HaeKwang Kim

1
Internet Networking - 1-

• 2001.
• Hae-Kwang Kim
• Sejong University

2
Internet Addresses
A
0
7 bits netid
24 bits hostid
0.0.0.0 to 127.255.255.255
B
1 0
16 bits hostid
14 bits netid
128.0.0.0 to 191.255.255.255
1 1 0
C
21 bits netid
8 bits hostid
192.0.0.0 to 223.255.255.255
1 1 1 0
D
28 bits multicast groupid
224.0.0.0 to 239.255.255.255
E
1 1 1 1
28 bits reserved
240.0.0.0 to 255.255.255.255
3
Encapsulation
user data
user data
Appl. header
TCP header
Application data
IP header
TCP header
Application data
Ethernet header
IP header
TCP header
Application data
Ethernet tailer
4
Header info for demultiplexing

• 8bit protocol field in IP header
• 1 ICMP, 2 IGMP, 6 TCP, 17 UDP
• 16bit port number for TCP/UDP header
• identify applications
• 16bit frame type fled in Ethernet header
• identify IP, ARP, RARP

5
Demultiplexing
User process
User process
User process
User process
TCP
UDP
ICMP
IGMP
IP
ARP
RARP
Ethernet drive
An Ethernet frame
6
Client-Server Model

• Concurrent Server (in general, TCP server)
• 1. Wait for a client request to arrive
• 2. Start a new server to handle this clients
  request
• new process, task, thread
• 3. the new server handles this clients request
• 4. When complete, the new server terminates
• Iterative server (in general, UDP server)
• no multiple concurrent clients

7
Port numbers

• Application identification
• Well known port numbers
• FTP server 21
• Telnet server 23
• TFTP server 69
• IANA (Internet Assigned Numbers Authority)
• between 1 to 1023
• Unix specific services 2561023
• Telnet vs. Rlogin
• Client dont care port numbers
• unique on the host
• ephemeral ports (1024 - 5000)
• solaris 2.2 start at 32768

8
Port number repository on Unix

• File
• /etc/services
• grep telnet /etc/services
• telnet 23/tcp
• grep domain /etc/services
• reserved ports 1-1023
• only used by process with superuser privilege

9
Internet standard Organization

• ISOC
• IAB
• 15 members
• final editorial and technical review board
• IETF
• develop standard specifications
• IRTF
• long-term research projects

10
RFCs

• Official standards and information purposes
• RFC index
• replacement or update by a newer RFC
• Important RFCs
• The assigned Numbers RFC (1340)
• Internet Official Protocol Standards RFC (1600)
• state of standardization standard, draft
  standard, proposed standard, experimental,
  informational, historic
• requirement level required, recommended,
  elective, limited user or not recommended
• Host Requirements RFC (1122/1123)
• link, network, transport, application layers
• Router requirements RFC (1009)

11
Standard simple services

• Why Odd numbers for port number?
• NCP used pair of odd-even connections
• echo (port number 7)
• discard (port number 9)
• daytime (port number 13)
• chargen (port number 19)
• time (port number 37)

12
TCP/IP implementations

• UC at Berkely
• API
• sockets (Berkely Sockets)
• TLI (Transport Layer Interface) - ATT

13
Link-Layer

• Conveys
• IP datagrams
• ARP/RARP requests/replies
• many types of networking hardware
• token ring, FDDI, RS-232
• Ethernet
• serial interfaces (SLIP and PPP)
• loopback driver

14
Ethernet and IEEE802

• 1982 by DEC, Intel and Xerox
• CSMA/CD (Carrier Sense, Multiple Access with
  Collision Detection)
• 10 Mbits/sec
• 48-bit addresses
• IEEE 802
• 802.3 (CSMA/CD), 802.4(token bus), 802.5 (token
  ring), 802.2 (LLC)
• different frame format from Ethernet

15
Host Requirements RFC for Ethernet 10Mbits/sec

• Send and receive packets using RFC 894 (Ethernet
  encapsulation)
• Receive RFC 1042 (IEEE 802) packets intermixed
  with RFC 894 packets
• Send packets using RFC 1042 encapsulation

