Network Layer4-1 NAT traversal problem r client want to connect to server with address 10.0.0.1 m...

Network Layer 4-1

NAT traversal problem client want to connect to

server with address 10.0.0.1 server address 10.0.0.1 local

to LAN (client can’t use it as destination addr)

only one externally visible NATted address: 138.76.29.7

solution 1: statically configure NAT to forward incoming connection requests at given port to server e.g., (123.76.29.7, port

2500) always forwarded to 10.0.0.1 port 25000

10.0.0.1

10.0.0.4

NAT router

138.76.29.7

Client ?

Solution #1 Example: Cisco wireless router

Network Layer 4-2

Network Layer 4-3

NAT traversal problem solution 2: Universal Plug and

Play (UPnP) Internet Gateway Device (IGD) Protocol. Allows NATted host to: learn public IP address

(138.76.29.7) Drill a “hole” in NAT Add a port mappings on

NAT

Require both host and NAT to be UPnP compatible

automate static NAT port map configuration

10.0.0.1

10.0.0.4

NAT router

138.76.29.7

IGD

Network Layer 4-4

NAT traversal problem solution 3: relaying (used in Skype)

NATed server establishes connection to relay

External client connects to relay relay bridges packets between to

connections

10.0.0.1

NAT router

138.76.29.7Client

1. connection torelay initiatedby NATted host

2. connection torelay initiatedby client 3. relaying

established

Network Layer 4-5

DHCP: Dynamic Host Configuration Protocol

Goal: allow host to dynamically obtain its IP address from network server when it joins networkCan renew its lease on address in useAllows reuse of addresses (only hold address while connected an “on”Support for mobile users who want to join network (more shortly)

DHCP overview: host broadcasts “DHCP discover” msg DHCP server responds with “DHCP offer” msg host requests IP address: “DHCP request” msg DHCP server sends address: “DHCP ack” msg

Network Layer 4-6

DHCP client-server scenario

223.1.1.1

223.1.1.2

223.1.1.3

223.1.1.4 223.1.2.9

223.1.2.2

223.1.2.1

223.1.3.2223.1.3.1

223.1.3.27

A

BE

DHCP server

arriving DHCP client needsaddress in thisnetwork

Network Layer 4-7

DHCP client-server scenarioDHCP server: 223.1.2.5 arriving

client

time

DHCP discover

src : 0.0.0.0, 68 dest.: 255.255.255.255,67yiaddr: 0.0.0.0transaction ID: 654

DHCP offersrc: 223.1.2.5, 67 dest: 255.255.255.255, 68yiaddrr: 223.1.2.4transaction ID: 654Lifetime: 3600 secs

DHCP requestsrc: 0.0.0.0, 68 dest:: 255.255.255.255, 67yiaddrr: 223.1.2.4transaction ID: 655Lifetime: 3600 secs

DHCP ACKsrc: 223.1.2.5, 67 dest: 255.255.255.255, 68yiaddrr: 223.1.2.4transaction ID: 655Lifetime: 3600 secs

Network Layer 4-8

Chapter 4: Network Layer 4. 1 Introduction 4.2 Virtual circuit and

datagram networks 4.3 What’s inside a

router 4.4 IP: Internet

Protocol Datagram format IPv4 addressing ICMP IPv6

4.5 Routing algorithms Link state Distance Vector Hierarchical routing

4.6 Routing in the Internet RIP OSPF BGP

4.7 Broadcast and multicast routing

Network Layer 4-9

ICMP: Internet Control Message Protocol used by hosts & routers to

communicate network-level information error reporting:

unreachable host, network, port, protocol

echo request/reply (used by ping)

network-layer “above” IP: ICMP msgs carried in IP

datagrams Not built on TCP!

