ECE 4436A Networking: Principles, Protocols, and Architectures PDF
Document Details
Uploaded by Deleted User
University of Western Ontario
Dr. Fang (Fiona) Fang
Tags
Summary
These are lecture notes on networking, covering principles, protocols, and architectures. The notes detail the application, transport, network, link, and physical layers, with examples and diagrams.
Full Transcript
ECE 4436A NETWORKING: PRINCIPLES, PROTOCOLS, AND ARCHITECTURES Dr. Fang (Fiona) Fang Department of Electrical and Computer Engineering University of Western Ontario SOME SLIDES ADAPTED FROM KUROSE AND ROSS NOTES PROVIDED THROUGH PUBL...
ECE 4436A NETWORKING: PRINCIPLES, PROTOCOLS, AND ARCHITECTURES Dr. Fang (Fiona) Fang Department of Electrical and Computer Engineering University of Western Ontario SOME SLIDES ADAPTED FROM KUROSE AND ROSS NOTES PROVIDED THROUGH PUBLISHER. THE AUTHOR’S AND PUBLISHER’S COPYRIGHT HOLDS THROUGHOUT. Introduction: 1-2 Recall § Application Layer §M § Transport Layer §S § Network Layer § DG § Link Layer §F § Physical Layer §B Network Layer: 4-4 Network layer: our goals §understand principles § instantiation, implementation behind network layer in the Internet services, focusing on data IP protocol plane: NAT, middleboxes network layer service models forwarding versus routing how a router works addressing generalized forwarding Internet architecture Network Layer: 4-5 Network layer: “data plane” roadmap § Network layer: overview data plane control plane § What’s inside a router input ports, switching, output ports buffer management, scheduling § IP: the Internet Protocol § Generalized Forwarding, SDN datagram format Match+action addressing OpenFlow: match+action in action network address translation IPv6 § Middleboxes Network Layer: 4-6 Network-layer services and protocols § transport segment from sending mobile network to receiving host national or global ISP sender: encapsulates segments into datagrams, passes to link layer application receiver: delivers segments to transport network transport layer protocol link physical network network § network layer protocols in every link physical link physical Internet device: hosts, routers network § routers: link network physical link physical network datacenter examines header fields in all IP link physical network datagrams passing through it application moves datagrams from input ports to transport network enterprise output ports to transfer datagrams network link physical along end-end path Network Layer: 4-7 Two key network-layer functions network-layer functions: analogy: taking a trip § forwarding: move packets from § forwarding: process of getting a router’s input link to through single interchange appropriate router output link § routing: process of planning trip § routing: determine route taken from source to destination by packets from source to destination routing algorithms forwarding routing Network Layer: 4-8 Network layer: data plane, control plane Data plane: Control plane § local, per-router function § network-wide logic § determines how datagram § determines how datagram is arriving on router input port routed among routers along end- is forwarded to router end path from source host to output port destination host values in arriving § two control-plane approaches: packet header traditional routing algorithms: 0111 1 implemented in routers 2 3 software-defined networking (SDN): implemented in (remote) servers Network Layer: 4-9 Per-router control plane Individual routing algorithm components in each and every router interact in the control plane 4.1 OVERVIEW OF NETWORK LAYER 309 Routing Algorithm Routing algorithm control Control plane plane Data plane Local forwarding data table header output plane 0100 3 0110 2 0111 2 1001 1 Values in arriving values in arriving packet’s header 1 packet header 1101 2 3 0111 1 2 3 Figure 4.2 ♦ Routing algorithms determine values in forward tables Network Layer: 4-10 tables. In this example, a routing algorithm runs in each and every router and both Software-Defined Networking (SDN) control plane Remote controller computes, installs forwarding tables in routers Remote Controller control plane data plane CA CA CA CA CA values in arriving packet header 0111 1 2 3 Network Layer: 4-11 Network service model Q: What service model for “channel” transporting