Internet Support Protocols

1
Internet Support Protocols
2
ICMP Internet Control Message Protocol

• Internet Control Message Protocol
• Handles special Internet control functions
• Responsibilities
• Reporting unreachable destinations
• Reporting IP packet header problems
• Reporting routing problems
• Reporting echoes (pings)

3
ICMP

• Protocol for error detection and reporting
• tightly coupled with IP, unreliable
• ICMP messages delivered in IP packets
• ICMP functions
• Announce network errors
• Announce network congestion
• Assist trouble shooting
• Announce timeouts

4
ICMP MSG
IP header Source, Destination Address, TTL, ...
ICMP MSG Message type, Code, Checksum, Data
Message type examples (Figure 6.3 in Stevens
book)
0 (8) echo request (reply) 3 destination
unreachable 4 source quench 11 time exceeded
5
Specific uses of ICMP

• Echo request reply
• Can be used to check if a host is alive
• Address mask request/reply
• Learn the subnet mask
• Destination unreachable
• Invalid address and/or port
• TTL expired
• Routing loops, or too far away

6
Ping

• Program that uses ICMP echo request/reply
• Source sends ICMP echo request message to the
  destination address
• Echo request packet contains sequence number and
  timestamp
• Destination replies with an ICMP echo reply
  message containing the data in the original echo
  request message
• Source can calculate round trip time (RTT) of
  packets
• If no echo reply comes back then the destination
  reported as unreachable
• Some routers drop ICMP packets for security
  reasons

7
Ping (contd)
R1
R2
R3
A
B
Echo request
Time
Echo reply
8
Traceroute

• Traceroute is an application that reports the
  routes packets take
• Its strategy is a clever use of the TTL field
• When a router receives a packet, it decrements
  TTL
• If TTL0, the router drops the packet and sends
  an ICMP time exceeded message back to the sender
• To determine the route, progressively increase
  TTL of a UDP packet on a likely unused port
• Every time an ICMP time exceeded message is
  received, record the senders (routers) address
• Repeat until the destination host is reached or
  an error message occurs

9
Traceroute
Te Time exceeded Pu Port unreachable
R1
R2
R3
A
B
TTL1, Dest B, port invalid
Te (R1)
TTL2, Dest B
Te (R2)
Time
TTL3, Dest B
Te (R3)
TTL4, Dest B
Pu (B)
10
Traceroute Examle

• 1 lcsr-gw (128.6.13.21) 1.206 ms 0.973 ms
  0.782 ms
• 2 rucs-gw (165.230.212.129) 0.697 ms 0.569 ms
  0.571 ms
• 3 transition2-gw (165.230.12.145) 2.786 ms
  0.994 ms 0.769 ms
• 4 rutgers-gw.Rutgers.EDU (198.151.130.209)
  1.726 ms 2.048 ms 1.278 ms
• 5 rutgers-gw.Rutgers.EDU (198.151.130.209)
  1.755 ms 1.241 ms 1.828 ms
• 6 198.151.130.226 (198.151.130.226) 2.748 ms
  3.070 ms 2.640 ms
• 7 clev-nycm.abilene.ucaid.edu (198.32.8.29)
  15.162 ms 14.619 ms 14.663 ms
• 8 ipls-clev.abilene.ucaid.edu (198.32.8.25)
  21.220 ms 22.497 ms 21.450 ms
• 9 kscy-ipls.abilene.ucaid.edu (198.32.8.5)
  30.257 ms 30.604 ms 30.969 ms
• 10 dnvr-kscy.abilene.ucaid.edu (198.32.8.13)
  40.823 ms 41.181 ms 41.076 ms
• 11 snva-dnvr.abilene.ucaid.edu (198.32.8.1)
  65.436 ms 66.068 ms 65.569 ms
• 12 198.32.249.161 (198.32.249.161) 65.673 ms
  65.771 ms 66.006 ms
• 13 BERK--SUNV.POS.calren2.net (198.32.249.13)
  67.183 ms 67.131 ms 66.858 ms
• 14 pos1-0.inr-000-eva.Berkeley.EDU (128.32.0.89)
  67.192 ms 66.749 ms 67.720 ms
• 15 vlan198.inr-201-eva.Berkeley.EDU
  (128.32.0.194) 67.373 ms 67.067 ms 67.821 ms
• 16 fast8-0-0.inr-210-cory.Berkeley.EDU
  (128.32.255.122) 67.634 ms 68.735 ms 68.413 ms
• 17 GE.cory-gw.EECS.Berkeley.EDU (169.229.1.46)
  67.575 ms 68.222 ms 67.772 ms
• 18 gig8-1.snr1.CS.Berkeley.EDU (169.229.3.66)
  67.454 ms 67.988 ms 67.177 ms
• 19 now.CS.Berkeley.EDU (128.32.44.96) 67.892 ms
  67.818 ms

