NetworkSec - IP Internet Protocol
- IP Internet Protocol (IP)
IP Internet Protocol (IP)
- the network-level protocol:
- performs a best effort to route a data packet from a source node to a destination node in the Internet.
- every node is given a unique numerical address
- Ipv4. 32-bit number
- Network, host portion.
- IPv6. 128-bit number
- Routing prefix, network address, and a host identifier
- Ipv4. 32-bit number
- Any transmission are specified by an IP address.
Routing IP Packets
A host (PC, server, smartphone) employs simple algorithm for routing packets from that host
:
- Check the IP and compare the network mask.
- Destinated host on the same LAN:
- the packet is transmitted directly on the LAN
- using
ARP protocol
to determine the MAC address of the destination machine.
- Destinated host not on the same LAN:
- the packet is transmitted to gateway (handle the next step of the routing). The
ARP protocol
is used to determine the MAC address of the gateway. - then a host: typically stores a list of the IP of machines on its LAN, or a compact description of it, and the IP of the gateway.
- the packet is transmitted to gateway (handle the next step of the routing). The
- Routers:
- Gateways and other intermediate network nodes that handle the routing of packets to its destination on the Internet.
- typically connected to two or more LANs, use routing tables to determine the next router which packet should be sent.
- The default route:
- Route used as a destination for traffic with an undefined route
- When defined on a host, generally is the network gateway.
- To prevent the un-routable packets traversing the network forever, each IP packet is given a
time-to-live (TTL)
count by its source.- TTL value: hop limit, max 255 hops
- decremente by each router that processes the packet.
- TTL 0: A packet is expired and should be discarded by the router that sees it.
- an error packet is sent back to the source.
The Structure of the Internet
Routers are fast. Performs actions for each packet received:
Drop
: If the packet is expired.Deliver
: If the destination is a machine on one of the LANs to which the router is connected, deliver packet to the destination.Forward
: If the destination of the packet does not belong to the LANs of the router, then the packet is forwarded to a neighboring router.
2 primary protocols determine how next hops are encoded in Internet routing tables:
- Open Shortest Path First (OSPF)
- determines how packets are
routed in an autonomous system (ASs)
- based on policy that packets should travel along shortest paths.
- determines how packets are
- Border Gateway Protocol (BGP).
- determines how packets are
routed between autonomous systems (ASs)
- based on policies dictated by contractual agreements between different ASs The routes established by BGP may not be shortest paths.
- determines how packets are
IP packet Header
Each IP packet
- a fixed-length
header
(various fields) + variable-lengthdata portion
. - 以太网帧:frame_head + frame_data(ip数据报:iphead+ipdata)
- the header has specific fields:
- Version:
- 4bit,指IP协议的版本号。IPV4/IPV6。
- 在进行通信时,通信双方的IP协议版本号必须一致,否则无法直接通信。
- validating the incoming packets version and thus its structure.
- header length
- 4bit,指IP报文头的长度。最大的长度(即4个bit都为1时)为15个长度单位,每个长度单位为4字节(TCP/IP标准,DoubleWord),所以IP协议报文头的最大长度为60个字节,最短为上图所示的20个字节。
- variable based on the contents of the header.
- 服务类型:
- 8bit,用来获得更好的服务。
- 其中的前3位表示报文的优先级,后面的几位分别表示要求更低时延、更高的吞吐量、更高的可靠性、更低的路由代价等。
- 对应位为1即有相应要求,为0则不要求。
- total length
- 16bit,指报文的总长度。注意这里的单位为字节,而不是4字节,所以一个IP报文的的最大长度为65535个字节。
- the total length of the IP packet being transmitted.
- to fragment data transmissions into smaller ones that fit into our layer two’s MTU.
- This can be up to 64 kilobytes.
- identification
- 16bit,该字段标记当前分片为第几个分片,在数据报重组时很有用。
- a unique identifier for the entire fragmentation sequence
- flags
- 3bit,用于标记该报文是否为分片,后面是否还有分片(是否是最后一个分片)。
- to know if this packet is part of a fragmented sequence
- or if it’s the last fragment in a sequence
- and also there’s a bit in here to tell IP, don’t fragment a packet if that’s needed by the application.
- 为什么分片: 主要是因为硬件环境的MTU限制。一个IP报文最多可以达到65565的最大长度;但是网络硬件限制了帧的大小(以太网限制为1500字节)。
- IP分片如何进行重组: 主要依靠标识(IDENT,用于标识IP报文段的唯一标识符,具有同一IDENT的片段属于同一个IP报文)、标志(FLAGS,第一位保留,不使用;第二位为DF(Don’t Fragment)位,DF=1时不分片;第三位为MF(More Fragments)位,DF=0的情况下,除了最后一个分段的IP包的包头,其他分段的MF位都设为1)与片偏移(FRAGMENT OFFSET:简称FO,指明当前片段在原始完整的IP报文中的位置(偏移)。该偏移的单位是8个字节。)
- fragmentation offset: 片偏移:
- 指当前分片在原数据报(分片前的数据报)中相对于用户数据字段的偏移量,即在原数据报中的相对位置。
- the byte position of this packet in the original unfragmented IP packet. And so when an IP packet needs fragmentation the host or the router will break up the data into IP fragments and manipulate this header information to fragment and then reassemble the packets on the remote host or network.
