1 Kyung Hee University Chapter 7 Internet Protocol Version 4 (IPv4)
-
Upload
peter-watts -
Category
Documents
-
view
219 -
download
2
Transcript of 1 Kyung Hee University Chapter 7 Internet Protocol Version 4 (IPv4)
11
Kyung Hee University
Chapter 7Chapter 7Internet Internet Protocol Protocol Version 4Version 4
(IPv4)(IPv4)
22
Kyung Hee University
7.1 Introduction7.1 Introduction
The transmission mechanism used by the TCP/IP
Unreliable and connectionless datagram protocol
Best-effort delivery service
IP packets can be corrupted, lost, arrive out of order, or delayed and may create congestion for the network
Each datagram is handled independently
Each datagram can follow a different route to
destination
Datagram sent by the same source to the same destination could arrive out of order.
33
Kyung Hee University
Position of IP in TCP/IP protocol suitePosition of IP in TCP/IP protocol suite
44
Kyung Hee University
7.2 Datagrams7.2 Datagrams
Datagrams are packets in the network layer
Datagram is a variable-length packet consisting of
header and data.
The header is 20 to 60 bytes, contains information essential to routing and delivery
It is customary in TCP/IP to show the header in 4-byte section
Field in Header
Version(VER) – the version of IP protocol (4-bit)
Header length(HLEN) – total length of the datagram header in 4-byte words.
55
Kyung Hee University
IP DatagramIP Datagram
66
Kyung Hee University
IP DatagramIP Datagram
TOS(Type of Service) – 8-bit
Precedenceinterpretation
0 0 0xxx 0
0
1
xx
x
x
x
x
x
x
x
x
x
x
1
1Differential service
interpretation
x
Category Codepoint Assigning Authority
1 XXXXX0 Internet : 24 services
2 XXXX11 Local
3 XXXX01 Temporary or experiment
77
Kyung Hee University
IP DatagramIP Datagram
Total Length
16-bit field (limited to 65,535 bytes)
Define the total length of the IP datagram in bytes
Length of data = total length – header length
Encapsulation of a small datagram in an Ethernet frame
Figure 7.4 Encapsulation of a small datagram in an Ethernet frame
88
Kyung Hee University
IP DatagramIP DatagramIdentification – used in fragmentation
Flags – used in fragmentation
Fragmentation offset – used in fragmentation
Time to love – limited life time of datagram
Protocol – the higher level protocol that uses the
services of the IP layer
Fig. 7.5 Multiplexing
99
Kyung Hee University
IP DatagramIP Datagram
Checksum – Check errors
Source address – The IP address of source
Destination address – The IP address of destination
1010
Kyung Hee University
Example 7.1Example 7.1
An IP packet has arrived with the first 8 bit shown:
The receiver discards the packet. Why?
SolutionThere is an error in this packet. The 4 left-most bit(0100) show the version, which is correct. The next 4 bit(0010) show the wrong header length(2 × 4 = 8). The minimum number of byte in the header must be 20. The packet has been corrupted in transmission.
1111
Kyung Hee University
Example 7.2Example 7.2
In an IP packet, the value of HLEN is 1000 in binary. How
many byte of option are being carried by this packet?
Solution
The HLEN value is 8, which means the total number of
bytes in the header is 8 × 4 or 32 bytes. The first 20 bytes
are the base header, the next 12 bytes are the option.
1212
Kyung Hee University
Example 7.3Example 7.3
In an IP packet, the value of HLEN is 516 and the value of
the total length field is 002816. How many bytes of data are
being carried by this packet?
Solution
The HLEN value is 5, which mean the total number of
bytes in the header is 5 × 4 or 20 bytes (no options). The
total length is 40 bytes, which means the packet is
carrying 20 bytes of data (40 − 20).
