


NDIS Network Driver Interface SpecificationNetBIOS Network Basic Input/Output SystemNFS Network File SystemNIC Network Information CenterNIS Network Information SystemsNIST National Institute of Standards and TechnologyNMS Network Management StationNNTP Network News Transfer ProtocolNRZ Non-Return-to-ZeroNRZI Non-Return-to-Zero InvertedNSAP Network Service Access PointNTP Network Time ProtocolNVT Network Virtual Ter mi na l

OSI Open Systems InterconnectOSPF Open Shortest Path First

PAP Password Authentication ProtocolPDU Protocol Data UnitPGP Pretty Good PrivacyPI Protocol InterpreterPIM Protocol Independent MulticastPKCS Public Key CryptosystemPKI Public Key InfrastructurePNNI Private Network-to-Network InterfacePOP Post Office ProtocolPOP Point-of-PresencePPP Point-to-Point ProtocolPPTP Point-to-Point Tunneling ProtocolPRI Primary Rate InterfacePSDN Packet Switching Data NetworkPSTN Public Switched Telephone NetworkPVC Permanent Virtual Circuit

QLLC Qualified Logical Link ControlQoS Quality of Service

RACF Resource Access Control FacilityRADIUS Remote Authentication Dial-In User ServiceRARP Reverse Address Resolution ProtocolRAS Remote Access ServiceRC2 RSA Rivest Cipher 2 AlgorithmRC4 RSA Rivest Cipher 4 AlgorithmREXEC Remote Execution Command ProtocolRFC Request for CommentsRIP Routing Information ProtocolRIPE Réseaux IP EuropéensRISC Reduced Instruction-Set ComputerRPC Remote Procedure CallRSH Remote ShellRSVP Resource Reservation ProtocolRTCP Realtime Control ProtocolRTP Realtime Protocol

SA Security AssociationSAP Service Access PointSDLC Synchronous Data Link Control

SET Secure Electronic TransactionSGML Standard Generalized Markup LanguageSHA Secure Hash AlgorithmS-HTTP Secure Hypertext Transfer ProtocolSLA Service Level AgreementSLIP Serial Line Internet ProtocolSMI Structure of Management InformationS-MIME Secure Multipurpose Internet Mail ExtensionSMTP Simple Mail Transfer ProtocolSNA System Network ArchitectureSNAP Subnetwork Access ProtocolSNMP Simple Network Management ProtocolSOA Start of AuthoritySPI Security Parameter IndexSSL Secure Sockets LayerSSAP Source Service Access PointSSP Switch-to-Switch ProtocolSSRC Synchronization SourceSVC Switched Virtual CircuitTACACS Terminal Access Controller Access Control SystemTCP Transmission Control ProtocolTCP/IP Transmission Control Protocol/Internet ProtocolTFTP Trivial File Transfer ProtocolTLPB Transport-Layer Protocol BoundaryTLS Transport Layer SecurityTOS Type of ServiceTRD Transit Routing DomainTTL Time to LiveUDP User Datagram ProtocolUID Unique IdentifierURI Uniform Resource IdentifierURL Uniform Resource LocatorVPN Virtual Private NetworkVRML Virtual Reality Modeling LanguageVRRP Virtual Router Redundancy ProtocolVTAM Virtual Telecommunications Access MethodWAE Wireless Application EnvironmentWAP Wireless Application ProtocolWSP Wireless Session ProtocolWTP Wireless Transaction ProtocolWAN Wide Area NetworkWWW World Wide WebXDR External Data RepresentationXML Extensible Markup Language3DES Triple Digital Encryption Standard

Glossary


dec hex bin dec hex bin dec hex bin dec hex bin0 00 00000000 64 40 01000000 128 80 10000000 192 C0 110000001 01 00000001 65 41 01000001 129 81 10000001 193 C1 110000012 02 00000010 66 42 01000010 130 82 10000010 194 C2 110000103 03 00000011 67 43 01000011 131 83 10000011 195 C3 110000114 04 00000100 68 44 01000100 132 84 10000100 196 C4 110001005 05 00000101 69 45 01000101 133 85 10000101 197 C5 110001016 06 00000110 70 46 01000110 134 86 10000110 198 C6 110001107 07 00000111 71 47 01000111 135 87 10000111 199 C7 110001118 08 00001000 72 48 01001000 136 88 10001000 200 C8 110010009 09 00001001 73 49 01001001 137 89 10001001 201 C9 11001001

