Ninth Edition by William Stallings Chapter 18 Internet Protocols Data and Computer Communications Ninth Edition by William Stallings c Pearson Education Prentice Hall 2011 Internet ID: 661399
Download Presentation The PPT/PDF document "Data and Computer Communications" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Data and Computer Communications
Ninth Editionby William Stallings
Chapter 18 – Internet Protocols
Data and Computer Communications, Ninth Edition by William Stallings, (c) Pearson Education - Prentice Hall, 2011 Slide2
Internet
Protocols
She occupied herself with studying a map on the opposite wall because she knew she would have to change trains at some point. Tottenham Court Road must be that point, an interchange from the black line to the red. This train would take her there, was bearing her there rapidly now, and at the station she would follow the signs, for signs there must be, to the Central Line going westward.—King Solomon's Carpet. Barbara Vine (Ruth Rendell) Slide3
Internet
internet
an interconnected set of networks where each of the constituent networks retains its identityend systemsdevices attached to a networkintermediate systemsprovide a communications path and perform the necessary relaying and routing functionsbridgesacts as a relay of frames between similar networks routersroutes packets between potentially different networksSlide4
Internetworking
Terms Slide5
TCP/IP ConceptsSlide6
Differences in Networks
addressing schemesmaximum packet size
network access mechanismstimeoutserror recoverystatus reportingrouting techniquesuser access controlconnection, connectionlessSlide7
Connectionless Operation
Internetworking involves connectionless operation at the level of the Internet Protocol (IP)Slide8
Connectionless Internetworking
Connectionless internet facility is flexibleIP provides a connectionless service between end systems.
Advantages:is flexiblecan be made robustdoes not impose unnecessary overheadSlide9
IP Operation
LAPF :
link access protocol for frame (frame relay)Slide10
IP Design Issues
routingdatagram lifetimefragmentation and reassembly
error controlflow controlSlide11
The Internet as a NetworkSlide12
RoutingSlide13
Datagram Lifetime
datagrams could loop indefinitelyconsumes resourcestransport protocol may
need upper bound on lifetime of a datagramcan mark datagram with lifetime when lifetime expires, datagram discardedSlide14
Fragmentation and Re-assembly
protocol exchanges data between two entities
lower-level protocols may need to break data up into smaller blocks, called fragmentationreasons for fragmentation:network only accepts blocks of a certain sizemore efficient error control & smaller retransmission unitsfairer access to shared facilitiessmaller buffersdisadvantages:
smaller
buffers
more interrupts & processing timeSlide15
Fragmentation and
Re-assemblySlide16
IP Fragmentation
IP re-assembles at destination onlyuses fields in header
Data Unit Identifier (ID)identifies end-system-originated datagramData lengthlength of user data in octetsOffsetposition of fragment of user data in original datagramin multiples of 64 bits (8 octets)indicates that
this is not
the last fragment
More
flagSlide17
Fragmentation ExampleSlide18
Error and Flow Control
Error controldiscarded datagram identification is needed
reasons for discarded datagrams include:lifetime expirationcongestionFCS error (frame check sequence)Flow controlallows routers to limit the rate they receive data
send flow control packets requesting reduced data
flow (ICMP)Slide19
Internet Protocol (IP) v4
defined in RFC 791
www.rfc-editor.orgpart of TCP/IP suitetwo partsSlide20
IP Services
Primitivesspecifies functions to be performedform of primitive implementation dependent
Send : request transmission of data unitDeliver : notify user of arrival of data unitParametersused to pass data and control informationSlide21
IP Parameters
source & destination addressesprotocoltype of Service
identification“don’t fragment” indicatortime to livedata lengthoption datauser dataSlide22
IP OptionsSlide23
IPv4 HeaderSlide24
IPv4 Header
http://www.tcpipguide.com/free/t_IPDatagramGeneralFormat.htmImportant: the « Protocol » field identifies the nature of the
next header (in the data portion of the IP packet) Ex: TCP, ICMPhttp://www.iana.org/assignments/protocol-numbers/protocol-numbers.xmlSlide25
IPv4 Address FormatsSlide26
IP Addresses - Class A
start with binary 0all 0 reserved
01111111 reserved for loopback(localhost 127.0.0.1) range 1.x.x.x to 126.x.x.xSlide27
IP Addresses - Class B
start with binary 10range 128.x.x.x to 191.x.x.x
second octet also included in network address214 = 16,384 class B addressesSlide28
IP Addresses - Class C
start with binary 110
range 192.x.x.x to 223.x.x.xsecond and third octet also part of network address221 = 2,097,152 addressesnearly all allocatedsee IPv6Slide29
IP
Addresses
Decimal code to simplify address management. 00001010 00000000 00000000 00000000 = 10.0.0.0 (classe A)
Class A
examples
:
BBN (4.0.0.0) , General Electric (3.0.0.0), Apple (17.0.0.0), AT&T (12.0.0.0), IBM (9.0.0.0), MIT (18.0.0.0)
Class B
example
: UQAC (132.212.0.0)
Slide30
IP
Addresses
IP addresses index : http://cqcounter.com/whois/ip/ (http://www.ip2location.com/)Slide31
IP
Addresses
Special cases : "loopback address" : 127.0.0.1 Non-routable addresses
:
10.0.0.0 à 10.255.255.255
(Class A)
172.16.0.0 à 172.31.255.255
(Class B)
192.168.0.0 à 192.168.255.255
(Class C)
if
hostid
=
00....0 =
> IP address of the local network
if
hostid
= 111....
