Chapter 4 Network Layer A note on the use of these ppt slides:

Chapter 4 Network Layer A note on the use of these ppt slides:
We’re making these slides freely available to all (faculty, students, readers). They’re in PowerPoint form so you can add, modify, and delete slides (including this one) and slide content to suit your needs. They obviously represent a lot of work on our part. In return for use, we only ask the following: If you use these slides (e.g., in a class) in substantially unaltered form, that you mention their source (after all, we’d like people to use our book!) If you post any slides in substantially unaltered form on a www site, that you note that they are adapted from (or perhaps identical to) our slides, and note our copyright of this material. Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking: A Top Down Approach 4th edition. Jim Kurose, Keith Ross Addison-Wesley, July 2007. Network Layer

Chapter 4: Network Layer
Chapter goals: understand principles behind network layer services: network layer service models forwarding versus routing how a router works routing (path selection) dealing with scale advanced topics: IPv6, mobility instantiation, implementation in the Internet Network Layer

4. 1 Introduction 4.2 Virtual circuit and datagram networks 4.3 What’s inside a router 4.4 IP: Internet Protocol Datagram format IPv4 functions ICMP IPv6 4.5 Routing algorithms Link state Distance Vector Hierarchical routing 4.6 Routing in the Internet RIP OSPF BGP 4.7 Broadcast and multicast routing Network Layer

Network layer transport segment from sending to receiving host
on sending side encapsulates segments into datagrams on rcving side, delivers segments to transport layer network layer protocols in every host, router router examines header fields in all IP datagrams passing through it application transport network data link physical network data link physical application transport network data link physical Network Layer

Difference between Forwarding and Routing
Router Local action move to appropriate output link Uses forwarding Table Routing Network wide process Determine path from S-D Algo determining path- Routing Algo RA Centralized or decentralized Network Layer

Network layer functions
Connection setup connection-oriented, host-to-host connection datagram Delivery semantics: Unicast, broadcast, multicast, anycast In-order, any-order Security secrecy, integrity, authenticity Demux to upper layer next protocol Can be either transport or network (tunneling) Quality-of-service provide predictable performance Fragmentation break-up packets based on data-link layer properties Routing path selection and packet forwarding Addressing flat vs. hierarchical global vs. local variable vs. fixed length Network Layer

Network service model Combining the functions into a particular network Q: What service model for “channel” transporting datagrams from sender to rcvr? Example services for individual datagrams: guaranteed delivery guaranteed delivery with less than 40 msec delay Example services for a flow of datagrams: in-order datagram delivery guaranteed minimum bandwidth to flow restrictions on changes in inter-packet spacing (jitter) Network Layer

Network layer connection and connection-less service
Similar to Transport layer –TCP and UDP Datagram network provides network-layer connectionless service VC network provides network-layer connection service Analogous to the transport-layer services, but on a host-to-host basis with an in-network implementation Network Layer

Difference in Network layer and TL connection and connection-less service
Similarity- Handshaking Difference Host 2 host in NL, process2process in TL NL provides either Conn Ort or Conn less TL Conn Ort service at the edge of NW NL conn Service implemented at Routers, and end Sys Network Layer

Connection-oriented virtual circuits
Circuit abstraction Examples: ATM, frame relay, X.25, phone network Model call setup and signaling for each call before data can flow guaranteed performance during call call teardown and signaling to remove call Network support each packet carries circuit identifier (not destination host ID) every router on source-dest path maintains “state” for each passing circuit link, router resources (bandwidth, buffers) allocated to VC to guarantee circuit-like performance application transport network data link physical 5. Data flow begins 6. Receive data application transport network data link physical 4. Call connected 3. Accept call 1. Initiate call 2. incoming call Network Layer

Connectionless datagram service
Postal service abstraction (Internet) Model no call setup or teardown at network layer no service guarantees Network support no state within network on end-to-end connections packets forwarded based on destination host ID packets between same source-dest pair may take different paths application transport network data link physical application transport network data link physical 1. Send data 2. Receive data Network Layer

Datagram or VC network: why?
Internet data exchange among computers “elastic” service, no strict timing req. “smart” end systems (computers) can adapt, perform control, error recovery simple inside network, complexity at “edge” many link types different characteristics uniform service difficult ATM evolved from telephony human conversation: strict timing, reliability requirements need for guaranteed service “dumb” end systems telephones complexity inside network only network provider can deploy new services! Network Layer

Network layer service models:
Guarantees ? Network Architecture Internet ATM Service Model best effort CBR VBR ABR UBR Congestion feedback no (inferred via loss) no congestion yes Bandwidth none constant rate guaranteed minimum Loss no yes Order no yes Timing no yes Network Layer

Adding circuits to the Internet
Intserv, Diffserv, RSVP At the end of course if time permits Chapter 7 in book Network Layer

What’s inside a router Network Layer

What's inside a router? N/L - the real work is the forwarding of datagrams. A key component in this forwarding process is the transfer of a datagram from a router's incoming link to an outgoing link. switching function of a router - the actual transfer of datagrams from a router's incoming links to the appropriate outgoing links.

