Computer Networks (ComNet) 4/5 : Networkfourmaux/ARes/ARes_C4_en_4.pdf · 2020. 9. 27. · The...

The network layerAddressing and control

Routing

Computer Networks (ComNet) 4/5 : Network

O. Fourmaux - T. Friedman

Version 8.1

O. Fourmaux - T. Friedman Computer Networks (ComNet) 4/5 : Network


Routing

ComNet: course 4/5 outline

1 The network layerBackgroundTCP/IP integrationIPv4/v6 packet structure

2 Addressing and controlIPv4/v6 addressingControl messagesRelated mechanisms

3 RoutingBasic algorithms and routing hierarchyAn interior gateway protocol: OSPFAn exterior gateway protocol : BGP



Routing

Network layer

The network layer forward packets from the source to thedestination by doing hops between the intermediate nodes.

end-to-endtopology knowledgeroute computation (routing)virtual adressingunderlying technology abstraction

underlying dedicated encapsulationsize adaptationaddresses translation



Routing

BackgroundTCP/IP integrationIPv4/v6 packet structure







Routing


Network layer: OSI

Presentation

Application

Session

Transport

Data link

Physical

7

6

5

4

3

2

1

Interface Interface

Host A

APDU

Presentation

Application

Session

Transport

Data link

Physical

Host B

Data link Data link

Physical Physical

Router Router

Application protocol

Presentation protocol

Transport protocol

Session protocol

Network Network Network Network



Routing


Network layer: encapsulation

The network layer make abstraction of the underlying technologiesdata must be able to be forwarded from networks to networksupper layers should not make any hypothesis about theunderlying layers

? EthernetATM��

��

��

��

à more in course 5/5 Support architectures



Routing


Network layer: fragmentation

G1 G2 G3 G4

G1 G2 G3 G4

Packet

Network 1

G1 fragmentsa large packet

G2reassemblesthe fragments

G3 fragments

again

G4reassembles

again

Network 2

(a)

Packet

G1 fragmentsa large packet

The fragments are not reassembleduntil the final destination (a host) is reached

(b)

pictures from Tanenbaum A. S. Computer Networks 3rd edition



Routing


Network layer: addressing

The network layer provides a virtual adressing scheme usable onevery underlying network technology

unique identifier for each devicemasks technology-specific addressing mechanisms

requires translation of addresses

? EthernetATM

47.00918100000000000CA79E01.00000CA79E01.00

163218239200400

08:00:69:02:01:FC

��

��

��

��

à also more details in course 5/5 Support architectures supports



Routing


Network layer: communication models

R

S

Unicast

R

S

Multicast

R

S

Anycast

S

Broadcast

R

RR

R

RRR

R

R

R

R



Routing


Network layer: virtual circuit or datagram approach

X. 25

M

M

OSI

M

M ATM

End-to-end concatenatedvirtual circuits

Router

Host

Multiprotocolrouter

SNA

1

2

M

M

M

M

2

Host

Router

1

Packets travel individuallyand can take different routes

Multiprotocolrouter




Routing


Network layer: routing

Calculating routesinitial (virtual circuits)for each packet (without memory)

Routing decisions based on:routing table

staticdynamic

routing algorithmsrouting protocols...

à to be examined in greater detail



Routing








Routing


Network layer: TCP/IP

IPv4/v6

TCP...SCTPDCCPUDP

IMAPPOPSMTPSNMPTFTP

FTPSSH

HTTP...

SDHATM

xDSLDOCSIS

AAL

802.16802.11Ethernet

PPPMAC

...

à IPv4/v6 interface is universal



Routing


IPv4/v6

Routers

Packets

Connectionless best effort service



Routing








Routing


IPv4/v6: packet structure

v4 IHL DiffServ Total LengthIdentification FF Fragment Offset

TTL Protocol Header ChecksumSource Address

Destination AddressOptions

(0-10 32 bits lines)

v6 DiffServ Flow LabelNext Hdr Hop LimitPayload Length

Source Address

Destination Address

Payload (Upper Layer)

Payload (Next Header / Upper Layer)



Routing


IPv4/v6: versions


TTL Protocol Header ChecksumSource Address (32 bits)

Destination Address (32 bits)Options



Source Address (128 bits)

Destination Address (128 bits)



4 bitspresent IP: version 4 and version 6



Routing


IPv4 only: header length










4 bits (max value: 15)indicates the number of 32 bits lines in the IP header

mandatory because the header is variable length (20 à60 bytes)value from 5 (no option) to 15 (10 lines of options)

IPv6 header length is fixed = 40 bytes (10 lines)



Routing


IPv4/v6: Differenciated Services Byte (DiffServ)










8 bits for Diffserv and ECN :6 bits for DSCP (DiffServ Code Point)2 bits for ECN (Explicite Congestion Notification)



Routing


IPv6 (only): Flow Labelv4 IHL DiffServ Total Length

Identification FF Fragment OffsetTTL Protocol Header Checksum

Source Address (32 bits)Destination Address (32 bits)

Options (0-10 32 bits lines)






24 bits identifying a sequence of packet for receiving aspecific handling

allow classification without parsing upper layersa flow is a unique identifier (for the source)packets are not assumed to belong to the same flow after asilence of 120 s

but now macro-flows are preferred to micro-flowsDiffServ inside a provider networkindexing inside the network with ingress and egress routers



Routing


IPv4/v6: packet size










16 bits (64 Kbytes maximum)total packet size with header (IPv4) or without (IPv6)expressed in bytes

the network must allow an MTU1 > 576 bytes (IPv4) and> 1280 bytes (IPv6)

1MTU: Maximum Transmission UnitO. Fourmaux - T. Friedman Computer Networks (ComNet) 4/5 : Network


Routing


IPv4 (only): identifier










16 bits (loops every 64 K packets)meant to be a unique value for each packetfor reassembling the fragments of the same packettypically, increment a counter for each successive packet



