Network Protocols

1
Network Protocols

• IP addressing Classes
• IP packet format
• ARP and RARP
• ICMP

2
The Function of Protocols

• As protocols serve their functions in the OSI
  model, they might work at one or many layers
• When a set of protocols works cooperatively, its
  called a protocol stack or protocol suite
• The most common protocol stack is TCP/IP, the
  Internet protocol suite
• IPX/SPX, used in older versions of Novell
  NetWare, is disappearing as companies upgrade to
  newer versions of NetWare
• Levels of a protocol stack map to their functions
  in the OSI model

3
Routable vs. Nonroutable Protocols

• The network layer (OSI) is responsible for moving
  data across multiple networks
• Routers are responsible for routing process
• Protocol suites that function at Network layer
  are routable or routed protocols otherwise, they
  are called nonroutable
• TCP/IP and IPX/SPX are routable protocols
• An older and nearly obsolete protocol, NetBEUI,
  is a nonroutable protocol that works well in
  small networks, but its performance drops
  considerably as a network grows.

4
Protocols in a Layered Architecture
5
Network Protocols

• Some popular network protocols include
• Internet Protocol version 4 (IPv4 or simply IP)
• Provides addressing and routing information
• Internetwork Packet Exchange (IPX)
• Novells protocol for packet routing and
  forwarding
• Belongs to the IPX/SPX protocol suite
• Serves many of the same functions as TCP/IPs IP
• Internet Protocol version 6 (IPv6)
• A new version of IP thats being implemented on
  many current networking devices and operating
  systems
• Addresses some weaknesses of IPv4

6
Common Protocol Suites

• Because most protocols contain a combination of
  components, these components are usually bundled
  as a protocol suite
• TCP/IP
• Dominates the networking arena to the point of
  making most of the other suites nearly obsolete
• IPX/SPX
• NetBIOS/NetBEUI
• AppleTalk

7
TCP/IP Network Layer Protocols

• Internet Protocol version 4 (IPv4) is a Network
  layer protocol that provides source and
  destination addressing and routing for the TCP/IP
  suite
• Connectionless protocol fast but unreliable
• Internet Control Message Protocol (ICMP) is a
  Network layer protocol used to send error and
  control messages between systems or devices
• The Ping utility uses ICMP to request a response
  from a remote host to verify availability
• Address Resolution Protocol (ARP) resolves
  logical (IP) addresses to physical (MAC) addresses

8
IP Service

• IP provide provides an unreliable connectionless
  best effort service (also called datagram
  service).
• Unreliable IP does not make an attempt to
  recover lost packets
• Connectionless Each packet (datagram) is
  handled independently. IP is not aware that
  packets between hosts may be sent in a logical
  sequence
• Best effort IP does not make guarantees on the
  service (no throughput guarantee, no delay
  guarantee,)
• Consequences
• Higher layer protocols have to deal with losses
  or with duplicate packets
• Packets may be delivered out-of-sequence

9
IP Service

• IP supports the following services
• one-to-one (unicast)
• one-to-all (broadcast)
• one-to-several (multicast)
• IP multicast also supports a many-to-many
  service.
• IP multicast requires support of other protocols
  (IGMP, multicast routing)

unicast
broadcast
multicast
10
Internet Addresses (IP Addresses)

• Defined when IP was standardized in 1981
• IP addresses are 32-bit long and consist of
• a network address part network identifier
• a host address part host number within that
  network
• IP addresses are grouped into classes (A,B,C)
  depending on the size of the network identifier
  and the host part of the address
• A fourth class (Class D) was defined later (1988)
  for Multicast addresses

11
Internet Address Classes
12
Internet Address Classes
13
Internet Address Classes
14
IP Addressing - Classes

• Class A first octet between 1-126
• 126 networks (0 and 127 reserved)
• Assigned to very large size networks
• 65K lt number of hosts lt 16M
• Class B first octet between 128-191
• 16384 networks
• Assigned to Intermediate size networks
• 256 lt number of hosts lt 65K

15
IP Addressing - Classes

• Class C first octet between 192-223
• 2097152 networks
• Assigned to smaller networks
• hosts lt 256
• Class D first octet between 224-239
• Reserved for multicasting
• Class E first octet between 240-255
• Reserved for experimental use

16
Internet Address Classes
Class Lowest Network Identifier Address Highest Network Identifier Address
A 1.0.0.0 126.0.0.0
B 128.0.0.0 191.255.0.0
C 192.0.0.0 223.255.255.0
D 224.0.0.0 239.255.255.255
E 240.0.0.0 247.255.255.255
17
Dotted Decimal Notation

• Internet addresses are represented in text by the
  dotted decimal notation
• each byte is written in decimal values (from 0 to
  255)
• example
• 10000000 00001010 00000010 00011110
• is written as 128. 10. 2. 30

18
Uniqueness of IP Addresses

• Network numbers are assigned by a central
  authority
• The Internet Network Information Center
  (InterNIC)
• Another authority, the IANA Internet Assigned
  Numbers Authority sets policy
• Network numbers are unique worldwide
• Host numbers are assigned by network managers
• They must be unique within a given network
• Thus, IP addresses are unique worldwide.