- TTL.
- 8bit,该字段表明当前报文还能生存多久。
- 每经过1ms或者一个网关,TTL的值自动减1
- 当生存时间为0时,报文将被认为目的主机不可到达而丢弃。
- 使用过Ping命令的用户应该有印象,在windows中输入ping命令,在返回的结果中即有TTL的数值。
- protocol,
- 8bit,指出在上层(网络7层结构或TCP/IP的传输层)使用的协议
- 可能的协议有
UDP(17)、TCP(6)、ICMP(1)、IGMP(2)、IGP
等。 - transport layer 4 protocol
- header checksum:
- 首部校验和:用于检验IP报文头部在传播的过程中是否出错,主要校验报文头中是否有某一个或几个bit被污染或修改了。
- the source IP address, the destination IP address.
- 32bit,4个字节
- Version:
Although it does not guarantee that packet successfully travels from its source to its destination, IP does provide a detect if packet headers are damaged along the way.
- Each IP packet comes with a
checksum value
, computed in header contents. - Any host or router wishing to confirm that this header is intact simply needs to recompute this checksum function and compare the computed checksum value to the checksum value that is stored inside the packet.
- Since some parts of the header, like the time-to-live, are modified with each hop, this checksum value must be checked and recomputed by each router that processes this packet.
- The protocol field of an IP packet specifies the higher level protocol that should receive the payload of the packet, such as ICMP, TCP, or UDP.
Flag: 泪滴攻击(tear drop)的原理
- 构造两个分片,满足以下两个条件:
- 第一个分片的FO+len>第二个分片的FO+len。
- 发生重叠时,使用第一个分片来覆盖第二个分片的重叠内容。
- 首先,计算到底重叠了多少字节(i),然后将指向第二个分片的指针朝后移动这么多字节,也即,忽略了第二个分片的重叠部分,
- 接下来计算第二个分片还剩余多少字节,并将第二个分片的剩余内容拷贝一下。
- 但由于不正常重叠后计算第二分片剩余部分的长度为负数,会造成操作系统瘫痪。
IPv4
Binary Numbering
- IP addresses: represented by binary digits (bits).
- 8 bits = 1 byte.
- IPv4: dotted decimal notation format.
- 4 x 8 bytes = 32 bits
- 255.255.255.255
- 00000000.00000000.00000000.00000000
- IPv6: 128 bits.
Principles of Binary Numbering
- Base-10 numbering system: ten digits, 0–9.
- Base-2 numbering system: two digits: zero (0) and one (1).
- converting between 8-bit binary numbers and decimal numbers
- (1024 512 256) 128 64 32 16 8 4 2 1
- the 8 bits in an octet.
- 2^0 - 2^7
Binary to Decimal:
- 10010110 = 128 + 16 + 4 + 2 = 150
Decimal to Binary:
- Is this number equal to or greater than the column heading?
- No, put 0. Yes, put 1.
- Example: convert the number 167 to binary.
- 128 column: 167 greater than 128 -> 1
- subtract 128 from 167 = 39.
- 64 column: 0
- 32 column: 39 greater than 32 -> 1
- subtract 32 from 39 = 7.
- 16 column: 0
- 8 column 0
- 4 column: 7 is greater than or equal to 4 -> 1
- 4 is subtracted from 7 = 3.
- 2 column: 3 greater than 2 -> 1
- 2 is subtracted from 3 = 1.
- 1 column: 1 is equal to 1 -> 1
- decimal number 167 = binary value of
10100111
- 128 + 32 + 4 +2 + 1 = 167.
IPv4 Addressing
IPv6 is increasingly being adopted in corporate networks,
IPv4 (IP address) is by far the most popular Layer 3 addressing scheme
in today’s networks.
- Devices on an IPv4 network use unique IP addresses to communicate with one another
When IPv4 network device sends data on a network, it places both a destination and a source IP address in the packet’s IPv4 header.
- Internet Corporation for Assigned Names and Numbers (ICANN),
- Internet Network Information Center (InterNIC) replace ICANN (until 09/18/1998).
- non-profit corporation.
- Publicly routable IP addresses are globally managed by the ICANN
- ICANN does not directly assign a block of IP addresses to your Internet service provider (ISP), but assigns a block of IP addresses to a regional Internet registry.
- One example:
- American Registry for Internet Numbers (ARIN), Internet registry for North America.
- Internet Assigned Numbers Authority (IANA):
- another entity responsible for IP address assignment.
- IANA is operated by ICANN and is responsible for IP address assignment outside of North America.
- When an organization is assigned one or more publicly routable IP addresses by its service provider, that organization often needs more IP addresses to accommodate all of its devices.
- One solution is to use private IP addressing within an organization, in combination with Network Address Translation (NAT).
- NAT is a feature available on routers.
- One solution is to use private IP addressing within an organization, in combination with Network Address Translation (NAT).
- allows private IP addresses used within an organization to be translated into a pool of one or more publicly routable IP addresses.
IPv4 Address Structure
IPv4 address: 32-bit address.
- written in dotted-decimal notation 点分十进制.
- divided into 4 section, 8 bits, each is a Octets 八位字节
- 00000001 in binary equates to a 1 in decimal.
- 00000010 in binary equals 2 in decimal
- 00000011 yields a decimal value of 3.