Routing


IPv4 (only): fragmentationv4 IHL DiffServ Total Length









Non transparent fragmentation1 bit reserved1 bit DF: Don’t Fragment (1 = fragmentation forbiden)1 bit MF: More Fragment (0 = for the last fragment)13 bits fragment offset in 8 bytes blocs (shift 3)

examples: 0x0000 paquet entier (offset=0)0x2000 premier fragment (offset=0)0x20A0 fragment central (offset=1280)0x00B0 dernier fragment (offset=1408)



Routing


IPv4 (only): fragmentation

Number of the first elementary fragment in this packet

Packetnumber

End of packet bit

27 0 1 A B C D E F G H I J

27 0 0 A B C D E F G H 27 8 1 I J

27 0 0 A B C D E 27 5 0 F G H 27 8 1 I J

Header

8 bytes

Header Header

Header redaeHredaeH

(a)

(b)

(c)



Routing


IPv4/IPv6:fragmentation avoidance

Fragmentation is costly for the routers :avoidance with PMTU (Path Maximum Transmission Unit)

sending of an unfragmentable packeteach router needing fragmentation return a (Packet Too Big)messagesender adaptation (upper layer indication or initialfragmentation)iterate until reaching the destination

IPv4 may use PMTU with the bit DF = 1IPv6 must use PMTU

initial fragmentation is possible via a header extension



Routing


IPv4/v6: Time To Live / Hop Limitv4 IHL DiffServ Total Length









8 bitsinitial IPv4 TTL unit: secondsmaximum value set by the sender (255, 128, 64...)decremented in each router

minimum 1 per routeur à number of hopsmax 255 hops

avoid loops



Routing


IPv4/v6: carried/encapsulated protocolv4 IHL DiffServ Total Length









8 bitsmux/demux for the upper layer protocols (or next IPv6header):

Unix> cat /etc/protocols ipv6-route 43 # routing header for ipv6ip 0 # pseudo protocol number ipv6-frag 44 # fragment header for ipv6icmp 1 # internet control message protocol rsvp 46 # Reservation Protocoligmp 2 # internet group management protocol gre 47 # General Routing Encapsulationipencap 4 # IP encapsulated in IP esp 50 # encapsulating security payloadtcp 6 # transmission control protocol ah 51 # authentication headerudp 17 # user datagram protocol ipv6-icmp 58 # ICMP for IPv6iso-tp4 29 # ISO Transport Protocol class 4 ipv6-nonxt 59 # no next header for ipv6dccp 33 # Datagram Congestion Control Proto. ipv6-opts 60 # destination options for ipv6xtp 36 # Xpress transport protocol ospf 89 # Open Shortest Path First IGPipv6 41 # ipv6 encap sctp 132 # Stream Control Transmission Proto.



Routing


IPv4 (only): header checksumv4 IHL DiffServ Total Length









16 bitssimilar to UDP/TCP checksum but only on the headersender:

checksum2 =∑

word16bitsreceiver: recompute the sum

= 0: no error detected (yet still possible)6= 0: error (silent discard)

2Binary sum over 16 bits with overflow carried to the least significant bitO. Fourmaux - T. Friedman Computer Networks (ComNet) 4/5 : Network


Routing


IPv4/v6: source and destination addresses










32 bits (IPv4) or 128 bits (IPv6)identifies the packet sender or destinationdestination address is used in the process of routingsource address allows a message to be returned to the sender(ICMP, UDP...)



Routing


IPv4/v6: header extension





Extention data(Ext Lenght * 64 bits)

v6 DiffServ Flow LabelNext Hdr

Next Hdr Ext Lenght

Extention data(Ext Lenght * 64 bits)

Next Hdr Ext Lenght

Hop LimitPayload LengthSource Address (128 bits)



Payload (Upper Layer)IPv4 : extensible header withoptions field of variable lengthIPv6 : successive header encapsulation



Routing


IPv4: optionsv4 IHL DiffServ Total Length









0 to 40 bytes (aligned on a 32 bit boundary)TLV value identical to TCP’sexamples:

record routestrict or loose source routingtime stamps, security...

examined by each router à To avoid!à To avoid!



Routing


IPv6: header extension

IPv4 : extensible header withoptionsfield of variable lengthIPv6 : successive headerencapsulation

Extention data

(Ext Lenght * 64 bits)

v6 DiffServ Flow LabelNext Hdr

Next Hdr Ext Lenght

Extention data

(Ext Lenght * 64 bits)

Next Hdr Ext Lenght

Hop LimitPayload Length






Routing



IPv6

Hop by Hop

Destination

Routing

Fragmentation

Authentication

Security

Destination

ULP

0

60

43

44

51

50

60

6, 17, ...

Processed by every router

Processed by routers listed in Routing extension


Processed by the destination







Routing



IPv6

Hop by Hop

Destination

Routing

Fragmentation

Authentication

Security

Destination

ULP

0

60

43

44

51

50

60

6, 17, ...

