Data and Computer Communications - PowerPoint Presentation

Slide1

Data and Computer Communications

Ninth Editionby William Stallings

Chapter 18 – Internet Protocols

Data and Computer Communications, Ninth Edition by William Stallings, (c) Pearson Education - Prentice Hall, 2011 Slide2

Internet

Protocols

She occupied herself with studying a map on the opposite wall because she knew she would have to change trains at some point. Tottenham Court Road must be that point, an interchange from the black line to the red. This train would take her there, was bearing her there rapidly now, and at the station she would follow the signs, for signs there must be, to the Central Line going westward.—King Solomon's Carpet. Barbara Vine (Ruth Rendell) Slide3

Internet

internet

an interconnected set of networks where each of the constituent networks retains its identityend systemsdevices attached to a networkintermediate systemsprovide a communications path and perform the necessary relaying and routing functionsbridgesacts as a relay of frames between similar networks routersroutes packets between potentially different networksSlide4

Internetworking

Terms Slide5

TCP/IP ConceptsSlide6

Differences in Networks

addressing schemesmaximum packet size

network access mechanismstimeoutserror recoverystatus reportingrouting techniquesuser access controlconnection, connectionlessSlide7

Connectionless Operation

Internetworking involves connectionless operation at the level of the Internet Protocol (IP)Slide8

Connectionless Internetworking

Connectionless internet facility is flexibleIP provides a connectionless service between end systems.

Advantages:is flexiblecan be made robustdoes not impose unnecessary overheadSlide9

IP Operation

LAPF :

link access protocol for frame (frame relay)Slide10

IP Design Issues

routingdatagram lifetimefragmentation and reassembly

error controlflow controlSlide11

The Internet as a NetworkSlide12

RoutingSlide13

Datagram Lifetime

datagrams could loop indefinitelyconsumes resourcestransport protocol may

need upper bound on lifetime of a datagramcan mark datagram with lifetime when lifetime expires, datagram discardedSlide14

Fragmentation and Re-assembly

protocol exchanges data between two entities

lower-level protocols may need to break data up into smaller blocks, called fragmentationreasons for fragmentation:network only accepts blocks of a certain sizemore efficient error control & smaller retransmission unitsfairer access to shared facilitiessmaller buffersdisadvantages:

smaller

buffers

more interrupts & processing timeSlide15

Fragmentation and

Re-assemblySlide16

IP Fragmentation

IP re-assembles at destination onlyuses fields in header

Data Unit Identifier (ID)identifies end-system-originated datagramData lengthlength of user data in octetsOffsetposition of fragment of user data in original datagramin multiples of 64 bits (8 octets)indicates that

this is not

the last fragment

More

flagSlide17

Fragmentation ExampleSlide18

Error and Flow Control

Error controldiscarded datagram identification is needed

reasons for discarded datagrams include:lifetime expirationcongestionFCS error (frame check sequence)Flow controlallows routers to limit the rate they receive data

send flow control packets requesting reduced data

flow (ICMP)Slide19

Internet Protocol (IP) v4

defined in RFC 791

www.rfc-editor.orgpart of TCP/IP suitetwo partsSlide20

IP Services

Primitivesspecifies functions to be performedform of primitive implementation dependent

Send : request transmission of data unitDeliver : notify user of arrival of data unitParametersused to pass data and control informationSlide21

IP Parameters

source & destination addressesprotocoltype of Service

identification“don’t fragment” indicatortime to livedata lengthoption datauser dataSlide22

IP OptionsSlide23

IPv4 HeaderSlide24

IPv4 Header

http://www.tcpipguide.com/free/t_IPDatagramGeneralFormat.htmImportant: the « Protocol » field identifies the nature of the

next header (in the data portion of the IP packet) Ex: TCP, ICMPhttp://www.iana.org/assignments/protocol-numbers/protocol-numbers.xmlSlide25

IPv4 Address FormatsSlide26

IP Addresses - Class A

start with binary 0all 0 reserved

01111111 reserved for loopback(localhost 127.0.0.1) range 1.x.x.x to 126.x.x.xSlide27

IP Addresses - Class B

start with binary 10range 128.x.x.x to 191.x.x.x

second octet also included in network address214 = 16,384 class B addressesSlide28

IP Addresses - Class C

start with binary 110

range 192.x.x.x to 223.x.x.xsecond and third octet also part of network address221 = 2,097,152 addressesnearly all allocatedsee IPv6Slide29