- IP addresses has 2 portions
- a
network portion
that denotes an IP prefix used by all machines on a particular network - a
host portion
: identifies a particular network device. - network, subnet, and host
- 128.148.32.110
- a
- These two portions are differentiated by providing a subnet mask along with the IP address.
Subnet mask
:- determines which bits refer to the network and which bits refer to the host.
- consists of a series of contiguous 1s and 0s.
- 1s: network bits in an IPv4 address,
- 0s: host bits in an IPv4 address.
classful mask
: original mask.
- The network portion:
ANDing
the subnet mask with the IP address, - the host portion:
XORing
network portion with the IP address.
Classes of Addresses
- When writing a network address, needs to provide more detail
- 10.1.2.3, 255.0.0.0
- or 10.1.2.3/8
- Network address:
X.X.X.0
- 0.0.0.0:network
- Broadcast address:
X.X.X.255
- 255.255.255.255: 当前子网的广播地址。
Private use:
- Private IP
10.0.0.0/8
169.254.0.0 – 169.254.255.255
address is not routable.192.168.0.0/16
- many home router use 192.168.0.1 or 192.168.1.1.
172.16.0.0/12 - 172.31.0.0/12
- not routable outside of a LAN: ISPs do not route these private networks over the public Internet.
- only usable on their local subnet and are dynamically assigned to network hosts using the Automatic IP Address Assignment (APIPA) feature.
Public address:
Assigned by ISP who get them form IANA.
- Class A network
(1.0.0.0 - 126.0.0.0)
- 可用的A类网络有126个,每个网络能容纳1亿多个主机。
- 224(3x8) = 16, 777, 216 unique IP addresses.
- Mask: X.0.0.0 (the largest, subnet mask at least 24 bits)
- typically reserved for government organizations or telecommunications companies.
- Class B networks
(128.0.0.0 - 191.255.255.255)
- Mask: X.X.0.0 (16-bit subnet mask)
- 216(2x8) = 65, 536 unique IP addresses
- typically allocated for ISPs and large businesses.
- Class C networks
(192.0.0.0 - 223.255.255.255)
- Mask: X.X.X.0 (a 24-bit subnet mask)
- 28 = 256 unique addresses, 254 usable IP addresses.
- assigned to smaller organizations.
- Class D addresses:
- For destination IP addresses
- not assigned to devices sourcing traffic for multicast networks.
- Class E addresses:
- for experimental use.
loopback IP address
- in the first octet, the number 127 have been skipped.
- 127: loopback IP address, IP address representing the device itself.
- example
- Want to verify a network device had a TCP/IP stack loaded,
- you could ping IP address: 127.1.1.1.
- If you received ping responses, you could conclude that the device is running a TCP/IP stack.
IPv6
IPv6 Address Structure
- address format, where X = a hexadecimal digit in the range of 0 – F:
- HHHH:HHHH:HHHH:HHHH:HHHH:HHHH:HHHH:HHHH
- eight fields, each field four hexadecimal digits.
- A hexadecimal digit is 4 bits in size (4 binary bits can represent 16 values).
- 0 0000
- 1 0001
- ……
- 9 1001
- A 1010
- B 1011
- C 1110
- D 1101
- E 1110
- F 1111
- IPv6: 128-bit address:
- 4 bits * 4 digits * 8 fields = 128 bits
- IPv6 addresses can be difficult to work with because of their size.
- rules for abbreviating:
Leading 0s
in a field can be omitted.Contiguous fields containing all 0s
can be represented with a double colon. (Can be done only once for a IPv6 address.)
- Example:
- IPv6 address:
- ABCD:0123:4040:0000:0000:0000:000A:000B
- Using the rules for abbreviation
- ABCD:123:4040::A:B
- IPv6 address:
- Also, the Extended Unique Identifier (EUI-64) format can be used to cause a router to automatically populate the low-order 64 bits of an IPv6 address based on an interface’s MAC address.
Major Features
128-bit addresses
- IPv4 32-bit, rapidly becoming extinct.
- IPv6 128-bit
provides enough IP addresses for many generations to come
. - increases the number of available IP addresses.
- offers approximately 5 * 1028 IP addresses for each person on the planet.
subnetting
is supported in the address format:- leaving 16 bits (2^16) of the address up to individuals or organizations, no need for non routable addresses or network classes.
allow
hierarchical addressing
schemes for organizations: reduce the size of routing tables and provide more efficient routing.simplified packet headers
:- make processing at intermediate nodes faster.
- IPv4 header uses 12 fields
- IPv6 header uses 5 fields
Multicast
:- allows multiple destinations with out the overhead of either multiple send packets or broadcast messages.
- No broadcasts
- No fragmentation (performs MTU discovery for each session)
- Can coexist with IPv4 during a transition
- Dual stack (running IPv4 and IPv6 simultaneously)
- IPv6 over IPv4 (tunneling IPv6 over an IPv4 tunnel)
- Real-time service
IP Security (IPSec)
:- an integral part of IPv6, and provides confidentiality, authentication, and integrity
- Authentication and security
- Auto-configuration
- End-to-end fragmentation
- Enhanced routing functionality, including support for mobile hosts
- when designing IPv4 network, good to consider how readily an IPv6 addressing scheme could be overlaid on that network at some point in the future.
- ICMPv6 assumes additional roles on the network. so using ICMPv6, ARP and IGMP are no longer necessary.
