Computer Networking: A Top-Down Approach PDF
Document Details
Uploaded by CohesiveVorticism1671
University of Colorado Denver
2016
Jim Kurose, Keith Ross
Tags
Related
- Computer Networking: A Top-Down Approach, Chapter 4, Network Layer, Data Plane PDF
- Computer Networks Lecture #5 PDF
- CPSC 441 Computer Networks Lecture Notes PDF
- Computer Networking: A Top-Down Approach PDF
- Computer Networking: A Top-Down Approach Chapter 4 PDF
- Computer Networking CCS-2201/CE-231 Introduction to Networks PDF
Summary
This document is Chapter 4 of Computer Networking: A Top-Down Approach, 7th edition, by Jim Kurose and Keith Ross. It covers the network layer, including data plane and control plane concepts, and introduces the IP protocol and its features like datagram format and fragmentation.
Full Transcript
Chapter 4 Network Layer: The Data Plane A note on the use of these Powerpoint slides: We’re making these slides freely available to all (faculty, students, readers). They’re in PowerPoint form so you see the animations; and can add, modify, and delete slides (including this one) and slide content t...
Chapter 4 Network Layer: The Data Plane A note on the use of these Powerpoint slides: We’re making these slides freely available to all (faculty, students, readers). They’re in PowerPoint form so you see the animations; and can add, modify, and delete slides (including this one) and slide content to suit your needs. Computer They obviously represent a lot of work on our part. In return for use, we only ask the following: If you use these slides (e.g., in a class) that you mention their source (after all, we’d like people to use our book!) Networking: A Top If you post any slides on a www site, that you note that they are adapted from (or perhaps identical to) our slides, and note our copyright of this Down Approach material. 7th edition Thanks and enjoy! JFK/KWR Jim Kurose, Keith Ross All material copyright 1996-2016 Pearson/Addison Wesley J.F Kurose and K.W. Ross, All Rights Reserved April 2016 Network Layer: Data 4-1 Plane Chapter 4: outline 4.4 Generalized 4.1 Overview of Forward and SDN match layer Network data actionplane control OpenFlowplane examples of match-plus-action in 4.2 What’s action inside a router 4.3 IP: Internet Protocol datagram format fragmentation IPv4 addressing network address translation IPv6 Network Layer: Data 4-2 Plane Chapter 4: network layer chapter goals: understand principles behind network layer services, focusing on data plane: network layer service models forwarding versus routing how a router works generalized forwarding instantiation, implementation in the Internet Network Layer: Data 4-3 Plane Network layer application transport segment transport network from sending to data link physical network network receiving host network data link data link physical data link physical on sending side physical network data link network data link encapsulates physical physical segments into network data link network data link datagrams physical network data link physical on receiving side, physical application delivers segments to network transport data link network network physical data link transport layer network data link data link physical physical physical network layer protocols in every host, router router examines Network Layer: Data 4-4 Plane Two key network-layer functions network-layer analogy: taking a trip functions: forwarding: process forwarding: move of getting through packets from router’s single interchange input to appropriate router output routing: process of routing: determine planning trip from route taken by source to packets from source destination to destination routing algorithms Network Layer: Data 4-5 Plane Network layer: data plane, control plane Data plane Control plane local, per-router network-wide logic function determines how datagram determines how is routed among routers datagram arriving on along end-end path from router input port is source host to destination forwarded to router host output port two control-plane values forwarding in arriving function approaches: packet header traditional routing 0111 1 algorithms: 3 2 implemented in routers software-defined