Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing...
-
Upload
winfred-beasley -
Category
Documents
-
view
222 -
download
0
Transcript of Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing...
![Page 1: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/1.jpg)
Chapter 4, slide: 1
Chapter 4: Network Layer
Introduction
IP: Internet Protocol IPv4 addressing NAT IPv6
Routing algorithms Link state Distance Vector
Routing in the Internet RIP OSPF BGP
![Page 2: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/2.jpg)
Sharing an IP address
Home networks, other small LANs Expensive to have unique IP address for
each host Want to share internet access through just
one IP address Want to maintain security/privacy
Install router … but how does it work?
Chapter 4, slide: 2
![Page 3: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/3.jpg)
Network Address Translation
NAT is an extension of the original IP addressing scheme
Motivated by exhaustion of IP address space Allows multiple computers at one site to share
a single global IP address Requires a device to perform packet
translation In-line configuration
All traffic entering or leaving the network must go through the NAT device
Should be transparent to all users• Virtual private connection
Chapter 4, slide: 3
![Page 4: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/4.jpg)
NAT: Network Address Translation
local network uses just one IP address as far as outside world is concerned (external address)
range of addresses not needed from ISP: just one IP address for all devices
can change addresses of devices in local network without notifying outside world
can change ISP / external address without changing addresses of devices in local network
devices inside local net not explicitly addressable by outside world (a security plus).
Chapter 4, slide: 4
![Page 5: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/5.jpg)
NAT: Network Address Translation
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
138.76.29.7
local network(e.g., home network)
10.0.0/24
rest ofInternet
Datagrams with source or destination in this networkhave 10.0.0/24 address for
source, destination (as usual)
All datagrams leaving localnetwork have same single source
NAT IP address: 138.76.29.7,different source port numbers
Chapter 4, slide: 5
![Page 6: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/6.jpg)
Implementation
To send datagram out to the internet from a computer in the private network: Computer constructs datagram with source
address and destination address, sends to NAT box
NAT box translates the source address in the datagram to the site's IP address
NAT keeps source and destination addresses in its translation table
Note: checksum must be recalculated and datagram must be reconstructed
Chapter 4, slide: 6
![Page 7: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/7.jpg)
Implementation
To forward an incoming datagram from the internet to a computer in the private network: Datagrams arrive addressed to the site's IP
address NAT finds source and destination addresses in
its translation table NAT changes the destination address in the
datagram to the internal address for the target computer
NAT reconstructs the datagram (with new checksum, etc.) and forwards it to the computer in the private network
Chapter 4, slide: 7
![Page 8: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/8.jpg)
Implementation Software solutions
Standard PC with • NAT software, e.g.:
– Linux masquerade– Windows RRAS (Routing and Remote Access Server)
• extra NIC required OK for slower speed networks (e.g., 10 Mbps) NAT box must translate addresses in time for the usual
network functions to work• detecting congestion, etc.
Hardware solutions Special-purpose hardware for high-speed networks (e.g.,
gigabit Ethernet) Hybrid solutions
Routers can incorporate software for NAT Used in medium-speed networks (e.g., 100 Mbps)
Chapter 4, slide: 8
![Page 9: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/9.jpg)
Virtual connection
The effect of NAT is to form a virtual private connection between a computer in a private network and a remote host (internet site).
Of course, the connection may be to a computer in a separate private network (through another NAT box)
Internal communications do not use the NAT box
Chapter 4, slide: 9
![Page 10: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/10.jpg)
Problems with basic NAT
If two computers inside the private network both want to communicate with the same external site, the basic translation table is not sufficient
If one computer inside the private network is running applications with two remote hosts, the basic translation table is not sufficient
If a remote site wants to make the first contact with a computer inside the private network, there will be no translation table entry.
