NetworkSec - IP Internet Protocol

Posted May 18, 2018 Updated Jan 2, 2023

By Grace L

42 min read

IP Internet Protocol (IP)

IP Internet Protocol (IP)

the network-level protocol:
performs a best effort to route a data packet from a source node to a destination node in the Internet.
every node is given a unique numerical address
- Ipv4. 32-bit number
  - Network, host portion.
- IPv6. 128-bit number
  - Routing prefix, network address, and a host identifier
Any transmission are specified by an IP address.

Routing IP Packets

A host (PC, server, smartphone) employs simple algorithm for routing packets from that host:

Check the IP and compare the network mask.
Destinated host on the same LAN:
- the packet is transmitted directly on the LAN
- using ARP protocol to determine the MAC address of the destination machine.
Destinated host not on the same LAN:
- the packet is transmitted to gateway (handle the next step of the routing). The ARP protocol is used to determine the MAC address of the gateway.
- then a host: typically stores a list of the IP of machines on its LAN, or a compact description of it, and the IP of the gateway.

Routers:
- Gateways and other intermediate network nodes that handle the routing of packets to its destination on the Internet.
- typically connected to two or more LANs, use routing tables to determine the next router which packet should be sent.
The default route:
- Route used as a destination for traffic with an undefined route
- When defined on a host, generally is the network gateway.
To prevent the un-routable packets traversing the network forever, each IP packet is given a time-to-live (TTL) count by its source.
- TTL value: hop limit, max 255 hops
- decremente by each router that processes the packet.
- TTL 0: A packet is expired and should be discarded by the router that sees it.
- an error packet is sent back to the source.

The Structure of the Internet

Routers are fast. Performs actions for each packet received:

Drop: If the packet is expired.
Deliver: If the destination is a machine on one of the LANs to which the router is connected, deliver packet to the destination.
Forward: If the destination of the packet does not belong to the LANs of the router, then the packet is forwarded to a neighboring router.

2 primary protocols determine how next hops are encoded in Internet routing tables:

Open Shortest Path First (OSPF)
- determines how packets are routed in an autonomous system (ASs)
- based on policy that packets should travel along shortest paths.
Border Gateway Protocol (BGP).
- determines how packets are routed between autonomous systems (ASs)
- based on policies dictated by contractual agreements between different ASs The routes established by BGP may not be shortest paths.

IP packet Header

Each IP packet

a fixed-length header(various fields) + variable-length data portion.
以太网帧：frame_head + frame_data（ip数据报：iphead+ipdata）

the header has specific fields:
- Version:
  - 4bit，指IP协议的版本号。IPV4/IPV6。
  - 在进行通信时，通信双方的IP协议版本号必须一致，否则无法直接通信。
  - validating the incoming packets version and thus its structure.
- header length
  - 4bit，指IP报文头的长度。最大的长度（即4个bit都为1时）为15个长度单位，每个长度单位为4字节（TCP/IP标准，DoubleWord），所以IP协议报文头的最大长度为60个字节，最短为上图所示的20个字节。
  - variable based on the contents of the header.
- 服务类型：
  - 8bit，用来获得更好的服务。
  - 其中的前3位表示报文的优先级，后面的几位分别表示要求更低时延、更高的吞吐量、更高的可靠性、更低的路由代价等。
  - 对应位为1即有相应要求，为0则不要求。
- total length
  - 16bit，指报文的总长度。注意这里的单位为字节，而不是4字节，所以一个IP报文的的最大长度为65535个字节。
  - the total length of the IP packet being transmitted.
  - to fragment data transmissions into smaller ones that fit into our layer two’s MTU.
  - This can be up to 64 kilobytes.
- identification
  - 16bit，该字段标记当前分片为第几个分片，在数据报重组时很有用。
  - a unique identifier for the entire fragmentation sequence
- flags
  - 3bit，用于标记该报文是否为分片，后面是否还有分片（是否是最后一个分片）。
  - to know if this packet is part of a fragmented sequence
  - or if it’s the last fragment in a sequence
  - and also there’s a bit in here to tell IP, don’t fragment a packet if that’s needed by the application.
  - 为什么分片: 主要是因为硬件环境的MTU限制。一个IP报文最多可以达到65565的最大长度；但是网络硬件限制了帧的大小（以太网限制为1500字节）。
  - IP分片如何进行重组: 主要依靠标识（IDENT，用于标识IP报文段的唯一标识符，具有同一IDENT的片段属于同一个IP报文）、标志（FLAGS，第一位保留，不使用；第二位为DF（Don’t Fragment）位，DF=1时不分片；第三位为MF（More Fragments）位，DF=0的情况下，除了最后一个分段的IP包的包头，其他分段的MF位都设为1）与片偏移（FRAGMENT OFFSET：简称FO，指明当前片段在原始完整的IP报文中的位置（偏移）。该偏移的单位是8个字节。）
- fragmentation offset: 片偏移：
  - 指当前分片在原数据报（分片前的数据报）中相对于用户数据字段的偏移量，即在原数据报中的相对位置。
  - the byte position of this packet in the original unfragmented IP packet. And so when an IP packet needs fragmentation the host or the router will break up the data into IP fragments and manipulate this header information to fragment and then reassemble the packets on the remote host or network.
- TTL.
  - 8bit，该字段表明当前报文还能生存多久。
  - 每经过1ms或者一个网关，TTL的值自动减1
  - 当生存时间为0时，报文将被认为目的主机不可到达而丢弃。
  - 使用过Ping命令的用户应该有印象，在windows中输入ping命令，在返回的结果中即有TTL的数值。
- protocol,
  - 8bit，指出在上层（网络7层结构或TCP/IP的传输层）使用的协议
  - 可能的协议有UDP（17）、TCP（6）、ICMP（1）、IGMP（2）、IGP等。
  - transport layer 4 protocol
- header checksum:
  - 首部校验和：用于检验IP报文头部在传播的过程中是否出错，主要校验报文头中是否有某一个或几个bit被污染或修改了。
- the source IP address, the destination IP address.
  - 32bit，4个字节