19
Example
Find the class of each address A-
227.12.14.87 B- 193.14.56.22 C- 14.23.120.8 D-
252.5.15.111 E- 134.11.78.56
Solution A. The first byte is 227 (between 224
and 239) the class is D.B. The first byte is
193 (between 192 and 223) the class is C.C. The
first byte is 14 (between 0 and 127) the class
is A.D. The first byte is 252 (between 240 and
255) the class is E.E. The first byte is 134
(between 128 and 191) the class is B.
20
Special Purpose IP Addresses

• 0.0.0.0
• Means this host, used by machines as source
  address when they boot up (if they dont know
  their IP address, and need to get it from a boot
  server)
• 255.255.255.255
• Means limited broadcast. Used as a destination
  address to send packets to all hosts on the local
  network where the source is. Packets sent to this
  address are never relayed
• Network part all zeros
• Means the host on this network

21
Special Purpose IP Addresses

• Host part all ones
• Broadcast address on the network specified in the
  network identifier routers typically do not
  forward these datagrams
• Host part all zeros
• Broadcast address on the network specified in the
  network identifier (it was an implementation
  error in some networks)

22
Special Purpose IP Addresses

• 127.x.x.x
• Means loopback (datagrams are looped back in
  software they are not sent on any physical
  interface)
• 224.0.0.1
• Multicast address for All systems on this
  subnetwork
• 224.0.0.2
• Multicast address for All routers on this
  subnetwork

23
IPv4 versus IPv6

• IP version 6 (IPv6) has been defined and
  developed.
• IPv6 uses 128 bits rather than the 32 bits
  currently used in IPv4.
• IPv6 uses hexadecimal numbers to represent the
  128 bits.

IPv4
24
Translating Between IP and MAC Addresses (ARP and
RARP)

• Each interface has an IP address at Layer 3, and
  a MAC address at Layer 2
• Assume that host A wants to send a packet to host
  B (A and B on the same network)
• Host A knows the IP address of host B however,
  in order to transmit the packet, host A must
  somehow know or find out what the MAC (layer 2)
  address of host B is!
• Solution the Address Resolution Protocol (ARP),
  RFC826

25
Address Resolution Protocol

• Used to find the physical address of a target
  device on the local physical network, given only
  the targets IP address. ARP mechanism
• The source broadcasts a special packet asking the
  device with target IP address to respond with a
  message carrying the (IP address, physical
  address) mapping
• All devices on the local physical network receive
  the broadcast, but only the target recognizes its
  IP address and responds to the request
• When the source receives the reply, it sends the
  packet to the target using the targets physical
  address and places the mapping in its cache.

26
ARP Process
27
ARP - example
ARP enables a computer to find the MAC address
of the computer that is associated with an IP
address.
t
28
ARP - example
All devices on the network receive the packet and
pass to network layer only one device responds
with an ARP reply.
29
ARP Message Format
30
ARP Message

• HARDWARE TYPE specifies type of hardware
  interface for which the request is made (e.g., 1
  for Ethernet)
• PROTOCOL TYPE specifies high level protocol
  address supplied in message (e.g. 0800 hex for
  IP)
• HLEN and PLEN specify length of fields for
  hardware address and protocol address
  respectively
• OPERATION specifies if this is an ARP request or
  reply message (1 for ARP request, 2 for ARP
  response, 3 for RARP request and 4 for RARP
  response)
• HA and IP hardware and IP addresses respectively

31
Reverse ARP - RARP

• Usually, a machines IP address is kept on its
  secondary storage (OS finds it at start up)
• Issue Diskless Workstations!
• files are stored on a remote server
• need IP address to use TCP/IP to obtain initial
  boot image
• Solution Use physical address to identify
  machine
• Given a physical network address, find the
  corresponding Internet address
• Reverse Address Resolution Protocol (RARP), RFC903

