Title: Subnetting, ICMP, NAT, BOOTP
1Subnetting, ICMP, NAT, BOOTP
- Network Protocols and Standards
- Autumn 2004-2005
2Subnet Routing
- Conventional routing table entry
- (network address, next hop address)
- Network address format is predetermined for a
given class (e.g., first 16 bits for class B
addresses!) - With subnetting, routing table entry becomes
- (subnet mask, network address, next hop address)
- Then compare with network address field of
entries to find next hop address - Subnet mask indicates the network address!
3Subnet Routing
- The use of mask generalizes the subnet routing
algorithm to handle all the special cases of the
standard algorithm - Routes to individual hosts
- Default route
- Routes to directly connected networks
- Routes to conventional networks (that do not use
subnet addressing) - Merely combine the 32-bit mask field with the
32-bit IP address - Example To install a route for
- Individual host (Mask of all 1s, Host IP
address) - Default Route (Mask of all 0s, network address
all 0s) - Class B network address (Mask of two octets of
1s and two of 0s)
4Subnet Routing
- Algorithm
- Extract destination IP (D) from datagram
- Compute IP address of destination network N
- If N matches any directly connected network
address - Send datagram over that network (obviously
encapsulated in a frame) - Else
- For each entry in the routing table, do
- N bitwise-AND of D and subnet mask
- If N equals the network address field of the
entry, then route the datagram to the specified
next hop
5Subnetting Example
- Consider a corporate network assigned a class C
address P.Q.R.00000000 - The company needs 5 subnets
- 2 subnets of 16 hosts each
- 3 subnets with 32, 64, and 128 hosts
- External routers reach the corporate via single
routing table entry - P.Q.R.0 network and 255.255.255.0 mask (if any)
- What about internal routers?
6Subnetting Example
IP addresses
Network/Subnet address
Subnet Mask
Subnet Name
S1
P.Q.R.0000 0000
255.255.255.1111 0000
P.Q.R.0000 hhhh
S2
P.Q.R.0001 0000
255.255.255.1111 0000
P.Q.R.0001 hhhh
S3
P.Q.R.001 00000
255.255.255.111 00000
P.Q.R.001 0 hhhh
255.255.255.111 00000
P.Q.R.001 1 hhhh
S4
P.Q.R.01 000000
255.255.255.11 000000
P.Q.R.01 00 hhhh
255.255.255.11 000000
P.Q.R.01 01 hhhh
255.255.255.11 000000
P.Q.R.01 10 hhhh
255.255.255.11 000000
P.Q.R.01 11 hhhh
S5
P.Q.R.1 0000000
255.255.255.1 0000000
P.Q.R.1 000 hhhh
255.255.255.1 0000000
P.Q.R.1 001 hhhh
255.255.255.1 0000000
P.Q.R.1 010 hhhh
255.255.255.1 0000000
P.Q.R.1 011 hhhh
255.255.255.1 0000000
P.Q.R.1 100 hhhh
255.255.255.1 0000000
P.Q.R.1 101 hhhh
255.255.255.1 0000000
P.Q.R.1 110 hhhh
255.255.255.1 0000000
P.Q.R.1 111 hhhh
7Subnetting Example
IP addresses
Network/Subnet address
Subnet Mask
Subnet Name
S1
P.Q.R.0000 0000
255.255.255.1111 0000
P.Q.R.0000 hhhh
S2
P.Q.R.0001 0000
255.255.255.1111 0000
P.Q.R.0001 hhhh
S3
P.Q.R.001 00000
255.255.255.1110 0000
P.Q.R.001 hhhhh
S4
255.255.255.11 000000
P.Q.R.01 hhhhhh
P.Q.R.01 000000
S5
255.255.255.1 0000000
P.Q.R.1 0000000
P.Q.R.1 hhhhhhh
8Subnetting Routing Table
Network/Subnet address
Subnet Mask
Next Hop/Port
P1
P.Q.R.0000 0000
255.255.255.1111 0000
P2
P.Q.R.0001 0000
255.255.255.1111 0000
P3
P.Q.R.0010 0000
255.255.255.1110 0000
P4
255.255.255.11 000000
P.Q.R.0100 0000
P5
255.255.255.1 0000000
P.Q.R.1000 0000
9Subnetting Routing Table
Network/Subnet address
Next Hop/Port
P.Q.R.0000 0000 / 28 P1
P.Q.R.0001 0000 / 28 P2
P.Q.R.0010 0000 / 27 P3
P.Q.R.0100 0000 / 26 P4
P.Q.R.1000 0000 / 25 P5
Number after / indicates number of bits to look
at!