Processed by every router



Costly to reassemble in each router listed

Authentication can only be made on full packet


Destination information will be protected




Routing

IPv4/v6 addressingControl messagesRelated mechanisms







Routing


Addressing: principles

Routing based on an easily accessible destination address:fixed location in headerfixed sizememory alignment

Adresse IPv4 (1981)32 bits

Adresse IPv6 (1996)128bits



Routing


Addressing: standard writing

IPv4 addressedoted decimal notation

write each byte in decimal with dot separationexample: 132.77.12.2

IPv6 addresseglobal format:

write each 16 bits word in hexadecimal with colon separation:example: 2001:0db8:abcd:0001:0000:0000:1234:5678

compact format:remove 0 on the left of each wordsubstitute only one sequence of zeros by :: (to avoidambiguity)example: 2001:db8:abcd:1::1234:5678

IPv4 address integrationexample: ::ffff:192.1.2.3



Routing


Addressing: hostId/netId

Addresses are made of 2 partsà network identifier (netId) and host identifier (hostId) areassociated in the IPv4 and IPv6 addresses, example (IPv4):

Ad. IPv4 : netId hostId

12.2132.77



Routing


Addressing: préfix/netmask

Indication of the size of the identifier of network (netId):

préfix notation : 132.77.0.0/16

netmask notation : 132.77.0.0 netmask 255.255.0.0

Binary netmask usageextracting the netId (IPv4 example)

132.227. 60.135&& 255.255. 0. 0

132.227. 0. 0

netId.hostId&& netmask

netId. 0. 0

extracting the hostId (IPv4 example)132.227. 60.135

&& 0. 0.255.25560.135

netId.hostId&& !netmask

hostId



Routing


IPv4 addressing: with classes

32 Bits

Range of hostaddresses

1.0.0.0 to127.255.255.255

128.0.0.0 to191.255.255.255

192.0.0.0 to223.255.255.255

224.0.0.0 to239.255.255.255

240.0.0.0 to247.255.255.255

Class

0 Network Host

10 Network Host

110 Network Host

1110 Multicast address

11110 Reserved for future use

A

B

C

D

E




Routing


IPv4 Addressing: netmask + specific

Binary mask usageclass binairy mask netmask prefixA 11111111000000000000000000000000 255.0.0.0 /8B 11111111111111110000000000000000 255.255.0.0 /16C 11111111111111111111111100000000 255.255.255.0 /24

Specific addresses:for each network (netId), 2 reserved addresses:

netId.000....000 à identifies this networknetId.111....111 à this network broadcast

others:000....000 à source address unknown111....111 à local broadcast127.x.y.z à software loopback



Routing


Addressing: subnetting (1)

Initial size of the identifier of network (netId):132.77.0.0 /16 (prefix notation)132.77.0.0 netmask 255.255.0.0 (mask notation)

Subdivision possible:132.77.12.0 /22

132.77.12.0 netmask 255.255.252.0



Routing



Ad. IPv4 : netId hostId

7132.77

subnetId

12



Routing



132.77.0.0/16

132.77.4.0/22

132.77.0.0/22

132.77.12.0/22

3.254

0.1

3.254

0.3

Internet

0.3

3.254

0.5

0.5 0.11

0.7


netId.000....000netId.111....111000....000111....111127.x.y.z


Routing


Addressing: allocation

10.1.1.6

10.1.1.3

80.1.2.1

80.1.2.3

80.1.2/24

80.1.2.15

10.1.1.1

10.1.1.27

55.2.1.1 55.2.7.25

55.2.7.26 55.2.2.6

55.2/1655.2.1.3

55.2.7.955.1.1.155.1.1.2

55.2.1.13

55.2.1.1455.2.1.2

131.18.82.7

131.18.81.4131.18.81.1

10.1.1.3

131.18.80/20

131.18.81.11



Routing


Routing process

packet

destination

address direct

access

route to the

host

route to the

network

default route

send to the

destination

send to the next

router

error

yes

yes

no

send to the next

routeryes

send to the next

routeryes

Destination Gateway Genmask Flags Metric Ref Use Iface192.33.182.0 0.0.0.0 255.255.255.0 U 0 0 0 eth010.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 atm0154.18.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1132.77.0.0 154.18.2.254 255.255.0.0 UG 0 0 0 eth1default 192.33.182.254 0.0.0.0 UG 0 0 0 eth0



Routing


Routing: longest prefix match

40.0.0.0

30.0.0.0

20.0.0.050.3.0.0

50.1.2.3if1

if2if3

IPdest=50.2.9.3

Destination Gateway Genmask Flags Metric Ref Use Iface20.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 if130.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 if240.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 if350.2.0.0 20.1.2.3 255.255.0.0 UG 0 0 0 if150.1.2.3 20.1.0.1 255.255.255.255 UGH 0 0 0 if160.126.6.0 40.0.0.1 255.255.255.0 UG 0 0 0 if2default 30.0.0.1 0.0.0.0 UG 0 0 0 if2



Routing


IPv4 : Classless addressing (CIDR)

So-called “class-based” IP address allocation is inefficientadresses allocated by blocks of 256, 65K, or 16M

subnetting allows for better management

CIDR (Classless InterDomain Routing)classless addressing allows greater flexibility in addressallocation:

allows the use of all addresses from a block of continuousaddresses sharing a common prefixallows routers to maintain a single entry in a routing tableused for all possible address block sizes in the full ex-class A,B, C address space

example : 81.152.12.0/22


81.152.12.0/22


Routing


Addressing: CIDR calculus

A CIDR block is the aggregation of a set of addressesnetwork bits (netId) of a CIDR block consist of the Nleftmost bits (/N défines the network mask of the CIDR block)host bits (hostId) of a CIDR block consist of the 32− Nremaining bitsset of addresses that can be allocated in a CIDR block:

first host: hostId = 000...0001last host: hostId = 111...1110broadcast address: hostId = 111...1111

example:CIDR block -> 192.77.20.0/22@ first host : 192.77.20.1...@ last host : 192.77.23.254@ broadcast : 192.77.23.255



Routing


Addressing: CIDR block split

CIDR blocks can be divided into sub-blocks through subnetting

192.77.20.0/22

192.77.20.0/25

192.77.21.128/25

192.77.22.0/25

Internet5

1

3

3

5

11

7

126126

126



Routing


IPv4: public or private addresses

Public addressingevery Internet host must have a unique valid address

Private addressing

for TCP/IP usage outside of the Internetindependent address management (unique addresses)recommended address blocks:

unrouted addresses (private addresses):10.0.0.0/8 (1 ex-class A)172.16.0.0/12 (16 ex-class Bs)192.168.0.0/16 (256 ex-class Cs)169.254.0.0/16 (link local block for auto-configuration)

available for each private internetnot sent to the public Internet, even if connectedpossible to communicate to the Internet (proxy, NAT,. . . )



