COMS W49951 Lecture 3

1
COMS W4995-1Lecture 3
2
IP Addressing

• Today
• IP addressing
• Data link protocols and ARP
• Notes about lab

3
IP Addressing

• Addressing defines how addresses are allocated
  and the structure of addresses
• IPv4
• Classful IP addresses (obsolete)
• Classless inter-domain routing (CIDR) (RFC 854,
  current standard)
• IP Version 6 addresses

4
What is an IP Address?

• Why Addresses?
• End-to-end argument (principle)
• Reading
• http//web.mit.edu/Saltzer/www/publications/endtoe
  nd/endtoend.pdf
• Keep it Simple, Stupid

5
What is an IP Address?

• An IP address is a unique global address for a
  network interface.
• An IP address uniquely identifies a network
  location.
• http//www.arin.net/whois
• http//www.iana.org/ipaddress/ip-addresses.htm
• Routers forwards a packet based on the
  destination address of the packet.

6
IPv4 Addresses
7
IP v.4 Addresses
8
IP v.4 Addressing

• An IP address is often written in dotted decimal
  notation
• Each byte is identified by a decimal number in
  the range 0..255

10001111
10000000
10001001
10010000
1st Byte 128
2nd Byte 143
3rd Byte 137
4th Byte 144
128.143.137.144
9
Structure of an IP address
31
0
network prefix
host number

• An IP address encodes both a network number
  (network prefix) and an interface number (host
  number).
• network prefix identifies a network
• the host number identifies a specific host
  (actually, interface on the network).

10
How long the network prefix is?

• Before 1993 The network prefix is implicitly
  defined (class-based addressing)
• After 1993 The network prefix is indicated by a
  netmask.

11
Before 1993 Class-based addressing

• The Internet address space was divided up into
  classes
• Class A Network prefix is 8 bits long
• Class B Network prefix is 16 bits long
• Class C Network prefix is 24 bits long
• Class D is multicast address
• Class E is reserved

12
Classful IP Adresses (Until 1993)

• Each IP address contained a key which identifies
  the class
• Class A IP address starts with 0
• Class B IP address starts with 10
• Class C IP address starts with 110
• Class D IP address starts with 1110
• Class E IP address starts wit 11110

13
The old way Internet Address Classes
14
The old way Internet Address Classes
15
The old way Internet Address Classes
16
Problems with Classful IP Addresses

• Fast growing routing table size
• Each router must have an entry for every network
  prefix
• 221 2,097,152 class C networks
• In 1993, the size of routing tables started to
  outgrow the capacity of routers

17
Other problems with classful addresses

• Address depletion for large networks
• Class A and Class B addresses were gone
• How many class A/B network prefixes can there be?
• Limited flexibility for network addresses
• Class A and B addresses are overkill (64,000
  addresses)
• Class C address is insufficient (256 addresses)

18
Classless Inter-domain routing (CIDR) 1993

• Full description RFC 1518 1519
• Network prefix is of variable length
• Addresses are allocated hierarchically
• Routers aggregate multiple address prefixes into
  one routing entry to minimize routing table size

19
CIDR network prefix is variable length
144
16
128
59
10001111
10000000
10001001
10010000
Addr
255
255
0
255
11111111
11111111
1111111
00000000
Mask

• A network mask specifies the number of bits used
  to identify a network in an IP address.
• How?

20
CIDR notation

• CIDR notation of an IP address
• 128.143.137.144/24
• /24 is the prefix length. It states that the
  first 24 bits are the network prefix of the
  address (and the remaining 8 bits are available
  for specific host addresses)
• CIDR notation can nicely express blocks of
  addresses
• An address block
• 128.195.0.0, 128.195.255.255
• can be represented by an address prefix
  128.195.0.0/16
• How many addresses are there in a /x address
  block?
• 2 (32-x)

21
CIDR hierarchical address allocation
128.0.0.0/8
ISP
128.59.0.0/16
128.1.0.0/16
128.2.0.0/16
University
128.59.16.150
Foo.com
Bar.com
CS
Library
128.59.16.0/24
128.59.44.0/24

• IP addresses are hierarchically allocated.
• An ISP obtains an address block from a Regional
  Internet Registry
• An ISP allocates a subdivision of the address
  block to an organization
• An organization recursively allocates subdivision
  of its address block to its networks
• A host in a network obtains an address within the
  address block assigned to the network

22
Hierarchical address allocation
128.59.16.0 255
128.59.16.150
128.59.0.0 128.59.255.255
128.0.0.0 - 128.255.255.255

• ISP obtains an address block 128.0.0.0/8 ?
  128.0.0.0, 128.255.255.255
• ISP allocates 128.59.0.0/16 (128.59.0.0,
  128.59.255.255) to the university.
• University allocates 128.59.16.0/24
  (128.59.16.0, 128.59.16.255) to the CS
  departments network
• A host on the CS departments network gets one IP
  address 128.59.16.150