networking (SDN): implemented in Layer: Data 4-6 Network Plane Per-router control plane Individual routing algorithm components in each and every router interact in the control plane Routing Algorithm control plane data plane values in arriving packet header 0111 1 2 3 Network Layer: Control 5-7 Plane Logically centralized control plane A distinct (typically remote) controller interacts with local control agents (CAs) Remote Controller control plane data plane CA CA CA CA CA values in arriving packet header 0111 1 2 3 Network Layer: Control 5-8 Plane Network service model Q: What service model for “channel” transporting datagrams from sender to receiver? example services example services for individual for a flow of datagrams: datagrams: guaranteed delivery in-order datagram guaranteed delivery delivery with less than 40 guaranteed msec delay minimum bandwidth to flow restrictions on changes in inter- packet spacing Network Layer: Data 4-9 Plane Network layer service models: Guarantees ? Network Service Congestion Architecture Model Bandwidth Loss Order Timing feedback Internet best effort none no no no no (inferred via loss) ATM CBR constant yes yes yes no rate congestion ATM VBR guaranteed yes yes yes no rate congestion ATM ABR guaranteed no yes no yes minimum ATM UBR none no yes no no Network Layer: Data 4-10 Plane Chapter 4: outline 4.4 Generalized 4.1 Overview of Forward and SDN match layer Network data actionplane control OpenFlowplane examples of match-plus-action in 4.2 What’s action inside a router 4.3 IP: Internet Protocol datagram format fragmentation IPv4 addressing network address translation IPv6 Network Layer: Data 4-11 Plane Router architecture overview high-level view of generic router architecture: routing, management routing control plane (software) processor operates in millisecond time frame forwarding data plane (hardware) operttes in nanosecond timeframe high-seed switching fabric router input ports router output ports Network Layer: Data 4-12 Plane Input port functions lookup, link forwarding line layer switch termination protocol fabric (receive) queueing physical layer: bit-level reception data link layer: decentralized switching: e.g., Ethernet using header field values, lookup see chapter 5 output port using forwarding table in input port memory (“match plus action”) goal: complete input port processing at ‘line speed’ queuing: if datagrams arrive faster than forwarding rate into switch Network Layer: Data 4-13 Plane Input port functions lookup, link forwarding line layer switch termination protocol fabric (receive) queueing physical layer: bit-level reception decentralized switching: data link layer: using header field values, lookup e.g., Ethernet output port using forwarding table see chapter 5 in input port memory (“match plus action”) destination-based forwarding: forward based only on destination IP address (traditional) generalized forwarding: forward based on any set of header field Network Layer: Data 4-14 Plane Destination-based forwarding forwarding table Destination Address Range Link Interface 11001000 00010111 00010000 00000000 through 0 11001000 00010111 00010111 11111111 11001000 00010111 00011000 00000000 through 1 11001000 00010111 00011000 11111111 11001000 00010111 00011001 00000000 through 2 11001000 00010111 00011111 11111111 otherwise 3 : but what happens if ranges don’t divide up so nicely? Network Layer: Data 4-15 Plane Longest prefix matching longest prefix matching when looking for forwarding table entry for given destination address, use longest address prefix that matches destination address. Destination Address Range Link interface 11001000 00010111 00010*** ********* 0 11001000 00010111 00011000 ********* 1 11001000 00010111 00011*** ********* 2 otherwise 3 examples: DA: 11001000 00010111 00010110 10100001 which interface? DA: 11001000 00010111 00011000 10101010 which interface? Network Layer: Data 4-16 Plane Longest prefix matching we’ll see why longest prefix matching is used shortly, when we study addressing longest prefix matching: often performed using ternary content addressable memories (TCAMs) content addressable: present address to TCAM: retrieve address in one clock cycle, regardless of table size Cisco Catalyst: can up ~1M routing table entries in TCAM Network Layer: Data 4-17 Plane Switching fabrics transfer packet from input buffer to appropriate output buffer switching rate: rate at which packets can be transfer from inputs to outputs often measured as multiple of input/output line rate N inputs: switching rate N times line rate desirable three types of switching fabrics memory memory bus crossbar Network Layer: Data 4-18 Plane Switching via memory first generation routers: traditional computers with switching under direct control of CPU packet copied to system’s memory speed limited by memory bandwidth (2 bus crossings per datagram) input output port memory port (e.g., (e.g., Ethernet) Ethernet) system bus Network Layer: Data 4-19 Plane Switching via a bus datagram from input port memory to output port memory via a shared bus bus contention: switching speed limited by bus bus bandwidth 32 Gbps bus, Cisco 5600: sufficient speed for access and enterprise routers Network Layer: Data 4-20 Plane Switching via interconnection network overcome bus bandwidth limitations banyan networks, crossbar, other interconnection nets initially developed to connect processors in multiprocessor advanced design: crossbar fragmenting datagram into fixed length cells, switch cells through the fabric. Cisco 12000: switches 60 Gbps through the interconnection network Network Layer: Data 4-21 Plane Input port queuing fabric slower than input ports combined -> queueing may occur at input queues queueing delay and loss due to input buffer overflow! Head-of-the-Line (HOL) blocking: queued datagram at front of queue prevents others in queue from moving forward switch switch fabric fabric output port contention: one packet time only one red datagram can later: green be transferred. packet lower red packet is blocked experiences HOL blocking Network Layer: Data 4-22 Plane Output ports This slide in HUGELY important! datagram switch buffer link fabric layer line protocol termination queueing (send) buffering required when (packets) Datagram datagramscan be arrive from fabriclost faster than thelack of due to congestion, transmission rate buffers schedulingPriority discipline chooses scheduling – who gets best among queued datagrams performance, networkfor neutrality transmission Network Layer: Data 4-23 Plane Output port queueing switch switch fabric fabric at t, packets more one packet time later from input to output buffering when arrival rate via switch exceeds output line speed queueing (delay) and loss due to output port buffer overflow! Network Layer: Data 4-24 Plane How much buffering? RFC 3439 rule of thumb: average buffering equal to “typical” RTT (say 250 msec) times link capacity C e.g., C = 10 Gpbs link: 2.5 Gbit buffer recent recommendation: with N flows, buffering equal to RTT. C N Network Layer: Data 4-25 Plane Scheduling mechanisms scheduling: choose next packet to send on link FIFO (first in first out) scheduling: send in order of arrival to queue real-world example? discard policy: if packet arrives to full queue: who to discard? tail drop: drop arriving packet priority: drop/remove on priority basis random: drop/remove randomly packet packet arrivals queue link departures (waiting area) (server) Network Layer: Data 4-26 Plane Scheduling policies: priority high priority queue priority scheduling: (waiting area) send highest arrivals departures priority queued packet classify link multiple classes, low priority queue (server) with different (waiting area) 2 priorities 1 3 4 5 class may depend arrivals on marking or packet other header info, in 1 3 2 4 5 service e.g. IP source/dest, port departures numbers, etc. 1 3 2 4 5 real world example? Network Layer: Data 4-27 Plane Scheduling policies: still more Round Robin (RR) scheduling: multiple classes cyclically scan class queues, sending one complete packet from each class (if available) real world example? 