Four components of a router
Input ports Output ports Switching fabric Routing processor

Input ports performs Phy layer functionality (light blue) of terminating an incoming physical link to a router. Performs DLL functionality (shown in dark blue) needed to interoperate with DLL functionality on other side of the incoming link. Also performs a lookup and forwarding function (shown in red) so that a datagram forwarded into switching fabric of router emerges at appropriate output port. Control packets (e.g., pkts carrying routing protocol information such as RIP, OSPF or IGMP) are forwarded from input port to the routing processor. In practice, multiple ports are often gathered together on a single line card within a router.

Components of a Router Switching fabric Output ports Routing processor
connects the router's input ports to its output ports. This switching fabric is completely contained with the router - a network inside of a network router! Output ports stores the datagrams that have been forwarded to it through the switching fabric, and then transmits the datagrams on the outgoing link. The output port thus performs the reverse data link and physical layer functionality as the input port. Routing processor executes the routing protocols maintains the routing tables, and performs network management functions within the router.

Input Port the input port's line termination function and data link processing implement the physical and data link layers associated with an individual input link to the router. The lookup/forwarding function of the input port is central to the switching function of the router. In many routers, it is here that the router determines the output port to which an arriving datagram will be forwarded via the switching fabric. The choice of the output port is made using the information contained in the routing table. a "shadow copy" of the routing table is typically stored at each input port and updated, as needed, by the routing processor.

Input Port In routers with limited processing capabilities at the input port, the input port may simply forward the packet to the centralized routing processor, which will then perform the routing table lookup and forward the packet to the appropriate output port. Given the need to operate at today's high link speeds, e.g. OC-48 link (runs at 2.5Gbps) , a linear search through a large routing table is impossible. With pkts 256 bytes long – implies- 1 million lookups per second. A more reasonable technique is to store the routing table entries in a tree data structure.

Input Port Each level in the tree can be thought of as corresponding to a bit in the destination address. To lookup an address, one simply starts at the root node of the tree. If the first address bit is a zero, then the left subtree will contain the routing table entry for destination address; otherwise it will be in the right subtree. The appropriate subtree is then traversed using the remaining address bits -- if the next address bit is a zero the left subtree of the initial subtree is chosen; otherwise, the right subtree of the initial subtree is chosen.

Input Port With n=32, Binary search not enough
Cisco 8500 series -64K CAM for each I/P port Once the output port for a packet has been determined via the lookup, the packet can be forwarded into the switching fabric. a packet may be temporarily blocked from entering the switching fabric (due to the fact that packets from other input ports are currently using the fabric). A blocked packet must thus be queued at the input port and then scheduled to cross the switching fabric at a later point in time.

Switching fabirc is at the very heart of a router
Switching can be accomplished in a number of ways Switching via memory. Switching via Bus Switching via Interconnection networks

Switching via memory The simplest, earliest routers were often traditional computers, with switching between input and output port being done under direct control of the CPU (routing processor). Input and output ports functioned as traditional I/O devices in a traditional OS An input port with an arriving datagram first signalled the routing processor via an interrupt. The packet was then copied from the input port into processor memory.

Switching via memory The routing processor then extracted the destination address from the header, looked up the appropriate output port in the routing table, and copied packet to output port's buffers. Modern routers also switch via memory. Difference is that lookup of the destination address and the storing (switching) of the packet into the appropriate memory location is performed by processors on the input line cards.

Switching Fabric

Switching via Bus Input ports transfer a datagram directly to the output port over a shared bus, without intervention by the routing processor (Note that when switching via memory, datagram must also cross system bus going to/from memory). only one packet at a time can be transferred over the bus at a time. A datagram arriving at an input port and finding the bus busy with the transfer of another datagram is blocked from passing through the switching fabric and queued at the input port. switching b/w of router is limited to bus speed. Switching via a bus is often sufficient for routers that operate in access and enterprise networks

Switching via an interconnection network
crossbar switch is an interconnection network consisting of 2N buses that connect N input ports to N output ports. A packet arriving at an input port travels along the horizontal bus attached to the input port until it intersects with the vertical bus leading to the desired output port. If the vertical bus leading to the output port is free, the packet is transferred to the output port. If the vertical bus is being used to transfer a packet from another input port to this same output port, the arriving packet is blocked and must be queued at the input port.

