Week6[1].pdf
Document Details
Uploaded by SilentSeries
2020
Tags
Related
Full Transcript
Chapter 4 Network Layer: Data Plane Computer Networking: A Top-Down Approach 8th edition Jim Kurose, Keith Ross Pearson, 2020 Network layer: “data plane” roadmap ▪ Network layer: overview data plane contro...
Chapter 4 Network Layer: Data Plane Computer Networking: A Top-Down Approach 8th edition Jim Kurose, Keith Ross Pearson, 2020 Network layer: “data plane” roadmap ▪ Network layer: overview data plane control plane ▪ What’s inside a router input ports, switching, output ports buffer management, scheduling ▪ IP: the Internet Protocol ▪ Generalized Forwarding, SDN datagram format match+action addressing OpenFlow: match+action in action network address translation ▪ Middleboxes IPv6 Network Layer: 4-2 Network Layer: Internet host, router network layer functions: transport layer: TCP, UDP Path-selection IP protocol datagram format algorithms: addressing network implemented in packet handling conventions routing protocols forwarding layer (OSPF, BGP) table ICMP protocol SDN controller error reporting router “signaling” link layer physical layer Network Layer: 4-3 IP Datagram format 32 bits IP protocol version number total datagram ver head. type of length length (bytes) header length(bytes) len service fragment fragmentation/ “type” of service: 16-bit identifier flgs ▪ diffserv (0:5) offset reassembly time to upper header ▪ ECN (6:7) header checksum live layer checksum TTL: remaining max hops source IP address 32-bit source IP address (decremented at each router) Maximum length: 64K bytes destination IP address 32-bit destination IP address upper layer protocol (e.g., TCP or UDP) Typically: 1500 bytes or less options (if any) e.g., timestamp, record overhead route taken ▪ 20 bytes of TCP payload data ▪ 20 bytes of IP (variable length, ▪ = 40 bytes + app typically a TCP layer overhead for or UDP segment) TCP+IP Network Layer: 4-4 IP addressing: introduction 223.1.1.1 ▪ IP address: 32-bit identifier 223.1.2.1 associated with each host or 223.1.1.2 router interface 223.1.1.4 223.1.2.9 ▪ interface: connection between 223.1.1.3 223.1.3.27 host/router and physical link 223.1.2.2 router’s typically have multiple interfaces 223.1.3.1 223.1.3.2 host typically has one or two interfaces (e.g., wired Ethernet, wireless 802.11) dotted-decimal IP address notation: 223.1.1.1 = 11011111 00000001 00000001 00000001 223 1 1 1 Network Layer: 4-5 IP addressing: introduction 223.1.1.1 ▪ IP address: 32-bit identifier 223.1.2.1 associated with each host or 223.1.1.2 router interface 223.1.1.4 223.1.2.9 ▪ interface: connection between 223.1.1.3 223.1.3.27 host/router and physical link 223.1.2.2 router’s typically have multiple interfaces 223.1.3.1 223.1.3.2 host typically has one or two interfaces (e.g., wired Ethernet, wireless 802.11) dotted-decimal IP address notation: 223.1.1.1 = 11011111 00000001 00000001 00000001 223 1 1 1 Network Layer: 4-6 IP addressing: introduction 223.1.1.1 Q: how are interfaces 223.1.2.1 actually connected? 223.1.1.2 223.1.1.4 223.1.2.9 A: we’ll learn about A: wired that in chapters 6, 7 Ethernet interfaces connected by 223.1.1.3 223.1.3.27 223.1.2.2 Ethernet switches 223.1.3.1 223.1.3.2 For now: don’t need to worry about how one interface is connected to another (with no intervening router) A: wireless WiFi interfaces connected by WiFi base station Network Layer: 4-7 Subnets 223.1.1.1 ▪ What’s a subnet ? 223.1.2.1 device interfaces that can 223.1.1.2 223.1.1.4 223.1.2.9 physically reach each other without passing through an 223.1.1.3 223.1.3.27 intervening router 223.1.2.2 ▪ IP addresses have structure: subnet part: devices in same subnet 223.1.3.1 223.1.3.2 have common high order bits host part: remaining low order bits network consisting of 3 subnets Network Layer: 4-8 Subnets subnet 223.1.1.0/24 223.1.1.1 subnet 223.1.2.0/24 Recipe for defining subnets: 223.1.2.1 ▪detach each interface from its 223.1.1.2 223.1.1.4 223.1.2.9 host or router, creating “islands” of isolated networks 223.1.1.3 223.1.3.27 223.1.2.2 ▪each isolated network is subnet called a subnet 223.1.3.0/24 223.1.3.1 223.1.3.2 subnet mask: /24 (high-order 24 bits: subnet part of IP address) Network Layer: 4-9 Subnets 223.1.1.2 subnet 223.1.1/24 223.1.1.1 ▪ where are the 223.1.1.4 subnets? 