Routing


IPv4: NAT (Network Address Translation)

1

2

3

4

5

6

7NATbox/firewall

PC Leasedline

Packet aftertranslation

Packet beforetranslationCompany

LAN

Companyrouter

Server

ISP’srouter

10.0.0.1 198.60.42.12

Boundary of company premisespictures from Tanenbaum A. S. Computer Networks 4rd edition



Routing


IPv4: NAT, DNAT and NAPT

Several ways to convert addresses:static NAT : preset address translationdynamic NAT : on the fly address translation

+ dynamic address table:

private address public adress10.0.0.3 192.33.182.11710.0.0.4 192.33.182.118

... ...

NAPT (CISCO NAT overload): on the fly translation with“overload”+ ports + dynamic table (for each protocol):proto private addr. private port public addr. public portTCP 10.0.0.3 1027 192.33.182.117 1027TCP 10.0.0.4 1027 192.33.182.117 1028UDP 10.0.0.4 31765 192.33.182.117 31765... ... ... ... ...



Routing


IPv4: NAPT mechanisms

Where are addresses modified?+ at the interface card:

NAT on entry à routing process à NAT on exit

Additional changes:the header checksum must be recalculated

NAT IP, TCP et UDP (address + pseudo-header)NAPT IP, TCP et UDP (address + pseudo-header + port)

the address and port parameters of application-layer protocolsmust also be modified (PORT command in FTP)ICMP messages are analyzed



Routing


IPv4: NAT and IETF (RFC 1631)

NAPT very widely used todaycompanies (flexibility)service providers (lack of addresses)individuals (who only receive one address)

creates some problemsarchitectural:

ports should identify processes and not machinestransport-layer changes made by the networkend-to-end principle: hosts should communicate directly

security: incompatible with authenication mechanismstechnical: how to “enter” a NATed network?

solutionsshort term à static conversions conversions, middleboxeslong term à IPv6



Routing


IPv4 addressing: with classes

32 Bits

Range of hostaddresses

1.0.0.0 to127.255.255.255

128.0.0.0 to191.255.255.255

192.0.0.0 to223.255.255.255

224.0.0.0 to239.255.255.255

240.0.0.0 to247.255.255.255

Class

tsoHkrowteN0

tsoHkrowteN01

krowteN011 Host

sserdda tsacitluM0111

11110 Reserved for future use

A

B

C

D

E



Routing


IPv4: multicast adressing

R

GS

R

R

IP multicast (RFC 1112) is buit on :group abstraction (virtual addresses from classe D)group access initiated by the receivers (see IGMP)transmission to the group of receivers handled by routers



Routing


IPv4: well-known multicast adressing

224.0.0.0 Base address (reserved)224.0.0.1 All Hosts multicast group (all hosts on the same link)224.0.0.2 All Routers multicast group (all routers on the same link)224.0.0.4 All DVMRP Routers224.0.0.5 All OSPF Routers (for Hello to all OSPF routers on a link)224.0.0.6 All OSPF Designated Routers (for routing information to DR on a link)224.0.0.9 All RIP2-aware Routers (information to all RIP2 routers on a link)224.0.0.10 All EIGRP Routers224.0.0.13 Protocol Independent Multicast v2 (PIMv2)224.0.0.18 Virtual Router Redundancy Protocol (VRRP)224.0.0.19-21 IS-IS over IP224.0.0.22 Internet Group Management Protocol v3 (IGMPv3)224.0.0.102 Hot Standby Router Protocol v2 (HSRPv2)224.0.0.107 Precision Time Protocol v2 peer delay measurement224.0.0.251 Multicast DNS (mDNS) address (for ZeroConf)224.0.0.252 Link-local Multicast Name Resolution (LLMNR) address224.0.0.253 Teredo tunneling client discovery address224.0.1.1 NTP clients listen on this awhen operating in multicast



Routing


IPv6: 128 bits addresses

Why larger size adresses ?IPv4 : 6 addresses per US inhabitant, 1 in Europe, 0.01 inChina and 0.001 in IndiaIPv6 : 50000 trillion trillion addresses per inhabitant on earth

Addresses for everything on the network (not only for everything)depends on your location on the networkno addresses for the whole life (renumbering, deprecation...)

IPv6 addresses allocation (RFC 4291):interfaces have several IPv6 addresses :

link local address, global address...

use CIDR principle with prefix notation :2001:db8:1234::/48

loopback ::1O. Fourmaux - T. Friedman Computer Networks (ComNet) 4/5 : Network


Routing


IPv6: addressing space

0000::/8 Reserved by IETF [RFC4291]0100::/8 Reserved by IETF [RFC4291]0200::/7 Reserved by IETF [RFC4048]0400::/6 Reserved by IETF [RFC4291]0800::/5 Reserved by IETF [RFC4291]1000::/4 Reserved by IETF [RFC4291]2000::/3 Global Unicast [RFC4291]4000::/3 Reserved by IETF [RFC4291]...c000::/3 Reserved by IETF [RFC4291]e000::/4 Reserved by IETF [RFC4291]f000::/5 Reserved by IETF [RFC4291]F800::/6 Reserved by IETF [RFC4291]fc00::/7 Unique Local Unicast [RFC4193]fe00::/9 Reserved by IETF [RFC4291]fe80::/10 Link Local Unicast [RFC4291]fec0::/10 Reserved by IETF [RFC3879]ff00::/8 Multicast [RFC4291]