Output ports Output port processing takes datagrams that have been stored in output port's memory and transmits them over outgoing link. The data link protocol processing and line termination are the send-side link- and physical layer functionality that interact with the input port on the other end of the outgoing link. The queuing and buffer management functionality are needed when the switch fabric delivers packets to the output port at a rate that exceeds the output link rate.

Where Does Queuing Occur?
packet queues can form at both the input ports and the output ports. The actual location of packet loss will depend on the traffic load, the relative speed of the switching fabric and the line speed.

Queue happens at output ports
Suppose that the input line speeds and output line speeds are all identical, and that there are n input ports and n output ports. Switching fabric speed is at least n times as fast as the input line speed, than no queuing can occur at the input ports. In the worst case, the packets arriving at each of the n input ports will be destined to the same output port. In this case, in the time it takes to receive (or send) a single packet, n packets will arrive at this output port. Since the output port can only transmit a single packet in a unit of time (the packet transmission time), the n arriving packets will have to queue (wait) for transmission over the outgoing link. n more packets can then possibly arrive in the time it takes to transmit just one of the n packets that had previously been queued. And so on. Eventually, buffers can grow large enough to exhaust the memory space at the output port, in which case packets are dropped.

Queue happens at output ports
If the switch fabric is not fast enough (relative to the input line speeds) to transfer all arriving packets through the fabric without delay, then packet queuing will also occur at the input ports Head-of-the-line (HOL) blocking in an input-queued switch - a queued packet in an input queue must wait for transfer through the fabric (even though its output port is free) due to the blocking of another packet at the head-of-the-line

The Internet Network layer
Host, router network layer functions: Transport layer: TCP, UDP IP protocol addressing conventions datagram format packet handling conventions Routing protocols path selection RIP, OSPF, BGP Network layer forwarding table ICMP protocol error reporting router “signaling” Link layer physical layer Network Layer

32 bit destination IP address
IP datagram format ver length 32 bits data (variable length, typically a TCP or UDP segment) 16-bit identifier Internet checksum time to live 32 bit source IP address IP protocol version number header length (bytes) max number remaining hops (decremented at each router) for fragmentation/ reassembly total datagram length (bytes) upper layer protocol to deliver payload to head. len type of service “type” of data flgs fragment offset upper layer 32 bit destination IP address Options (if any) E.g. timestamp, record route taken, specify list of routers to visit. how much overhead with TCP? 20 bytes of TCP 20 bytes of IP = 40 bytes + app layer overhead Network Layer

IP header Version Header length Type of Service Length Identification
Currently at 4, next version 6 Header length Length of header (20 bytes plus options) Type of Service Typically ignored Replaced by DiffServ and ECN Length Length of IP fragment (payload) Identification To match up with other fragments Flags Don’t fragment flag More fragments flag Fragment offset Where this fragment lies in entire IP datagram Measured in 8 octet units (11 bit field) Network Layer

IP header (cont) Time to live Protocol Header checksum
Ensure packets exit the network Protocol Demultiplexing to higher layer protocols (TCP, UDP, SCTP) Header checksum Ensures some degree of header integrity Relatively weak – 16 bit Source IP, Destination IP (32 bit addresses) Options E.g. Source routing, record route, etc. Network Layer

Recall network layer functions
How does IPv4 support.. Connection setup Delivery semantics Security Demux to upper layer Quality-of-service Fragmentation Addressing Routing Network Layer

IP connection setup Hourglass design
No support for network layer connections Unreliable datagram service Out-of-order delivery possible Connection semantics only at higher layer Compare to ATM and phone network… Network Layer

IP delivery semantics No reliability guarantees No ordering guarantees
Loss No ordering guarantees Out-of-order delivery possible Unicast mostly IP broadcast ( ) not forwarded IP multicast supported, but not widely used to Network Layer

IP security Weak support for integrity IPsec IP checksum
IP has a header checksum, leaves data integrity to TCP/UDP Catch errors within router or bridge that are not detected by link layer Incrementally updated as routers change fields No support for secrecy, authenticity IPsec Retrofit IP network layer with encryption and authentication Network Layer

Internet checksum (review)
Goal: detect “errors” (e.g., flipped bits) in transmitted packet (note: used at transport layer only) Receiver: compute checksum of received segment check if computed checksum equals checksum field value: NO - error detected YES - no error detected. But maybe errors nonetheless? Sender: treat segment contents as sequence of 16-bit integers (See TCP checksum) checksum: addition (1’s complement sum) of segment contents sender puts checksum value into UDP checksum field Network Layer

IP demux to upper layer http://www.rfc-editor.org/rfc/rfc1700.txt
Protocol type field 1 = ICMP 2 = IGMP 3 = GGP 4 = IP in IP 6 = TCP 8 = EGP 9 = IGP 17 = UDP 29 = ISO-TP4 80 = ISO-IP 88 = IGRP 89 = OSPFIGP 94 = IPIP Network Layer