16
Encapsulation (802.2/802.3) RFC 1042
Dest. address
Source address
length
802.3 MAC
DSAP AA
SSAP AA
Cntr 03
802.2 LLC
Org code 00
Type
data
CRC
Type
IP datagram
802.2 SNAP
Type
ARP request/reply
PAD
Type
RARP request/reply
PAD
17
Encapsulation (Ethernet) RFC 894
Dest. address
Source address
length
802.3 MAC
Type
data
CRC
Type
IP datagram
Type
ARP request/reply
PAD
Type
RARP request/reply
PAD
18
IEEE 802 vs Ethernet

• 802.3 allows 16-bit addresses
• hardware address
• ARP/RARP
• map between 32-bit IP address / 48-bit address
• non of the 802 length values is the same as the
  Ethernet type values
• data size
• 802 38-1492 bytes
• Ethernet 46-1500 bytes

19
Trailer encapsulation (893)

• Rearrange the order of the fields in the IP
  datagram
• variable-length fields (IP header and the TCP
  header) were moved to the end, right before CRC
• data portion of the frame to be mapped to a
  hardware page, saving a memory-to-memory copy
  when the data is copied in the kernel
• TCP data that is a multiple of 512 bytes in size
  can be moved by just manipulating the kernels
  page tables
• Two hosts negotiated the use of trailer
  encapsulation using an extension of ARP
• Different Ethernet frame type values are defined
  for these frames
• Deprecated

20
SLIP Serial Line IP (RFC 1055)

• Simple form of encapsulation for IP datagrams
• Connecting Home systems to Internet
• RS-232, high-speed modems
• SLIP framing rules
• IP datagram is started and terminated by the
  special character END (0xc0)
• If a byte of the IP datagram equals the END
  character,
• 2 byte sequence 0xdb (SLIP ESC character), 0xdc
  is transmitted instead
• If a byte of the IP datagram equals the SLIP ESC
  character, the 2-byte sequence 0xdb, 0xdd is
  transmitted instead

21
Difficiency of SLIP

• Each end must know the others IP address
• No type field
• No checksum
• upper layers provide some form of CRC
• always a checksum for the IP header, TCP header
  and TCP data
• newer modems can detect and correct corrupted
  frames
• popular as the speed and reliability of modems
  increase

22
Compressed SLIP

• SLIP is
• slow (19200 bits/sec below)
• used for interactive traffic (Telnet, Rlogin)
• many small TCP packets
• To carry on3 byte of data, a 20-byte IP header
  and a 20-byte TCP header
• CSLIP (Newer version) RFC 1144
• 3 or head 5 bytes er
• maintains the stae of up to 16 tCP connections on
  each end of the CSLIP link
• some of the fields in the two headers for a given
  conection normally dont change
• Of the fileds that do change, most change by a
  small positive amount

23
PPP Point-to-Point Protocol

• Two kind of links
• an asynchronous link with 8 bits of data and no
  parity
• bit-oriented synchronous links
• Link Control Protocol
• establish, configure and test the data-link
  connection
• each end negotiate various options
• Family of network control protocols (NCPs)
• specific to different network layer protocols
  (RFCs for IP, OSI network layer, DECnet and
  AppleTalk)
• IP NCP allows each end to specify if it can
  perform header compression)

24
PPP encapsulation (RFC 1548)
flag 7E
Address FF
Control 03
802.3 MAC
protocol
information
CRC
flag 7E
Protocol 0021
IP datagram
Protocol c021
Link control data
Protocol 8021
Network control data
25
Escaping for flag code, 0x7e

• Synchronous link
• done by hardware using bit stuffing
• Asynchronous link
• 0x7d is used for escape character
• when 0x7d appears in a PPP frame, the character
  has had its sixth bit complemented
• 0x7e is transmitted by 0x7d, 0x5e
• 0x7d is transmitted by 0x7d, 0x5d
• for ASCII control character, the sixth bit is
  turned on, for example, 0x01 is transmitted by
  0x7d, 0x21
• its possible touse the link control protocol to
  specify which, if any, of these 32 values must be
  escaped

26
SLIP- enhancement

• Using Link control protocol
• negotiate to omit the constant address and
  control fields and to reduce the protocol field
  form 2 bytes to 1 byte.
• PPP overhead 3 bytes
• 1 byte for the protocol field and 2 bytes for the
  CRC
• SLIP 2 bytes
• Using IP network control protocol,
• negotiate to use Van Jacobson header compression