datagrams from sender to receiver? example services for example services for a flow of individual datagrams: datagrams: § guaranteed delivery § in-order datagram delivery § guaranteed delivery with § guaranteed minimum bandwidth less than 40 msec delay to flow § restrictions on changes in inter- packet spacing Network Layer: 4-12 Network-layer service model Quality of Service (QoS) Guarantees ? Network Service Architecture Model Bandwidth Loss Order Timing Internet best effort none no no no ATM Constant Bit Rate Constant rate yes yes yes Internet “best effort” service model ATM NoAvailable guaranteesBit Rate on: Guaranteed min no yes no Internet i. successful Intserv Guaranteeddatagram yes delivery to yesdestination yes yes ii. 1633 (RFC timing ) or order of delivery Internet iii. bandwidth Diffserv (RFC 2475) available to end-end possible flow possibly possibly no Network Layer: 4-13 Reflections on best-effort service: § simplicity of mechanism has allowed Internet to be widely deployed adopted § sufficient provisioning of bandwidth allows performance of real-time applications (e.g., interactive voice, video) to be “good enough” for “most of the time” § replicated, application-layer distributed services (datacenters, content distribution networks) connecting close to clients’ networks, allow services to be provided from multiple locations § congestion control of “elastic” services helps It’s hard to argue with success of best-effort service model Network Layer: 4-15 Network layer: “data plane” roadmap § Network layer: overview data plane control plane § What’s inside a router input ports, switching, output ports buffer management, scheduling § IP: the Internet Protocol datagram format § Generalized Forwarding, SDN addressing Match+action network address translation OpenFlow: match+action in action IPv6 § Middleboxes Network Layer: 4-16 Router architecture overview high-level view of generic router architecture: routing, management routing control plane (software) processor operates in millisecond time frame forwarding data plane (hardware) operates in nanosecond timeframe high-speed switching fabric router input ports router output ports Network Layer: 4-17 Input port functions lookup, link layer forwarding line switch termination protocol fabric (receive) queueing physical layer: bit-level reception link layer: decentralized switching: e.g., Ethernet § using header field values, lookup output port using forwarding table in input port memory (“match plus action”) (chapter 6) § goal: complete input port processing at ‘line speed’ § input port queuing: if datagrams arrive faster than forwarding rate into switch fabric Network Layer: 4-18 Input port functions lookup, link layer forwarding line switch termination protocol fabric (receive) queueing physical layer: bit-level reception link layer: decentralized switching: e.g., Ethernet § using header field values, lookup output port using forwarding table in input port memory (“match plus action”) (chapter 6) § destination-based forwarding: forward based only on destination IP address (traditional) § generalized forwarding: forward based on any set of header field values Network Layer: 4-19 Destination-based forwarding 3 Q: but what happens if ranges don’t divide up so nicely? Network Layer: 4-20 Longest prefix matching longest prefix match when looking for forwarding table entry for given destination address, use longest address prefix that matches destination address. Destination Address Range Link interface 11001000 00010111 00010*** ******** 0 11001000 00010111 00011000 ******** 1 11001000 00010111 00011*** ******** 2 otherwise 3 11001000 00010111 00010110 10100001 which interface? examples: 11001000 00010111 00011000 10101010 which interface? Network Layer: 4-21 Longest prefix matching longest prefix match when looking for forwarding table entry for given destination address, use longest address prefix that matches destination address. Destination Address Range Link interface 11001000 00010111 00010*** ******** 0 11001000 00010111 00011000 ******** 1 11001000 match! 