Although it does not guarantee that packet successfully travels from its source to its destination, IP does provide a detect if packet headers are damaged along the way.

Each IP packet comes with a checksum value, computed in header contents.
Any host or router wishing to confirm that this header is intact simply needs to recompute this checksum function and compare the computed checksum value to the checksum value that is stored inside the packet.
Since some parts of the header, like the time-to-live, are modified with each hop, this checksum value must be checked and recomputed by each router that processes this packet.
The protocol field of an IP packet specifies the higher level protocol that should receive the payload of the packet, such as ICMP, TCP, or UDP.

Flag: 泪滴攻击（tear drop）的原理

构造两个分片，满足以下两个条件：
1. 第一个分片的FO+len>第二个分片的FO+len。
2. 发生重叠时，使用第一个分片来覆盖第二个分片的重叠内容。
首先，计算到底重叠了多少字节（i），然后将指向第二个分片的指针朝后移动这么多字节，也即，忽略了第二个分片的重叠部分，
接下来计算第二个分片还剩余多少字节，并将第二个分片的剩余内容拷贝一下。
但由于不正常重叠后计算第二分片剩余部分的长度为负数，会造成操作系统瘫痪。

IPv4

Binary Numbering

IP addresses: represented by binary digits (bits).
- 8 bits = 1 byte.
- IPv4: dotted decimal notation format.
- 4 x 8 bytes = 32 bits
- 255.255.255.255
- 00000000.00000000.00000000.00000000
- IPv6: 128 bits.

Principles of Binary Numbering

Base-10 numbering system: ten digits, 0–9.
Base-2 numbering system: two digits: zero (0) and one (1).
converting between 8-bit binary numbers and decimal numbers
- (1024 512 256) 128 64 32 16 8 4 2 1
- the 8 bits in an octet.
- 2^0 - 2^7

Binary to Decimal:

10010110 = 128 + 16 + 4 + 2 = 150

Decimal to Binary:

Is this number equal to or greater than the column heading?
- No, put 0. Yes, put 1.
Example: convert the number 167 to binary.
- 1. 128 column: 167 greater than 128 -> 1
- subtract 128 from 167 = 39.
- 1. 64 column: 0
- 1. 32 column: 39 greater than 32 -> 1
- subtract 32 from 39 = 7.
- 1. 16 column: 0
- 1. 8 column 0
- 1. 4 column: 7 is greater than or equal to 4 -> 1
- 4 is subtracted from 7 = 3.
- 1. 2 column: 3 greater than 2 -> 1
- 2 is subtracted from 3 = 1.
- 1. 1 column: 1 is equal to 1 -> 1
decimal number 167 = binary value of 10100111
- 128 + 32 + 4 +2 + 1 = 167.

IPv4 Addressing

IPv6 is increasingly being adopted in corporate networks,

IPv4 (IP address) is by far the most popular Layer 3 addressing scheme in today’s networks.

Devices on an IPv4 network use unique IP addresses to communicate with one another
When IPv4 network device sends data on a network, it places both a destination and a source IP address in the packet’s IPv4 header.
Internet Corporation for Assigned Names and Numbers (ICANN),
- Internet Network Information Center (InterNIC) replace ICANN (until 09/18/1998).
- non-profit corporation.
- Publicly routable IP addresses are globally managed by the ICANN
- ICANN does not directly assign a block of IP addresses to your Internet service provider (ISP), but assigns a block of IP addresses to a regional Internet registry.
  - One example:
  - American Registry for Internet Numbers (ARIN), Internet registry for North America.
Internet Assigned Numbers Authority (IANA):
- another entity responsible for IP address assignment.
- IANA is operated by ICANN and is responsible for IP address assignment outside of North America.
When an organization is assigned one or more publicly routable IP addresses by its service provider, that organization often needs more IP addresses to accommodate all of its devices.
- One solution is to use private IP addressing within an organization, in combination with Network Address Translation (NAT).
  - NAT is a feature available on routers.
allows private IP addresses used within an organization to be translated into a pool of one or more publicly routable IP addresses.