32
RARP

• Mechanism
• Sender broadcasts a RARP request, supplying its
  physical network address in the Target HA field
• Only machines authorized to supply the RARP
  service (RARP servers) process the request and
  send a reply filling in the target internet
  address
• Mechanism allows a host to ask about an arbitrary
  target
• thus sender HA is separate from target HA address
• RARP server replies to senders HA
• Ethernet frame Protocol Type for RARP is 8035 hex

33
RARP
The source initiates a RARP request, which helps
it detect its own IP address.
34
Advanced ARP Concepts

• Default gateway
• Proxy ARP

35
Default Gateway

• Another term for a router
• If a computer does not know how to deliver a
  packet, it sends the packet to the default
  gateway
• A router may be a dedicated hardware device or a
  computer with multiple network cards
• The router must be on the same network as the
  computer sending the packet

36
How ARP Sends Data to Remote Networks?
37
Proxy ARP
38
Internet Control Message Protocol

• Architecturally above IP -- ICMP messages are
  carried in IP packets and are demultiplexed at
  receiver.
• Transfer of (control) messages from routers and
  hosts to hosts
• Feedback about problems
• e.g. time to live expired, destination
  unreachable (e.g. no ARP reply), checksum fails
  (header only!), no route to destination, etc.
• Considered part of IP, but it is really a user
  of IP
• Encapsulated in IP datagram
• Not reliable
• ICMP messages sent in response to incoming
  datagrams with problems
• ICMP message not sent for ICMP message

39
ICMP
40
Internet Control Message Protocol

• Used by hosts, routers, gateways to communication
  network-level information
• error reporting unreachable host, network, port,
  protocol
• echo request/reply (used by ping)
• ICMP message type, code plus first 8 bytes of IP
  datagram causing error

Type Code description 0 0 echo
reply (ping) 3 0 dest. network
unreachable 3 1 dest host
unreachable 3 2 dest protocol
unreachable 3 3 dest port
unreachable 3 6 dest network
unknown 3 7 dest host unknown 4
0 source quench (congestion
control - not used) 8 0
echo request (ping) 9 0 route
advertisement 10 0 router
discovery 11 0 TTL expired 12 0
bad IP header
41
ICMP and Ping

• An internet host, A, is reachable from another
  host, B, if datagrams can be delivered from A to
  B
• ping program tests reachability - sends datagram
  from B to A that A echoes back to B
• Uses ICMP echo request and echo reply messages
• Internet layer includes code to reply to incoming
  ICMP echo request messages

42
ICMP and MTU Discovery

• Fragmentation should be avoided for optimal
  performance
• How can source configure outgoing datagrams to
  avoid fragmentation?
• Source determines path MTU - smallest network MTU
  on path from source to destination
• Source probes path using IP datagrams with don't
  fragment flag
• Router responds with ICMP fragmentation required
  message
• Source sends smaller probes until destination
  reached.

43
ICMP and Redirect

• Default route may cause extra hop
• Host A is sending a packet to Host B. Host A's
  default IP router is router R1. Host A forwards
  the packet destined for Host B to its default
  router R1.
• R1 checks its routing table and finds that the
  next hop for the route to the network for Host B
  is router R2.
• If Host A and R2 are on the same network that is
  also directly attached to R1, an ICMP Redirect
  message is sent to Host A informing it that R2 is
  the better route when sending to Host B.
• Router R1 then forwards the IP datagram to R2.
• Host A adds a host route to its routing table for
  Host B's IP address with router R2's IP address
  as the forwarding address. Subsequent datagrams
  from Host A to Host B are forwarded by means of
  router R2.

44
Internet Control Message Protocol
5-61
45
ICMP in Action
46
IP Packet Format

• 20 bytes Header Size lt 24 x 4 bytes 60 bytes
• 20 bytes Total Length lt 216 bytes 65536
  bytes

47
IP header format
48
IP header format Version

• 4 bits.
• Indicates the version of IP currently used.
• IPv4 0100
• IPv6 0110

49
IP header format Header length

• 4 bits.
• IP header length Indicates the datagram header
  length in 32 bit words (4 bits), and thus points
  to the beginning of the data.

50
IP header format Service type

• 8 bits.
• Specifies the level of importance that has been
  assigned by a particular upper-layer protocol.
• Precedence.
• Reliability.
• Speed.

51
IP header format Total length

• 16 bits.
• Specifies the length of the entire IP packet,
  including data and header, in bytes.

52
IP header format Identification

• 16 bits.
• Identification contains an integer that
  identifies the current datagram.
• Assigned by the sender to aid in assembling the
  fragments of a datagram.