ICMP message: type, code plus first 8 bytes of IP datagram causing error

Type Code description0 0 echo reply (ping)3 0 dest. network unreachable3 1 dest host unreachable3 2 dest protocol unreachable3 3 dest port unreachable3 6 dest network unknown3 7 dest host unknown4 0 source quench (congestion control - not used)8 0 echo request (ping)9 0 route advertisement10 0 router discovery11 0 TTL expired12 0 bad IP header

Network Layer 4-10

Traceroute and ICMP Source sends series of

UDP segments to dest First has TTL =1 Second has TTL=2, etc. Unlikely port number

When nth datagram arrives to nth router: Router discards

datagram And sends to source an

ICMP message (type 11, code 0)

Message includes name of router& IP address

When ICMP message arrives, source calculates RTT

Traceroute does this 3 times

Stopping criterion UDP segment eventually

arrives at destination host

Destination returns ICMP “host unreachable” packet (type 3, code 3)

When source gets this ICMP, stops.

Ethereal example

Introduction 1-11

“ Real” Internet delays and routes What do “real” Internet delay & loss look like? Traceroute program: provides delay

measurement from source to router along end-end Internet path towards destination. For all i: sends three packets that will reach router i on path

towards destination router i will return packets to sender sender times interval between transmission and reply.

3 probes

3 probes

3 probes

Introduction 1-12

“ Real” Internet delays and routes

1 cs-gw (128.119.240.254) 1 ms 1 ms 2 ms2 border1-rt-fa5-1-0.gw.umass.edu (128.119.3.145) 1 ms 1 ms 2 ms3 cht-vbns.gw.umass.edu (128.119.3.130) 6 ms 5 ms 5 ms4 jn1-at1-0-0-19.wor.vbns.net (204.147.132.129) 16 ms 11 ms 13 ms 5 jn1-so7-0-0-0.wae.vbns.net (204.147.136.136) 21 ms 18 ms 18 ms 6 abilene-vbns.abilene.ucaid.edu (198.32.11.9) 22 ms 18 ms 22 ms7 nycm-wash.abilene.ucaid.edu (198.32.8.46) 22 ms 22 ms 22 ms8 62.40.103.253 (62.40.103.253) 104 ms 109 ms 106 ms9 de2-1.de1.de.geant.net (62.40.96.129) 109 ms 102 ms 104 ms10 de.fr1.fr.geant.net (62.40.96.50) 113 ms 121 ms 114 ms11 renater-gw.fr1.fr.geant.net (62.40.103.54) 112 ms 114 ms 112 ms12 nio-n2.cssi.renater.fr (193.51.206.13) 111 ms 114 ms 116 ms13 nice.cssi.renater.fr (195.220.98.102) 123 ms 125 ms 124 ms14 r3t2-nice.cssi.renater.fr (195.220.98.110) 126 ms 126 ms 124 ms15 eurecom-valbonne.r3t2.ft.net (193.48.50.54) 135 ms 128 ms 133 ms16 194.214.211.25 (194.214.211.25) 126 ms 128 ms 126 ms17 * * *18 * * *19 fantasia.eurecom.fr (193.55.113.142) 132 ms 128 ms 136 ms

traceroute: gaia.cs.umass.edu to www.eurecom.frThree delay measurements from gaia.cs.umass.edu to cs-gw.cs.umass.edu

* means no response (probe lost, router not replying)

trans-oceaniclink

Under Windows is “tracert”

Introduction 1-13

Traceroute from My Home Computer (last year)

Traceroute from My Home Computer (another time)

Introduction 1-14

Introduction 1-15

Online Traceroute Tools Because UCF campus network blocks all

ICMP packets, you need an outside machine to try it. Try on http://tools.pingdom.com/ping/ Try from different countries from

www.traceroute.org Check traceroute virtual path at:

• http://traceroute.monitis.com/

and• http://www.yougetsignal.com/tools/visual-tracert/

Introduction 1-16

http://tools.pingdom.com/ping/

http://www.traceroute.org/

http://www.yougetsignal.com/tools/visual-tracert/

Network Layer 4-17








Network Layer 4-18

IPv6 Initial motivation: 32-bit address space soon

to be completely allocated. Additional motivation:

header format helps speed processing/forwarding

header changes to facilitate QoS Checksum: removed entirely to reduce

processing time at each hopIPv6 datagram format: fixed-length 40 byte header no fragmentation allowedVery slow take off

• IPv4 still has space (CIDR, DHCP, NAT)• Too trouble to upgrade

Network Layer 4-19

IPv6 Header (Cont)Priority: identify priority among datagrams in flowFlow Label: identify datagrams in same “flow.” (concept of“flow” not well defined).Next header: identify upper layer protocol for data