IPv4 Address Structure

IPv4 address: 32-bit address.

written in dotted-decimal notation 点分十进制.
divided into 4 section, 8 bits, each is a Octets 八位字节
- 00000001 in binary equates to a 1 in decimal.
- 00000010 in binary equals 2 in decimal
- 00000011 yields a decimal value of 3.
IP addresses has 2 portions
- a network portion that denotes an IP prefix used by all machines on a particular network
- a host portion: identifies a particular network device.
- network, subnet, and host
- 128.148.32.110
These two portions are differentiated by providing a subnet mask along with the IP address.
- Subnet mask:
- determines which bits refer to the network and which bits refer to the host.
- consists of a series of contiguous 1s and 0s.
  - 1s: network bits in an IPv4 address,
  - 0s: host bits in an IPv4 address.
- classful mask: original mask.
The network portion: ANDing the subnet mask with the IP address,
the host portion: XORing network portion with the IP address.

Classes of Addresses

When writing a network address, needs to provide more detail
10.1.2.3, 255.0.0.0
or 10.1.2.3/8

Network address: X.X.X.0
- 0.0.0.0：network
Broadcast address: X.X.X.255
- 255.255.255.255: 当前子网的广播地址。

Private use:

Private IP
- 10.0.0.0/8
- 169.254.0.0 – 169.254.255.255 address is not routable.
- 192.168.0.0/16
  - many home router use 192.168.0.1 or 192.168.1.1.
- 172.16.0.0/12 - 172.31.0.0/12
- not routable outside of a LAN: ISPs do not route these private networks over the public Internet.
- only usable on their local subnet and are dynamically assigned to network hosts using the Automatic IP Address Assignment (APIPA) feature.

Public address:

Assigned by ISP who get them form IANA.
Class A network (1.0.0.0 - 126.0.0.0)
- 可用的A类网络有126个，每个网络能容纳1亿多个主机。
- 224(3x8) = 16, 777, 216 unique IP addresses.
- Mask: X.0.0.0 (the largest, subnet mask at least 24 bits)
- typically reserved for government organizations or telecommunications companies.
Class B networks (128.0.0.0 - 191.255.255.255)
- Mask: X.X.0.0 (16-bit subnet mask)
- 216(2x8) = 65, 536 unique IP addresses
- typically allocated for ISPs and large businesses.
Class C networks (192.0.0.0 - 223.255.255.255)
- Mask: X.X.X.0 (a 24-bit subnet mask)
- 28 = 256 unique addresses, 254 usable IP addresses.
- assigned to smaller organizations.
Class D addresses:
- For destination IP addresses
- not assigned to devices sourcing traffic for multicast networks.
Class E addresses:
- for experimental use.

loopback IP address

in the first octet, the number 127 have been skipped.
127: loopback IP address, IP address representing the device itself.
example
- Want to verify a network device had a TCP/IP stack loaded,
- you could ping IP address: 127.1.1.1.
- If you received ping responses, you could conclude that the device is running a TCP/IP stack.

IPv6

IPv6 Address Structure

address format, where X = a hexadecimal digit in the range of 0 – F:
- HHHH:HHHH:HHHH:HHHH:HHHH:HHHH:HHHH:HHHH
- eight fields, each field four hexadecimal digits.
- A hexadecimal digit is 4 bits in size (4 binary bits can represent 16 values).
- 0 0000
- 1 0001
- ……
- 9 1001
- A 1010
- B 1011
- C 1110
- D 1101
- E 1110
- F 1111
IPv6: 128-bit address:
- 4 bits * 4 digits * 8 fields = 128 bits
IPv6 addresses can be difficult to work with because of their size.
rules for abbreviating:
- Leading 0s in a field can be omitted.
- Contiguous fields containing all 0s can be represented with a double colon. (Can be done only once for a IPv6 address.)
Example:
- IPv6 address:
  - ABCD:0123:4040:0000:0000:0000:000A:000B
  - Using the rules for abbreviation
  - ABCD:123:4040::A:B
Also, the Extended Unique Identifier (EUI-64) format can be used to cause a router to automatically populate the low-order 64 bits of an IPv6 address based on an interface’s MAC address.

Major Features

128-bit addresses
- IPv4 32-bit, rapidly becoming extinct.
- IPv6 128-bit provides enough IP addresses for many generations to come.
- increases the number of available IP addresses.
- offers approximately 5 * 1028 IP addresses for each person on the planet.
subnetting is supported in the address format:
- leaving 16 bits (2^16) of the address up to individuals or organizations, no need for non routable addresses or network classes.
allow hierarchical addressing schemes for organizations: reduce the size of routing tables and provide more efficient routing.
simplified packet headers:
- make processing at intermediate nodes faster.
- IPv4 header uses 12 fields
- IPv6 header uses 5 fields
Multicast:
- allows multiple destinations with out the overhead of either multiple send packets or broadcast messages.
- No broadcasts
- No fragmentation (performs MTU discovery for each session)
- Can coexist with IPv4 during a transition
- Dual stack (running IPv4 and IPv6 simultaneously)
- IPv6 over IPv4 (tunneling IPv6 over an IPv4 tunnel)
Real-time service
IP Security (IPSec):
- an integral part of IPv6, and provides confidentiality, authentication, and integrity
Authentication and security
Auto-configuration
End-to-end fragmentation
Enhanced routing functionality, including support for mobile hosts

when designing IPv4 network, good to consider how readily an IPv6 addressing scheme could be overlaid on that network at some point in the future.
ICMPv6 assumes additional roles on the network. so using ICMPv6, ARP and IGMP are no longer necessary.