00010111 00011*** ******** 2 otherwise 3 11001000 00010111 00010110 10100001 which interface? examples: 11001000 00010111 00011000 10101010 which interface? Network Layer: 4-22 Longest prefix matching longest prefix match when looking for forwarding table entry for given destination address, use longest address prefix that matches destination address. Destination Address Range Link interface 11001000 00010111 00010*** ******** 0 11001000 00010111 00011000 ******** 1 11001000 00010111 00011*** ******** 2 otherwise 3 match! 11001000 00010111 00010110 10100001 which interface? examples: 11001000 00010111 00011000 10101010 which interface? Network Layer: 4-23 Longest prefix matching longest prefix match when looking for forwarding table entry for given destination address, use longest address prefix that matches destination address. Destination Address Range Link interface 11001000 00010111 00010*** ******** 0 11001000 00010111 00011000 ******** 1 11001000 00010111 00011*** ******** 2 otherwise 3 match! 11001000 00010111 00010110 10100001 which interface? examples: 11001000 00010111 00011000 10101010 which interface? Network Layer: 4-24 Switching fabrics § transfer packet from input link to appropriate output link § switching rate: rate at which packets can be transfer from inputs to outputs often measured as multiple of input/output line rate N inputs: switching rate N times line rate desirable R (rate: NR, R ideally)...... high-speed N input ports N output ports switching fabric R R Network Layer: 4-26 Switching fabrics § transfer packet from input link to appropriate output link § switching rate: rate at which packets can be transfer from inputs to outputs often measured as multiple of input/output line rate N inputs: switching rate N times line rate desirable § three major types of switching fabrics: memory memory bus interconnection network Network Layer: 4-27 Input port queuing § If switch fabric slower than input ports combined -> queueing may occur at input queues queueing delay and loss due to input buffer overflow! § Head-of-the-Line (HOL) blocking: queued datagram at front of queue prevents others in queue from moving forward switch switch fabric fabric output port contention: only one red one packet time later: green datagram can be transferred. lower red packet experiences HOL blocking packet is blocked Network Layer: 4-32 Output port queuing datagram This is a really important slide switch buffer link layer line fabric termination protocol (rate: NR) queueing (send) R § Buffering required when datagrams arrive from fabric faster than link Datagrams can be lost transmission rate. Drop policy: which due to congestion, lack of datagrams to drop if no free buffers? buffers § Scheduling discipline chooses Priority scheduling – who among queued datagrams for gets best performance, transmission network neutrality Network Layer: 4-33 Output port queuing switch switch fabric fabric at t, packets more one packet time later from input to output § buffering when arrival rate via switch exceeds output line speed § queueing (delay) and loss due to output port buffer overflow! Network Layer: 4-34 How much buffering? § RFC 3439 rule of thumb: average buffering equal to “typical” RTT (say 250 msec) times link capacity C e.g., C = 10 Gbps link: 2.5 Gbit buffer § more recent recommendation: with N flows, buffering equal to RTT. C N § but too much buffering can increase delays (particularly in home routers) long RTTs: poor performance for realtime apps, sluggish TCP response recall delay-based congestion control: “keep bottleneck link just full enough (busy) but no fuller” Network Layer: 4-35 Buffer Management buffer management: switch datagram buffer link § drop: which packet to add, fabric layer line R drop when buffers are full protocol termination queueing (send) tail drop: drop arriving scheduling packet priority: drop/remove on priority basis Abstraction: queue § marking: which packets to mark to signal congestion R packet departures (ECN, RED) packet arrivals queue link (waiting area) (server) Network Layer: 4-36 Packet Scheduling: FCFS packet scheduling: deciding FCFS: packets transmitted in which packet to send next on order of arrival to output link port first come, first served priority § also known as: First-in-first- round robin out (FIFO) weighted fair queueing § real world examples? Abstraction: queue R packet departures packet arrivals queue link (waiting area) (server) Network Layer: 4-37 Scheduling policies: priority Priority scheduling: high priority