27
Advantage of PPP over SLIP

• Support for multiple protocols on a single serial
  line
• CRC on every frame
• Dynamic negotiation of the IP address for each
  end (using the IP network control protocol)
• TCP/IP header compression
• a link control protocol for negotiating many
  data-link options
• The price
• 3 bytes of additional overhead per frame
• a few frames of negotiation when the link is
  established
• more complex implementation

28
Loopback interface

• Allows a client and server on the same host to
  communicate with each other using TCP/IP
• The class A network ID 127 is reserved for the
  loopback interface
• IP address of 127.0.0.1 to this interface (local
  host)
• An IP datagram sent to the loopback interface
  must not appear on any network
• No short circuiting some of the transport layer
  logic and all of the network layer logic
• complete processing of the data in the transport
  layer and network layer
• seems inefficient, simplifies the design
  considering the loopback interface appears as
  just another link layer

29
Processing of IP datagrams by loopback interface
IP input function
IP output function
Destination IP address equal broadcast address or
multicast address?
Place on IP input queue
Place on IP input queue
yes
no
yes
Destination IP address equal interface IP address?
Loop back driver
no
ARP
Demultiplex based on Ethernet frame type
send
recieve
30
MTU (Maximum transmission unit)

• Ethernet (1500), IEEE 802 (1492)
• If IP datagram is larger than the MTU
• fragmentation
• Path MTU
• smallest MTU of any data link that packets
  traverse between the two hosts
• depends on route being used at any time
• path MTU need not be the same in the two
  directions

31
Serial Line Throughput Calculations

• Line speed 9600 bits/sec, 8 bits/byte, 1 start
  and 1 stop bits
• line speed is 960 bytes/sec
• transferring a 1024-byte packet takes 1066ms
• with SLIP for an interactive application, along
  with an FTP that sends or receives 1024-byte
  packets, should wait on average 533ms to send
  interactive packets
• type-of-service queueing place interactive
  traffic ahead of bulk data traffic
• an interactive response time longer than 100-200
  ms is bad
• round-trip time for a packet to be sent and
  response be returned ( normally a character echo)

32
Serial Line Throughput Calculations

• Reducing MTU of the SLIPO link to 256
• 133ms wait half reducing
• not perfect but good for bulk data transfer
• Assuming 5-byte CSLIP header, 256 bytes of data
• 98.1 of the line to data and 1.9 to headers
• reducing MTU below 256 reduces the maximum
  throughput for bulk data transfers
• MTU is a value that IP queries the link layer for
• must include the normal TCP and IP headers
• This is how IP makes its framentation decision
• IP knows nothing about the header compression
  that CSLIP performs

33
Serial Line Throughput Calculations

• When only interactive traffic is being exchanged
• 1 byte of data in each direction (assuming 5-byte
  compressed headers) takes around 12.5 ms for the
  round trip at 9600 bits/sec
• compressing the headers from 40 bytes to 5 bytes
  reduces the round-trip time for the 1 byte of
  data from 85 to 12.5ms
• For newer error correcting, compressing modems,
  difficult to calculate
• the number of bytes sent over the network reduced
• error correction may increase the amount of time
  to transfer these bytes

34
IP (RFC 791)

• TCP, UDP, ICMP, IGMP dta gets transmitted as IP
  datagrams
• an unreliable, delivery service
• Simple error handling algorithm
• throw away the datagram and send an ICMP message
  back to the source
• any required reliability should be provided by
  TCP
• connectionless datagram
• out of order delivery
• each datagram may follow different route

35
IP Header
32 (LSB)
0 (MSB)
4-bit version
4-bit header length
8-bit type of service (TOS)
16-bit total length (in bytes)
16-bit identification
3-bit flags
13-bit fragment offset
8-bit protocol
16-bit jeader checksum
8-bit time to live (TTL)
32-bit source IP address
32-bit destination IP address
Options (if any)
data
36
IP header

• Big endian (Network byte order)
• Most signficant byte first transmission
• TOS Minimize delay, Maximize throughput,
  Maximize reliability, Minimize monetary cost
  only one bit can be turned on
• not supported by most TCP/IP implementations
• new routing protocols OSPF and IS-IS are based on
  this field
• SLIP drivers provide type-of-service queueing,
  allowing interactive traffic to be handled before
  bulk data
• it looks the protocol field to see if its a TCP
  segment and then checks the source and
  destination TCP port number to see if its for
  interactive service

