Document Details

WellManneredIntegral4531

Uploaded by WellManneredIntegral4531

Alexandria University

2024

Dr. Sahar M. Ghanem

Tags

computer networks network layer data plane computer science

Summary

This document is a lecture on computer networks, specifically the network layer. Prof. Dr. Sahar M. Ghanem explains the concepts of data plane, forwarding, routing, and IPv4/IPv6, in a 2024 lecture.

Full Transcript

Computer Networks Network Layer: The Data Plane Prof. Dr. Sahar M. Ghanem Associate Professor Computer and Systems Engineering Department Faculty of Engineering, Alexandria University Outline Overview of Network Layer What’s Inside a Router? The Internet...

Computer Networks Network Layer: The Data Plane Prof. Dr. Sahar M. Ghanem Associate Professor Computer and Systems Engineering Department Faculty of Engineering, Alexandria University Outline Overview of Network Layer What’s Inside a Router? The Internet Protocol (IP) Generalized Forwarding and SDN Middleboxes Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 2 The Network Layer There is a piece of the network layer in each and every host and router in the network. The network layer can be decomposed into two interacting parts, the data plane and the control plane. Forwarding: the primary data-plane role of each router is to forward datagrams from its input links to its output links. Routing: the primary role of the network control plane is to coordinate these local, per-router forwarding actions so that datagrams are ultimately transferred end-to-end, along paths of routers between source and destination hosts. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 3 Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 4 Forwarding and Routing (1/3) Forwarding refers to the router-local action of transferring a packet from an input link interface to the appropriate output link interface. typically takes a few nanoseconds and is typically implemented in hardware Routing refers to the network-wide process that determines the end- to-end paths that packets take from source to destination. typically takes seconds and is often implemented in software A router forwards a packet by examining the value of one or more fields in the arriving packet’s header, and then using these header values to index into its forwarding table. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 5 Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 6 Forwarding and Routing (2/3) The routing algorithm determines the contents of the routers’ forwarding table. Traditionally, each router having a routing component that communicates with the routing component of other routers. An alternative approach in which a physically separate, remote controller computes and distributes the forwarding tables to be used by each and every router. The remote controller might be implemented in a remote data center with high reliability and redundancy, and might be managed by the ISP or some third party. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 7 Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 8 Forwarding and Routing (3/3) The control-plane approach is at the heart of software-defined networking (SDN), where the network is “software-defined” because the controller that computes forwarding tables and interacts with routers is implemented in software. These software implementations are also open and the code is publically available. The terms forwarding and switching are often used interchangeably by computer-networking researchers and practitioners. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 9 Network Service Model The network service model defines the characteristics of end-to-end delivery of packets between sending and receiving hosts. Some possible services: Guaranteed delivery; Guaranteed delivery with bounded delay; In-order packet delivery; Guaranteed minimal bandwidth; Security. The Internet’s network layer provides a single service, known as best- effort service. No guarantee on in-order delivery of packets and even the delivery is not guaranteed. In addition, no guarantee on the end- to-end delay and there is no minimal bandwidth guarantee. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 10 What’s Inside a Router? Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 11 Router Components The term “port” here is referring to the physical input and output router interfaces. The number of ports supported by a router can range from a relatively small number in enterprise routers, to hundreds of 10 Gbps ports in a router at an ISP’s edge. Four router components can be identified: Input ports Switching fabric: connects the router’s input ports to its output ports Output ports Routing processor Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 12 Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 13 The Internet Protocol (IP) Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 14 The Internet Protocol IPv4 Datagram Format IPv4 Addressing & DHCP Network Address Translation (NAT) IPv6 Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 15 IPv4 Datagram Format (1/3) The Internet’s network-layer packet is referred to as a datagram. The key fields in the IPv4 datagram are: Version number Header length Type of service Datagram length Identifier, flags, fragmentation offset Time-to-live Protocol Header checksum Source and destination IP addresses Options Data (payload) Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 16 Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 17 IPv4 Datagram Format (2/3) Header length is 4 bits and is needed to determine where in the IP datagram the payload actually begins (if no options, the header is 20-bytes). Type of service (TOS) is to allow different types of IP datagrams to be distinguished (a policy determined and configured by the network administrator). Two of the TOS bits are used for Explicit Congestion Notification. Datagram length is 16 bits (the theoretical maximum size is 65,535 bytes). Datagrams are rarely larger than 1,500 bytes to fit in the payload field of a maximally sized Ethernet frame. Identifier, flags, fragmentation offset. These three fields are for IP fragmentation, when a large IP datagram is broken into several smaller IP datagrams which are then forwarded independently and are reassembled at the destination. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 18 IPv4 Datagram Format (3/3) Time-to-live field (TTL) is decremented by one each time the datagram is processed by a router. If the TTL field reaches 0, a router must drop that datagram. The protocol number in the IP datagram has a role that is analogous to the role of the port number field in the transport-layer segment The header checksum is computed by treating each 2 bytes in the header as a number and summing these numbers using 1s complement arithmetic. Routers typically discard datagrams for which an error has been detected. Must be recomputed and stored again at each router, since the TTL field, and possibly the options field as well, will change. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 19 IPv4 Addressing (1/6) A host typically has only a single link into the network. The boundary between the host and the physical link is called an interface. A router necessarily has two or more links. A router thus has multiple interfaces, one for each of its links. An IP address is associated with an interface, rather than with the host or router containing that interface. Each IP address is 32 bits long (4 bytes), and there are thus a total of 2^32 (approximately 4 billion) possible IP addresses that are typically written in dotted-decimal notation. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 20 IPv4 Addressing (2/6) Each interface on every host and router in the global Internet must have an IP address that is globally unique except for interfaces behind NATs. A portion of an interface’s IP address will be determined by the subnet to which it is connected. IP addressing assigns an address to a subnet, for example 223.1.1.0/24, where the /24 (“slash-24”) notation, sometimes known as a subnet mask, indicates that the leftmost 24 bits of the 32-bit quantity define the subnet address. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 21 Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 22 Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 23 IPv4 Addressing (3/6) The Internet’s address assignment strategy is known as Classless Interdomain Routing (CIDR). As with subnet addressing, the 32-bit IP address is divided into two parts that has the form 𝒂. 𝒃. 𝒄. 𝒅/𝒙, where 𝒙 indicates the number of bits in the first part of the address. The 𝒙 most significant bits of an address constitute the network portion of the IP address, and are referred to as the prefix of the address. The lower-order bits may (or may not) have an additional subnetting structure. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 24 IPv4 Addressing (4/6) When a router outside the organization forwards a datagram whose destination address is inside the organization, only the leading 𝒙 bits of the address need be considered. This considerably reduces the size of the forwarding table in these routers. The remaining 𝟑𝟐 − 𝒙 bits of an address distinguishes among the devices within the organization and will be considered when forwarding packets at routers within the organization. The ability to use a single prefix to advertise multiple networks is often referred to as address aggregation (or route summarization). 255.255.255.255 is the broadcast address. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 25 Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 26 IPv4 Addressing (5/6) Example What if organization 1 connect to the Internet through its subsidiary ISPs- R-Us instead of Fly-By-Night-ISP? The solution is for Organization 1 to keep its IP addresses in 200.23.18.0/23. ISPs-R-Us now also advertises the block of addresses for Organization 1, 200.23.18.0/23. Routers in the larger Internet see the address blocks 200.23.16.0/20 (from Fly-By-Night-ISP) and 200.23.18.0/23 (from ISPs- R-Us) and route to an address in the block 200.23.18.0/23 using longest prefix matching to route toward ISPs-R-Us. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 27 Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 28 IPv4 Addressing (6/6) Before CIDR was adopted, the network portions of an IP address were constrained to be 8, 16, or 24 bits in length. This addressing scheme known as classful addressing since subnets with 8-, 16-, and 24-bit subnet addresses were known as class A, B, and C networks, respectively. The requirement that the subnet portion of an IP address be exactly 1, 2, or 3 bytes long turned out to be problematic for supporting the rapidly growing number of organizations with small and medium- sized subnets (class C is too small and class B is too large). Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 29 Obtaining a Block of Addresses IP addresses are managed under the authority of the Internet Corporation for Assigned Names and Numbers (ICANN). The role of the nonprofit ICANN organization is not only to allocate IP addresses, but also to manage the DNS root servers. A network administrator contacts its ISP, which would provide addresses from a larger block of addresses that had already been allocated to the ISP. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 30 DHCP (1/4) A system administrator will typically manually configure the IP addresses into the router. Host addresses can also be configured manually, but typically this is done using the Dynamic Host Configuration Protocol (DHCP). A network administrator can configure DHCP so that a given host receives the same IP address each time it connects to the network, or a host may be assigned a temporary IP address that will be different each time the host connects to the network. DHCP also allows a host to learn additional information, such as its subnet mask, the address of its first-hop router (often called the default gateway), and the address of its local DNS server. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 31 DHCP (2/4) DHCP is often referred to as a plug-and-play or zeroconf (zero- configuration) protocol and is a client-server protocol. A client is a newly arriving host wanting to obtain network configuration information, including an IP address for itself. Each subnet should have a DHCP server. If no server is present on the subnet, a DHCP relay agent (typically a router) that knows the address of a DHCP server for that network is needed. The DHCP protocol is a four-step process: DHCP server discovery; DHCP server offer(s); DHCP request; DHCP ACK. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 32 Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 33 Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 34 DHCP (3/4) To find a DHCP server the client sends a DHCP discover message (a UDP packet) to port 67 along with the broadcast destination IP address of 255.255.255.255 and a source IP address of 0.0.0.0. Several DHCP servers can be present on the subnet. Each server responds to the client with a DHCP offer message that is broadcast to all nodes on the subnet. The message contains the transaction ID of the received discover message, the proposed IP address for the client, the network mask, and an IP address lease time (several hours or days). The client will choose an offer and respond with a DHCP request message, echoing back the configuration parameters. The server responds with a DHCP ACK message. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 35 DHCP (4/4) DHCP also provides a mechanism that allows a client to renew its lease on an IP address. Since a new IP address is obtained from DHCP each time a node connects to a new subnet, a TCP connection to a remote application cannot be maintained as a mobile node moves between subnets. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 36 NAT (1/3) With the proliferation of small office, home office (SOHO) subnets, this would seem to imply that a range of addresses would need to be allocated by the ISP to cover all of the SOHO’s IP devices. A simple approach to address such allocation is network address translation (NAT). The NAT-enabled router, residing in the home, has an interface that is part of the home network. The NAT router behaves to the outside world as a single device with a single IP address. The router gets its address from the ISP’s DHCP server, and the router runs a DHCP server to provide addresses to computers within the NAT-DHCP- router-controlled home network’s address space. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 37 Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 38 NAT (2/3) Example Suppose a user sitting in a home network behind host 10.0.0.1 requests a Web page on some Web server (port 80) with IP address 128.119.40.186 and assigns the arbitrary source port number 3345. The NAT router receives the datagram, generates a new source port number 5001, replaces the source IP address with its WAN-side IP address 138.76.29.7, and replaces the original source port number. The NAT router selects any source port number that is not currently in the NAT translation table. The port number field is 16 bits long, the NAT protocol can support over 60,000 simultaneous connections with a single WAN-side IP address for the router! Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 39 NAT (3/3) Port numbers are meant to be used for addressing processes, not for addressing hosts. This violation can indeed cause problems for servers running on the home network. Solution in NAT traversal tools! Routers are meant to be layer 3 devices, and should process packets only up to the network layer. NAT violates this principle that hosts should be talking directly with each other, without interfering nodes modifying IP addresses, much less port numbers. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 40 IPv6 (1/2) In the early 1990s, a prime motivation for IPv6 effort was the realization that the 32-bit IPv4 address space was beginning to be used up. The designers of IPv6 also took this opportunity to tweak and augment other aspects of IPv4, based on the accumulated operational experience with IPv4. Considerable time would be needed to deploy a new technology on such an extensive scale! IPv6 most important changes: expanded addressing capabilities, A streamlined 40-byte header, and flow labeling. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 41 IPv6 (2/2) IPv6 increases the size of the IP address from 32 to 128 bits. In addition to unicast and multicast addresses, IPv6 has introduced an anycast address (a datagram to be delivered to any one of a group of hosts). A number of IPv4 fields have been dropped or made optional. The resulting 40-byte fixed-length header allows for faster processing of the IP datagram by a router. IPv6 has a definition of a flow that allows labeling of packets belonging to particular flows by the sender. The designers of IPv6 foresaw the eventual need to be able to differentiate among the flows. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 42 Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 43 IPv6 Message Format (1/2) Version: 4-bit field Traffic class: 8-bit traffic class field (e.g. VoIP, SMTP, …) Flow label: 20-bit field Payload length: 16-bit value (fixed-length, 40-byte datagram header) Next header: the same values as the protocol field in the IPv4 header Hop limit: decremented by one by each router Source and destination addresses: 128-bit address Data Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 44 IPv6 Message Format (2/2) Fields appearing in the IPv4 that are no longer present in IPv6 Fragmentation/reassembly: If an IPv6 datagram received by a router is too large to be forwarded over the outgoing link, the router drops the datagram and sends a “Packet Too Big” ICMP error message back to the sender. This considerably speeds up IP forwarding. Header checksum: This functionality was redundant and it needed to be recomputed at every router. It was a costly operation. Options: The options field is one of the possible next headers pointed to from within the IPv6 header. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 45 Transitioning from IPv4 to IPv6 (1/2) One option would be to declare a flag day—a given time and date when all Internet machines would be turned off and upgraded from IPv4 to IPv6. A flag day involving billions of devices is even more unthinkable today. A widely adopted solution in practice involves tunneling. Suppose two IPv6 nodes want to interoperate using IPv6 datagrams but are connected to each other by intervening IPv4 routers. The IPv6 node on the sending side of the tunnel takes the entire IPv6 datagram and puts it in the data (payload) field of an IPv4 datagram. This IPv4 datagram is then addressed to the IPv6 node on the receiving side of the tunnel. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 46 Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 47 Transitioning from IPv4 to IPv6 (2/2) The adoption of IPv6 was initially slow to take off. NIST reports that more than a third of US government second-level domains are IPv6-enabled. Google reports that about 25 percent of the clients accessing Google services do so via IPv6 Other recent measurements indicate that IPv6 adoption has been accelerating. It is enormously difficult to change network-layer protocols! Introducing new application layer protocols is relatively easy. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 48 Generalized Forwarding and SDN Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 49 Packet Switches Destination-based forwarding is two steps of looking up a destination IP address (“match”), then sending the packet into the switching fabric to the specified output port (“action”). More general “match-plus-action” paradigm: A “match” can be made over multiple header fields associated with different protocols at different layers in the protocol stack. The “action” can include forwarding the packet to one or more output ports, load balancing packets across multiple outgoing interfaces, rewriting header values, blocking/dropping a packet, sending a packet to a special server for further processing and action, … Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 50 Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 51 Open-Flow (1/2) Generalized match-plus-action capabilities are implemented via a remote controller that computes, installs, and updates these tables. Open-Flow is a highly visible standard that has pioneered the notion of the match-plus-action forwarding abstraction and controllers, as well as the SDN (Software Defined Network) revolution. Each entry in the match-plus-action forwarding table, known as a flow table in OpenFlow, includes a set of header field values to which an incoming packet will be matched a set of counters that are updated as packets are matched to flow table entries a set of actions to be taken Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 52 Open-Flow (2/2) The network-wide collection of per-packet switch matching rules can be used to implement a wide range of functions including routing, layer-2 switching, firewalling, load-balancing, virtual networks, and more The flow table is essentially an API, the abstraction through which an individual packet switch’s behavior can be programmed. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 53 Match OpenFlow’s match abstraction allows for a match to be made on selected fields from three layers of protocol headers. OpenFlow-enabled device can equally perform as a router (layer-3 device) forwarding datagrams as well as a switch (layer-2 device) forwarding frames. The set of 12 values that can be matched in the OpenFlow 1.0 specification has grown to 41 values in more recent OpenFlow specifications. The ingress port refers to the input port at the packet switch on which a packet is received. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 54 Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 55 Action Among the most important possible actions are: Forwarding to a particular physical output port, broadcast over all ports or multicast over a selected set of ports. The packet may be encapsulated or installs new flow table entries. Dropping Modify-field: the values in 10 packet-header fields (except the IP Protocol field) may be re-written. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 56 Open-Flow Examples Simple Forwarding Load Balancing Firewalling Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 57 Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 58 Example: Simple Forwarding packets from h5 or h6 destined to h3 or h4 are to be forwarded from s3 to s1, and then from s1 to s2 avoiding the use of the link between s3 and s2 Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 59 Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 60 Example: Load Balancing datagrams from h3 destined to 10.1.*.* are to be forwarded over the direct link between s2 and s1 datagrams from h4 destined to 10.1.*.* are to be forwarded over the link between s2 and s3 (and then from s3 to s1) Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 61 Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 62 Example: Firewalling s2 wants only to receive (on any of its interfaces) traffic sent from hosts attached to s3 no other entries in s2’s flow table Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 63 Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 64 P4 P4 (Programming Protocol-independent Packet Processors) has gained considerable interest since its introduction in 2014. P4 is a programming language with higher-level constructs specifically designed for datagram processing at line rate. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 65 Middle boxes Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 66 Middle boxes (1/3) Definition: Any intermediary box performing functions apart from normal, standard functions of an IP router on the data path between a source host and destination host. Services: NAT Translation Security Services: Firewalls, Intrusion Detection Systems, and e-mail filters Performance Enhancement: compression, content caching, and load balancing Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 67 Middle boxes (2/3) Network Function Virtualization (NFV): the use of commodity hardware (networking, computing, and storage) with specialized software built on top of a common software stack to implement the services. Similar to the approach taken in SDN a decade earlier Other alternative is to outsource middlebox functionality to the cloud. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 68 Middle boxes (3/3) The simplicity of the IP protocol, and the fact that it is the only universal requirement for Internet connectivity has allowed a rich variety of networks. End-to-end argument: Internet has always had smart endpoints (programmable computers), enabling complex functionality to be placed at those endpoints. For many years, the Internet architecture had a clear separation between the network layer and the transport/application layers. Today’s middleboxes clearly violate this separation. IP hourglass: while the Internet has many protocols in the physical, link, transport, and application layers, there is only one network layer protocol—the IP protocol. Its “narrow waist” may indeed be widening a bit via the rise of middleboxes. Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 69 Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 70 Summary Overview of Network Layer What’s Inside a Router? IPv4 Datagram Format IPv4 Addressing & DHCP Network Address Translation (NAT) IPv6 Generalized Forwarding and SDN Middleboxes Computer Networks, 2024 (c) Dr. Sahar M. Ghanem 71

Use Quizgecko on...
Browser
Browser