Professional Documents
Culture Documents
1.1
Page 1.1
Page 1.2
Objective: analyse IP messages coming from different applications and locate these messages within a procedure . program: 1 Introduction
2 Physical and link layers 3 ARP protocol 5 IP protocol 4 Repeaters, Bridges and Switches 6 ICMP protocol 8 UDP protocol 9 TCP protocol
7 Client-Server model
3
Page 1.3
TCP/IP protocols Objectives By the end of this course, the participant will be able to : - Describe the Ethernet frame format - Describe the ARP protocol, analyse an ARP trace - Describe the operation of repeaters, bridges and switches - Describe IP addressing modes, handle the subnet masks - Describe the role of the various IP header fields - Analyze an ICMP message and explain the operation of the Ping and Trace_route programs - Describe the operation of the client/server model at the transport layer
List the characteristics of UDP transport layers protocol List the characteristics of TCP transport layer protocol
Page 1.4
1 2 3 4 5 6 7 8 9
Introduction Physical and link layers ARP protocol Repeaters, Bridges and Switches IP protocol ICMP protocol Client-Server model UDP protocol TCP protocol
1.5
Page 1.5
LAN WAN
6
The main design goal of TCP/IP was to build an interconnection of networks, referred to as an inter-network, or internet, that provided universal communication services over heterogeneous physical networks. The Internet consists of the following groups of networks: Backbones: Large networks that exist primarily to interconnect other networks. Currently the backbones are NSFNET in the US, EBONE in Europe, and large commercial backbones. Regional networks connecting, for example, universities and colleges.
Page 1.6
- Point-to-multipoint (Local Area Networks), Various Operating Systems DOS, UNIX, LINUX, . mail exchanges , surf on the Net , . - Virtual connections (Wide Area Networks),
Some rules are essential for communications The protocols Some additional softwares are offered The services
7
TCP/IP has been popular with developers and users alike because of its inherent openness and perpetual renewal.
Page 1.7
TFTP UDP
SNMP
ICMP ARP
IEEE 802.5 Token Ring
100Mb/s
4Mb/s 16 Mb/s
8
Like most networking software, TCP/IP is modelled in layers. OSI: In contrast to TCP/IP, the OSI approach started from a clean slate and defined standards, using a formal committee process without requiring implementations. The OSI protocols developed slowly, and because running the full protocol stack is resource intensive, they have not been widely deployed. The seven OSI layers are:
Application Network applications such as terminal emulation and file transfer Presentation Formatting of data and encryption Session Establishment and maintenance of sessions Transport Provision of reliable and unreliable end-to-end delivery Network Packet delivery, including routing Data Link Framing of units of information and error checking Physical Transmission of bits on the physical hardware
TCP/IP: Internet protocols use a less formal engineering approach, where anybody can propose and implementations are required to verify feasibility. TCP/IP and the Internet were developing rapidly, with deployment occurring at a very high rate. The TCP/IP protocol suite has become the de facto standard for computer communications in todays networked world. The mains services offered by TCP/IP are :
TELNET for interactive terminal access to remote internet hosts. FTP (file transfer protocol) for high-speed disk-to-disk file transfers. SMTP (simple mail transfer protocol) as an internet mailing system. TFTP is an extremely simple protocol to transfer files. SNMP: allows the management of IP units (bridges, routers) DNS: electronic directory book NFS: offers a direct access to remote file system HTTP: The hypertext transfer protocol is a protocol designed to allow the transfer of Hypertext Markup Language (HTML) documents.
Page 1.8
Connection to Europe ARPANET:First TCP implementation TELENET: New commercial packet network using X25
ARPANET (600 nodes) splited into ARPANET and MILNET TCP/IP inclusion in UNIX BSD kernel NSFNET
IPv6
Page 1.9
10
The ARPANET started with four nodes in 1969 and grew to just under 600 nodes before it was split in 1983. The NSFNET also started with a modest number of sites in 1986. After that, the network has experienced literally exponential growth. Internet growth between 1981 and 1991 is documented in "Internet Growth (1981-1991)" (RFC 1296). Network Wizard's distributes a semi-annual Internet Domain Survey. According to them, the Internet had nearly 30 million reachable hosts by January 1998 and over 50 million by January 1999. Other sources estimate that the actual number is much higher (I have heard estimates as high as 200 million!) and dedicated residential access methods, such as cable modem and asymmetrical digital subscriber line (ADSL) technologies, will make the numbers grow even more. The Internet is growing at a rate of about a new network attachment every half-hour, interconnecting hundreds of thousands of networks. It is estimated that the Internet is doubling in size every ten to twelve months, and has been for the last several years; traffic is doubling every 100 days (for 1000% annual growth).
Page 1.10
1 Introduction Standardisation
ISOC
Internet Architecture Board
Internet Corporation for Assigned Names and Numbers
IAB
www.icann.org
Area 7
WG Working Group WG Working Group
RFC editor
The Internet Society (ISOC) is a non-profit, non-governmental, international, professional membership organization. Its more than 150 organizations and 11,000 individual members in over 180 nations world wide represent a veritable who's who of the Internet community. You should be a member, too. ISOC serves as the standardizing body for the Internet community. It is organized and managed by the Internet Architecture Board (IAB). The IAB itself relies on the Internet Engineering Task Force (IETF) for issuing new standards, and on the Internet Assigned Numbers Authority (IANA) for co-ordinating values shared among multiple protocols. 13 members for a 2 year term. The IETF itself is governed by the Internet Engineering Steering Group (IESG) and is further organised in the form of Areas and Working Groups (http://www.ietf.org/) - Applications: (FTP extensions, HTTP, Fax over Internet) - Internet: (encapsulations over physical medium, IPv6, L2TP extensions , PPP extensions, ...) - Operation and management (SNMP evolution, aaa) - Routing (rip, ospf, ) - Security (ciphering,, IPsec ) - Transport (voice over IP, performances, ) - Sub-IP (performances measurements, mpls, ) ICANN The Internet Corporation for Assigned Names and Numbers was formed to assume responsibility for the IP address space allocation, protocol parameter assignment, domain name system management, and root server system management functions previously performed under U.S. Government contract by IANA and other entities. IETF web site : http://www.ietf.org/ ETF RFC Editor web site : http://www.rfc-editor.org/overview.html IAB web site : http://www.iab.org
Page 1.11
IETF
12
In order to have a new specification approved as a standard, applicants have to submit that specification to the IESG where it will be discussed and reviewed for technical merit and feasibility and also published Internet draft document. (The largest source of IDs is the IETF) An Internet draft is recommended to the Internet Engineering Taskforce (IETF) for inclusion into the standards track and for publication as a Request for Comment. Internet-Drafts are draft documents valid for a maximum of six months. Once published as an RFC, a contribution may advance in status : Proposed standard These are protocol proposals that may be considered by the IAB for standardisation in the future. Implementations and testing by several groups are desirable. Revision of the protocol is likely. Draft standard A specification from which at least two independent and interoperable implementations from different code bases have been developed, and for which sufficient successful operational experience has been obtained. The IAB is actively considering this protocol as a possible standard protocol. Substantial and widespread testing and comments are desired. Standard is characterized by a high degree of technical maturity and by a generally held belief that the specified protocol or service provides significant benefit to the Internet community.When a specification has been adopted as an Internet Standard, it is given the additional label "STDxxx", but it keeps its RFC number and its place in the RFC series. Other particular statuses of a RFC: Experimental A system should not implement an experimental protocol unless it is participating in the experiment and has co-ordinated its use of the protocol with the developer of the protocol. Informational Protocols developed by other standard organizations, Historic A specification that has been superseded by a more recent specification
Page 1.12
BOOTSTRAP PROTOCOL (BOOTP) Network Working Group Request for Comments: 1532 Updates: 951 Category: Standards Track W. Wimer Carnegie Mellon University October 1993
Network Working Group Request for Comments: 1542 Updates: 951 Obsoletes: 1532 Category: Standards Track
To get : RFC :
RFC index :
http://www.rfc-editor.org/rfcsearch.html http://www.ietf.org/iesg/1rfc_index.txt
Page 1.13
Bus
Star
Ring
Central
14
Topologies Bus Ring Star Tree main access methods : : Carrier Sense: example, CSMA/CD (listening the media, collision detection) Polling : A master host gives the right to speak. Example: SNA IBM. Token : a token travel the LAN given the authorisation to take the control of the LAN Examples: Token Ring, FDDI
Page 1.14
Host client
data Transport Port sd data IP@ sadb
IP Network
IP@ sadb Phys@ s4d15 Phys@ 7
Appli
Host server
Appli Appli
Phys@ 18
Host
Phys @ 9
Phys @ 12
Host
15
Application layer The application layer is provided by the program that uses TCP/IP for communication. An application is a user process cooperating with another process usually on a different host Transport layer The transport layer provides the end-to-end data transfer by delivering data from an application to its remote peer. Multiple applications can be supported simultaneously. Internetwork layer Internet Protocol (IP) is the most important protocol in this layer. It is a connectionless protocol that doesn't assume reliability from lower layers. IP does not provide reliability, flow control, or error recovery. These functions must be provided at a higher level. Network interface layer The network interface layer, also called the link layer or the data-link layer, is the interface to the actual network hardware. Router Interconnects networks at the internetwork layer level and routes packets between them.
Page 1.15
1 Introduction Exercise
TELNET TCP
IETF
4- Given these RFC header, which RFC have to be taken in account for a new DNS implementation ?
Network Working Group P. Mockapetris Request for Comments: 1034 ISI Obsoletes: RFCs 882, 883, 973 November 1987 DOMAIN NAMES - CONCEPTS AND FACILITIES
Proposed standard
Draft standard
Network Working Group P. Mockapetris Request for Comments: 1035 ISI Obsoletes: RFCs 882, 883, 973 November 1987 DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION
Network Working Group P. Mockapetris Request for Comments: 1101 ISI Updates: RFCs 1034, 1035 April 1989 DNS Encoding of Network Names and Other Types
882
883
973
1034
1035
1101
16
Page 1.16
1 2 3 4 5 6 7 8 9
Introduction Physical and link layers ARP protocol Repeaters, Bridges and Switches IP protocol ICMP protocol Client-Server model UDP protocol TCP protocol
1.17
Page 1.17
1.18
Page 1.18
Yes
transmission
Yes Monitoring = transmission ? No
Transmission OK
delay (Backoff)
Failure
> maxi
Nb of retries
< maxi
19
CSMA/CD: Carrier Sense Multiple Access / Collision Detection The waiting delay is exponential Binary Exponential Backoff : Selection of a number among 2, then 4, then 8, .. Up to 216 Time between frame > 9.6us
Page 1.19
no collision detection!!
Collision detection!!
20
Note : propagation speed over cable 2/3 light speed A host wishes to send a message on the cable has to listen to if there is any traffic. The media being free, it can start the transmission. A second host located far from the first one could proceeds the same procedure, few microseconds later because the message of the first host has not yet reached the second host. As a consequence, there will be a collision. This collision will be detected by the second host because it is listening its transmitted message but not by the first one if its message was short.?
Page 1.20
Propagation time
Collision domain
Mini transmission time of the frame = 2 x propagation time minimum frame size = mini transmission time x 10Mbps
21
The solution is to impose a minimum time of transmission for any host. So, a minimum frame length is mandatory.
Page 1.21
2 Physical and link layers 2.1 CSMA/CD Minimum size of the frame 2.5km 10 Mb/s
minimum frame size
25.6s
Collision
25.6s
mini transmission time of the frame = 51,2 s minimum frame size = (51.2s x 10-6) x (10 x 106) = 512bits = 64 bytes
22
If the network length is long => the minimum size of the frame should be long. This involves the transmitter to make padding if its message is short. On Ethernet, the maximum distance between 2 hosts is 2.5 km. Therefore, the minimum length frame should be 64 bytes. On Ethernet 10Mb/s : Time to transmit 1 bit : 0.1us 1 bit occupies 23 meters A short frame occupies 13.3km long
Page 1.22
1.23
Page 1.23
10 base 5
10 Mb/s
Segment 500m Maxi size size of segment : 500m Segment 500m repeater
2.5km
Base band
2.5m
Segment 500m
repeater
Segment 500m
maximum distance between 2 hosts : 2.5km. Maximum size of a segment : 500m (maximum distance without repeater) No more than 4 repeaters (Round trip time = 49us. If 5 repeaters then 59.2us) 100 hosts per segment minimum 2.5m between 2 hosts
Page 1.24
15 pins
Length 50m
2.5m
Coaxial 50
Manchester code
1 0 1 1 0 1 0 0 1
25
11 2-9:
1: 6
13 14
Control In Idle: (Available) available Transceiver, CS0: (Signal Quality Error) error detection: collision, ... CS1: unavailable transceiver
Page 1.25
10 base 2
10 Mb/s
Segment 185m Maxi size size of segment : 200m Segment 185m repeater
925m
Base band
0.5m
Segment 185m
repeater
Segment 185m
maximum distance between 2 hosts : 925m. Maximum size of a segment : 185m (maximum length without repeaters) 30 hosts per segment minimum 0.5m between 2 hosts
Page 1.26
Page 1.27
2 Physical and link layers 2.2 Cabling 10/100 base T : HUB purpose (1) hub R 1 T 2 HUB 4 ports 3 R T
Connector RJ45
R T <100m
R T
HUB: functions Assure the frame broadcast towards all hosts oat the same level and towards the upper level such as a bus. Re-amplify the signals. Detects the collisions and informs all host. Supervises the status of the links (Link Test Pulse) thanks to the transmission of pulses (400ns) every 16ms when there is no traffic (idle). Could make unavailable a defective port.
Page 1.28
2 Physical and link layers 2.2 Cabling 10/100 base T : HUB purpose (2) hub R T HUB 4 ports R 6 5 T 4
R T
R T
29
Page 1.29
100 Mb/s
Telephone wire
UTP category 5
STP category 5
RJ-45
30
Cable categories : Unshielded Twisted Pair (UTP) and Shielded Twisted Pair (STP) category 3: Bp 16Mhz (not used anymore) cable and associated connecting hardware whose transmission characteristics are specified up to 16 MHz. It is used by 10BASE-T and 100BASE-T4 installations category 4: Bp 20Mhz cable and associated connecting hardware whose transmission characteristics are specified up to 20 MHz. It is used by 10BASE-T and 100BASE-T4 installations. The cable normally has four pairs of wire. This grade of UTP is not common. category 5: Bp 100Mhz cable and associated connecting hardware whose transmission characteristics are specified up to 100 MHz. It is used by 10BASE-T, 100BASE-T4, and 100BASE-TX installations. The cable normally has four pairs of copper wire. Category 5 is the most popular cable used in new installations today. 100BASE-T media specifications, which include 100BASE-TX, 100BASE-T4, and 100BASE-FX, allow Fast Ethernet to run on the most common Ethernet wiring, including Categories 3, 4, and 5 unshielded twisted-pair, shielded twisted-pair, and fiberoptic. 100BASE-TX designates the IEEE 802.3 specification for 100 Mbps Ethernet signaling with CSMA/CD over two pairs of Category 5 UTP or STP wire. The pairs of wires used for transmitting and receiving signals are the same as those used for 10BASE-T. Therefore, the same (Category 5 UTP or better) cable used for 10BASE-T can be used for 100BASE-TX with no change to cable termination. 100BASE-T4 is the IEEE 802.3u specification for 100 Mbps Ethernet signaling over four pairs of Category 3 or better UTP cable. This physical layer standard was specifically defined to allow 100BASE-T to be deployed over the large installed base of Category 3 voice-grade UTP. 100BASE-T4 uses four-pair Category 3, 4, or 5 UTP cable for distances of up to 100 meters. Transmission requires four pairs of cable to reduce electrical emissions and meet FCC requirements. 100BASE-FX is the IEEE 802.3 specification for 100 Mbps Ethernet signaling over two strands of multimode fiberoptic cable. 100BASE-FX is used for transmissions over extended distances, downlinks, and backbones, and is especially useful in any environment subject to electrical interference.
Page 1.30
10baseT
10base2
AUI (10base5)
Segment
Repeater: Located at the physical level, it acts at the electrical level: Amplifier media adapter
31
Page 1.31
2 Physical and link layers 2.2 Cabling 10/100 base T : Access control and collision detection Transmission
Media monitoring Yes transmission free ? No
Loopback
Yes Transmission OK
Monitoring = transmission ?
No Collision detection
Receive
32
On a half duplex channel : Looping back of transmitted data onto the receiver input, Carrier Sense function as it is normally used to defer transmissions. That is, the reception of data on the receive channel should cause the transmitter to defer any pending transmissions. A normal (half duplex) Ethernet interface will withhold its own transmissions in order to avoid interfering with transmissions in progress under control of the carrier sense signal. Collision Detect function, which would normally cause the transmitter to abort, jam, and reschedule its transmission if it detects a receive signal while transmitting.
Page 1.32
ter, u o (R DTE , ) PC
2 Physical and link layers 2.2 Cabling 10/100 base T : Connector RJ45
MDI
2 1 4 3 5 6 8 7
Pins 1 2 3 6
Function
Data Transmission Tx + Data Transmission Tx Data Reception Rx + Data Reception Rx MDI : Media-dependent interface
Pins 1 2 3 6
Function
Data Reception Rx+ Data Reception Rx -
33
Connector RJ-45 hardware aspect : connector RJ 45 (ISO 8877) with 8 pins Two types of ports: MDI (on DTE like routers et hosts) MDI-X (on DCE like Hubs, switches), Transmission and reception pins are crossed. Note: Hubs and Switches have usually one MDI (not crossed) port among their ports in order to allow a connection between hubs or switches.