2001:db8:1234::/48::1


Routing


IPv6 : addresses types

Several kind of addresses are defined with IPv6:reserved prefix 0::/8 is used for special addresses(undetermined, loopback, mapping, IPv4 compatible...)Global Unicast: point-to-point addresses similar to publicIPv4 addresesUnique Local Unicast: similar to IPv4 private addressesLink-Local: non routable addresses used for directly accessiblehostsMulticast: similaire aux classes D d’IPv4



Routing


IPv6: Global Unicast Address

3 45 16 64(001)2 Global Prefix SID Interface ID

Addresses with a global scope similar to public IPv4 addressesGlobal prefix is given by the provider (public topology)SID is assigned locally (local topology)

may be reduce for home networks (/56 ou /60)Interface ID is an identifier alternatively:

derived from a Layer 2 ID (i.e. MAC address) à anonymityproblemassigned manually (same address when NIC change)generated dynamic random value (guarantee anonymity)



Routing


IPv6: Local Link Address

10 54 64FE80 0000:0000:0000 Interface ID

Addresses restricted to the local link:not routableautomatically configured at the interface setupmainly used for auto-configurationdirect communication between host connected to the same linksame prefix for all interfaces fe80::/10 : need %ifaceInterface ID is an identifier:

derived from a Layer 2 ID (i.e. MAC address) à no anonymityproblem

MAC-48 à EUI-64 en rajoutant 0xFFFE entre les 3 octets dedébut (Vendor) et les 3 de fin (Serial)EUI-64 à Interface ID en inversant le 2me du 1r octet



Routing


IPv6: Unique Local Unicast Address

8 40 16 64FD Random Value SID Interface ID

Addresses not routable similar to private IPv4 addressesRandom Value globally unique (private topology)

identified prefix for border filteringindépendant from the providersite interconnection without conflict

SID is assigned by locally (local topology)Interface ID


0::/8fe80::/10%iface


Routing


IPv6: Multicast Address

8 4 4 112FF xRTP Scope Groupe ID

Addresses similar to multicast IPv4 addressesR (Transient) 0: well known address / 1: temporary addressP (Prefix) 1: assigned from a network prefixT (Rendez Vous Point) 1: contains the RP addressScope

1 - interface-local2 - link-local4 - admin-local5 - site-local8 - organisation-locale - global



Routing


IPv6: Multicast Address

8 4 4 112FF xRTP Scope Groupe ID

Well-known addresses:

ff02:0:0:0:0:0:0:1 All Nodes Address (link-local scope)ff02:0:0:0:0:0:0:2 All Routers Addressff02:0:0:0:0:0:0:5 OSPFIGPff02:0:0:0:0:0:0:6 OSPFIGP Designated Routersff02:0:0:0:0:0:0:9 RIP Routersff02:0:0:0:0:0:0:fb mDNSv6ff02:0:0:0:0:0:1:2 All-dhcp-agentsff02:0:0:0:0:1:ffxx:xxxx Solicited-Node Addressff05:0:0:0:0:0:1:3 All-dhcp-servers (site-local scope)



Routing








Routing


IPv4: ICMP (Internet Control Message Protocol, RFC 792)

Encapsulated in IP packets (but belonging to layer 3)à testing and diagnosing the network

ICMP Type Code Description0 0 ←↩echo reply3 0 destination network unreachable3 1 destination host unreachable3 2 destination protocol unreachable3 3 destination port unreachable3 6 destination network unknown3 7 destination host unknown4 0 source quench8 0 7→echo request9 0 router advertisement10 0 router discovery11 0 TTL expired11 1 reassembly time exeeded12 0 IP header bad



Routing


ICMP: echo

��

��

ping

ICMP : Echo Request

ICMP : Echo Response

Type Code Checksum Identifier Seq. Num. Data8 (Echo Request) 00 (Echo Response) 01 octet 1 2 2 2 ...

Testing equipment reachabilityused by the ping command:

indicates that the destination is connected and reachable by IPsending several probes allows one to estimate the RTT andloss rate



Routing


ICMP: destination unreachable

��

��IP

TCP UDP

App

Routeur

Host

Host Unreach.

Net Unreach.

Proto. Unreach.

Port Unreach.

CiscoSystems Cisco 7000 SERIES

Type Code Checksum Unused Data3 0 (Net Unreachable) IP Header

1 (Host Unreachable) + 64 bits2 (Protocol Unreachable)3 (Port Unreachable)

1 octet 1 4 2 (IHL * 4) + 8

Message sent when the destination cannot be reachedthe IP header and some transport layer information arereturned

@ source = originator of the ICMP message@ destination = @ source of the packet in question



Routing


ICMP: timeout

��

��

Routeur

TTL Exceeded

Frag. Reass. Time Exceed




Type Code Checksum Unused Data11 0 (Time To Live Exceeded) IP Header

1 (Frag. Reass. Time Exceeded) + 64 bits1 octet 1 4 2 (IHL * 4) + 8

Message sent when the TTL or the reassembly time has expiredthe IP header and some transport layer information is returned

@ source = initiator of the ICMP message@ destination = @ source of the packet in question

used by the traceroute command



Routing


ICMP: other messages

Source Quench (Type 4)indicates congestion at the source

no signal to indicate that congestion has ended

Redirection (Type 5)signals that a better route is available

minimal host configuration

other messages mainly for autoconfiguration



Routing


IGMP

Internet Group Management ProtocolProtocole for multicast group management

IGMPv1 (RFC 1112): 2 messagesmembership query to 224.0.0.1

sent by the router to all multicast hostmembership report to the group

sent after timeoutby les members of the groupe

IGMPv2 (RFC 2236): add 2 messagesmembership query to the groupe

allow verification of remaining membership (after leave)

leave to the groupIGMPv3 (RFC 3376):

optimisation source specific multicast



Routing


ICMPv6

ICMPv6 (RFC 4443) is different from ICMP + IGMP for IPv4protocol number : 58features are extended and better organized:Error occurs during forwarding (value < 128)

