CSE524: Lecture 9

About This Presentation

Title:

CSE524: Lecture 9

Description:

IP security, IP error detection, IP delivery semantics, IP quality of service, ... ISPs get it from ICANN: Internet Corporation for Assigned Names and Numbers ... – PowerPoint PPT presentation

Number of Views:37

Avg rating:3.0/5.0

Slides: 81

Provided by: thef

Category:

more less

Transcript and Presenter's Notes

Title: CSE524: Lecture 9

1
CSE524 Lecture 9

Network Layer (Part 3)

2
Administrative

Approved project descriptions due Wednesday
Homework 3 due next Monday 11/3/03

3
Roadmap

Last two classes
Network layer functionality
IP network layer implementation
IP security, IP error detection, IP delivery
semantics, IP quality of service, IP
fragmentation
This class
Finish IP network layer implementation
IP addressing, IP routing

4
NL IP Addressing

IP address fixed-length, 32-bit identifier for
host, router interface
semantics getting fuzzy, though (more later)
interface connection between host, router and
physical link
routers typically have multiple interfaces
host may have multiple interfaces
IP addresses associated with interface, not host,
router

223.1.1.1
223.1.2.9
223.1.1.4
223.1.1.3
223.1.1.1 11011111 00000001 00000001 00000001
223
1
1
1
5
NL IP Addressing

IP address
network part (high order bits)
host part (low order bits)
Whats a network ?
all device interfaces with same network part of
IP address
all interfaces that can physically reach each
other without intervening router

223.1.1.1
223.1.2.1
223.1.1.2
223.1.2.9
223.1.1.4
223.1.2.2
223.1.1.3
223.1.3.27
LAN
223.1.3.2
223.1.3.1
network consisting of 3 IP networks (for IP
addresses starting with 223, first 24 bits are
network address)
6
NL IP Addressing
223.1.1.2

How to find the networks?
Detach each interface from router, host
create islands of isolated networks

223.1.1.1
223.1.1.4
223.1.1.3
223.1.7.0
223.1.9.2
223.1.9.1
223.1.7.1
223.1.8.0
223.1.8.1
223.1.2.6
Interconnected system consisting of six networks
223.1.2.1
223.1.2.2
7
NL Classful IP Addressing (1981)

Total IP address size 4 billion
Initially one large class (8-bit network, 24-bit
host)
Classful addressing for smaller networks (LANs)
Class A 128 networks, 16M hosts
Class B 16K networks, 64K hosts
Class C 2M networks, 256 hosts

High Order Bits 0 10 110
Format 7 bits of net, 24 bits of host 14 bits of
net, 16 bits of host 21 bits of net, 8 bits of
host
Class A B C
8
NL IP address classes
8
16
32
24
Class A
1.0.0.0 to 127.255.255.255
Class B
Host ID
Network ID
128.0.0.0 to 191.255.255.255
Class C
Host ID
Network ID
192.0.0.0 to 223.255.255.255
Class D
224.0.0.0 to 239.255.255.255
Class E
9
NL Special IP Addresses

Private addresses
http//www.rfc-editor.org/rfc/rfc1918.txt
Class A 10.0.0.0 - 10.255.255.255 (10/8 prefix)
Class B 172.16.0.0 - 172.31.255.255 (172.16/12
prefix)
Class C 192.168.0.0 - 192.168.255.255
(192.168/16 prefix)
127.0.0.1 local host (a.k.a. the loopback
address)
255.255.255.255
IP broadcast to local hardware that must not be
forwarded
http//www.rfc-editor.org/rfc/rfc919.txt
Same as network broadcast if no subnetting
IP of network broadcastNetworkID(all 1s for
HostID)
0.0.0.0
IP address of unassigned host (BOOTP, ARP, DHCP)
Default route advertisement