Page 1.33
2 Physical and link layers 2.2 Cabling 10/100 base T : Straight cable Port MDI host (DTE) 1 Tx
Rx 1 2 Tx 3 6
Ports MDI-X
1 Rx 2 3 Tx 6
Port MDI
Tx 1 2 3 Rx 6
host (DTE)
2 3 6 Rx
(DCE)
Hub/Switch
Port MDI-X
6 3 2 1 Rx T x
Port MDI
6 3 2 1
Router (DTE)
34
Straight cables connection between DTE and DCE Usually between Hub (or switch) and host (or router)
Page 1.34
2 Physical and link layers 2.2 Cabling 10/100 base T : Crossover cable host (DTE) Port MDI
1 Tx 2 3 6 Rx
Port MDI
Tx 1 2 3 Rx 6 Crossover (DTE to DTE)
host (DTE)
Router (DTE)
Port MDI
1 Tx 2 3 6 Rx
Port MDI
Tx 1 2 3 Rx 6 Crossover(DTE to DTE)
host (DTE)
35
Crossover cables connection between two DTEs without using Hub or Switch
Page 1.35
2 Physical and link layers 2.2 Cabling 10/100 base T : How to recognise the cable types
Straight
1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8
Crossover
1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6
Rolled over
7 8 1 2 3 4 5 6 7 8
1 2 3 4 5 6 7 8
1 2 3 4 5 6 7 8
1 2 3 4 5 6 7 8
Tx+ Tx+
Rx+
TxTx-
1 2 3 4 5 7 8
1 2 3 4 5 6 7 8
8 7 6 5 4 3 2 1 36
RxRx-
RxRx-
RxRx-
RxRx- 6
Rolled over cable : used on Cisco in particular cases (console and auxiliary port).
Page 1.36
m 1 0 0
HUB
100m
100 m
10baseT
HUB
10baseT
HUB
10 0m
m 1 0 0
10baseT
1 0 0 m
HUB
500m 4 repeaters
1 0 0 m
m 100
100 m
10baseT
0 m 1 0
HUB
37
Ethernet 10 BaseT 2 unshielded twisted pairs (Rx, Tx) (UTP) category 3 or 5 4 HUBs at the maximum Maximum network diameter 500m Maximum segment length 100m Bw 20MHz, 10 Mbauds, Manchester Code
Page 1.37
2 Physical and link layers 2.2 Cabling 10/100 base T : Hub interconnection hub
1-2 3-6 1-2 3-6
Tx Rx Tx Rx Tx Rx
Rx Tx Rx Tx Rx Tx
Rx Tx
Tx
1-2
1-2 3-6
Rx 3-6 hub
1-2 3-6
1-2 3-6
Straight cable
Port MDI-X
1-2 3-6
Tx Rx
Rx Tx
1-2 3-6
38
Usually, a Hub has got at least one port MDI or a configurable port (MDI/MDI-X) by means of a switch. Therefore, the connection between two Hubs can be made by means of a straight cable connected to a MDI port at one end and to a MDI-X port at the other end. Another possibility consists of connecting two MDI-X ports but by means of crossover cable.
Page 1.38
MDI-X ports
39
Page 1.39
2.5km
2 Physical and link layers 2.2 Cabling FastEthernet 100Mb/s : what problem?
5.12s
64 bytes
100 Mb/s
Propagation time
25.6s
Collision detection!! no collision detection!! Bandwidth = 100 Mb/s Duration of the minimum size frame transmission : 64 Bytes x 8 bits / 100 x 106 = 5.12s
40
Page 1.40
2 Physical and link layers 2.2 Cabling FastEthernet 100Mb/s : LAN diameter reduction
250 m
100 Mb/s
minimum frame size: 64 bytes
2.5s
5.12s
Collision
2.5s
41
If the network length is long => the minimum size of the frame should be long. This involves the transmitter to make padding if its message is short. On Ethernet, the maximum distance between 2 hosts is 2.5 km. Therefore, the minimum length frame should be 64 bytes. On Ethernet 10Mb/s : Time to transmit 1 bit : 0.1us 1 bit occupies 23 meters A short frame occupies 13.3km long
Page 1.41
2 Physical and link layers 2.2 Cabling FastEthernet 100 base T : Hub interconnection
100 m
1 0 0 m
100 base T
m 1 0 0
HUB
20m
1 0 0 m
10 0m
220m 2 repeaters
100 base T
10 0m
HUB
100m
Ethernet 100 Base T 2 shielded twisted pairs (Rx, Tx) (STP) category 5 Maximum 2 consecutive HUBs 20 m from each other Maximum network diameter 220m Maximum segment length 100m Bp 30MHz, 62,5 Mbauds, 4B/5T code or MLT3 (3 levels) or NRZI Ethernet 100 base T4 4 unshielded twisted pairs UTP (1 Rx, 1 Tx, 2 bi-directional ) category 3 per port Bp 20MHz, 25 Mbauds , 8B/6T code or MLT3 (3 levels) or NRZI
m 100
42
Page 1.42
2 Physical and link layers 2.2 Cabling 100 base Fx : Optical fibers
100 base Fx
100 Mb/s Base band
Fiber
Connector SC
Fiber
Connector ST
43
100BASE-FX is the IEEE 802.3 specification for 100 Mbps Ethernet signaling over two strands of multimode fiber-optic cable. 100BASE-FX is used for transmissions over extended distances, downlinks, and backbones, and is especially useful in any environment subject to electrical interference. ST (an AT&T Trademark) is the most popular connector for multimode networks, like most buildings and campuses. It has a bayonet mount and a long cylindrical ferrule to hold the fiber. Most ferrules are ceramic, but some are metal or plastic. And because they are spring-loaded, you have to make sure they are seated properly. SC is a snap-in connector that is widely used in singlemode systems for it's excellent performance. It's a snap-in connector that latches with a simple push-pull motion. It is also available in a duplex configuration. Besides the SC Duplex, you may occasionally see the FDDI and ESCON duplex connectors which mate to their specific networks. They are generally used to connect to the equipment from a wall outlet, but the rest of the network will have ST or SC connectors. FC/PC has been one of the most popular singlemode connectors for many years. It screws on firmly, but make sure you have the key aligned in the slot properly before tightening. It's being replaced by SCs and LCs LC is a new connector that uses a 1.25 mm ferrule, half the size of the ST. Otherwise, it's a standard ceramic ferrule connector, easily terminated with any adhesive. Good performance, highly favored for singlemode. MT-RJ is a duplex connector with both fibers in a single polymer ferrule. It uses pins for alignment and has male and female versions. Multimode only, field terminated only by prepolished/splice method.
Page 1.43
1.44
Page 1.44
2 Physical and link layers 2.3 MAC addressing Logical address and physical address
Alice
IP @ = logical address
xz
Bob
45
IP addresses are logical addresses. IP address is assigned to each port. Therefore a host (especially routers) could get several IP addresses if it is connected to network(s) through several boards. MAC addresses are physical addresses At the Ethernet level, the frames are exchanged by means of physical addresses (called MAC address). So, it is essential to associate IP address and MAC address.
Page 1.45
MAC
00.80.9f.00.02.03
MAC
00.18.55.92.a2.08
MAC
00.53.27.32.02.c8
Dest : 00.53.27.32.02.c8 ..
MAC
MAC
00.6f.66.32.0b.08
46
Ethernet MAC address is 6 bytes length Unicast address Address assigned to only one Ethernet board over the world. A unicast address identifies a single device or network interface. When frames are sent to an individual station on a LAN, the unicast identifier of the target is typically used as the destination address in all transmitted frames. The source address in transmitted frames (the identifier of the sender) is always unicast. Unicast addresses are sometimes called individual addresses, physical addresses, or hardware addresses; these terms are all synonymous.
Page 1.46
MAC
00.80.9f.00.02.03
MAC
00.18.55.92.a2.08
MAC
00.53.27.32.02.c8
MAC
00.6f.66.32.0b.08
47
Broadcast A broadcast frame is a frame having the destination MAC address all 1s. This frame will be interpreted by all host connected to the LAN. Note : This kind of frame never goes through a router
Page 1.47
MAC
00.80.9f.00.02.03
MAC
01.00.5e.00.00.09 00.18.55.92.a2.08
MAC
00.53.27.32.02.c8
Dest : 01.00.5e.00.00.09 ..
MAC
MAC
00.6f.66.32.0b.08 01.00.5e.00.00.09
48
Multicast address In addition to unicast address, some hosts could get one or several multicast addresses because they belong to one or several groups. Usually, Multicast address is programmable. Therefore a multicast address can be used as a destination address when a sender wants to send a frame to a group of receivers. Most LAN technologies provide many-to-many connectivity among multiple stations on a shared communications channel; multicast addressing provides the means to send a frame to multiple destinations with a single transmission Multicast addresses are sometimes called group addresses or logical addresses. Multicast addresses are assigned by an international organisation.
Some well-known examples include: - The Spanning Tree Protocol uses a multicast address to define the logical group of all bridges that implement the protocol. (01-80-C2-xx-yy-zz) - The Open Shortest-Path-First routing protocol (OSPF) uses a multicast address ( 5E-xx-yy-zz).
Most of routing protocols use multicast addresses to exchange their database. In this case, this method is more efficient than broadcast because it does not disturb hosts which are not concerned by the data exchanged between routers. A multicast address identifies a group of logically-related devices.
Page 1.48
2 Physical and link layers 2.3 MAC addressing Details of the MAC address
O.U.I.: Organizational Unit Identifier (Assigned by IEEE) Manufacturer Code (22 bits) U/L: Bit I/G: Bit Serial number (24 bits)
0: Individual (or Unicast), associated to only one equipment 1: Group (or Multicast), associated to a set of equipment
Page 1.49
2 Physical and link layers 2.3 MAC addressing Transmission of the bits Bit multicast
e 1
0 3
c 9
01001010
4 a
11110000
f0
10000010
82
Page 1.50
1.51
Page 1.51
Bytes
1518 length 64
2
46 to 1500
Preamble 7 x AA
SFD
MAC @ dest.
MAC @ src.
>5DC
Ether
Data
Padding
FCS
Indicates the upper layer protocol Value > 5DCH or 1500D. Examples :IP: 0800 ARP: 0806 IPv6:086D
Control Max Trans. Unit (MTU): 1500 Mini. size : 46 (possibly padding)
MTU: Maximum Transmission Unit IP: Internet Protocol ARP: Address Resolution Protocol FCS: Frame Check Sequence
52
Ethernet protocol Designed by Digital, Intel, Xerox (DIX ethernet) The original release has been updated and the current version is Eth V2 The field Ether types allows the receiver to forward the frame contains to the correct protocol of the next layer. The type value is standardised and is always higher than 600 hexa or 1536dc The standardised values of ether type can be obtained from IANA the Internet Assigned Numbers Authority which is the central co-ordinator for the assignment of unique parameter values for Internet protocols. http://www.iana.org/numbers.html Directory of General Assigned Numbers (replace RFC1700) The data field must not convey more than 1500 bytes. At the opposite, data field must have 46 bytes at least in order to respect the minimum frame length for collision detection (64 bytes). Therefore, ethernet protocol will sometimes have to make padding. Maximum traffic of short frames : 14880 frames/s Maximum traffic of long frames : 812 frames/s
Page 1.52
1 2
1.53
Page 1.53
2 Physical and link layers - 2.5 Frame 802.3 and associated protocols Situation of the MAC 802.3 sub-layer
Network
Other protocols
Other protocols
IP
ARP
LLC
Link
FDDI
Physical
Optical Fibre
10 Base 2
10 Base 5
54
When IP protocol was designed it was dedicated to operate over Ethernet which run over bus topology. The IEEE wished use other topologies to convey IP (FDDI, Token Ring, ) in addition to the bus CSMA/CD. But, for theses other topologies, the maximum frame length was variable. So, a field frame length should be present inside the frame header. In addition, IP being not reliable, IEEE decided to add a protocol capable of offering reliability: LLC sub protocol Purpose of LLC sub protocol : offers various services : LLC1- connectionless without flow control neither acknowledgment (LAN 802.3 Ethernet et 802.5 Token Ring) LLC2- with connection, acknowledgment (TokenRing, SNA) LLC3- connectionless with acknowledgment (factory network) It is the role of the layer 3 to select the appropriate service. provides Services Access Point to the upper layers. Note: IP use LLC1. Purpose of the SNAP sub-protocol : Due to a growing number of applications using LLC (IEEE 802) as lower protocol layers, an extension was made to the IEEE 802.2 protocol in the form of the Sub-Network Attachment Point (SNAP).
Page 1.54
2 Physical and link layers - 2.5 Frame 802.3 and associated protocols Frame IEEE 802.3
Bytes
46 to 1500
Preamble 7 x AA
Flag
MAC @ dest.
MAC @ src.
Data
Padding
FCS
Indicates the data length (without padding) Value 1500 (dec). dec). 5DC (hexa) hexa)
Control Max. Trans. Unit (MTU): 1500 mini size : 46 (possibly padding)
55
Standardised by IEEE In the 802.3 MAC frame, the length of the data field is indicated in the 802.3 header (instead type of protocol) The length of the 802.3 data field is also limited to 1500 bytes for 10 Mbps networks, but is different for other transmission speeds.
Page 1.55
OSI
2 Physical and link layers - 2.5 Frame 802.3 and associated protocols IEEE 802.2 LLC encapsulation other protocol codes using 2 bytes IP ARP 0806
2
0800
1492
FE LLC 802.2
04
AA
SNAP 802.1a
O. U. I
3
PID
Data
Bytes
Bytes
DSAP SSAP
1 1
Control
1
Data
1497
802.3 frame
MAC @ dest.
Bytes
6
MAC @ src.
6
Length <5DC
2
Data
46 to 1500
Padding
FCS
4
56
The field type of Eth.V2 protocol having been lost in IEEE802.3, the 802.3 protocol forwards systematically the data field to the 802.2 LLC protocol. LLC protocol 802.2 The 802.2 Logical Link Control (LLC) layer above IEEE 802.3 uses a concept known as link service access point (LSAP), which uses a 3-byte header, where DSAP and SSAP stand for destination and source service Access Point respectively. Numbers for these fields are assigned by an IEEE committee. Control : type of frame I, RR, REJ, DM, (note: LLC1 uses only the value: 03= UI). DSAP/SSAP identifies the encapsulated protocol. A problem arises with the use of LLC in its pure form. LLC SAPs (LSAPs11) are only 1 byte long; as a result, they can multiplex only among a maximum of 256 clients. However, the SAP space is further subdivided. Half of the space is reserved for group (Le., multicast) SAPs, leaving only 128 multiplexing points for most purposes. Even within this restricted space, it is also common practice to use the second bit of the SAP to divide the space further, allowing for 64 publicly-administered, globally-unique SAPs and only 64 identifiers that can be locally administered for private use. To overcome this limitation, an escape mechanism was built into the LLC SAP identifier. If the SAP is set equal to OxAA, this indicates that the SubNetwork Access Protocol (SNAP) is in use.
Page 1.56
2 Physical and link layers - 2.5 Frame 802.3 and associated protocols SNAP 802.1a sub-layer PID:encapsulated protocol (809B= AppleTalk 0800= IP, )
3
IP packet
O. U. I 00 . 00 . 00 SSAP
(AA)
1 1
PID
1497
1492
Data
DSAP
(AA)
Control
(03)
Data
4
MAC @ dest.
MAC @ src.
Length <5DC
Data
46 to 1500
Padding
FCS
57
SNAP (Sub Network Access Protocol) Allows to indicate the encapsulated protocol. OUI (Organisation Unit Id= vendor code ) : usually 000000 PID (Protocol Identifier) : the same values used in the Ethernet type field. Example : 0800 IP, 809B AppleTalk,
Page 1.57
2 Physical and link layers - 2.5 Frame 802.3 and associated protocols Other advantages of SNAP
Bridge
Bridge
Data
FCS
Data
FCS
Data
Data
58
When Ethenet data have to cross a WAN, a new encapsulation has to be done and only data field will be encapsulated in the new protocol so, the type field has been lost. At the other end of the WAN no indication about the type of data. In this case, the use of LLC/SNAP becomes crucial.
Page 1.58
Ligne
ADSL Modem
2 Physical and link layers - 2.5 Frame 802.3 and associated protocols IP encapsulation into AAL5 (LLC/SNAP)
Ethernet
DSAP SSAP AA AA
SNAP 801.a
1
Cntl 03 Length
2 46 - 1500
OUI 00 00 00
PID 0800
IP
FCS
4
PAD
Cellules ATM
0 47
UU CPI
Leng. CRC
2 4
59
IP encapsulation into ATM LLC: SNAP DSAP et SSAP= AA AA => use of SNAP Ctl: 03= UI frame(Unnumbered Information) OUI:000000 ethertype PID= 0800: IP PID= 0806: ARP, .
Page 1.59
2 Physical and link layers - 2.5 Frame 802.3 and associated protocols Comparison between Eth. V2 and IEEE 802
IP packet
O. U. I 00.00.00 SNAP
Bytes
Bytes
PID 0800
1
1492
Data
1497
Bytes
Eth V2 frame
MAC @ dest.
MAC @ src.
46 to 1500
Data
LLC
4
DSAP (AA)
SSAP (AA)
Control (03)
Data
46 to 1500 4
Bytes
Padding FCS
MAC@ dest.
MAC@ src.
802.3 frame
Leng. <600
data
Padding
FCS
60
Note: the maximum size of IP packet depends on the lower layers : Eth V2 : 1500 bytes IEEE 802.3 : 1492 bytes
Page 1.60
2 Physical and link layers - 2.5 Frame 802.3 and associated protocols Protocol recognition
Preamble 7 x AA
Flag
MAC @ dest.
MAC @ src.
Type /Leng
Data
Padding
FCS
1500dec or 5DChex
Length
Ether type
802.3
Ethernet V2
61
Both frame formats can coexist on the same physical coax. This is done by using protocol type numbers (type field) greater than 1500 (decimal) in the Ethernet frame. However, different device drivers are needed to handle each of these formats.
