The Network Layer 14 740 Fundamentals of Computer
- Slides: 49
The Network Layer 14 -740: Fundamentals of Computer Networks Credit: Bill Nace Material from Computer Networking: A Top Down Approach, 6 th edition. J. F. Kurose and K. W. Ross
traceroute • Network Layer • IP: Internet Protocol • IP Addressing • ICMP 14 -740: Spring 2018 2
Network Layer • Mission: Provide logical connection between hosts for use in transport layer • Requires data-link layer to connect adjacent hosts • Architecturally: Connects variety of transport protocols (UDP, TCP, . . . ) to a variety of data-link protocols • Remember the hourglass? 14 -740: Spring 2018 3
Network Layer • Move a packet from sending host to receiving host • On sending side, encapsulate segment into packets • Transmit the packet through the network • Network layer protocols exist on all routers (and hosts) for this purpose • On receiving side, deliver packets to transport layer
Key Functions • Routing (Control Plane) • Determine end-to-end paths taken by packets • Creates a forwarding table • Involves all routers in a network • Uses routing algorithms • Forwarding (Data Plane) • Move packets from router’s incoming interface to appropriate outgoing interface • An action in a single router • Uses a forwarding table • Connection Setup • Some networks (not IP) need state initialization at routers 14 -740: Spring 2018 5
• Routing is the process of creating and maintaining forwarding tables • Forwarding uses the table to determine the output link for each packet
Network Connections? • Network Layer can be: • Connectionless (Datagram, Packet Switched) • Connection-oriented (Circuit Switched) • Fundamentally different from Transport-layer • which was app-to-app, not host-to-host • which was implemented in the end hosts • not in the routers • One or the other -- not a service choice 14 -740: Spring 2018 7
Datagram Networks • Commonly called “Packet-switched” • No call setup at network layer • routers hold no state about connections • no network-level concept of “connection” 14 -740: Spring 2018 8
• Packets are forwarded using address of the destination host • Packets are forwarded independently • Packets between same source-dest pair may take different paths
Datagram Addressing • Each end-host has unique address • Forwarding table maps addresses to outgoing link • As address range is generally huge, rows of the table list ranges, not individual hosts Destination Address Outgoin g Link 11001000 00010111 00010000 through 11001000 00010111 1111 0 11001000 00010111 00011000 0000 through 11001000 00010111 00011000 1111 1 11001000 00010111 00011001 0000 through 11001000 00010111 00011111 2 otherwise 3 Datagram Forwarding Table
Circuit Switched Network • Requires connection setup • Defines / reserves a network path • Places state in all routers in the path • Teardown phase returns state resources
VC Addressing • At call-setup time, each link of a path is given a VC# (address) • Router looks up incoming VC# to determine outgoing link • Router changes VC# in packet to outgoing VC# before sending the packet • Why have different VC#s? Why not have each path use the same VC# throughout? • Global coordination tough and expensive Incoming Outgoing Link VC# Link 1 19 87 2 2 128 17 3 2 42 6 1 3 19 99 1 . . . VC Forwarding Table
traceroute • Network Layer • IP: Internet Protocol • IP Addressing • ICMP 14 -740: Spring 2018 14
IP Components • IP Protocol • Datagram format • Packet handling conventions • Addressing conventions • Routing Protocols • to fill Forwarding table • ICMP Protocol • Error reporting, router signaling 14 -740: Spring 2018 15
IP Standard • IPv 4 first (and only) widely deployed • Defined in RFC 791 (1981) • IPv 6 replacement • RFC 2460 (1998) • Proposed replacement • Questionable adoption rate • IPv 9: See RFC 1606 14 -740: Spring 2018 17
14 -740: Spring 2018
Datagram Format • Version specifies IPv 4 • Header length (in 32 -bit words) • 5 + options length • Type of Service • Vision: Provide differentiated service levels • Datagram length (Header + data) • Theoretical max of 65535 • Generally 1500 or less
Datagram Format (2) • ID, Flags, Offset: Used for fragmentation at router • Hmm. . . not allowed in IPv 6 • Time-to-Live • Decremented at each router • Datagram dropped if zero • Protocol • Used by receiver to determine which transport protocol should get packet
Datagram Format (3) • Header checksum • Calculated same as UDP • Calculated only on header • Must be recomputed at each router. Why? Time-to-live changes • • Why do both UDP/TCP and IP need to do checksum calculations? Other protocols may be involved ( UDP over IPX ) •