IP

Addresses

Decimal code to simplify address management.   00001010  00000000  00000000  00000000 = 10.0.0.0  (classe A)

Class A

examples

:

BBN (4.0.0.0) , General Electric (3.0.0.0), Apple (17.0.0.0), AT&T (12.0.0.0), IBM (9.0.0.0), MIT (18.0.0.0)

Class B

example

:  UQAC (132.212.0.0)

Slide30

IP

Addresses

IP addresses index : http://cqcounter.com/whois/ip/ (http://www.ip2location.com/)Slide31

IP

Addresses

Special cases :   "loopback address" : 127.0.0.1 Non-routable addresses

:

10.0.0.0       à   10.255.255.255

(Class A)

172.16.0.0    à   172.31.255.255

(Class B)

192.168.0.0   à   192.168.255.255

(Class C)

if

hostid

=

00....0 =

> IP address of the local network

if

hostid

= 111....

1

=> "broadcast

"

address

of the local

network

Slide32

IP

Addresses

  Addresses assigned by central organisations IANA (ARIN, RIPR NCC, LACNIC and APNIC)

InterNIC

:

www.internic.net

(

http://www.internic.ca

/

)

GodaddySlide33

IP

Addresses

Configuration  ipconfig /all netmask, default gateway… ping

127.0.0.1  (and

pinging

your

own

address

)Slide34

Subnets and Subnet Masks

allows arbitrary complexity of internetworked LANs within organization

insulate overall internet from growth of network numbers and routing complexitysite looks to rest of internet like single networkeach LAN assigned subnet numberhost portion of address partitioned into subnet number and host numberlocal routers route within subnetted networksubnet mask indicates which bits are subnet number and which are host numberSlide35

IP Addresses and Subnet MasksSlide36

Other

notation

used to represent the netmask: CIDR notationThe number after the ‘/’ represents the number of ‘1’ of the netmask.Ex. : 132.212.203.0/24 indicates that the netmask is 255.255.255.0Slide37

Subnet

mask: Allows to define netid and subnetid.Class C address

example

: 200.123.15.0

Document 1

Document 2

 Slide38

Subnets and Subnet Masks

When is the default gateway

actually used ?Decision based on netmaskNotes: RFC 950 suggest not to use subnets having

all 0s and all 1s. (2

subnets

not

used

)

Modern

routers

can

use

those

two

particular

subnets

..

To display

routing

table on a PC : 

netstat

–r

A computer

can

have more

than

one interface

Each

has a default

gateway

Example

of use :

route.xls

extracted

from

:

DocumentSlide39

Subnets and Subnet MasksSlide40

Subnets and Subnet Masks

NAT (network

address translation) Formerly « IP masquarading » (using LINUX)Remapping of IP addresses

Can

be

implemented

in

various

ways

…

Popular

method

: «

 port

forwarding

 »

table of

correspondence

(

stored

in the

gatway

memory)

Proxy

server..Slide41

Subnets and Subnet MasksSlide42

Obtaining an IP address

DHCP :

dynamic host configuration protocolbelongs to the application layeruses UDP port 68 on the client and port 67 on the server

see

figure in

http

://

wiki.cas.mcmaster.ca/index.php/Dynamic_Host_Configuration_Protocol

Information sent by DHCP server

Default

gateway

Domain

name

Name servers …Slide43

Network adapter configuration

In a command window

=> ipconfig /allIn a program, one can use GetAdaptersInfo()https://msdn.microsoft.com/en-us/library/windows/desktop/aa366062(v=vs.85).aspxSlide44

Address Resolution Protocol (ARP)Slide45

Address Resolution Protocol (ARP)

Sequence of events :

See http://www.tcpipguide.com/free/t_ARPAddressSpecificationandGeneralOperation-2.htmBroadcast at the MAC (Ethernet) levelNo IP header => just ARP headerTo

read

the

arp

table on a PC :

arp

–a

Note: one

can

modify

the

arp

table if

he

has admin

status

… (« 

spoofing

 »)Slide46

Internet Control Message Protocol (ICMP)

RFC 792transfer messages from routers and hosts to hosts

provides feedback about problemsdatagram cannot reach its destinationrouter does not have buffer capacity to forwardrouter can send traffic on a shorter routeencapsulated in IP datagramhence not reliableSlide47

ICMP Message Format

(inserted at the end of the IP header)Slide48

Common ICMP Messages

destination unreachabletime

exceeded (traceroute)parameter problemsource quenchredirectecho & echo replytimestamp & timestamp replyaddress mask request & replySlide49