1313
Kyung Hee University
7.3 Fragmentation7.3 Fragmentation
The format and size of the received frame depend on
the protocol used by the physical network
When a datagram encapsulated in a frame, the total size
of the datagram must be less than MTU(Maximum
Transfer Unit) size
We must divide the datagram to make it possible to
pass through the network; this is called fragmentation
1414
Kyung Hee University
MTU(Maximum Transfer Unit)MTU(Maximum Transfer Unit)
IP datagram
Frame
Header TrailerMTUMaximum length of data that can be encapsulated in a frame
1515
Kyung Hee University
FragmentationFragmentation
The value of the MTU differs from one physical network
protocol to another
1616
Kyung Hee University
Fields Related to FragmentationFields Related to Fragmentation
Identification – All fragments have the same
identification value
Flag – 3-bit field
Fragmentation offset – 13-bit field, the relative position
of this fragment with respect to the whole datagram
1717
Kyung Hee University
Fragmentation ExampleFragmentation Example
0000 1399
Offset = 0000/8 = 0
1400 2799
Offset = 1400/8 = 175
2800 3999
Offset = 2800/8 = 350
1818
Kyung Hee University
Detailed Fragmentation ExampleDetailed Fragmentation Example
0004020
14,567
Bytes 0000–3999
Original datagram
0
1751420
14,567
Bytes 1400–2799
Fragment 2
1
3501220
14,567
Bytes 2800–3999
Fragment 3
0
175820
14,567
Bytes 1400–2199
Fragment 2.1
1
Fragment 1
0001420
14,567
Bytes 0000–1399
1
1919
Kyung Hee University
Example 7.5Example 7.5
A packet has arrived with an M bit value of 0. Is this first
fragment, or a middle fragment? Do we know if the packet
was fragment?
Solution
If the M bit is 0, it means that there are no more fragment;
the fragment is the last one. However, we cannot say if
the original packet was fragment or not. A nonfragmented
packet is considered the last fragment.
2020
Kyung Hee University
Example 7.9Example 7.9
A packet has arrived in which the offset value is 100, the
value of HLEN is 5 and the value of the total length field is
100. What is the number of the first byte and the last
byte?
Solution
The first byte number is 100 × 8 = 800. The total length is
100bytes and the header length is 20bytes (5 × 4), which
means that there are 80 bytes in this datagram. If the first
byte number is 800, the last byte number must be 879.
2121
Kyung Hee University
7.4 Options7.4 Options
Type field (8-bit) : Fixed length
Copy : Control the presence of the option in fragmentation
Class : Define the general purpose of the option
Number : Define the type of option
Length field (8-bit) : Fixed length
The total length of the option
Value field : Variable length
Contain the data that specific options require
2222
Kyung Hee University
Option FormatOption Format
Type Length
8 bits 8 bits
Value
Variable length
Copy
0 Copy only in first fragment1 Copy into all fragments
Class
00 Datagram control01 Reserved10 Debugging and management11 Reserved
Number
00000 End of option00001 No operation00011 Loose source route00100 Timestamp00111 Record route01001 Strict source route
2323
Kyung Hee University
Categories of OptionsCategories of Options
2424
Kyung Hee University
No Operation OptionNo Operation Option
1-byte option used as a filter between options
2525
Kyung Hee University
End-of-Option OptionEnd-of-Option Option
1-byte option used for padding at the end of the option
field
2626
Kyung Hee University
Record-Route OptionRecord-Route Option
Used to record the Internet routers that handle the
datagram
2727
Kyung Hee University
Record-Route ConceptRecord-Route Concept
67.34.30.6 138.6.25.40
67.14.10.22
140.10.0.0/16
140.10.5.4
200.14.7.9
200.14.7.0/24
200.14.7.14
138.6.22.26
138.6.0.0/16
140.10.6.3
Network Network Network Network67.0.0.0/24
7 15 7 15140.10.6.3
7 15 12140.10.6.3200.14.7.9
7 1615140.10.6.3200.14.7.9138.6.22.26
4 8
2828
Kyung Hee University
Strict-Source-Route OptionStrict-Source-Route Option
Used by source to predetermine a route for the
datagram as it travels through the Internet
All of routers defined in the option must be visited by
the datagram
2929
Kyung Hee University
Strict-Source-Route ConceptStrict-Source-Route Concept
67.34.30.6 138.6.25.40
67.14.10
.22
140.10.0.0/16
140.10
.5.4
200.14
.7.9
200.14.7.0/24
200.14
.7.14
138.6.22
.26
138.6.0.0/16
140.10
.6.3
Network Network Network Network67.0.0.0/24
Source: 67.34.30.6Destination: 67.14.10.22
200.14.7.14140.10.5.4
415137
138.6.25.40
Destination:140.10.5.4Source: 67.34.30.6
815137
138.6.25.40
67.14.10.22200.14.7.14
Source: 67.34.30.6Destination:200.14.7.14
1215137
138.6.25.40
67.14.10.22140.10.5.4
Source: 67.34.30.6Destination:138.6.25.40
161513767.14.10.22
200.14.7.14140.10.5.4
3030
Kyung Hee University
Loose-Source-Route OptionLoose-Source-Route Option
Similar to the strict source route, but it is more relaxed.