IP quality of service IP originally had “type-of-service” (TOS) field to eventually support quality Not used, ignored by most routers Mid 90s Integrated services (intserv) and RSVP signalling Per-flow end-to-end QoS support Per-flow signaling Per-flow network resource allocation (*FQ, *RR scheduling algorithms) Setup and match flows on connection ID Network Layer

IP quality of service RSVP intserv
Provides end-to-end signaling to network elements General purpose protocol for signaling information Not used now on a per-flow basis to support int-serv, but being reused for diff-serv. intserv Defines service model (guaranteed, controlled-load) Dozens of scheduling algorithms to support these services WFQ, W2FQ, STFQ, Virtual Clock, DRR, etc. Network Layer

IP quality of service Why did RSVP, intserv fail? Complexity
Scheduling Routing (pinning routes) Per-flow signaling overhead Lack of scalability Per-flow state Economics Providers with no incentive to deploy SLA, end-to-end billing issues QoS a weak-link property Requires every device on an end-to-end basis to support flow Network Layer

IP quality of service Now it’s diffserv…
Use the “type-of-service” bits as a priority marking Core network relatively stateless AF Assured forwarding (drop precedence) EF Expedited forwarding (strict priority handling) Network Layer

IP Fragmentation & Reassembly
network links have MTU (max.transfer unit) - largest possible link-level frame. different link types, different MTUs large IP datagram (can be 64KB) “fragmented” within network one datagram becomes several datagrams IP header on each fragment IP identifier and offset fields to identify and order fragments fragmentation: in: one large datagram out: 3 smaller datagrams reassembly Network Layer

IP Fragmentation & Reassembly
Where to do reassembly? End nodes avoids unnecessary work Dangerous to do at intermediate nodes Buffer space Must assume single path through network May be re-fragmented later on in the route again fragmentation: in: one large datagram out: 3 smaller datagrams reassembly Network Layer

IP Fragmentation and Reassembly
ID =x offset =0 fragflag length =4000 =1 =1500 =185 =370 =1040 One large datagram becomes several smaller datagrams Example 4000 byte datagram MTU = 1500 bytes 1480 bytes in data field offset = 1480/8 Network Layer

Fragmentation is Harmful
Uses resources poorly Forwarding costs per packet Best if we can send large chunks of data Worst case: packet just bigger than MTU Poor end-to-end performance Loss of a fragment makes other fragments useless Reassembly is hard Buffering constraints Network Layer

Fragmentation Path MTU Discovery Remove fragmentation from the network
Mandatory in IPv6 Network layer does no fragmentation Hosts dynamically discover smallest MTU of path Algorithm: Initialize MTU to MTU for first hop Send datagrams with Don’t Fragment bit set If ICMP “pkt too big” msg, decrease MTU What happens if path changes? Periodically (>5mins, or >1min after previous increase), increase MTU Some routers will return proper MTU Network Layer

Fragmentation References
Characteristics of Fragmented IP Traffic on Internet Links. Colleen Shannon, David Moore, and k claffy -- CAIDA, UC San Diego. ACM SIGCOMM Internet Measurement Workshop program.html C. A. Kent and J. C. Mogul, "Fragmentation considered harmful," in Proceedings of the ACM Workshop on Frontiers in Computer Communications Technology, pp , Aug acts/87.3.html Network Layer

IP Addressing IP address:
32-bit identifier for host/router interface interface: connection between host, router and physical link routers typically have multiple interfaces host may have multiple interfaces IP addresses associated with interface, not host, router = 223 1 1 1 Network Layer

IP Addressing IP address: What’s a network ?
network part (high order bits) host part (low order bits) What’s a network ? all interfaces that can physically reach each other without intervening router each interface shares the same network part of IP address LAN network consisting of 3 IP networks (for IP addresses starting with 223, first 24 bits are network address) Network Layer

Subnets Subnet mask: /24 How to find the networks (subnets)?
/24 /24 /24 How to find the networks (subnets)? Detach each interface from router, host create “islands of isolated networks Each isolated network is called a subnet Notation: Interfaces on a subnet share identical “bits” as prefix Bits identified by mask machine addresses all begin with the same 24 bits Also denoted by /24 Subnet mask: /24 Network Layer

