CECS 474 Computer Network Interoperability Notes for Douglas E. Comer, Computer Networks and Internets (5 th Edition) Tracy Bradley Maples, Ph.D. Computer Engineering & Computer Science California State University, Long Beach
PART 1: ARP (Address Resolution Protocol) Notes: Hardware only recognizes MAC addresses Layers 3-5 only uses IP addresses As a result:Software is needed to perform translation between IP addresses and MAC addresses. This software is part of the network interface. The process is known as address resolution. (A protocol address is said to be resolved to the correct hardware address.) "Protocol addresses are abstractions provided by software; physical network hardware does not know how to locate a computer from its protocol address. The protocol address of the next hop must be translated to an equivalent hardware address before a packet can be sent." --Comer
Examples: If A sends to B => The application on A uses B's IP address as the destination address in the IP Datagram. Protocol software on A calls ARP to find B's MAC address and uses it to send the frame. If A sends to F => An application on A uses F's IP address as the destination address in the IP Datagram. Protocol software on A cannot directly resolve F's address because F is not local. So A determines that the next hop is router R 1 (and has R 1 ’s IP Address). Protocol software on A resolves R 1 's MAC address and uses it to send the frame. Software on R 1 determines that the next hop is router R 2 (and has R 2 ’s IP Address), resolves the MAC address of R 2, and uses it to send the frame. R 2 receives the packet, determines the destination F is attached locally, resolves the MAC address of F, and uses it to send the packet. ARP (Cont’d) Address Resolution Address resolution is local to a network. That is, a computer can resolve the address of another computer only if both computers are attached to the same physical network.
ARP (Cont’d): Address Resolution with Message Exchange Message exchange is a distributed approach where a computer that needs to resolve an address sends a message to a remote machine. Typically: Message-exchange is the address resolution method used on LAN hardware. The TCP/IP protocol suite includes an Address Resolution Protocol (ARP) to standardize the formats and meanings of messages. Two types of ARP messages: request -- contains an IP address and requests the hardware address. response -- contains both the IP address and the hardware address (i.e., resolves the IP address to a MAC Address).
ARP (Cont’d): ARP Message Delivery ARP specifies that the ARP request should be: placed in a hardware frame broadcast to all computers on the network each computer should receive and examine the IP address the computer mentioned in the request sends a response, the others discard the request without a response. (Note: the response is sent as a unicast, not a broadcast.) Figure: An ARP message exchange. (a) Computer W begins to broadcast an ARP request that contains computer Y's IP address. (b) All computers receive the request. (c) Computer Y sends a response directly to W.
ARP (Cont’d): ARP Message Format Generality: ARP is designed to work with any IP address size and any MAC address size. Difficulty: An ARP message must contain a MAC (hardware) address. Although most MAC addresses are 48-bits, not all are. Solution: Use a fixed-size field at the beginning of the message to specify the size of the address. To increase the generality of ARP, an address length field is included for the IP addresses as well.
ARP (Cont’d): ARP Message Format While ARP can be used to bind an arbitrary high-level address to an arbitrary hardware address, it is almost always used to bind a 32-bit IP address to a 48-bit Ethernet or WiFi address.
ARP (Cont’d): Sending an ARP Message ARP messages is transmitted in a hardware frame. The ARP message is treated as the data being transported (i.e., the network hardware does not know anything about the ARP message). We say, “The ARP message is encapsulated in the hardware frame.”
ARP (Cont’d): Identifying ARP Frames A computer knows that an incoming frame contains an ARP message using the type field in the frame header. Example: In the Ethernet standard, a frame containing an ARP packet must contain the hex value 0x806. Caching ARP Responses ARP software extracts and saves information from a response so that it can be used in subsequent packets. ARP software maintains a small table of bindings in memory to be used as a cache.
ARP (Cont’d): Processing an Incoming ARP Message When an ARP message arrives, the receiver must: 1)Extract the sender's address binding, and checks to see if it is in the cache. If it is, it uses the incoming ARP message to replace the previously stored binding. 2)The receiver examines the OPERATION field to determine whether the message is a response or a request. If it is a response, the receiver is waiting for a binding, so the binding is extracted, cached, and used to send a packet. If it is a request, the receiver compares the TARGET PADDR with the local protocol address. If the two are identical, the computer issues a response (i.e., the receiver sends the binding of it’s IP address and MAC address). ARP Optimization: -Computers use the ARP messages to keep their caches’ current. See (1) above. -After a computer replies to an ARP request, it extracts the sender's address binding and adds it to the binding cache.