queue § arriving traffic classified, arrivals queued by class classify link departures any header fields can be low priority queue used for classification 2 § send packet from highest arrivals 1 3 4 5 priority queue that has packet buffered packets in service 1 3 2 4 5 FCFS within priority class departures 1 3 2 4 5 Network Layer: 4-38 Scheduling policies: round robin Round Robin (RR) scheduling: §arriving traffic classified, queued by class any header fields can be used for classification R §server cyclically, repeatedly scans class queues, classify link departures sending one complete arrivals packet from each class (if available) in turn Network Layer: 4-39 Scheduling policies: weighted fair queueing Weighted Fair Queuing (WFQ): § generalized Round Robin § each class, i, has weight, wi, w1 and gets weighted amount of service in each cycle: w2 R wi classify link departures Sjwj arrivals w3 § minimum bandwidth guarantee (per-traffic-class) Network Layer: 4-40 Network layer: “data plane” roadmap § Network layer: overview data plane control plane § What’s inside a router input ports, switching, output ports buffer management, scheduling § IP: the Internet Protocol § Generalized Forwarding, SDN datagram format match+action addressing OpenFlow: match+action in action network address translation § Middleboxes IPv6 Network Layer: 4-44 Network Layer: Internet host, router network layer functions: transport layer: TCP, UDP IP protocol Path-selection datagram format algorithms: addressing network implemented in packet handling conventions routing protocols forwarding layer (OSPF, BGP) table ICMP protocol SDN controller error reporting router “signaling” link layer physical layer Network Layer: 4-45 IP addressing: introduction 223.1.1.1 § IP address: 32-bit identifier 223.1.2.1 associated with each host or 223.1.1.2 router interface 223.1.1.4 223.1.2.9 § interface: connection between 223.1.1.3 223.1.3.27 host/router and physical link 223.1.2.2 router’s typically have multiple interfaces 223.1.3.1 223.1.3.2 host typically has one or two interfaces (e.g., wired Ethernet, wireless 802.11) dotted-decimal IP address notation: 223.1.1.1 = 11011111 00000001 00000001 00000001 223 1 1 1 Network Layer: 4-47 IP addressing: introduction 223.1.1.1 § IP address: 32-bit identifier 223.1.2.1 associated with each host or 223.1.1.2 router interface 223.1.1.4 223.1.2.9 § interface: connection between 223.1.1.3 223.1.3.27 host/router and physical link 223.1.2.2 router’s typically have multiple interfaces 223.1.3.1 223.1.3.2 host typically has one or two interfaces (e.g., wired Ethernet, wireless 802.11) dotted-decimal IP address notation: 223.1.1.1 = 11011111 00000001 00000001 00000001 223 1 1 1 Network Layer: 4-48 IP addressing: introduction 223.1.1.1 Q: how are interfaces 223.1.2.1 actually connected? 223.1.1.2 A: we’ll learn about A: wired 223.1.1.4 223.1.2.9 that in chapters 6, 7 Ethernet interfaces connected by 223.1.1.3 223.1.3.27 223.1.2.2 Ethernet switches 223.1.3.1 223.1.3.2 For now: don’t need to worry about how one interface is connected to another (with no intervening router) A: wireless WiFi interfaces connected by WiFi base station Network Layer: 4-49 Subnets 223.1.1.1 § What’s a subnet ? 223.1.2.1 device interfaces that can 223.1.1.2 223.1.1.4 223.1.2.9 physically reach each other without passing through an 223.1.1.3 223.1.3.27 intervening router 223.1.2.2 § IP addresses have structure: subnet part: devices in same subnet 223.1.3.1 223.1.3.2 have common high order bits host part: remaining low order bits network consisting of 3 subnets Network Layer: 4-50 Subnets subnet 223.1.1.0/24 223.1.1.1 subnet 223.1.2.0/24 Recipe for defining subnets: 223.1.2.1 §detach each interface from its 223.1.1.2 223.1.1.4 223.1.2.9 host or router, creating “islands” of isolated networks 223.1.1.3 223.1.3.27 223.1.2.2 §each isolated network is subnet called a subnet 223.1.3.0/24 223.1.3.1 223.1.3.2 subnet mask: /24 (high-order 24 bits: subnet part of IP address) Network Layer: 4-51 Subnets 223.1.1.2 subnet 223.1.1/24 223.1.1.1 § where are the 223.1.1.4 subnets? 223.1.1.3 § what are the 223.1.9.2 223.1.7.0 /24 subnet subnet 223.1.9/24 subnet 223.1.7/24 addresses? 