Subnets How many? Network Layer

How do networks get IP addresses?
Total IP address size: 4 billion Initially one large class (8-bit network, 24-bit host) ISP given an 8-bit network number to manage Each router keeps track of each network (28=256 routes) Each network has 16 million hosts Problem: one size does not fit all Classful addressing Accomodate smaller networks (LANs) Class A: 128 networks, 16M hosts Class B: 16K networks, 64K hosts Class C: 2M networks, 256 hosts Total routes potentially > 2,113,664 routes ! High Order Bits 10 110 Format 7 bits of net, 24 bits of host (/8) 14 bits of net, 16 bits of host (/16) 21 bits of net, 8 bits of host (/24) Class A B C Network Layer

Reserved for experiments
IP address classes 8 16 24 32 Class A Network ID Host ID to Class B 10 Network ID Host ID to Class C 110 Network ID Host ID to Class D Multicast Addresses 1110 to Class E Reserved for experiments 1111 Network Layer

Special IP Addresses Private addresses
Class A: ( /8 prefix) Class B: ( /12 prefix) Class C: ( /16 prefix) : local host (a.k.a. the loopback address) IP broadcast to local hardware that must not be forwarded IP address of unassigned host (BOOTP, ARP, DHCP) Default route advertisement Network Layer

IP Addressing Problem #1 (1984)
Inefficient use of address space Class A (rarely given out, sparse usage) Class B = 64k hosts Very few LANs have close to 64K hosts Electrical/LAN limitations, performance or administrative reasons e.g., class B net allocated enough addresses for 64K hosts, even if only 2K hosts in that network Need simple/address-efficient way to get multiple “networks” Reduce the number of addresses that are assigned, but not used Subnet addressing Split large address ranges into multiple smaller ones (subnet) Dramatically increases potential number of routes! Network Layer

Subnetting Variable length subnet masks
Subnet a class B address space into several chunks Network Host Network Subnet Host 1111.. ..1111 Mask Network Layer

Subnetting Example Assume an organization was assigned a class B address Assume it has < 100 hosts per subnet How many host bits do we need? Seven What is the network mask? or /25 How many subnets of this size can be created within this address space? List them Network Layer

Subnetting Example Assume an organization was assigned a class B address Assume it has < 100 hosts per subnet How many host bits do we need? Seven What is the network mask? or /25 How many subnets of this size can be created within this address space? 512 (/16 = 216 hosts, /25 = 27 hosts … 216/27 = 29 = 512) List them /25 (… *******) /25 (… *******) /25 (… *******) /25 (… *******) … /25 (… *******) /25 (… *******) Network Layer

Subnetting Example Split the following network into 16 equal subnetworks /17 Network Layer

Subnetting Example Split the following network into 16 equal subnetworks /17 Split into 16 parts using next 4 significant bits etc. Solution /21 /21 /21 Network Layer

IP Address Problem #2 (1991) Address space depletion Supernetting
In danger of running out of classes A and B Class A very few in number, IANA frugal in giving them out Class B subnetting only applied to new allocations of class B existing class B networks sparsely populated people refuse to give it back Class C plenty available, but too small for most domains Supernetting Assign multiple consecutive class C blocks as one block Allows class C usage while limiting number of routes used Network Layer

IP Address Problem #2 (1991) Example
Combine the following class C networks into one larger network /24 /24 /24 /24 /24 /24 /24 /24 Answer: /21 * * * * * * * * Network Layer

IP Address Problem #3 (1991) Explosion of routes Remove classes
Subnetting class B Increasing use of class C explodes # of routes Remove classes Classless Inter-Domain Routing (CIDR) Arbitrary aggregation of contiguous addresses Network Layer

IP addressing: CIDR CIDR: Classless InterDomain Routing
Original classful addressing Use class structure (A, B, C) to determine network ID for route lookup CIDR: Classless InterDomain Routing Do not use classes to determine network ID network portion of address of arbitrary length route format: a.b.c.d/x, where x is # bits in network portion of address network part host /23 Network Layer

CIDR Assign any range of addresses to network
Use common part of address as network number e.g., addresses * to * have the first 20 bits in common. Thus, we use this as the network number netmask is /20, /xx is valid for almost any xx /20 Enables more efficient usage of address space (and router tables) More on how this impacts routing later…. Network Layer

CIDR route aggregation
Using single prefix to advertise multiple networks Hierarchical addressing Organization 0 /23 Organization 1 /23 “Send me anything with addresses beginning /20” Organization 2 /23 . Fly-By-Night-ISP . Internet Organization 7 /23 “Send me anything with addresses beginning /16” ISPs-R-Us Network Layer

CIDR route aggregation
ISP X given 16 class C networks * to * (or /20) ISP X Adjacent ISP router Route Interface / / / / 1 1 2 5 Route Interface / 3 4 Medium company /22 Large company /21 Small company /23 Tiny company /24 /24, /24 /24, /24 /24, /24 /24, /24 /24 /24 /24 /24 /24 /24 Network Layer

