Presentation on theme: "CSIS 6251 CSIS 625 Week 12 Multicast, Transport, TCP/IP Copyright 2001, 2002 - Dan Oelke For use by students of CSIS 625 for purposes of this class only."— Presentation transcript:
CSIS 6251 CSIS 625 Week 12 Multicast, Transport, TCP/IP Copyright 2001, 2002 - Dan Oelke For use by students of CSIS 625 for purposes of this class only.
CSIS 6252 Overview Multicast - specialized network layer protocols Transport Layer –Up to layer 4 –Ports, Connections, etc TCP/IP –Network Layer - IP IP Addresses, Subnets, –Transport Layer - UDP or TCP –ICMP, Arp, etc
CSIS 6253 Multicast Traffic Multicast - to send the same data to multiple destinations, but not send multiple copies and not broadcast it to everyone. Useful for: –Radio/TV broadcasts where users “tune in” –Teleconferencing – IETF meetings are often sent this way –Distributed updates of information (software updates, database updates, etc) Uses special set of network (and sometimes data link layer) addresses. On a single broadcast LAN, often sent as a broadcast to a special address that allows network interfaces to listen (or ignore) as they choose On some systems that are not multicast aware, it can be sent multiple times – also called multiple unicast.
CSIS 6254 Special requirements of multicast Routers must be multicast aware. Router will possibly forward a packet out multiple ports rather than just one. Each multicast aware router must keep track of networks or interfaces that have are “joined” to a particular multicast session. Routers must handle nodes, or networks, leaving and joining a multicast session. –Keep alive messages ensure that nodes who leave improperly are removed from the multicast group Routing protocol and algorithms needed for routers to determine the shortest path to all group members. IGMP – Internet Group Management Protocol –The TCP/IP protocol for managing multicast traffic –Defined in RFC 1112 (version 1) and RFC 2236 (version 2)
CSIS 6255 Transport Layer May be connection oriented (TCP) or connectionless (UDP) Connection Oriented Transport protocol –Provides establishment, maintenance, and termination of a logical connection End to end delivery of messages (not just packets) –Provides segmentation and reassembly of messages into packets Addressing - addition of port number Flow Control Ordered Delivery Reliable Delivery Duplicate Detection
CSIS 6256 Transport Layer Transport layer provides for reliable delivery –At least the TCP part of TCP/IP does –There is UDP/IP which is not reliable Error control and flow control typically done using a sliding window mechanism. –Sequence numbers with ACKs and NAKs Transport provides for connection establishment and termination –A 3 way handshake is typical for connection establishment. –Obviously, not needed for connectionless protocols
CSIS 6257 Transport Layer - Port numbers Transport Layer adds to network address the SAP – Service Access Point –In TCP/IP and many protocols this is called the port number –Provides an additional level of addressing beyond the host. Allows for an additional level of multiplexing –Typically identifies the service – HTTP server SMTP server POP3 server Telnet server etc
CSIS 6258 Port numbers How does a user application know what port number to use? –User “just knows” the number - it is a configuration option –Well known port numbers are used /etc/services on many systems This is commonly used for servers –A name server is used –Another application on a well-known port spawns a child application on some other port (remote job management)
CSIS 6259 Connection Establishment Typically a three-way handshake Initiator sends a SYN (Synchronize sequence number) packet Receiver sends back a SYN packet that also acknowledges the initiators initial sequence number Initiator sends an ACK packet to acknowledge the receiver’s initial sequence number Now either side may start sending data If the SYN packets overlap - no problem both just send ACKs.
CSIS 62510 Connection Establishment Security concerns The initial sequence number must be random to prevent session hijacking. –If not, a malicious sender can create packets that look like they come from a trusted source and inject any data that they choose. A malicious initiator can send a lot of initial SYN packets, but never finish the 3-way transaction –This can cause resources on the receiver to be tied up until the three-way handshake times out.
CSIS 62511 Connection Termination One side decides it is done and sends a FIN (Finish) packet to the other. The other side responds with a FIN packet. After receiving the corresponding FIN packet back the session is considered closed. If you receive a FIN packet, it is considered closed after sending a FIN packet back.
CSIS 62512 Sequence numbers Some systems use a sequence number per packet. Some systems use an implicit sequence number for each byte. –This means that sequence numbers can increase a lot for every packet of data. –TCP uses this scheme By ensuring sequence numbers occur in order we get: –Ordered delivery –Error control for lost or damaged packets –Flow Control –Duplicate detection
CSIS 62513 Retransmission strategy A positive acknowledgement of each received segment is required If an acknowledgement is not received after some time period, a retransmission of the segment occurs –May be lost data segment -or- lost ACK Timeout for retransmission –May be a fixed value - but it is difficult (impossible?) to get a good value for all situations Too long means sluggish response to lost packets Too short means many retransmissions for packets that were delayed (not lost) Ideal timer is just a little longer than round-trip time –May be adaptive Difficult because transmission and processing delays can change widely and rapidly.