10Subnetting Routing Table
Subnet S4 has 64 hosts. Can we make two subnets?
1648?
S4
255.255.255.11 000000
P.Q.R.01 hhhhhh
P.Q.R.01 000000
Old mask
Old subnet
New mask
P.Q.R.0100 0000
255.255.255.11 000000
P.Q.R.01 00 hhhh
255.255.255.1111 0000
P.Q.R.01 00 hhhh
255.255.255.11 000000
P.Q.R.01 01 hhhh
255.255.255.11 000000
P.Q.R.01 hhhhhh
255.255.255.11 000000
P.Q.R.01 10 hhhh
255.255.255.11 000000
P.Q.R.01 hhhhhh
255.255.255.11 000000
P.Q.R.01 11 hhhh
255.255.255.11 000000
P.Q.R.01 hhhhhh
S41
255.255.255.1111 0000
P.Q.R.0100 hhhh
P.Q.R.0100 0000
S42
255.255.255.11 000000
P.Q.R.01 hhhhhh
P.Q.R.01 000000
11Subnetting Routing Table
What if an IP in S42 is received? It will match
on the second entry! What if an IP in S41 is
received? It will match both entries! Which
entry should be used? USE LONGEST PREFIX MATCH
12Subnetting Routing Table
Where else longest prefix match can be used?
Network/Subnet address
Subnet Mask
Next Hop/Port
P1
P.Q.R.0000 0000
255.255.255.1111 0000
P2
P.Q.R.0001 0000
255.255.255.1111 0000
P345
P.Q.R.0010 0000
255.255.255.1110 0000
Router
Aggregate
P345
255.255.255.11 000000
P.Q.R.0100 0000
P345
255.255.255.1 0000000
P.Q.R.1000 0000
Network/Subnet address
Subnet Mask
Next Hop/Port
S1
Router
S2
P1
P.Q.R.0000 0000
255.255.255.1111 0000
P2
P.Q.R.0001 0000
255.255.255.1111 0000
P345
P.Q.R.0000 0000
255.255.255.0000 0000
S5
S3
S4
13Supernet Addressing
- Use of many IP network addresses for a single
organization - Example
- To conserve class B addresses, issue multiple
class C address to the same organization - Issue increase in the number of entries in the
routing tables for routers outside the network - Solutions
- Collapse a block of contiguous class C address
into the pair (network address, count) where
network address is the smallest number in the
block
14Supernet Addressing
- It requires each block to be a power of 2 and
uses bit mask to identify the size of the block - Example
- Dotted decimal 32-bit binary equivalent
- Lowest 234.170.168.0 11101010 10101010 10101000
00000000 - Highest 234.170.175.255 11101010 10101010
10101111 11111111 - A block of 2048 addresses
- 32-bit mask is 11111111 11111111 11111000
00000000 - Do we really need address classes when we have
masks? - Answer NO ? CIDR (Classless Inter Domain Routing)
15Supernet Addressing
- In the router, the entry consists of
- The lowest address and the 32-bit mask
- A block of addresses can be subdivided, and
separate route can be entered for each
subdivision - When looking up a route, the routing software
uses a longest-match paradigm to select a route
16ICMP Internet Control Message Protocol
- Network Protocols and Standards
- Autumn 2004-2005
17ICMP Motivation
- Questions in Routing
- What if a router cannot route or deliver a
datagram? - What if a router experiences congestion?
- What if the TTL expires?