10
NL IP Addressing Problem 1 (1984)

Inefficient use of address space
Class A (rarely given out, not many of them given
out by IANA)
Class B 64k hosts
Very few LANs have close to 64K hosts
Electrical/LAN limitations, performance or
administrative reasons
e.g., class B net allocated enough addresses for
64K hosts, even if only 2K hosts in that network
Need simple/address-efficient way to get multiple
networks
Reduce the total number of addresses that are
assigned, but not used
Subnet addressing
http//www.rfc-editor.org/rfc/rfc917.txt
Split up single large network address ranges into
multiple smaller ones (subnet)

11
NL Subnetting

Variable length subnet masks
Subnet a class B address space into several chunks

Network
Host
Network
Host
Subnet
1111..
00000000
..1111
Mask
12
NL Subnetting Example

Assume an organization was assigned address
150.100
Assume lt 100 hosts per subnet
How many host bits do we need? Seven
What is the network mask?
11111111 11111111 11111111 10000000
255.255.255.128

13
NL IP Address Problem 2 (1991)

Address space depletion
In danger of running out of classes A and B
Class A
very few in number, IANA frugal in giving them
out
Class B
subnetting only applied to new allocations of
class B
existing class B networks sparsely populated
people refuse to give it back
Class C
plenty available, but too small for most domains
giving out multiple class C to a domain explodes
of routes
Supernetting
Assign multiple consecutive class C blocks as
one block
http//www.rfc-editor.org/rfc/rfc1338.txt

14
NL CIDR

Evolved into Classless Inter-Domain Routing
(CIDR)
http//www.rfc-editor.org/rfc/rfc1518.txt
http//www.rfc-editor.org/rfc/rfc1519.txt

15
NL IP addressing CIDR

Original classful addressing
Use class structure (A, B, C) to determine
network ID for route lookup
CIDR Classless InterDomain Routing
Do not use classes to determine network ID
network portion of address of arbitrary length
address format a.b.c.d/x, where x is bits in
network portion of address

16
NL CIDR

Assign any range of addresses to network
Use common part of address as network number
e.g., addresses 192.4.16. to 192.4.31. have the
first 20 bits in common. Thus, we use this as the
network number
netmask is /20, /xx is valid for almost any xx
192.4.16.0/20
Enables more efficient usage of address space
(and router tables)
More on how this impacts routing later.

17
NL IP addressing How are they allocated?

Hosts (host portion)
From organization via static configuration or
DHCP
Network (network portion)
Organization gets from ISPs assigned address
space
ISPs get it from ICANN Internet Corporation for
Assigned Names and Numbers

ISP's block 11001000 00010111 00010000
00000000 200.23.16.0/20 Organization 0
11001000 00010111 00010000 00000000
200.23.16.0/23 Organization 1 11001000
00010111 00010010 00000000 200.23.18.0/23
Organization 2 11001000 00010111 00010100
00000000 200.23.20.0/23 ...
..
. . Organization
7 11001000 00010111 00011110 00000000
200.23.30.0/23
18
NL IP addressing and NAT

Network Address Translation (NAT)
Alternate solution to address space depletion
problem
Kludge (but useful)
Sits between your network and the Internet
Translates local, private, network layer
addresses to global IP addresses
Has a pool of global IP addresses (less than
number of hosts on your network)

19
NL NAT Illustration
Pool of global IP addresses
Destination
Source
P
G

Operation Source (S) wants to talk to
Destination (D)
Create Sg-Sp mapping
Replace Sp with Sg for outgoing packets
Replace Sg with Sp for incoming packets

20
NL Problems with NAT

What if we only have few (or just one) IP
address?
Use NAPT (Network Address Port Translator)
NAPT translates
Translates Paddr flow info to Gaddr new flow
info
Uses TCP/UDP port numbers
Potentially thousands of simultaneous connections
with one global IP address

21
NL Problems with NAT

Hides the internal network structure
Some consider this an advantage
Multiple NAT hops must ensure consistent mappings
Some protocols carry addresses
e.g., FTP carries addresses in text
What is the problem?
Encryption
No inbound connections

22
NL IP routing

Who provides the functionality?
Internet area hierarchy
IP route lookups
Specific IP routing protocols