Network Layer 4-20

Transition From IPv4 To IPv6 Not all routers can be upgraded

simultaneous no “flag days” How will the network operate with mixed IPv4

and IPv6 routers? Tunneling: IPv6 carried as payload in IPv4

datagram among IPv4 routers

Network Layer 4-21

TunnelingA B E F

IPv6 IPv6 IPv6 IPv6

tunnelLogical view:

Physical view:A B E F

IPv6 IPv6 IPv6 IPv6IPv4 IPv4

Network Layer 4-22

TunnelingA B E F

IPv6 IPv6 IPv6 IPv6

tunnelLogical view:

Physical view:A B E F

IPv6 IPv6 IPv6 IPv6

C D

IPv4 IPv4Flow: XSrc: ADest: F

data

Flow: XSrc: ADest: F

data


data

Src:BDest: E


data

Src:BDest: E

A-to-B:IPv6

E-to-F:IPv6B-to-C:

IPv6 insideIPv4

B-to-C:IPv6 inside

IPv4

IPv6 Tunneling vs. IPv4 NAT Similarity:

Both have one IPv4 public IP address, and many computers behind it

Conduct translation/capculing on that special edge router

Difference: Hosts behind NAT are un-addressable

• Cannot communicate with each other Hosts behind Tunneling are addressable

• Can communicate with each other directly

Network Layer 4-23

Network Layer 4-24








Network Layer 4-25

Routing Algorithm classificationGlobal or decentralized

information?Global: all routers have complete

topology, link cost info “link state” algorithmsDecentralized: router knows physically-

connected neighbors, link costs to neighbors

iterative process of computation, exchange of info with neighbors

“distance vector” algorithms

Static or dynamic?Static: routes change slowly

over timeDynamic: routes change more

quickly periodic update in response to link

cost changes

Network Layer 4-26








Network Layer 4-27

A Link-State Routing AlgorithmDijkstra’s algorithm net topology, link costs

known to all nodes accomplished via “link

state broadcast” all nodes have same info

computes least cost paths from one node (“source”) to all other nodes gives routing table for

that node iterative: after k iterations,

know least cost path to k destinations

Idea: at each iteration increase

spanning tree by the node that has least cost path to the source

A

ED

CB

F2

21 3

1

12

53

5

Network Layer 4-28

A Link-State Routing AlgorithmNotation: c(i,j): link cost from node

i to j. cost infinite if not direct neighbors

D(v): current value of cost of path from source to dest. V

p(v): predecessor node along path from source to v, that is next v

N: set of nodes already in spanning tree (least cost path known)

A

ED

CB

F2

21 3

1

12

53

5

Examples: c(B,C) = 3 D(E) = 2 p(B) = A N = { A, B, D, E }

Network Layer 4-29

Dijsktra’s Algorithm1 Initialization: 2 N = {A} 3 for all nodes v 4 if v adjacent to A 5 then D(v) = c(A,v) 6 else D(v) = infinity 7 8 Loop 9 find w not in N such that D(w) is a minimum 10 add w to N 11 update D(v) for all v adjacent to w and not in N: 12 D(v) = min( D(v), D(w) + c(w,v) ) 13 /* new cost to v is either old cost to v or known 14 shortest path cost to w plus direct link cost from w to v */ 15 until all nodes in N

Network Layer 4-30

Dijkstra’s algorithm: exampleStep

012345

N D(B),p(B) D(C),p(C) D(D),p(D) D(E),p(E) D(F),p(F)

22

1 3

1

12

53

5

A 2,A 5,A 1,A infinity,- infinity,-AD 2,A 4,D 1,A 2,D infinity,-

ADE 2,A 3,E 1,A 2,D 4,EADEB 2,A 3,E 1,A 2,D 4,E

ADEBC 2,A 3,E 1,A 2,D 4,EADEBCF 2,A 3,E 1,A 2,D 4,E

ED

CB

FA

Network Layer 4-31








Network Layer 4-32

Distance Vector Algorithm (1)Bellman-Ford Equation (dynamic programming)Definedx(y) := cost of least-cost path from x to y

Then

dx(y) = minv {c(x,v) + dv(y) }

where min is taken over all neighbors of x

Network Layer 4-33

Bellman-Ford example

u

yx

wv

z2

21 3

1

12

53

5 Suppose we know thatdv(z) = 5, dx(z) = 3, dw(z) = 3

du(z) = min { c(u,v) + dv(z), c(u,x) + dx(z), c(u,w) + dw(z) } = min {2 + 5, 1 + 3, 5 + 3} = 4

B-F equation says:

How about du(y)?

