the network layer and the internet protocol · nixu ltd. 10/48the network layer and the internet...

Nixu Ltd.

The Network Layer and the Internet Protocol

Nixu Ltd. 2/48 The Network Layer and the Internet Protocol

OVERVIEW

• The Internet Protocol

• IP addresses, address resolution

• IP in LAN environment

• Static routing

• Dynamic routing


Network Layer

• Network layer packets are transmitted from the sending network entity all the way to the reciever, spanning several LANs and data link layer technologies

• There are several network layer protocols— Internet Protocol (IP) is currently the most common one— X.25 is almost obsolete

— Provides realiable, connection oriented packet networking


IP

• IP = The Internet Protocol

• Defined in RFC 791

• IP sends simple datagrams over network.

• It provides unreliable and connectionless delivery service.— unreliable = no guarantees, ICMP error messages— connectionless = each packet is routed separately

• Large IP packets may be fragmented and reassembled in transmission


IP Packet Format

• Normal size for IP header is 20 bytes, plus options & padding.

version

hdr len

type of service

total length

identification flags fragmentation offset

time to live protocol header checksum

source IP address

destination IP address

options ... padding

data


IP Packet Format

— Version is 4 until IPv6 comes.— Type of Service contains quality parameters, like maximize throughput

or reliability. Often not implemented.— Identification is set by sending host to unique value for each sent IP-

packet, usually this is an incremental counter.— Flags tell if this packet is fragmented or if this packet should not be

fragmented— Fragment offset tells how far from the head of original datagram this

fragment is— Time to Live is decremented by one by every router passed. When 0

is reached, the packet is discarded and an ICMP-message sent back.— Protocol may be TCP, UDP, ICMP or one of several others— Options are rarely used and not widely supported. They are loose and

strict source routing, route recording and timestamping and military security options (RFC 1108).


IP Addresses

• IP address identifies a network interface. A host can have several interfaces.

• Current length 32 bits (IPv4). Future length (IPv6) 128 bits.

• General syntax:— 4 components separated by dots (“dotted quad”)— decimal numbers (0-255)— for example: 193.210.18.18

• Addresses have two components, the network id and the host id.


Address Classes

A

B

C

network host

network host

network host

24

14 16

21 8

1 7

2

3

D multicast address284

E reserved for future use275

0 - 127

128 - 191

192 - 223

224 - 239

240 - 247

first byte:


Address Classes

• The network part of the address is used to route a packet to the right LAN— The host part tells which host on a LAN should recieve the packet— If a host is sending a packet to an address, which network part is not

same as the sender’s the packet is sent to a gateway (router), if the network part is same, the packet is sent to the LAN

• There isonly a small number of class A networks but they can have many hosts

• Class B networks are almost all taken

• There are quite a few class C networks but they can only have 254 hosts each

• Class based routing is now mostly obsolete and replaced by clasless routing (CIDR)


CIDR (Classless InterDomain Routing)

• Arbitrary length host and network fields instead of A, B and C classes

• Commonly used to make superblocks of C classes for routing (aka. supernetting)

• In the future may be used to split unused A classes

• Network mask marks the boundary— For example 130.223.236.0/22 netmask is 255.255.252.0— The number after the slash (/) tells how many bits in the mask are 1,

the rest are 0

• RFC 1518, 1519


Special Addresses

• 0.0.0.0 is used for "any" or "no" IP address

• 255.255.255.255 is local broadcast address

• 127 followed by hostid is the loopback address — E.g. 127.0.0.1

• netid followed by all zeros is the network address — E.g. 222.1.16.0/24

• netid followed by all ones is network broadcast address — E.g. 222.1.16.255/24


Subnetting

• Large networks are often divided into smaller units

• Subnetting hides the details of internal network organization— for example, 150.78.0.0/16 (216-2 hosts) could be subnetted to

150.78.0.0/24 (28 subnets with 28-2 hosts in each)

— host IP address AND network mask = network IP address

netid subnetid hostid

default netmask

subnet mask


ICMP

• ICMP = Internet Control Message Protocol

• Defined in RFC 792

• ICMP packet syntax

— Type identifies the message: echo request, echo reply, destination unreachable, etc.

— Code defines the reason: host unreachable, port unreachable, etc.— Data contains part of the IP packet that caused the error.

TYPE CODE CHECKSUM

DATA


ICMP

• ICMP messages are transmitted in IP datagrams.

