ITI 510

1
ITI 510 Computer NetworksMeeting 2

• Rutgers University Internet Institute
• Instructor Chris Uriarte

2
Agenda for Meeting 2

• IP (Internet Protocol)
• ARP and RARP (Address Resolution Protocol,
  Reverse Address Resolution Protocol)
• ICMP (Internet Control Messaging Protocol)
• IP Routing
• traceroute, ping and arp utilities, host routing
  tables

3
Some Very Basic Network Terms

• Node generally refers to any addressable device
  on a network like a workstation, server, router,
  etc.
• Source any nodes that initiates a network
  connection - the sender (source host, source
  node, etc.)
• Destination any node that receives a network
  packet or is intened as the recipient of a
  network packet (destination host, destination
  node, etc.)
• Packet, Frame or Datagram - The unit of data that
  is routed between an source and a destination
  node on a network.

4
IP Internet Protocol

• Developed by the DOD quickly became the network
  protocol for governments, universities and
  businesses.
• Allows for the seamless integration of major
  network segments, new subnetworks and LANs
  without disrupting existing infrastructures.
• The protocol that defines the IP Addresses
• Operates at the Network layer of the OSI model

5
Nodes on an IP Network

• Nodes on an IP network each have a unique address
  an IP Address
• Recall, IP addresses contain (4) eight bit
  numbers separated by decimal places e.g.
  126.6.4.4
• IP address blocks can be divided into subnets
  small networks that contain a range of IP
  addresses.
• The Subnet Mask is used to define IP subnetworks
  within an IP Block.
• For example, a network 126.6.4.0 with a Subnet
  Mask of 255.255.255.0 contains the IP addresses
  126.6.4.0 to 126.6.4.255.

6
IP Networks Special Addresses

• Each IP Subnetwork contains 2 special addresses
  that cannot be used by hosts on the network.
• The network address is the first IP address in a
  subnetwork and can be used to describe the name
  of a particular IP subnetwork (e.g. the 128.6.4.0
  network). Using a network address in conjunction
  with a subnet mask tells you EXACTLY the IP
  addresses contained in a subnetwork.
• The broadcast address is the last IP address in a
  subnetwork range and is used to send a packet to
  ALL hosts on a subnetwork. For example, sending
  a packet to 128.6.4.255 on the 128.6.4.0/255.255.2
  55.0 network sends a packet to every host on that
  network)

7
Tying it All Together Network Subnet, Broadcast
Addresses

• For example
• If you have an IP network with a network address
  of 64.220.31.0 and a subnet mask of
  255.255.255.0, this means
• The Network address is 64.220.31.0
• The Broadcast address is 64.220.31.255
• The range of useable host IP addresses within
  this network is 64.220.31.1 to 64.220.31.254.

8
Calculating IP Addresses in a Subnet

• Given a particular IP network address and a
  subnet mask, you can calculate IP addresses by
  comparing the Binary equivalents of the network
  address and the subnet address. Example
• Network 128.4.3.0 with a subnet of 255.255.255.0
• Net 10000000.00000100.00000011.00000000
• Mask 11111111.11111111.11111111.00000000
• The all-ones portion of the netmask corresponds
  to the network address portion of an IP
  address.
• The all-zeros portion of the netmask correspond
  to the valid range of host IP addresses in a
  network.
• In this example 128.4.3.0 (10000000.00000100.00000
  011.00000000) to 128.4.3.255 (10000000.00000100.00
  000011.11111111) are in the subnetwork described
  above.

9
Moving IP Packets from One Host to Another IP
Routing

• Sending an IP packet from one host to another
  host on network is known as IP Routing.
• In a computer network, the host sending a packet
  is known as the source host. The host receiving
  the packet is known as the destination host.
• When a host wants to transmit a packet to another
  host on an IP Network, several checks are made
• If the destination host is on the same subnet as
  the source host, the packet is transmitted
  directly to the destination host.
• If the destination host is on a different subnet,
  the packet is sent to a gateway device, which is
  the essentially a packets exit ramp to other
  networks. This device is usually an IP router.
  The router ties multiple networks together.
• The source host uses the IP address/subnet mask
  calculations, demonstrated earlier, to determine
  if the destination host is on the same subnet or
  on a different subnet.