IPv6 Data Flows
- IPv6 has three types of data flows:
- Unicast
- Multicast
- Anycast
- Unicast
one-to-one communication flow
- single IPv6 address is applied to a single interface.
- Multicast
one-to-many
- single IPv6 address represent multiple devices (multicast group)
- Example
- a server (AAAA::1) send traffic to a multicast group (FF00::A).
- Two clients (AAAA::2 and AAAA::3) have joined this group.
- Those clients receive the traffic from the server,
- any client that did not join the group (example, AAAA::4) does not receive the traffic.
- Anycast
one-to-nearest (from the perspective of a router’s routing table)
- single IPv6 address is assigned to multiple devices,
- Example:
- client AAAA::1 send traffic to a destination IPv6 address of AAAA::2.
- server A and server B both have an IPv6 address of AAAA::2.
- The traffic destined for AAAA::2 is sent to server A, via router R2.
- because the server A network appears to be closer than the server B network
- from the perspective of router R1’s IPv6 routing table.
Example of IP attack:
- Teardrop attack:
- malformed fragments can crash or hang older OS that have bot been patched.
- sending mangled IP fragments with overlapping, oversized payloads to the target machine
- packet is transmitted to system that is larger than the system can handle, result in a crash.
Types of casting
- Types of Addresses
- three categories of IPv4 addresses: unicast, broadcast, and multicast.
- Unicast (traffic)
- Most network traffic is unicast in nature
- traffic travels from a single source device to a single destination device.
- Broadcast (traffic)
- traffic travels from a single source to all destinations on a network (a broadcast domain).
- A broadcast address: 255.255.255.255.
- all hosts on all interconnected network.
- 255.255.255.255 targets all devices on a single network, specifically the network local to the device sending a packet destined for 255.255.255.255.
- Another type of broadcast address is a directed broadcast address: X.X.X.255
- all devices in a remote network.
- example,
- Address 172.16.255.255 /16
- a directed broadcast targeting all devices in the 172.16.0.0 /16 network.
- Multicast (traffic)
- an efficient mechanism for a single host to send traffic to multiple or specific destinations.
- Example:
- network with 100 users. 20 users want to receive a video stream from a video server.
- With a unicast solution:
- the video server have to send 20 individual streams, one stream for each recipient.
- consume network bandwidth
- put a heavy processor burden on the video server.
- With a broadcast solution:
- the video server would only have to send the video stream once;
- however, it would be received by every device on the local subnet, even devices not wanting to receive the video stream.
- For devices do not want to receive the video stream, they have to pause what they are doing and take time to check each of these unwanted packets.
- multicast:
- allowing the video server to send the video stream only once,
- and only sending the video stream to devices on the network that wants to receive the stream.
- What makes this possible is the use of a Class D address.
- A Class D address, such as 239.1.2.3, represents the address of a multicast group.
- The server could send a single copy of each stream packet destined for 239.1.2.3.
- Devices wanting to receive the stream can join the multicast group.
- Based on the device request, switches and routers in the topology then dynamically determine out of which ports the video stream should be forwarded.
Assigning IPv4 Addresses
IP Addressing Components
- IP address: a network portion + a host portion.
- A subnet mask is required to delineate between these two portions.
- If traffic is destined for a different subnet than the subnet on which the traffic originates, a default gateway needs to be defined.
- routes traffic from the sender’s subnet towards the destination subnet.
- Another consideration is that end users typically do not type in the IP address of the destination device with which they want to connect (a web server on the Internet). Instead, end users typically type in fully qualified domain names (FQDN), such as www.1ExamAMonth.com. When connecting to devices on the public Internet, a Domain Name System (DNS) server takes a FQDN and translates it into a corresponding IP address.
- In a company’s internal network (intranet), a Microsoft Windows Internet Name Service (WINS) server might be used
- to convert the names of network devices into their corresponding IP addresses.
- example:
- you might attempt to navigate to a shared folder of \server1\hrdocs.
- A WINS server could then be used to resolve the network device name of server1 to a corresponding IP address.
- The path of \server1\hrdocs is in universal naming convention (UNC) form, where you are specifying a network device name ( server1) and a resource available on that device (hrdocs).
- To summarize, network devices (like PC) can benefit from a variety of IP address parameters:
- IP address
- Subnet mask
- Default gateway
- Server addresses
Static Configuration
- A simple way of configuring a PC with IP address parameters is statically configure that information.
- example:
- Microsoft Windows 7:
- Control Panel
- Network and Internet
- Network and Sharing Center
- -Change adapter settings
- From the Network Connections window, double-click the network adapter whose settings you want to change
- You are then taken to the Local Area Connection Status window
- highlight Internet Protocol Version 4 (TCP/ IPv4) and click the Properties button.
- An IP address, subnet mask, default gateway, and DNS server information can be entered into the Internet Protocol Version 4 (TCP/IPv4) Properties window
- Although DNS server information can be entered in this window, more advanced DNS options, and WINS options, are available by clicking the Advanced… button.
- In the Advanced TCP/IP Settings,
- DNS tab
- Microsoft Windows 7:
- you can add, remove, or reorder DNS servers, in addition to adjusting various other DNS parameters.
- a DNS server: converts a FQDN to an IP address.
- Also, the default gateway and a DNS server might shows the same IP address, but these are not always located on the same device.