CIDR Shortcomings Customer selecting a new provider
Renumbering required /16 /21 Provider 1 Provider 2 /22 /24 /24 /23 Network Layer

CIDR shortcomings Multi-homing . .
ISPs-R-Us has a more specific route to Organization 1 Organization 0 /23 “Send me anything with addresses beginning /20” Organization 2 /23 . Fly-By-Night-ISP . Internet Organization 7 /23 “Send me anything with addresses beginning /16 or /23” ISPs-R-Us Organization 1 /23 Network Layer

Getting IP addresses Q: How does network get IP addresses?
A: organization gets allocated portion of its provider ISP’s address space ISPs get it from ICANN: Internet Corporation for Assigned Names and Numbers Allocates addresses, manages DNS, resolves disputes Customers get sub-blocks from ISPs ISP's block /20 Organization /23 Organization /23 Organization /23 … … …. Organization /23 Network Layer

CIDR and IP route lookup (forwarding)
IP routing Done only based on destination IP address Lookup route in forwarding table Classful IP Route Lookup In the early days, address classes made it easy A: 0 | 7 bit network | 24 bit host (16M each) B: 10 | 14 bit network | 16 bit host (64K) C: 110 | 21 bit network | 8 bit host (255) Address would specify prefix for forwarding table Simple lookup Network Layer

Classful IP forwarding
address Class B address – route prefix is Lookup in class B forwarding table Prefix – part of address that really matters for routing Forwarding table contains List of prefix entries A few fixed prefix lengths (8/16/24) Large tables 2 Million class C networks Sites with multiple class C networks have multiple route entries at every router Network Layer

CIDR and IP forwarding CIDR advantages Saves space in route tables
Makes more efficient use of address space ISP allocated 8 class C chunks, to / / / /24 / / / /24 Combine 8 class C entries with 1 combined entry First 21 bits are network number Written as /21 Routing protocols carry prefix length with destination network address Network Layer

CIDR and IP forwarding CIDR disadvantage
Makes route lookup more complex CIDR fundamentally changes route lookup algorithm Before CIDR Separate class A/B/C route tables each with O(1) lookup Table lookup based on class (A,B,C) After CIDR One table containing many prefix lengths Must find the most specific route that matches the destination IP address in packet Must match against all routes simultaneously via longest prefix match Network Layer

Longest prefix matching
Prefix Match Link Interface otherwise Examples DA: Which interface? DA: Which interface? Network Layer

DHCP Assign a temporary address
E.g ISP with 2000 clients, only 400 active Plug n play, Client server protocol DHCP Server Discovery, UDP-port 67, broadcast with DHCP Server offer(s) , Broadcasts transact Id, Prop IP, net mask, lease time DHCP request – choose from among DHCP Ack - confirming Network Layer

IP Address Problem #4 (1994) Even with CIDR, address space running out
IPv6 still being developed, a long way from being deployed Network Address Translation (NAT) Alternate solution to address space depletion problem Sits between your network and the Internet Dynamically assign source address from a pool of available addresses Each machine gets unique, external IP address out of pool Replaces local, private, network layer source IP addresses to global IP addresses Has a pool of global IP addresses (less than number of hosts on your network) Network Layer

Pool of global IP addresses
NAT Illustration Pool of global IP addresses Destination Source Global Internet G P Private Network Dg Sg Data NAT Dg Sp Data Operation: Source (S) wants to talk to Destination (D): Create Sg-Sp mapping Replace Sp with Sg for outgoing packets Replace Sg with Sp for incoming packets Network Layer

IP addressing and NAT What if we only have one IP address?
Add port translation to NAT Sometimes referred to as NAPT (Network Address Port Translator) Both addresses and ports are translated Translates Paddr + flow info to Gaddr + new flow info Uses TCP/UDP port numbers Potentially thousands of simultaneous connections with one global IP address 16-bit port-number field: 60,000 simultaneous connections with a single LAN-side address! Network Layer

NAT with port translation
rest of Internet local network (e.g., home network) 10.0.0/24 All datagrams leaving local network have same single source NAT IP address: , different source port numbers Datagrams with source or destination in this network have /24 address for source, destination (as usual) Network Layer

NAT Advantages range of addresses not needed from ISP: just a small set of IP addresses for all devices can change addresses of devices in local network without notifying outside world can change ISP without changing addresses of devices in local network devices inside local net not explicitly addressable, visible by outside world (a security plus). Network Layer

NAT Implementation: NAT router must:
outgoing datagrams: replace (source IP address, port #) of every outgoing datagram to (NAT IP address, new port #) . . . remote clients/servers will respond using (NAT IP address, new port #) as destination addr. remember (in NAT translation table) every (source IP address, port #) to (NAT IP address, new port #) translation pair incoming datagrams: replace (NAT IP address, new port #) in dest fields of every incoming datagram with corresponding (source IP address, port #) stored in NAT table Network Layer