IPv6 Data Flows

IPv6 has three types of data flows:
- Unicast
- Multicast
- Anycast
Unicast one-to-one communication flow
- single IPv6 address is applied to a single interface.
Multicast one-to-many
- single IPv6 address represent multiple devices (multicast group)
- Example
  - a server (AAAA::1) send traffic to a multicast group (FF00::A).
  - Two clients (AAAA::2 and AAAA::3) have joined this group.
  - Those clients receive the traffic from the server,
  - any client that did not join the group (example, AAAA::4) does not receive the traffic.
Anycast one-to-nearest (from the perspective of a router’s routing table)
- single IPv6 address is assigned to multiple devices,
- Example:
  - client AAAA::1 send traffic to a destination IPv6 address of AAAA::2.
  - server A and server B both have an IPv6 address of AAAA::2.
  - The traffic destined for AAAA::2 is sent to server A, via router R2.
  - because the server A network appears to be closer than the server B network
  - from the perspective of router R1’s IPv6 routing table.

Example of IP attack:

Teardrop attack:
- malformed fragments can crash or hang older OS that have bot been patched.
- sending mangled IP fragments with overlapping, oversized payloads to the target machine
- packet is transmitted to system that is larger than the system can handle, result in a crash.

Types of casting

Types of Addresses
three categories of IPv4 addresses: unicast, broadcast, and multicast.
Unicast (traffic)
- Most network traffic is unicast in nature
- traffic travels from a single source device to a single destination device.
Broadcast (traffic)
- traffic travels from a single source to all destinations on a network (a broadcast domain).
- A broadcast address: 255.255.255.255.
  - all hosts on all interconnected network.
  - 255.255.255.255 targets all devices on a single network, specifically the network local to the device sending a packet destined for 255.255.255.255.
- Another type of broadcast address is a directed broadcast address: X.X.X.255
  - all devices in a remote network.
  - example,
Address 172.16.255.255 /16
a directed broadcast targeting all devices in the 172.16.0.0 /16 network.
Multicast (traffic)
- an efficient mechanism for a single host to send traffic to multiple or specific destinations.
- Example:
  - network with 100 users. 20 users want to receive a video stream from a video server.
  - With a unicast solution:
the video server have to send 20 individual streams, one stream for each recipient.
- consume network bandwidth
- put a heavy processor burden on the video server.
  - With a broadcast solution:
the video server would only have to send the video stream once;
however, it would be received by every device on the local subnet, even devices not wanting to receive the video stream.
For devices do not want to receive the video stream, they have to pause what they are doing and take time to check each of these unwanted packets.
multicast:
- allowing the video server to send the video stream only once,
- and only sending the video stream to devices on the network that wants to receive the stream.
What makes this possible is the use of a Class D address.
- A Class D address, such as 239.1.2.3, represents the address of a multicast group.
- The server could send a single copy of each stream packet destined for 239.1.2.3.
- Devices wanting to receive the stream can join the multicast group.
- Based on the device request, switches and routers in the topology then dynamically determine out of which ports the video stream should be forwarded.

Assigning IPv4 Addresses

IP Addressing Components

IP address: a network portion + a host portion.
A subnet mask is required to delineate between these two portions.
If traffic is destined for a different subnet than the subnet on which the traffic originates, a default gateway needs to be defined.
- routes traffic from the sender’s subnet towards the destination subnet.
Another consideration is that end users typically do not type in the IP address of the destination device with which they want to connect (a web server on the Internet). Instead, end users typically type in fully qualified domain names (FQDN), such as www.1ExamAMonth.com. When connecting to devices on the public Internet, a Domain Name System (DNS) server takes a FQDN and translates it into a corresponding IP address.
In a company’s internal network (intranet), a Microsoft Windows Internet Name Service (WINS) server might be used
- to convert the names of network devices into their corresponding IP addresses.
- example:
  - you might attempt to navigate to a shared folder of \server1\hrdocs.
  - A WINS server could then be used to resolve the network device name of server1 to a corresponding IP address.
  - The path of \server1\hrdocs is in universal naming convention (UNC) form, where you are specifying a network device name ( server1) and a resource available on that device (hrdocs).
To summarize, network devices (like PC) can benefit from a variety of IP address parameters:
- IP address
- Subnet mask
- Default gateway
- Server addresses

Static Configuration

A simple way of configuring a PC with IP address parameters is statically configure that information.
example:
- Microsoft Windows 7:
  - Control Panel
  - - Network and Internet
  - - Network and Sharing Center
  - -Change adapter settings
  - From the Network Connections window, double-click the network adapter whose settings you want to change
  - You are then taken to the Local Area Connection Status window
  - highlight Internet Protocol Version 4 (TCP/ IPv4) and click the Properties button.
  - An IP address, subnet mask, default gateway, and DNS server information can be entered into the Internet Protocol Version 4 (TCP/IPv4) Properties window
  - Although DNS server information can be entered in this window, more advanced DNS options, and WINS options, are available by clicking the Advanced… button.
  - In the Advanced TCP/IP Settings,
  - DNS tab
you can add, remove, or reorder DNS servers, in addition to adjusting various other DNS parameters.
a DNS server: converts a FQDN to an IP address.
Also, the default gateway and a DNS server might shows the same IP address, but these are not always located on the same device.
- WINS tab：
Windows Internet Name Service (WINS) servers can be configured.
a WINS server: converts a NetBIOS computer name to a corresponding IP address.