- Router needs to inform the source to take action
to avoid or correct the problem - ICMP error reporting mechanism
- Can only report condition back to the original
source - Routers and hosts send error or control messages
to others - Specified in RFC 792
18ICMP
- ICMP messages are encapsulated in IP datagrams,
with protocol type 1 - In the data portion of the datagram, first byte
indicates the ICMP message type and the format
for the rest of the message - Some ICMP packets have a code that further
qualifies the type - Most ICMP messages include the full IP header
plus the first 8 bytes of the data portion of the
datagram they refer to - Helps sender identify the packet
- To avoid explosion of ICMP messages
- No ICMP packets are generated to report errors on
ICMP packets - If an ICMP message is generated about a
fragmented datagram, it is generated only for the
first fragment (fragment 0)
19Some ICMP Message Types
Type Field ICMP Message Type
0 Echo Reply
3 Destination Unreachable
4 Source Quench
5 Redirect (change a route)
8 Echo Request
9 Router Advertisement
10 Router Solicitation
11 Time Exceeded for a Datagram
12 Parameter Problem on a Datagram
13 Timestamp Request
14 Timestamp Reply
17 Address Mask Request
18 Address Mask Reply
Reference RFC 1700
20Echo Request/Reply
- Testing destination reachability and status
- Echo Request Message
- Echo Reply Message
- Command used to send ICMP echo request is, in
most systems, called ping - Echo request may contain some data, which is
returned unchanged in the reply - The ICMP Echo Request/Reply header also contains
a sequence number and identifier, to aid the host
in matching the request with the reply
21Echo Request/Reply
ICMP Echo Request or Reply Message Format
TYPE(0/8)
CODE(0)
CHECKSUM
IDENTIFIER
SEQUENCE NUMBER
OPTIONAL DATA
22Destination Unreachable
- Reports of unreachable destinations
- When a router can not forward or deliver an IP
datagram, it sends a destination unreachable
message back to the original source - Code determines specific condition (see table)
23Destination Unreachable
ICMP Destination Unreachable Message Format
TYPE(3)
CODE(0-12)
CHECKSUM
UNUSED (MUST BE ZERO)
INTERNET HEADERFIRST 8 BYTES OF DATA
24Destination Unreachable Codes
Code Value Meaning
0 Network Unreachable
1 Host Unreachable
2 Protocol Unreachable
3 Port Unreachable
4 Fragmentation Needed and DF Set
5 Source Route Failed
6 Destination Network Unknown
7 Destination Host Unknown
8 Source Host Isolated
9 Communication with Destination Network Administratively Prohibited
10 Communication with Destination Host Administratively Prohibited
11 Network Unreachable for Type of Service
12 Host Unreachable for Type of Service
25ICMP Source Quench
- Congestion and datagram flow control
- Report congestion to the original source
- Request to source to reduce current rate
- Usually sent for each datagram discarded
- Can be sent by a host or a router
- Some routers may be more sophisticated
- Monitor incoming traffic
- Quench sources that have the highest rates
- Avoid congestion by quenching before datagrams
are lost
26Source Quench
ICMP Source Quench Message Format
TYPE(4)
CODE(0)
CHECKSUM
UNUSED (MUST BE ZERO)
INTERNET HEADERFIRST 8 BYTES OF DATA
27ICMP Redirect Message
- Host sends a datagram to router R1 to be
forwarded to a certain destination - Router R1 looks at its routing table, and finds
the next router in the path as R2 - If R2 is directly accessible to the sending host,
R1 generates an ICMP Redirect Message back to the
sender. R1 also forwards the datagram to R2
normally - The purpose is to inform the host that there is a
better route to that destination
28ICMP Redirect Message
TYPE(5)
CODE(0-3)
CHECKSUM
SUGGESTED ROUTER INTERNET ADDRESS
INTERNET HEADERFIRST 8 BYTES OF DATA
Code Value Meaning
0 Redirect datagrams for the Net (now obsolete)
1 Redirect datagrams for the Host
2 Redirect datagrams for the Type of Service and Net
3 Redirect datagrams for the Type of Service and Host
29ICMP Time Exceeded
TYPE(11)
CODE(0/1)
CHECKSUM
UNUSED (MUST BE ZERO)
INTERNET HEADERFIRST 8 BYTES OF DATA
Code Value Meaning
0 Time-to-live count Exceeded
1 Fragment reassembly time exceeded
A router sends this message whenever a datagram
is discarded because the TTL field in the
datagram has reached zero or because its
reassembly timer Expired while waiting for
fragments
30Address Mask Request/Reply
- Obtaining a subnet mask
- ICMP address mask request message
- ICMP address mask reply message
- Request
- Sent directly to the router (if known)
- Broadcast (if router unknown)
- Response is unicast if the request contains a
valid IP address otherwise, it is a broadcast - Any host can respond (see RFC 950)
31Address Mask Request/Reply
TYPE(17/18)
CODE(0)
CHECKSUM
IDENTIFIER
SEQUENCE NUMBER
ADDRESS MASK
ICMP address mask request or reply message
format. Usually, hosts broadcast a request
without knowing which specific router will
respond.