CSIS 62514 Duplicate detection & Out of Order Data Management A receiver doesn’t know if a duplicate is the first copy or second –The first copy may have been delayed causing the second copy to arrive before the first. The receiver acknowledges the first copy received The sequence number window must be large enough so that a packet will die before sequence numbers wrap around If data is received out of order –Receiver may discard segment –Receiver may hold segment and wait for missing segment
CSIS 62515 TCP/IP Introduction TCP/IP is the protocol used for the Internet Developed in the 70’s for the US Department of Defense –Arpanet - Advanced Research Project Agency NETwork TCP/IP Defines the network and transport layers –Assumes a connectionless, unreliable packet oriented data link and physical layer. –May use connection oriented or non-packet data link layers, but does not take advantage of their capabilities.
CSIS 62516 TCP/IP by the layers ARP - Address Resolution Protocol - a layer-2 to layer-3 address mapping protocol IP - Internetwork Protocol is the network layer –Best effort unreliable delivery TCP - Transmission Control Protocol - a connection oriented transport layer –Stream of data that is guaranteed delivery in sequence UDP - User Datagram Protocol - a connectionless transport layer Applications do the rest –lately there are some presentation layer type protocols for encryption (SSH is the prime example) DNS - Domain Name System –A way to map names to IP addresses –Example: www.stthomas.edu => 18.104.22.168
CSIS 62517 Internetwork Protocol Header format – IPv4 0 7 15 31 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ver | hlen | TOS | Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identification |Flags| Fragment Offset | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TTL | Protocol | IP Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP Options (if any)...| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
CSIS 62518 IPv4 Header fields Ver - version - currently IPv4 or 0100 –IPv6 is starting to deploy - it has a different formatted header HLen - header length in multiples of 4 bytes –Allows header lengths up to 60 bytes TOS - Type of Service - supposed to be used for prioritization of data Total Length - length of IP datagram
CSIS 62519 IPv4 Header fields Identification, flag, fragment offset –Identification is a unique number for each packet –More fragment flag - tells if this is the last fragment –Don’t fragment flag - tells IP to not fragment this packet –fragment offset - the offset in the packet for this fragment TTL - Time to live - initialized to 32 and decremented for each hop Protocol - defines if it is TCP/UDP/ICMP/etc IP Checksum - calculated over header only
CSIS 62520 IPv4 Addresses IPv4 addresses are 32 bits. Typically written in dotted-decimal notation –Four numbers 0-255 separated by dots. –22.214.171.124 The address is divided into a network portion and a host portion Initially IPv4 had the concept of network classes that identified how many bits were the network portion based on the first couple of bits. –Caused address space crunch –This has now been abandoned in all modern IP stacks
CSIS 62521 IPv4 Address Classes Class A –126.96.36.199 -> 188.8.131.52 –0.* and 127.* reserved Class B –184.108.40.206 -> 220.127.116.11 Class C –192.0.0.0 -> 18.104.22.168 Class D/E (Multicast) –22.214.171.124 -> 255.255.255.255 Remember - usually not used in practice, just used to designate how much space is given
CSIS 62522 IPv4 Addresses and subnets Instead of looking at the first couple of bits and determining what the class is, and therefore what the Network portion is, now all systems use a subnet mask. Subnets where started before class notation was abandoned as a way to break down bigger networks. Subnet is a 32 bit number that when bitwise- and’ed with an address breaks it into a network portion and a host portion
CSIS 62523 IPv4 Subnets Subnets are generally set with only the most significant bits set to 1’s. This allows for a simplification where the address is written with a slash indicating number of bits in subnetmask –Example: 126.96.36.199/24 indicates that the subnet mask is 24 bits or 255.255.255.0. This indicates a network of 188.8.131.52 –Does not have to end up on even byte boundaries.
