cs335 networking & network administration
DESCRIPTION
CS335 Networking & Network Administration. Wednesday, May 12, 2010. ICMP. Internet Control Message Protocol Error reporting protocol integrated with IP We have reviewed header checksum http://www.faqs.org/rfcs/rfc792.html - PowerPoint PPT PresentationTRANSCRIPT
CS335 Networking &
Network Administration
Wednesday, May 12, 2010
ICMP
Internet Control Message Protocol Error reporting protocol integrated with IP We have reviewed header checksum http://www.faqs.org/rfcs/rfc792.html Short for Internet Control Message Protocol, an
extension to the Internet Protocol (IP) defined by RFC 792. ICMP supports packets containing error, control, and informational messages. The PING command, for example, uses ICMP to test an Internet connection.
ICMP ICMP Protocol Overview Internet Control Message Protocol (ICMP), documented in RFC 792, is a required protocol
tightly integrated with IP. ICMP messages, delivered in IP packets, are used for out-of-band messages related to network operation or misoperation. Of course, since ICMP uses IP, ICMP packet delivery is unreliable, so hosts can't count on receiving ICMP packets for any network problem. Some of ICMP's functions are to: Announce network errors, such as a host or entire portion of the network being unreachable, due
to some type of failure. A TCP or UDP packet directed at a port number with no receiver attached is also reported via ICMP.
Announce network congestion. When a router begins buffering too many packets, due to an inability to transmit them as fast as they are being received, it will generate ICMP Source Quench messages. Directed at the sender, these messages should cause the rate of packet transmission to be slowed. Of course, generating too many Source Quench messages would cause even more network congestion, so they are used sparingly.
Assist Troubleshooting. ICMP supports an Echo function, which just sends a packet on a round--trip between two hosts. Ping, a common network management tool, is based on this feature. Ping will transmit a series of packets, measuring average round--trip times and computing loss percentages.
Announce Timeouts. If an IP packet's TTL field drops to zero, the router discarding the packet will often generate an ICMP packet announcing this fact. TraceRoute is a tool which maps network routes by sending packets with small TTL values and watching the ICMP timeout announcements.
ICMPmessages
http://www.iana.org/assignments/icmp-parameters
http://www.networksorcery.com/enp/protocol/icmp.htm
ICMP message transport
ICMP uses IP to transport error messages
ICMP includes both messages about errors and informational messages. ICMP is integrated with IP: ICMP encapsulates messages in IP for transmission and IP uses ICMP to report problems.
ICMP
ICMP messages are created in response to a datagram when the datagram has encountered a problem ( ex. A router finds that the destination is unreachable)
Sending data back to sender is easy because datagram has source IP address
No special priority – but if a datagram carrying an ICMP error causes an error, no error message is sent to keep from flooding the network with error messages about error messages
ICMP to test reachability
Ping uses the ICMP echo request and echo reply messages
Ping sends an IP datagram that contains an ICMP echo message to the specified destination
If no reply arrives ping retransmits the request
ICMP on remote machine replies to the echo request
Traceroute
ICMP is used in traceroute Traceroute sets the time to live of first packet to 1 The first router reponds and discards the packet
because of time to live = 0 and sends back an ICMP time exceeded message
Traceroute now knows the IP address of the first router from the source address of the error it sends
Then traceroute sends the second packet with time to live of 2
Traceroute Last address reply
Two techniques Send an ICMP echo request message; the destination host will
generate an ICMP echo reply Send a datagram to a nonexistent application; the destination host will
generate an ICMP destination unreachable message Microsoft uses the first Unix uses second approach
The 2 approaches can produce different addresses for the final destination Echo request gives a source address equal to the ip address to which
the request was sent When a datagram with no application arrives, ICMP uses the address
of the interface over which the error message is sent
Traceroute result
traceroute from www.net.berkeley.edu to www.lagrande.k12.or.us
1 vlan206.inr-203-eva.Berkeley.EDU (128.32.206.1) 0.855 ms 0.627 ms 1.219 ms 2 vlan209.inr-201-eva.Berkeley.EDU (128.32.255.1) 0.340 ms 0.306 ms 0.289 ms 3 ge-1-2-0.inr-002-reccev.Berkeley.EDU (128.32.0.36) 0.402 ms 0.401 ms 0.395 ms 4 hpr-oak-hpr--ucb-ge.cenic.net (137.164.27.129) 0.637 ms 1.150 ms 0.617 ms 5 sac-hpr--oak-hpr-10ge.cenic.net (137.164.25.17) 2.325 ms 2.239 ms 2.243 ms 6 lax-hpr--sac-hpr-10ge.cenic.net (137.164.25.10) 11.893 ms 11.748 ms 11.723 ms 7 abilene-LA--hpr-lax-gsr1-10ge.cenic.net (137.164.25.3) 11.744 ms 13.390 ms 14.997 ms 8 snvang-losang.abilene.ucaid.edu (198.32.8.95) 19.344 ms 19.163 ms 19.432 ms 9 pos-1-0.core0.eug.oregon-gigapop.net (198.32.163.17) 31.597 ms 31.478 ms 31.469 ms 10 nero.eug.oregon-gigapop.net (198.32.163.151) 31.648 ms 31.593 ms 31.585 ms 11 ptck-core2-gw.nero.net (207.98.64.2) 33.928 ms 34.089 ms 33.988 ms
12 eou-car1-gw.nero.net (207.98.64.22)46.885 ms 46.496 ms 46.667 ms
More TraceRoute Info
http://bs.mit.edu:8001/cgi-bin/traceroute http://www.traceroute.org/#USA http://visualroute.visualware.com/
Visual Routehttp://visualroute.visualware.com/ ====================================================================================== === VisualRoute (R) 2005 Server Edition (v9.3a) report on May 11, 2005 12:46:44 PM === ======================================================================================
Report for www.lagrande.k12.or.us [140.211.34.6]
Analysis: 'www.lagrande.k12.or.us' was found in 13 hops (TTL=243).