32Router Advertisement/Solicitation
- Options for the host to learn the router
address(es) - Manually enter entries
- Not up to date and cumbersome
- Host listens to routing protocol messages
- Protocols and their messages differ
- Complexity is introduced at the host
- Use of ICMP messages as defined in RFC 1256
- Routers periodically send an ICMP router
Advertisement either broadcast or multicast - Hosts may solicit such advertisements with a
Router Solicitation message
33Router Advertisement
TYPE(9)
CODE(0)
CHECKSUM
LIFETIME (SEC)
NUM ADDRS
ADDR ENTRY SZIE 2
ROUTER ADDRESS 1
PREFERENCE LEVEL 1
ROUTER ADDRESS 2
PREFERENCE LEVEL 2
34Router Solicitation
TYPE(10)
CODE(0)
CHECKSUM
RESERVED
Default advertisement rate is once every 7-10
minutes The router solicitation message causes
the routers to send their advertisements
earlier Lifetime of advertisements is typically
30 minutes
35Application Traceroute
- Goal Find the path a packet takes between two
hosts - Originator host sends a series of packets,
starting with TTL1 and increasing the TTL for
each packet - The first router in the path will drop the TTL1
packet and send back an ICMP Time Exceeded - Host learns who is the first hop
- Second router in the path will drop the packet
that originated with TTL2 and send back an ICMP
Time Exceeded - Third router will do the same upon receiving
packet that originated with TTL3 - By collecting the ICMP responses, the host can
figure out the path taken by the packet. Will
this work?
36Application Traceroute
- Current method described above requires 2N
messages for a N-hop path - Will also give wrong results if path changes
- ICMP Traceroute (RFC 1393) can do it in N1
messages - Idea Define a traceroute IP option
- Send an IP packet with this option set
- Every intermediate system handling this packet
will send back an ICMP traceroute to the source
37Application Traceroute
Tracing route to nova.stanford.edu
171.64.90.123 over a maximum of 30 hops 1
lt10 ms lt10 ms lt10 ms shahalami.lums.edu.pk
203.128.0.1 2 1938 ms 1890 ms 1860 ms
202.125.139.29 3 1515 ms 1875 ms 1938 ms
202.125.139.249 4 1812 ms 1672 ms 1578 ms
202.125.159.53 5 1969 ms 1672 ms 1953 ms
203.208.147.85 6 1437 ms 1641 ms 1594 ms
p5-2.nycmny1-cr11.bbnplanet.net 4.25.14.41 7
1593 ms 1688 ms 1719 ms p3-0.nycmny1-nbr1.bbnpl
anet.net 4.24.10.78 8 1859 ms 1687
ms so-6-0-0.chcgil2-br2.bbnplanet.net
4.24.4.17 9 1610 ms 1718 ms 1625 ms
so-1-0-0.dnvtco1-br2.bbnplanet.net 4.24.9.62
10 1516 ms 1718 ms 2000 ms p15-0.snjpca1-br2.b
bnplanet.net 4.0.6.225 11 1922 ms 1844 ms
1562 ms p2-0.paix-bi3.bbnplanet.net 4.24.7.38
12 1562 ms 1813 ms 1812 ms p2-0.paix-bi2.bbnpl
anet.net 4.0.3.174 13 1828 ms 1625 ms 1688
ms p6-0.paloalto-nbr1.bbnplanet.net 4.0.6.97
14 1844 ms 1734 ms 2016 ms p1-0.paloalto-cr1.b
bnplanet.net 4.0.6.74 15 2031 ms 1813 ms
1687 ms p1-0-0.paloalto-cr13.bbnplanet.net
4.0.2.222 16 2109 ms 1985 ms 1937 ms
sunet-gateway.stanford.edu 198.31.10.1 17
Request timed out. 18
Request timed out. 19
2078 ms 2203 ms 2078 ms nova.Stanford.EDU
171.64.90.123
38Application Traceroute
traceroute to suraj.lums.edu.pk (203.128.0.6)
1-30 hops, 38 byte packets 1
quad-rtr.Stanford.EDU (171.64.90.1) 1.49 ms
(ttl64!) 1.25 ms (ttl64!) 1.32 ms (ttl64!)