23
NL Who handles IP routing functions?

Source (IP source routing)
Packet carries path
Network edge devices
Map IP route into label, wavelength, or circuit
at edges
Switch on label, wavelength, or circuit in the
core
ATM
MPLS
lambda switching
Network routers
Hop-by-hop forwarding based on destination IP
carried by packet
Routers keep next hop for destination
IP route table calculated in network routers
Most common

24
NL Source Routing

IP source route option
List entire path (strict) or partial path (loose)
in packet
Attach list of IP addresses within header
Router processing
Examine first step in directions
Increment pointer offset in header
Forward to step
Copy entire source route header on fragmentation

25
NL Source Routing Example
Packet
2
2
3
1
3
1
4
4
2
1
3
4
26
NL Source Routing

Advantages
Switches can be very simple and fast
Disadvantages
Variable (unbounded) header size
Sources must know or discover topology (e.g.,
failures)
Typical use
Ad-hoc networks (DSR)
Machine room networks (Myrinet)

27
NL Network edge devices

Virtual circuits, tag switching
Connection setup phase
IP route lookup at edges to generate appropriate
label, wavelength, circuit
Switch on label, wavelength, circuit ID in core
Router processing
Lookup flow ID simple table lookup
Potentially replace flow ID with outgoing flow ID
Forward to output port

28
NL Virtual Circuits Examples
Packet
2
2
3
1
3
1
4
4
2
1
3
4
29
NL Virtual Circuits

Advantages
More efficient lookup (simple table lookup)
More flexible (different path for each flow)
Can reserve bandwidth at connection setup
Easier for hardware implementations
Disadvantages
Still need to route connection setup request
More complex failure recovery must recreate
connection state
Typical uses
ATM combined with fix sized cells
MPLS tag switching for IP networks

30
NL IP Datagrams on Virtual Circuits

Challenge when to setup connections
At bootup time permanent virtual circuits (PVC)
Large number of circuits
For every packet transmission
Connection setup is expensive
For every connection
What is a connection?
How to route connectionless traffic?
Based on traffic
VC for long-lived flows
Normal IP forwarding for all other flows

31
NL Network routers (Global IP addresses)

Most prevalent way to route on the Internet
Each packet has destination IP address
Each router has forwarding table of..
destination IP ? next hop IP address
Distributed routing algorithm for calculating
forwarding tables

32
NL Global Address Example
Packet
2
2
3
1
3
1
4
4
2
1
3
4
33
NL Issues in Router Table Size

One entry for every host on the Internet
100M entries,doubling every year
One entry for every LAN
Every host on LAN shares prefix
Still too many, doubling every year
One entry for every organization
Every host in organization shares prefix
Requires careful address allocation

34
NL Global Addresses

Advantages
Stateless simple error recovery
Disadvantages
Every router knows about every destination
Potentially large tables
All packets to destination take same route

35
NL Comparison
36
NL IP route lookups

Original IP Route Lookup
In the early days, address classes made it easy
A 0 7 bit network 24 bit host (16M each)
B 10 14 bit network 16 bit host (64K)
C 110 21 bit network 8 bit host (255)
Address would specify prefix for forwarding table
Simple lookup

37
NL Original IP Route Lookup Example

www.ogi.edu address 129.95.5.30
Class B address class network is 129.95
Lookup 129.95 in forwarding table
Prefix part of address that really matters for
routing
Forwarding table contains
List of prefix entries
A few fixed prefix lengths (8/16/24)
Large tables
2 Million class C networks
Sites with multiple class C networks have
multiple route entries at every router

38
NL Getting a datagram from source to dest.

Classful routing example
IP datagram

39
NL Getting a datagram from source to dest.
misc fields
data
223.1.1.1
223.1.1.3
40
NL Getting a datagram from source to dest.
misc fields
data
223.1.1.1
223.1.2.3
41
NL Getting a datagram from source to dest.
misc fields
data
223.1.1.1
223.1.2.3
42
NL IP route lookup and CIDR