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | Hop | %Loss | IP Address | Node Name | Location | Tzone | ms | Graph | Network | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | 0 | | 161.58.180.113 | WIN10115.visualware.com | * | | | | Verio, Inc. VRIO-161-058 | | 1 | | 161.58.176.129 | - | | | 0 | x | Verio, Inc. VRIO-161-058 | | 2 | | 161.58.156.140 | - | | | 6 | x- | Verio, Inc. VRIO-161-058 | | 3 | | 129.250.28.206 | xe-1-2-0-3.r20.asbnva01.us.bb.verio.net | Ashburn, VA, USA | -05:00 | 0 | x | Verio, Inc. VRIO-129-250
| | 4 | | 129.250.2.35 | p64-0-0-0.r21.asbnva01.us.bb.verio.net | Ashburn, VA, USA | -05:00 | 0 | x | Verio, Inc. VRIO-129-250
| | 5 | | 129.250.9.162 | p16-0.level3.asbnva01.us.bb.verio.net | Ashburn, VA, USA | -05:00 | 0 | x | Verio, Inc. VRIO-129-250 | | 6 | | 209.244.11.13 | so-2-1-0.bbr2.Washington1.Level3.net | 38.55n, 77.13w | | 0 | x | Level 3 Communications, Inc. LEVEL3-CIDR
| | 7 | | 209.247.10.133 | so-1-0-0.mp2.Seattle1.Level3.net | Seattle, WA, USA | -08:00 | 74 | x | Level 3 Communications, Inc. LEVEL3-
CIDR | | 8 | | 209.247.9.58 | ge-11-1.hsa2.Seattle1.Level3.net | Seattle, WA, USA | -08:00 | 75 | x | Level 3 Communications, Inc. LEVEL3-
CIDR | | 9 | | 63.211.200.246 | unknown.Level3.net | | | 78 | x | Level 3 Communications, Inc. LEVEL4-CIDR | | 10 | | 207.98.64.138 | ptck-core2-gw.nero.net | | | 78 | x | Oregon Exchange OREGON-EXCH | | 11 | | 207.98.64.22 | eou-car1-gw.nero.net | | | 91 | x | Oregon Exchange OREGON-EXCH | | 12 | | 140.211.34.6 | lagrande.k12.or.us | | | 92 | x | Oregon State System of Higher Education OSSHENET | | 13 | | 140.211.34.6 | www.lagrande.k12.or.us | | | 92 | x | Oregon State System of Higher Education OSSHENET | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ICMP for path MTU discovery
Smallest MTU is the path MTU Fragmentation impacts performance so
determining path MTU can keep fragmentation from happening
Set header bit in Flags field to prevent fragmentation
Probe with datagrams to find a datagram size that passes the MTU of the route
UDP – User Datagram Protocol
End-to-end protocols are in Layer 4 End-to-end protocol or transport protocol UDP is less complex but does not provide the
type of service that a typical application expects
UDP End-to-end – can distinguish among multiple applications on a
computer Connectionless – the interface that UDP supplies to apps follows a
connectionless paradigm; does not need to preestablish communication before sending data, nor terminate communication when finished; no control messages, arbitrary delay times between messages
Message-oriented – an app that uses UDP send and receives individual messages
Best-effort – UDP offers the same best effort delivery as IP Arbitrary interaction – UDP allows an app to send to many other apps,
receive from many apps, or communicate with exactly one app OS independent – provides a means of identifying application programs
that does not depend on identifiers used by the local OS
Message-oriented interface
Does not divide messages into packets for transmission
Does not combine messages for delivery IP datagram size forms a limit on the size of a UDP
message Problems for programmers
UDP message size Large messages will be fragmented if the network MTU is
exceeded Small messages have large ratio of header octets to data
octets - inefficient
UDP
UDP uses IP for delivery so it uses best-effort delivery semantics
UDP suffices for applications that can afford lost or corrupted packets Audio could afford a lost packet – it would
produce annoying noise On-line shopping can’t tolerate duplication of
messages
UDP
1-to-1: app to app 1-to-many: app to multiple recipients Many-to-1: receive messages from multiple Many-to-many: set of apps communicate
together Applications using UDP can use unicast,
multicast and broadcast IP addresses
UDP
UDP defines an abstract set of identifiers for the application programs called protocol port numbers independent of the underlying OS
All OS’s recognize the standard protocol port numbers
UDP Datagram
UDP messages are called user datagrams Short header and a payload Protocol port numbers for sender and
receiver Message length of total size measured in
octets
Encapsulation
UDP is encapsulated in IP
UDP summary
Provides end-to-end message transport from an app on one computer to an app on another
Encapsulated in IP Uses best delivery like IP Uses protocol port numbers to distinguish
among apps and independent of underlying OS