11
DHCP

• DHCP Dynamic Host Configuration Protocol
• DHCP features
• Dynamic IP address allocation
• IP addresses can be leased for a certain time
• Useful where there are a limited number of IP
  addresses
• Useful for temporary connections (testing,
  laptops, mobile networks)
• Make administrating networks easier

12
Why DHCP

• Bad old days Every host assigned an IP address
  manually
• Do normal users want to deal with this task?
• What if I move my computer to a new network?
• DHCP allows hosts to receive IP addresses (and
  more) during boot
• IP addresses dont have to be manually configured
  into hosts
• Centralization of host to IP address mapping task
• Hosts viewed as a uniform pool, not specific IP
  addresses

13
DHCP

• DHCP has two components
• A protocol for delivering bootstrap information
  from the server to the clients
• An algorithm for dynamically assigning addresses
  to clients

14
Address Allocation Modes

• DHCP supports three modes of allocation
• Automatic allocation Server assigns a permanent
  address to a host
• Dynamic allocation Server assigns a host an IP
  address with a finite lease
• Manual allocation Server assigns host an IP
  address chosen by the network administrator

15
DHCP Packets (contd)
0 7 8
15 16
23 24 31
Request/Reply
Hardware type
Hardware address length in bytes
Hop count
Transaction ID
Number of seconds
Flags
Client IP address
Your IP address
Server IP address
Gateway IP address
Client hardware address (16 bytes)
Server hostname (64 bytes)
Boot filename (128 bytes)
Options (312 bytes)
16
DHCP Packet Fields

• Flags One flag currently defined
• Broadcast (bit 0) Clients can request that all
  DHCP server messages be broadcast to it
• Options
• All DHCP packets must use the DHCP message type
  option, which defines the type of DHCP message
  being sent
• DHCPDISCOVER
• DHCPOFFER
• DHCPREQUEST
• DHCPACK
• DHCPNAK
• etc.

17
DHCP Message types

• DHCP message types
• DHCP Discover Client broadcasts to locate a
  server
• DHCP Offer Server responds with proposal of
  parameters
• DHCP Request Client broadcasts its choice of
  server. All other servers are implicitly
  declined.
• DHCP ACK Selected server responds to client with
  address
• DHCP NAK Selected server rejects the clients
  request
• DHCP Decline Client declines servers parameters
• DHCP Release Client releases its assigned address

18
DHCP Protocol
Server 1
Server 2
Client
DHCPDISCOVER
DHCPDISCOVER
DHCPOFFER
DHCPOFFER
Collects replies Selects server 2
DHCPREQUEST
DHCPREQUEST
DHCPACK
19
DHCP Protocol

• DHCP client broadcasts a DHCP Discover message
• Client may specify preference of a lease and/or
  IP address
• Many servers may respond with offers
• Client chooses one server from them
• Client broadcasts DHCP request with id of chosen
  server
• Selected server sends DHCP ACK or NAK
• Client begins using offered IP address once it
  receives ACK
• If the client finds a problem, it sends a DHCP
  Decline message to the server and starts over
  again
• Client may choose to release the address before
  lease expires by sending a DHCP Release message
  to the server

20
DHCP Relay Agents

• Similar to BOOTP Relay Agents
• DHCP relay agents allow DHCP servers to handle
  requests from other subnets

DHCP Relay Agent
Client
IP Gateway Router
IP Gateway Router
DHCP Server
21
NAT Network Address Translation

• Every host needs an IP address
• IPv4 address space is limited
• It is expensive to get an IP address for every
  device that may be connected to the internet
• May not want to allow outsiders access as all
• E.g. security concerns
• IETF has set aside private IP address for use
  within a network but can be translated into a
  fixed public address by a special router
• NAT box

22
Private IP addreses

• 10.0.0.0 - 10.255.255.255 (10/8 prefix)
• 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
• 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
  
• These addresses can be assigned to any of the
  machines within a network but will be translated
  to a public address by the NAT router
• Ports are used to distinguish among multiple
  addresses that need to be mapped from one public
  address to multiple private addresses

23
NAT

• NAT idea map internal address space to single
  public address expanded port space
• NAT router maintains mappings between a public
  address port and a private address and port
• Keep a table of internal addresses/ports and
  external hosts/ports contacted from the internals
  