23
CIDR allows route aggregation
You can reach 128.0.0.0/8 via ISP1
128.0.0.0/8
ISP3
ISP1
128.1.0.0/16
128.2.0.0/16
128.59.0.0/16
University
Foo.com
Bar.com
CS
Library

• ISP1 announces one address prefix 128.0.0.0./8 to
  ISP2
• ISP2 can use one routing entry to reach all
  networks connected to ISP1

24
CIDR summary

• A network prefix is of variable length
  a.b.c.d/x
• Addresses are hierarchical allocated
• Routers aggregate multiple address prefixes into
  one routing entry to minimize routing table
  size.
• Security is still an issue
• Secure Routing Path validation

25
What problems CIDR does not solve (I)
You can reach 128.0.0.0/8 And 204.1.0.0/16 via
ISP1
ISP3
ISP1
ISP2
128.0.0.0/8
204.0.0.0/8
204.1.0.0/16
Mutil-home.com
204.1.0.0/16

• An multi-homing site still adds one entry into
  global routing tables

26
What problems CIDR does not solve (II)
You can reach 128.0.0.0/8 And 204.1.0.0/16 via
ISP1
ISP3
ISP1
ISP2
128.0.0.0/8
204.0.0.0/8
128.0.0.0/8 ISP1
204.1.0.0/16
Switched.com
204.1.0.0/16

• A site switches provider without renumbering
  still adds one entry into global routing tables

27
Global routing tables continue to grow
Source http//bgp.potaroo.net/as4637/
28
Special IPv4 Addresses

• Reserved or (by convention) special addresses
• Loopback interfaces
• all addresses 127.0.0.1-127.255.255.255 are
  reserved for loopback interfaces
• Most systems use 127.0.0.1 as loopback address
• loopback interface is associated with name
  localhost
• Broadcast address
• Host number is all ones, e.g., 128.143.255.255
• Broadcast goes to all hosts on the network
• Often ignored due to security concerns
• Test / Experimental addresses
• 10.0.0.0 - 10.255.255.255
• 172.16.0.0 - 172.31.255.255
• 192.168.0.0 - 192.168.255.255
• Convention (but not a reserved address)
• Default gateway has host number set to 1, e.g.,
  128.195.4.1

29
Special IPv4 Addresses (RFC 3330)
30
IP Addressing (Summary)

• Addressing defines how addresses are allocated
  and the structure of addresses
• IPv4
• Classful IP addresses (obsolete)
• Classless inter-domain routing (CIDR) (current
  standard)
• IP Version 6 addresses

31
IPv6 - IP Version 6

• IP Version 6
• Designed to be the successor to the currently
  used IPv4
• Specification completed in 1994
• Makes improvements to IPv4 (no revolutionary
  changes)
• One (not the only !) feature of IPv6 is a
  significant increase in of the IP address to 128
  bits (16 bytes)
• IPv6 will solve for the foreseeable future
  the problems with IP addressing
• 1024 addresses per square inch on the surface of
  the Earth.

32
IPv6 Header
33
Notation of IPv6 addresses

• Convention The 128-bit IPv6 address is written
  as eight 16-bit integers (using hexadecimal
  digits for each integer)
• CEDFBP7632454464FACE2E503025DF12
• Short notation
• Abbreviations of leading zeroes
• CEDFBP7600000000009E00003025DF12 ?
  CEDFBP76009E 03025DF12
• 000000000000 can be written as
• CEDFBP7600FACE03025DF12 ?
  CEDFBP76FACE03025DF12

34
IPv4 address in IPv6

• IPv6 addresses derived from IPv4 addresses have
  96 leading zero bits.
• Convention allows to use IPv4 notation for the
  last 32 bits.
• 808F8990 ? 128.143.137.144

35
IPv6 vs. IPv4 Address Comparison

• IPv4 has a maximum of
• 232 ? 4 billion addresses
• IPv6 has a maximum of
• 2128 (232)4 ? 4 billion x 4 billion x 4
  billion x 4 billion addresses
• Is IPv6 widely deployed?

36
Data Link Layer

• The main tasks of the data link layer are
• Transfer data from the network layer of one
  machine to the network layer of another machine
• Convert the raw bit stream of the physical layer
  into groups of bits (frames)

37
TCP/IP Protocol Stack

• The TCP/IP protocol stack runs on top of multiple
  data link layers.
• Two data link layer technologies
• Broadcast
• Point-to-Point

38
Two types of networks at the data link layer

• Broadcast Networks All stations share a single
  communication channel
• Point-to-Point Networks Pairs of hosts (or
  routers) are directly connected
• Typically, local area networks (LANs) are
  broadcast and wide area networks (WANs) are
  point-to-point

39
Local Area Networks

• Local area networks (LANs) connect computers
  within a building or a enterprise network
• Almost all LANs are broadcast networks
• Typical topologies of LANs are bus or ring or
  star
• We will work with Ethernet LANs. Ethernet has a
  bus or star topology.