TCP
Transmission control protocol Provides reliable data delivery service to
applications Reliability is the responsibility of the transport
protocol
TCP services
Connection orientation – app first requests a connection to a destination, then uses it to transfer data
Point-to-point – each TCP connection has exactly two endpoints
Complete reliability – TCP guarantees that the data sent will be delivered exactly as sent
Full duplex communication – data flows in either direction; either app can send data at any time. TCP can buffer outgoing and incoming data, so an app can continue computation while data is transferred
TCP services
Stream interface – app sends continuous sequence of octets
Reliable connection startup – both apps have to agree to the connection; duplicate packets used in previous connections will not appear to be valid responses
Graceful connection shutdown – apps can open connections, send arbitrary data, then request a shutdown. TCP guarantees to deliver data reliably before closing connection
End-to-end service
Virtual connections because achieved in software Encapsulated in IP IP passes to TCP TCP treats IP as a packet communication system and IP
treats each TCP message as data to be transferred
Reliability
Can’t accept duplicate messages from old connections
Computer reboots can leave a a connection in place
Packet Loss
Retransmission TCP starts timer when it sends data If no ACK retransmits
Adaptive retransmission
TCP estimates round trip delays for each connection to adapt to internet delay
Doesn’t use a fixed timeout due to changes in internet responses
Comparison
Adaptive retransmission
Buffers, flow control
TCP uses a window mechanism Each side allocates a buffer and
communicates it to the other side Amount of buffer at a time is the
window When a sender gets a zero
window it has to wait to send more data
Receiver can control the rate at which sender transmits data
Three-way handshake
Reliable connections established and terminated Synchronization segment (SYN) to create connection Finish segment (FIN) to terminate connection TCP retransmits lost SYN and FIN segments
Congestion control
Packet loss (or extremely long delay) is most likely due to congestion
Congestion can be exacerbated by retransmission
So TCP uses packet loss as a measure of congestion and reduces the rate at which it retransmits data
TCP knows receiver window size and retransmits at lower rates
Congestion
TCP sends a single message containing data If an ACK arrives with no loss, TCP sends
two additional messages If those ACK’s arrive, sends 4 When it reaches half of the receiving window
allotment it slows down the rate of increase This scheme works well with increased traffic
on the internet Senders back off when congestion occurs
TCP segment format
Segment refers to a message TCP uses this format for all messages: data,
acknowledgements, and messages that are part of the 3-way handshake
TCP Summary
Major transport protocol of the TCP/IP suite Provides apps with a reliable, flow-controlled, full-
duplex, stream transport service Connection oriented with guaranteed delivery and
termination TCP on one computer exchanges messages with
TCP on receiver Travels in IP datagram Retransmits lost messages Retransmission time is adaptive
TCP resources
ftp://ftp.isi.edu/in-notes/rfc793.txt original DARPA TCP protocol definition from 1981
ftp://ftp.isi.edu/in-notes/rfc1122.txt later refinements
http://www.faqs.org/rfcs/rfc793.html http://www.cisco.com/warp/public/535/4.html http://www.protocols.com/pbook/tcpip1.htm
NAT
Network address translation Share one single valid IP address for the
Internet with multiple computers Computers on Internet never see private
addresses
Basic address translation
Valid IP address for site of 128.210.24.6 Source address = 10.0.0.1 Destination address = 128.211.134.4 NAT has to rewrite the source address to
make it 128.210.24.6 Also has to recompute the IP checksum
because the original checksum will fail
Translation table
NAT uses translation table to track the destination of packets to the incoming network
NAPT
Network address and port translation If browser at 10.0.0.1 and 10.0.0.2 both form
TCP connection, NAPT table rewrites both IP address and port number
NAT at home
DSL and cable modems use NAT to share address in a residence
NAT resources
http://www.faqs.org/rfcs/rfc3022.html NAT http://www.faqs.org/rfcs/rfc2663.html NAT http://www.faqs.org/rfcs/rfc2766.html NAPT