Page 1.61
62
Page 1.62
1 2 3 4 5 6 7 8 9
Introduction Physical and link layers ARP protocol Repeaters, Bridges and Switches IP protocol ICMP protocol Client-Server model UDP protocol TCP protocol
1.63
Page 1.63
Network
IP ARP
SNAP
LLC 802.2
Ethernet V2
Optical fibre
10 Base 2
10 Base 5
64
The address resolution protocol is responsible for converting the higher level protocol addresses (IP addresses) to physical network addresses. It is described in RFC 826.
Page 1.64
@IPsrc: 1.1.1.2
FCS
ARP Response
fff...ff 102030
65
A module (ARP) is provided that will translate the IP address to the physical address of the destination host. It uses a lookup table (sometimes referred to as the ARP cache) to perform this translation. When the address is not found in the ARP cache, a broadcast is sent out on the network, with a special format called the ARP request. If one of the machines on the network recognises its own IP address in the request, it will send an ARP reply back to the requesting host. The reply will contain the physical hardware address of the host and source route information (if the packet has crossed bridges on its path). Both this address and the source route information are stored in the ARP cache of the requesting host. All subsequent datagrams to this destination IP address can now be translated to a physical address, which is used by the device driver to send out the datagram on the network. Principle: 1- A host (IP@=ZIPO, MAC@=1234) which would like to send an IP packet to IP@=Yaka as to find out the corresponding MAC@. 2- This information not being in its cache memory, 3- ARP protocol broadcast an ARP Request over the LAN. 4- All the hosts connected on the LAN have to decode the ethernet frame because it is broadcasted. But only the host having got the IP@= Yaca, answers. 5- The ARP Response in sent back to unicast MAC@=1234, conveying the MAC@ of Yaca. 6- The response is memorised in the cache memory
Page 1.65
1.1.1.2
MAC @ : 908070
Data IP Packet FCS
IP @ : 1.1.1.2
0800
7-Only now, the IP packet conveying the message can be transmitted to Yaka. 8- To achieved that, the IP packet is encapsulated into an Ethernet frame with the unicast destination MAC@ (=9876) 9- The host having the MAC@=9876 receives the ethernet frame.
Page 1.66
FCS
123
MAC @ : 456 IP @ : Y
4
123
456
FCS
67
Whenever an ARP Request is sent over the LAN, all hosts connected to this LAN can update their ARP cache memory (IP@ <=> MAC) because the destination of the frame is a broadcast address.
Page 1.67
123
456
0800
(I P)
Data IP Packet IP Y Z
5
FCS
123
888
4
IP Y Z
68
Time to live of an ARP entry 1- When an Ethernet board has to be replaced in a host therefore, the MAC@ changes. 2- Another host wishing send an IP packet to Z and having in its ARP cache a MAC@ (but the previous one) corresponding to this IP@ wil not perform an ARP procedure. 3- Consequently, the Ethernet frame with the now wrong destination address will never reach the desired host So, to solve this problem, the ARP entries are deleted if they are not used for a time (configurable). For instance, in Cisco router, the default ARP TTL is 4 hours while it is only some seconds in PC. Note: a host could get the suppression of an entry (the oldest one) if there is no enough place in its ARP cache memory
Page 1.68
fff...ff 3
888
Data ARP Request @IPsrc: Z 0806 @MACsrc: 888 (ARP) @IPdest: Z @MACdest: ????????
FCS
123
888
69
ARP gratuitous An ARP gratuitous is an ARP Request having as destination IP@ its own IP@. This particular ARP Request has got to objectives : To update the ARP cache memory of the other hosts on the LAN To detect whether there is another host having the same IP@ (normally no one host should answer to this request).
Page 1.69
ARP in Eth V2
70
Page 1.70
ARP
Eth V2 frame
Type 2
ARP Message
FCS 4
0806:ARP
71
ARP message format Hardware address space: Specifies the type of hardware; examples are Ethernet or Packet Radio Net. Protocol address space: Specifies the type of protocol, same as the EtherType field in the IEEE 802 header (IP or ARP). Hardware address length: Specifies the length (in bytes) of the hardware addresses in this packet. For IEEE 802.3 and IEEE 802.5 this will be 6. Protocol address length: Specifies the length (in bytes) of the protocol addresses in this packet. For IP this will be 4. Operation code: Specifies whether this is an ARP request (1) or reply (2). Source/target hardware address: Contains the physical network hardware addresses. For IEEE 802.3 these are 48-bit addresses. Source/target protocol address: Contains the protocol addresses. For TCP/IP these are the 32-bit IP addresses. Note: MAC address destination is set to 0 in any ARP request.
Page 1.71
ARP Request
2 MAC @ ? 0:0:c0:6f:6d:40
ARP Response
IP @ 192.10.21.2
Hardware type:1(Ethernet) Protocol: 800 (IP) Hw address length: 6 Protocol address length: 4 Operation: 2 (response) Senders hw address: 0:0:c0:c2:9b:26 Senders protocol address:192.10.21.1 Target hw address: 0:0:c0:6f:6d:40 Target protocol address:192.10.21.2
72
Page 1.72
3 ARP protocol Exercise :Trace of ARP protocol Given the following trace :
Addr. 0000: 0010: 0020: Hex. Data Time:07:33:06.045 FF FF FF FF FF FF 00 60 08 56 F4 E5 08 06 00 01 08 00 06 04 00 01 00 60 08 56 F4 E5 0A 00 00 8C 00 00 00 00 00 00 0A 00 00 8A
0001
Type type
0800
2
Length @MAC
06
1
length @IP
04
1
Operation
0001
2
0A00008C
4
@IP src
0A00008A
4
@IP dest
Eth frame
ffffffffffff
6
@MAC dest
Protocol
2
2) Which Ethernet protocol is it (IEEE802.3 or Ethernet V2)? 3) Which kind of operation is it?
EthV2 Request
0806
73
Page 1.73
Eth. V2 [0000:000D] 0000:0005 Destination Address: FFFFFFFFFFFF (Broadcast) 0006:000B Source Address: 00600856F4E5 (3Com56F4E5) 000C:000D Ethernet Type: Address Resolution Protocol (ARP) ARP [000E:0029] 000E:000F Hardware Type: Ethernet (10Mbps) 0010:0011 Protocol Type: DOD Internet Protocol (IP) 0012:0012 Hardware Address Length: 6 0013:0013 Protocol Address Length: 4 0014:0015 Opcode: Request 0016:001B Source HW Address: 00600856F4E5 001C:001F Source IP Address: 10.0.0.140 0020:0025 Destination HW Address: 000000000000 0026:0029 Destination IP Address: 10.0.0.138
The analyzer can decode the OUI code i.e. vendor code Decoded ARP message 0 in the request
74
Page 1.74
Eth.V2 [0000:000D] 0000:0005 Destination Address: 00600856F4E5 (3Com56F4E5) 0006:000B Source Address: 00809F2132A9 (Alcatel2132A9) 000C:000D Ethernet Type: Address Resolution Protocol (ARP) ARP [000E:0029] 000E:000F Hardware Type: Ethernet (10Mbps) 0010:0011 Protocol Type: DOD Internet Protocol (IP) 0012:0012 Hardware Address Length: 6 0013:0013 Protocol Address Length: 4 0014:0015 Opcode: Reply Expected MAC address 0016:001B Source HW Address: 00809F2132A9 001C:001F Source IP Address: 10.0.0.138 0020:0025 Destination HW Address: 00600856F4E5 0026:0029 Destination IP Address: 10.0.0.140
75
Page 1.75
Objective: to be able to describe the ARP protocol and analyze an ARP trace
76
Page 1.76
1 2 3 4 5 6 7 8 9
Introduction Physical and link layers ARP protocol Repeaters, Bridges and Switches IP protocol ICMP protocol Client-Server model UDP protocol TCP protocol
1.77
Page 1.77
10baseT
10base2
AUI (10base5)
Segment
Repeater: Located at the physical level, it acts at the electrical level: Amplifier media adapter It does not interprets addresses
Segment
78
Page 1.78
Bridge
LAN 1
LAN 2
79
Bridge Interconnects LAN segments at the network interface layer level and forwards frames between them. A bridge performs the function of a MAC relay, and is independent of any higher layer protocol (including the logical link protocol). It provides MAC protocol conversion, if required. A bridge is said to be transparent to IP. That is, when an IP host sends an IP datagram to another host on a network connected by a bridge, it sends the datagram directly to the host and the datagram "crosses" the bridge without the sending IP host being aware of it.
Page 1.79
MAC Physical
MAC Physical
Transceiver
Transceiver
HUB
COAXIAL
80
It acts at the level 2 Advantages increase the bandwidth thanks to the filtering, increase the reliability ( a fault is not forwarded) ensure the topology adaptation.(Ethernet, Token-Ring,)
Page 1.80
LAN 1
ca cf
Eth0
MAC@
Eth 1
Bridge
a b c d e f
Port
81
Page 1.81
LAN 1
MAC@
1/2 bridge
a b c d e f
eth0 eth0 eth0 S0S0-1/32 S0S0-1/32 S0S0-1/32 Port
MAC@
1/2 bridge
a b c d e f
S1S1-8/45 S1S1-8/45 S1S1-8/45 eth0 eth0 eth0 Port
82
1/2 bridges : Have to maintain the relationship between : @Mac <=> Virtual Channel number (X25) or Telephone number (PSTN) or DLCI (Frame Relay) or, Virtual Connection (ATM), ...
Page 1.82
4 Repeaters, Bridges and Switches Self learning transparently bridge (1) a sends a frame to b a b
Self- learning Bridge 1 2 1 filter @MAC Port a 1
b a b
Self- learning Bridge 3
MAC @ : a
a
2
b a b
MAC @ : b
a a
1
b a b
83
In order to perform a filtering, a bridge must know the location of the MAC@. Two possibilities : Manually, MAC addresses are introduced by the administrator, Automatically, by means of the self learning or the spanning tree protocol. Principle of the self learning bridge : When a bridge receives a frame, it stores in its cache memory the MAC@ and the reception port then, examines the MAC@ destination. If it knows this MAC@, it forwards the Ethernet frame only on corresponding port if it is not the reception port. otherwise, it forwards the frame on all its ports (except the reception port)
Page 1.83
MAC @ : a
b a
b a
b a
MAC @ : b
1 @MAC: C
84
As one goes along of the exchanges, the bridge table enhance. Note : If a host stay quiet for a long time, (e.g.: 10mn), the entry is removed from the bridge table
Page 1.84
4 Repeaters, Bridges and Switches Self learning transparently bridge and loops a sends a frame to b a b
filter MAC @ Port a 1 2 filter MAC @ Port a 2 2 1 filter MAC @ Port a
!!!
b
2/1?
MAC @ : a
b
filter MAC @ Port a 2
a
1
b b
2
!!!
a b
MAC @: b
2/1?
b
85
Self learning bridge limitation : Self learning bridge cannot work correctly if their is a loop made by bridges. The solution is to use the protocol : Spanning Tree :
Page 1.85
Topology
175 234 114
Tree representation
Root 109
Loop
Loop 447 492 492 562 109 562 175 447
234
114
elimination
86
In order to solve the problem of loop in a bridged network, a protocol has been designed: Spanning Tree Protocol (STP) the standard is IEEE802.1D Tree topology There is a root, plus branches (actually, a hierarchy of progressively smaller branches), and ultimately leaves. On a given tree, there are no disconnected parts that are still considered part of the tree; that is, the tree encompasses all of its leaves. In addition, there are no loops in a tree. If you trace a path from any leaf to any other leaf, you will find that there is one, and only one, possible path.
Loop
Page 1.86
R T
R T
Switch 4 ports => The traffic could reach 2 x 10 Mb/s
R T
87
A bridge analyze the MAC@ destination to forward the frame to the correct outgoing port. Early LAN bridges rarely had more than 2 ports. During the 1990 s ASIC, microprocessors, memory technology advanced to the point where it was feasible to built LAN bridges with large numbers of ports capable of forwarding frames at wire-speed on all ports.
A switch is a bridge
(the distinction between bridge and switch is a marketing distinction)
Page 1.87
Segment
hub
Micro-segment
Port 1 Port 4
Micro-segment
SWITCH
Port 2 Port 5
Micro-segment
Port 6
Port 3
hub
Micro-segment
Segment
88
A switch can be used to segment traditional shared LANs Alternatively, a switch ca be used to interconnect single end stations . This is refferd to as microsegmentation. A microsegmentated environment has a number of interesting characteristics that we will study later.
Page 1.88
Switch
Collision
Receive
Loopback
Transmit
Collision detection
Loopback
Receive
Transmit Transmit
Collision detection
Loopback
Receive
89
When a LAN is shared by several stations, mechanisms have to be implemented to get the control of the medium detect a possibly collision and take the appropriate decision. The operation mode is half duplex because under normal operation only one end station can transmit at one time.
Page 1.89
Transmit
Collision detection
Loopback
Receive
Loopback
Receive
Transmit
90
10 Base Tx provides two ways for communication : one pair for Tx and another pair for reception. Just providing a full duplex-capable media and topology is not sufficient to achieve full duplex operation. Unless we also modify the behavior of the LAN interfaces in the switch and the attached devices, we cannot use the channel in any manner other than the normal shared-LAN mode. This is because the LAN interface does not know that the channel is now dedicated for its private use. We must essentially disable the access control mechanism inherent in the LAN interface. We can modify the behavior of the Ethernet MAC controller in both the switch and the attached devices to take advantage of their unique situation. We need to: Disable the Carrier Sense function as it is normally used to defer transmissions. That is, the reception of data on the receive channel should not cause the transmitter to defer any pending transmissions. A normal (half duplex) Ethernet interface will withhold its own transmissions in order to avoid interfering with transmissions in progress under control of the carrier sense signal. Disable the Collision Detect function, which would normally cause the transmitter to abort, jam, and reschedule its transmission if it detects a receive signal while transmitting. Disable the looping back of transmitted data onto the receiver input, as is done on a half duplex channel. Neither end of the link needs to defer to received traffic, nor is there any interference between transmissions and receptions, avoiding the need for collision detection, backoff, and retry. In this environment, we can operate the LAN in full duplex mode; stations can both transmit and receive simultaneously Note: the two parties must have the same operation mode otherwise, the device operating in half duplex will detect collision if it sends a frame at the same time the other device sends another in the other direction.
Page 1.90
Port 1
SWITCH
Port 2 Port 5
Port 3
Port 6
hub
91
A switching hub (unlike a repeater) has a MAC entity for each of its ports. Architecturally, each of the connections to the switching hub constitutes a distinct LAN , with access to each LAN arbitrated independently of all others. A repeater with n ports constitutes a single LAN; a switch with n ports constitutes n LANs, one for each switch port. In a shared Ethernet LAN, the CSMA/CD algorithm is used to arbitrate for use of the shared channel. The set of stations contending for access to a shared Ethernet LAN is known as a collision domain. A switch separates the access domains of each port.
Page 1.91
HUB
4 Repeaters, Bridges and Switches Switch : Full and half duplex Switch
Receive Transmit
Buffer Buffer
Transmit
Collision detection
Loopback
Receive
Transmit
Collision detection
Loopback
Receive
Loopback
Receive
92
Whereas with a repeater all of the devices connecting to the hub share the available channel and have to arbitrate for access, with a switching hub each of the attached devices has a dedicated channel between itself and the hub. In the case of a micro segmented switched LAN , each port comprises a two-station network composed of the attached device and the switch port itself. If we consider that two-station LAN in isolation, we can see that it appears exactly the same (architecturally) as the simple RS-422 connection. Each device has a private, independent channel to the other device; there is no possibility of contention for the use of the underlying communications channel.
Page 1.92
Segmentation hub
10 Mb/s
4 Repeaters, Bridges and Switches Switch : Advantages of full duplex operation Micro-segmentation Switch Indedendent rate of each station
100 Mb/s 10 Mb/s
Switch
Collision detection
Transmission = reception no delay
Full-duplex
Full bandwidth
Implication of full duplex operation The use of microsegmentation associated to full duplex mode have a number of important implications: eliminate the link length restrictions of CSMA/CD. A shared ethernet LAN operating at 10 Mb/s has the full 2;5 km distance limit available. This is especially important for technologie such as FastEthernet (length 250 m) and Gigabit Ethernet increase the aggregate channel capacity. In the best case the the aggregate capacity of a switch will equal the sum of the data rate of all attached ports. increase the potential load on a switch. The transmission is not delayed because there is no access contention neither collision. Allow variaous data rate for each station
Page 1.93
4 Repeaters, Bridges and Switches Switch : The need for flow control SWITCH
Buffer SERVER Buffer Buffer Buffer
Buffer
94
The need for flow control If the ports connected to a switch are operating in half duplex mode, there are some tricks to control the flow : Backpressure. To prevent buffer overflow from traffic arriving on its input ports, a switch can use the underlying access control method to throttle stations on the shared LAN and forestall incoming traffic. Force collisions with incoming frames. The disadvantage of this method is the collision will cause the end station to calculate an exponentially-increasing backoff. The station will select a time, initially in the range of 0 to 1 slot Tirnes, but increasing to 0 to 1,023 slot times for later collisions. It is likely that switch input buffers will become available during this very long time, as the switch will be emptying its queue onto the output ports in the meantime. Even though the queue is so emptied, the channel will remain idle until the backoff timer expires. It seems a shame to waste bandwidth solely due to an inefficient backpressure algorithm. .Make it appear as if the channel is busy. This uses the deferral mechanism rather than the collision backoff mechanism of the Ethernet MAC. As long as the station sees that the channel is busy (i.e., Carrier Sense is asserted) it will defer transmission, but it imposes no additional backoft delay. Aggressive transmission policy. On the output side, a switch can empty its transmit queue in an expedited manner by using an access control algorithm more aggressive than that permitted by the standard. This effectively gives the switch priority over other traffic sources on its output ports.
Page 1.94
HUB
1 Cabling 2 Communication
HUB
Sell
s R& D Fi na n ce s
s el l s
o rt en t p Im a r mt d ep o rt en t p x e a r mt p e d
R& D
Fi na
n ce s
95
Any frame sent by a host through a Hub and whatever the MAC@ type (unicast, broadcast, multicast) will be systematically broadcasted to all Hub ports.