• Communicates error messages and other conditions that require attention.

• Can be utilized to track network infrastructure (ping, traceroute).

IP header ICMP header ICMP data


IP on LAN

• Usually one physical segment = one IP network

• Each IP network has a network address and a broadcast address

• Problem: IP addresses only make sense to the TCP/IP protocol suite, not to the hardware interface

• Solution: ARP maps IP addresses to hardware addresses

• If a booting host doesn’t know its IP address, RARP, BOOTP or DHCP can be used


… IP on LAN

• Host interfaces must be activated

• Loopback interface:ifconfig lo 127.0.0.1

• Ethernet interface:ifconfig eth0 194.197.118.42 broadcast 194.197.118.255 \ netmask 255.255.255.0

• Other interfaces

• Default routeroute add default 194.197.118.1


… IP on LAN

gato tsilven 6$ ifconfig -alo Link encap:Local Loopback inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0 UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1 RX packets:77 errors:0 dropped:0 overruns:0 frame:0 TX packets:77 errors:0 dropped:0 overruns:0 carrier:0 collisions:0

eth0 Link encap:Ethernet HWaddr 00:60:08:06:2A:36 inet addr:194.197.118.42 Bcast:194.197.118.255 Mask:255.255.255.0 UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:178567 errors:0 dropped:0 overruns:0 frame:0 TX packets:43770 errors:0 dropped:0 overruns:0 carrier:0 collisions:20 Interrupt:5 Base address:0x6c00

gato tsilven 7$ netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Iface 194.197.118.0 0.0.0.0 255.255.255.0 U 1500 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 3584 lo 0.0.0.0 194.197.118.1 0.0.0.0 UG 1500 eth0


ARP (Address Resolution Protocol)

• A host finds other hosts by broadcasting an ARP query for the IP address

• The host with correct IP address replies with its hardware address

• The address pair is added to receivers dynamic ARP cache

• Features: proxy ARP, gratuitous ARP

• RFC 826


ARP Packet Format

• Encapsulated into link layer frame

• Data always 28 bytes— hard type = hardware address type (0x0001 = Ethernet)— prot type = protocol address type (0x0800 = IP)— OP = operation (ARP/RARP request/reply)

hardtype

prottype

hardsize

protsize OP

senderMAC address

senderIP address

targetMAC address

targetIP address

2 2 1 1 2 6 4 6 4


ARP, an Example

gato tsilven 15$ arp -ajalopeno.nixu.fi (194.197.118.20) at 08:00:20:74:F1:2C [ether] on eth0fajitas.nixu.fi (194.197.118.21) at 08:00:20:18:06:14 [ether] on eth0tapas.nixu.fi (194.197.118.24) at 08:00:09:6D:B6:44 [ether] on eth0

gato tsilven 16$ ping 194.197.118.37PING 194.197.118.37 (194.197.118.37): 56 data bytes64 bytes from 194.197.118.37: icmp_seq=0 ttl=64 time=3.0 ms64 bytes from 194.197.118.37: icmp_seq=1 ttl=64 time=0.7 ms

--- 194.197.118.37 ping statistics ---2 packets transmitted, 2 packets received, 0% packet lossround-trip min/avg/max = 0.7/1.8/3.0 ms

gato tsilven 17$ arp -ajalopeno.nixu.fi (194.197.118.20) at 08:00:20:74:F1:2C [ether] on eth0sueno.nixu.fi (194.197.118.37) at 00:60:08:54:2D:D9 [ether] on eth0fajitas.nixu.fi (194.197.118.21) at 08:00:20:18:06:14 [ether] on eth0tapas.nixu.fi (194.197.118.24) at 08:00:09:6D:B6:44 [ether] on eth0


ARP, an Example

bash-2.02# tcpdump -i eth0 -n -t -q\host 194.197.118.42

tcpdump: listening on eth0arp who-has 194.197.118.37 tell 194.197.118.42arp reply 194.197.118.37 is-at 0:60:8:54:2d:d9194.197.118.42 > 194.197.118.37: icmp: echo request194.197.118.37 > 194.197.118.42: icmp: echo reply194.197.118.42 > 194.197.118.37: icmp: echo request194.197.118.37 > 194.197.118.42: icmp: echo reply

6 packets received by filter0 packets dropped by kernel


Bootstrapping an IP host in the LAN

• RARP (Reverse ARP), a host broadcasts its hardware address and receives an IP address to use as its own