223.1.9.1 223.1.7.1 223.1.8.1 223.1.8.0 subnet 223.1.2/24 223.1.2.6 subnet 223.1.8/24 223.1.3.27 subnet 223.1.3/24 223.1.2.1 223.1.2.2 223.1.3.1 223.1.3.2 Network Layer: 4-52 IP addressing: CIDR CIDR: Classless InterDomain Routing (pronounced “cider”) subnet portion of address of arbitrary length address format: a.b.c.d/x, where x is # bits in subnet portion of address subnet host part part 11001000 00010111 00010000 00000000 200.23.16.0/23 Network Layer: 4-53 IP addresses: how to get one? That’s actually two questions: 1. Q: How does a host get IP address within its network (host part of address)? 2. Q: How does a network get IP address for itself (network part of address) How does host get IP address? § hard-coded by sysadmin in config file (e.g., /etc/rc.config in UNIX) § DHCP: Dynamic Host Configuration Protocol: dynamically get address from as server “plug-and-play” Network Layer: 4-54 DHCP: Dynamic Host Configuration Protocol goal: host dynamically obtains IP address from network server when it “joins” network § can renew its lease on address in use § allows reuse of addresses (only hold address while connected/on) § support for mobile users who join/leave network DHCP overview: § host broadcasts DHCP discover msg [optional] § DHCP server responds with DHCP offer msg [optional] § host requests IP address: DHCP request msg § DHCP server sends address: DHCP ack msg Network Layer: 4-55 DHCP client-server scenario Typically, DHCP server will be co- DHCP server located in router, serving all subnets 223.1.1.1 223.1.2.1 to which router is attached 223.1.2.5 223.1.1.2 223.1.1.4 223.1.2.9 223.1.1.3 223.1.3.27 arriving DHCP client needs 223.1.2.2 address in this network 223.1.3.1 223.1.3.2 Network Layer: 4-56 DHCP client-server scenario DHCP server: 223.1.2.5 DHCP discover Arriving client src : 0.0.0.0, 68 Broadcast: is there a dest.: 255.255.255.255,67 DHCPyiaddr: server 0.0.0.0 out there? transaction ID: 654 DHCP offer src: 223.1.2.5, 67 Broadcast: I’m a DHCP dest: 255.255.255.255, 68 server! yiaddr:Here’s an IP 223.1.2.4 transaction ID: 654 address you can use lifetime: 3600 secs The two steps above can DHCP request be skipped “if a client src: 0.0.0.0, 68 remembers and wishes to dest:: 255.255.255.255, 67 Broadcast: OK. I would reuse a previously yiaddr: 223.1.2.4 allocated network address” like to transaction use this ID:IP 655 address! lifetime: 3600 secs [RFC 2131] DHCP ACK src: 223.1.2.5, 67 dest: 255.255.255.255, 68 Broadcast: OK. You’ve yiaddr: 223.1.2.4 got that IPID:address! transaction 655 lifetime: 3600 secs Network Layer: 4-57 IP addresses: how to get one? Q: how does network get subnet part of IP address? A: gets allocated portion of its provider ISP’s address space ISP's block 11001000 00010111 00010000 00000000 200.23.16.0/20 ISP can then allocate out its address space in 8 blocks: Organization 0 11001000 00010111 00010000 00000000 200.23.16.0/23 Organization 1 11001000 00010111 00010010 00000000 200.23.18.0/23 Organization 2 11001000 00010111 00010100 00000000 200.23.20.0/23... ….. …. …. Organization 7 11001000 00010111 00011110 00000000 200.23.30.0/23 Network Layer: 4-61 Hierarchical addressing: route aggregation hierarchical addressing allows efficient advertisement of routing information: Organization 0 200.23.16.0/23 Organization 1 “Send me anything 200.23.18.0/23 with addresses Organization 2 beginning 200.23.20.0/23. Fly-By-Night-ISP 200.23.16.0/20”... Internet. Organization 7. 200.23.30.0/23 “Send me anything ISPs-R-Us with addresses beginning 199.31.0.0/16” Network Layer: 4-62 Hierarchical addressing: more specific routes § Organization 1 moves from Fly-By-Night-ISP to ISPs-R-Us § ISPs-R-Us now advertises a more specific route to Organization 1 Organization 0 200.23.16.0/23 Organization 1 “Send me anything 200.23.18.0/23 with addresses Organization 2 beginning 200.23.20.0/23. Fly-By-Night-ISP 200.23.16.0/20”... Internet. Organization 7. 200.23.30.0/23 “Send me anything ISPs-R-Us with addresses Organization 1 beginning 199.31.0.0/16” 200.23.18.0/23 “or 200.23.18.0/23” Network Layer: 4-63 Hierarchical addressing: more specific routes § Organization 1 moves from Fly-By-Night-ISP to ISPs-R-Us § ISPs-R-Us now advertises a more specific route to Organization 1 Organization 0 200.23.16.0/23 “Send me anything with addresses Organization 2 beginning 200.23.20.0/23. Fly-By-Night-ISP 200.23.16.0/20”... Internet. Organization 7. 