Page 1.95
4 Repeaters, Bridges and Switches Cabling with HUB and LAN segmentation (1)
HUB
Filtering
Bridge
HUB
Sell
s R& D Fi na n ce s
s el l s
o rt en t p Im a r mt d ep o rt en t p x e a r mt p e d
R& D
Fi na
n ce s
96
LAN segmentation can be made by adding Bridge unit. A frame sent by a host to another host located on the same LAN will not be broadcasted. The bridge performing filtering. Nevertheless, all hosts connected to this LAN segment will be disturbed.
Page 1.96
4 Repeaters, Bridges and Switches Cabling with HUB and LAN segmentation (2)
HUB
Bridge
HUB
Sell
s R& D Fi na n ce s
s el l s
o rt en t p Im a r mt d ep o rt en t p x e a r mt p e d
R& D
Fi na
n ce s
97
In spite of the presence of a bridge, any communication between two hosts located on two LAN segments will lead to a monopolisation of the two LAN segments.
Page 1.97
1 Cabling 2 Communication
Sell
p o Im a r mt d ep
rt n t e
Sell
R& D
Switch
Fina
n ces
o rt n t e x p mt e a r d ep
Micro-segmentation
98
Switch allows micro-segmentation ( a bridge between each host) A switch receiving a unicast frame from a host will forward that frame to only the involved port.
Page 1.98
4 Repeaters, Bridges and Switches Protocol analysis over a Hub hub R T HUB 4 ports R T
Pr ot oc ol an alyz e r
R T
R T
99
On a shared bandwidth hub, all of the traffic appears on every port of the hub. As a result, a protocol analyser should function properly when attached to any port of the hub.
Page 1.99
4 Repeaters, Bridges and Switches Protocol analysis over a switch (port & switch mirroring)
Pr ot oc ol an alyz e r
Port mirroring
Port 1
Copy
Port 4
Port 2
Port 5
SWITCH
Port 3
Traffic
Port 6
hub
100
When a LAN switch is used in place of hub, devices connected to a given port will see only that traffic destined to them (known unicast destinations, multicast and broadcast destinations as well as unknown unicast destinations). Thus, as a result of normal operation, it is no longer possible to monitor all of the traffic by attaching a protocol analyser to a single port. Alternatives are commonly used to solve this problem: Port mirroring, it is possible for a switch to replicate the traffic from any single port onto another port, Switch mirroring, some switches provide the capability of mirroring all of the traffic being forwarded by the switch. As a variation of switch mirroring, some switches allow a network administrator to configure the mirror port to reflect a subset of the ports on the switch./
Page 1.100
101
Page 1.101
102
Page 1.102
1 2 3 4 5 6 7 8 9
Introduction Physical and link layers ARP protocol Repeaters, Bridges and Switches IP protocol ICMP protocol Client-Server model UDP protocol TCP protocol
1.103
Page 1.103
5 IP protocol
1.104
Page 1.104
Telephone numbering
5 IP protocol 5.1 IP Addressing Analogy between PSTN numbering and IP numbering Finnish PSTN Country Code = 358 Russian PSTN Country Code = 7
Border
Telephone number : Country code Designation number Class A networks Large IP Large IP Network Large IP Network Network
IP numbering
Class B networks
medium IP medium IP Network medium medium IPIP Network Network Network
Class C networks
Border (class)
IP address : Network ID
Analogy between PSTN numbering and IP numbering
Host ID
Small IP Network
105
Public Switched Telephone Network On telephone networks the number of digits assigned to Country Code is variable. Some Country have a country code of 1 digit, others 2, 3 or 4 digits. IP Network On IP networks, address is composed of 2 parts : Network Identifier Host Identifier The Net Id length is function of the class. Class A has a short Net ID leaving a longer part for Host ID. So, this class is dedicated for very large network where many many hosts can be connected to. Class B is suitable for a medium size of networks Class C is suitable for small networks.
Page 1.105
Net ID (7bits)
8 9 16 17
Class B 1 0
Net ID (14bits)
Net ID (21bits)
Host Id (8 bits)
Multicast group id (28 bits) Reserved for future use (27 bits)
106
Generalities IP@ is more an interface address rather than a host address. When the host is attached to more than one network, it is called multi-homed and has one IP address for each network interface. An address is composed of 32 bits. An IP@ is composed of 2 parts: Network Identifier Host Identifier IP addresses are structured into classes. IP@ is usually expressed in a dotted decimal format. For example, 145.167.5.9 is a valid IP address There are five classes of IP addresses. A Class A address is suitable for networks with an extremely large number of hosts. Class C addresses are suitable for networks with a small number of hosts.
Page 1.106
Net ID (7bits)
Host Id (24bits)
8 9 16 17 24 25 32
Class A Network
Number of Networks :126 Number of Hosts :16 777 214 Net Id from : 1.0.0.0 to 126.0.0.0 Number of Networks :16 384 Number of Hosts :65 534 Net Id from : 128.0.0.0 to 191.255.0.0
Net ID (14bits)
Class B Network
10
Host Id (16bits)
Class C Network
110
Number of Networks :2 097 152 Number of Hosts :254 Net Id from : 192.0.0.0 to 223.255.255.0
107
Net ID (21bits)
Host Id (8bits)
Some Net ID and Host ID are reserved The IP address exhaustion problem 32 bits of IP address give 4.294.967.296 possible addresses. 32 bits seems a suitable length to cover all IP devices over the world. Nearly all of the new networks assigned in the late 1980s were Class B, and in 1990 it became apparent that if this trend continued, the last Class B network number would be assigned during 1994. The reason for this trend was that most potential users found a Class B network to be large enough for their anticipated needs, since it accommodates up to 65534 hosts, whereas a class C network, with a maximum of 254 hosts, severely restricts the potential growth of even a small initial network. Furthermore, most of the class B networks being assigned were small ones. There are relatively few networks that would need as many as 65,534 host addresses, but very few for which 254 hosts would be an adequate limit.
Page 1.107
255
IP
255
255
255
data FCS
IP src IP dest 172.245.0.1 255.255.255.255 MAC@dest ff: ff:ff: ff:ff: ff:ff: ff:ff: ff:ff MAC@src Type 01:00:2a:01:22:11 0800
MAC
Network 172.245.0.0
108
Broadcast limited to the network Can be uesd only as a destination IP address. This broadcast does not go trough routers. A broadcast at IP level leads to a broadcast at the Ethernet level
Page 1.108
Net id (14bits)
Host id (16bits)
1 0 0 0 1 0 1 0
138
0 0 0 0 0 1 0 1
1 1 1 1 1 1 1 1
255
1 1 1 1 1 1 1 1
255
Network 172.245.0.0
109
This is called a directed broadcast address because it contains both a valid <network address> and a broadcast <host address>. Most of network administrator configure their router to prevent this kind of directed broadcast because its an easy way for a hacker to perturb a network.
Page 1.109
5 IP protocol 5.1 IP Addressing Special IP @ : (loopback) The IP @ : 127. _._._ allows a communication between 2 applications Application 2 Application 1
IP protocol
@IP:Z
@IP:127.0.0.1
IP @ :Z
Loopback: The class A network 127.0.0.0 is defined as the loopback network. Addresses from that network are assigned to interfaces that process data within the local system. These loopback interfaces do not access a physical network.
Page 1.110
IP@= ?
IP
3 MAC
IP src
0.0.0.0 255.255.255.255
IP dest
MAC: 01:00:2a:01:22:11 4
@ pool
IP@=0.0.0.0 can be used at the host start-up in order to get an IP @ from BOOTP or DHCP server.
111
Source IP@]= 0.0.0.0 is used by a host which has no IP address.
Page 1.111
200.98.76.254
192.100.17.254
Hub
192.100.17.0
192.100.17.1 192.100.17.2 192.100.17.3
200.98.76.253
Classe C network
192.100.17.253
Page 1.112
IP @ : 154.11.22.33
Public IP@
IP @ : 195.51.63.1
IP @ : 9.1.2.3
Internet
Private IP@
113
Public IP@ A Public IP@ is an Internet IP@ assigned by ICANN (Internet Corporation for Assigned Names and Numbers) which is the organisation in charge of IP@ allocation on Internet. Private IP@ ICANN reserved some ranges of IP@ which are not assigned to any Host connected to Internet. Any organization can use any address in these ranges. However, because these addresses are not globally unique, they are not defined to any external routers. Routers in networks not using private addresses, particularly those operated by Internet service providers, are expected to quietly discard all routing information regarding these addresses. Routers in an organization using private addresses are expected to limit all references to private addresses to internal links. They should neither externally advertise routes to private addresses nor forward IP datagrams containing private addresses to external routers.
Page 1.113
private IP @
Private Net.
public IP @
Internet
Page 1.114
Public IP@
IP @ : 195.51.63.1
IP @ : 9.1.2.3
Internet
IP @ : 154.11.22.33
Private IP@
IP @ : 154.11.12.13
115
Private IP@ Is also considered as Private IP address any IP address not assigned by ICANN. These type of addresses can be used inside a private network. They cannot travel Internet.
Page 1.115
194.5.3.12
NetID: 10.10.10.0
Discard packet
Internet
194.5.3.12
Private IP addresses
116
A private IP@ cannot travel Internet.
Page 1.116
NAT
Internet
194.5.3.12
5
117
Basically, Network Address Translation allows a single device, such as a router, to act as agent between the Internet (or "public network") and a local (or "private") network. The private router connected to Internet must be configured with NAT function and one or several Public IP@. 1 - A computer of the private network send an IP packet to a server connected to Internet. The IP packet contains a private IP@ as a source IP@ and cannot travel Internet 2 - The Internet gateway router translates the source private IP@ into a public IP@ and forwards the packet to Internet. 3 - The Internet gateway router keeps in its memory the assaciation privateIP@ and public IP@. 4 - The IP packet can travel Internet because the IP addresses are valid. 5 - The server can answer. It knows the other party by only the public IP@. 6 - The NAT router operates the inverse translation before forwarding the packet to the private network.
This means that only a single unique IP address is required to represent an entire group of computers to anything outside their network.
Page 1.117
Private network
Private net.
IP@ : 10.10.10.8 NetID: 10.10.10.0
Leased line
IP@ : 10.10.20.4
Private net.
NetID: 10.10.20.0
Tunneling
Private net.
IP@ : 10.10.20.4
Internet
NetID: 10.10.20.0
118
A private network expended over several distant sites has to use very expensive leased lines. To reduce the cost, the infrastructure of Internet can be used while keeping the advantages of a private network (security, ). This concept is called Virtual Private Network. To achieve that a tunnel has to be created between the private networks.
Page 1.118
IP@ : 10.10.10.8
10.10.20.4
IP@ : 10.10.20.4
NetID: 10.10.10.0
Intranet 1
NetID: 10.10.20.0
Intranet 2
Internet
4
10.10.10.8 data
10.10.20.4
10.10.10.8
194.3.2.1
data
10.10.20.4
198.6.7.2
IP@ : 198.6.7.2
De-encapsulation
10.10.10.8 data
194.3.2.1
20.10.20.4
198.6.7.2
119
The solution consists of encapsulating the original IP packet into another IP packet. 1- the original IP packet using private IP addresses is sent to the border router. 2- the border router makes an IP packet using public IP addresses known by INET 3- the border router encapsulates in this packet the original IP packet as a data 4- Internet can convey the IP packet towards the border router of the remote Intranet because it examine the header and not the data. 5- the Intranet 2 access router examines the received IP packet and because the destination is its own address, it extracts the data. This data being an IP packet, it submits the destination IP address to its routing table. 6- the original IP packet can travel the Intranet up to the destination.
Page 1.119
www.icann.org
www.iana.org
5 IP protocol 5.1 IP Addressing IP address allocation Internet Corporation for Assigned Names and Numbers Internet Assigned Numbers Authority
Rseaux IP Europens
Network Coordination Centre
www.ripe.net
120
ICANN: Responsible for : IP address assignment, protocol parameter assignment, Domain Name System management ICANN replaces IANA which was an US organisation. The network number portion of the IP address is administered by one of three Regional Internet Registries (RIR): American Registry for Internet Numbers (ARIN): This registry is responsible for the administration and registration of Internet Protocol (IP) numbers for North America, South America, the Caribbean and subSaharan Africa. Rseaux IP Europens (RIPE): This registry is responsible for the administration and registration of Internet Protocol (IP) numbers for Europe, Middle East, parts of Africa. Asia Pacific Network Information Centre (APNIC): This registry is responsible for the administration and registration of Internet Protocol (IP) numbers within the Asia Pacific region.
Page 1.120
ARIN
RIPE NCC
APNIC
121
Page 1.121
class A
0
1-Number of networks :
With 7 bits for Net Id, what is the maximum number of 128 combinaisons ? 127 (loopback) What are the reserved Net Id? 126 1.0.0.0
to
Net Id (7bits)
With 24 bits for Host Id, what is the maximum number of 16 777 216 combinations ? 0 .255.255.255 What are the reserved Host Id?
3-Number of hosts :
126.0.0.0
16 777 214 4-Host number from : to n.0.0.1 n.255.255.254 Private addresses of the class A : 10.0.0.0 (1 class)
Class A addresses: These addresses use 7 bits for the <network> and 24 bits for the <host> portion of the IP address. This allows for 2 7 -2 (126) networks each with 2 24 -2 (16777214) hosts; a total of over 2 billion addresses.
122
Page 1.122
de 240.0.0.0 to 247.255.255.255
123
Class D addresses: These addresses are reserved for multicasting (a sort of broadcasting, but in a limited area, and only to hosts using the same class D address).
Page 1.123
5 IP protocol 5.1 IP Addressing Multicast in IP protocol and MAC protocol RIP2 (Routing Protocol) IP
MAC
IP src IP dest 172.245.0.254 224.0.0.9
00:46:a5:e7:02:3c
MAC@src
Type 0800
MACU= 00.53.27.32.02.c8
IP@=172 .245.0.254
MACU= 00.18.55.92.a2.08
RIP2
RIP2
124
How Multicast addresses are assigned Multicast addresses are assigned by higher-layer protocols or applications. If an application needs the ability to communicate with a group of devices running an identical ( or cooperating) application, it can assign a multicast address for that purpose. Some well-known examples include: - The RIPv2 uses a MAC multicast address : 01-00-5E-00-00-09 - The Open Shortest-Path-First routing protocol (OSPF) uses a MAC multicast address (01-00-5E- 00-0005 and 01-00-5E-00-00-06 ). Of course, if the designer wants the application to interoperate with implementations built by others, then any such address selection must be made public knowledge. In the case of the Spanning Tree Protocol done through the publication of the IEEE 802.1D standard. It is also possible to have a multicast address assigned dynamically at the time an application is invoked. There are multicasting applications that a only sporadically and whose logical grouping changes with each inv good example would be a network video conferencing application. We would like to be able to use multicast techniques to distribute voice and video among a group of conference members (all of whom are running the cooperating conference application), but the parties involved will surely change from conference-to-conference. There is no easy way to pre-ordain the multicast be used by any arbitrary group of conference attendees, nor do use a single multicast address for all possible conferences. One solution is conference server, which can, upon request from the conference application, create the conference, connect all of the parties, and assign a unique multicast address for this particular conference from a pool of addresses available to the conference application. When the conference is over, the address can go back into the pool. The pool range would likely be assigned by the design conference application, but the particular multicast address used for conference would be dynamically assigned at the time the application is invoked. Thus, multicast groups define a logical grouping of devices on an application basis, not on a physical basis.
Page 1.124
01
00
5E
125
Multicast : Like broadcast at IP level leads to a broadcast at the Ethernet level, a multicast at the IP level leads to a multicast at the Ethernet level. This is achieved by a copy of 23 less significant bits of the IP multicast address into the 23 bits of the MAC address. The most significant bits taking the hexadecimal value 01:00:5E Some IP multicast @ : 224.0.0.5 OSPFIGP OSPFIGP All Routers 224.0.0.6 OSPFIGP OSPFIGP Designated Routers 224.0.0.7 ST Routers 224.0.0.8 ST Hosts 224.0.0.9 RIP2 Routers 224.0.0.10 IGRP Router 224.0.0.11 Mobile-Agents 224.0.0.12-224.0.0.255 Unassigned 224.0.1.10 IETF-1-LOW-AUDIO 224.0.1.11 IETF-1-AUDIO 224.0.1.12 IETF-1-VIDEO 224.0.1.13 IETF-2-LOW-AUDIO 224.0.1.14 IETF-2-AUDIO 224.0.1.15 IETF-2-VIDEO 224.0.1.16 MUSIC-SERVICE
Page 1.125
class _ B _ _ _ _
Net Id
131.108 . . .0.0 .
. . . .
. . . .
. . . .
126
Page 1.126
ARP cache IP @ MAC @ 1.0.0.2 405060 ?????? 7 3 1.0.0.254 908070 IP@: 1.0.0.1 MAC@: 102030
ARP Request IP @ : 1.0.0.254
Default gateway:
Data FCS MAC@ MAC@ Type @IPsrc: 1.0.0.1 dest. src. 0800 908070 102030 (IP) @IPdest : 2.0.0.2 6 ARP Response MAC@ : 908070
The transmission of an IP packet to a host located in another network cannot only use the ARP procedure because the ARP request is a broadcast frame which does not go through any router. The only way to reach the destination is via one or more IP gateways. (Note that in TCP/IP terminology, the terms gateway and router are used interchangeably. If the destination IP@ is out of the sender network, the sender has to forward the IP packet to a router. Normally, any host should know the IP@ of a router on its network (default gateway). 1- A packet has to be transmitted to a host out of the local network. That is the role of the sender to determine if the destination IP@ is in or out of the local network. 2- If the destination IP@ is out, first it must transmit the IP packet to a router. It knows the IP@ of at least one router (configuration parameter of the host). 3- If the host does not know the MAC@ corresponding to the IP@ of the router, 4, 5, 6- It carries out an ARP procedure 7- To update its ARP cache memory. 8- Now, it is capable of transmitting the IP packet encapsulated into an Ethernet frame leading to the router. 9- Then, the router will consult its routing table to know on which outgoing interface it has to forward this IP packet and what is the next router leading to the destination. The process (3-8) is carried out between this router and the next one and so on up to the final destination.