• BOOTP (Bootstrap Protocol) is better:— IP address and other information can be given

• Both now replaced by DHCP (Dynamic Host Configuration Protocol)


DHCP

• DHCP (Dynamic Host Configuration Protocol) extends BOOTP:— automatic assignment of (permanent) IP addresses— dynamic assignment for a limited time

• Extends vendor-specific area from 64 to 312 bytes

• RFC 1531

• Supports distributed configuration — Message forwarding or local servers

• Not a trivial service to configure for large installations


… DHCP

• Messages are sent using UDP over IP— Server in port 67, client in port 68

• The DHCP server on the LAN segment is found using a boradcast— First packet to 255.255.255.255 from 0.0.0.0 (client does not know its’

own address)

• Message types: — DISCOVER, OFFER, REQUEST, DECLINE, ACK, NAK, RELEASE

• The server returns all necessary information— IP address, netmask, gateway to the client— DNS server’s address also— Address assingment for limited time or permanently— The IP address can be from a pool or static


DHCP Event DiagramServer1 Client Server2

DHCPDISCOVER DHCPDISCOVER

DHCPOFFERDHCPOFFER

DHCPREQUEST DHCPREQUEST

DHCPACK

DHCPRELEASE


Static Routing

• When host has an IP datagram to send, it checks the routing table for the correct destination

• When a host receives an IP datagram, it checks datagram’s destination address— if there is a match, IP layer deliveres the datagram to correct protocol

module— else the datagram is silently discarded

• A (Unix) system can be configured to act as a router in addition to acting as a host— routers can forward IP datagrams from one of its interfaces to another


Router

• Router is a network component, which passes traffic between networks— Two or more network interfaces connected to networks or to other

routers

• For each and every given destination address, router must be able to make routing decision— Where (to what interface) I send this packet ?— Routing decision might also be: No such destination, cannot send— This applies also to workstations and servers even though they usu-

ally have only one network interface

• Routing decisions are based on routing table— Data structure, which contains information about possible destinations


Routing Table, an Example

gato tsilven 19$ netstat -rnKernel IP routing tableDestination Gateway Genmask Flags MSS Iface194.197.118.0 0.0.0.0 255.255.255.0 U 1500 eth0127.0.0.0 0.0.0.0 255.0.0.0 U 3584 lo0.0.0.0 194.197.118.1 0.0.0.0 UG 1500 eth0


Routing table

• Can be fixed (configured by hand to each device)— Static routing— Common at the edges of the network, workstations, servers— Not feasible on big and redundant networks— Usually very robust


Routing table ...

• Can also be dynamic (configured by hand, distributed automatically)— Routers exchange information using routing protocols— Routing protocol events (routing updates) affect directly to routing

table.— This causes interesting dynamic problems

— Debugging can be painful


Routing table contents

• For each destination, routing table contains— Addresses for this destination

— Might be some kind of wild card, e.g. all destinations not mentioned elsewhere in routing table (default route)

— Usually expressed as network number / mask— E.g. 194.197.118.0 / 24 (class C network, 24 network bits)— Modern routing mechanisms are classless, any number of network

bits allowed— Old-fashioned implementations usually are more or less class-

bound.— Next hop (where to send traffic to this destination)— Additional information (cost and/or other administrative information)


Routing table contents ...

• In practice, most transit providers accept only routes with 24 or less network bits— E.g. no routes smaller than class C are accepted— Now backbone transit providers are moving towards allowing /16 net-

works— Usually called “superblocks” (254 C classes)

• The routing table has usually a cost associated to each link— Not a monetary cost, more like a preference (lowest preferred)


Routing table ...

• Common case: LAN connected to Internet using serial line

— Routing table is very simple, typical case for static routing:

Destination Next hop Comment

193.209.237.0/24 e0 Local LAN (Ethernet)* s0 Serial line to Internet

(default route)

InternetRs0 e0

193.209.237.0/24


Routing table ...

• When amount of routers and redundant links increase to non-trivial numbers, something more flexible is needed

— Static routing can not handle redundant links nor link faults— Except on some environments (and even there unreliable)

R1

R2 R3

L1, 2M bpsL2, 2 Mbps

L3, 64 kbps

Inet

193.209.237.0/24

194.197.118.0/24

s0s1 e0


Routing table ...

• Routing table for router R3

— Cost added to routing table, priorisation of redundant routes— How we can know which links are up ?