223.1.1.3 ▪ what are the 223.1.9.2 223.1.7.0 /24 subnet subnet 223.1.9/24 subnet 223.1.7/24 addresses? 223.1.9.1 223.1.7.1 223.1.8.1 223.1.8.0 subnet 223.1.2/24 223.1.2.6 subnet 223.1.8/24 223.1.3.27 subnet 223.1.3/24 223.1.2.1 223.1.2.2 223.1.3.1 223.1.3.2 Network Layer: 4-10 IP addressing: CIDR CIDR: Classless InterDomain Routing (pronounced “cider”) subnet portion of address of arbitrary length address format: a.b.c.d/x, where x is # bits in subnet portion of address subnet host part part 11001000 00010111 00010000 00000000 200.23.16.0/23 Network Layer: 4-11 IP addresses: how to get one? That’s actually two questions: 1. Q: How does a host get IP address within its network (host part of address)? 2. Q: How does a network get IP address for itself (network part of address) How does host get IP address? ▪ hard-coded by sysadmin in config file (e.g., /etc/rc.config in UNIX) ▪ DHCP: Dynamic Host Configuration Protocol: dynamically get address from as server “plug-and-play” Network Layer: 4-12 DHCP: Dynamic Host Configuration Protocol goal: host dynamically obtains IP address from network server when it “joins” network ▪ can renew its lease on address in use ▪ allows reuse of addresses (only hold address while connected/on) ▪ support for mobile users who join/leave network DHCP overview: ▪ host broadcasts DHCP discover msg [optional] ▪ DHCP server responds with DHCP offer msg [optional] ▪ host requests IP address: DHCP request msg ▪ DHCP server sends address: DHCP ack msg Network Layer: 4-13 DHCP client-server scenario Typically, DHCP server will be co- DHCP server located in router, serving all subnets 223.1.1.1 223.1.2.1 to which router is attached 223.1.2.5 223.1.1.2 223.1.1.4 223.1.2.9 223.1.1.3 223.1.3.27 arriving DHCP client needs 223.1.2.2 address in this network 223.1.3.1 223.1.3.2 Network Layer: 4-14 DHCP client-server scenario DHCP server: 223.1.2.5 DHCP discover Arriving client src : 0.0.0.0, 68 Broadcast: is there a dest.: 255.255.255.255,67 DHCPyiaddr: server 0.0.0.0 out there? transaction ID: 654 DHCP offer src: 223.1.2.5, 67 Broadcast: I’m a DHCP dest: 255.255.255.255, 68 server! yiaddrr:Here’s an IP 223.1.2.4 address youID:can transaction 654 use The two steps above can lifetime: 3600 secs DHCP request be skipped “if a client src: 0.0.0.0, 68 remembers and wishes to Broadcast: OK. I would dest:: 255.255.255.255, 67 reuse a previously yiaddrr: 223.1.2.4 allocated network address” like totransaction use this ID:IP655 address! [RFC 2131] lifetime: 3600 secs DHCP ACK src: 223.1.2.5, 67 Broadcast: dest: OK. You’ve 255.255.255.255, 68 yiaddrr: 223.1.2.4 got that IPID: transaction address! 655 lifetime: 3600 secs Network Layer: 4-15 DHCP: more than IP addresses DHCP can return more than just allocated IP address on subnet: ▪ address of first-hop router for client ▪ name and IP address of DNS sever ▪ network mask (indicating network versus host portion of address) Network Layer: 4-16 DHCP: example DHCP DHCP ▪ Connecting laptop will use DHCP DHCP UDP DHCP IP to get IP address, address of first- DHCP Eth hop router, address of DNS server. Phy ▪ DHCP REQUEST message encapsulated DHCP in UDP, encapsulated in IP, encapsulated DHCP DHCP 168.1.1.1 in Ethernet DHCP UDP IP ▪ Ethernet frame broadcast (dest: DHCP DHCP Eth router with DHCP Phy server built into FFFFFFFFFFFF) on LAN, received at router router running DHCP server ▪ Ethernet demux’ed to IP demux’ed, UDP demux’ed to DHCP Network Layer: 4-17 DHCP: example DHCP DHCP ▪ DCP server formulates DHCP ACK DHCP UDP containing client’s IP address, IP DHCP IP address of first-hop router for client, DHCP Eth Phy name & IP address of DNS server ▪ encapsulated DHCP server reply DHCP DHCP forwarded to client, demuxing up to UDP DHCP DHCP IP DHCP at client DHCP Eth router with DHCP DHCP Phy server built into ▪ client now knows its IP address, name router and IP address of DNS server, IP address of its first-hop router Network Layer: 4-18 IP addresses: how to get one? Q: how does network get subnet part of IP address? A: gets allocated portion of its provider ISP’s address space ISP's block 11001000 00010111 00010000 00000000 200.23.16.0/20 ISP can then allocate