Page 1.127
6 4
8 2
3 1
Page 1.128
5 IP protocol 5.1 IP Addressing is destination IP@ in or out of the LAN ? (1) Default gateway :128.5.15.5 2 Host IP@: 128.5.4.1
1 Host configuration
class B 3
Same = network
5
ARP cache
MAC @:908070
MAC@ src. Type Data @IPsrc: 128.5.4.1 F @Ipdest: 128.5.26.2 C
S
IP@: 128.5.26.2
MAC@ dest.
MAC@: 405060
IP@: 128.5.15.5
129
If the destination host is attached to the same physical network as the source host, IP datagrams can be directly exchanged. This is done by encapsulating the IP datagram in the physical network frame. This is called direct delivery and is referred to as direct routing. How to determine if a destination IP@ is in or out the local network? The transmitter compares the NetID of its IP@ with the NetID of the destination IP@. The transmitter can know the border between NetID and HostID by examining the IP@ class of its own address. In this picture, the destination IP@ is located on the same network than the transmitter.
Page 1.129
5 IP protocol 5.1 IP Addressing is destination IP@ in or out of the LAN ? (2) Default gateway :128.5.15.5 2 Host IP@: 128.5.4.1
5 1 Host configuration 6
class B 3
Other network
ARP cache
MAC @:908070
IP@: 128.5.26.2
MAC@ dest.
0800
F C S
Indirect routing occurs when the destination host is not connected to a network directly attached to the source host. The only way to reach the destination is via one or more IP gateways. (Note that in TCP/IP terminology, the terms gateway and router are used interchangeably. This describes a system that performs the duties of a router.) In this picture, the destination IP@ is located out of the transmitter network. So, the IP packet will be sent towards the default gateway. Router Interconnects networks at the internetwork layer level and routes packets between them. The router must understand the addressing structure associated with the networking protocols it supports and take decisions on whether, or how, to forward packets. Routers are able to select the best transmission paths and optimal packet sizes. The basic routing function is implemented in the IP protocol of the TCP/IP protocol stack, so any host or workhost running TCP/IP over more than one interface could, in theory and also with most of today's TCP/IP implementations, forward IP datagrams. However, dedicated routers provide much more sophisticated routing than the minimum functions implemented by IP. Because IP provides this basic routing function, the term "IP router," is often used. ther, older terms for router are "IP gateway," "Internet gateway," and "gateway." The term gateway isnow normally used for connections at a higher layer than the internetwork layer. A router is said to be visible to IP. That is, when a host sends an IP datagram to another host on a network connected by a router, it sends the datagram to the router so that it can forward it to the target host.
Page 1.130
Internet
128.5.4.2 128.5.4.1 128.5.8.1
S/Net 128.5.4.0
128.5.4.4
128.5.8.3
S/Net 128.5.8.0
Network 128.5.0.0
128.5.8.5
128.5.8.2
128.5.8.4
131
Subnetting: Due to the explosive growth of the Internet, the principle of assigned IP addresses became too inflexible to allow easy changes to local network configurations. Those changes might occur when: A new type of physical network is installed at a location. Growth of the number of hosts requires splitting the local network into two or more separate networks. Growing distances require splitting a network into smaller networks, with gateways between them. To avoid having to request additional IP network addresses, the concept of IP subnetting was introduced in 1984. The assignment of subnets is done locally. The entire network still appears as one IP network to the outside world. The host number part of the IP address is subdivided into a second network number and a host number. This second network is termed a subnetwork or subnet. The main network now consists of a number of subnets.
Page 1.131
Net Id .
128
0 0 0 0 0 1 0 1
0 0 0 0 0 0 0
Host Id (16bits)
0 0 0 0 0 0 0
128
Net Id (14bits)
254 sub-nets
8 bits Sub-Net Id
8 bits Host Id
128
0 0 0 0 0 1 0 1
0 0 0 0 0 1 0 0
0 0 0 0 0 1 0 1
Net ID
Host ID
132
The division of the local part of the IP address into a subnet number and host number is chosen by the local administrator. Any bits in the local portion can be used to form the subnet The subnets all bits 0 and all bits A are not valid.
Page 1.132
ARP cache
PC configuration
class B
fff..fff
Mac@: IP@:
IP@:128.5.4.3 Mac@:102030 MAC@ Type ARP Request src. 0806 IPdest : 128.5.8.4 102030 (ARP) MAC@ : ??????
F C S
304050 128.5.4.1
IP@: 128.5.8.1
How a host can know the border between NetID and HostID? 1- For a destination IP@, if the host take in account only the address class to know whether the destination is in or out its network, 2- thus, it believes that the host destination is in its local network 3- It consults its ARP cache memory 4- because the cache memory does not know the MAC@ corresponding the destination IP@, it carries out an ARP procedure 5- The ARP request will stay without any response because it is not forwarded to the other network (a broadcast does not go through a router.
Page 1.133
The Subnet Mask indicates the length of the network address part
@IPsrc: 128.5.4.3 1 @IPdest : 128.5.8.4 Yes IP dest. 2 within local net ? No Default gateway =@IP: 128.5.4.1
IP @ : 128.5.8.4
Other network
IP level
Routeur
MAC@:708090 IP@:128.5.4.5
134
The border between HostID and NetID being now variable a new concept has been addedto the IP@: NETMASK
Page 1.134
IP@src :
138
17
5
0 0 0 0 0 1 0 1
1 0 0 0 1 0 1 0 0 0 0 0 0 1 0 1 0 0 0 1 0 0 0 1
IP@dest :
138
19
37
1 0 0 0 1 0 1 0 0 0 0 0 0 1 0 1 0 0 0 1 0 0 1 1 0 0 1 0 0 1 0 1 24 23 22 21 20
Net Id : Mask :
138 255
. .
5 255
1 1 1 1 1 1 1 1
. .
16 252
0 0
135
1 1 1 1 1 1 1 1
1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0
Now, in addition to the IP@, a Net mask is provided to any host This mask will be applied on both source IP@ and destination IP@ in order to compare the NETID of these 2 addresses and determine if they are located on the same network. The division of the local part of the IP address into a subnet number and host number is chosen by the local administrator. Any bits in the local portion can be used to form the subnet. The division is done using a 32-bit subnet mask. Bits with a value of zero bits in the subnet mask indicate positions ascribed to the host number. Bits with a value of one indicate positions ascribed to the subnet number. When assigning the subnet part of the local address, the objective is to assign a number of bits to the subnet number and the remainder to the local address. Therefore, it is normal to use a contiguous block of bits at the beginning of the local address part for the subnet number.
Page 1.135
19 252
37 0
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0
136
Page 1.136
ARP cache
Default gateway :128.5.4.1 Host IP@: 128. 5 . 4 .3 1 Subnet Mask: 255.255.255.0 2 IP@ dest: 128. 5 . 8 .4
3
PC configuration
304050
Mac@: IP@:
MAC@ dest.
IP@:128.5.4.3 Mac@:102030 MAC@ Type IP Packet src. 0800 IPdest : 128.5.8.4 102030 (IP) IPsrc : 128.5.4.3
F C S
304050 128.5.4.1
IP@: 128.5.8.1
IP@ in or out the sub-network : 1- Thanks to netmask, the sender can know where is the border between NetID and HostID. . 2- Because the sender determined that the destination IP@ is out of the local network, it uses the default gateway parameter to get the next hop 3- in this example, the cache memory already knows the MAC@ of the router (otherwise it should achieve an ARP procedure) 4- The IP packet is encapsulated in an Ethernet frame pointing to the MAC@ of the router which is the next hop.
Page 1.137
1- the Subnet Mask expressed in dotted decimal 2- the Net ID expressed in dotted decimal @IP
145.78.185.18 .
Subnet Mask
. .
Net Id
. .
138
Page 1.138
@ IP :
1 0 0 1 0 0 0 1
145
0 1 0 0 1 1 1 0
78
1 0 1 1 1 0 0 1
185
0 0 0 1 0 0 1 0
18
Net ID :
1 0 0 1 0 0 0 1 0 1 0 0 1 1 1 0 1 0 1 1 1 0 0 1
145
78
(128 + 32)
160
0 0 0 1 0 0 1 0
Subnet Mask :
class B network
Sub-net
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0
255
255
224
139
Page 1.139
Sub-net Mask
255.255.255.128 255.255.255.128 . . . . . .
Net Id
. . . . . . . . . . . .
140
Page 1.140
5 IP protocol 5.1 IP Addressing Net broadcast and Subnet broadcast Mask - Exercise (4)
Internet
145.78. 185.18
Network 145.78.0.0/16
Attempt to fill in :
Network Broadcast
Net mask
255.255.224.0
Sub-net Broadcast
Page 1.141
1 0 0 1 0 0 0 1
145
0 1 0 0 1 1 1 0
78
1 0 1 1 1 0 0 1
185
0 0 0 1 0 0 1 0
18
Class B
1 0 0 1 0 0 0 1
145
0 1 0 0 1 1 1 0
78
11 01 1 11 1 1 0 1 0 1 1 0 10 1 11 0 0 1 1 0 1 11 1 10
Host Id
255
255
1 0 0 1 0 0 0 1
Net Id
145
0 1 0 0 1 1 1 0
78
1 0 1 1 1 11 01 01 11
Host Id
191
0 11 01 1 0 1 01 1 10 10 1
255
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0
255
255
224
142
Page 1.142
5 IP protocol 5.1 IP Addressing Net broadcast and Subnet broadcast Mask - Exercise (5)
Network Broadcast
. . . . . . . . . . . .
Net mask
255.255.255.128 255.255.255.128 255.255.255.0 255.255.255.248
Sub-net Broadcast
. . . . . . . . . . . .
143
Page 1.143
Department a
50 hosts
Department b
50 hosts
Department c
50 hosts
Department d
50 hosts
144
Page 1.144
5 IP protocol 5.1 IP Addressing Static subnetting - Exercise 7 (continued) 5- Fill in this diagram NetID Netmask ? NetID 1 ? NetID 2 ? NetID 3 ? NetID 4 ? 164 ___ ___ ___ ___ ___ . . . . . . 213 ___ ___ ___ ___ ___
NetID 1 : NetID 2 : NetID 3 : NetID 4 : . . . .
. . . . . .
. . . . . . . .
. . . .
145
Page 1.145
http://support.3com.com/software/utilities_for_windows_32_bit.htm
Freeware : 3CIPCalc Enter an IP address
Bits in mask or, subnet mask or, number of subnets or, hosts per subnets.
146
Page 1.146
Host Id being on 8 bits, theoretically, the max number of hosts is 254. 164.213.32.0/24 In this network, 210 hosts will be connected. Answer the questions: 1- Five subnets have to be created. How many bits are _ required for Subnet ID?. 3 2- How many bits remain for _ 5 HostID? .. 3- What will be the maximum __ number of hosts /Subnet ? .30 ______________ Subnetting 4- What is the problem ? .Static
Static subnetting
50 hosts
Department b
50 hosts
Department c
50 hosts
Department d
30 hosts
Department e
30 hosts
147
Static subnetting implies that all subnets obtained from the same network use the same subnet mask. While this is simple to implement and easy to maintain, it may waste address space in small networks. In this example : either 4 subnets with a maximum of 62 hosts or 8 subnets with a maximum of 30 hosts
Page 1.147
164
Mask
1 1 1 1 1 1 1 1
1 1 0 1 0 1 0 1
213
1 1 1 1 1 1 1 1
0 0 1 0 0 0 0 0
32
SubnetID
Mask
1 0 1 0 0 1 0 0 255
164
1 1 1 1 1 1 1 1
1 1 0 1 0 1 0 1
213
255
1 1 1 1 1 1 1 1
1 1 1 1 1 1 1 1
0 0 1 0 0 0 0 0
32
255
0 0 1 1 0 0 0 0 0 0
62 hosts
Mask
1 1 1 1 1 1 1 1
255
1 0 1 0 0 1 0 0
164
1 1 1 1 1 1 1 1
1 1 0 1 0 1 0 1
213
255
1 1 1 1 1 1 1 1
Mask
1 0 1 0 0 1 0 0 1 1 0 1 0 1 0 1 255
0 0 1 0 0 0 0 0 1 1 0 1 1 1 1 1 11 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0
164
213
255
1 1 1 1 1 1 1 1
0 0 1 0 0 0 0 0
32
255
0 1 1 1 0 0 0 0 0 0 1 0 1 1 0 0 0 0 0 0
64
192
62 hosts 62 hosts
128
192
32
255
192 224
192
30 hosts 30 hosts
Mask
1 0 1 0 0 1 0 0 1 1 0 1 0 1 0 1 255 255
0 0 1 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 255 224
148
164
213
255
32
255
224
VLSM When variable length subnetting is used, allocated subnets within the same network can use different subnet masks. A small subnet with only a few hosts can use a mask that accommodates this need. A subnet with many hosts requires a different subnet mask. The ability to assign subnet masks according to the needs of the individual subnets helps conserve network addresses. Variable length subnetting divides the network so that each subnet contains sufficient addresses to support the required number of hosts.
Page 1.148
149
Page 1.149
192.192.100.0/24 R1
192.192.1.1
192.192.1.0/24
1SDN
192.192.1.2
R2
192.192.200.0/24
An IP address to each end of the serial link Two IP addresses used in the class C sub-net 192.192.1.0 252 unusable IP addresses
150
If a complete class C is assigned to a network made of a serial link, many host IP@ will be wasted
Page 1.150
R1
192.192.1.1
192.192.1.0/30
ISDN
R2
This network needs 2 IP@ Question : How many bits for Host Id are requested to get 2 IP@ ?
NetID HostID are invalid
192.192.1.2
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 1 1 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0
151
192
192
Net ID
192
192
Page 1.151
152
Page 1.152
5 IP protocol
1.153
Page 1.153
.1 204.92.77.0 204.92.77.0
e1
e2
.2
e1
R2
R1
e0
.1 192.168.201.0 192.168.201.0
Network
Mask
Next hop
204.92.76.1
e1 e0 e1
If
154
An important function of the IP protocol is IP routing. This provides the basic mechanism for routers to interconnect different physical networks. The router only has information about various kinds of destinations: networks that are directly attached to one of the physical networks to which the router is attached. Hosts or networks for which the router has been given explicit definitions.
Page 1.154
.1 204.92.77.0/24 204.92.77.0/24
e1
e2
.2
e1
R2
R1
e0
.1 192.168.201.0/24 192.168.201.0/24
Network
Mask
Next hop
204.92.76.1
e1 e0 e1
If
Next hop If
155
Page 1.155
.1 204.92.77.0/24 204.92.77.0/24
e1
e2
.2
e1
R2
R1
e0
.1 192.168.201.0/24 192.168.201.0/24
Network
Answer
255.255.255.0 204.92.76.0 204.92.77.0 255.255.255.0 255.255.255.0 204.92.75.0 192.168.201.0 255.255.255.0 204.92.76.2
Mask
Next hop
204.92.76.1
e1 e0 e1
If
Network
Mask
Next hop If
e0 e1 e2 e0
156
Page 1.156
.3
1
204.92.75.0 204.92.75.0 .2
e0
.1 204.92.77.0 204.92.77.0
e1
e2
.1
4
.1 192.168.201.0 192.168.201.0
R2
R1
Network
Mask
Next hop If
Network
Mask
Next hop
204.92.76.1
e1 e0 e1
If
e0 e1 e2 e0
Page 1.157
.1
e1
e2
R1
e0
.1 204.92.76.0
.2
R2
e1
.2
e2
e0
.1
255.255.255.0 204.92.76.0 192.168.201.0 255.255.255.0 204.92.77.0 255.255.255.0 204.92.76.1 204.92.77.0 255.255.255.0 204.92.75.0 255.255.255.0 204.92.76.1 204.92.75.0 255.255.255.0 204.92.77.1
Network
Mask
Next hop
e1 e0 e1 e2 e1 e2
If metric
0 0 1 0 1 1
158
The metrics provide indication about cost of a route to a destination. Metrics are based on : the number of hops, the bandwidth, the delay, ...
Page 1.158
Application Transport
Host IP@a
IP Network
IP@ sadb Phys@ 2 Phys@ Phys@ 8 6 Phys@ s8d7 IP@ sadb Phys@ 7
Application
Host
Host
Phys @ 9
Phys @ 12
Host
159
Application layer The application layer is provided by the program that uses TCP/IP for communication. An application is a user process cooperating with another process usually on a different host Transport layer The transport layer provides the end-to-end data transfer by delivering data from an application to its remote peer. Multiple applications can be supported simultaneously. Internetwork layer Internet Protocol (IP) is the most important protocol in this layer. It is a connectionless protocol that doesn't assume reliability from lower layers. IP does not provide reliability, flow control, or error recovery. These functions must be provided at a higher level. Network interface layer The network interface layer, also called the link layer or the data-link layer, is the interface to the actual network hardware. Router Interconnects networks at the internetwork layer level and routes packets between them.
Page 1.159
5 IP protocol
1.160
Page 1.160
Type Of Service
Datagram length
161
The unit of transfer in an IP network is called an IP datagram. It consists of an IP header and data relevant to higher level protocols. The maximum length of an IP datagram is 65,535 bytes. All IP hosts must support 576 bytes datagrams without fragmentation. The size of the IP header is between 20 bytes 60 bytes.