2 default-gateway-2.Stanford.EDU (198.31.86.129)
2.27 ms 1.98 ms 2.82 ms 3 sunet-gateway.Stanf
ord.EDU (198.31.86.1) 2.18 ms 1.18 ms 1.25 ms
4 g1.ba21.b003123-1.sfo01.atlas.cogentco.com
(66.250.7.137) 3.27 ms 3.79 ms 3.04 ms 5
g1-1.core01.sfo01.atlas.cogentco.com (66.28.6.9)
4.23 ms 3.40 ms 3.18 ms 6 p5-0.core03.sfo01.at
las.cogentco.com (66.28.4.146) 3.44 ms 3.51 ms
5.33 ms 7 ds3.st-paix.ix.singtel.com
(198.32.176.50) 10.9 ms (ttl248!) 10.2 ms
(ttl248!) 12.1 ms (ttl248!) 8
p6-1.plapx-cr1.ix.singtel.com (203.208.172.45)
12.9 ms 13.5 ms 13.6 ms 9 POS2-0.above-core1.i
x.singtel.com (202.160.250.45) 14.6 ms 14.0 ms
13.3 ms 10 203.208.154.94 (203.208.154.94) 63.7
ms 58.7 ms 57.6 ms 11 203.208.154.97
(203.208.154.97) 78.1 ms (ttl244!) 80.7 ms
(ttl244!) 82.0 ms (ttl244!) 12
203.208.154.102 (203.208.154.102) 79.9 ms 80.5
ms 78.3 ms 13 203.208.147.86 (203.208.147.86)
373 ms (ttl241!) 323 ms (ttl241!) 310 ms
(ttl241!) 14 202.125.159.46 (202.125.159.46)
326 ms (ttl240!) 329 ms (ttl240!) 328 ms
(ttl240!) 15 202.125.139.250 (202.125.139.250)
328 ms (ttl239!) 326 ms (ttl239!) 326 ms
(ttl239!) 16 202.125.139.30 (202.125.139.30)
2075 ms (ttl238!) 2146 ms (ttl238!) 2216 ms
(ttl238!) 17 suraj.lums.edu.pk (203.128.0.6)
2395 ms (ttl237!) 2294 ms (ttl237!) 2209 ms
(ttl237!)
39Network Address Translation
- Network Protocols and Standards
- Autumn 2004-2005
40Private Networks
- Private networks have no direct connection to
the Internet - Blocks of addresses have been reserved for the
private networks (RFC 1918) - Blocks in different classes
- 10.0.0.0 10.255.255.255 (1 class A)
- 172.16.0.0 172.31.255.255 (16 class B)
- 192.168.0.0 192.168.255.255 (256 class C)
41Purpose
- Machines in the protected network can access the
Internet normally - Packets coming from the protected network all
appear to be coming from IP1 - Addresses in the protected network are in the
private range
Internet
Host 1
Host 2
Firewall
IP1
IP2
Host N
Protected Network
42Implementation
- Hosts inside the private network are configured
to use the firewall (IP2) as their gateway - The firewall rewrites the IP datagram header for
the outbound packets, replacing the source IP
with IP1 - All packets seem to be coming from IP1
- The destination IP in the packets received from
the Internet is IP1 it is rewritten replacing
IP1 with the IP address of the internal
destination - Problem How to figure out what is the right
destination in the private network?