200.23.30.0/23 “Send me anything ISPs-R-Us with addresses Organization 1 beginning 199.31.0.0/16” 200.23.18.0/23 “or 200.23.18.0/23” Network Layer: 4-64 IP addressing: last words... Q: how does an ISP get block of Q: are there enough 32-bit IP addresses? addresses? A: ICANN: Internet Corporation for § ICANN allocated last chunk of Assigned Names and Numbers IPv4 addresses to RRs in 2011 http://www.icann.org/ § NAT (next) helps IPv4 address allocates IP addresses, through 5 space exhaustion regional registries (RRs) (who may then allocate to local registries) § IPv6 has 128-bit address space manages DNS root zone, including delegation of individual TLD (.com, "Who the hell knew how much address.edu , …) management space we needed?" Vint Cerf (reflecting on decision to make IPv4 address 32 bits long) Network Layer: 4-65 Network layer: “data plane” roadmap § Network layer: overview data plane control plane § What’s inside a router input ports, switching, output ports buffer management, scheduling § IP: the Internet Protocol § Generalized Forwarding, SDN datagram format match+action addressing OpenFlow: match+action in action network address translation § Middleboxes IPv6 Network Layer: 4-66 NAT: network address translation NAT: all devices in local network share just one IPv4 address as far as outside world is concerned rest of local network (e.g., home Internet network) 10.0.0/24 10.0.0.1 138.76.29.7 10.0.0.4 10.0.0.2 10.0.0.3 all datagrams leaving local network have datagrams with source or destination in same source NAT IP address: 138.76.29.7, this network have 10.0.0/24 address for but different source port numbers source, destination (as usual) Network Layer: 4-67 IPv6: motivation § initial motivation: 32-bit IPv4 address space would be completely allocated § additional motivation: speed processing/forwarding: 40-byte fixed length header enable different network-layer treatment of “flows” Network Layer: 4-72 IPv6 datagram format flow label: identify priority: identify 32 bits datagrams in same ver pri flow label "flow.” (concept of priority among datagrams in flow payload len next hdr hop limit “flow” not well defined). source address 128-bit (128 bits) IPv6 addresses destination address (128 bits) payload (data) What’s missing (compared with IPv4): § no checksum (to speed processing at routers) § no fragmentation/reassembly § no options (available as upper-layer, next-header protocol at router) Network Layer: 4-73 Transition from IPv4 to IPv6 § not all routers can be upgraded simultaneously no “flag days” how will network operate with mixed IPv4 and IPv6 routers? § tunneling: IPv6 datagram carried as payload in IPv4 datagram among IPv4 routers (“packet within a packet”) tunneling used extensively in other contexts (4G/5G) IPv4 header fields IPv6 header fields IPv4 payload IPv4 source, dest addr IPv6 source dest addr UDP/TCP payload IPv6 datagram IPv4 datagram Network Layer: 4-74 Tunneling and encapsulation A B Ethernet connects two E F Ethernet connecting IPv6 routers two IPv6 routers: IPv6 IPv6 IPv6 IPv6 IPv6 datagram Link-layer frame The usual: datagram as payload in link-layer frame IPv4 network A B E F connecting two IPv6 routers IPv6 IPv6/v4 IPv6/v4 IPv6 IPv4 network Network Layer: 4-75 Tunneling and encapsulation A B Ethernet connects two E F Ethernet connecting IPv6 routers two IPv6 routers: IPv6 IPv6 IPv6 IPv6 IPv6 datagram Link-layer frame The usual: datagram as payload in link-layer frame IPv4 tunnel A B IPv4 tunnel E F connecting IPv6 routers connecting two IPv6 routers IPv6 IPv6/v4 IPv6/v4 IPv6 IPv6 datagram IPv4 datagram tunneling: IPv6 datagram as payload in a IPv4 datagram Network Layer: 4-76 Network layer: “data plane” roadmap § Network layer: overview data plane control plane § What’s inside a router input ports, switching, output ports buffer management, scheduling § IP: the Internet Protocol datagram format § Generalized Forwarding, SDN addressing Match+action network address translation OpenFlow: match+action in action IPv6 § Middleboxes Network Layer: 4-80 Generalized forwarding: match plus action Review: each router contains a forwarding table (aka: flow table) § “match plus action” abstraction: match bits in arriving packet, take action destination-based values in arriving packet header forwarding: forward based on dest. IP address