37
IP header

• Big endian (Network byte order)
• Most signficant byte first transmission
• TOS Minimize delay, Maximize throughput,
  Maximize reliability, Minimize monetary cost
  only one bit can be turned on
• not supported by most TCP/IP implementations
• new routing protocols OSPF and IS-IS are based on
  this field
• SLIP drivers provide type-of-service queueing,
  allowing interactive traffic to be handled before
  bulk data
• it looks the protocol field to see if its a TCP
  segment and then checks the source and
  destination TCP port number to see if its for
  interactive service

38
Recommended values for type-of-service field

• Telnet and Rlogin minimum delay
• FTP maximum through put
• SNMP maximum reliability
• NNTP minimize monetary cost
• ICMP no setting

39
IP Header

• Maximum size of IP datagram 65535 bytes
• most data link layer fragment this
• a host is not required to receive a datagram
  larger than 576 bytes
• With UDP, numerous applications (RIP, TFTP,
  BOOTP,DNS, SNMP) limit to 512 bytes of user data
• Most implementations (especially NFS allow for
  just over 8192-byte IP datagrams)
• Some data links pad small frames to be a minimum
  length (Ethernet 46 bytes)
• total length enable to guess about what portion
  of Ethernet frame actually is IP datagram when
  the IP datagram is smaller than 46 bytes

40
IP Header

• Identification
• uniquely identifies each datgram sent by a host
• increments by one each time a datagram is sent
• used for fragmentation and reassembly with flags
  and fragmentation offset
• TTL
• upper limit on the number of routers through
  which a datagram passes
• decremented by on by every router
• when reaches to 0, the datagram is thrown away
  and the sender is notified with ICMP message

41
Header Checksum

• Same checksum for ICMP, IGMP, UDP, TCP, IP
• Checksum computing
• the checksum 0
• 16-bit ones complement sum of the header
• receiver verifies all one-bit checksum
• IP discards the datagram, no error-message
• a router often changes only the TTL filed
• incrementally upodate the checksum without
  recalculating

42
Options (variable-length list of optional
information)

• Security and handling restrictions
• record rout
• timestamp
• loose source routing
• strict source routing
• always ends on a 32-bit boundary
• IP header is always a multiple of 32 bits

43
IP routing

• When the destination is directed connected to the
  host or on a shared network
• the IP datagram is sent directly to the
  destination
• Otherwise
• the host sends the datagram to a default router
  which will deliver the datagram to its
  destination
• the host can be itself a router
• A host embedding a router never forward datagram
  unless it is configured to to so
• the IP layer has a routing table in memory that
  it searches each time it receives a datagram to
  send
• When IP layer receives a datagram, if it contains
  its address or broadcasting address, it is sent
  to the protocol module in the protocol field,
  else the datagram is forwarded if configured to
  act as a router

44
Entry of routing table

• Destination address
• complete host address (non-zero hostid) or
  network address (hostid 0 depending on the flag
• IP address of a next-hop router or of a directly
  connected network
• Flags
• if destination address is host address or network
  address
• if next-hop router is real next-hop router or a
  directly connected interface
• Specification of which network interface the
  datagram should be passed to for transmission
• Assumption
• the next-hop router is closer to the destination
  than the sending host and the next-hop router is
  directly connected to the sending host

45
IP routing action

• 1. Search the complete destination IP address
  (networkid and hostid) in the routing table (RT)
• if found, send the packet to the indicated
  next-hop router or to the directly connected
  interface, point-to-point links
• 2. Search the destination network IP address
  (networkid) in the RT
• if found, send the packet to the indicated
  next-hop router or to the directly connected
  interface
• all the hosts on the destination network can be
  handled
• must take into accout a possible subnet mask
• 3. Search the routing table for an entry labeled
  default, send the packet to the indicated
  next-hop router
• if non-of these is successful, undeliverable
  message host unreachable, network unreachable
  ICMP message to the sending application
• Default routes, along with the ICMP redirect
  message sent by a next-hop router, when
  forwarding fails