ARP (Cont’d): Layering, Address Resolution, Protocol Addresses Address resolution takes place in the Network Interface Layer. Conceptual Boundary: Higher protocol layers and applications use only protocol addresses not physical addresses.
PART 2: DHCP (Dynamic Host Configuration Protocol) Defn: DHCP (Dynamic Host Configuration Protocol) is a protocol designed to enable individual computers on an IP network to obtain their network configurations from a server. The DHCP server assigns the address. Without DHCP, the IP address must be assigned individually and then entered manually at each computer system. With DHCP, the system automatically obtains an IP address from the server during the boot-up process, requiring no intervention on the part of either ITS or the user (once the user configures their computer to use DHCP).
DHCP (Cont’d): Advantages of DHCP 1.Eliminates the need for manual client configuration Manually assigning client IP addresses is complicated because many network enabled devices are mobile. These devices are frequently moved from one network to another. 2.Efficient utilization of IP Address space Each computer is assigned its configuration from a "pool" of available IP addresses for a specific time period (a lease period), meaning no IP addresses are wasted. 3. Ease of changing network parameters Major network resource changes requires only the DHCP server be updated with the new information, rather than every system. 4. Host mobility is enabled DHCP provides the capability for a client to connect to any subnet that has DHCP without changing the setup. Thus, users with laptops can easily rove campus without having to ever modify their network configuration if using DHCP. 5. Immediate and automatic address assignment IP addresses are assigned by the DHCP server automatically, without the need for manual intervention.
DHCP (Cont’d): How DHCP Works… DHCP assigns a number automatically based on a defined range of numbers (i.e., a scope) that belongs to a network. DHCP assigns a TCP/IP address when a system is started. DHCP Operation: A user turns on a machine with a DHCP client. The machine goes to the router and looks for a DHCP helper address. The router directs the machine to the correct DHCP server. The client sends a DHCP REQUEST packet. The server sends a DHCP OFFER packet. The client sends a DHCP ACK packet. The server assigns an IP number according to the scope range defined on the server.
PART 3: NAT (Network Address Translation) With IPv4, every computer using the Internet needs a unique IP address of the form X.X.X.X (where each X is a number from 0 to 255). Due to the limited number of IPv4 addresses, there is a need for Private Networks with IP addresses that are private and not valid on the Internet. To fill this need, there are certain addresses (10.X.X.X and X.X) that have been designated for use on these Private Networks that are not part of the Internet. No computer directly attached to the public Internet is allowed to have these addresses. When such a network wants to communicate with the Internet it does it though a NAT Router (or NAT Gateway).
NAT (Cont’d): Overloading Defn: NAT overloading allows a single public IP address to be shared among multiple private IP addresses. The Overloading Process Initially: The company sets up a NAT-enabled router. The router has one unique IP address allocated by the ISP. An internal network is set up with private local IP addresses that are not allocated by an ISP. (Usually, X.X or 10.X.X.X)
NAT (Cont’d) Outgoing traffic during NAT operation: A computer on the internal network attempts to connect to a computer outside the network, such as a Web server. The router receives the packet from the internal network. The router saves the computer's private IP address and port number to an address translation table. The router replaces the sending computer's non-routable IP address with the router's IP address. The router replaces the sending computer's source port with the [bogus] port number in the address translation table. The translation table now has a mapping of the computer's non-routable IP address and port number along with the router's IP address.
NAT (Cont’d) Incomming traffic during NAT operation: When a packet comes in from a destination computer, the router extracts the destination port on the packet. It finds the address in the address translation table. It changes the destination address and destination port to the ones saved in the address translation table and the packet onto the local network. The computer receives the packet from the router Since the NAT router now has the computer's source address and source port saved to the address translation table, it will continue to use that same port number for the duration of the connection. The entries in the address translation table time out. Example: A Sample NAT Address Translation Table
PART 4: ICMP (Internet Control Message Protocol) IP defines a best-effort communication service: datagrams can be lost, duplicated, delayed, or delivered out of order. To achieve best-effort service, IP attempts to avoid errors and to report problems when they occur. IP includes a companion protocol, called ICMP, it is used to report errors back to the original source. IP and ICMP are co-dependent IP depends on ICMP to report errors ICMP uses IP to carry error messages Many ICMP messages have been defined. Here are a few:
ICMP (cont’d) Examples of error detection in IP: Checksum When a host creates an IP datagram, it includes a checksum that covers the entire header. When a datagram is received, the checksum is verified to ensure that the header arrived intact. TIME TO LIVE Field TTL is used to prevent a datagram from circulating forever. When the TTL reaches zero, the datagram is dropped and an error message is generated. ICMP contains two message types: 1.Messages to report errors 2.Messages to obtain information