generalized forwarding: 0111 1 2 3 many header fields can determine action many action possible: drop/copy/modify/log packet forwarding table (aka: flow table) Network Layer: 4-81 Flow table abstraction § flow: defined by header field values (in link-, network-, transport-layer fields) § generalized forwarding: simple packet-handling rules match: pattern values in packet header fields actions: for matched packet: drop, forward, modify, matched packet or send matched packet to controller priority: disambiguate overlapping patterns counters: #bytes and #packets Flow table Router’s flow table define match action router’s match+action rules Network Layer: 4-82 Flow table abstraction § flow: defined by header fields § generalized forwarding: simple packet-handling rules match: pattern values in packet header fields actions: for matched packet: drop, forward, modify, matched packet or send matched packet to controller priority: disambiguate overlapping patterns counters: #bytes and #packets Flow table src = *.*.*.*, dest=3.4.*.* forward(2) match action src=1.2.*.*, dest=*.*.*.* drop src=10.1.2.3, dest=*.*.*.* send to controller * : wildcard 1 4 3 2 Network Layer: 4-83 OpenFlow: flow table entries Match Action Stats Packet + byte counters 1. Forward packet to port(s) 2. Drop packet 3. Modify fields in header(s) 4. Encapsulate and forward to controller Header fields to match: Ingress Src Dst Eth VLAN VLAN IP IP TCP/UDP TCP/UDP IP Src IP Dst Src Port Dst Port Port MAC MAC Type ID Pri Proto ToS Link layer Network layer Transport layer Network Layer: 4-84 OpenFlow: examples Destination-based forwarding: Switch MAC MAC Eth VLAN VLAN IP IP IP IP TCP TCP Port src dst type ID Pri Src Dst Prot ToS s-port d-port Action * * * * * * * 51.6.0.8 * * * * port6 IP datagrams destined to IP address 51.6.0.8 should be forwarded to router output port 6 Firewall: Switch MAC MAC Eth VLAN VLAN IP IP IP IP TCP TCP Port src dst type ID Pri Src Dst Prot ToS s-port d-port Action * * * * * * * * * * * 22 drop Block (do not forward) all datagrams destined to TCP port 22 (ssh port #) Switch MAC MAC Eth VLAN VLAN IP IP IP IP TCP TCP Port src dst type ID Pri Src Dst Prot ToS s-port d-port Action * * * * * * 128.119.1.1 * * * * * drop Block (do not forward) all datagrams sent by host 128.119.1.1 Network Layer: 4-85 OpenFlow: examples Layer 2 destination-based forwarding: Switch MAC MAC Eth VLAN VLAN IP IP IP IP TCP TCP Port src dst type ID Pri Src Dst Prot ToS s-port d-port Action 22:A7:23: * * 11:E1:02 * * * * * * * * * port3 layer 2 frames with destination MAC address 22:A7:23:11:E1:02 should be forwarded to output port 3 Network Layer: 4-86 OpenFlow abstraction § match+action: abstraction unifies different kinds of devices Router Firewall match: longest match: IP addresses and destination IP prefix TCP/UDP port numbers action: forward out a action: permit or deny link Switch NAT match: destination MAC match: IP address and port address action: rewrite address and action: forward or flood port Network Layer: 4-87 OpenFlow example Host h6 Orchestrated tables can create 10.3.0.6 1 s3 controller network-wide behavior, e.g.,: 2 4 § datagrams from hosts h5 and Host h5 3 h6 should be sent to h3 or h4, 10.3.0.5 via s1 and from there to s2 1 s1 1 s2 Host h1 2 Host h4 10.1.0.1 4 2 4 10.2.0.4 3 3 Host h3 Host h2 10.2.0.3 10.1.0.2 Network Layer: 4-88 OpenFlow example match action IP Src = 10.3.*.* Host h6 Orchestrated tables can create forward(3) 10.3.0.6 IP Dst = 10.2.*.* 1 s3 controller network-wide behavior, e.g.,: 2 4 § datagrams from hosts h5 and Host h5 3 h6 should be sent to h3 or h4, 10.3.0.5 via s1 and from there to s2 1 s1 1 s2 Host h1 2 Host h4 10.1.0.1 4 2 4 10.2.0.4 3 3 match match action action Host h3 Host h2 ingress port = 2 ingress port = 1 10.2.0.3 forward(3) 10.1.0.2 IP Dst = 10.2.0.3 IP Src = 10.3.*.* forward(4) IP Dst = 10.2.*.