46
IP routing example from bsdi to sun
Destination network 140.252.13.0
bsdi
sun
.13.15
.13.33
Ethernet IP 140.252.13
IP hdr
Link hdr
Destination IP 140.252.13.33
Destination Ethernet of 140.252.13.33
47
Link hdr
IP hdr
bsdi
Ethernet IP 140.252.1
.1.183
Next hop 140.252.1.4 (default)
netb
modem
SLIP
IP hdr
Destination IP 192.48.96.9
modem
.1.29
Next hop 140.252.1.183 (default)
bsdi
sun
.13.15
.13.33
Ethernet IP 140.252.13
IP hdr
Link hdr
Destination IP 192.48.96.9
Destination Ethernet of 140.252.13.33
48
Subnet addressing

• Host ID portion is divided into a subnet ID and a
  host ID (too many hostids for a network)
• local system administrator decide to subnet or
  not
• Class B IP address example

8-bit subnetid
8-bit hostid
Netid140.252

• Allows 254 subnets, with 254 hosts per subnet
• Subnetting hides the details of internal network
  organization
• reduces the size of the Internets routing tables
• only one routing table for all the subnetworks

49
.57.0
192.68.189.0
.82.0
R57
.52.0
.53.0
.54.0
.55.0
.58.0
.60.0
R192
R82
R52
R53
R54
R55
R60
R58
KP
.51.0
.81.0
140.252.104.1 Internet
aix
GATE
solaris
.1.0
.1.92
.1.32
.1.4
.1.183
.1.11
R2
R3
gem
R4
R7
R6
R10
netb
R8
.3.54
.2.0
.3.0
.4.0
.6.0
.7.0
.8.0
.9.0
.10.0
.11.0
.1.29
.13.65
.13.66
R12
sun
svr
bsd
slip
.13.35
.13.36
.12.0
.13.0
50
Subnet mask

• When host bootstraps
• ip address, subnet mask is configured 0xffffff00
  255.255.255.0
• given its own IP Address and its subnet mask, a
  host know if a datagram is destined for
• a host on its own subnet
• a host on a different subnet on its own network
• a host on a different network

11111111 (subnetid)
00000000 (hostid)
1111111111111111 (networkid)
51
Subnet mask example

• Assumption
• Host address is 140.252.1.1 (class B)
• subnet mask is 255.255.255.0
• Which network?
• destination IP address is 140.252.4.5
• destination IP address is 140.252.1.22
• destination IP address is 192.43.235.6

52
Special case IP addresses
53
A subnet example (variable length subnets)
140.252.104.1
gateway
.4
Ethernet subnet 140.252.1
140.252.1.29
SLIP subnet 140.252.13.64
bsdi
sun
SLIP
sun
.35
.66
.35
.34
.33
Ethernet subnet 140.252.13.32
54
A subnet example (variable length subnets)
11111111 111 (subnetid)
00000 (hostid)
1111111111111111 (networkid)
Subnet mask 0xffffffe0 255.255.255.224
55
Ifconfig command

• Configure or query a network interfacer for use
  by TCP/IP
• normally run at bootstrap time to configure each
  interface on a host
• for SLIP links, ifconfig should run everytime the
  link is brought up or down
• sun /user/etc/ifconfig -a
• le0 flags 63ltUP,BROADCAST, NOTRALIERS,
  RUNNINGgt
• inet 140.252.13.33 netmask ffffffe0 broadcast
  140.252.13.63
• s10 flags 1051ltUP,POINTTOPOINT,, RUNNING,
  LINK0gt
• inet 140.252.1.29 --gt 140.252.1.83 netmask
  ffffff00
• lo0 flags 49 ltUP, LOOPBACK,, RUNNINGgt
• inet 127.0.0.1 netmask ff000000

56
Netstat command

• Provides informatin about the interfaces on a
  system
• - i flag prints the interface information
• - n flag IP addresses instead of hostnames
• sun netstat -in

57
IP futures

• Short of IP addresses
• flat routing structure
• one routing table entry for each network
• CIDR (Classless Interdomain routing)
• IPng (IPv6)
• 64 bit address, etc.