43Demultiplexing Incoming Packets
- There is not enough information in the IP header
to demultiplex incoming packets - It is necessary to use information from the
higher layers (transport layer) - Common transport layers TCP and UDP
- Transport layer has the concept of port which
identifies which process in the host should
finally get the packet
44Ports
- 16-bit numbers identifying which process should
get the packet - UDP and TCP ports exist in different spaces
- Each packet carries two port numbers
- The source port of the process which generated it
in the source host - The destination port of the process which should
get it at the destination
Telnet
FTP
TCP
UDP
IP
45Implementation (revisited)
- Upon receiving an outbound packet from a host in
the private network, the firewall - Rewrites the source IP with its own IP (IP1)
- Generates a local source port and rewrites the
source port in the packet as this port and makes
a record of it - Upon receiving an inbound packet from the
Internet, the firewall checks whether the
destination port in the packet is in the list of
local ports - If not, the packet is dropped
- Can not initiate connections from outside!
- If yes, the firewall knows where to send this
packet
46Dynamic Addressing
- Network Protocols and Standards
- Autumn 2004-2005
47BOOTP
- Alternative to RARP
- RARP operates at a low level, requesting the
direct access to the network hardware - Difficult for an application programmer to build
a server - RARP gives only the IP address
48BOOTP
- Devised to allow a machine to obtain
- Its IP address
- Address of a router
- Subnet mask to use
- Address of a name server
- Can be implemented with an application program
- Uses UDP/IP for communication
49BOOTP
- Using IP to determine an IP address
- Request from a client is broadcast on the local
network using IP address all 1s - Since the client does not know its IP address
(yet!), the reply from the server must also be
broadcast otherwise - Using clients IP address would require use of ARP
to map IP address to a hardware address, which in
turn requires client to already know its IP
address - Using clients request to manually add an entry
to its ARP cache Not desirable
50BOOTP
- Reliability in communication is based on
- UDP checksum
- Timeout and retransmissions
- To minimize collisions among many clients, use
random timeouts - Increase timeouts with each retransmission
- Starting with the interval 0-4 seconds
- Doubling interval each retransmission up to 60s
51BOOTP Message Format
0 8 16 24 31 bits
OP
HTYPE
HLEN
HOPS
Transaction ID
Seconds
Unused
Client IP Address
Your IP Address
Server IP Address
Router IP Address
Client Hardware Address (16 octets)
Server Hostname (64 octets)
Boot File Name (128 octets)
Vendor-specific area (64 octets)
52BOOTP Message
- Field OP
- Specifies whether a request(1) or reply(2)
- HTYPE and HLEN
- Hardware type and address length (For Ethernet,
HTYPE is 1 and HLEN is 6) - HOPS
- Client passes 0 in this field BOOTP server
increments it if the request is passed to another
server across a router - Transaction ID
- Contains an integer that machines use to match
requests with responses - Seconds
- Number of seconds since the client started to boot
53BOOTP Message
- Remaining fields in the message
- To allow the greatest flexibility
- Clients fill in as much information as they know
unknown fields are set to zero - Example
- If server IP or server hostname are non-zero,
only the server with matching address/name will
answer the request - If they are zero, any server that receives the
request will reply
54BOOTP Message Format
- BOOTP can be used by a client that already knows
its IP address (e.g., to obtain boot file
information) - A client that knows its IP address places it in
the client IP address field other clients set
this field to zero - If the clients IP address in the request message
is zero, a server returns the client IP address
in the your IP address field
55DHCP
- Dynamic Host Configuration Protocol
- RARP and BOOTP designed for relatively static
environment - Each host a permanent network connection
- Manager creates a BOOTP configuration file
specifying BOOTP parameters for each host - Manager configures server with mapping of host
identifier to IP address - New Requirements
- Portable computers
- Number of computers exceeds available IP host
addresses (although not all will be up and
running at the same time)
56DHCP
- DHCP allows
- Manual configuration
- Automatic configuration
- Manager let DHCP server assign a permanent
address when a computer first attaches to the
network - Dynamic configuration
- Loaning IP addresses for a limited time