Datagram Format (4) • Options • Not often used • Problematic for router • Don’t a priori know data offset • Variable processing time from packet to packet • Data • Encapsulated TCP/UDP segment • ICMP data
IP Fragmentation • Datagram may be too big for link-layer • Remember MTU? Max Transmission Unit • Each link along the path may have different MTU • What does a router do if outbound MTU is too small for a datagram? 14 -740: Spring 2018 25
Fragmentation Fields • Identifier: Unique value, same for all fragments, generated by fragmenting router • Flags • DF: Don’t Fragment (drop datagram) • MF: More Fragments (1 in all except last fragment) • Evil Bit: See RFC 3514 • Offset of the fragment from beginning of the original unfragmented datagram (13 bits) • Measured in 8 -byte units 14 -740: Spring 2018 26
Example Original payload data broken in multiples of 8 Fragment Size 1 512 + 20 2 512 + 20 3 456 + 20 20 byte IP header Incoming 1500 byte packet, outbound MTU = 536 ID 1987 MF 1 1 0 ID is same for all fragments Offset 0 64 128 Offset is measured in 8 byte multiples
Fragmentation Issues • Reassembly done at end-host • Want to offload as much as possible from routers • If a fragment is lost, all fragments of that datagram are discarded • Fragmentation facility complicates design of routers and end-hosts • Not included in IPv 6 14 -740: Spring 2018 28
Security Issues • Fragmentation can be used to DOS • Jolt 2 Attack: send many small fragments, but no offset=0 • . . . or trigger OS crash • Send overlapping / unaligned fragments • Many OSes are vulnerable 14 -740: Spring 2018 29
traceroute • Network Layer • IP: Internet Protocol • IP Addressing • ICMP 14 -740: Spring 2018 30
Address Properties • Global uniqueness to identify hosts • Ethernet addresses are globally unique, why not use it in the Internet? • They are flat, no structure to aid routing • First 24 bits identify the manufacturer, but do not relate with network topology • Hierarchical Addresses • Network / Subnet part, Host part • Necessary for Internet to scale to large number of hosts 14 -740: Spring 2018 31
IP Addresses • Very familiar 32 -bit numbers • Written as 4 decimal numbers (8 bits each) separated by a period • “dotted decimal” notation • Ranges set aside for: • VPNs (10. x. x. x) • Non-routable (192. 168. x. x) • Multi-cast (224. x. x. x - 239. x. x. x) • Broadcast (255. 255) 14 -740: Spring 2018 32
Map of IP Addresses xkcd. com/195
Prefix notation • Some # bits of IP address are significant • Example: specifying ranges • List IP address with /## specifying number of bits which matter • What is range of subnet 128. 2. 101. 64/26? • 32 -26 bits is 6 free bits or 64 addresses • Last octet is 01 XX XXXX • 128. 2. 101. 64 - 128. 2. 101. 127 14 -740: Spring 2018 34
Example 2 • A router connects 3 subnets • Each subnet must have prefix 223. 1. 17. 0/24 • Subnet 1 supports up to 125 interfaces • Subnet 2 and 3 up to 60 interfaces • What should the 3 network addresses be? • 1 gets 223. 1. 17. 0/25 (last octet 0 XXX XXXX) • 2 gets 223. 1. 17. 128/26 (last octet 10 XX XXXX) • 3 gets 223. 1. 17. 192/26 (last octet 11 XX XXXX) 14 -740: Spring 2018 36
Forwarding Table • Recall: • Forwarding table maps addresses to outgoing link • As address range is generally huge, rows of the table list ranges, not individual hosts Destination Address Outgoin g Link 11001000 00010111 00010000 through 11001000 00010111 1111 0 11001000 00010111 00011000 0000 through 11001000 00010111 00011000 1111 1 11001000 00010111 00011001 0000 through 11001000 00010111 00011111 2 otherwise 3 Datagram Forwarding Table
Prefix Matching • No need to enumerate all possibilities or to do range matching in Forwarding Table • List a variable length prefix for each range • Match the leading bits of destination address to the longest listed prefix Destination Prefix Outgoin g Link 11001000 00010111 00010 / 21 0 11001000 00010111 00011000 / 24 1 11001000 00010111 00011 / 21 2 otherwise 3 • Longest matching prefix rule Datagram Forwarding Table • Ex: • Send on link 1 (also matches link 2) 11001000 00010111 00011000 1010
Classless Interdomain Routing • Subnet portion of address can be of arbitrary length • Address format a. b. c. d/x, where x is any value 0 -32 • Reaction to Classful addressing from the “early days” • Subnets could only have x=8, 16, 24 14 -740: Spring 2018 40
Route Aggregation • Route Aggregation: CIDR allows for more flexible collections of subnet addresses • Can use a single prefix to mean many subnets • Example: ISPs get big block, allocate to customer organizations ISP’s block 200. 23. 16. 0/20 11001000 00010111 00010000 Org #0 200. 23. 16. 0/23 11001000 00010111 00010000 Org #1 200. 23. 18. 0/23 11001000 00010111 00010010 0000 Org #2 200. 23. 20. 0/23 11001000 00010111 00010100 0000 . . . Org #7 200. 23. 30. 0/23 11001000 00010111 00011110 0000 14 -740: Spring 2018 41