58
ARP (Address Resolution Protocol) RFC 826

• Address resolution
• A mapping between the two different forms of
  addresses
• ARP
• 32 bit IP address -gt 48 bit Ethernet
• RARP
• 48-bit Ethernet address -gt 32-bit IP address

59
ARP Procedure

• ARP is intended for broadcast networks
• ARP sends an broadcast Ethernet frame called an
  ARP request containing the IP address of the
  destination host
• The host corresponding the IP address replies its
  IP and hardware address with ARP reply frame

60
ARP cache

• Maintenance of an ARP cache on each host
• the recent mapping fro IP addresses to hardware
  addresses
• normal expiration time of an entry in the cache
  is 20 minutes
• arp command
• bsdi arp -a
• sun (140.252.13.33) at 80203f642

61
ARP packet format
Ehternet (6) destinaton addr
Frame type (2)
Ehternet source addr (6)
Hard type (2)
Proto type (2)
Op (2)
Hard size (1)
Proto size (1)
Sender Ehternet addr (6)
sender IP addr (4)
target Ehternet addr (6)
target IP addr (4)
62
ARP examples

• bsdi arp -a
• bsdi telnet svr4.discard
• Trying 140.252.13.34
• connected to svr4.
• Escape character is .
• telnetgt quit
• connection closed

63
ARP examples

• Sun tcpdump -e
• 1. 0.0 00c06f2d40 ffffffffffff arp 60
• arp who-has svr4 tell bsdi
• 2. 0.002174 (0.0022) 00c0c29b26
  00c06f2d40 arp 60
• arp reply svr4 is-at 00c0c29b26
• 3. 0.002831 (0.007) 00c06f2d40
  00c0c29b26 ip 60
• bsdi.1030 gt svr4.discard S 596459521
  596459521(0)
• win 4096 ltmss 1024gt tos 0x10
• 4. 0.007834 (0.0050) 00c0c29b26
  00c06f2d40 ip 60
• svr4.discard gt bsdi.1030 S 3562228255
  3562228255(0)
• ack 596459521 win 4096 ltmss 1024gt
• 5. 0.009615 (0.0018) 00c06f2d40
  00c0c29b26 ip 60
• bsdi.1030 gt svr4.discard .ack 1 win 4096
  tos 0x10

64
ARP request to no n-existent host

• bsdi date telnet 140.252.13.36date
• Sat Jan 30 064633 MST 1993
• Trying 140.252.13.36
• telnet Unable to connect to remote host
  connection timed out
• Sat Jan 30 064749 MST 1993
• bsdi arp -a
• ? (140.252.13.36) at (incomplete)

65
ARP examples

• Sun tcpdump
• 1 0.0 arp who-has 140.252.13.36 tell bsdi
• 2 5.509069 (5.5091) arp who-has 140.252.13.36
  tell bsdi
• 3 29.509745 (24.0007) arp who-has 140.252.13.36
  tell bsdi
• ARP Timeout (Berkely-derived implementations)
• 20 minutes for a completed entry
• 3 minutes for an incomplete entry

66
Proxy ARP

• Lets a router answer ARP requests on one of its
  networks for a host on another of its networks
• promiscuous ARP (ARP hack)
• hide two physical networks
• hide a gourp of hosts with older implementations
  of TCP/IP on a separate physical cable

67
Gratuitous ARP

• When a host sends an ARP request looking for its
  own IP address
• occur when bootstrap time
• bsdi bootstrap, tcpdump on sun
• 1. 0.0 00c06f2d40 ffffffffffff arp 60
• arp who-has 40.252.13.35 tell 140.252.13.35
• gratutious ARP provides
• a host determine if another host is already
  configured with the sampe IP address
• if reply is received, print on the console,
  duplicate PI address sent from Ethernet address
  abcde f
• if the host sending the gratutious ARP has just
  changed its hardware address, causes other host
  to change an entry in its cache
• When ARP request is received, the host updates
  its entry with the hardware address

68
Backup server

• Issue a gratutious ARP request with t
• he backups hardware address
• the failed servers IP address

69
Arp command

• -a display all the entries in the cache
• -d delete an entry
• -s adding an entry with host name and ethernet
  address
• permanent, no timeout
• with keyword pub, ARP agent for the host
• when the ethernet address is its own proxy ARP

70
gemini
ARP request for 140.252.1.29
Ethernet IP 140.252.1
.1.183
netb
ARP reply
modem
SLIP
modem
.65
.66
.1.29
sun
slip
bsdi
.33
.35
Ethernet IP 140.252.13
Gemini arp -a netb (140.252.1.183) at
030ad36a80 sun (140.252.1.29) at
030ad36a80