10
Basic IP Routing Example
11
Basic Rules for IP Routing

• ALL devices connecting to an IP network follow
  some very basic rules when determining where to
  send a packet
• If the destination host is part of the the local
  network or a network the host is directly
  attached to, send the packet directly to the
  host.
• If the destination host is NOT attached to a
  local network, send the packet to a gateway
  device, which can determine what path the packet
  should take next.
• The rules above illustrate the concept of
  next-hop routing

12
Next-hop Routing

• IP does not need to know the complete route that
  must be followed to reach a destination host It
  only needs to find the next hop that will take
  responsibility for delivering the packet.

13
Which Gateway Device?

• How does a host know what gateway device to use?
  Whats the IP address of the gateway device?
• Remember, if a source host determines the
  destination host is not on the local network, it
  must forward the packet to a gateway device.
• Can there be multiple gateway devices on a
  network?
• What if we want our host to send packets destined
  for network A to gateway device A and packets
  destined for network B to gateway device B.
• The use of Host Routing Tables allow us to
  address these specific questions.

14
Routing Tables

• Every device on an IP network has a routing
  table, which is essentially a roadmap for IP
  packets.
• The routing table tells the host where to send IP
  packets destined for a specific IP address or
  network and the addresses of any associated
  gateway devices.
• Simple logical IP Routing Table
• Destination Address Address of Gateway Device
• 128.6.5.0 128.6.4.254
• 128.7.7.0 128.6.4.128
• Any other host/network 128.6.4.1

15
Example Use of a Host Routing Table
16
Default Routes

• In the previous examples, the Any other
  host/network destination address is known as the
  default route.
• The default route is the gateway address all
  packets are sent to if the host cannot find a
  more specific route for the destination.
• Sometimes, the Any other host/network is
  displayed as 0.0.0.0 in the Destination
  column of the routing table.
• Most PCs on a network are only setup with one
  route the default route. If a destination host
  is not on the local network, the packet is passed
  on to the default route.
• In the previous slide (diagram), the router
  128.6.4.1 is setup as the default route for host
  A.

17
Examining Host Routing Tables

• You can view the routing table on your IP host.
  Use
• netstat rn (UNIX hosts)
• route print (Windows hosts)
• For example, on the UNIX host iti.rutgers.edu
  (165.230.30.68)
• Kernel IP routing table
• Destination Gateway Genmask
  Flags MSS Window irtt Iface
• 165.230.30.68 0.0.0.0 255.255.255.255
  UH 0 0 0 eth0
• 165.230.30.64 0.0.0.0 255.255.255.192 U
  0 0 0 eth0
• 127.0.0.0 0.0.0.0 255.0.0.0 U
  0 0 0 lo
• 0.0.0.0 165.230.30.65 0.0.0.0
  UG 0 0 0 eth0

18
The IP Packet

• The actual IP packet sent from one host to
  another is an arrangement of bits in a very
  specific format.
• The packet contains the most basic data needed to
  send a packet the address of the source host,
  the address of the destination host and the
  actual data being sent.
• The packet also contains a number of additional
  mandatory and optional fields that describe
  protocol versions, packet size, checksums, and
  more.

19
Anatomy of an IP Packet

• An IP Packet contains a 20-byte header, followed
  by the actual data, sometimes referred to as the
  payload.