IP Versions

IP v 1-3 defined and replacedIP v4 - current versionIP v5 - streams protocolIP v6 - replacement for IP v4

during development, it was called IPng (IP Next Generation)Slide50

Why Change IP?Slide51

IPv6 RFCs

RFC 1752 - Recommendations for the IP Next Generation ProtocolrequirementsPDU formats

addressing, routing security issuesRFC 2460 - overall specificationRFC 4291 - addressing structureSlide52

IPv6 Enhancements

expanded 128-bit

address spaceimproved option mechanismmost not examined by intermediate routesdynamic address assignment (no more DHCP)increased addressing flexibilityanycast & multicastsupport for resource allocationlabeled packet flowsSlide53

IPv6

Basics: Network prefix

(48 bits) + subnet (16 bits) + interface ID (64 bits)Interface ID can be used for additionnal subnet maskingwww.tc.mtu.edu/ipv6/basics.php

Expanded

and Compressed notation (:

::)

Uncompressed:

fc00:0:3:0:0:0:23:a

Compressed:

fc00:0:3

::

23:a

Can compress only once

Leading

and

ending

zeros

can

be

omitted

Examples

:

::1

and

fc00:0:3:1ad3

::

Netmask

(CIDR notation Ex: /48)Slide54

IPv6

Basics: http://

www.tunnelsup.com/subnet-calculatorCalculate2001:0db8:85a3::8a2e:0370:7334/642001:0db8:85a3::/48/64 (see subnet prefix)Brackets

in URL :

http://[2001:db8:85a3:8d3:1319:8a2e:370:7348

]/

(colon

usually

defines

ports

so

backets

are

required

to

avoid

confusion)Slide55

IPv6

Address types :

http://www.ripe.net/lir-services/new-lir/ipv6_reference_card.pdfLink local addresses are used in one single network segment, they can't be routed. Unique local addresses can be routed, but only within one routing domain. So an ISP can choose to use ULA for services which can't be publicly accessible.Note: the example of unique local addresses is not correct (

should

be

fc00:f53b:82e4

::53

)

Address

space

still

not

completely

defined

Ex PC de l’UQAC : fe80::517:ed90:ee5:7e15/10

http

://

www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtmlSlide56

IPv6PDU

(Packet) StructureSlide57

IP v6 HeaderSlide58

IP v6 Flow Label

related sequence of packetsspecial handling

A flow is identified by source and destination addresses + flow labelrouter treats flow as sharing attributesmay treat flows differently (a particular flow uses the same path -> guarantees same

order

delivery

)

alternative to including all information in every header

have requirements on flow label processingSlide59

IPv6 Addresses

128 bits longassigned to interfacesingle interface may have multiple unicast addressesSlide60

Hop-by-Hop Options

must be examined by every routerif unknown discard/forward handling is specified

next headerheader extension lengthoptionsPad1PadNJumbo payload (> 64kB)Router alertSlide61

Fragmentation Header

In IPv6, fragmentation only

allowed at sourceno fragmentation at intermediate routersnode must perform path discovery to find smallest MTU of intermediate networksset source fragments to match MTUotherwise limit to 1280 octetsSlide62

Routing Header

contains a list of one or more intermediate nodes to be visited on the way to a packet’s destinationSlide63

Destination Options HeaderSlide64

IPv6 Extension HeadersSlide65

Virtual Private Network (VPN)

set of computers interconnected using an unsecure networke.g. linking corporate LANs over

Internetusing encryption & special protocols to provide security againsteavesdroppingentry point for unauthorized usersproprietary solutions are problematicaldevelopment of IPSec standardSlide66

IPSec

RFC 1636 (1994) identified security needencryption and authentication

necessary security features in IPv6designed also for use with current IPv4applications needing security include:branch office connectivityremote access over Internetextranet and intranet connectivity for partnerselectronic commerce securitySlide67

IPSec FunctionsSlide68

IP Security ScenarioSlide69

Benefits of IPsec

provides strong security for external trafficresistant to bypass

Located below transport layer hence => transparent to applicationscan be transparent to end userscan provide security for individual users if neededSlide70

IPsec vs https

https encrypts data at the application level

uses special port 443IPsecencrypts data at the network levelall applications data (not only http data) are encrypted.any port can be usedSlide71

Summary

internetworking principlesInternet protocol operation

design issues, connectionless operationIPservices, addresses, subnets, ICMP, ARPIPv6structure, header, addressesVPNs and IP SecurityIPsec applications, benefits, functions