- WINS tab:
- Windows Internet Name Service (WINS) servers can be configured.
- a WINS server: converts a NetBIOS computer name to a corresponding IP address.
Dynamic Configuration
- Statically assigning IP address information to device:
- time consuming
- error-prone, and lacking in scalability.
- many corporate networks dynamically assign IP address parameters to their devices.
- Bootstrap Protocol (BOOTP):
- An early option for performing this automatic assignment of IP addresses.
- Dynamic Host Configuration Protocol (DHCP):
- the most popular approach for dynamic IP address assignment.
- Bootstrap Protocol (BOOTP):
BOOTP
- BOOTP: a method of assigning IP address, subnet mask, and default gateway information to diskless workstations.
- early days, Microsoft Windows did not natively support TCP/IP.
- To add TCP/IP support, an add-on TCP/IP application (like Trumpet Winsock) could be run.
- Such an application would typically support BOOTP.
- When a device need an IP address information:
- a BOOTP broadcast would be sent out from the device needing an IP address.
- If a BOOTP server (BOOTPS) received the broadcast, it could match the source MAC address in the received frame (MAC address of the device) with a corresponding IP address, in a database stored on the BOOTP server.
- The BOOTPS would then respond to the requesting client with IP address information.
- Because BOOTP requests is broadcast, by default a BOOTP request could not propagate beyond a device’s local subnet.
- However, most enterprise-class routers can be configured to forward selected broadcast types, including BOOTP broadcasts.
DHCP
- Dynamic Host Configuration Protocol (detail in chapter 3)
- more robust than BOOTP.
- does not require a statically configured database of MAC address to IP address mappings.
- has a wide variety of options beyond basic IP address, subnet mask, and default gateway parameters.
- example,
- a DHCP server can educate a DHCP client about the IP address of a WINS server,
- or even an administrator-defined parameter (example, the IP address of a TFTP server from which a configuration file could be downloaded).
- However:
- Both BOOTP, DHCP’s initial request is a broadcast,
- if that DHCP server is not on the local subnet of the requesting client.
- requiring a client’s local router be configured to appropriately forward DHCP requests to a DHCP server.
- Both BOOTP, DHCP’s initial request is a broadcast,
- Example of DHCP configuration:
- Microsoft Windows 7:
- -Internet Protocol Version 4 (TCP/IPv4) Properties window
- -General Tab
- select Obtain an IP address automatically and Obtain DNS server address automatically.
- Microsoft Windows 7:
Reverse Address Resolution Protocol (RARP).
- A protocol rendered obsolete by BOOTP and DHCP.
- requested an IP address (from a preconfigured host) that corresponded to a station’s MAC address.
- Although RARP did allow a station to dynamically obtain an IP address, both BOOTP and DHCP offer additional features.
- Address Resolution Protocol (ARP)
- requests a MAC address that corresponds to a known IP address,
Automatic Private IP Addressing (APIPA)
- feature
- If a networked device does not have a statically configured IP address and is unable to contact a DHCP server, it still might be able to communicate on an IP network.
- allows a networked device to self-assign an IP address from the 169.254.0.0/16 network.
- address usable only on the device’s local subnet (the IP address is not routable).
- If a networked device does not have a statically configured IP address and is unable to contact a DHCP server, it still might be able to communicate on an IP network.
- Microsoft Windows 7
- defaults to APIPA, if a client is configured to automatically obtain IP address information, and that client fails to obtain IP address information from a DHCP server.
- -Internet Protocol Version 4 (TCP/IPv4) Properties window
- -Alternate Configuration Tab
- Automatic private IP address Enabled by Default
- defaults to APIPA, if a client is configured to automatically obtain IP address information, and that client fails to obtain IP address information from a DHCP server.
- APIPA is a great solution:
- quickly setting up a localized network
- No needs to configure a DHCP server
- No needs to statically assign IP address information.
- However, remains a need:
- for devices on this localized network to perform name resolution and discover network services.
- Fortunately, these needs are addressed by Zero Configuration (Zeroconf).
- Zeroconf:
- a technology supported on most modern operating systems
- performs three basic functions:
- Assigning link-local IP addresses:
- link-local IP address: a non-routable IP address usable only on a local subnet.
- APIPA is an example of a technology that assigns link-local IP addresses.
- Resolving computer names to IP addresses:
- Multicast Domain Name Service (mDNS) is an example of a technology that can resolve computer names to their corresponding IP address on a local subnet, without the aid of a DNS server or a WINS server.
- Locating network services:
- Examples of service discovery protocols:
- the standards-based Service Location Protocol (SLP),
- Microsoft’s Simple Service Discovery Protocol (SSDP),
- Apple’s DNS based Service Discovery (DNS-SD).
- devices supporting these three Zeroconf features
- When interconnected on a local subnet,
- they can dynamically obtain link-local IP addresses, resolve one another’s names to IP addresses, and discover services available on a network.
subnet
Classful subnetting leads to inefficient allocation of address.
- 好处
- 减少网络流量
- 优化网络性能
- 简化管理
- 更灵活方便的形成大覆盖范围的网络
- 主机172.16.0.1给172.16.0.2发送一个数据包,不知道172.16.0.2的地址
- 发广播的话,全网的65534台主机都会收到广播包。
- 网络的流量就太大,性能差!