BIT 0
BIT 31
20 Bytes Total
20
Examining some of the IP Header Fields

• Version - Always set to the value 4, which is
  the current version of IP
• IHL (IP Header Length) The number of 32-bit
  words (rows) that form the header
• Type of Service (TOS) - Usually set to 0, but may
  indicate particular Quality of Service needs from
  the network. There are essentially handling
  instructions for routers the can treat packets
  differently based on the contents of this field.
  This value can be set, for example, by the host
  operating system, a router or an application.
• TOS Examples include
• 0000 Default
• 0001 Minimize Monetary Cost
• 0010 Minimize Reliability
• 0100 Maximize Throughput
• 1000 - Minimize Delay
• 1111 Maximize Security

21
IP Header Fields cont.

• Total Length Represents, in bytes, the size of
  the entire IP packet, including the header and
  data.
• Identification A 16-bit number which, together
  with the source address, uniquely identifies this
  packet - used during reassembly of fragmented
  datagrams.
• Flags - a sequence of three flags (one of the 4
  bits is unused) used to control whether routers
  are allowed to fragment, or break apart, a
  packet, and to indicate the parts of a packet to
  the receiver
• Fragmentation Offset - a byte count from the
  start of the original sent packet, set by any
  router which performs IP router fragmentation.

22
IP Header Fields cont.

• Time To Live The total number of hops /links
  which the packet may be routed over. When the
  packet hits a router, this value is decremented
  by most routers. Therefore, this value will
  enforce a maximum hop-count on a packet. This is
  used to prevent routing loops.
• Protocol - A value used to represent what type
  of transport-level (layer 4) protocol or
  messaging protocol packet is being used with this
  IP packet
• 1 ICMP 2 IGMP 6 TCP 17 UDP
• e.g. TCP/IP packets always set to 6, UDP/IP
  packets always set to 17, etc.

23
IP Header Fields cont

• Header Checksum - A mathematical checksum
  inserted by the sender and updated whenever the
  packet header is modified by a router. Used to
  detect processing errors introduced into the
  packet inside a router. Packets with an invalid
  checksum are discarded by all nodes in an IP
  network.
• Source Address - the IP address of the original
  sender of the packet.
• Destination Address - the IP address of the
  final destination of the packet.
• Options - Not normally used, but when used the IP
  header length will be gt 5 32-bit words to
  indicate the size of the options field

24
Sending IP Packets on Local Networks

• Before sending an IP packet directly to a host on
  a local LAN, it must first be wrapped up in a
  frame that is compatible with a lower-level
  protocol that operates on the Data Link Layer of
  the OSI model - this is usually the Ethernet
  protocol.
• The Data Link layer is responsible for moving
  packets from node to node on a local network.
• In addition to a network address, like an IP
  address, every node on an Ethernet network has a
  special hardware address.

25
Ethernet Node Hardware Addresses

• Each Ethernet node has a unique hardware address
  that is built into the Network Interface Card
  (NIC) that connects it to the network.
• This address is sometimes referred to as a MAC
  Address.
• A MAC Address is usually displayed as six groups
  of two hexadecimal digits, separated by colons
• 08002010d2ae
• This existence of this address is usually
  transparent to the end user.

26
Transmission of IP Packets over Ethernet

• When an IP packet is transmitted over an Ethernet
  LAN, the packet is encapsulated by an Ethernet
  packet, which contains the source and destination
  MAC address of the packet.
• The Ethernet packet (which contains the IP
  Packet) is sent across the LAN to the destination
  host.
• The destination host receives the Ethernet packet
  and extracts the IP packet it contains, which
  also contains the data (payload).

27
Sending an IP Packet over a LAN
28
MAC address and IP Address Pairings

• Therefore, a host must not only know the IP
  address of the host it is sending IP data to, but
  it must also know the MAC address associated with
  that destination IP address.
• How does a host determine the MAC address
  associated with a particular IP address???
• Answer ARP (Address Resolution Protocol)

29
APR The Address Resolution Protocol

• ARP is a protocol for mapping an IP address to a
  physical machine address that is recognized in
  the local network. Most commonly, this is used to
  associated IP addresses (32-bits long) with
  Ethernet MAC addresses (48-bits long)
• A host usually keeps a table, known as the ARP
  cache, which maintains a correlation between each
  MAC address and its corresponding IP address.
• You can view a hosts ARP cache by issuing the
  arp a command on UNIX and Windows hosts. (UNIX
  users may have to specify the full path to the
  arp utility /sbin/arp a)

30
ARP How the Protocol Works

• After an IP packet is formed, the host must pass
  the packet down to the Data Link Layer (Layer 2),
  which is responsible for the Ethernet LAN
  protocol.
• Before the Ethernet packet is formed, a host
  looks in its ARP Cache to see if it has a MAC
  address entry that corresponds to the IP
  destination address.
• If an entry is found, the Ethernet packet is
  written, which contains the source and
  destination MAC addresses and the IP packet.