CSIS 62524 IP - default gateway. An IP node is generally provisioned with –IP address –Subnet mask –Default gateway The Default gateway is the address that a packet is forwarded to if it isn’t on the same network as the sending node. Typically the default gateway is a router that forwards packets to the correct network
CSIS 62525 ICMP - Internet Control Message Protocol Documented in RFC 792 Uses IP to transport messages, but is not a fully separate transport layer protocol because it is so integrated with IP Reports some errors - but not everything so it isn’t there to make IP reliable. Does not send error messages when the source of the destination address isn’t an individual address (multi-cast, loopback, etc) Does not send error messages for ICMP messages (avoid the infinite loop)
CSIS 62526 ICMP - Types of messages: –Echo & Echo Reply - Used for “ping” command to see if a node is there –Destination unreachable A router in-between can’t forward the packet because a link is down The end node doesn’t have a service running on that port. –Source Quench Meant to be a way for the destination to tell the source to slow down Often not used –Redirect A router tells the previous node a better way to send the packet. –Time Exceeded The TTL value of a packet counted down to zero before the packet could be delivered. Used by the traceroute command.
CSIS 62527 Transport layer – UDP/IP UDP is simple in that all it really has to support in addition to the IP header is port addresses. Header format 0 7 15 31 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Port | Destination Port | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Total length | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Source and destination ports determine the service that is running them Checksum protects the UDP header (not the packet data)
CSIS 62528 Transport layer – TCP/IP TCP is connection oriented so it must provide connection setup and teardown as well as provide mechanisms for reliable packet delivery. Header format 0 7 15 31 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Port | Destination Port | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Acknowledgement Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | HLEN | Resv | Flags | Window Size | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Checksum | Urgent Pointer | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options & Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
CSIS 62529 TCP Header Port Addresses – used to identify services Sequence Number & Acknowledgement number – used for sliding window flow control and error control HLEN – Header length in multiples of 4 Resv – Reserved for future use Flags – –URG – Urgent – there is urgent data in the data portion –ACK – The acknowledgement field is valid –PSH – Push – higher throughput is desired –RST – –SYN – Sequence number synchronization in the connection setup –FIN – connection termination Window Size – The number of packets that can be sent. Checksum – error detection for the header (not the data) Urgent pointer – an offset into the data portion for where the urgent data is (if the URG flag is set.
CSIS 62530 TCP flow control TCP uses a modified sliding window technique - called a credit scheme Each ACK has both a number in the window for the bytes that are being acknowledged, and a number in the window that may be sent up to before acknowledgement. Slow Start - developed by Van Jacobson - 1988 –Exponentially increases the window size as data is successfully sent. –Allows the amount of data being sent to grow up to the network capacity. –Causes “slowness” for very short data transfers Dynamic Window Sizing on Congestion –When a packet is lost, and retransmitted – the window size is cut dramatically and slow-start redone up to ½ the previous level. –From that point on – a slower linear rather than exponential growth is taken. These methods when widely implemented allow the Internet to work even in the face of extreme loads. Fortunately few people have the ability to re-write their TCP/IP stack and defeat these mechanisms.
CSIS 62531 ARP - Address Resolution Protocol Used as a way for IP to map an Ethernet Address to an IP address When a node wants to send an IP datagram over an Ethernet network, it needs to know the MAC address of the destination. An Ethernet broadcast is sent out asking who owns this IP address The node with the address replies. From the reply the original node gets the MAC address. Now the IP packet can be sent over the Ethernet to the destination.
CSIS 62532 ARP Cache The sender keeps a cache of recently resolved addresses so it doesn’t have to ARP before sending every packet –This cache can often be displayed using “arp” command –This cache must time out if one node stops using an IP address and another starts. When one node sends out an arp reply message, all nodes on a broadcast network may add it to their cache.
CSIS 62533 Proxy-ARP Sometimes an administrator will want to merge two separate Ethernet networks to look like one for IP packets A router can be configured so that it will send an ARP response on an interface for a whole range of IP addresses. The router will then receive the packets, and forward them to the correct Ethernet network –Will need to do an ARP request on that interface to find the actual node’s MAC address. –Router will typically be configured to proxy-ARP in both directions.
CSIS 62534 DNS - Domain Name System A protocol and the whole system for mapping names of machines to IP addresses The protocol is usually over UDP packets. –Unreliable, but since message is only one packet to the server and one packet in response it has lower overhead than TCP. A node is typically configured with the IP address of one or more DNS servers. –If the first one fails to respond, the second one is used, etc. Top Level Domain - the last set of letters after a period (.) in a domain name. Root name server - the master domain name server for a given top level domain.
CSIS 62535 DNS Control ICANN - Internet Corporation for Assigned Names and Numbers –Created by US government as a way to sort out the management of DNS –Very controversial in how it has been handling things Each of the top level domains has a single database maintainer –.com,.net,.org are all through Network Solutions –.gov is controlled by the United States government –Each country has a two letter top level domain (.us,.cc,.tv,.ru,.uk,.de,.au, etc.) –There may be multiple companies that register names into that database, but a single database exists. Some people have started creating alternative name servers.