2 1 3 4 5 arrivals packet in 1 3 2 4 5 service departures 1 3 3 4 5 Network Layer: Data 4-28 Plane Scheduling policies: still more Weighted Fair Queuing (WFQ): generalized Round Robin each class gets weighted amount of service in each cycle real-world example? Network Layer: Data 4-29 Plane Chapter 4: outline 4.4 Generalized 4.1 Overview of Forward and SDN match layer Network data actionplane control OpenFlowplane examples of match-plus-action in 4.2 What’s action inside a router 4.3 IP: Internet Protocol datagram format fragmentation IPv4 addressing network address translation IPv6 Network Layer: Data 4-30 Plane The Internet network layer host, router network layer functions: transport layer: TCP, UDP routing protocols IP protocol path selection addressing conventions RIP, OSPF, BGP datagram format network packet handling conventions layer forwarding table ICMP protocol error reporting router link layer “signaling” physical layer Network Layer: Data 4-31 Plane IP datagram format IP protocol version 32 bits number total datagram header length type of length (bytes) ver head. length (bytes) len service for “type” of data fragment fragmentation/ 16-bit identifier flgs offset reassembly max number time to upper header remaining hops live layer checksum (decremented at 32 bit source IP address each router) 32 bit destination IP address upper layer protocol to deliver payload to options (if any) e.g. timestamp, record route how much overhead? data taken, specify 20 bytes of TCP (variable length, list of routers 20 bytes of IP typically a TCP to visit. = 40 bytes + app or UDP segment) layer overhead Network Layer: Data 4-32 Plane IP fragmentation, reassembly network links have MTU (max.transfer size) - largest fragmentation: … possible link-level in: one large datagram frame out: 3 smaller datagrams different link types, different MTUs reassembly large IP datagram divided (“fragmented”) … within net one datagram becomes several datagrams “reassembled” Network Layer: Data 4-33 Plane IP fragmentation, reassembly length ID fragflag offset example: =4000 =x =0 =0 4000 byte datagram one large datagram becomes several smaller datagrams MTU = 1500 bytes 1480 bytes in length ID fragflag offset data field =1500 =x =1 =0 offset = length ID fragflag offset 1480/8 =1500 =x =1 =185 length ID fragflag offset =1040 =x =0 =370 Network Layer: Data 4-34 Plane Chapter 4: outline 4.4 Generalized 4.1 Overview of Forward and SDN match layer Network data actionplane control OpenFlowplane examples of match-plus-action in 4.2 What’s action inside a router 4.3 IP: Internet Protocol datagram format fragmentation IPv4 addressing network address translation IPv6 Network Layer: Data 4-35 Plane IP addressing: introduction 223.1.1.1 IP address: 32-bit 223.1.2.1 identifier for host, router interface 223.1.1.2 223.1.1.4 223.1.2.9 interface: connection between 223.1.3.27 host/router and 223.1.1.3 223.1.2.2 physical link router’s typically have multiple 223.1.3.1 223.1.3.2 interfaces host typically has one or two interfaces (e.g., wired Ethernet, 223.1.1.1 = 11011111 00000001 00000001 00000001 wireless 802.11) IP addresses 223 1 1 1 associated with each interface Network Layer: Data 4-36 Plane IP addressing: introduction 223.1.1.1 Q: how are 223.1.2.1 interfaces actually connected? 223.1.1.2 223.1.1.4 223.1.2.9 A: we’ll learn about that in chapter 5, 223.1.1.3 223.1.3.27 6. 223.1.2.2 A: wired Ethernet interfaces connected by Ethernet switches 223.1.3.1 223.1.3.2 For now: don’t need to worry about how one interface is connected to another (with no A: wireless WiFi interfaces intervening router) connected by WiFi base station Network Layer: Data 4-37 Plane Subnets IP address: 223.1.1.1 subnet part - high order bits 223.1.1.2 223.1.2.1 host part - low 223.1.1.4 223.1.2.9 order bits 223.1.2.2 what’s a subnet ? 