31
How ARP Works, cont.

• If the host does not find a corresponding MAC
  address entry in the ARP cache, it sends a
  broadcast message to all hosts on the network,
  literally asking Who has IP address 123.4.5.6?.
• If host 123.4.5.6 is alive on the network, it
  will respond to the source host with its MAC
  address. At this point, the destination host
  will also update its ARP cache with the MAC
  address of the sender.
• Once the source host receives the MAC address, it
  updates its ARP cache, writes the Ethernet frame
  and sends it to the destination host over the
  network.
• Each host will maintain the IP-MAC address entry
  in the ARP cache for a period of time before it
  is expired.

32
Reverse ARP (RARP)

• A variant of ARP, called Reverse ARP, was
  developed to help a network node determine its
  own IP address.
• Upon bootup, diskless workstations may not
  contain any IP address setting. The workstation
  can issue a RARP broadcast that says My MAC
  address is 08002010d2ae , what is my IP
  address??, in hopes that some other server is
  listening and will provide and answer.
• In this cases, a centralized server needs to be
  configured with the necessary IP Address/MAC
  Address pairs.
• RARP, has been superseded by two superior
  protocols, which perform the same functionality
  BOOTP and DHCP.

33
ICMP Internet Control Message Protocol

• ICMP is a message control and error-reporting
  protocol between a host server and a gateway to
  the Internet.
• ICMP uses IP datagrams to transport its messages.
• ICMP messages are processed by the IP software
  portion of the operating system, are not directly
  apparent to the application user.

34
ICMP Message Generation

• There are a number of situations that may cause
  an ICMP message to be generated
• A link is down to a host
• The TTL (Time-to-Live) IP Hop-count have have
  expired.
• When an error is detected, the IP packet is
  discarded by the router and an ICMP message is
  returned directly to the source host.

35
Types of ICMP Error Messages

• There are several types of ICMP Messages
• Destination Unreachable A packet cannot reach
  its destination host, service or application.
  Usually caused by a network link, host or
  application being down.
• Time Exceeded The Time-To-Live for a packet has
  expired, i.e. the packet hit too many routers in
  its travels. Usually caused by routing loops.
• Parameter Problem Some piece of data in the IP
  header just doesnt make sense.
• Redirect The router notifies the host sender to
  use another gateway for the desired path.

36
Transmission of ICMP Messages

• ICMP Messages are sent in the Data portion of
  an IP packet.
• The Protocol field in the IP packet is set to
  1, signifies to a host that the data portion of
  the packet contains an ICMP message.
• The format of an ICMP message will vary based on
  the type of ICMP message.
• Refer to Feits TCP/IP, Signature Edition pp. 190
  to 198 for specific formats.

37
When ICMP Messages are NOT Sent

• When a particular problem is encountered sending
  an ICMP message back to a host (we dont want
  ICMP errors to create more ICMP packets).
• When a problem is encountered with broadcast or
  multicast packets (packets sent to all hosts on a
  network). (we dont want multiple hosts
  responding with ICMP errors)
• Messages whose source addresses does not identify
  a unique hosts, like 0.0.0.0 or 127.0.0.1

38
The ping Utility

• Ping is a basic Internet program that lets you
  verify that a particular IP address exists and
  can accept requests.
• Generally used for network troubleshooting and to
  verify connectivity between hosts.
• Ping uses the ICMP ECHO function, which simply
  sends ICMP messages round-trip between hosts.
  When a destination host receives an ICMP ECHO
  request, it returns an ICMP ECHO message back to
  the source host.