out its address space in 8 blocks: Organization 0 11001000 00010111 00010000 00000000 200.23.16.0/23 Organization 1 11001000 00010111 00010010 00000000 200.23.18.0/23 Organization 2 11001000 00010111 00010100 00000000 200.23.20.0/23... ….. …. …. Organization 7 11001000 00010111 00011110 00000000 200.23.30.0/23 Network Layer: 4-19 Hierarchical addressing: route aggregation hierarchical addressing allows efficient advertisement of routing information: Organization 0 200.23.16.0/23 Organization 1 “Send me anything 200.23.18.0/23 with addresses Organization 2 beginning 200.23.20.0/23. Fly-By-Night-ISP 200.23.16.0/20”... Internet. Organization 7. 200.23.30.0/23 “Send me anything ISPs-R-Us with addresses beginning 199.31.0.0/16” Network Layer: 4-20 Hierarchical addressing: more specific routes ▪ Organization 1 moves from Fly-By-Night-ISP to ISPs-R-Us ▪ ISPs-R-Us now advertises a more specific route to Organization 1 Organization 0 200.23.16.0/23 Organization 1 “Send me anything 200.23.18.0/23 with addresses Organization 2 beginning 200.23.20.0/23. Fly-By-Night-ISP 200.23.16.0/20”... Internet. Organization 7. 200.23.30.0/23 “Send me anything ISPs-R-Us with addresses Organization 1 beginning 199.31.0.0/16” 200.23.18.0/23 “or 200.23.18.0/23” Network Layer: 4-21 Hierarchical addressing: more specific routes ▪ Organization 1 moves from Fly-By-Night-ISP to ISPs-R-Us ▪ ISPs-R-Us now advertises a more specific route to Organization 1 Organization 0 200.23.16.0/23 “Send me anything with addresses Organization 2 beginning 200.23.20.0/23. Fly-By-Night-ISP 200.23.16.0/20”... Internet. Organization 7. 200.23.30.0/23 “Send me anything ISPs-R-Us with addresses Organization 1 beginning 199.31.0.0/16” 200.23.18.0/23 “or 200.23.18.0/23” Network Layer: 4-22 IP addressing: last words... Q: how does an ISP get block of Q: are there enough 32-bit IP addresses? addresses? A: ICANN: Internet Corporation for ▪ ICANN allocated last chunk of Assigned Names and Numbers IPv4 addresses to RRs in 2011 http://www.icann.org/ ▪ NAT (next) helps IPv4 address allocates IP addresses, through 5 space exhaustion regional registries (RRs) (who may then allocate to local registries) ▪ IPv6 has 128-bit address space manages DNS root zone, including delegation of individual TLD (.com, "Who the hell knew how much address.edu , …) management space we needed?" Vint Cerf (reflecting on decision to make IPv4 address 32 bits long) Network Layer: 4-23 Network layer: “data plane” roadmap ▪ Network layer: overview data plane control plane ▪ What’s inside a router input ports, switching, output ports buffer management, scheduling ▪ IP: the Internet Protocol ▪ Generalized Forwarding, SDN datagram format match+action addressing OpenFlow: match+action in action network address translation ▪ Middleboxes IPv6 Network Layer: 4-24 NAT: network address translation NAT: all devices in local network share just one IPv4 address as far as outside world is concerned rest of local network (e.g., home Internet network) 10.0.0/24 10.0.0.1 138.76.29.7 10.0.0.4 10.0.0.2 10.0.0.3 all datagrams leaving local network have datagrams with source or destination in same source NAT IP address: 138.76.29.7, this network have 10.0.0/24 address for but different source port numbers source, destination (as usual) Network Layer: 4-25 NAT: network address translation ▪ all devices in local network have 32-bit addresses in a “private” IP address space (10/8, 172.16/12, 192.168/16 prefixes) that can only be used in local network ▪ advantages: ▪ just one IP address needed from provider ISP for all devices ▪ can change addresses of host in local network without notifying outside world ▪ can change ISP without changing addresses of devices in local network ▪ security: devices inside local net not directly addressable, visible by outside world Network Layer: 4-26 NAT: network address translation implementation: NAT router must (transparently): ▪ outgoing datagrams: replace (source IP address, port #) of every outgoing datagram to (NAT IP address, new port #) remote clients/servers will respond using (NAT IP address, new port #) as destination address ▪ remember (in NAT translation table) every (source IP address, port #) to (NAT IP address, new port #) translation