40
MAC and LLC

• In any broadcast network, the stations must
  ensure that only one station transmits at a time
  on the shared communication channel
• The protocol that determines who can transmit on
  a broadcast channel are called Medium Access
  Control (MAC) protocol
• The MAC protocol are implemented in the MAC
  sublayer which is the lower sublayer of the
  data link layer
• The higher portion of the data link layer is
  often called Logical Link Control (LLC)

41
IEEE 802 Standards

• IEEE 802 is a family of standards for LANs, which
  defines an LLC and several MAC sublayers

Higher layer issues
LLC
CSMA/CS
Token bus
Token ring
Wireless lan
42
Ethernet

• Speed 10Mbps -10 Gbps
• Standard 802.3, Ethernet II (DIX)
• Most popular physical layers for Ethernet
• 10Base5 Thick Ethernet 10 Mbps coax cable
• 10Base2 Thin Ethernet 10 Mbps coax cable
• 10Base-T 10 Mbps Twisted Pair
• 100Base-TX 100 Mbps over Category 5 twisted pair
• 100Base-FX 100 Mbps over Fiber Optics
• 1000Base-FX 1Gbps over Fiber Optics
• 10000Base-FX 1Gbps over Fiber Optics (for wide
  area links)

43
Bus Topology

• 10Base5 and 10xBase2 Ethernets has a bus topology

44
Star Topology

• Starting with 10Base-T, stations are connected to
  a hub in a star configuration

45
Ethernet Hubs vs. Ethernet Switches

• An Ethernet switch is a packet switch for
  Ethernet frames
• Buffering of frames prevents collisions.
• Each port is isolated and builds its own
  collision domain
• An Ethernet Hub does not perform buffering
• Collisions occur if two frames arrive at the same
  time.

Hub
Switch
46
Ethernet and IEEE 802.3 Any Difference?

• There are two types of Ethernet frames in use,
  with subtle differences
• Ethernet (Ethernet II, DIX (Digital-Intel-Xerox)
  
• An industry standards from 1982 that is based on
  the first implementation of CSMA/CD by Xerox.
• Predominant version of CSMA/CD in the US.
• 802.3
• IEEEs version of CSMA/CD from 1985.
• Interoperates with 802.2 (LLC) as higher layer.
• Difference for our purposes Ethernet and 802.3
  use different methods to encapsulate an IP
  datagram.

47
Ethernet II, DIX Encapsulation (RFC 894)
48
IEEE 802.2/802.3 Encapsulation (RFC 1042)
49
Point-to-Point (serial) links

• Many data link connections are point-to-point
  serial links
• Dial-in or DSL access connects hosts to access
  routers
• Routers are connected by high-speed
  point-to-point links
• Here, IP hosts and routers are connected by a
  serial cable
• Data link layer protocols for point-to-point
  links are simple
• Main role is encapsulation of IP datagrams
• No media access control needed

50
Data Link Protocols for Point-to-Point links

• SLIP (Serial Line IP)
• First protocol for sending IP datagrams over
  dial-up links (from 1988)
• Encapsulation, not much else
• PPP (Point-to-Point Protocol)
• Successor to SLIP (1992), with added
  functionality
• Used for dial-in and for high-speed routers
• HDLC (High-level Data Link Control)
• Widely used and influential standard (1979)
• Default protocol for serial links on Cisco
  routers
• Actually, PPP is based on a variant of HDLC

51
PPP - IP encapsulation

• The frame format of PPP is similar to HDLC and
  the 802.2 LLC frame format
• PPP assumes a duplex circuit
• Note PPP does not use addresses
• Usual maximum frame size is 1500

52
Additional PPP functionality

• In addition to encapsulation, PPP supports
• multiple network layer protocols (protocol
  multiplexing)
• Link configuration
• Link quality testing
• Error detection
• Option negotiation
• Address notification
• Authentication
• The above functions are supported by helper
  protocols
• LCP
• PAP, CHAP
• NCP

53
PPP Support protocols

• Link management The link control protocol (LCP)
  is responsible for establishing, configuring, and
  negotiating a data-link connection. LCP also
  monitors the link quality and is used to
  terminate the link.
• Authentication Authentication is optional. PPP
  supports two authentication protocols Password
  Authentication Protocol (PAP) and Challenge
  Handshake Authentication Protocol (CHAP).
• Network protocol configuration PPP has network
  control protocols (NCPs) for numerous network
  layer protocols. The IP control protocol (IPCP)
  negotiates IP address assignments and other
  parameters when IP is used as network layer.