WAN side addr LAN side addr
NAT example NAT translation table WAN side addr LAN side addr 1: host sends datagram to , 80 2: NAT router changes datagram source addr from , 3345 to , 5001, updates table , , 3345 …… …… S: , 3345 D: , 80 1 S: , 80 D: , 3345 4 S: , 5001 D: , 80 2 S: , 80 D: , 5001 3 4: NAT router changes datagram dest addr from , 5001 to , 3345 3: Reply arrives dest. address: , 5001 Network Layer

NAT is controversial Routers should only process up to layer 3
violates network transparency key feature that allows one to deploy any application without coordinating with network infrastructure implicit assumption that network header is unchanged in network address shortage should instead be solved by IPv6 Other problems No inbound connections Must be taken into account by app designers, eg, P2P applications Some protocols carry addresses e.g., FTP carries addresses in text What is the problem? Encryption Network Layer

NAT problem #1: traversal
Incoming connections client want to connect to server with address server address local to LAN (client can’t use it as destination addr) only one externally visible NATted address: solution 1: statically configure NAT to forward incoming connection requests at given port to server e.g., ( , port 2500) always forwarded to port 25000 Client ? NAT router Network Layer

Universal Plug and Play (UPnP)
solution 2: use UPnP Internet Gateway Device (IGD) Protocol. Allows host to discover and configure NAT Allows NATted host to: learn public IP address ( ) enumerate existing port mappings add/remove port mappings (with lease times) i.e., automate static NAT port map configuration IGD NAT router Network Layer

4. 1 Introduction 4.2 Virtual circuit and datagram networks 4.3 What’s inside a router 4.4 IP: Internet Protocol Datagram format IPv4 addressing ICMP IPv6 4.5 Routing algorithms Link state Distance Vector Hierarchical routing 4.6 Routing in the Internet RIP OSPF BGP 4.7 Broadcast and multicast routing Network Layer

ICMP: Internet Control Message Protocol
Essentially a network-layer protocol for passing control messages used by hosts & routers to communicate network-level information error reporting: unreachable host, network, port, protocol echo request/reply (used by ping) network-layer “above” IP: ICMP msgs carried in IP datagrams ICMP message: type, code plus first 8 bytes of IP datagram causing error editor.org/rfc/rfc792.txt Type Code description echo reply (ping) dest. network unreachable dest host unreachable dest protocol unreachable dest port unreachable dest network unknown dest host unknown source quench (congestion control - not used) echo request (ping) route advertisement router discovery TTL expired bad IP header Network Layer

ICMP and traceroute What do “real” Internet delay & loss look like?
Traceroute program: provides delay measurement from source to router along end-end Internet path towards destination. For all i: sends three packets that will reach router i on path towards destination router i will return packets to sender sender times interval between transmission and reply. 3 probes 3 probes 3 probes Network Layer

Examples traceroute: gaia.cs.umass.edu to www.eurecom.fr trans-oceanic
Three delay measurements from gaia.cs.umass.edu to cs-gw.cs.umass.edu 1 cs-gw ( ) 1 ms 1 ms 2 ms 2 border1-rt-fa5-1-0.gw.umass.edu ( ) 1 ms 1 ms 2 ms 3 cht-vbns.gw.umass.edu ( ) 6 ms 5 ms 5 ms 4 jn1-at wor.vbns.net ( ) 16 ms 11 ms 13 ms 5 jn1-so wae.vbns.net ( ) 21 ms 18 ms 18 ms 6 abilene-vbns.abilene.ucaid.edu ( ) 22 ms 18 ms 22 ms 7 nycm-wash.abilene.ucaid.edu ( ) 22 ms 22 ms 22 ms ( ) 104 ms 109 ms 106 ms 9 de2-1.de1.de.geant.net ( ) 109 ms 102 ms 104 ms 10 de.fr1.fr.geant.net ( ) 113 ms 121 ms 114 ms 11 renater-gw.fr1.fr.geant.net ( ) 112 ms 114 ms 112 ms 12 nio-n2.cssi.renater.fr ( ) 111 ms 114 ms 116 ms 13 nice.cssi.renater.fr ( ) 123 ms 125 ms 124 ms 14 r3t2-nice.cssi.renater.fr ( ) 126 ms 126 ms 124 ms 15 eurecom-valbonne.r3t2.ft.net ( ) 135 ms 128 ms 133 ms ( ) 126 ms 128 ms 126 ms 17 * * * 18 * * * 19 fantasia.eurecom.fr ( ) 132 ms 128 ms 136 ms trans-oceanic link * means no response (probe lost, router not replying) Network Layer