* ingress port = 2 forward(4) IP Dst = 10.2.0.4 Network Layer: 4-89 Generalized forwarding: summary § “match plus action” abstraction: match bits in arriving packet header(s) in any layers, take action matching over many fields (link-, network-, transport-layer) local actions: drop, forward, modify, or send matched packet to controller “program” network-wide behaviors § simple form of “network programmability” programmable, per-packet “processing” historical roots: active networking today: more generalized programming: P4 (see p4.org). Network Layer: 4-90 Network layer: “data plane” roadmap § Network layer: overview § What’s inside a router § IP: the Internet Protocol § Generalized Forwarding § Middleboxes middlebox functions evolution, architectural principles of the Internet Network Layer: 4-91 Middleboxes Middlebox (RFC 3234) “any intermediary box performing functions apart from normal, standard functions of an IP router on the data path between a source host and destination host” Middleboxes everywhere! Firewalls, IDS: corporate, institutional, service providers, national or global ISP ISPs NAT: home, cellular, institutional Load balancers: corporate, service provider, data center, mobile nets Application- specific: service datacenter network providers, institutional, Caches: service CDN enterprise provider, mobile, CDNs network Middleboxes § initially: proprietary (closed) hardware solutions § move towards “whitebox” hardware implementing open API § move away from proprietary hardware solutions § programmable local actions via match+action § move towards innovation/differentiation in software § SDN: (logically) centralized control and configuration management often in private/public cloud § network functions virtualization (NFV): programmable services over white box networking, computation, storage The IP hourglass HTTP SMTP RTP QUIC DASH … Internet’s “thin waist”: many protocols § one network layer TCP UDP in physical, link, protocol: IP § must be implemented IP transport, and by every (billions) of application Ethernet PPP … Internet-connected PDCP WiFi Bluetooth layers devices copper radio fiber The IP hourglass, at middle age HTTP SMTP RTP QUIC DASH … Internet’s middle age TCP UDP “love handles”? caching N § middleboxes, NAT IP FV Firewalls operating inside the Ethernet PPP … network PDCP WiFi Bluetooth copper radio fiber Architectural Principles of the Internet RFC 1958 “Many members of the Internet community would argue that there is no architecture, but only a tradition, which was not written down for the first 25 years (or at least not by the IAB). However, in very general terms, the community believes that the goal is connectivity, the tool is the Internet Protocol, and the intelligence is end to end rather than hidden in the network.” Three cornerstone beliefs: § simple connectivity § IP protocol: that narrow waist § intelligence, complexity at network edge The end-end argument § some network functionality (e.g., reliable data transfer, congestion) can be implemented in network, or at network edge application end-end implementation of reliable data transfer application transport transport network network data link data link physical physical application application transport transport network hop-by-hop (in-network) implementation of reliable data transfer network data link data link physical network physical network network network network network link link link link link link physical physical physical physical physical physical The end-end argument § some network functionality (e.g., reliable data transfer, congestion) can be implemented in network, or at network edge “The function in question can completely and correctly be implemented only with the knowledge and help of the application standing at the end points of the communication system. Therefore, providing that questioned function as a feature of the communication system itself is not possible. (Sometimes an incomplete version of the function provided by the communication system may be useful as a performance enhancement.) We call this line of reasoning against low-level function implementation the “end- to-end argument.” Saltzer, Reed, Clark 1981 Where’s the intelligence? 20th century phone net: Internet (pre-2005) Internet (post-2005) intelligence/computing at intelligence, computing at programmable network devices network switches edge intelligence, computing, massive application-level infrastructure at edge Chapter 4: done! § Network layer: overview § What’s inside a router § IP: the Internet Protocol § Generalized Forwarding, SDN § Middleboxes Question: how are forwarding tables (destination-based forwarding) or flow tables (generalized forwarding) computed? Answer: by the control plane (next chapter)