223.1.1.3 223.1.3.27 device interfaces subnet with same subnet part of IP address 223.1.3.1 223.1.3.2 can physically reach each other without intervening network consisting of 3 subnets router Network Layer: Data 4-38 Plane Subnets 223.1.1.0/24 223.1.2.0/24 223.1.1.1 recipe to determine the 223.1.1.2 223.1.2.1 subnets, detach 223.1.1.4 223.1.2.9 each interface 223.1.2.2 from its host or 223.1.1.3 223.1.3.27 router, creating subnet islands of isolated networks 223.1.3.1 223.1.3.2 each isolated network is called 223.1.3.0/24 a subnet subnet mask: /24 Network Layer: Data 4-39 Plane Subnets 223.1.1.2 how many? 223.1.1.1 223.1.1.4 223.1.1.3 223.1.9.2 223.1.7.0 223.1.9.1 223.1.7.1 223.1.8.1 223.1.8.0 223.1.2.6 223.1.3.27 223.1.2.1 223.1.2.2 223.1.3.1 223.1.3.2 Network Layer: Data 4-40 Plane IP addressing: CIDR CIDR: Classless InterDomain Routing subnet portion of address of arbitrary length address format: a.b.c.d/x, where x is # bits in subnet portion of address subnet host part part 11001000 00010111 00010000 00000000 200.23.16.0/23 Network Layer: Data 4-41 Plane Non-Routable IP addresses 10.0. 0.0 - 10.255. 255.255 (10.0. 0.0/8 prefix) 172.16. 0.0 - 172.31. 255.255 (172.16. 0.0/12 prefix) 192.168. 0.0 - 192.168. 255.255 (192.168. 0.0/16 prefix) Network Layer 4-42 IP addresses: how to get one? Q: How does a host get IP address? hard-coded by system admin in a file Windows: control-panel->network- >configuration->tcp/ip->properties UNIX: /etc/rc.config DHCP: Dynamic Host Configuration Protocol: dynamically get address from as server “plug-and-play” Network Layer: Data 4-43 Plane DHCP: Dynamic Host Configuration Protocol goal: allow host to dynamically obtain its IP address from network server when it joins network can renew its lease on address in use allows reuse of addresses (only hold address while connected/“on”) support for mobile users who want to join network (more shortly) DHCP overview: host broadcasts “DHCP discover” msg [optional] DHCP server responds with “DHCP offer” msg [optional] host requests IP address: “DHCP request” msg DHCP server sends address: “DHCP ack” msg Network Layer: Data 4-44 Plane DHCP client-server scenario DHCP 223.1.1.0/24 server 223.1.1.1 223.1.2.1 223.1.1.2 arriving DHCP 223.1.1.4 223.1.2.9 client needs address in this 223.1.3.27 223.1.2.2 network 223.1.1.3 223.1.2.0/24 223.1.3.1 223.1.3.2 223.1.3.0/24 Network Layer: Data 4-45 Plane DHCP client-server scenario DHCP server: 223.1.2.5 DHCP discover arriving client src : 0.0.0.0, 68 Broadcast: is there a dest.: 255.255.255.255,67 DHCP server yiaddr: 0.0.0.0out transaction there? ID: 654 DHCP offer src: 223.1.2.5, 67 Broadcast: I’m a DHCP dest: 255.255.255.255, 68 server! Here’s an IP yiaddrr: 223.1.2.4 transaction address youID:can 654 use lifetime: 3600 secs DHCP request src: 0.0.0.0, 68 dest:: 255.255.255.255, 67 Broadcast: OK. I’ll yiaddrr: 223.1.2.4 take that IPID:address! transaction 655 lifetime: 3600 secs DHCP ACK src: 223.1.2.5, 67 dest: 255.255.255.255, Broadcast: 68 OK. You’ve yiaddrr: 223.1.2.4 gottransaction that IPID:address! 655 lifetime: 3600 secs Network Layer: Data 4-46 Plane DHCP: more than IP addresses DHCP can return more than just allocated IP address on subnet: address of first-hop router for client name and IP address of DNS sever network mask (indicating network versus host portion of address) Network Layer: Data 4-47 Plane DHCP: example DHCP DHCP connecting laptop DHCP UDP needs its IP address, DHCP IP DHCP Eth addr of first-hop Phy router, addr of DNS DHCP server: use DHCP DHCP request encapsulated in UDP, DHCP DHCP 168.1.1.1 encapsulated in IP, DHCP UDP encapsulated in 802.1 DHCP IP Ethernet frame DHCP Eth router with DHCP Phy server built into broadcast (dest: router FFFFFFFFFFFF) on LAN, received at router running DHCP Ethernet server demuxed to IP demuxed, UDP demuxed to DHCP Network Layer: Data 4-48 Plane DHCP: example DHCP DHCP DCP server DHCP UDP formulates DHCP DHCP IP ACK containing DHCP Eth client’s IP address, IP Phy address of first-hop router for client, name & IP address encapsulation of of DHCP DHCP DNS server DHCP server, frame DHCP UDP forwarded to client, DHCP IP demuxing up to DHCP Eth router with DHCP DHCP at client DHCP Phy server built into client now knows its router IP address, name and IP address of DSN server, IP address of its first- hop router Network Layer: Data 4-49 Plane DHCP: Wireshark Message type: Boot Reply (2) reply output (home Hardware type: Ethernet Hardware address length: 6 Hops: 0 LAN) Transaction ID: 0x6b3a11b7 Seconds elapsed: 0 Bootp flags: 0x0000 (Unicast) Message type: Boot Request (1) Hardware type: Ethernet Client IP address: 192.168.1.101 (192.168.1.101) Hardware address length: 6 Your (client) IP