Dynamic Configuration

Statically assigning IP address information to device:
- time consuming
- error-prone, and lacking in scalability.
many corporate networks dynamically assign IP address parameters to their devices.
- Bootstrap Protocol (BOOTP):
  - An early option for performing this automatic assignment of IP addresses.
- Dynamic Host Configuration Protocol (DHCP):
  - the most popular approach for dynamic IP address assignment.

BOOTP

BOOTP: a method of assigning IP address, subnet mask, and default gateway information to diskless workstations.
- early days, Microsoft Windows did not natively support TCP/IP.
- To add TCP/IP support, an add-on TCP/IP application (like Trumpet Winsock) could be run.
- Such an application would typically support BOOTP.
When a device need an IP address information:
- a BOOTP broadcast would be sent out from the device needing an IP address.
- If a BOOTP server (BOOTPS) received the broadcast, it could match the source MAC address in the received frame (MAC address of the device) with a corresponding IP address, in a database stored on the BOOTP server.
- The BOOTPS would then respond to the requesting client with IP address information.
  - Because BOOTP requests is broadcast, by default a BOOTP request could not propagate beyond a device’s local subnet.
  - However, most enterprise-class routers can be configured to forward selected broadcast types, including BOOTP broadcasts.

DHCP

Dynamic Host Configuration Protocol (detail in chapter 3)
more robust than BOOTP.
- does not require a statically configured database of MAC address to IP address mappings.
- has a wide variety of options beyond basic IP address, subnet mask, and default gateway parameters.
- example,
  - a DHCP server can educate a DHCP client about the IP address of a WINS server,
  - or even an administrator-defined parameter (example, the IP address of a TFTP server from which a configuration file could be downloaded).
However:
- Both BOOTP, DHCP’s initial request is a broadcast,
  - if that DHCP server is not on the local subnet of the requesting client.
  - requiring a client’s local router be configured to appropriately forward DHCP requests to a DHCP server.
Example of DHCP configuration:
- Microsoft Windows 7:
  - -Internet Protocol Version 4 (TCP/IPv4) Properties window
  - -General Tab
  - select Obtain an IP address automatically and Obtain DNS server address automatically.

Reverse Address Resolution Protocol (RARP).

A protocol rendered obsolete by BOOTP and DHCP.
- requested an IP address (from a preconfigured host) that corresponded to a station’s MAC address.
- Although RARP did allow a station to dynamically obtain an IP address, both BOOTP and DHCP offer additional features.
Address Resolution Protocol (ARP)
- requests a MAC address that corresponds to a known IP address,

Automatic Private IP Addressing (APIPA)

feature
- If a networked device does not have a statically configured IP address and is unable to contact a DHCP server, it still might be able to communicate on an IP network.
  - allows a networked device to self-assign an IP address from the 169.254.0.0/16 network.
  - address usable only on the device’s local subnet (the IP address is not routable).
Microsoft Windows 7
- defaults to APIPA, if a client is configured to automatically obtain IP address information, and that client fails to obtain IP address information from a DHCP server.
  - -Internet Protocol Version 4 (TCP/IPv4) Properties window
  - -Alternate Configuration Tab
  - Automatic private IP address Enabled by Default
APIPA is a great solution:
- quickly setting up a localized network
- No needs to configure a DHCP server
- No needs to statically assign IP address information.
However, remains a need:
- for devices on this localized network to perform name resolution and discover network services.
- Fortunately, these needs are addressed by Zero Configuration (Zeroconf).
Zeroconf:
- a technology supported on most modern operating systems
- performs three basic functions:
  - Assigning link-local IP addresses:
link-local IP address: a non-routable IP address usable only on a local subnet.
APIPA is an example of a technology that assigns link-local IP addresses.
- Resolving computer names to IP addresses:
Multicast Domain Name Service (mDNS) is an example of a technology that can resolve computer names to their corresponding IP address on a local subnet, without the aid of a DNS server or a WINS server.
- Locating network services:
Examples of service discovery protocols:
- the standards-based Service Location Protocol (SLP),
- Microsoft’s Simple Service Discovery Protocol (SSDP),
- Apple’s DNS based Service Discovery (DNS-SD).
- devices supporting these three Zeroconf features
  - When interconnected on a local subnet,
  - they can dynamically obtain link-local IP addresses, resolve one another’s names to IP addresses, and discover services available on a network.

subnet

Classful subnetting leads to inefficient allocation of address.

好处
- 减少网络流量
- 优化网络性能
- 简化管理
- 更灵活方便的形成大覆盖范围的网络

主机172.16.0.1给172.16.0.2发送一个数据包，不知道172.16.0.2的地址
发广播的话，全网的65534台主机都会收到广播包。
网络的流量就太大，性能差!