— Routing protocol again !

Destination Next hop Cost Comment

194.197.118.0/24 e0 0 Directly connected193.209.237.0/24 s0 1 Fastest route193.209.237.0/24 s1 10 Backup via R2* s0 1 Fastest route via R1* s1 10 Slower


Routing table ...

• What if we can not have default route at all ?— Internet "backbone"— Multihomed network

— Internet connections from many (> 1) ISPs— In this case routing table will be very big

— And it changes practically all the time— Practical example on Internet router (1999-04-15)

— 69000 prefixes (routes)— Routes consume 16MB of memory— Realistic minimum memory for router 64MB


Routing protocols

• Routers can talk to other routers and find out the network topology— Which paths are available to which networks— Which path should be preferred— Routing protocols transport information, not IP packets

• Routing protocols can be divided by algorithm or by area

• By algorithm:— No routing protocol (static routes)— Link state protocols (SPF)— Distance vector protocols (Bellman-Ford)

• By area:— Routing protocols used internally by one AS, Interior Gateway Proto-

cols— Routing protocols used between ASes, Exterior Gateway Protocols


Distance vector protocols

• Also known as Bellman-Ford

• Routers send their entire routing table to their neighbouring routers at regular intervals

• The routing table is updated based on the information (costs) received from neighbour routers.

• Only one route to given destination is known at any given time— Although changes in network topology change routing table

• Generally does not scale well


Link state protocols

• Also known as SPF (Shortest Path First)

• Router sends link state messages to other routers in the network.— These packets are flooded to all routers

• When a router receives link state packet it — Builds a table of all routers and networks

— Each router knows full network topology— Calculates the best route to every network

— Usually the shortest path

• Link state information originates from node, which is "responsible" for the link— E.g. nodes connected to that link


Internal routing protocols

• Internal routing is routing within one Autonomous System (AS)

• RIP – Routing Information Protocol — Old, simple and limited distance-vector protocol— > 10 years old

• RIP-2— Addresses some shortcomings of RIP

• (E)IGRP – (Extended) Interior Gateway Routing Protocol— Newer and better distance-vector protocol— Proprietary protocol of Cisco— Nearly as complex as OSPF


Internal routing protocols ...

• OSPF – Open Shortest Path First— Complex but good link-state protocol— Developed and recommended by IETF for Internet— Good selection of metrics— Concept of areas


External routing protocols

• External routing is routing between Autonomous Systems

• Autonomous System is “a set of routers and networks under the same administration”.

• Without the concept of AS Internet-routing would become impossible: too many networks.

AS1 AS2

AS3


External routing protocols ...

• Old protocol: EGP – Exterior Gateway Protocol— organizes the exchange of reachability information— several problems in large networks (looping etc.)

• New protocol: BGP – Border Gateway Protocol— Path-vector concept prevents looping— Route filtering

— Usually a must because somebody will always advertise bogus routes.


BGP

• Current version BGP-4

• Used between ASes— Users: ISPs, transit providers, corporations, multihomed networks

• Every IP address belongs to one AS— For each destination, we find shortest AS path

• Typical implementation contains gazillion tuning options— Route filtering, route advertising, route using, neighborhood, ...

• On some occasions, supports even load balancing


What routing protocols to implement ?

• RIP— Everybody speaks RIP (if anything)— Suitable for small environments— Simple

• OSPF— Good features— Widely used in large environments

• BGP— The external routing protocol


Special Addresses

• On the Internet there is an agreement that some addresses are not routed to the backbone— 10.0.0.0/8— 192.168.0.0/16— 172.16.0.0/12

• These addresses are called private networks and used for NAT (Network Address Translation)


Common routing problems

• Missing default route— On statically routed environments

• Configuration faults— On many platforms, syntax of configuration commands is very hard to

manage and/or confusing— On some environments, route filtering is a must because some parties

advertise bogus routes— Routing protocols do not usually have security features

• Rotten software— Some vendors distribute alpha-quality software

• Bad documentation


Common routing problems ...

• Lack of expertise— Very small amount of Internet specialists actually can manage routing

configurations, esp. in non-trivial cases— Better documentation needed

• Bad performance— Internet grows all the time and router manufacturers barely keep up

with the developments— On some environments, some router features (e.g. ACLs) can not be

used because of performance issues

the network layer and the internet protocol · nixu ltd. 10/48the network layer and the internet...

Documents