1 Destination Unreachable 3 Time Exceeded2 Packet Too Big 4 Parameter Problem

Management applications (value > 128)128 Echo Request 133 Router Solicitation129 Echo Reply 134 Router Advertissement130 Group Membership Query 135 Neighbor Solicitation131 Group Membership Report 136 Neighbor Advertissement132 Group Membership Reduction 137 Redirectnever filter ICMPv6 messages blindly (RFC 4890)mandatory checksum



Routing








Routing


IPv4: RARP (Reverse Address Resol. Protocol, RFC 903)

Inverse of the ARP protocol (broadcast networks)obtaining an @ IP from a @ MAC on startup

diskless hosts (X terminals, printers,. . . )mobile hosts (laptops changing networks. . . )

use of a server (rarpd)relating /etc/ethers and /etc/hosts

packet format identical to ARPtype Ethernet: 0x8035

code 3 for an RARP requestcode 4 for an RARP reply

autoconfiguration example:new host starts an RARP exchangethe host requests the netmask via ICMPthe host requests its startup program from teh RARP servervia tftp



Routing


IPv4: BOOTP (BOOT Protocol, RFC 951 and 1542)

portable protocol, over UDPquery on port 67 (server), reply on port 68 (client)which IP addresses to use when none are known?

broadcast @ IP (255.255.255.255)default @ IP (0.0.0.0)

allows a host to contact a server on another networkvia BOOTP relay agents

many extensions (RFC 1533)netmasklist of routers in the subnetlist of NTP serverslist of DNS name serverslist of print servers (LPD and others)hostname and domainnamedefault TTL. . .



Routing


IPv4: DHCP (Dynamic Host Config. Protocol, RFC 2131)

New protocol replacing, and backward-compatible with, BOOTPdynamic attribution of IP addresses, on limited time leases

leases periodically renewed as necessary

new DHCP options (extend BOOTP):DHCPDISCOVER Cà S find serverDHCPOFFER Sà C offer to client

DHCPREQUEST Cà S confirm offerDHCPACK Sà C acknowledge configurationDHCPNACK Sà C decline configuration

DHCPDECLINE Cà S refuse invalid configurationDHCPRELEASE Cà S release configurationDHCPINFORM Cà S request other than IP @

DHCPFORCERENEW Sà C request reconfiguration



Routing


IPv4: DHCP exchanges

��

��

ClientDHCP

ServeurServeurDHCP 1

DHCP 2

DHCPACK

DHCPDISCOVERDHCPDISCOVER

DHCPOFFER

DHCPRELEASE

DHCPREQUEST

DHCPOFFER



Routing


ND : IPv6 Stateless auto-configuration

IPv6 nodes sharing the same physical medium (link) use NeighborDiscovery (ND) to:

determine link-layer addresses of their neighborsIPv4 : ARP

address auto-configurationlayer 3 parameters: IPv6 address, default route, MTU and HopLimitonly for hostsIPv4 : impossible, mandate a centralized DHCP server

Duplicate Address Detection (DAD)IPv4 : gratuitous ARP

maintain neighbors reachability information (NUD)remarks

mainly uses multicast addressesProtocol packets are transported/encapsulated by/in ICMPv6messages



Routing


DHCPv6: Statefull/less IPv6 auto-configuration

Similar to classical DHCP:link local router may answer to use DHCPv6 server during a RSquery on port 547 (server), reply on port 546 (client)link local source addresse: fe80::

well-known multicast destination address: ff02::1:2 (Alllink local DHCP servers)forwarding to DHCPv6 site servers if needed



Routing


Tunneling

Internet

B

T1>T2 A>B

�� A>B

��

A

A>B

��

T1 T2

encapsulation, rather than translationcross zones governed by different protocols

e.g., connect islands of non-universal protocols (IP multicast,IPv6,. . . ).

flow control between T1 and T2 (IPv4 in IPv4, VPN,. . . )VPN. . .



Routing


VPNs (Virtual Private Networks)

layer 3 VPN: integrates security and automationIPSEC: confidentiality and integrity (RFC 4301 à 4309)AAA (Authentification, Autorisation, Accounting)

other VPN approaches at layer 2 (PPP. . . )

Office 1

Office 3

(a)

Office 2 Office 1

Office 3

(b)

Leased line Firewall Internet

Tunnel

Office 2




Routing


Address filtering

Firewall...

Corporatenetwork

Securityperimeter

InsideLAN

OutsideLAN

Firewall

Packetfilteringrouter

Packetfilteringrouter

Application

gateway

Connectionsto outsidenetworks

Bac

kbon

e



fe80::ff02::1:2


Routing

Basic algorithms and routing hierarchyAn interior gateway protocol: OSPFAn exterior gateway protocol : BGP







Routing


Network layer recap

The network layer conveys packets from source to destinationthrough a series of hops across intermediate nodes

end-to-end conveyancevirtual addressing

local topological knowledgeinformation required in order to direct the PDUs

static: manual configurationdynamic: routing algorithms and protocols

scaling to the size of the networkhierarchical structure (ASes)

internal routing: RIP, EIGRP, OSPF, IS-ISexternal routing: BGP-4



Routing


Routing

AS 2159

AS 11534

AS 286

BGP

OSPF



Routing


Host routing: GNU/Linux

Unix> /sbin/ifconfig eth0eth0 Link encap:Ethernet HWaddr 00:20:ED:87:FD:E6

inet addr:132.227.61.122 Bcast:132.227.61.255 Mask:255.255.255.0UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1RX packets:1115393 errors:0 dropped:0 overruns:0 frame:0TX packets:966470 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:100RX bytes:445681702 (425.0 Mb) TX bytes:370060277 (352.9 Mb)Interrupt:9 Base address:0x6f00