变长子网掩码(VLSM) variable length subnet masks

在一个层次结构的网络中，可以使用多个不同的掩码，即可以对一个经过子网划分的网络再次划分。
变长子网掩码的引入，有效解决地址分配的浪费问题。
Variable length subnet masks 打破了传统的以A，B，C，D，E为标准的IP地址划分的方法，缓解IP地址不足。
目的还是为了节约IP地址空间，减少路由表大小，只是采用的路由协议必须能够支持它如：RIPV2，OSPF，EIGRP和BGP。
实现方法也很简单：就是通过主机数量来决定前缀位数

Subnets / subnetworks

Default subnet masks (classful subnet masks) are not always the most efficient choice.
- leads to inefficient allocation of address.
(add additional network bits to a subnet masks) extending the subnet mask to create subnets within a classful network.
subnet
- Partitioning large networks:
- separate the portion if the network bits from the host bits.
subnet mask
- define variable partition of host part of class A and B addresses
- Subnets visible only within site
- All nodes on a network segemnt has the same mask.
4 octets, x eight bits: 4 set of 8 bits = 32 bits.

Purpose of Subnetting

The host bits of an IP address cannot be:
- all 0s (network address)
- all 1s (directed broadcast address).
the number of assignable IP addresses in a subnet = 2^h - 2
- h: number of host bits in a subnet mask
Example:
- a private Class B IP address (172.16.0.0/16) for your internal IP addressing.
- not need 65,534 hosts in a single broadcast domain.
- subnet the network into additional subnetworks.
- (extending the number of network bits in the network’s subnet mask)

Subnet Mask Notation

0 0 0  0     0     0    0       0
0 2 4  8     16    32   64      128      =254

the number of bits in a subnet mask can be represented in:

dotted-decimal notation or prefix notation.
255.0.0.0 /8 (Classful subnet mask for Class A networks)
255.128.0.0 /9 +128 1000 0000
255.192.0.0 /10 +64 1100 0000
255.224.0.0 /11 +32
255.240.0.0 /12 +16
255.248.0.0 /13 +8
255.252.0.0 /14 +4
255.254.0.0 /15 +2
255.255.0.0. /16 +1 (Classful subnet mask for Class B networks)
255.255.128.0 /17
255.255.192.0 /18
255.255.224.0 /19
255.255.240.0 /20
255.255.248.0 /21
255.255.252.0 /22
255.255.254.0 /23
255.255.255.0 /24 (Classful subnet mask for Class C networks)
255.255.255.128 /25
255.255.255.192 /26
255.255.255.224 /27
255.255.255.240 /28
255.255.255.248 /29
255.255.255.252 /30
255.255.255.254 /31
255.255.255.255 /32
Example:
- subnet mask of 255.255.192.0
  - The first two octets is 255 = has 16 1s
  - the third octet value is 192 = has 2 1s
  - the subnet mask of 255.255.192.0, prefix notation is /18.

Extending a Classful Mask

The way to take a classful network (a network using a classful subnet mask)
- divide that network into multiple subnet by adding 1s to the network’s classful subnet mask.
However, the class of the IP address does not change, regardless of the new subnet mask.
- the class of a network is determined by the value of the first octet.
- The class of a network has nothing to do with the number of bits in a subnet.
Example:
- the network 10.2.3.0/24
- Has the classful subnet mask of a Class C network (24-bit subnet mask).
- the 10.2.3.0/24 network is a Class A network, because the value of the first octet is 10.
- a Class A network that happens to have a 24-bit subnet mask.

calculation

Borrowed Bits

the bits you add
determines how many subnets are created and the number of usable hosts per subnet.

Created Subnets

Number of created subnets = 2^borrowed bits
Example:
- 192.168.1.0/28
- the first octet is 192. Class C network /24
- borrowed bits: 4
- created subnets: 2^4 = 16 subnets.

Available Hosts

Number of assignable IP address in a subnet = 2^Left host bits - 2
Example:
- 192.168.1.0/28
- borrowed bits: 4 (24+4=28)
- Left host bits: 4 (32-28=4)
- assignable IP addresses in each subnet: 14 (2^4-2=14)

172.20.0.0/16 network, B class

want 47 subnets
- 2^6=64 > 47
- 16+6=22
- Subletting: /22, 255.255.252.0
- the number of borrowed bits: 6
- Number of subnet: 64
- Left host bits: 10 (32-22=10)
- assignable IP addresses in each subnet: 1024 (2^10-2=1022)

New IP Address Ranges

interesting octet: the octet containing the last 1 in the subnet mask.
block size: the increment. (256-decimal value of interesting octet)
the first subnet: set all the borrowed bits to 0.
additional subnets: take the first subnet, counting by the block size increment in the interesting octet.

Example:

A 27-bit subnet mask is applied to 192.168.10.0/24.
- 192.168.10.0/24 8.8.8.8 -> 8.8.8.3 5
- subnet mask: 11111111.11111111.11111111.111 00000
- interesting octet: (11100000 in decimal) 128+64+32=224
- the fourth octet (the last 1 in the subnet mask)
- The decimal value of the fourth octet: 224 - Subnet number: 8 (2^3=8) - block size=host size: 32 (256-224=32) - The first subnet: 192.168.10.0/27 - additional subnets: Counting by block size in the interesting octet.
- 192.168.10.0
- 192.168.10.32
- 192.168.10.64
- 192.168.10.96
- 192.168.10.128
- 192.168.10.160
- 192.168.10.192
- 192.168.10.224
network:192.168.0.0/24, subnet mask: 26-bit.
- subnet mask: 11111111.11111111.11111111.11 000000
- 255.255.255.192/26
- Subnet number: 4 (2^2=4)
- interesting octet: (11100000 in decimal) 128+64=192
- block size=host size: 64 (256-192=64)
- The first subnet is 192.168.0.0/26
- additional subnets: Counting by block size in the interesting octet.
- the range of usable addresses broadcast address
- 192.168.0.0 192.168.0.1 - 192.168.0.62 192.168.0.63
- 192.168.0.64 192.168.0.65 - 192.168.0.126 192.168.0.127
- 192.168.0.128 192.168.0.129 - 192.168.0.190 192.168.0.191
- 192.168.0.192 192.168.0.193 - 192.168.0.254 192.168.0.255