1
=> "broadcast
"
address
of the local
network
Slide32
IP
Addresses
Addresses assigned by central organisations IANA (ARIN, RIPR NCC, LACNIC and APNIC)
InterNIC
:
www.internic.net
(
http://www.internic.ca
/
)
GodaddySlide33
IP
Addresses
Configuration ipconfig /all netmask, default gateway… ping
127.0.0.1 (and
pinging
your
own
address
)Slide34
Subnets and Subnet Masks
allows arbitrary complexity of internetworked LANs within organization
insulate overall internet from growth of network numbers and routing complexitysite looks to rest of internet like single networkeach LAN assigned subnet numberhost portion of address partitioned into subnet number and host numberlocal routers route within subnetted networksubnet mask indicates which bits are subnet number and which are host numberSlide35
IP Addresses and Subnet MasksSlide36
Other
notation
used to represent the netmask: CIDR notationThe number after the ‘/’ represents the number of ‘1’ of the netmask.Ex. : 132.212.203.0/24 indicates that the netmask is 255.255.255.0Slide37
Subnet
mask: Allows to define netid and subnetid.Class C address
example
: 200.123.15.0
Document 1
Document 2
Slide38
Subnets and Subnet Masks
When is the default gateway
actually used ?Decision based on netmaskNotes: RFC 950 suggest not to use subnets having
all 0s and all 1s. (2
subnets
not
used
)
Modern
routers
can
use
those
two
particular
subnets
..
To display
routing
table on a PC :
netstat
–r
A computer
can
have more
than
one interface
Each
has a default
gateway
Example
of use :
route.xls
extracted
from
:
DocumentSlide39
Subnets and Subnet MasksSlide40
Subnets and Subnet Masks
NAT (network
address translation) Formerly « IP masquarading » (using LINUX)Remapping of IP addresses
Can
be
implemented
in
various
ways
…
Popular
method
: «
port
forwarding
»
table of
correspondence
(
stored
in the
gatway
memory)
Proxy
server..Slide41
Subnets and Subnet MasksSlide42
Obtaining an IP address
DHCP :
dynamic host configuration protocolbelongs to the application layeruses UDP port 68 on the client and port 67 on the server
see
figure in
http
://
wiki.cas.mcmaster.ca/index.php/Dynamic_Host_Configuration_Protocol
Information sent by DHCP server
Default
gateway
Domain
name
Name servers …Slide43
Network adapter configuration
In a command window
=> ipconfig /allIn a program, one can use GetAdaptersInfo()https://msdn.microsoft.com/en-us/library/windows/desktop/aa366062(v=vs.85).aspxSlide44
Address Resolution Protocol (ARP)Slide45
Address Resolution Protocol (ARP)
Sequence of events :
See http://www.tcpipguide.com/free/t_ARPAddressSpecificationandGeneralOperation-2.htmBroadcast at the MAC (Ethernet) levelNo IP header => just ARP headerTo
read
the
arp
table on a PC :
arp
–a
Note: one
can
modify
the
arp
table if
he
has admin
status
… («
spoofing
»)Slide46
Internet Control Message Protocol (ICMP)
RFC 792transfer messages from routers and hosts to hosts
provides feedback about problemsdatagram cannot reach its destinationrouter does not have buffer capacity to forwardrouter can send traffic on a shorter routeencapsulated in IP datagramhence not reliableSlide47
ICMP Message Format
(inserted at the end of the IP header)Slide48
Common ICMP Messages
destination unreachabletime
exceeded (traceroute)parameter problemsource quenchredirectecho & echo replytimestamp & timestamp replyaddress mask request & replySlide49
IP Versions
IP v 1-3 defined and replacedIP v4 - current versionIP v5 - streams protocolIP v6 - replacement for IP v4
during development, it was called IPng (IP Next Generation)Slide50
Why Change IP?Slide51
IPv6 RFCs
RFC 1752 - Recommendations for the IP Next Generation ProtocolrequirementsPDU formats
addressing, routing security issuesRFC 2460 - overall specificationRFC 4291 - addressing structureSlide52
IPv6 Enhancements
expanded 128-bit
address spaceimproved option mechanismmost not examined by intermediate routesdynamic address assignment (no more DHCP)increased addressing flexibilityanycast & multicastsupport for resource allocationlabeled packet flowsSlide53