53
IP header format Flags

• 3 bits.
• The second bit specifying whether the packet can
  be fragmented .
• The last bit specifying whether the packet is the
  last fragment in a series of fragmented packets.

54
IP header format Fragment offset

• 13 bits.
• The field that is used to help piece together
  datagram fragments.
• The fragment offset is measured in units of 8
  octets (64 bits).
• The first fragment has offset zero.

55
IP header format Time to Live

• 8 bits.
• Time-to-Live maintains a counter that gradually
  decreases to zero, at which point the datagram is
  discarded, keeping the packets from looping
  endlessly.

56
IP header format Protocol

• 8 bits.
• Indicates which upper-layer protocol receives
  incoming packets after IP processing has been
  completed
• 06 TCP
• 17 UDP

57
Fields of the IP Header

• Protocol (1 byte)
• Specifies the higher-layer protocol.
• Used for demultiplexing to higher layers.

58
IP header format Header checksum

• 16 bits.
• A checksum on the header only, helps ensure IP
  header integrity.

59
IP header format Addresses

• 32 bits each.
• Source IP Address
• Destination IP Address

60
IP header format Options

• Variable length.
• Allows IP to support various options, such as
  security, route, error report ...

61
Fields of the IP Header

• Options
• Security restrictions
• Record Route each router that processes the
  packet adds its IP address to the header.
• Timestamp each router that processes the packet
  adds its IP address and time to the header.
• (loose) Source Routing specifies a list of
  routers that must be traversed.
• (strict) Source Routing specifies a list of the
  only routers that can be traversed.

62
IP header format Padding

• The header padding is used to ensure that the
  internet header ends on a 32 bit boundary.

63
Maximum Transmission Unit

• Maximum size of IP datagram is 65535, but the
  data link layer protocol generally imposes a
  limit that is much smaller
• Example
• Ethernet frames have a maximum payload of 1500
  bytes
• ? IP datagrams encapsulated in Ethernet frame
  cannot be longer than 1500 bytes
• The limit on the maximum IP datagram size,
  imposed by the data link protocol is called
  maximum transmission unit (MTU)

• MTUs for various data link protocols
• Ethernet 1500 FDDI 4352
• 802.3 1492 ATM AAL5 9180
• 802.5 4464 PPP negotiated

64
IP Fragmentation

• What if the size of an IP datagram exceeds the
  MTU?
• IP datagram is fragmented into smaller units.
• What if the route contains networks with
  different MTUs?

• MTUs FDDI 4352 Ethernet 1500
• Fragmentation
• IP router splits the datagram into several
  datagram
• Fragments are reassembled at receiver

65
Where is Fragmentation done?

• Fragmentation can be done at the sender or at
  intermediate routers
• The same datagram can be fragmented several
  times.
• Reassembly of original datagram is only done at
  destination hosts !!

66
Fragmentation and Reassembly

• Fragmentation takes place at the sender and
  routers
• Reassembly takes place at the receiver ONLY.

Fragment at source
Reassemble at destination
Fragment at router
67
Whats involved in Fragmentation?

• The following fields in the IP header are
  involved

Identification When a datagram is fragmented,
the identification is the same in all
fragments Flags DF bit is set Datagram
cannot be fragmented and must be discarded if
MTU is too small MF bit set This datagram is
part of a fragment and an additional fragment
follows this one
68
Whats involved in Fragmentation?

• The following fields in the IP header are
  involved

Fragment offset Offset of the payload of the
current fragment in the original
datagram Total length Total length of the
current fragment
69
Example of Fragmentation

• A datagram with size 2400 bytes must be
  fragmented according to an MTU limit of 1000 bytes

70
Determining the length of fragments

• To determine the size of the fragments we recall
  that, since there are only 13 bits available for
  the fragment offset, the offset is given as a
  multiple of eight bytes. As a result, the first
  and second fragment have a size of 996 bytes (and
  not 1000 bytes). This number is chosen since 976
  is the largest number smaller than 100020 980
  that is divisible by eight. The payload for the
  first and second fragments is 976 bytes long,
  with bytes 0 through 975 of the original IP
  payload in the first fragment, and bytes 976
  through 1951 in the second fragment. The payload
  of the third fragment has the remaining 428
  bytes, from byte 1952 through 2379. With these
  considerations, we can determine the values of
  the fragment offset, which are 0, 976 / 8 122,
  and 1952 / 8 244, respectively, for the first,
  second and third fragment.