two VLANs (two subnets) are currently configured;
Which client PC is assigned an incorrect IP address?
172.16.0.0/16 network by using a 20-bit subnet mask.

172.16.0.0/16 network, using a 20-bit subnet mask.
- B class, 8.8.0.0 to 8.8.4 4.8
  - Subnet number: 16 (2^4=16)
  - interesting octet: (11100000 in decimal) 128+64+32+16=240
  - block size=host size: 16 (256-240=16)
  - The first subnet is 172.16.0.0/20
  - additional subnets:
- 172.16.0.0
- 172.16.16.0
- 172.16.32.0
- 172.16.48.0
- 172.16.64.0
- 172.16.80.0 172.16.80.2/20 client 1 and 172.16.95.7/20 client 2
- 172.16.90.255/20 VLAN A
- the range of usable addresses broadcast address
- 172.16.80.1 - 172.16.95.254 172.16.95.255
- 172.16.96.0
- 172.16.112.0
- 172.16.128.0
- 172.16.144.0
- 172.16.160.0
- 172.16.176.0
- 172.16.192.0 172.16.206.5/20 client 3
- 172.16.208.0 172.16.233.1/20 client 4
- 172.16.208.255/20 VLAN B
- the range of usable addresses broadcast address
- 172.16.208.1 - 172.16.223.254 172.16.223.255
- 172.16.224.0
- 172.16.240.0

Classless Inter-Domain Routing 无类别域间路由

CIDR指的是不再采用A，B，C类网络的规则，定义前缀相同的一组网络为一个路由条目，

如：190.0.0.0/8 大家乍一看好像是C类网，但是前缀却是8
超网: 把若干个小的网络合并成一个大的网络。
CIDR是用于帮助减缓IP地址和路由表增大问题的一项技术。
CIDR的理念是多个地址块可以被组合或聚合在一起生成更大的无类别IP地址集(也就是说允许有更多的主机)。

CIDR，将路由表中的条目汇总，如将多个C类地址汇总为一个B类地址。把几个ip地址合并成一个ip在外网显示 VLSM，将一个网划分子网，利用网络资源。把一个ip分成几个连续的ip网段;

好处是：

缩小了路由表,节省路由器的内存空间，提高路由器的查找效率。
网络流量，CPU和内存的开销更低
对网络进行编址时，灵活性更大
提高了IPv4的可扩展性和效率
the opposite of subnet.
CIDR shortens a classful subnet mask by removing 1s from the classful mask.
As a result, CIDR allows contiguous classful networks to be aggregated.
- This process is called route aggregation.
- 将小网络组合成大网的需要。
A typical use of CIDR is a service provider summarizing multiple Class C networks, assigned to their various customers.
Example:
- advertizing the following Class C networks:
  - 192.168.32.0/24
  - 192.168.33.0/24
  - 192.168.34.0/24
  - 192.168.35.0/24
- convert the values to binary
- determine how many bits the networks have in common (becomes the number of bits in the CIDR mask.)
  - All four of the network addresses have the first 22 bits in common,
- setting the remaining bits to 0 (11000000.10101000.00100000.00000000)
- creates a network address of 192.168.32.0,
- these networks can be summarized as 192.168.32.0/22.

THE GLOBAL INTERNET

Global Internet: not just a random interconnection of Ethernets, it interconnects many different organizations.
Salient feature: consist of end-user sites that connect to service provider networks.
Religional networks: connected by a nationawide backbone / NSFNET backbone (funded by National Science Foundation (NSF)).

The provider networks are built from a large number of point-to-point links that connect to routers,

each provider and end-user is an administratively independent entity;
each end-user site (not a single network) consists of multiple physical networks connected by routers and bridges.
- Different providers have different best routing protocol to use.
- Different idea about how metrics should be assigned to link in their network.
- Because of this independence, each provider’s network is usually a single Autonomous System(AS)

The Internet has a discernible structure can tackle the problem of scalability (two related scaling issues.)

The scalability of routing: find ways to minimize the number of network numbers that get carried around in routing protocols and stored in the routing tables of routers.
Address utilization: make sure the IP address space does not consume too quickly.