10.0.0.1/ 1000
128.6.8.4/8001
128.6.8.4/8002
10.0.0.2/ 1000
10.0.0.3/ 5001
128.6.8.4/8004
Private LAN side
Public WAN side
24
Disadvantages

• It is a hack
• Works only with TCP/UPD port connections
• NAT has to understand all higher layer
  application protocols to correctly map the port
• Every packet needs to be remapped
• Must rewrite layer 3 and 4 headers for every
  packet
• What happens if a service sends its IP address
  in the data of the packet? (E.g. FTP)

25
Mobile-IP
26
Mobile users

• Explosion in usage of hand helds
• Anytime, anywhere wireless services
• Some connectivity everywhere
• Many-time, many-where (Infostations)
• Users can be connected when moving
• Users can be connect and disconnect to different
  networks

27
Mobility vs connectivity

• New research problems
• Continuous connectivity for a mobile host
• Seamless movement between networks
• Mobile systems
• Move from place to place while being wireless
• Move from place to place by plugging-in at
  different attachment points
• Why maintain connectivity?
• Avoid restarting applications/networks

28
IP address problem

• Internet hosts/interfaces are identified by IP
  address
• Domain name service translates host name to IP
  address
• IP address identifies host/interface and locates
  its network
• Mixes naming and location
• Moving to another network requires different
  network address
• But this would change the hosts identity
• How can we still reach that host?

29
Basic idea
Home Agent
Foreign Agent
MH Mobile Host
CH correspondent HOST
30
Basic idea

• Mobile hosts attaches to foreign network and
  obtains guest address
• Via DHCP
• Via Foreign agent
• Registration with local agent
• LA has list of all foreign hosts visiting the
  network

31
Routing for mobile hosts
MH mobile host
Foreign network
Home network
CH correspondent host
How to direct packets to moving hosts
transparently?
Home network
Foreign network
32
Use ARP

• A designated router proxy-ARPs for mobile host

I have MH1
H4
Who has MH1? Know? mh1_at_h4
MH1
33
Basic Mobile IP to mobile hosts
MH mobile host CH correspondent host HA
home agent FA foreign agent
(Well see later that FA is not necessary or even
desirable)
Foreign network
Home network
HA
FA

• MH registers new care-of address (FA) with HA
• HA tunnels packets to FA
• FA decapsulates packets and delivers them to MH

34
IP-in-IP (Packet encapsulation)
Packet from CH to MH
Source address address of CH Destination
address home IP address of MH Payload
Home agent intercepts above packet and tunnels it
Source address address of HA Destination
address care-of address of MH Source address
address of CH Destination address home IP
address of MH Original payload
35
When mobile host moves again
Foreign network 1
Home network
FA 1
HA
Foreign network 2
FA 2
CH

• MH registers new address (FA 2) with HA FA 1
• HA tunnels packets to FA 2, which delivers them
  to MH
• Packets in flight can be forwarded from FA 1 to
  FA 2

36
Basic Mobile IP - from mobile hosts
Mobile hosts also send packets
Foreign network
Home network
FA
HA

• Mobile host uses its home IP address as source
  address
• Lower latency as MH can send packets directly to
  CH
• Still transparent to correspondent host
• This is called a triangle route or a dog-leg
  route

37
Problems with Foreign Agents

• Assumption of support from foreign networks
• A foreign agent exists in all networks you visit
• The foreign agent is robust and up and running
• The foreign agent is trustworthy

38
Solution

• Mobile host is responsible for itself
• (With help from infrastructure in its home
  network)
• Mobile host decapsulates packets
• Mobile host sends its own packets
• Co-located FA on MH

Foreign network
Home network

• MH must acquire its own IP address in foreign
  network
• This address is its new care-of address
• Mobile IP spec allows for this option

39
Obtaining a foreign IP address

• How to get a new IP address?
• DHCP
• Dynamic IP address binding like some dial-up
  services

40
Problems with ingress/egress filtering
Home network
Foreign network

• Mobile host uses its home IP address as source
  address
• Security-conscious boundary routers will drop
  this packet
• An egress router will see a packet with source
  address that does not belonging to its network

41
Solution bi-directional tunnel
Home network
Foreign network

• Provide choice of safe route through home agent
  both ways
• Use encapsulation in both directions (MH? CH and
  CH ? MH)

42
Solution yet more flexibility

• Use current care-of address and send packet
  directly
• This is regular IP!
• This is not mobility but portability

43
Do we need Mobile IP

• When do we really need this
• Mobile clients have short lived sessions
• Reconnect on move
• Most mobile users are in private net
• Mobile servers?