Chapter 4, slide: 10
![Page 11: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/11.jpg)
NAPT
Network Address and Port Translation Most popular implementation of NAT Usually just called NAT Keeps track of local addresses and IP
addresses Also can keep track of (and change) TCP
and UDP protocol port numbers Allows
• multiple computers in the private network to communicate with a single destination
• multiple applications on a single computer in the private network to communicate with multiple destinations
Chapter 4, slide: 11
![Page 12: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/12.jpg)
Example NAPT table Entry in table records protocol port number as well as IP address Port numbers are re-assigned to avoid conflicts Note: this requires the NAT box (router) to have some transport-
layer functionality
Direction Initial value Translated Unchanged
outIP SRC:TCP SRC10.0.0.125:30000
IP SRC:TCP SRC128.210.24.6:40001
IP DST:TCP DST68.18.6.225:80
outIP SRC:TCP SRC10.0.0.77:30000
IP SRC:TCP SRC128.210.24.6:40002
IP DST:TCP DST68.18.6.225:80
inIP DST:TCP DST128.210.24.6:40001
IP DST:TCP DST10.0.0.125:30000
IP SRC:TCP SRC68.18.6.225:80
inIP DST:TCP DST128.210.24.6:40002
IP DST:TCP DST10.0.0.77:30000
IP SRC:TCP SRC68.18.6.225:80
Chapter 4, slide: 12
![Page 13: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/13.jpg)
NAT table
For an out-going datagram: Source address is changed to the site address. Source port number is re-assigned and recorded Checksum is recalculated Datagram is reconstructed Destination address / port number are not changed
Translation table records• Internal source address / original port number • Destination address / re-assigned source port number
Chapter 4, slide: 13
![Page 14: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/14.jpg)
NAT table
For an in-coming datagram: Destination address is changed to the internal address
recorded in the translation table. Destination port number is changed to the port number
recorded in the translation table. Checksum is recalculated Datagram is reconstructed Source address / port number are not changed
Chapter 4, slide: 14
![Page 15: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/15.jpg)
NAT: Network Address Translation
10.0.0.1
10.0.0.2
10.0.0.3
S: 10.0.0.1, 3345D: 128.119.40.186, 80
1
10.0.0.4
138.76.29.7
1: host 10.0.0.1 sends datagram to 128.119.40.186, 80
NAT translation tableWAN side addr LAN side addr
138.76.29.7, 5001 10.0.0.1, 3345…… ……
S: 128.119.40.186, 80 D: 10.0.0.1, 3345
4
S: 138.76.29.7, 5001D: 128.119.40.186, 80
2
2: NAT routerchanges datagramsource addr from10.0.0.1, 3345 to138.76.29.7, 5001,updates table
S: 128.119.40.186, 80 D: 138.76.29.7, 5001
3
3: Reply arrives dest. address: 138.76.29.7, 5001
4: NAT routerchanges datagramdest addr from138.76.29.7, 5001 to 10.0.0.1, 3345
Chapter 4, slide: 15
![Page 16: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/16.jpg)
First contact
When initial contact is attempted from outside the site, there is no translation table entry E.G., a private network might be running
multiple servers through a NAT system
Chapter 4, slide: 16
![Page 17: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/17.jpg)
NAT traversal problem client wants to connect to server with address
10.0.0.1 server address 10.0.0.1 local to LAN (client can’t use it as
destination addr) only one externally visible NAT’ed address: 138.76.29.7
10.0.0.1
10.0.0.4
NAT router
138.76.29.7
Client?
Chapter 4, slide: 17
![Page 18: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/18.jpg)
NAT traversal problemSolution 1: statically configure NAT to forward incoming
connection requests at given port to server e.g., (123.76.29.7, port 2500) always forwarded to
10.0.0.1 port 25000
10.0.0.1
10.0.0.4
NAT router
138.76.29.7
Client?
Chapter 4, slide: 18
![Page 19: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/19.jpg)
NAT traversal problemSolution 2: Universal PnP Internet Gateway Device (IGD)
Protocol.
Allows NAT’ed host to: map (private IP, private port #) with (public IP, public port #)
advertise (public IP, public port #) So DNS can work
add/remove port mappings
10.0.0.1
10.0.0.4
NAT router
138.76.29.7
IGD
Chapter 4, slide: 19
![Page 20: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/20.jpg)
Summary: Network Address Translation
16-bit port-number field: ~65,000 simultaneous connections with a
single LAN-side address! NAT is controversial.
Objections include:• routers should only process up to layer 3• address shortage should instead be solved by
IPv6
Chapter 4, slide: 20
![Page 21: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/21.jpg)
Chapter 4, slide: 21
Chapter 4: Network Layer
Introduction
Virtual circuit and datagram networks
IP: Internet Protocol IPv4 addressing NAT IPv6
Routing algorithms Link state Distance Vector
Routing in the Internet RIP OSPF BGP
![Page 22: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/22.jpg)
Chapter 4, slide: 22
IPv6 Initial motivation:
32-bit address space soon to be completely allocated.