10 0A 00001010 74 4A 01001010 138 8A 10001010 202 CA 1100101011 0B 00001011 75 4B 01001011 139 8B 10001011 203 CB 1100101112 0C 00001100 76 4C 01001100 140 8C 10001100 204 CC 1100110013 0D 00001101 77 4D 01001101 141 8D 10001101 205 CD 1100110114 0E 00001110 78 4E 01001110 142 8E 10001110 206 CE 1100111015 0F 00001111 79 4F 01001111 143 8F 10001111 207 CF 1100111116 10 00010000 80 50 01010000 144 90 10010000 208 D0 1101000017 11 00010001 81 51 01010001 145 91 10010001 209 D1 1101000118 12 00010010 82 52 01010010 146 92 10010010 210 D2 1101001019 13 00010011 83 53 01010011 147 93 10010011 211 D3 1101001120 14 00010100 84 54 01010100 148 94 10010100 212 D4 1101010021 15 00010101 85 55 01010101 149 95 10010101 213 D5 1101010122 16 00010110 86 56 01010110 150 96 10010110 214 D6 1101011023 17 00010111 87 57 01010111 151 97 10010111 215 D7 1101011124 18 00011000 88 58 01011000 152 98 10011000 216 D8 1101100025 19 00011001 89 59 01011001 153 99 10011001 217 D9 1101100126 1A 00011010 90 5A 01011010 154 9A 10011010 218 DA 1101101027 1B 00011011 91 5B 01011011 155 9B 10011011 219 DB 1101101128 1C 00011100 92 5C 01011100 156 9C 10011100 220 DC 1101110029 1D 00011101 93 5D 01011101 157 9D 10011101 221 DD 1101110130 1E 00011110 94 5E 01011110 158 9E 10011110 222 DE 1101111031 1F 00011111 95 5F 01011111 159 9F 10011111 223 DF 1101111132 20 00100000 96 60 01100000 160 A0 10100000 224 E0 1110000033 21 00100001 97 61 01100001 161 A1 10100001 225 E1 1110000134 22 00100010 98 62 01100010 162 A2 10100010 226 E2 1110001035 23 00100011 99 63 01100011 163 A3 10100011 227 E3 1110001136 24 00100100 100 64 01100100 164 A4 10100100 228 E4 1110010037 25 00100101 101 65 01100101 165 A5 10100101 229 E5 1110010138 26 00100110 102 66 01100110 166 A6 10100110 230 E6 1110011039 27 00100111 103 67 01100111 167 A7 10100111 231 E7 1110011140 28 00101000 104 68 01101000 168 A8 10101000 232 E8 1110100041 29 00101001 105 69 01101001 169 A9 10101001 233 E9 1110100142 2A 00101010 106 6A 01101010 170 AA 10101010 234 EA 1110101043 2B 00101011 107 6B 01101011 171 AB 10101011 235 EB 1110101144 2C 00101100 108 6C 01101100 172 AC 10101100 236 EC 1110110045 2D 00101101 109 6D 01101101 173 AD 10101101 237 ED 1110110146 2E 00101110 110 6E 01101110 174 AE 10101110 238 EE 1110111047 2F 00101111 111 6F 01101111 175 AF 10101111 239 EF 1110111148 30 00110000 112 70 01110000 176 B0 10110000 240 F0 1111000049 31 00110001 113 71 01110001 177 B1 10110001 241 F1 1111000150 32 00110010 114 72 01110010 178 B2 10110010 242 F2 1111001051 33 00110011 115 73 01110011 179 B3 10110011 243 F3 1111001152 34 00110100 116 74 01110100 180 B4 10110100 244 F4 1111010053 35 00110101 117 75 01110101 181 B5 10110101 245 F5 1111010154 36 00110110 118 76 01110110 182 B6 10110110 246 F6 1111011055 37 00110111 119 77 01110111 183 B7 10110111 247 F7 1111011156 38 00111000 120 78 01111000 184 B8 10111000 248 F8 1111100057 39 00111001 121 79 01111001 185 B9 10111001 249 F9 1111100158 3A 00111010 122 7A 01111010 186 BA 10111010 250 FA 1111101059 3B 00111011 123 7B 01111011 187 BB 10111011 251 FB 1111101160 3C 00111100 124 7C 01111100 188 BC 10111100 252 FC 1111110061 3D 00111101 125 7D 01111101 189 BD 10111101 253 FD 1111110162 3E 00111110 126 7E 01111110 190 BE 10111110 254 FE 1111111063 3F 00111111 127 7F 01111111 191 BF 10111111 255 FF 11111111


276


basic ip.pdf

Documents

udp protocol

icmp protocol

vh zza

blank alcatel university

link layers3 arp protocol

vt zza

operation of repeaters

large networks