Each router in the list must be visited, but the datagram
can visit other routers as well
3131
Kyung Hee University
Timestamp OptionTimestamp Option
Used to record the time of datagram processing by a router
The time is expressed in miliseconds from Universal Time
3232
Kyung Hee University
Use of Flag in TimestampUse of Flag in Timestamp
Flag 0 : each router adds only the timestamp in the provided field
Flag 1 : each router must add its outgoing IP address and the
timestamp
Flag 3 : the IP addresses are given, and each router must check
the given IP address with its own incoming IP address
0
1
3333
Kyung Hee University
Timestamp ConceptTimestamp Concept
67.34.30.6
67.14.10
.22
140.10.0.0/16
140.10
.5.4
200.14
.7.9
200.14.7.0/24
200.14
.7.14
138.6.22
.26
138.6.0.0/16
140.10
.6.3
Network Network Network Network67.0.0.0/24
68 28 05 1 68 28 13 0 1140.10.6.336000000
68 28 21 0 1140.10.6.336000000200.14.7.936000012
68 28 29 0 1140.10.6.336000000200.14.7.9
138.6.22.2636000012
36000020
3434
Kyung Hee University
Example 7.11Example 7.11
Which of the six option are used for datagram control and which
are used for debugging and management?
Solution
We look at the second and third (left-most) bits of the type.
a. No operation: type is 00000001; datagram control.
b. End of option: type is 00000000; datagram control.
c. Record route: type is 00000111; datagram control.
d. Strict source route: type is 10001001; datagram control.
e. Loose source route: type is 10000011; datagram control.
f. Timestamp: type is 01000100; debugging and management control.
3535
Kyung Hee University
Example 7.12Example 7.12
One of the utilities available in UNIX to check the traveling of the IP
packets is ping. In the next chapter, we talk about the ping program
in more detail. In this example, we want to show how to use the
program to see if a host is available. We ping a server at De Anza
College named fhda.edu. The result shows that the IP address of the
host is 153.18.8.1. The result also shows the number of bytes used.
3636
Kyung Hee University
Example 7.15Example 7.15
The traceroute program can be used to implement loose
source routing. The –g option allows us to define the
routers to be visited, from the source to destination. The
following shows how we can send a packet to the
fhda.edu server with the requirement that the packet visit
the router 153.18.251.4.
3737
Kyung Hee University
Example 7.16Example 7.16
The traceroute program can also be used to implement strict source routing. The –G option forces the packet to visit the routers in the command line. The following shows how we can send a packet to the fhda.edu server and force the packet to visit only the router 153.18.251.4.
3838
Kyung Hee University
7.5 Checksum7.5 Checksum
Checksum – The error detection method used by most
TCP/IP protocol
Protect against the corruption that may occur during the transmission of a packet
Redundant information added to the packet
Calculated at the sender and the value obtained is sent with the packet
The receiver repeats the same calculation on the whole packet including the checksum
If the result is satisfactory, the packet is accepted; otherwise, it is rejected
3939
Kyung Hee University
Checksum ConceptChecksum Concept
ChecksumPacket
n bits
n bits
n bits
n bits
n bits
n bits
n bits
Section 1
SumComplement
Result
Section 2
Checksum
Section k
Receiver
..............
..............
If the result is 0, keep;otherwise, discard.
4040
Kyung Hee University
Checksum in One’s Complement ArithmeticChecksum in One’s Complement Arithmetic
Sender
Sum : TChecksum : _T
Datagram
_TT
4141
Kyung Hee University
Example 7.17Example 7.17
Figure shows an example of a checksum calculation at the sender site for an IP header without option. The header is divided into 16-bit sections. All the sections are added and the sum is complemented. The result is inserted in the checksum field.
Example of checksum calculation at the sender
10.12.14.5
051 0
17
12.6.7.9
4242
Kyung Hee University
Example 7.18Example 7.18
Figure shows the checking of checksum calculation at the receiver site ( or intermediate router ) assuming that no errors occurred in the header. The header is divided into 16-bit sections. All the sections are added and the sum is complement. Since the result is 16 0s, the packet is accepted.
4343
Kyung Hee University
7.6 IP over ATM7.6 IP over ATM
In this section, we want to see how an IP datagram is
moving through a switched WAN such as an ATM
The IP packet is encapsulated in cells
An ATM network has its own definition for the physical address of a device
Binding between an IP address and a physical address is attained through a protocol called ATMARP
4444
Kyung Hee University
An ATM WAN in the InternetAn ATM WAN in the Internet
4545
Kyung Hee University
AAL LayerAAL Layer
The AAL layer used by the IP protocol is AAL5
The only AAL used by the Internet is AAL5
It is sometimes called the simple and efficient adaptation layer (SEAL).