Additional motivation: header changes to facilitate QoS
Major changes from IPv4: Fragmentation: no longer allowed; drop packet
if too big Checksum: removed to reduce processing
time; already done at transport and link layers Options: allowed, but outside of header,
indicated by “Next Header” field
![Page 23: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/23.jpg)
New features of IPv6
Support for audio and video “flow labels” and “quality of service” allow
audio and video applications to establish appropriate connections
Extensible new features can be added more easily
Chapter 4, slide: 23
![Page 24: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/24.jpg)
IPv6 datagram format
Chapter 4, slide: 24
![Page 25: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/25.jpg)
IPv6 base header format
Chapter 4, slide: 25
![Page 26: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/26.jpg)
IPv6 base header Contains less information than IPv4
header VERSION (4 bits) TRAFFIC CLASS (8 bits)
• specifies the traffic class (used to choose a route) FLOW LABEL (20 bits)
• used to associate datagrams belonging to a flow or communication between two applications
PAYLOAD LENGTH (16 bits)• indicates the length of data (i.e. payload)
excluding header NEXT HEADER (8 bits)
• points to first extension header HOP LIMIT (8 bits)(old TTL)
• specifies the maximum number of hops a packet can travel through before being discarded
SOURCE ADDRESS (128 bits) DESTINATION ADDRESS (128 bits) Chapter 4, slide: 26
![Page 27: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/27.jpg)
NEXT header
Chapter 4, slide: 27
![Page 28: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/28.jpg)
Parsing IPv6 headers
Base header is fixed size - 40 octets NEXT HEADER field in base header defines
type of next header Next header appears at end of fixed-size base
header
Some extensions headers are variable sized NEXT HEADER field in extension header defines type HEADER LEN field gives size of extension header
Chapter 4, slide: 28
![Page 29: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/29.jpg)
Multiple headers
Efficiency header only as large as necessary
Flexibility can add new headers for new features
Incremental development can add processing for new features
Chapter 4, slide: 29
![Page 30: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/30.jpg)
Fragmentation and Path MTU Fragmentation information is in fragmentation
extension header IPv6 source (not intermediate routers) is
responsible for fragmentation Source must find path MTU
Routers simply drop datagrams larger than path MTU No more fragmenting by routers ICMP message sent to source
Must be dynamic - path may change during transmission of datagrams
Source determines path MTU Uses path MTU discovery
• Source sends probe message of various sizes• Gets ICMP messages until destination reached
Constructs datagrams to fit within that MTU Chapter 4, slide: 30
![Page 31: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/31.jpg)
IPv6 addressing
128-bit addresses Includes network prefix and host suffix No address classes
prefix/suffix boundary can fall anywhere Longest matching prefix
Chapter 4, slide: 31
![Page 32: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/32.jpg)
Address notation in IPv6 128-bit addresses
unwieldy in dotted decimal requires 16 numbers example:
• 105.220.136.100.255.255.255.255.0.0.18.128.140.10.255.255
IPv6 uses groups of 16-bit numbers in hex separated by colons colon hexadecimal (colon hex) example:
• 69DC:8864:FFFF:FFFF:0:1280:8C0A:FFFF Add /bits to specify netmask
example:• 69DC:8864:FFFF:FFFF:0:1280:8C0A:FFFF/64
Chapter 4, slide: 32
![Page 33: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/33.jpg)
Address shorthand in IPv6
Zero-compressionseries of zeroes indicated by two
colons example:
• FF0C:0:0:0:0:0:0:B1becomes
• FF0C::B1
An IPv6 address with 96 leading zeros is interpreted to hold an IPv4 address
Chapter 4, slide: 33
![Page 34: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/34.jpg)
Chapter 4, slide: 34
Transition From IPv4 To IPv6 Can all routers be upgraded simultaneously ??
Answer: it can’t; no “flag days” Analogy: (IP for Internet) ~ (foundation for House) To change the foundation, you need to tear down the
house!!
Solutiongradually incorporate IPv6 (may take few years)
How will the network operate with mixed IPv4 and IPv6 routers?
Tunneling??
![Page 35: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/35.jpg)
Chapter 4, slide: 35
TunnelingA B E F
IPv6 IPv6 IPv6 IPv6
tunnelLogical view:
Physical view:A B E F
IPv6 IPv6 IPv6 IPv6IPv4 IPv4
What is the problem here?
DC
Why can’t B just send an IPv4 packet to C ?
Flow: XSrc: ADest: F
data
A-to-B:IPv6
Problem: D won’t be able to send an IPv6 packet to E? Why?
Be aware that:
• IPv6 nodes have both IPv4 & IPv6 addresses
• Nodes know which nodes are IPv4 and which one are IPv6 (use for e.g. DNS)
![Page 36: Chapter 4, slide: 1 Chapter 4: Network Layer r Introduction r IP: Internet Protocol IPv4 addressing NAT IPv6 r Routing algorithms Link state](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649eb55503460f94bbdb34/html5/thumbnails/36.jpg)
Chapter 4, slide: 36
TunnelingA B E F
IPv6 IPv6 IPv6 IPv6
tunnelLogical view:
Physical view:A B E F
IPv6 IPv6 IPv6 IPv6
C D
IPv4 IPv4
Flow: XSrc: ADest: F
data
A-to-B:IPv6
Flow: XSrc: ADest: F
data
E-to-F:IPv6
Flow: XSrc: ADest: F
data
Src:BDest: E
B-to-C:IPv6 inside
IPv4
Flow: XSrc: ADest: F
data
Src:BDest: E
B-to-C:IPv6 inside
IPv4
Be aware that:
• IPv6 nodes have both IPv4 & IPv6 addresses
• Nodes know which nodes are IPv4 and which one are IPv6 (use for e.g. DNS)