CIDR Routing Benefits Very efficient route advertisement
CIDR Routing Benefits Flexibly handles organizational changes
IPv 4 Routing Table Size Graph from Geoff Houston’s presentation to RIR http: //www. ripe. net/ripe/meetings/ripe-49/presentations/ripe 49 -plenary-bgp. pdf
Up-to-date Data • Available at bgp. potaroo. net
traceroute • Network Layer • IP: Internet Protocol • IP Addressing • ICMP 14 -740: Spring 2018 46
ICMP • Internet Control Message Protocol • RFC 792 (1981) • Used for error messages and some routing information • Basis of ping and traceroute 14 -740: Spring 2018 47
ICMP Mechanics • Single IP packet • No reliability (like UDP) • 5 simple fields (plus padding) • Encapsulated in IP data field • Type / Code fields specify message meaning 32 bits IP Header Type Code Checksum ID Sequence Padding • 8, 0 is ECHO REQUEST • 0, 0 is ECHO REPLY • ID / Sequence fields used in ECHO REPLY 14 -740: Spring 2018 48
Error Messages • Type 3 is Destination Unreachable • Further codes for • Network unreachable • Host unreachable • Fragmentation required, but can’t • + 13 others • Type 4 is Source Quench • Designed for Congestion Control messages from network to host ➙ rarely used today 14 -740: Spring 2018 49
Sample ICMP Type/Codes Type Code 0 0 3 Description Echo reply Destination unreachable 0 network unreachable 1 host unreachable 2 protocol unreachable 3 port unreachable 4 fragmentation needed, but DF set 6 destination host unknown 13 administratively prohibited by filtering others (16 total destination unreachable errors) 14 -740: Spring 2018 4 0 5 0 -3 8 0 Source quench (deprecated) Redirect Echo request 50
traceroute use of ICMP • traceroute sends UDP segments (in sets of 3) • nth segment has TTL of n • destination port is “unlikely” to be in use • When router discards any packet because TTL is zero • replies with ICMP TIME EXCEEDED • Type 11, Code 0 • When request reaches host, reply is a ICMP PORT UNREACHABLE packet (Type 3, Code 3) 14 -740: Spring 2018 51
What Layer? Is ICMP a Network-layer Protocol? • Messages used for communication between routers and end-hosts • Messages sent in an IP packet • Just like a UDP segment • Messages require special processing by the IP layer software on each router 14 -740: Spring 2018 52
Ping DUP? • Based on what you know of ICMP, how can a duplicate occur? 14 -740: Spring 2018 53
Lesson Objectives • Now, you should be able to: • describe the mission, scope, addressing mechanism, data types and responsibilities of the Network Layer • describe the differences that would result from a connectionless or connection-oriented network • explain IPv 4, including advantages/disadvantages, datagram format, and packet-handling operations at each router 14 -740: Spring 2018 55
• You should be able to: • calculate the packets that result from an IPv 4 fragmentation scenario, including size, id, flags and offset fields • calculate IPv 4 address ranges from prefix notation and be able to apply the longest matching prefix rule to forwarding decisions • apply route aggregation to prefix scenarios • describe ICMP, including packet format, use of type/code fields for ping, traceroute, and error situations
- The network layer concerns with
- Network layer design issues
- Asc 740
- Fas 109 and fin 48
- Deloitte asc 740 guide
- 740
- Gabriel deloitte
- 740
- Who wrote the ffa creed? when was it adopted?
- 14-740
- F 740
- R 740
- Cs 740
- What is topology in computer
- Pigmented layer and neural layer
- Chemical digestion
- Secure socket layer and transport layer security
- Presentation layer functions
- Secure socket layer and transport layer security
- Secure socket layer and transport layer security
- Secure socket layer and transport layer security
- Layer 2 e layer 3
- Layer-by-layer assembly
- Layer 2 vs layer 3 bitstream
- Security guide to network security fundamentals
- Ccna exploration network fundamentals
- Campus network design fundamentals
- Security guide to network security fundamentals
- Security guide to network security fundamentals
- Jk flip flop
- Logic and computer design fundamentals
- 010000112
- Logic and computer design fundamentals
- Fundamentals of computer graphics
- Sierpinski gasket in computer graphics
- Computer fundamentals chapter 1
- Fundamentals of computer design
- Computer fundamentals anita goel
- Fundamentals of computer design
- Computer security fundamentals 4th edition
- Fundamentals of computer programming syllabus
- Logic & computer design fundamentals
- Ec 6009
- Chapter 23 computer system fundamentals
- Network layer design
- Fungsi network
- Network layer design issues
- Introduction to network layer
- 5 layer network model
- Two layer network