AAL5 accepts an IP packet of no more than 65,536
bytes and adds 8-byte trailer
AAL5 passes the message in 48-byte segments to the
ATM layer
4646
Kyung Hee University
Cell RoutingCell Routing
The cells start from the entering-point router and end at
the exiting-point router
ATM Network
ATM cell
Entering-pointrouter
Exiting-pointrouter
I II III
IP Packet
IPPacket
4747
Kyung Hee University
Address Binding in IP over ATMAddress Binding in IP over ATM
An ATM network needs virtual circuit identifiers to
route the cell
IP datagram contains only source and destination IP address
Virtual circuit identifiers must be determined from the destination IP address.
4848
Kyung Hee University
7.7 Security7.7 Security
Since the IPv4 protocol was started when the Internet
user trusted each other, no security was provided for
the IPv4 protocol
Today, however, the situation is different
The Internet is not secure any more
In this section, we give a brief idea about the security
issues in IP protocol and the solution
4949
Kyung Hee University
Security IssuesSecurity Issues
Packet sniffing
Passive attack
The attacker does not change the contents of the packet
Encryption of the packet – attacker cannot see the contents of packet
Packet modification
Active attack
The attacker intercepts the packet, change the contents of the packet
Data integrity – receiver can make sure that packet has not been changed during the transmission
IP spoofing
An attacker can masquerade as somebody else and create an IP packet that carries the source address of another computer
Origin authentication mechanism can prevent this type of attack
5050
Kyung Hee University
IPSec (IP Security)IPSec (IP Security)
Create a connection-oriented service between two entities in which they can exchange IP packet without worrying about the three attacks discussed before
Defining Algorithms and Key
The two entities that want to create a secure channel between themselves can agree on some available algorithms and keys to be used for security purpose
Packet Encryption
Make the packet sniffing attack useless
Data Integrity
Guarantee that the packet is not modified during the transmission
Origin Authentication
Prevent IP spoofing attack
5151
Kyung Hee University
7.8 IP Package7.8 IP Package
IP package involves eight component
Header-adding module
Processing module
Forwarding module
Fragmentation module
Reassembly module
Routing module
MTU table
Reassembly table
5252
Kyung Hee University
IP ComponentIP Component
5353
Kyung Hee University
IP Header-Adding ModuleIP Header-Adding Module
5454
Kyung Hee University
Processing ModuleProcessing Module
5555
Kyung Hee University
IP PackageIP Package
Queue
Input queue – store the datagram coming from the data link layer or the upper-layer protocols
Output queue – store the datagram going to the data link layer or the upper-layer protocols
Routing table
Used by the forwarding module to determine the next-hop address of the packet
Forwarding module
Receive an IP packet from the processing module
Find the IP address of the next station along with the interface number to which the packet should be sent
MTU table
Used by the fragmentation module to find the maximum transfer unit of a particular interface
5656
Kyung Hee University
Fragmentation ModuleFragmentation Module
5757
Kyung Hee University
Fragmentation ModuleFragmentation Module
5858
Kyung Hee University
Reassembly TableReassembly Table
Used by reassembly module
State field : FREE or IN-USE
IP address field : define the source IP address of the datagram
Datagram ID : number that uniquely defines a datagram
Timeout : predetermined amount of time in which all fragments must arrive
Fragment field : a pointer to a linked list of fragment
5959
Kyung Hee University
Reassembly ModuleReassembly Module
6060
Kyung Hee University
SummarySummary
IP is an unreliable connectionless protocol responsible for source-to-destination delivery. Packets in the IP layer are called datagrams
The MTU is the maximum number of bytes that a data link protocol can encapsulate. MTUs vary from protocol to protocol. Fragmentation is the division of a datagram into smaller units to accommodate the MTU of a data link protocol
The IP datagram header consists of a fixed, 20-byte section and a variable options section with a maximum 40 bytes. The options section of the IP header is used for network testing and debugging. The six IP options each have a specific function
6161
Kyung Hee University
SummarySummary
The error detection method used by IP is the checksum. The checksum, however, convers only the header, but not the data. The checksum uses one’s complement arithmetic to add equal-size sections of the IP header. The complement result is stored in the checksum field. The receiver also used one’s complement arithmetic to check the header.
IP over ATM uses AAL5 layer in an ATM network. An ATM network creates a route between an entering-point router and exiting-point router. The next-hop address of an IP packet can be mapped to a physical address of an exiting-point router using ATMARP
An IP package can consist of the following : a header-adding module, a processing module, a forwarding module, a fragmentation module, a reassembly module, a routing table, an MTU table, and a reassembly table.