Page 1.161
4 = IPv4 6 = IPv6
TTL
Identification
Type Of Service
Flag
Datagram length
Datagram Offset
162
Version The field contains the IP protocol version. The current version is 4. 5 is an experimental version. 6 is the version for IPv6
Page 1.162
Type Of Service
Datagram length
Datagram Offset
Checksum
Page 1.163
TTL
Identification
Flag
Datagram length
Datagram Offset
Page 1.164
5 IP protocol 5.3 IP header Type of Service Informs crossed networks about the desired Quality of Service
byte byte byte byte
Version
Header length
Type Of Service
Flag
Datagram length
Datagram Offset
Checksum
Bits
Precedence
RFC 791
Cost 6
Page 1.165
Bits
Indicates the priority of the datagram: 000 : Routine 001 : Priority 010 : Immediate 011 : Flash 100 : Flash override 101 : not used 110 : Inter-network control 111 : Network control
166
Precedence: is intended to denote the importance or priority of the datagram. This field specifies the nature and priority of the datagram: 000: Routine 001: Priority 010: Immediate 011: Flash 100: Flash override 101: Critical 110: Internetwork control 111: Network control
Page 1.166
Congestion
IP network
167
Page 1.167
Bits
Delay 3
Through put
Reliability
Cost 6
0= normal 1= low
0= normal 1= high
168
- TOS: Specifies the type of service value: 1000: Minimize delay 0100: Maximize throughput 0010: Maximize reliability 0001: Minimize monetary cost 0000: Normal service
Page 1.168
Minimise Maximise Maximise Minimise the delay the throughput the reliability the cost
1 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 1 0 1 1 0 1 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
169
DNS UDP dns request TCP dns request zone transfer ICMP Error request IGP SNMP BOOTP NNTP
Page 1.169
TTL
Source IP address
Unused 6 7
170
Page 1.170
Input Classifier
AF1 BE
Output
Scheduler
Queue management
171
Classifier: Packets which have to be classified according to the traffic class (conversational, streaming, interactive, background). Traffic conditioning: includes mechanisms for: traffic metering (verification of the traffic contract) Dropper (discarding packets) Queue management : allows to prevent congestion Scheduler : assign a specific rate to each class
Page 1.171
TTL
Source IP address
TTL=61
5 TTL=60
TTL=32
TTL=0 3
172
Time to Live: This field specifies the time (in seconds) the datagram is allowed to travel. Theoretically, each router processing this datagram is supposed to subtract its processing time from this field. In practise, a router processes the datagram in less than 1 second. Thus the router subtracts one from the value in this field. The TTL becomes a hop-count metric rather than a time metric. When the value reaches zero, it is assumed that this datagram has been travelling in a closed loop and is discarded. The initial value should be set by the higher level protocol that creates the datagram.
Page 1.172
Data
TCP 17
Flag Datagram length Checksum Datagram Offset
UDP
Protocol
Source IP address
MAC
@MAC dest.
@MAC src.
Data
FCS
173
Protocol Number: This field indicates the higher level protocol to which IP should deliver the data in this datagram. These include: - 0: Reserved - 1: Internet Control Message Protocol (ICMP) - 2: Internet Group Management Protocol (IGMP) - 3: Gateway-to-Gateway Protocol (GGP) - 4: IP (IP encapsulation) - 5: Stream - 6: Transmission Control Protocol (TCP) - 8: Exterior Gateway Protocol (EGP) - 9: Private Interior Routing Protocol - 17: User Datagram Protocol (UDP) - 41: IP Version 6 (IPv6) - 50: Encap Security Payload for IPv6 (ESP) - 51: Authentication Header for IPv6 (AH) - 89: Open Shortest Path First
Page 1.173
0 DF MF
1 2
TTL
Flag
Datagram Offset
Destination IP address Options 4 400 bytes (DF=0, MF=0) MF=0 3 500 bytes (DF=0, MF=1) MF=1 2 500 bytes (DF=0, MF=1) MF=1
Source IP address
MTU: 1500
1 1400 bytes(DF=1 DF=1) 2
MTU: 500
174
Flags : DF (Do not Fragment): 0 means allow fragmentation; 1 means do not allow fragmentation. MF (More Fragments): 0 means that this is the last fragment of the datagram; 1 means that additional fragments will follow.
Page 1.174
TTL
Identification
Protocol
1400 bytes ID=6700 (DF=0, MF=0) MF=0 4 400 bytes ID=6700 (DF=0, MF=0) MF=0
MTU: 1500
5 300 bytes ID=6701 (DF=0, MF=0) MF=0 3 500 bytes ID=6700 (DF=0, MF=1) MF=1
MTU: 500
175
Identification : A unique number assigned by the sender to aid in reassembling a fragmented datagram. Each fragment of a datagram has the same identification number.
Page 1.175
Type Of Service
Datagram length
Datagram Offset
Checksum
176
Fragment Offset: This is used to aid the reassembly of the full datagram. The value in this field contains the number of 64-bit segments (8 bytes) contained in earlier fragments. Header bytes are not counted. If this is the first (or only) fragment, this field contains a value of zero.
Page 1.176
MTU: 800
Frag.1 Frag.2
Frag.1
Frag.1
.3 ag Fr
Frag. 1
Offset= 0
.2 ag Fr
Offset= 0
Frag. 2
Offset= 200 x 8 =1600
0 800 1600
data
Frag. 3
177
Page 1.177
20 oct
20 oct
4 5 0 1020 1234 001 125 11 6 xxxx source address dest address. 1000 bytes 45 0 39 1234 000 250 11 6 xxxx source address dest address. 19 bytes
20 oct
20 oct
Optional exercise: What will be the value of the various fields if the next MTU is 512.
178
The following steps are performed to fragment the datagram: The DF flag bit is checked to see if fragmentation is allowed. If the bit is set, the datagram will be discarded and an ICMP error returned to the originator. Based on the MTU value, the data field is split into two or more parts. All newly created data portions must have a length that is a multiple of 8 bytes, with the exception of the last data portion. Each data portion is placed in an IP datagram. The headers of these datagrams are minor modifications of the original: - The more fragments flag bit is set in all fragments except the last. - The fragment offset field in each is set to the location this data portion occupied in the original datagram, relative to the beginning of the original unfragmented datagram. The offset is measured in 8-byte units. - If options were included in the original datagram, the high order bit of the option type byte determines if this information is copied to all fragment datagrams or only the first datagram. For example, source route options are copied in all fragments. - The header length field of the new datagram is set. - The total length field of the new datagram is set. - The header checksum field is re-calculated. Each of these fragmented datagrams is now forwarded as a normal IP datagram. IP handles each fragment independently. The fragments can traverse different routers to the intended destination. They can be subject to further fragmentation if they pass through networks specifying a smaller MTU.At the destination host, the data is reassembled into the original datagram. The identification field set by the sending host is used together with the source and destination IP addresses in the datagram. Fragmentation does not alter this field. In order to reassemble the fragments, the receiving host allocates a storage buffer when the first fragment arrives. The host also starts a timer. When subsequent fragments of the datagram arrive, the data is copied into the buffer storage at the location indicated by the fragment offset field. When all fragments have arrived, the complete original unfragmented datagram is restored. Processing continues as for unfragmented datagrams.
Page 1.178
Type Of Service
Datagram length
Checksum
Datagram Offset
179
Header Checksum: This field is a checksum for the information contained in the header. If the header checksum does not match the contents, the datagram is discarded.
Page 1.179
Type Of Service
Datagram length
Datagram Offset
Checksum
180
Source IP Address: The 32-bit IP address of the host sending this datagram.
Destination IP Address: The 32-bit IP address of the destination host for this datagram.
Page 1.180
TTL
Identification
Type Of Service
Flag
Datagram length
Datagram Offset
Padding
181
IP datagram routing options The IP datagram Options field provides two methods for the originator of an IP datagram to explicitly provide routing information. It also provides a method for an IP datagram to determine the route that it travels. Loose source routing also called the loose source and record route (LSRR) option, provides a means for the source of an IP datagram to supply explicit routing information. Strict source routing also called the strict source and record route (SSRR) option, uses the same principle as loose source routing except the intermediate router must send the datagram to the next IP address in the source route via a directly connected network. Record route This option provides a means to record the route traversed by an IP datagram. Internet timestamp A timestamp is an option forcing some (or all) of the routers along the route to the destination to put a timestamp in the option data.
Page 1.181
IP protocol
Ver. Head leng. Type serv. Total Leng Identif Flag
20 bytes
0 length40
CRC
IP @ source
IP @ dest.
Options
Data
MAC protocol
Eth V2 frame
Type 0800
2
IP datagram
FCS
4
0800 = IP
182
Page 1.182
5 IP protocol Synthesis
no reliability,
no error recovery
Best effort
connectionless-oriented
183
Page 1.183
1-What is the encapsulated protocol in this IP packet? 2-What is the byte representing this protocol in the hexadecimal trace ?
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Eth v2 [0000:000D] 0000:0005 Destination Address: FFFFFFFFFFFF (Broadcast) 0006:000B Source Address: 00809F2132A9 (Alcatel2132A9) 000C:000D Ethernet Type: DOD Internet Protocol (IP) IP [000E:0021] 000E:000E Version: 4; Header Length: 20 000F:000F TOS, Precedence: Routine; Delay:Normal;Throughput:Normal; Reliability:Normal 0010:0011 Packet Length: 328 0012:0013 Identification: 0x0000 0014:0014 DF: May Fragment; MF: Last Fragment 0014:0015 Fragment Offset: 0 0016:0016 Time to Live: 15 0017:0017 Transport: User Datagram 0018:0019 Header Checksum: 0xAAA6 (correct) 001A:001D Source Address: 0.0.0.0 001E:0021 Destination Address: 255.255.255.255
184
Page 1.184
Hex. Data 01 00 5E 00 00 34 00 00 00 09 02 08 00 00 0A 0A 00 01
Ethernet Frame
00 00 02 00 09 00 08 00 00 02 00 FF 10 11 20 FF 7B CD 05 00 81 DD 73 00 9E 0A 02 00 9A 0E 02 00 08 00 00 00 00 05 00 00 45 E0 00 00 C0 00 02 00
1- Look for the destination IP @ and indicate which class is it 2- Look for the destination MAC @ and explain its value
185
Page 1.185
5 IP protocol Evaluation
186
Page 1.186
1 2 3 4 5 6 7 8 9
Introduction Physical and link layers ARP protocol Repeaters, Bridges and Switches IP protocol ICMP protocol Client-Server model UDP protocol TCP protocol
1.187
Page 1.187
IP ARP
FDDI
Ethernet V2
Physical
Fibre optique
10 Base 2
10 Base 5
188
ICMP uses IP as if ICMP were a higher level protocol (that is, ICMP messages are encapsulated in IP datagrams). However, ICMP is an integral part of IP and must be implemented by every IP module. ICMP messages are described in RFC 792 and RFC 950, belong to STD 5 and are mandatory.
Page 1.188
IP @ : Y Router IP @ : M
2 ICMP message
189
When a router or a destination host must inform the source host about errors in datagram processing, it uses the Internet Control Message Protocol ICMP is used to report errors, not to make IP reliable. Datagrams may still be undelivered without any report on their loss. Reliability must be implemented by the higher-level protocols using IP services. ICMP cannot be used to report errors with ICMP messages. This avoids infinite repetitions.ICMP responses are sent in response to ICMP query messages (ICMP types 0, 8, 9, 10 and 13 through 18). ICMP messages are never sent in response to datagrams with a broadcast or a multicast destination address. ICMP is also used to perform tests (see ping, traceroute).
Page 1.189
6 ICMP protocol Format of the ICMP message ICMP message Type Code
1 1
CRC
2
Parameters
4
Data
Protocol= 1 (ICMP)
Header
20 bytes
IP
Eth V2 frame
Type 0800
2
Datagram IP
Type=0800 (IP)
FCS
4
190
Page 1.190
Code
0: Response 0: network unreachable 1: host unreachable 2: Protocol unreachable 3: Port unreachable 4: fragmentation needed but dont frag=0 5: Source route failed 6: Unknown destination network 7: Unknown destination host 8: (obsolete) 9: destination network administratively forbidden 10: destination host administratively forbidden 11: network unreachable for this TOS 12: host unreachable for this TOS 13: Communication forbidden (filter) 14: Violation of the precedence 15: precedence 0: Source Quench 0: 1: 2: 3: Redirection for a network Redirection for a host Redirection for a service and a network Redirection for service and a host
8: Echo
Type
0: Request 0: 0:
Code
9: Router Advertisement 10: Router solicitation 11: Time to live 12: parameter error 13: Timestamp Request 14: Timestamp response 15: Information request 16: Information Response 17: Netmask request 18: Netmask response
3:unreachable destination
4: flow control
5:Redirection
191
Page 1.191
Type Code 12 0 or 1
CRC
192
Parameter Problem (12) This message indicates that a problem was encountered during processing of the IP header parameters. The pointer field indicates the byte in the original IP datagram where the problem was encountered. The ICMP header code field may have the one of the following values: 0: unspecified error 1: required option missing
Page 1.192
Network
Type =3 (unreachable destination) Code= 3 (non valid Port) non active Application non implemented
If this message is received from an intermediate router, it means that the router regards the destination IP address as unreachable. If this message is received from the destination host, it means that either the protocol specified in the protocol number field of the original datagram is not active or the specified port is inactive.
Page 1.193
Type Code 4 3
CRC
MTU=1500
3
MTU=256 MTU=512
Page 1.194
Type Code 4 3
CRC
ICMP Message 0
2
6 ICMP protocol MTU discovery (option rfc 1191) Data IP header+ 64 first bits
MT U= 5 12
fragmentation needed
2
MT U =1536
4 1 0 2 = U M T
MT U =1536
2 4 = 1 0 U M T 6
MT U= 5 12
Page 1.195
Type Code 0 11
CRC
Parameters 0
ICMP Message
4
6 ICMP protocol Time overflow (overflow TTL) Data IP header + 64 first bits
ICMP
196
Time Exceeded (11) If this message is received from an intermediate router, it means that the time to live field of an IP datagram has expired. If this message is received from the destination host, it means that the IP fragment reassembly time to live timer has expired while the host is waiting for a fragment of the datagram. The ICMP header code field may have the one of the following values: 0: transit TTL exceeded 1: reassembly TTL exceeded
Page 1.196
Type Code 1 11
CRC
Parameters 0
ICMP Message
4
6 ICMP protocol Time overflow (overflow time to reassemble) Data IP header + 64 first bits
MTU=512
Page 1.197
0: Network redirection 1: Host redirection 2: Network redirection for the requested service 3: Host redirection for the requested service R2
CRC
Parameters
@IP router
ICMP Message
4
Default gateway : R1
R1
198
Redirect (5) If this message is received from an intermediate router, it means that the host should send future datagrams for the network to the router whose IP address is specified in the ICMP message. This preferred router will always be on the same subnet as the host that sent the datagram and the router that returned the IP datagram. The router forwards the datagram to its next hop destination. This message will not be sent if the IP datagram contains a source route.
Page 1.198
2 6 140.252.13.34/32
140.252.1.183
140.252.1.4
UGHD
eth0
1 % ping 140.252.13.34
140.252. 1.92 140.252.1.32 140.252.1.11
7
140.252.13.66
140.252.1.183
4
140.252.1.4
Internet
Network 140.252.1
140.252.13.65
140.252.1.29 140.252.13.33
Network 140.252.13.32
140.252.13.35
140.252. 13.34
199
Redirect (5) Example
Page 1.199
Type Code 0 4
CRC
Parameters
0
Source Quench
200
Source Quench (4) If this message is received from an intermediate router, it means that the router did not have the buffer space needed to queue the datagram. If this message is received from the destination host, it means that the incoming datagrams are arriving too quickly to be processed. The ICMP header code field is always zero.
Page 1.200
Type Code 17 ou 18 0
CRC
ICMP message
Identification
2
Sequence number
Subnet
IP @ :A 1
Router
Router
Page 1.201
CRC
Identification
Sequence number
Origin time
CRC
Identification
Sequence number
Origin time
Page 1.202
Type 10
Code 0
Parameter
0
2
CRC
Advertisement
Code 0 Entry size (=2) Preference level (1) Preference level(2) Preference level (n) router address(n) router address(2) router address (1)
CRC TTL
203
Router Advertisement (9) and Router Solicitation (10) (RFC 1256) These two messages are used if a host or a router supports the router discovery protocol. Routers periodically advertise their IP addresses on those subnets where they are configured to do so. Advertisements are made on the all-systems multicast address (224.0.0.1) or the limited broadcast address (255.255.255.255). The default behavior is to send advertisements every 10 minutes with a TTL value of 1800 (30 minutes). Routers also reply to solicitation messages they receive. They may reply directly to the soliciting host, or they may wait a short random interval and reply with a multicast. Hosts may send solicitation messages. Solicitation messages are sent to the all-routers multicast address (224.0.0.2) or the limited broadcast address (255.255.255.255). Typically, three solicitation messages are sent at 3-second intervals. Alternatively a host may wait for periodic advertisements. Each time a host receives an advertisement with a higher preference value, it updates its default router. The host also sets the TTL timer for the new entry to match the value in the advertisement. When the host receives a new advertisement for its current default router, it resets the TTL value to that in the new advertisement. This process also provides a mechanism for routers to declare themselves unavailable. They send an advertisement with a TTL value of zero. number: The number of entries in the message.
entry length: The length of an entry in 32-bit units. This is 2 (32 bits for the IP address and 32 bits for the preference value). TTL: The number of seconds that an entry will be considered valid. router address: One of the sender's IP addresses. preference level: A signed 32-bit level indicating the preference to be assigned to this address when selecting a default router. Each router on a subnet is responsible for advertising its own preference level. Larger values imply higher preference; smaller values imply lower. The default is zero, which is in the middle of the possible range. A value of X'80000000 (-231) indicates the router should never be used as a default router.