Recall Classless routing (CIDR)
Advantages
Saves space in route tables
Makes more efficient use of address space
ISP allocated 8 class C chunks, 201.10.0.0 to
201.10.7.255
Allocation uses 3 bits of class C space
Remaining 21 bits are network number, written as
201.10.0.0/21
Replace 8 class C entries with 1 combined entry
Routing protocols carry prefix length with
destination network address
But....Makes route lookup more complex
No longer separate class A/B/C route tables each
with O(1) lookup
One table containing many prefix lengths
Must match against all routes simultaneously via
longest prefix match

43
NL CIDR example
ISP X given 16 class C networks 200.23.16. to
200.23.31. (or 200.23.16/20)
Route Interface 200.23.16/21
2 200.23.24/22 3 200.23.28/23
4 200.23.30/24 5
1
1
2
5
Route Interface 200.23.16/20
1
3
4
200.23.16.0/24, 200.200.17.0/24 200.23.18.0/24,
200.200.19.0/24 200.23.20.0/24,
200.200.21.0/24 200.23.22.0/24, 200.200.23.0/24
200.23.24.0/24 200.23.25.0/24 200.23.26.0/24 200.2
3.27.0/24
200.23.28.0/24 200.23.29.0/24
44
NL CIDR, hierarchical addressing, route
aggregation
Hierarchical addressing allows efficient
advertisement of routing information
Organization 0
Organization 1
Send me anything with addresses beginning
200.23.16.0/20
Organization 2
Fly-By-Night-ISP
Internet
Organization 7
Send me anything with addresses beginning
199.31.0.0/16
ISPs-R-Us
45
NL Another CIDR example
10.1.1.2/31
10.1.1.3
10.1.1.2 10.1.1.4
10.1.1/24
10.1.3.2
10.1.1.1 10.1.2.2 10.1.3.1
10.1.3/24
10.1.2/24
10.1.16/24
10.1.8/24
10.1.8.1 10.1.2.1 10.1.16.1
10.1.8.4
46
NL Another CIDR example
10.1.1.2/31
10.1.1.3
10.1.1.2 10.1.1.4
10.1.1/24
10.1.3.2
10.1.1.1 10.1.2.2 10.1.3.1
Routing table at R2
10.1.3/24
10.1.2/24
10.1.16/24
10.1.8/24
10.1.8.1 10.1.2.1 10.1.16.1
10.1.8.4
47
NL Another CIDR example
10.1.1.2/31
10.1.1.3
10.1.1.2 10.1.1.4
10.1.1/24
10.1.3.2
10.1.1.1 10.1.2.2 10.1.3.1
Routing table at R1
10.1.3/24
10.1.2/24
10.1.16/24
10.1.8/24
10.1.8.1 10.1.2.1 10.1.16.1
10.1.8.4
10.1.1.3 matches both routes, use longest prefix
match
48
NL Another CIDR example
10.1.1.2/31
10.1.1.3
10.1.1.2 10.1.1.4
10.1.1/24
10.1.3.2
10.1.1.1 10.1.2.2 10.1.3.1
10.1.3/24
Routing table at H1
10.1.2/24
10.1.16/24
10.1.8/24
10.1.8.1 10.1.2.1 10.1.16.1
10.1.8.4
10.1.1.2
10.1.1.2
10.1.1.3 matches both routes, use longest prefix
match
49
NL CIDR Shortcomings

Customer selecting a new provider
Renumbering required

199.31.0.0/16
201.10.0.0/21
201.10.0.0/22
201.10.4.0/24
201.10.5.0/24
201.10.6.0/23
50
NL CIDR Shortcomings

Multi-homing

ISPs-R-Us has a more specific route to
Organization 1
Organization 0
Send me anything with addresses beginning
200.23.16.0/20
Organization 2
Fly-By-Night-ISP
Internet
Organization 7
Send me anything with addresses beginning
199.31.0.0/16 or 200.23.18.0/23
ISPs-R-Us
Organization 1
51
NL Hierarchical routing in the Internet