变长子网掩码(VLSM) variable length subnet masks
- 在一个层次结构的网络中,可以使用多个不同的掩码,即可以对一个经过子网划分的网络再次划分。
- 变长子网掩码的引入,有效解决地址分配的浪费问题。
- Variable length subnet masks 打破了传统的以A,B,C,D,E为标准的IP地址划分的方法,缓解IP地址不足。
- 目的还是为了节约IP地址空间,减少路由表大小,只是采用的路由协议必须能够支持它如:RIPV2,OSPF,EIGRP和BGP。
- 实现方法也很简单:就是通过主机数量来决定前缀位数
Subnets / subnetworks
- Default subnet masks (classful subnet masks) are not always the most efficient choice.
- leads to inefficient allocation of address.
(add additional network bits to a subnet masks) extending the subnet mask to create subnets within a classful network.
- subnet
- Partitioning large networks:
- separate the portion if the network bits from the host bits.
- subnet mask
- define variable partition of host part of class A and B addresses
- Subnets visible only within site
- All nodes on a network segemnt has the same mask.
- 4 octets, x eight bits: 4 set of 8 bits = 32 bits.
Purpose of Subnetting
- The host bits of an IP address cannot be:
- all 0s (network address)
- all 1s (directed broadcast address).
- the number of assignable IP addresses in a subnet
= 2^h - 2
h: number of host bits in a subnet mask
- Example:
- a private Class B IP address (172.16.0.0/16) for your internal IP addressing.
- not need 65,534 hosts in a single broadcast domain.
- subnet the network into additional subnetworks.
- (extending the number of network bits in the network’s subnet mask)
Subnet Mask Notation
1
2
0 0 0 0 0 0 0 0
0 2 4 8 16 32 64 128 =254
the number of bits in a subnet mask can be represented in:
- dotted-decimal notation or prefix notation.
255.0.0.0 /8 (Classful subnet mask for Class A networks)
- 255.128.0.0 /9 +128 1000 0000
- 255.192.0.0 /10 +64 1100 0000
- 255.224.0.0 /11 +32
- 255.240.0.0 /12 +16
- 255.248.0.0 /13 +8
- 255.252.0.0 /14 +4
- 255.254.0.0 /15 +2
255.255.0.0. /16 +1 (Classful subnet mask for Class B networks)
- 255.255.128.0 /17
- 255.255.192.0 /18
- 255.255.224.0 /19
- 255.255.240.0 /20
- 255.255.248.0 /21
- 255.255.252.0 /22
- 255.255.254.0 /23
255.255.255.0 /24 (Classful subnet mask for Class C networks)
- 255.255.255.128 /25
- 255.255.255.192 /26
- 255.255.255.224 /27
- 255.255.255.240 /28
- 255.255.255.248 /29
- 255.255.255.252 /30
- 255.255.255.254 /31
255.255.255.255 /32
- Example:
- subnet mask of
255.255.192.0
- The first two octets is 255 = has 16 1s
- the third octet value is 192 = has 2 1s
- the subnet mask of 255.255.192.0, prefix notation is
/18
.
- subnet mask of
Extending a Classful Mask
- The way to take a classful network (a network using a classful subnet mask)
- divide that network into multiple subnet by adding 1s to the network’s classful subnet mask.
- However, the class of the IP address does not change, regardless of the new subnet mask.
- the class of a network is determined by the value of the first octet.
- The class of a network has nothing to do with the number of bits in a subnet.
- Example:
- the network
10.2.3.0/24
- Has the classful subnet mask of a Class C network (24-bit subnet mask).
- the 10.2.3.0/24 network is a Class A network, because the value of the first octet is 10.
- a Class A network that happens to have a 24-bit subnet mask.
- the network
calculation
Borrowed Bits
- the bits you add
- determines how many subnets are created and the number of usable hosts per subnet.
Created Subnets
- Number of created subnets =
2^borrowed bits
- Example:
- 192.168.1.0/28
- the first octet is 192. Class C network /24
- borrowed bits: 4
- created subnets:
2^4 = 16 subnets
.
Available Hosts
- Number of assignable IP address in a subnet =
2^Left host bits - 2
- Example:
- 192.168.1.0/28
- borrowed bits: 4 (24+4=28)
- Left host bits: 4 (32-28=4)
- assignable IP addresses in each subnet: 14 (2^4-2=14)
172.20.0.0/16 network, B class
- want 47 subnets
- 2^6=64 > 47
- 16+6=22
- Subletting:
/22, 255.255.252.0
- the number of borrowed bits: 6
- Number of subnet: 64
- Left host bits: 10 (32-22=10)
- assignable IP addresses in each subnet: 1024 (2^10-2=1022)
New IP Address Ranges
interesting octet
: the octet containing the last 1 in the subnet mask.block size
: the increment. (256-decimal value of interesting octet)the first subnet
: set all the borrowed bits to 0.additional subnets
: take the first subnet, counting by the block size increment in the interesting octet.
Example:
- A 27-bit subnet mask is applied to
192.168.10.0/24
.192.168.10.0/24
8.8.8.8 -> 8.8.8.3 5- subnet mask:
11111111.11111111.11111111.111 00000
- interesting octet: (11100000 in decimal) 128+64+32=224
- the fourth octet (the last 1 in the subnet mask)
- The decimal value of the fourth octet: 224 - Subnet number: 8 (2^3=8) - block size=host size: 32 (256-224=32) - The first subnet: 192.168.10.0/27 - additional subnets: Counting by block size in the interesting octet.