Network Layer 4-34

Distance Vector Algorithm (3) Dx(y) = estimate of least cost from x to y Distance vector: Dx = [Dx(y): y є N ] Node x knows cost to each neighbor v:

c(x,v) Node x maintains Dx = [Dx(y): y є N ] Node x also maintains its neighbors’

distance vectors For each neighbor v, x maintains

Dv = [Dv(y): y є N ]

Network Layer 4-35

Distance vector algorithm (4)Basic idea: Each node periodically sends its own distance

vector estimate to neighbors When a node x receives new DV estimate from

neighbor, it updates its own DV using B-F equation:

Dx(y) ← minv{c(x,v) + Dv(y)} for each node y ∊ N

Under minor, natural conditions, the estimate Dx(y) converge the actual least cost dx(y)

Network Layer 4-36

Distance Vector Algorithm (5)Iterative,

asynchronous: each local iteration caused by:

local link cost change DV update message from

neighborDistributed: each node notifies

neighbors only when its DV changes neighbors then notify

their neighbors if necessary

wait for (change in local link, cost of msg from neighbor)

recompute estimates

if DV to any dest has changed, notify neighbors

Each node:

Network Layer 4-37

∞2 0 1

x y zxyz

0 2 7∞∞ ∞∞∞ ∞fro

mcost to

from

from

x y zxyz

0

from

cost to

x y zxyz

∞ ∞∞∞ ∞

cost to

x y zxyz

∞∞ ∞7 1 0

cost to

∞ ∞ ∞

2 0 17 1 0

time

x z12

7

y

node x table

node y table

node z table

Dx(y) = min{c(x,y) + Dy(y), c(x,z) + Dz(y)} = min{2+0 , 7+1} = 2

Dx(z) = min{c(x,y) + Dy(z), c(x,z) + Dz(z)} = min{2+1 , 7+0} = 3

32

Network Layer 4-38

x y zxyz

0 2 7∞∞ ∞∞∞ ∞fro

mcost to

from

from

x y zxyz

0 2 3

from

cost tox y z

xyz

0 2 3

from

cost to

x y zxyz

∞ ∞∞∞ ∞

cost tox y z

xyz

0 2 7

from

cost tox y z

xyz

0 2 3

from

cost to

x y zxyz

0 2 3fro

mcost to

x y zxyz

0 2 7

from

cost tox y z

xyz

∞∞ ∞7 1 0

cost to

∞2 0 1

∞ ∞ ∞

2 0 17 1 0

2 0 17 1 0

2 0 13 1 0

2 0 13 1 0

2 0 1

3 1 02 0 1

3 1 0

time

x z12

7

y

node x table

node y table

node z table

Dx(y) = min{c(x,y) + Dy(y), c(x,z) + Dz(y)} = min{2+0 , 7+1} = 2

Dx(z) = min{c(x,y) + Dy(z), c(x,z) + Dz(z)} = min{2+1 , 7+0} = 3

Network Layer 4-39

Comparison of LS and DV algorithmsMessage complexity LS: with n nodes, E links,

O(nE) msgs sent DV: exchange between

neighbors only convergence time varies

Speed of Convergence LS: O(n2) algorithm requires

O(nE) msgs may have oscillations

DV: convergence time varies may be routing loops count-to-infinity problem

Robustness: what happens if router malfunctions?

LS: node can advertise

incorrect link cost each node computes only

its own tableDV:

DV node can advertise incorrect path cost

each node’s table used by others

• error propagate thru network

Network Layer4-1 NAT traversal problem r client want to connect to server with address 10.0.0.1 m...

Documents

Transcript of Network Layer4-1 NAT traversal problem r client want to connect to server with address 10.0.0.1 m...