address: 0.0.0.0 (0.0.0.0) Hops: 0 Transaction ID: 0x6b3a11b7 request Next server IP address: 192.168.1.1 (192.168.1.1) Relay agent IP address: 0.0.0.0 (0.0.0.0) Seconds elapsed: 0 Client MAC address: Wistron_23:68:8a (00:16:d3:23:68:8a) Bootp flags: 0x0000 (Unicast) Server host name not given Client IP address: 0.0.0.0 (0.0.0.0) Boot file name not given Your (client) IP address: 0.0.0.0 (0.0.0.0) Magic cookie: (OK) Next server IP address: 0.0.0.0 (0.0.0.0) Option: (t=53,l=1) DHCP Message Type = DHCP ACK Relay agent IP address: 0.0.0.0 (0.0.0.0) Option: (t=54,l=4) Server Identifier = 192.168.1.1 Client MAC address: Wistron_23:68:8a (00:16:d3:23:68:8a) Option: (t=1,l=4) Subnet Mask = 255.255.255.0 Server host name not given Option: (t=3,l=4) Router = 192.168.1.1 Boot file name not given Option: (6) Domain Name Server Magic cookie: (OK) Length: 12; Value: 445747E2445749F244574092; Option: (t=53,l=1) DHCP Message Type = DHCP Request IP Address: 68.87.71.226; Option: (61) Client identifier IP Address: 68.87.73.242; Length: 7; Value: 010016D323688A; IP Address: 68.87.64.146 Hardware type: Ethernet Option: (t=15,l=20) Domain Name = "hsd1.ma.comcast.net." Client MAC address: Wistron_23:68:8a (00:16:d3:23:68:8a) Option: (t=50,l=4) Requested IP Address = 192.168.1.101 Option: (t=12,l=5) Host Name = "nomad" Option: (55) Parameter Request List Length: 11; Value: 010F03062C2E2F1F21F92B 1 = Subnet Mask; 15 = Domain Name 3 = Router; 6 = Domain Name Server 44 = NetBIOS over TCP/IP Name Server …… Network Layer: Data 4-50 Plane IP addresses: how to get one? Q: how does network get subnet part of IP addr? A: gets allocated portion of its provider ISP’s address space ISP's block 11001000 00010111 00010000 00000000 200.23.16.0/20 Organization 0 11001000 00010111 00010000 00000000 200.23.16.0/23 Organization 1 11001000 00010111 00010010 00000000 200.23.18.0/23 Organization 2 11001000 00010111 00010100 00000000 200.23.20.0/23... ….. …. …. Organization 7 11001000 00010111 00011110 00000000 200.23.30.0/23 Network Layer: Data 4-51 Plane Hierarchical addressing: route aggregation erarchical addressing allows efficient advertisement of routin formation: Organization 0 200.23.16.0/23 Organization 1 “Send me anything 200.23.18.0/23 with addresses Organization 2 beginning 200.23.20.0/23. Fly-By-Night-ISP 200.23.16.0/20”... Internet. Organization 7. 200.23.30.0/23 “Send me anything ISPs-R-Us with addresses beginning 199.31.0.0/16” Network Layer: Data 4-52 Plane Hierarchical addressing: more specific routes ISPs-R-Us has a more specific route to Organization 1 Organization 0 200.23.16.0/23 “Send me anything with addresses Organization 2 beginning 200.23.20.0/23. Fly-By-Night-ISP 200.23.16.0/20”... Internet. Organization 7. 200.23.30.0/23 “Send me anything ISPs-R-Us with addresses Organization 1 beginning 199.31.0.0/16 or 200.23.18.0/23” 200.23.18.0/23 Network Layer: Data 4-53 Plane IP addressing: the last word... Q: how does an ISP get block of addresses? A: ICANN: Internet Corporation for Assigned Names and Numbers http://www.icann.org/ allocates addresses manages DNS assigns domain names, resolves disputes Network Layer: Data 4-54 Plane NAT: network address translation rest of local network Internet (e.g., home network) 10.0.0/24 10.0.0.1 10.0.0.4 10.0.0.2 138.76.29.7 10.0.0.3 all datagrams leaving datagrams with source or local destination in this network network have same have 10.0.0/24 address for single source NAT IP source, destination (as usual) address: 138.76.29.7,different Network Layer: Data 4-55 Plane NAT: network address translation motivation: local network uses just one IP address as far as outside world is concerned: range of addresses not needed from ISP: just one IP address for all devices can change addresses of devices in local network without notifying outside world can change ISP without changing addresses of devices in local network devices inside local net not explicitly addressable, visible by outside world (a security plus) Network Layer: Data 4-56 Plane NAT: network address translation implementation: NAT router must: outgoing datagrams: replace (source IP address, port #) of every outgoing datagram to (NAT