pair ▪ incoming datagrams: replace (NAT IP address, new port #) in destination fields of every incoming datagram with corresponding (source IP address, port #) stored in NAT table Network Layer: 4-27 NAT: network address translation NAT translation table 2: NAT router changes 1: host 10.0.0.1 sends WAN side addr LAN side addr datagram to datagram source address 138.76.29.7, 5001 10.0.0.1, 3345 128.119.40.186, 80 from 10.0.0.1, 3345 to 138.76.29.7, 5001, …… …… updates table S: 10.0.0.1, 3345 D: 128.119.40.186, 80 10.0.0.1 1 S: 138.76.29.7, 5001 2 D: 128.119.40.186, 80 10.0.0.4 10.0.0.2 138.76.29.7 S: 128.119.40.186, 80 D: 10.0.0.1, 3345 4 S: 128.119.40.186, 80 10.0.0.3 D: 138.76.29.7, 5001 3 3: reply arrives, destination address: 138.76.29.7, 5001 Network Layer: 4-28 NAT: network address translation ▪ NAT has been controversial: routers “should” only process up to layer 3 address “shortage” should be solved by IPv6 violates end-to-end argument (port # manipulation by network-layer device) NAT traversal: what if client wants to connect to server behind NAT? ▪ but NAT is here to stay: extensively used in home and institutional nets, 4G/5G cellular nets Network Layer: 4-29 IPv6: motivation ▪ initial motivation: 32-bit IPv4 address space would be completely allocated ▪ additional motivation: speed processing/forwarding: 40-byte fixed length header enable different network-layer treatment of “flows” Network Layer: 4-30 IPv6 datagram format flow label: identify priority: identify 32 bits datagrams in same priority among ver pri flow label "flow.” (concept of datagrams in flow payload len next hdr hop limit “flow” not well defined). source address 128-bit (128 bits) IPv6 addresses destination address (128 bits) payload (data) What’s missing (compared with IPv4): ▪ no checksum (to speed processing at routers) ▪ no fragmentation/reassembly ▪ no options (available as upper-layer, next-header protocol at router) Network Layer: 4-31 Transition from IPv4 to IPv6 ▪ not all routers can be upgraded simultaneously no “flag days” how will network operate with mixed IPv4 and IPv6 routers? ▪ tunneling: IPv6 datagram carried as payload in IPv4 datagram among IPv4 routers (“packet within a packet”) tunneling used extensively in other contexts (4G/5G) IPv4 header fields IPv6 header fields IPv4 payload IPv4 source, dest addr IPv6 source dest addr UDP/TCP payload IPv6 datagram IPv4 datagram Network Layer: 4-32 Tunneling and encapsulation A B Ethernet connects two E F Ethernet connecting IPv6 routers two IPv6 routers: IPv6 IPv6 IPv6 IPv6 IPv6 datagram Link-layer frame The usual: datagram as payload in link-layer frame IPv4 network A B E F connecting two IPv6 routers IPv6 IPv6/v4 IPv6/v4 IPv6 IPv4 network Network Layer: 4-33 Tunneling and encapsulation A B Ethernet connects two E F Ethernet connecting IPv6 routers two IPv6 routers: IPv6 IPv6 IPv6 IPv6 IPv6 datagram Link-layer frame The usual: datagram as payload in link-layer frame IPv4 tunnel A B IPv4 tunnel E F connecting IPv6 routers connecting two IPv6 routers IPv6 IPv6/v4 IPv6/v4 IPv6 IPv6 datagram IPv4 datagram tunneling: IPv6 datagram as payload in a IPv4 datagram Network Layer: 4-34 Tunneling A B IPv4 tunnel E F connecting IPv6 routers logical view: IPv6 IPv6/v4 IPv6/v4 IPv6 A B C D E F physical view: IPv6 IPv6/v4 IPv4 IPv4 IPv6/v4 IPv6 flow: X src:B src:B src:B flow: X src: A dest: E dest: E src: A dest: F dest: E dest: F Flow: X Flow: X Flow: X Src: A Src: A Src: A Note source and data Dest: F Dest: F Dest: F data destination addresses! data data data A-to-B: E-to-F: B-to-C: B-to-C: B-to-C: IPv6 IPv6 IPv6 inside IPv6 inside IPv6 inside IPv4 IPv4 IPv4 Network Layer: 4-35 IPv6: adoption ▪ Google1: ~ 30% of clients access services via IPv6 ▪ NIST: 1/3 of all US government domains are IPv6 capable 1 https://www.google.com/intl /en/ipv6/statistics.html Network Layer: 4-36 IPv6: adoption ▪ Google1: ~ 30% of clients access services via IPv6 ▪ NIST: 1/3 of all US government domains are IPv6 capable ▪ Long (long!) time for deployment, use 25 years and counting! think of application-level changes in last 25 years: WWW, social media, streaming media, gaming, telepresence, … Why? 1 https://www.google.com/intl/en/ipv6/statistics.html Network Layer: 4-37