39
The traceroute Utility

• Traceroute is a network debugging utility that
  attempts to trace the path a packet takes through
  the network - its route.
• It provides a visual depiction of each router a
  packet encounters between a source and
  destination host. Example
• iti /usr/sbin/traceroute www.upenn.edu
• traceroute to NISC9.upenn.edu (128.91.2.28), 30
  hops max, 38 byte packets
• 1 nb-gw (165.230.30.65) 0.824 ms 0.809 ms
  0.718 ms
• 2 rucs-gw (128.6.227.1) 0.850 ms 0.629 ms
  0.588 ms
• 3 transition2-gw (165.230.12.145) 0.994 ms
  1.417 ms 1.188 ms
• 4 pcp01-hill012-svcs.Rutgers.EDU
  (198.151.130.2) 1.395 ms 1.046 ms 1.092 ms
• 5 rutgers-gw.Rutgers.EDU (198.151.130.194)
  8.809 ms 110.798 ms 1.546 ms
• 6 jn1-at1-1-0-502.wor.vbns.net (204.147.128.26)
  3.182 ms 3.041 ms 2.917 ms
• 7 jn1-so7-0-0-0.wae.vbns.net (204.147.136.136)
  9.027 ms 8.344 ms 8.481 ms
• 8 abilene-vbns.abilene.ucaid.edu (198.32.11.9)
  12.166 ms 11.791 ms 12.325 ms
• 9 local.abilene.magpi.net (198.32.42.133)
  15.652 ms 15.592 ms 15.284 ms
• 10 less.upenn.magpi.net (198.32.42.234) 15.283
  ms 15.567 ms 15.652 ms
• 11 DEFAULT1-GW-FE2.UPENN.EDU (165.123.217.2)
  20.907 ms DEFAULT1-GW-FE.UPENN.EDU
  (165.123.237.2) 16.578 ms DEFAULT1-GW-FE2.UPENN.E
  DU (165.123.217.2) 16.421 ms
• 12 NISC9.UPENN.EDU (128.91.2.28) 17.149 ms
  16.147 ms 16.265 ms

40
Traceroute, cont.

• How traceroute works
• Traceroute transmits packets with small TTL
  values. Recall that the TTL (Time To Live) is an
  IP header field that is designed to prevent
  packets from running in loops. Every router that
  handles a packet subtracts one from the packet's
  TTL. If the TTL reaches zero, the packet has
  expired and is discarded.
• Traceroute depends on the common router practice
  of sending an ICMP Time Exceeded message, back to
  the sender when a TTL timeout occurs.
• By using small TTL values which quickly expire,
  traceroute causes routers along a packet's normal
  delivery path to generate these ICMP messages
  which identify the router.
• A TTL value of one should produce a message from
  the first router a TTL value of two generates a
  message from the second etc.

41
Traceroute, cont.

• In a typical traceroute session, a group of
  packets with TTL1 are sent. A single router
  should respond, using the IP address of the
  interface it transmits the ICMP Timeout messages
  on.
• The user is told this IP address, and DNS is used
  to convert this into a hostname, if available.
  Also, round trip times are reported for each
  packet in the group.
• Traceroute reports any additional ICMP messages
  (such as destination unreachable errors) using a
  rather cryptic syntax
• - !N means network unreachable, !H means host
  unreachable, etc.
• Once this first group of packets has been
  processed (this can take 10 seconds or no time at
  all), the second group (TTL2) begins
  transmitting, and the whole process repeats

42
Traceroute, usage

• UNIX Hosts
• traceroute ltIP Address or Hostnamegt - e.g.
• traceroute www.yahoo.com
• Windows Hosts
• tracert ltIP Address or Hostnamegt - e.g.
• tracert www.yahoo.com

43
Recommended Reading

• Chapters 4, 6, 7, and 8 in TCP/IP, Signature
  Edition by Sidnie Feit.

44
Next Meeting

• Introduction to Interconnection Devices (routers,
  hubs, switches, bridges, etc.)
• Dynamic Routing Protocols
• UDP (User Datagram Protocol0
• TCP (Transmission Control Protocol)