Try it Some routers labeled with airport code of city they are located in traceroute Packets go to SEA, back to PDX, SJC traceroute Packets go to SMF, SFO, SJC, NYC, EWR. traceroute Packets go to Pittock block to Eugene traceroute Packets go to SEA and back to PDX Network Layer

4. 1 Introduction 4.2 Virtual circuit and datagram networks 4.3 What’s inside a router 4.4 IP: Internet Protocol Datagram format IPv4 addressing ICMP IPv6 4.5 Routing algorithms Link state Distance Vector Hierarchical routing 4.6 Routing in the Internet RIP OSPF BGP 4.7 Broadcast and multicast routing Network Layer

IPv6 Redefine functions of IP (version 4)
What changes should be made in…. IP addressing IP delivery semantics IP quality of service IP security IP routing IP fragmentation IP error detection Network Layer

IPv6 Initial motivation: 32-bit address space soon to be completely allocated (est. 2008) Additional motivation: Remove ancillary functionality Speed processing/forwarding Add missing, but essential functionality header changes to facilitate QoS new “anycast” address: route to “best” of several replicated servers IPv6 datagram format: fixed-length 40 byte header no fragmentation allowed Network Layer

IPv6 Header (Cont) Priority: identify priority among datagrams in flow
Flow Label: identify datagrams in same “flow.” (concept of“flow” not well defined). Next header: identify next protocol for data Network Layer

IPv6 Changes Scale – addresses are 128bit Simplification
Header size? Simplification Removes infrequently used parts of header 40 byte fixed header vs. 20+ byte variable header IPv6 removes checksum IPv4 checksum = provide extra protection on top of data-link layer and below transport layer End-to-end principle Is this necessary? IPv6 answer =>No Relies on upper layer protocols to provide integrity Reduces processing time at each hop Network Layer

IPv6 Changes IPv6 eliminates fragmentation ICMPv6: new version of ICMP
Requires path MTU discovery ICMPv6: new version of ICMP additional message types, e.g. “Packet Too Big” Protocol field replaced by next header field Unify support for protocol demultiplexing as well as option processing Option processing Options allowed, but only outside of header, indicated by “Next Header” field Options header does not need to be processed by every router Large performance improvement Makes options practical/useful Network Layer

IPv6 Changes TOS replaced with traffic class octet FlowID field
Support QoS via DiffServ FlowID field Help soft state systems, accelerate flow classification Maps well onto TCP connection or stream of UDP packets on host-port pair Additional requirements Support for security Support for mobility Easy auto-configuration Network Layer

Transition From IPv4 To IPv6
Not all routers can be upgraded simultaneous no “flag days” How will the network operate with mixed IPv4 and IPv6 routers? Two proposed approaches: Dual Stack: some routers with dual stack (v6, v4) can “translate” between formats Tunneling: IPv6 carried as payload in an IPv4 datagram among IPv4 routers Network Layer

Tunneling A B E F Logical view: Physical view: A B E F tunnel IPv6
Network Layer

Tunneling A B E F Logical view: A B C D E F Physical view: Src:B
IPv6 IPv6 IPv6 IPv6 A B C D E F Physical view: IPv6 IPv6 IPv4 IPv4 IPv6 IPv6 Flow: X Src: A Dest: F data Flow: X Src: A Dest: F data Src:B Dest: E Flow: X Src: A Dest: F data Src:B Dest: E Flow: X Src: A Dest: F data A-to-B: IPv6 E-to-F: IPv6 B-to-C: IPv6 inside IPv4 B-to-C: IPv6 inside IPv4 Network Layer

Dual Stack Approach Dual-stack router translates b/w v4 and v6
v4 addresses have special v6 equivalents Issue: how to translate “FlowField” of v6 ? Network Layer

IPSec IPv4,designed in 1970 New Network layer providing Security- Ipsec Also backward compatible Only Host willing to have security – have Ipsec Transport mode –hosts establish IPSec session Sending side – TL passes segment to Ipsec IPSec encrypts segment , appends additional security fields and encapsulates resulting PL in ordinary pkt Receiving side – Ipsec decrypts and then passes to TL Network Layer

Services provided by IPSec
Cryptographic Agreement – mechanism to agree Cryp Algo keys Encryption of IP datagram Payload Data Integrity – datagram was not modified Origin authentication Eg company having sales force Network Layer

Chapter 4 Network Layer A note on the use of these ppt slides:

Similar presentations

Presentation on theme: "Chapter 4 Network Layer A note on the use of these ppt slides:"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Chapter 4 Network Layer A note on the use of these ppt slides:

Similar presentations

Presentation on theme: "Chapter 4 Network Layer A note on the use of these ppt slides:"— Presentation transcript:

Similar presentations

About project

Feedback