IP address, new port #)... remote clients/servers will respond using (NAT IP address, new port #) as destination addr remember (in NAT translation table) every (source IP address, port #) to (NAT IP address, new port #) translation pair incoming datagrams: replace (NAT IP address, new port #) in dest fields of every incoming datagram with corresponding (source IP address, port #) stored in NAT table Network Layer: Data 4-57 Plane NAT: network address translation NAT translation table 1: host 10.0.0.1 2: NAT router WAN side addr LAN side addr changes datagram sends datagram to source addr from 138.76.29.7, 5001 10.0.0.1, 3345 128.119.40.186, 80 10.0.0.1, 3345 to …… …… 138.76.29.7, 5001, updates table S: 10.0.0.1, 3345 D: 128.119.40.186, 80 10.0.0.1 1 S: 138.76.29.7, 5001 2 D: 128.119.40.186, 80 10.0.0.4 10.0.0.2 138.76.29.7 S: 128.119.40.186, 80 D: 10.0.0.1, 3345 4 S: 128.119.40.186, 80 D: 138.76.29.7, 5001 3 10.0.0.3 4: NAT router 3: reply arrives changes datagram dest. address: dest addr from 138.76.29.7, 5001 138.76.29.7, 5001 to 10.0.0.1, 3345 * Check out the online interactive exercises for more examples: http://gaia.cs.umass.edu/kurose_ross/interactive/ Network Layer: Data 4-58 Plane NAT: network address translation 16-bit port-number field: 60,000 simultaneous connections with a single LAN-side address! NAT is controversial: routers should only process up to layer 3 address shortage should be solved by IPv6 violates end-to-end argument NAT possibility must be taken into account by app designers, e.g., P2P applications NAT traversal: what if client wants Networkto Layer: Data 4-59 Plane Chapter 4: outline 4.4 Generalized 4.1 Overview of Forward and SDN match layer Network data actionplane control OpenFlowplane examples of match-plus-action in 4.2 What’s action inside a router 4.3 IP: Internet Protocol datagram format fragmentation IPv4 addressing network address translation IPv6 Network Layer: Data 4-60 Plane IPv6: motivation initial motivation: 32-bit address space soon to be completely allocated. additional motivation: header format helps speed processing/forwarding header changes to facilitate QoS IPv6 datagram format: fixed-length 40 byte header no fragmentation allowed Network Layer: Data 4-61 Plane IPv6 datagram format riority: identify priority among datagrams in flow ow Label: identify datagrams in same “flow.” (concept of“flow” not well defined). ext header: identify upper layer protocol for data ver pri flow label payload len next hdr hop limit source address (128 bits) destination address (128 bits) data 32 bits Network Layer: Data 4-62 Plane Other changes from IPv4 checksum: removed entirely to reduce processing time at each hop options: allowed, but outside of header, indicated by “Next Header” field ICMPv6: new version of ICMP additional message types, e.g. “Packet Too Big” multicast group management functions Network Layer: Data 4-63 Plane Transition from IPv4 to IPv6 not all routers can be upgraded simultaneously no “flag days” how will network operate with mixed IPv4 and IPv6 routers? tunneling: IPv6 datagram carried as payload in IPv4 datagram among IPv4 routers IPv4 header fields IPv6 header fields IPv4 payload IPv4 source, dest addr IPv6 source dest addr UDP/TCP payload IPv6 datagram IPv4 datagram Network Layer: Data 4-64 Plane Tunneling A B IPv4 tunnel E F connecting IPv6 routers logical view: IPv6 IPv6 IPv6 IPv6 A B C D E F physical view: IPv6 IPv6 IPv4 IPv4 IPv6 IPv6 Network Layer: Data 4-65 Plane Tunneling A B IPv4 tunnel E F connecting IPv6 routers logical view: IPv6 IPv6 IPv6 IPv6 A B C D E F physical view: IPv6 IPv6 IPv4 IPv4 IPv6 IPv6 flow: X src:B src:B flow: X src: A dest: E src: A dest: F dest: E dest: F Flow: X Flow: X Src: A Src: A data Dest: F Dest: F data data data A-to-B: E-to-F: IPv6 B-to-C: B-to-C: IPv6 IPv6 inside IPv6 inside IPv4 IPv4 Network Layer: Data 4-66 Plane IPv6: adoption Google: 8% of clients access services via IPv6 NIST: 1/3 of all US government domains are IPv6 capable Long (long!) time for deployment, use 20 years and counting! think of application-level changes in last 20 years: WWW, Facebook, streaming media, Skype, … Why? Network Layer: Data 4-67 