54
Address Resolution Protocol(ARP)
55
Overview
56
ARP and RARP

• Note
• The Internet is based on IP addresses
• Data link protocols (Ethernet, FDDI, ATM) may
  have different (MAC) addresses
• The ARP and RARP protocols perform the
  translation between IP addresses and MAC layer
  addresses
• We will discuss ARP for broadcast LANs,
  particularly Ethernet LANs

57
Processing of IP packets by network device
drivers
58
Address Translation with ARP

• ARP Request Argon broadcasts an ARP request to
  all stations on the network What is the
  hardware address of 128.143.137.1?

59
Address Translation with ARP

• ARP Reply Router 137 responds with an ARP Reply
  which contains the hardware address

60
ARP Packet Format
61
Example

• ARP Request from Argon
• Source hardware address 00a02471e444Sourc
  e protocol address 128.143.137.144Target
  hardware address 000000000000Target
  protocol address 128.143.137.1
• ARP Reply from Router137
• Source hardware address 00e0f923a820
  Source protocol address 128.143.137.1 Target
  hardware address 00a02471e444Target
  protocol address 128.143.137.144

62
ARP Cache

• Since sending an ARP request/reply for each IP
  datagram is inefficient, hosts maintain a cache
  (ARP Cache) of current entries. The entries
  expire after a time interval.
• Contents of the ARP Cache
• (128.143.71.37) at 00104BC5D115 ether on
  eth0
• (128.143.71.36) at 00B0D0E117D5 ether on
  eth0
• (128.143.71.35) at 00B0D0DE70E6 ether on
  eth0
• (128.143.136.90) at 00053C062735 ether on
  eth1
• (128.143.71.34) at 00B0D0E117DB ether on
  eth0
• (128.143.71.33) at 00B0D0E117DF ether on
  eth0

63
Proxy ARP

• Proxy ARP Host or router responds to ARP Request
  that arrives from one of its connected networks
  for a host that is on another of its connected
  networks.

64
Things to know about ARP

• What happens if an ARP Request is made for a
  non-existing host?
• Several ARP requests are made with increasing
  time intervals between requests. Entually, ARP
  gives up (timeout).
• On some systems (including Linux) a host
  periodically sends ARP Requests for all addresses
  listed in the ARP cache. This refreshes the ARP
  cache content, but also introduces traffic.
• Gratuitous ARP Requests A host sends an ARP
  request for its own IP address
• Useful for detecting if an IP address has already
  been assigned.

65
Vulnerabilities of ARP

• Since ARP does not authenticate requests or
  replies, ARP Requests and Replies can be forged
• ARP is stateless ARP Replies can be sent without
  a corresponding ARP Request
• According to the ARP protocol specification, a
  node receiving an ARP packet (Request or Reply)
  must update its local ARP cache with the
  information in the source fields, if the
  receiving node already has an entry for the IP
  address of the source in its ARP cache. (This
  applies for ARP Request packets and for ARP Reply
  packets)

66
Vulnerabilities of ARP

• Typical exploitation of these vulnerabilities
• A forged ARP Request or Reply can be used to
  update the ARP cache of a remote system with a
  forged entry (ARP Poisoning)
• This can be used to redirect IP traffic to other
  hosts

67
Some notes on Lab 2
68
What is a single-segment network?
128.59.2.0/24
128.59.2.100
128.59.1.0/24
128.59.1.100
128.59.2.1
128.59.1.1
128.59.1.200
128.59.3.1
128.59.1.300
128.59.2.200
128.59.3.0/24
128.59.3.200
128.59.3.100

• A single-segment network consists of interfaces
  connected by a single physical link, either a
  point-to-point link or a broadcast link.
• Interfaces on the same single-segment network
  have the same network prefix.

69
How to identify a single segment IP network
128.59.2.100
128.59.1.100
128.59.2.1
128.59.1.1
128.59.1.200
128.59.3.1
128.59.1.300
128.59.2.200
128.59.3.200
128.59.3.100

• Detach interfaces from routers or hosts
• Each isolated island is a single segment IP
  network
• Each interface on the same single segment IP
  network must have the same network address prefix

70
Protocol specification vs implementation

• According to the ARP protocol specification, a
  node receiving an ARP packet (Request or Reply)
  must update its local ARP cache with the
  information in the source fields, if the
  receiving node already has an entry for the IP
  address of the source in its ARP cache. (This
  applies for ARP Request packets and for ARP Reply
  packets)
• Implementation may differ from the specification
• What you observe in the lab may not be
  universally true.