Area routing
aggregate routers into regions, autonomous
systems (AS)
administrative autonomy
routers in same AS run same routing protocol
intra-AS routing protocol or interior gateway
protocol (IGP)
routers in different AS can run different
intra-AS routing protocol

special routers in AS
run intra-AS routing protocol with all other
routers in AS
also responsible for routing to destinations
outside AS
run inter-AS routing protocol or exterior gateway
protocol (EGP) with other gateway routers in
other ASs

52
NL Example 1
1
2
IGP
2.1
2.2
IGP
EGP
1.1
2.2.1
1.2
EGP
EGP
EGP
3
4.2
4.1
IGP
EGP
4
IGP
5
3.2
3.1
IGP
5.2
5.1
53
NL Example 2

Gateways
perform inter-AS routing amongst themselves
perform intra-AS routers with other routers in
their AS

b
a
a
C
B
d
A
network layer
inter-AS, intra-AS routing in gateway A.c
link layer
physical layer
54
NL Path Sub-optimality
1
2
2.1
2.2
1.1
2.2.1
1.2
1.2.1
start
end
3.2.1
3
3 hop red path vs. 2 hop green path
3.2
3.1
55
NL AS Categories

Stub an AS that has only a single connection to
one other AS - carries only local traffic.
Multi-homed an AS that has connections to more
than one AS, but does not carry transit traffic
Transit an AS that has connections to more than
one AS, and carries both transit and local
traffic (under certain policy restrictions)

56
NL AS categories example
Transit
Stub
Multi-homed
57
NL Specific IP routing protocols

Intra-AS routing protocols (interior routing
protocols)
GGP
RIP
IGRP
OSPF
Inter-AS routing protocols (exterior routing
protocols)
EGP
BGP

58
NL Intra-AS Routing

Generate Intra-AS routing tables
Also known as Interior Gateway Protocols (IGP)
Most common IGPs
Distance vector protocols
RIP Routing Information Protocol
IGRP Interior Gateway Routing Protocol (Cisco
propr.)
Link state protocols
OSPF Open Shortest Path First

59
NL Intra-AS Distance Vector Protocols

GGP Gateway-to-Gateway Protocol (1970s)
RIP Routing Information Protocol (1982)
IGRP Interior Gateway Routing Protocol (1988)

60
NL RIP (Routing Information Protocol)

Included in BSD-UNIX Distribution in 1982
Distance metric of hops (max 15 hops)
Vectors exchanged every 30 sec and when triggered
Static update period leads to synchronization
problems
Split horizon with poisonous reverse
RIP-2 in 1993 adds prefix mask for CIDR

61
NL RIP Link Failure and Recovery

If no advertisement heard after 180 sec --gt
neighbor/link declared dead
routes via neighbor invalidated
new advertisements sent to neighbors
neighbors in turn send out new advertisements (if
tables changed)
link failure info quickly propagates to entire
net
poison reverse used to prevent ping-pong loops
(infinite distance 16 hops)

62
NL RIP Table processing

RIP routing tables managed by application-level
process called route-d (daemon)
advertisements sent in UDP packets, periodically
repeated

63
NL RIP Table example (continued)

Router giroflee.eurocom.fr

Destination Gateway
Flags Ref Use Interface
-------------------- -------------------- -----
----- ------ --------- 127.0.0.1
127.0.0.1 UH 0 26492 lo0
192.168.2. 192.168.2.5 U
2 13 fa0 193.55.114.
193.55.114.6 U 3 58503 le0
192.168.3. 192.168.3.5 U
2 25 qaa0 224.0.0.0
193.55.114.6 U 3 0 le0
default 193.55.114.129 UG
0 143454
64
NL IGRP (Interior Gateway Routing Protocol)