Page 1.203
Type Code 0 ou 8 0
CRC
Sequence number
Data
0: Echo Response 8: Echo Request IP@A IP@B ICMP Echo Request 1 IP @ : A 2 @IPB @IPA ICMP Echo Response @IP: B
204
Echo (0) (8) is used to detect if another host is active on the network. It is used bythe Ping command.The sender initializes the identifier, sequence number, and data field. The datagram is then sent to the destination host. The recipient changes the type to Echo Reply and returns the datagram to the sender. PING (Packet Internet Groper ) Ping is the simplest of all TCP/IP applications. It sends IP datagrams to a specified destination host and measures the round trip time to receive a response. The word ping, which is used as a noun and a verb, is taken from the sonar operation to locate an underwater object. It is also an abbreviation for Packet InterNet Groper. Traditionally, if you could successfully ping a host, other applications such as Telnet or FTP could reach that host. With the advent of security measures on the Internet, particularly firewalls, which control access to networks by application protocol and/or port number, this is no longer necessarily true. Nonetheless, the first test of reachability for a host is still to attempt to ping it. Ping is useful for verifying an IP installation. The following variations of the command each require the operation of an different portion of an IP installation: ping loopback: Verifies the operation of the base TCP/IP software. ping my-IP-address: Verifies whether the physical network device can be addressed. ping a-remote-IP-address: Verifies whether the network can be accessed. ping a-remote-host-name: Verifies the operation of the name server (or the flat namespace resolver, depending on the installation).
Page 1.204
IP @ : A
IP@: x
IP @ :y
@IPA
@IPB TTL=3
@IPz
@IPA
@IPBTTL=4
@IPA
@IPB
@IPA
205
The Traceroute program is used to determine the route IP datagrams follow through the network. Traceroute is based upon ICMP and UDP. It sends an IP datagram with a TTL of 1 to the destination host. The first router decrements the TTL to 0, discards the datagram and returns an ICMP Time Exceeded message to the source. In this way, the first router in the path is identified. This process is repeated with successively larger TTL values to identify the exact series of routers in the path to the destination host. Traceroute sends UDP datagrams to the destination host. These datagrams reference a port number outside the standard range. When an ICMP Port Unreachable message is received, the source determines the destination host has been reached.
Page 1.205
cmd 3
2 1
> tracert <ip-addr> or > tracert isoc.org > ping <ip-addr> > ping icann.org
206
Page 1.206
i next
e r out e c a tr
P ing
Hacker
Ping allows the scan of IP addresses Destination unreachable allows to know who is unreachable and why. Traceroute allows to know the IP addresses of the routers
ICMP Redirects modifies the routing table of the hosts ( DoS attack). ICMP Source Quench request to reduce the throughput
207
ICMP can be used by hackers to know more about a network as well as to damage the correct operation of a network. That is why, usually, the firewalls connected to the border between Private network and Internet will discard any ICMP messages. Note : DoS attack- This name is given to this kind of attack because only Microsoft DoS (not Unix nor Linux) take in account the redirect ICMP message. http://www.sys-security.com/archive/papers/ICMP_Scanning_v1.0.pdf
Page 1.207
6 ICMP protocol Attacks against security with ICMP (2) ICMP allows to detect the type of Operating System :
3
DoS
A: Microsoft B: Unix
UNIX
B 2
Hacker
ICMP with type=echo and code 0 : is accepted by UNIX leads to a response with code=0 on Microsoft
Page 1.208
ping @IP:10.12.0.1
Given this interconnection diagram and the trace (next page) of messages made on the network 10.10.0.0 when a ping is sent from this PC : 1- Fill in this diagram (IP@ of various units)
Network 10.10.0.0/16
MAC@ :00.10.7b.81.9d.15 IP@ : . . . MAC@ :00.10.7b.81.9c.f9 IP@ : . . .
PC configuration
209
Given the following trace: 1- Draw the events 2 - on the diagram, - write down the IP @ of the host, - draw with arrows the exchanges.
Page 1.209
Frame 1
Frame 2
Frame 5
Frame 4
Frame 3
210
MAC @ :00.10.7b.81.9c.f9 IP @ :
Page 1.210
time
time
time
211
Page 1.211
Objective:
to be able to analyze an ICMP message and explain the operation of the Ping and Trace_route programs
212
Page 1.212
1 2 3 4 5 6 7 8 9
Introduction Physical and link layers ARP protocol Repeaters, Bridges and Switches IP protocol ICMP protocol Client-Server model UDP protocol TCP protocol
1.213
Page 1.213
tftp <server-IP@>
File
File
Page 1.214
Alcatel
Artois
SOMME NORD SEINEMARITIME
Picardie
OISE VAL D'OISE AISNE
ARDENNES
CALVADOS
Normandie
EURE
Haute-
Paris le de France
ESSONE SEINE-ETMARNE
MARNE
MOSELLE MEUSE
T T H E -E M E U R
BASRHIN
le
Normandie
ORNE
YVELINES
ChampagneArdenne
HAUTEMARNE
d'Oussant
MOSELLE
Quimper
Bretagne
MORBIHAN Lorient
Lorraine
VOSGES HAUTRHIN HAUTESANE BELFORT CTE-D'OR
Alsace
NCHE
AUBE LOIRET
YONNE
LOIREATLANTIQUE
Pays de la Loire
LOIRET-CHE R
FRANCE
CHER NIVRE
DOUBS
FrancheSANE-ETLOIRE JURA
Comt
R E S X -S V D E U
VIENNE
ALLIER
CHARENTEMARITIME
Charentes
CHARENTE
Poitou-
Rhne-Alpes
HAUTE SAVOIE
PUY-DE-DME
CORRZE
Auvergne
CANTAL HAUTELOIRE
Savoie
Grenoble
GIRONDE Bordeaux
DORDOGNE
Valence
ARDCHE
DRME
HAUTES-ALPES
Pyrnes
TARN
Midi-
Roussillon
GARD Nmes
LanguedocVAUCLUSE Avignon
GERS
-G A R O N N E
Bayonne PYRNESATLANTIQUES
P Y R N E S H A U T E S -
Toulouse HRAULT
Montpellier
BOUCHESDU-RHNE
Provence-Cte d'Azur
VAR
H A U TE
Pau Tarbes
Marseilles Toulon
Perpignan PYRNESORIENTALES
215
Analogy The city/post code MAC@ Company name IP@ Department UDP port Note : the company could move to another city => modification of the City/post code but no modification of the company name (logical address) The post office pay attention only on the city/post code (MAC@) and the Company name (IP@) but not the department (UDP port) Only the private companies (users) pay attention to the department (UDP port). UDP/TCP ports allows multiplexing. Delivering data from an application to its remote peer. Multiple applications can be supported simultaneously.
Page 1.215
TFTP server File transfer 6 6 Socket Socket @ IPa ,Port1955 @IPa, Port1843 @IPb,Port69 @Ipb, Port69
Well known port
1843
1955 2 UDP/TCP
3
IP a
UDP/TCP IP b
69
The well-known ports are controlled and assigned by the Internet Assigned Number Authority (IANA)Most servers wait for requests at a well-known port so that their clients know which port (and in turn, which application) they must direct their requests. The reason for well-known ports is to allow clients to be able to find servers without configuration information. The well-known port numbers are defined in STD 2 Assigned Internet Numbers. The client typically uses an arbitrary port called an ephemeral port for its communication. Clients that wish to communicate with a server that does not use a well-known port must have another mechanism for learning to which port they must address their requests. This mechanism might employ a registration service such as portmap, which does use a well-known port. Ephemeral: Clients do not need well-known port numbers because they initiate communication with servers and the port number they are using is contained in the UDP datagrams sent to the server. Each client process is allocated a port number for as long as it needs it by the host it is running on. Ephemeral port numbers have values greater than 1023, normally in the range 1024 to 65535. A client can use any number allocated to it, as long as the combination of <transport protocol, IP address, port number> is unique. Ephemeral ports are not controlled by IANA and can be used by ordinary user-developed programs on most systems.
Page 1.216
Data
UDP 4 header Layer header Port :., Port :: n Portsrc :., Portdest n src dest
Data
217
In both transport layer UDP and TCP, the destination port is used to determine the target application.
Page 1.217
UDP:TCP IP a
1025
UDP/TCP IP b
69
UDP/TCP IP c
1025
IP network
The concepts of port and socket, determine which local process at a given host actually communicates with which process, at which remote host, using which protocol. If this sounds confusing, consider the following: An application process is assigned a process identifier number (process ID), which is likely to be different each time that process is started. Process IDs differ between operating system platforms, hence they are not uniform. A server process can have multiple connections to multiple clients at a time, hence simple connection identifiers would not be unique. The concept of ports and sockets provides a way to uniformly and uniquely identify connections and the programs and hosts that are engaged in them, irrespective of specific process IDs. A socket address is the triple: <protocol, local-address, local-process> For example, in the TCP/IP suite: <tcp, 193.44.234.3, 12345> A conversation is the communication link between two processes. An association is the 5-tuple that completely specifies the two processes that comprise a connection: <protocol, local-address, local-process, foreign-address, foreign-process> In the TCP/IP suite, the following could be a valid association: <tcp, 193.44.234.3, 1500, 193.44.234.5, 21>
Page 1.218
UDP/TCP IP a
1025
1542 2 4 69 UDP/TCP IP b
3
69
UDP/TCP IP c
IP network
Page 1.219
Well-known ports
1023 1024
Registered ports
49151 49152
Ephemeral ports
65535
7: Echo 9: Discard 11: Systat- logged users 13: Daytime 15: Netstat 19: Chargen 37: Temps (time) 43: whois53: DNS Domain Name Server (Query) 67: BOOTPs BOOTP Bootstrap Protocol- Server 68: BOOTPc BOOTP Bootstrap Protocol- Client 69: TFTP Trivial File Transfer Protocol 111: RPC remote Procedure Call 123: NTP Network Time Protocol 161: SNMP Simple Network Management Protocol 162: SNMP - Traps
5: RJE- Remote Job Entry 7: Echo 9: Discard 11: Systat- logged users 13: Daytime 15: Netstat 19: Chargen20: FTP File Transfer Protocol- Data 21: FTP File Transfer Protocol- Commands 23: TELNETTELNET Remote connection 25: SMTP Simple Mail Transfer Protocol53: DNS Domain Name Server (zone transfer) 80: HTTP Hypertext Transfer Protocol 110: POP3 Post Office Protocol 111: SUNRPC 139: Netbios
220
In the past, only two ranges of ports : well-known and ephemeral Now, because so many new services have been born : Well-known ports are assigned by IANA. range between 1 and 1023. Registered ports are displayed bu IANA Ephemeral ports Well-known port numbers are typically odd, because early systems using the port concept required an odd/even pair of ports for duplex operations. Client uses an ephemeral port, exception is the BOOTP client, which uses well known port 68 Most servers require only a single well known port. Exception is the FTP server, which uses two: 20 and 21 An application could run on both TCP or UDP transport layer. But in fact each application runs always to only one transport protocol some exception like DNS running on server which uses both UDP port 53 (for query operation) and TCP port 53 (for database transfer between 2 DNS servers).
Page 1.220
Host @IPa
data Transport Port sd data IP@ sadb Phys@ 2 Phys@ Phys@ 8 6 Phys@ s8d7
IP Network
IP@ sadb Phys@ 7
@IPb Appli
Host
Appli Appli
Host
Phys @ 9
Phys @ 12
Host
221
Application layer The application layer is provided by the program that uses TCP/IP for communication. An application is a user process cooperating with another process usually on a different host Transport layer The transport layer provides the end-to-end data transfer by delivering data from an application to its remote peer. Multiple applications can be supported simultaneously. Internetwork layer Internet Protocol (IP) is the most important protocol in this layer. It is a connectionless protocol that doesn't assume reliability from lower layers. IP does not provide reliability, flow control, or error recovery. These functions must be provided at a higher level. Network interface layer The network interface layer, also called the link layer or the data-link layer, is the interface to the actual network hardware. Router Interconnects networks at the internetwork layer level and routes packets between them.
Page 1.221
Objective:
to be able to describe the operation of the client/server model at the transport layer
222
Page 1.222
1 2 3 4 5 6 7 8 9
Introduction Physical and link layers ARP protocol Repeaters, Bridges and Switches IP protocol ICMP protocol Client-Server model UDP protocol TCP protocol
1.223
Page 1.223
8 User Datagram Protocol Situation of the UDP protocol Application Transport Network
NTP TFTP UDP ICMP SNMP DNS Telnet FTP SMTP TCP HTTP
IP ARP
LLC
SNAP 802.2
Link
MAC FDDI Optical fibre
Ethernet V2
Physical
10 Base 2
10 Base 5 224
Usually, UDP is used by applications that need a fast transport mechanism (time synchronisation, voice over IP) that have a very short communication (one question, one response) that can tolerate the loss of some data. The main applications using UDP are : TFTP: Trivial File Transfer Protocol DNS : Domain Name System NTP : Network Time Protocol
Page 1.224
UDP IP
P3 P2 P1
IP network
P2 P1 P3
UDP IP
P1 P3 P2 P1
P3
P3
P1
P2
Page 1.225
Classical mail
User User
226
UDP provides a mechanism for one application to send a datagram to another. The UDP protocol can be regarded as being extremely thin and consequently has low overheads, but it requires the application to take responsibility for error recovery and so on. As a result, applications using UDP as the transport protocol have to provide their own end-to-end integrity, flow control, and congestion control, if it is so desired. Usually, UDP is used by applications that need a fast transport mechanism and can tolerate the loss of some data.
Page 1.226
Convsation
IP network
Conversation
Co
nv
er
sa
ti
on
E v ery 1 0 s
IP network
Network management
227
UDP is suitable for application tolerating loss of some data. Example: Voice over IP - If a part of the conversation is lost during the transmission, the ear is capable of understanding. In addition if the part of lost conversation is repeated, it will be out of sequence and will cause the worst effect. Time synchronisation is necessary to well manage a network. A Network Time Server delivers recurrently the time. If a message conveying the current time is lost, it is crazy to repeat this message because the time run.
Page 1.227
http://alcatel.com Internet
Alcatel
Name Server
Page 1.228
8 User Datagram Protocol Main UDP Well-known ports 7: Echo 9: Discard 11: Systat- logged users 13: Daytime 15: Netstat 19: Chargen 37: Temps (time) 43: whois53: DNS Domain Name Server 67: BOOTPs BOOTP Bootstrap Protocol- Serveur 68: BOOTPc BOOTP Bootstrap Protocol- Client 69: TFTP Trivial File Transfer Protocol 111: RPC remote Procedure Call 123: NTP Network Time Protocol 161: SNMP Simple Network Management Protocol 162: SNMP - Traps
229
Well-known port are assigned by ICANN. Well-known: Well-known ports belong to standard servers, for example, DNS uses port 53. Well-known port numbers range between 1 and 1023 Well-known port numbers are typically odd, because early systems using the port concept required an odd/even pair of ports for duplex operations. Most servers require only a single port. Exceptions are the BOOTP server, which uses two: 67 and 68
Well-known ports
Page 1.229
Servers
DNS
TFTP
Appli. n
Daytime Port 13
Chargen Port 19
Port 69
Port n
Portsrc, Portdest
Data
UDP
230
Character Generator : The Character Generator service is designed to send a set of ASCII characters. Upon receipt of a datagram (the contents of which are ignored), the Character Generator service returns a list of all printable ASCII characters. The UDP Character Generator service monitors port 19 for an incoming datagram and responds with a datagram containing a random number of characters. Up to 512 characters can be sent. Daytime : The Daytime service returns a message with the current date and time. The format it uses is the day of the week, month of the year, day of the month, time, and theyear. Time is specified in a HH:MM:SS format. Each field is separated by spaces to enable parsing of the contents. Both TCP and UDP versions monitor port 13 and, upon receipt of a datagram, return the message. The Daytime service can be used for several purposes, including setting system calendars and clocks to minimize variations. It also can be used by applications. Discard The Discard service simply discards everything it receives. TCP waits for a connection on port 9, whereas UDP receives datagrams through that port. Anything incoming is ignored. No responses are sent. The Discard service might seem pointless, but it can be useful for routing test messages during system setup and configuration. It can also be used by applications in place of a discard service of the operating system (such as /dev/null in UNIX). Echo : The Echo service returns whatever it receives. It is called through port 7. With TCP, it simply returns whatever data comes down the connection, whereas UDP returns an identical datagram (except for the source and destination addresses). The echoes continue until the port connection is broken or no datagrams are received. The Echo service provides very good diagnostics about the proper functioning of the network and the protocols themselves. The reliability of transmissions can be tested this way, too. Turnaround time from sending to receiving the echo provides useful measurements of response times and latency within the network. Finger The Active Users service returns a message to the originating user that contains a list of all users currently active on the remote machine. The behavior of the TCP and UDP versions is the same. When requested, the Active Users service monitors port 11 and, upon establishment of a connection, responds with a list of the currently active users and then closes the port. UDP sends a datagram, and TCP uses the connection itself. Time Time : The Time service returns the number of seconds that have elapsed since January 1, 1990. Port 37 is used to listed for a request (TCP) or receive an incoming datagram (UDP). When a request is received, the time is sent as a 32-bit binary number. It is up to the receiving application to convert the number to a useful figure. The Time service is often used for synchronizing network machines or for setting clocks within an application. Quote of the Day : The Quote of the Day service does as its name implies. It returns a quotation from a file of quotes, randomly selecting one a day when a request arrives on port 17. If a source file of quotations is not available, the service fails. Note : Users can directly access their service of choice (assuming it is supported) by using Telnet.