Autonomous System (AS)

Internet is organized as autonomous systems (AS)
each of it is under the control of a single administrative entity

Autonomous System (AS)

corresponds to an administrative domain
provide an additional way to hierarchically aggregate routing information in a large internet, thus improving scalability.
improving scalability,
decouples the intradomain routing that takes place in one AS from that taking place in another.
- Thus, each AS can run whatever intradomain routing protocols it chooses.
- It can even use static routes or multiple protocols, if desired.
- The interdomain routing problem is then one of having different ASs share reachability information—descriptions of the set of IP addresses that can be reached via a given AS—with each other.
Examples:
University, company, backbone network.
A corporation’s internal network might be a single AS, as may the network of a single Internet service provider

Interdomain Routing

Route Propagation

Provide an additional way to hierarchically 分级体系地 aggregate 聚集 routing information in a large internet.
Improves scalability
Divide the routing problem in two parts:
- Routing within a single autonomous system
- Routing between autonomous systems
Another name for autonomous systems in the Internet is routing domains.
- Two-level route propagation hierarchy
- Inter-domain routing protocol (Internet-wide standard)
- Intra-domain routing protocol (each AS selects its own)

Inter-domain Routing Protocols: EGP and BGP

Exterior Gateway Protocol (EGP)
- tree-like topology onto the Internet
- Did not allow for the topology to become general
- Tree like structure: a single backbone and autonomous systems are connected only as parents and children and not as peers
Border Gateway Protocol (BGP)
- Internet is an arbitrarily interconnected set of ASs, consists of an interconnection of multiple backbone networks
  - (usually called service provider networks, and operated by private companies rather than the government)
  - A corporation’s complex internal network might be a single AS, as may the network of a single Internet Service Provider (ISP).
- Sites are connected to each other in arbitrary ways

Routing Areas

Using hierarchy to scale up the routing system, link-state routing protocols can be used to partition a routing domain into subdomains / areas.

By adding extra level of hierarchy, we enable single domains to grow larger without overburdening the routing protocols or resorting to the more complex interdomain routing protocols described below.

An area is a set of routers that are administratively configured to exchange link-state information with each other.

The backbone area (area 0)
Routers R1, R2, and R3: members of the backbone area and other nonbackbone area;
Area border router (ABR): member of both the backbone area and a nonbackbone area.
AS border routers: the routers that are at the edge of an AS.

Routing within a single area:

all routers in area send link-state advertisements to each other
develop a complete, consistent map of the area.
making the flooding and route calculation processes considerably more scalable.
the link-state advertisements do not leave for not area border routers, will never see a link-state advertisement from router from other area, it will know nothing about the detailed topology of other areas.

Packet: source (nonbackbone area) - backbone area - destinated network: split into 3 different way:

One ABRs nonbackbone area, from source network to the backbone area, travels crosses the backbone, then to the destination network.
Main: the Area border routers summarize routing information learned from one area and make it available in their advertisements to other areas.
example:
- R1 receives link-state advertisements from routers in area 1
  - (can determine the cost of reaching network in area 1).
- R1 sends link-state advertisements into area 0
  - it advertises the costs of reaching the networks in area 1 (cause all area 1 networks directly connected to R1.)
- This enables all the area 0 routers learn the cost to reach all networks in area 1.
  - The area border routers then summarize this information and advertise it into the nonbackbone areas.
  - Thus, all routers learn how to reach all networks in the domain.
Two ABRs in nonbackbone area, need to make a choice which one to use to reach the backbone.
- R1 and R2 will be advertising different costs to various networks
  - according to the cost to the destination network, choose by shortest-path algorithm.
- Example, R1 is better choice than R2 for destinations in area 1.
network administrators can flexibly decide routers in backbone area 0.
- Use virtual link between routers: help to improve the optimality 最优性 of routing.
- Example:
- a virtual link could be configured from R8 to R1, make R8 part of the backbone. R8 would now participate in link-state advertisement flooding with the routers in area 0.
- The cost of the virtual link from R8 to R1 is determined by the exchange of routing information in area 1.

Dividing domain into areas, is a tradeoff between scalability and optimality of routing.

The use of areas forces all packets traveling from one area to another via the backbone area, even if a shorter path might have been available.
important principle in network design, trade-off between some sort of optimality and scalability.
- When hierarchy is introduced, information is hidden from some nodes in the network (hindering their ability to make perfectly optimal decisions.)
- information hiding is essential to scalability, it saves nodes from having global knowledge.
- In large networks, scalability is more pressing design goal than perfect optimality.

Example: even if R4 and R5 directly connected, packets would not flow between them because they are in different nonbackbone areas.

(It turns out that the need for scalability is often more important than the need to use the absolute shortest path.)

Overview

A host signals its desire to join or leave a multicast group by communicating with its local router using a special protocol
In IPv4, the protocol is Internet Group Management Protocol (IGMP)
In IPv6, the protocol is Multicast Listener Discovery (MLD)
The router has the responsibility for making multicast behave correctly with regard to the host.

15NetworkSec, NetworkingBasics

NetworkSec TCP

This post is licensed under CC BY 4.0 by the author.

IP Internet Protocol (IP)

Routing IP Packets

The Structure of the Internet

IP packet Header

IPv4

Binary Numbering

IPv4 Addressing

IPv4 Address Structure

Classes of Addresses

IPv6

Major Features

IPv6 Data Flows

Types of casting

subnet

变长子网掩码(VLSM) variable length subnet masks

Subnets / subnetworks

Subnet Mask Notation

calculation

Classless Inter-Domain Routing 无类别域间路由

THE GLOBAL INTERNET

Autonomous System (AS)

Inter-domain Routing Protocols: EGP and BGP

Routing Areas

Trending Tags