CISCO proprietary successor of RIP (mid 80s)
Distance Vector, like RIP
several cost metrics (delay, bandwidth,
reliability, load etc)
90 sec update with triggered updates
Split horizon
V1 path holddown
V2 route poisoning
multiple path support
uses TCP to exchange routing updates
EIGRP
Loop-free routing via DUAL (based on diffused
computation)
CIDR support

65
NL Intra-AS Link State Protocols

OSPF
Hierarchical OSPF

66
NL OSPF (Open Shortest Path First)

Uses Link State algorithm
LS packet dissemination
Topology map at each node
Route computation using Dijkstras algorithm
OSPF advertisement carries one entry per neighbor
router
Advertisements disseminated to entire AS (via
flooding)

67
NL OSPF advanced features (not in RIP)

Security all OSPF messages authenticated (to
prevent malicious intrusion) TCP connections
used
Multiple same-cost paths allowed (only one path
in RIP)
For each link, multiple cost metrics for
different TOS (eg, satellite link cost set low
for best effort high for real time)
Integrated uni- and multicast support
Multicast OSPF (MOSPF) uses same topology data
base as OSPF
Hierarchical OSPF in large domains.

68
NL Hierarchical OSPF
69
NL Hierarchical OSPF

Two-level hierarchy local area, backbone.
Link-state advertisements only in area
each nodes has detailed area topology only know
direction (shortest path) to nets in other areas.
Area border routers summarize distances to
nets in own area, advertise to other Area Border
routers.
Backbone routers run OSPF routing limited to
backbone.
Boundary routers connect to other ASs.

70
NL Inter-AS routing
71
NL Why different Intra- and Inter-AS routing ?

Policy vs. Performance
Inter-AS
ISPs want control over how its traffic routed,
who routes through its net
policy and monetary factors dominate over
performance
Intra-AS
single administrative policy
performance dominates

72
NL History

Mid-80s EGP (Exterior Gateway Protocol)
Used in original ARPAnet
Reachability protocol (no shortest path)
Single bit for reachability information
Topology restricted to a tree (no cycles allowed)
ARPA-managed packet switches at top of tree
Unacceptable once Internet grew to multiple
independent backbones
Result BGP development

73
NL BGP

Link state or distance vector?
Problems with distance-vector
Bellman-Ford algorithm may not converge
Problems with link state
Metric used by routers not the same loops
No universal routing metric
Policy drives routing decisions
LS database too large entire Internet
May expose policies to other ASs

74
NL BGP

BGP (Border Gateway Protocol) the de facto
standard
Path Vector protocol
similar to Distance Vector protocol
each Border Gateway broadcast to neighbors
(peers) entire path (I.e, sequence of ASs) to
destination
E.g., Gateway X sends its path to dest. Z
Path (X,Z) X,Y1,Y2,Y3,,Z
When AS gets route check if AS already in path
If yes, reject route
If no, add self and (possibly) advertise route
further
Allows for policy application (different metrics)
Metrics are local - AS chooses path, protocol
ensures no loops
Supports CIDR aggregation (BGP4)
Supports alternative routes

75
NL Path Selection Criteria

Path attributes external (policy) information
Examples
Hop count
Policy considerations
Preference for AS
Presence or absence of certain AS
Path origin
Link dynamics
Early-exit
Hot-potato routing for transit packets

76
NL Policy with BGP

BGP provides capability for enforcing various
policies
Policies are not part of BGP they are provided
to BGP as configuration information
BGP enforces policies by choosing paths from
multiple alternatives and controlling
advertisement to other ASs

77
NL Examples of BGP Policies

A multi-homed AS refuses to act as transit
Limit path advertisement
A multi-homed AS can become transit for some ASs
Only advertise paths to some ASs
An AS can favor or disfavor certain ASs for
traffic transit from itself

78
NL Interconnecting BGP Peers

BGP uses TCP to connect peers
Advantages
Simplifies BGP
No need for periodic refresh - routes are valid
until withdrawn, or the connection is lost
Incremental updates
Disadvantages
Congestion control on a routing protocol?
Poor interaction during high load

79
NL Internet inter-AS routing BGP