Unix> /sbin/routeKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface132.227.61.0 * 255.255.255.0 U 0 0 0 eth0127.0.0.0 * 255.0.0.0 U 0 0 0 lodefault 132.227.61.200 0.0.0.0 UG 0 0 0 eth0



Routing


Host routing: MS Windows

C:\Program Files\Support Tools>ipconfigEthernet carte Connexion au réseau local :

Suffixe DNS spéc. à la connexion. :Adresse IP. . . . . . . . . . . . : 132.227.61.136Masque de sous-réseau . . . . . . : 255.255.255.0Passerelle par défaut . . . . . . : 132.227.61.200

C:\Program Files\Support Tools>route print===========================================================================Liste d’Interfaces0x1 ........................... MS TCP Loopback interface0x1000003 ...00 03 47 7c b9 d5 ...... Intel(R) PRO Adapter===========================================================================Itinéraires actifs :

Destination réseau Masque réseau Adr. passerelle Adr. interface Métr.0.0.0.0 0.0.0.0 132.227.61.200 132.227.61.136 1

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1132.227.61.0 255.255.255.0 132.227.61.136 132.227.61.136 1

132.227.61.136 255.255.255.255 127.0.0.1 127.0.0.1 1132.227.61.255 255.255.255.255 132.227.61.136 132.227.61.136 1

224.0.0.0 224.0.0.0 132.227.61.136 132.227.61.136 1255.255.255.255 255.255.255.255 132.227.61.136 132.227.61.136 1

Passerelle par défaut : 132.227.61.200===========================================================================



Routing


Router

��

��

��

��

��

��

��

��

��

��

��

��

Out

port

In

portRouting

Switching

matrix

Routing and forwardinginterfaces (physical terminations, encapsulation...)queuesforwarding system (shared memory, bus, or crossbar)routing system

table, routing algorithms and protocols



Routing


Types of routing

��

��

Workgroup SwitchCatalyst

��

��

CiscoSystemsCisco 7000 SERIES

CiscoSystems Cisco 7000SERIES

CiscoSystems

��

��

Router configurationstaticdynamic (in particular, when there are redundant links)

routing protocols and algorithmscomputers: Unix programs routed, gated, GNU Zebra,Quagga...dedicated hardware: Cisco, Juniper, Alcatel, HP, Huawei...



Routing








Routing


Routing algorithms

Single criterion optimizationshortest path

distance vectorlink state

routing policypath vector

multicast routingshortest pathlowest cost (Steiner trees)centered trees

see the ROUT course for more details



Routing


Distance vector routing

Simple algorithm based on:information exchanged between adjancent routers (directconnection)

distance vector ( 6= routing table)neighbor-to-neighbor propagation of reachability information

... but limited to small networksused in sites with just a few routers, to avoid manualconfigurationproblem with second-hand information



Routing


Distance vector routing basics

A BC

D

E

Initially, routers only know their own links. They broadcast their“distance vectors” (routing tables without interface information) totheir neighbors.à Distributed Bellman-Ford (or Ford-Fulkerson 1962) algorithmUpon receiving a vector, the router updates its routing table:

add new entries, noting the arrival interfaceupdate the costs of entries

if a shorter path is proposedif a longer path is proposed on the interface already selected

à successive exchanges should lead to convergence



Routing


Example of a table constructed from distance vectors

(a)

A B C D

E

I J K L

F GH

Router

012254014231817219

2429

243618277

2031200

112233

2031198

301960

147

229

2128362422403119221009

8202820173018121006

15

AAIHIIHHI−

KK

To A I H K Line

New estimated delay from J

ABCDEFGHIJKL

JA JI JH JKdelay delaydelaydelay

is is is is8 10 12 6

Newroutingtable for J

Vectors received fromJ's four neighbors

(b)

pictures from Tanenbaum A. S. Computer Networks 3rd editionO. Fourmaux - T. Friedman Computer Networks (ComNet) 4/5 : Network


Routing


Limits of distance vector routing

These algorithms suffer from many problems:slow convergencerisks of routing loops

“split horizon”

CE

A BD

A=infinite

A=4 from E

vectors sent for the routing table’s entire networklimited network size



Routing


Link state routing

How to scale to large networks while avoiding neighbor-to-neighborinformation propagation?

know your neighborssummarize your local informationbroadcast the local information to all routerscreate a graph representing the networkcalculate the shortest path towards all routers



Routing


Link state: learning one’s neighbors

Goal: create an equivalent graphsend detection packets on each linkmulti-access media (LANs) replaced by a single virtual node

A C

G

H

B

E

F

D

CiscoSystems Cisco 7000SERIES CiscoSystems Cisco 7000SERIES CiscoSystems Cisco 7000SERIES



CiscoSystems Cisco 7000SERIES CiscoSystems Cisco 7000SERIES

Measurements can be used to weight the links



Routing


Link state: building control packets

B C

E F

A D61

2

8

5 7

4 3

(a)

A

Seq.

Age

B C D E F

B 4

E 5

Seq.

Age

A 4

C 2

Seq.

Age

B 2

D 3

Seq.

Age

C 3

F 7

Seq.

Age

A 5

C 1

Seq.