Plane Chapter 4: outline 4.4 Generalized 4.1 Overview of Forward and SDN match layer Network data actionplane control OpenFlowplane examples of match-plus-action in 4.2 What’s action inside a router 4.3 IP: Internet Protocol datagram format fragmentation IPv4 addressing network address translation IPv6 Network Layer: Data 4-68 Plane Generalized Forwarding and SDN Each router contains a flow table that is computed and distributed by a logically centralized routing controller logically-centralized routing controller control plane data plane local flow table headers counters actions 1 0100 1101 3 2 values in arriving packet’s header Network Layer: Data 4-69 Plane OpenFlow data plane abstraction flow: defined by header fields generalized forwarding: simple packet- handling rules Pattern: match values in packet header fields Actions: for matched packet: drop, forward, modify, matched packet or send matched packet to controller Priority: disambiguate overlapping patterns Counters: #bytes and #packets Flow table in a router (computed and distributed by controller) define router’s match+action rules Network Layer: Data 4-70 Plane OpenFlow data plane abstraction flow: defined by header fields generalized forwarding: simple packet- handling rules Pattern: match values in packet header fields Actions: for matched packet: drop, forward, modify, matched packet or send matched packet to controller Priority: disambiguate overlapping patterns Counters: #bytes and #packets * : wildcard 1. src=1.2.*.*, dest=3.4.5.* drop 2. src = *.*.*.*, dest=3.4.*.* forward(2) OpenFlow: Flow Table Entries Rule Action Stats Packet + byte counters 1. Forward packet to port(s) 2. Encapsulate and forward to controller 3. Drop packet 4. Send to normal processing pipeline 5. Modify Fields Switch VLAN MAC MAC Eth IP IP IP TCP TCP Port ID src dst type Src Dst Prot sport dport Link layer Network layer Transport layer Example s Destination-based forwarding: Switc MAC MAC Eth VLAN IP IP IP TCP TCP h Action src dst type ID Src Dst Prot sport dport Port 51.6.0. * * * * * * 8 * * * port6 IP datagrams destined to IP address 51.6.0.8 should be forwarded to router Firewall: output port 6 Switc MAC MAC Eth VLAN IP IP IP TCP TCP Forwar h src dst type ID Src Dst Prot sport dport d Port * * * * * * * * * 22 drop do not forward (block) all datagrams destined to TCP port 22 Switc MAC MAC Eth VLAN IP IP IP TCP TCP Forwar h src dst type ID Src Dst Prot sport dport d Port * * * 128.119.1 drop * do not forward (block)* all datagrams * * * *.1 sent by host 128.119.1.1 Example s Destination-based layer 2 (switch) forwarding: Switc MAC MAC Eth VLAN IP IP IP TCP TCP h Action src dst type ID Src Dst Prot sport dport Port 22:A7:23 * : * * * * * * * * port3 11:E1:02 layer 2 frames from MAC address 22:A7:23:11:E1:02 should be forwarded to output port 6 Network Layer: Data 4-74 Plane OpenFlow abstraction match+action: unifies different kinds of devices Router Firewall match: longest match: IP destination IP addresses and prefix TCP/UDP port action: forward numbers out a link action: permit or Switch deny match: NAT destination MAC match: IP address address and port action: forward action: rewrite or flood address and port Network Layer: Data 4-75 Plane OpenFlow exampleExample: datagrams from hosts h5 and h6 should be sent to h3 or h4, via s1 match action and from there to s2 IP Src = 10.3.*.* Host h6 forward(3) IP Dst = 10.2.*.* 10.3.0.6 1 s3 controller 2 3 4 Host h5 10.3.0.5 1 s1 1 s2 2 Host h4 4 2 4 Host h1 10.2.0.4 3 3 10.1.0.1 Host h2 10.1.0.2 match action match action Host h3 ingress port = 2 10.2.0.3 forward(3) ingress port = 1 IP Dst = 10.2.0.3 IP Src = 10.3.*.* forward(4) ingress port = 2 forward(4) IP Dst = 10.2.*.* IP Dst = 10.2.0.4 Chapter 4: done! 4.1 Overview of 4.4 Generalized Network layer: data Forward and SDN plane and control match plus action plane OpenFlow example 4.2 What’s inside a router 4.3 IP: Internet Protocol datagram format Question: how do fragmentation forwarding tables (destination-based IPv4 addressing forwarding) or flow tables NAT (generalized forwarding) IPv6 computed? Answer: by the control plane (next chapter) Network Layer: Data 4-77 Plane