- 192.168.10.0
- 192.168.10.32
- 192.168.10.64
- 192.168.10.96
- 192.168.10.128
- 192.168.10.160
- 192.168.10.192
- 192.168.10.224
- network:192.168.0.0/24, subnet mask: 26-bit.
- subnet mask:
11111111.11111111.11111111.11 000000
- 255.255.255.192/26
- Subnet number: 4 (2^2=4)
- interesting octet: (11100000 in decimal) 128+64=192
- block size=host size: 64 (256-192=64)
- The first subnet is 192.168.0.0/26
- additional subnets: Counting by block size in the interesting octet.
- the range of usable addresses broadcast address
- 192.168.0.0 192.168.0.1 - 192.168.0.62 192.168.0.63
- 192.168.0.64 192.168.0.65 - 192.168.0.126 192.168.0.127
- 192.168.0.128 192.168.0.129 - 192.168.0.190 192.168.0.191
- 192.168.0.192 192.168.0.193 - 192.168.0.254 192.168.0.255
- subnet mask:
- two VLANs (two subnets) are currently configured;
- Which client PC is assigned an incorrect IP address?
- 172.16.0.0/16 network by using a 20-bit subnet mask.
- 172.16.0.0/16 network, using a 20-bit subnet mask.
- B class, 8.8.0.0 to 8.8.4 4.8
- Subnet number: 16 (2^4=16)
- interesting octet: (11100000 in decimal) 128+64+32+16=240
- block size=host size: 16 (256-240=16)
- The first subnet is 172.16.0.0/20
- additional subnets:
- 172.16.0.0
- 172.16.16.0
- 172.16.32.0
- 172.16.48.0
- 172.16.64.0
- 172.16.80.0 172.16.80.2/20 client 1 and 172.16.95.7/20 client 2
- 172.16.90.255/20 VLAN A
- the range of usable addresses broadcast address
- 172.16.80.1 - 172.16.95.254 172.16.95.255
- 172.16.96.0
- 172.16.112.0
- 172.16.128.0
- 172.16.144.0
- 172.16.160.0
- 172.16.176.0
- 172.16.192.0 172.16.206.5/20 client 3
- 172.16.208.0 172.16.233.1/20 client 4
- 172.16.208.255/20 VLAN B
- the range of usable addresses broadcast address
- 172.16.208.1 - 172.16.223.254 172.16.223.255
- 172.16.224.0
- 172.16.240.0
- B class, 8.8.0.0 to 8.8.4 4.8
Classless Inter-Domain Routing 无类别域间路由
CIDR指的是不再采用A,B,C类网络的规则,定义前缀相同的一组网络为一个路由条目,
- 如:190.0.0.0/8 大家乍一看好像是C类网,但是前缀却是8
- 超网: 把若干个小的网络合并成一个大的网络。
- CIDR是用于帮助减缓IP地址和路由表增大问题的一项技术。
- CIDR的理念是多个地址块可以被组合或聚合在一起生成更大的无类别IP地址集(也就是说允许有更多的主机)。
CIDR,将路由表中的条目汇总,如将多个C类地址汇总为一个B类地址。把几个ip地址合并成一个ip在外网显示 VLSM,将一个网划分子网,利用网络资源。把一个ip分成几个连续的ip网段;
好处是:
- 缩小了路由表,节省路由器的内存空间,提高路由器的查找效率。
- 网络流量,CPU和内存的开销更低
- 对网络进行编址时,灵活性更大
提高了IPv4的可扩展性和效率
- the opposite of subnet.
- CIDR shortens a classful subnet mask by removing 1s from the classful mask.
- As a result, CIDR allows contiguous classful networks to be aggregated.
- This process is called route aggregation.
- 将小网络组合成大网的需要。
- A typical use of CIDR is a service provider summarizing multiple Class C networks, assigned to their various customers.
- Example:
- advertizing the following Class C networks:
- 192.168.32.0/24
- 192.168.33.0/24
- 192.168.34.0/24
- 192.168.35.0/24
- convert the values to binary
- determine how many bits the networks have in common (becomes the number of bits in the CIDR mask.)
- All four of the network addresses have the first 22 bits in common,
- setting the remaining bits to 0 (11000000.10101000.00100000.00000000)
- creates a network address of 192.168.32.0,
- these networks can be summarized as 192.168.32.0/22.
- advertizing the following Class C networks:
THE GLOBAL INTERNET
- Global Internet: not just a random interconnection of Ethernets, it interconnects many different organizations.
- Salient feature: consist of end-user sites that connect to service provider networks.
- Religional networks: connected by a nationawide backbone / NSFNET backbone (funded by National Science Foundation (NSF)).
The provider networks are built from a large number of point-to-point links that connect to routers,
- each provider and end-user is an administratively independent entity;
- each end-user site (not a single network) consists of multiple physical networks connected by routers and bridges.
- Different providers have different best routing protocol to use.
- Different idea about how metrics should be assigned to link in their network.
- Because of this independence, each provider’s network is usually a single Autonomous System(AS)
The Internet has a discernible structure can tackle the problem of scalability (two related scaling issues.)