Age

B 6

D 7

F 6 E 1 F 8 E 8

Link State Packets

(b)




Routing


Link state: broadcasting control packets

Each router must receive messages from all other routers:reliable distribution is necessary

sequence numbersage of the connection

information conveyed from router to router without changingmessage content

Problem of consistancy while a change is being broadcastà Hierarchical system for large networks



Routing


Link state: route computation

Dijkstra’s shortest path algorithm:

A D1

2

6

G

4

(a)

F (∞, −) D (∞,−)

A

B 7 C

2

H

33

2

2 FE

1

22

6

G

4

A

(c)

A

B (2, A) C (9, B)

H (∞, −)

E (4, B)

G (6, A)

F (6, E) D (∞,−)A

(e)

A

B (2, A) C (9, B)

H (9, G)

E (4, B)

G (5, E)

F (6,E) D (∞,−)A

(f)

A

B (2, A) C (9, B)

H (8, F)

E (4, B)

G (5, E)

F (6, E) D (∞,1)A

(d)

A

B (2, A) C (9, B)

H (∞, −)

E (4, B)

G (5, E)

F (∞, −) D (∞, −)A

H

E

G(b)

B (2, A) C (∞, −)

H (∞, −)

E (∞, −)

G (6, A)




Routing


Wide area network organization: the Internet

"A"

"C"

"D"

"E""F"

"B"



Routing


ASes (Autonomous Systems, RFC 1930)

AS "A"

AS "F"

AS "D"

AS "E"

AS "C"

AS "B"

RIP 2

OSPF

OSPF

RIP 2

IS−IS

EIGRP

An AS consists of one or more IP address prefixes that areinterconnected and managed by one or more network operators andthat deploy a single and clearly defined routing policy.



Routing


ASes: external organization (1)

Inter-AS relationships are based on the notions of client andprovider

ISP "2"

Enterprise

Telecom

Client CNRS

Renater

operator "X"

Telecomoperator "Y"

Institution

Provider

ISP "1"

University



Routing


ASes: external organization (2)

Economic relationships:

Peer

Provider

Peer

Client

$$$

providers charge their clientspeers exchange traffic without charge

the contracts are secret!Tier-1 providers are not anyone’s clients

2014 tier-1s: Cogent (ex-PSINet), L3 Comm. (ex-Level 3 &Global Crossing), AT&T (ex-Worldnet), Verizon (ex-UUnet),CenturyLink (ex-Qwest & Savvis (ex-MCI)), XO Comm.,NTT (ex-Verio), GTT (ex-Tinet (ex-Tiscali)). TeliaSonera,Sprint, Tata (ex-Teleglobe), Deutche Telekom, Seabone(Telecom Italia)

a network that can reach every other network on the Internetwithout purchasing IP transit or paying settlementslarge providers, who own their own physical global-scaleinfrastructureO. Fourmaux - T. Friedman Computer Networks (ComNet) 4/5 : Network


Routing


ASes: simple routing

For a stub network (on the edge of the Internet):

Stub network

ISP "1"

Telecomoperator "X"

Institution

à Direct announcements:its prefixes are announced so that it can receive arriving trafficthe stub network sends all of its departing traffic to the rest ofthe Internet



Routing


ASes: routing across multiple ASes

For transit networks:

ISP "1" ISP "2"

UniversityInstitution

Renater

Telecom Telecom

operator "X"

Enterprise

operator "Y"

CNRS

à How to decide on one among many possible routes?



Routing


ASes: routing criteria

Policy-based routing (commercial criteria):

AS A

AS B New York

Baltimore

San Francisco

AS X

AS YLondre

Paris

Bruxelle

AmsterdamLondre

Paris

à Not necessarily the shortest path!



Routing


ASes: routing policies

Taking policy constraints into account:new rules:

an AS accepts traffic from or to its clientsan AS refuses transit traffic between two of its competitors’clients

need for a new type of routing!

simple goal:an ISP routes traffic coming from one of its clientsthe traffic is routed to a peer ISP or a provider ASthe ISP of the receiver routes the traffic to its client (thereceiver)

but there are complexities:one client can be attached to several ISPs (multihoming)often, there are many possible paths



Routing


ASes: hierarchical routing

AS "A"

AS "F"

AS "D"

AS "E"

AS "C"

AS "B"

RIP 2

OSPF

OSPF

RIP 2

IS−IS

EIGRPBGPBGP

BGP

BGP

BGP

BGP

BGP

Two types of protocol:IGPs (Interior Gateway Protocols)

Routing within an AS (based on shortest paths)RIP-2, EIGRP, IS-IS, OSPF

EGPs (Exterior Gateway Protocols)Routing between ASes (based on policy considerations)

there is only one: BGP-4



Routing








Routing


OSPF: Open Shortest Path First

created in 1988 by the IETF so as to:go beyond the approach taken by RIP

rapid convergencescale to large networks

take into account the most general caseLANs (broadcast)NBMAspoint-to-point networks

obtain the network topologycalculate the shortest paths on the network graphbe non-proprietary



Routing


OSPF: areas (1)

A

B D E

CF

GH

AS XAS Y

OSPF

To limit the impact of changes (messages, recalculation. . . )areas: OSPF sub-zones of an AS

32 bit identifierattached to a backbone (Zone 0)



Routing


OSPF: areas (2)

��

��

��

��

��

��

Area 0

Area 1 Area 3

H

AS YA

B D E

CF

G

AS X

3 types de area:stub area: without transit traffic (Area 1)NSSA: Not So Stubby Areatransit area: (Areas 0 and 3)



Routing


OSPF: areas (3)

��

��

��

��

��

��

Area 3Area 1

Area 0 A

CF

GH

AS XAS Y

DB E

3 types of router:AS border: talks to the outside (A and H)area border: belonging to two areas (B, D, and E)internal: belonging to one area (C, F, and G)



Routing


OSPF: intra-area routing

Area 3

Area 0

Area 1

A

B D E

CF

AS X

GH

AS Y

Broadcasting information within an areaLAN (broadcast): designated routerflooding (without retransmitting information already received)

G’s announcements to D and F are redundant



Routing

Basic algorithms and routing hierarchyAn interior gateway protocol: OSPFAn

Computer Networks (ComNet) 4/5 : Networkfourmaux/ARes/ARes_C4_en_4.pdf · 2020. 9. 27. · The...

Documents

Transcript of Computer Networks (ComNet) 4/5 : Networkfourmaux/ARes/ARes_C4_en_4.pdf · 2020. 9. 27. · The...