IPv6
Basics: Network prefix
(48 bits) + subnet (16 bits) + interface ID (64 bits)Interface ID can be used for additionnal subnet maskingwww.tc.mtu.edu/ipv6/basics.php
Expanded
and Compressed notation (:
::)
Uncompressed:
fc00:0:3:0:0:0:23:a
Compressed:
fc00:0:3
::
23:a
Can compress only once
Leading
and
ending
zeros
can
be
omitted
Examples
:
::1
and
fc00:0:3:1ad3
::
Netmask
(CIDR notation Ex: /48)Slide54
IPv6
Basics: http://
www.tunnelsup.com/subnet-calculatorCalculate2001:0db8:85a3::8a2e:0370:7334/642001:0db8:85a3::/48/64 (see subnet prefix)Brackets
in URL :
http://[2001:db8:85a3:8d3:1319:8a2e:370:7348
]/
(colon
usually
defines
ports
so
backets
are
required
to
avoid
confusion)Slide55
IPv6
Address types :
http://www.ripe.net/lir-services/new-lir/ipv6_reference_card.pdfLink local addresses are used in one single network segment, they can't be routed. Unique local addresses can be routed, but only within one routing domain. So an ISP can choose to use ULA for services which can't be publicly accessible.Note: the example of unique local addresses is not correct (
should
be
fc00:f53b:82e4
::53
)
Address
space
still
not
completely
defined
Ex PC de l’UQAC : fe80::517:ed90:ee5:7e15/10
http
://
www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtmlSlide56
IPv6PDU
(Packet) StructureSlide57
IP v6 HeaderSlide58
IP v6 Flow Label
related sequence of packetsspecial handling
A flow is identified by source and destination addresses + flow labelrouter treats flow as sharing attributesmay treat flows differently (a particular flow uses the same path -> guarantees same
order
delivery
)
alternative to including all information in every header
have requirements on flow label processingSlide59
IPv6 Addresses
128 bits longassigned to interfacesingle interface may have multiple unicast addressesSlide60
Hop-by-Hop Options
must be examined by every routerif unknown discard/forward handling is specified
next headerheader extension lengthoptionsPad1PadNJumbo payload (> 64kB)Router alertSlide61
Fragmentation Header
In IPv6, fragmentation only
allowed at sourceno fragmentation at intermediate routersnode must perform path discovery to find smallest MTU of intermediate networksset source fragments to match MTUotherwise limit to 1280 octetsSlide62
Routing Header
contains a list of one or more intermediate nodes to be visited on the way to a packet’s destinationSlide63
Destination Options HeaderSlide64
IPv6 Extension HeadersSlide65
Virtual Private Network (VPN)
set of computers interconnected using an unsecure networke.g. linking corporate LANs over
Internetusing encryption & special protocols to provide security againsteavesdroppingentry point for unauthorized usersproprietary solutions are problematicaldevelopment of IPSec standardSlide66
IPSec
RFC 1636 (1994) identified security needencryption and authentication
necessary security features in IPv6designed also for use with current IPv4applications needing security include:branch office connectivityremote access over Internetextranet and intranet connectivity for partnerselectronic commerce securitySlide67
IPSec FunctionsSlide68
IP Security ScenarioSlide69
Benefits of IPsec
provides strong security for external trafficresistant to bypass
Located below transport layer hence => transparent to applicationscan be transparent to end userscan provide security for individual users if neededSlide70
IPsec vs https
https encrypts data at the application level
uses special port 443IPsecencrypts data at the network levelall applications data (not only http data) are encrypted.any port can be usedSlide71
Summary
internetworking principlesInternet protocol operation
design issues, connectionless operationIPservices, addresses, subnets, ICMP, ARPIPv6structure, header, addressesVPNs and IP SecurityIPsec applications, benefits, functions