- The scalability of routing: find ways to minimize the number of network numbers that get carried around in routing protocols and stored in the routing tables of routers.
- Address utilization: make sure the IP address space does not consume too quickly.
Autonomous System (AS)
- Internet is organized as
autonomous systems (AS)
- each of it is under the control of a single administrative entity
Autonomous System (AS)
- corresponds to an administrative domain
- provide an additional way to hierarchically aggregate routing information in a large internet, thus improving scalability.
- improving scalability,
- decouples the intradomain routing that takes place in one AS from that taking place in another.
- Thus, each AS can run whatever intradomain routing protocols it chooses.
- It can even use static routes or multiple protocols, if desired.
- The interdomain routing problem is then one of having different ASs share reachability information—descriptions of the set of IP addresses that can be reached via a given AS—with each other.
- Examples:
- University, company, backbone network.
- A corporation’s internal network might be a single AS, as may the network of a single Internet service provider
Interdomain Routing
Route Propagation
- Provide an additional way to hierarchically 分级体系地 aggregate 聚集 routing information in a large internet.
Improves scalability
- Divide the routing problem in two parts:
- Routing within a single autonomous system
- Routing between autonomous systems
- Another name for autonomous systems in the Internet is routing domains.
- Two-level route propagation hierarchy
- Inter-domain routing protocol (Internet-wide standard)
- Intra-domain routing protocol (each AS selects its own)
Inter-domain Routing Protocols: EGP and BGP
- Exterior Gateway Protocol (EGP)
- tree-like topology onto the Internet
- Did not allow for the topology to become general
- Tree like structure: a single backbone and autonomous systems are connected only as parents and children and not as peers
- Border Gateway Protocol (BGP)
- Internet is an arbitrarily interconnected set of ASs, consists of an interconnection of multiple backbone networks
- (usually called service provider networks, and operated by private companies rather than the government)
- A corporation’s complex internal network might be a single AS, as may the network of a single Internet Service Provider (ISP).
- Sites are connected to each other in arbitrary ways
- Internet is an arbitrarily interconnected set of ASs, consists of an interconnection of multiple backbone networks
Routing Areas
Using hierarchy to scale up the routing system, link-state routing protocols can be used to partition a routing domain into subdomains / areas.
- By adding extra level of hierarchy, we enable single domains to grow larger without overburdening the routing protocols or resorting to the more complex interdomain routing protocols described below.
An area is a set of routers that are administratively configured to exchange link-state information with each other.
The backbone area
(area 0)Routers R1, R2, and R3
: members of the backbone area and other nonbackbone area;Area border router (ABR)
: member of both the backbone area and a nonbackbone area.AS border routers
: the routers that are at the edge of an AS.
Routing within a single area:
- all routers in area send
link-state advertisements
to each other - develop a complete, consistent map of the area.
- making the flooding and route calculation processes considerably more scalable.
- the link-state advertisements do not leave for not area border routers, will never see a link-state advertisement from router from other area, it will know nothing about the detailed topology of other areas.
Packet: source (nonbackbone area) - backbone area - destinated network: split into 3 different way:
- One ABRs nonbackbone area, from source network to the backbone area, travels crosses the backbone, then to the destination network.
- Main: the Area border routers summarize routing information learned from one area and make it available in their advertisements to other areas.
- example:
- R1 receives link-state advertisements from routers in area 1
- (can determine the cost of reaching network in area 1).
- R1 sends link-state advertisements into area 0
- it advertises the costs of reaching the networks in area 1 (cause all area 1 networks directly connected to R1.)
- This enables all the area 0 routers learn the cost to reach all networks in area 1.
- The area border routers then summarize this information and advertise it into the nonbackbone areas.
- Thus, all routers learn how to reach all networks in the domain.
- R1 receives link-state advertisements from routers in area 1
- Two ABRs in nonbackbone area, need to make a choice which one to use to reach the backbone.
- network administrators can flexibly decide routers in backbone area 0.
- Use
virtual link
between routers: help to improve the optimality 最优性 of routing. - Example:
- a virtual link could be configured from R8 to R1, make R8 part of the backbone. R8 would now participate in link-state advertisement flooding with the routers in area 0.
- The cost of the virtual link from R8 to R1 is determined by the exchange of routing information in area 1.
- Use
Dividing domain into areas, is a tradeoff between scalability and optimality of routing.
- The use of areas forces all packets traveling from one area to another via the backbone area, even if a shorter path might have been available.
- important principle in network design, trade-off between some sort of optimality and scalability.
- When hierarchy is introduced,
information is hidden from some nodes in the network
(hindering their ability to make perfectly optimal decisions.) - information hiding is essential to scalability, it saves nodes from having global knowledge.
- In large networks, scalability is more pressing design goal than perfect optimality.
- When hierarchy is introduced,
Example: even if R4 and R5 directly connected, packets would not flow between them because they are in different nonbackbone areas.
- (It turns out that the need for scalability is often more important than the need to use the absolute shortest path.)
Overview
- A host signals its desire to join or leave a multicast group by communicating with its local router using a special protocol
- In IPv4, the protocol is
Internet Group Management Protocol (IGMP)
- In IPv6, the protocol is
Multicast Listener Discovery (MLD)
- The router has the responsibility for making multicast behave correctly with regard to the host.
.
Comments powered by Disqus.