Page 1.230
byte
byte
byte
byte
Data
231
UDP datagram format Each UDP datagram is sent within a single IP datagram. Although, the IP datagram may be fragmented during transmission, the receiving IP implementation will reassemble it before presenting it to the UDP protocol. All IP implementations are required to accept datagrams of 576 bytes, which means that, allowing for maximum-size IP header of 60 bytes, a UDP datagram of 516 bytes is acceptable to all implementations. Many implementations will accept larger datagrams, but this is not guaranteed. The UDP datagram has a 16-byte header. Source Port: Indicates the port of the sending process. It is the port to which replies should be addressed. Destination Port: Specifies the port of the destination process on the destination host. Length: The length (in bytes) of this user datagram, including the header. Checksum: An optional 16-bit one's complement of the one's complement sum of a pseudo-IP header, the UDP header, and the UDP data. The pseudo-IP header contains the source and destination IP addresses, the protocol, and the UDP length:
Page 1.231
Data
UDP header Port :., :: n Portsrc :., Port Portdest n src dest
Prot=17
TCP (6)
Layer 3 IP
Data
232
It simply serves as a multiplexer/demultiplexer for sending and receiving datagrams, using ports to direct the datagrams. Applications sending datagrams to a host need to identify a target that is more specific than the IP address, since datagrams are normally directed to certain processes and not to the system as a whole. UDP provides this by using ports.
Page 1.232
UDP
pseudo IP header 12 bytes IP address source IP address destination 00 Protocol Datagram length UDP dest Port Checksum UDP UDP src Port UDP message length
Type Of Service
Datagram length
Flag
Datagram Offset
Checksum
Calculation
Data
UDP Datagram
233
Checksum: An optional 16-bit one's complement of the one's complement sum of a pseudo-IP header, the UDP header, and the UDP data. The pseudo-IP header contains the source and destination IP addresses, the protocol, and the UDP length. Why is this header added? It is because the TCP header doesnt contain IP addresses and just includes source and destination port numbers. This means if a TCP segment is delivered to the wrong system (wrong destination IP address), the TCP module on that system could not notice it by looking at the TCP header. Including the IP address information in checksum using the pseudo-header prevents this problem. If a problem is detected after the checksum calculation (validation) in a receiving system, the TCP segment is silently discarded. Nothing informs the sending system.
Page 1.233
no flow-control,
Application 2 Application Application 1 3
no error recovery
Page 1.234
1- At each level, look for the field allowing to know the encapsulated protocol.
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Eth V2 [0000:000D] 0000:0005 Destination Address: FFFFFFFFFFFF (Broadcast) 0006:000B Source Address: 00809F2132A9 (Alcatel2132A9) 000C:000D Ethernet Type: DOD Internet Protocol (IP) IP [000E:0021] 000E:000E Version: 4; Header Length: 20 000F:000F TOS, Precedence: Routine; Delay:Normal;Throughput:Normal; 0010:0011 Packet Length: 328 Reliability:Normal 0012:0013 Identification: 0x0000 0014:0014 DF: May Fragment; MF: Last Fragment 0014:0015 Fragment Offset: 0 0016:0016 Time to Live: 15 0017:0017 Transport: User Datagram 0018:0019 Header Checksum: 0xAAA6 (correct) 001A:001D Source Address: 0.0.0.0 001E:0021 Destination Address: 255.255.255.255 UDP [0022:0029] 0022:0023 Source Port: Bootstrap Protocol Client 0024:0025 Destination Port: Bootstrap Protocol Server 0026:0027 Packet Length: 308 0028:0029 Checksum: 0xEF12 (correct)
235
Page 1.235
BOOTPBOOTP-client
Hex. Data FF FF FF FF 01 48 00 00 FF FF 00 44 7E BA 00 00 00 00 00 00 00 00 00 00
BOOTPBOOTP-server
FF 00 00 00 00 00 FF 00 43 00 00 00 00 0F 01 00 00 00 80 11 34 00 80 00 9F AA EF 00 9F 00 21 A6 12 00 21 00
UDP
32 00 01 00 32 00 A9 00 01 00 A9 00 08 00 06 00 00 00 00 00 00 00 00 00
IP
45 FF 00 00 00 00 00 FF 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Eth v2 [0000:000D] 0000:0005 Destination Address: FFFFFFFFFFFF (Broadcast) 0006:000B Source Address: 00809F2132A9 (Alcatel2132A9) 000C:000D Ethernet Type: DOD Internet Protocol (IP) IP [000E:0021] 000E:000E Version: 4; Header Length: 20 000F:000F TOS, Precedence: Routine; Delay:Normal;Throughput:Normal; 0010:0011 Packet Length: 328 Reliability:Normal 0012:0013 Identification: 0x0000 0014:0014 DF: May Fragment; MF: Last Fragment 0014:0015 Fragment Offset: 0 0016:0016 Time to Live: 15 0017:0017 Transport: User Datagram 0018:0019 Header Checksum: 0xAAA6 (correct) 001A:001D Source Address: 0.0.0.0 001E:0021 Destination Address: 255.255.255.255 UDP [0022:0029] 0022:0023 Source Port: Bootstrap Protocol Client 0024:0025 Destination Port: Bootstrap Protocol Server 0026:0027 Packet Length: 308 0028:0029 Checksum: 0xEF12 (correct)
236
Page 1.236
Objective:
237
Page 1.237
238
Page 1.238
1 2 3 4 5 6 7 8 9
Introduction Physical and link layers ARP protocol Repeaters, Bridges and Switches IP protocol ICMP protocol Client-Server model UDP protocol TCP protocol
1.239
Page 1.239
IP ARP
LLC
SNAP 802.2
Link
MAC FDDI Optical fibre
Ethernet V2
Physical
10 Base 2
10 Base 5 240
Transmission Control Protocol (TCP) TCP provides connection-oriented reliable data delivery, duplicate data suppression, congestion control, and flow control. TCP is a standard protocol with STD number 7. TCP is described by RFC 793transmission Control Protocol. Its status is recommended, but in practice, every TCP/IP implementation that is not used exclusively for routing will include TCP. TCP provides considerably more facilities for applications than UDP, notably : error recovery, flow control, reliability. TCP is a connection-oriented protocol, unlike UDP, which is connectionless.
Page 1.240
TCP IP
P3 P2 P1
Connectionless service
P2
IP network
P1 P2 P3
TCP IP
P1 P3 P2 P1
P3
P3
P1
P2
Page 1.241
Application
Withdraw: 50$
TCP is reliable
TCP P1 IP
h C as er ens di s p
242
Page 1.242
max 60 bytes
Checksum
Page 1.243
Header length
Checksum
S Y I Reserved R C PS G K H T N N
U A
244
Ports : Allow multiplexing: Achieved through the use of ports, just as with UDP.
Page 1.244
9 TCP protocol Some Well known ports using TCP server FTP
Data
port
Server Telnet
Server SMTP
Server DNS
Server HTTP
port
Ctrl
20
21
port
23
port
TCP IP
25
port
53
port
80
Network TCP/IP
Server
245
Unix display /etc/services to see port assignments.
Page 1.245
9 TCP protocol Main TCP well-known ports 5: RJE- Remote Job Entry 7: Echo 9: Discard 11: Systat- logged users 13: Daytime 15: Netstat 19: Chargen20: FTP File Transfer Protocol- Data 21: FTP File Transfer Protocol- Commands 23: TELNETTELNET Remote connection 25: SMTP Simple Mail Transfer Protocol53: DNS Domain Name Server (zone transfer) 80: HTTP Hypertext Transfer Protocol 110: POP3 Post Office Protocol 111: SUNRPC 139: Netbios
246
Most servers require only a single port. Exception is the FTP server, which uses two: 20 and 21 Normally, a server will use either TCP or UDP, but there are exceptions. For example, domain name servers use both UDP port 53 (for query) and TCP port 53 (for database transfer between Domain name servers).
Page 1.246
Header length
Checksum
S Y I Reserved R C PS G K H T N N
U A
247
Sequence Number: The sequence number of the first data byte in this segment. If the SYN control bit is set, the sequence number is the initial sequence number (n) and the first data byte is n+1. Acknowledgement Number: If the ACK control bit is set, this field contains the value of the next sequence number that the receiver is expecting to receive. URG: Indicates that the urgent pointer field is significant in this segment. PSH: Sometimes, an application needs to be sure that all the data passed to TCP has actually been transmitted to the destination. For that reason, a push function is defined. It will push all remaining TCP segments still in storage to the destination host. The normal close connection function also pushes the data to the destination. ACK: Indicates that the acknowledgement field is significant in this segment. RST: Resets the connection. SYN: Synchronise the sequence numbers. FIN: No more data from sender.
Page 1.247
Seq. X Connect-Request
TCP
Three-way handshake
S YN
TCP
Appli
(Seq.: x)
Connect-Confirm
x+ 1) / ACK ( Ack.=
(Seq.= X + 1)
248
Page 1.248
9 TCP protocol Reordering data Establishment phase Seq. : 40 Data-Request (abcd) abcd Data-Request (efg) efg Data-Request (hi) hi Data-Request (jkl) jkl Transfer phase
( S eq .= 44 ) / Dat a e f g
(Seq.= 40 ) / Data a bc d
44 ACK =44
52 ACK =52
Page 1.249
Client
400
401
::
+1 411
+1 101
Seq nb:4 0 1 PS / H
ACK
/ a ck nb : 1 0 1 /
421
delivery 22 bytes
/20 bytes 1/ ACK: ack nb : 411 01 sq:10 n sq:1 Seq nb :4 1 1 / ACK / a ck nb : 1 2 1 /1 0 by tes
delivery 10 bytes
121
123
250
The primary purpose of TCP is to provide reliable logical circuit or connection service between pairs of processes. It does not assume reliability from the lower-level protocols (such as IP), so TCP must guarantee this itself. TCP can be characterised by the following facilities it provides for the applications using it: Stream Data Transfer: From the application's viewpoint, TCP transfers a contiguous stream of bytes through the network. The application does not have to bother with chopping the data into basic blocks or datagrams. TCP does this by grouping the bytes in TCP segments, which are passed to IP TCP assigns a sequence number to each byte transmitted and expects a positive acknowledgement (ACK) from the receiving TCP. If the ACK is not received within a timeout interval, the data is retransmitted. Since the data is transmitted in blocks (TCP segments), only the sequence number of the first data byte in the segment is sent to the destination host. The receiving TCP uses the sequence numbers to rearrange the segments when they arrive out of order, and to eliminate duplicate segments. Sometimes, an application needs to be sure that all the data passed to TCP has actually been transmitted to the destination. For that reason, a push function is defined. It will push all remaining TCP segments still in storage to the destination host. The normal close connection function also pushes the data to the destination.
Page 1.250
Client 421
FIN / Seq nb :4 2 1 / A CK / a ck nb : 1 2 3
A C K : a c k nb: 4 2 2
+1
+1
251
The primary purpose of TCP is to provide reliable logical circuit or connection service between pairs of processes. It does not assume reliability from the lower-level protocols (such as IP), so TCP must guarantee this itself. TCP can be characterised by the following facilities it provides for the applications using it: Stream Data Transfer: From the application's viewpoint, TCP transfers a contiguous stream of bytes through the network. The application does not have to bother with chopping the data into basic blocks or datagrams. TCP does this by grouping the bytes in TCP segments, which are passed to IP TCP assigns a sequence number to each byte transmitted and expects a positive acknowledgement (ACK) from the receiving TCP. If the ACK is not received within a timeout interval, the data is retransmitted. Since the data is transmitted in blocks (TCP segments), only the sequence number of the first data byte in the segment is sent to the destination host. The receiving TCP uses the sequence numbers to rearrange the segments when they arrive out of order, and to eliminate duplicate segments. Sometimes, an application needs to be sure that all the data passed to TCP has actually been transmitted to the destination. For that reason, a push function is defined. It will push all remaining TCP segments still in storage to the destination host. The normal close connection function also pushes the data to the destination.
Page 1.251
Header length
Checksum
S Y I Reserved R C PS G K H T N N
U A
Urgent data
Options (optional)
252
Urgent Pointer : Points to the first data byte following the urgent data. Only significant when the URG control bit is set. URG: Indicates that the urgent pointer field is significant in this segment
Page 1.252
IP network
253
Page 1.253
Header length
Checksum
S Y I Reserved R C PS G K H T N N
U A
254
Window: The window size is determined by the receiver when the connection is established and is variable during the data transfer. Each ACK message will include the window size that the receiver is ready to deal with at that particular time. Flow Control: The receiving TCP, when sending an ACK back to the sender, also indicates to the sender the number of bytes it can receive beyond the last received TCP segment, without causing overrun and overflow in its internal buffers. This is sent in the ACK in the form of the highest sequence number it can receive without problems. This mechanism is also referred to as a window-mechanism.
Page 1.254
5000
W I N D 5500 O W I N 6000 D O W
9 TCP protocol Window : End-to-end flow control Receiver Ack nb=5000 / Window: 1000 Buffer
5 0 0 by t es
5000 5500
Ack nb=5500
S e gme n t 2 (Se q . bn S e gme n t 3 (Se q . bn
0 / W i ndo w: 1 0 0
=5500) 500 b yte s
Ack nb=6000
/W
indow: 500
6000
=6000)
500 b yte s
6500 6850
W I N D O W
350 bytes
6500 6850
350 bytes
255
TCP sends data in variable length segments. Sequence numbers are based on a byte count. Acknowledgements specify the sequence number of the next byte that the receiver expects to receive. The sender can send all packets within the window without receiving an ACK, but must start a timeout timer for each of them. The receiver must acknowledge each packet received, indicating the sequence number of the last well-received packet. The sender slides the window on each ACK received. This window mechanism ensures: Reliable transmission. Better use of the network bandwidth (better throughput). Flow-control, since the receiver may delay replying to a packet with an acknowledgment, knowing its free buffers are available and the window-size of the communication.
Page 1.255
TCP
Source IP address
Pseudo IP header
Type Of Service
Datagram length
Destination IP address 00 Protocol port source Ack number Window size Urgent pointeur port destination Datagramme length
Identification
Flag
12 bytes
Datagram Offset
TTL
Protocol 17
Checksum
Sequence number
Header Reserved U A P R S F RCS S Y I length
Calculation
Checksum
G K HT N N
TCP Datagram
256
Checksum: The 16-bit one's complement of the one's complement sum of all 16-bit words in a pseudo-header, the TCP header, and the TCP data. While computing the checksum, the checksum field itself is considered zero. The pseudo-header is the same as that used by UDP for calculating the checksum. It is a pseudo-IP-header, only used for the checksum calculation.
Page 1.256
Header length
1 Type
1 Length
Maximum Segment Size option: This option is only used during the establishment of the connection (SYN control bit set) and is sent from the side that is to receive data to indicate the maximum segment length it can handle. Window Scale option: This option is not mandatory. Both sides must send the Windows Scale Option in their SYN segments to enable windows scaling in their direction. The Window Scale expands the definition of the TCP window to 32 bits. It defines the 32-bit window size by using scale factor in the SYN segment over standard 16bit window size. The receiver rebuild the 32-bit window size by using the 16-bit window size and scale factor. This option is determined while handshaking. There is no way to change it after the connection has been established. SACK-Permitted option: This option is set when selective acknowledgement is used in that TCP connection. SACK option: Selective Acknowledgement (SACK) allows the receiver to inform the sender about all the segments that are received successfully. Thus, the sender will only send the segments that actually got lost. If the number of the segments that have been lost since the last SACK is too large, the SACK option will be too large. As a result, the number of blocks that can be reported by the SACK option is limited to four. To reduce this, the SACK option should be used for the most recent received data. Timestamps option: The timestamps option sends a timestamp value that indicates the current value of the timestamp clock of the TCP sending the option. Timestamp Echo Value can only be used if the ACK bit is set in the TCP header.
Page 1.257
segment
Ack
etransmit _ x = R TimeOut
Waiting for ack
segment
258
Variable timeout intervals Each TCP should implement an algorithm to adapt the timeout values to be used for the round trip time of the segments. To do this, TCP records the time at which a segment was sent, and the time at which the ACK is received. A weighted average is calculated over several of these round trip times, to be used as a timeout value for the next segment(s) to be sent. In Internet, the path between a pair of hosts may traverse a single high speed network or, it may wind across multiple intermediate networks. Thus it is impossible to know a priori how quickly an acknowledge will return. TCP uses an adaptive retransmission algorithm. The TCP sender records the time at which each segment is sent, and the time at which an acknowledgement arrives. The elapsed time is called RTT Round Trip Time .
Page 1.258
A0 =
segment
Ack
segment
Ack
A1 =0,9 x A0 + 0,1 x
segment
Ack
: smooth factor 1< <0
A2 =0,9 x A1 + 0,1 x
A = x A + (1- ) x RTT
259
The TCP sender records the time at which each segment is sent, and the time at which an acknowledgement arrives. The elapsed time is called RTT Round Trip Time . Whenever it measures a new RTT, TCP adjusts its notion of the average RTT for the connection. The algorithm is : RTT being the latest measured Round Trip Time, T0 being the average RTT calculated on the previous RTTs The new average T1 is given by : - T1 = T0 + (1- ) RTT : weighing factor 0< <1 Choosing a value for close to 0 makes the weighted average respond to changes in delay very quickly. Usually, is chosen closer to 1 to prevent a single RTT to affect average dramatically. Example: if =0.9 then the last RTT contribute in only 10% of the new Timeout calculation. Van Jackobson suggested in 1990 a new method of timeout calculation. Karn algorithm suggested not to take in account the measured RTT after a retransmission because one cannot know if the received ack is the response to the initial segment or the retransmit segment.
Page 1.259
Receiver
x dow si ze = Ack, Wi n
Segments 20 15 10 5
(Round Trip Time)
exponential increasing
260
TCP congestion control algorithms The TCP congestion algorithm prevents a sender from overrunning the capacity of the network Several congestion control enhancements have been added and suggested to TCP over the years. This is still an active and ongoing research area, but modern implementations of TCP contain four intertwined algorithms as basic Internet standards: Slow start Congestion avoidance Fast retransmit Fast recovery The assumption of the algorithm is that packet loss caused by damage is very small (much less than 1 percent). Therefore, the loss of a packet signals congestion somewhere in the network between the source and destination. There are two indications of packet loss: 1. A timeout occurs. 2. Duplicate ACKs are received. slow start It operates by observing that the rate at which new packets should be injected into the network is the rate at which the acknowledgements are returned by the other end. Slow start adds another window to the sender's TCP: the congestion window, called cwnd. The sender starts by transmitting one segment and waiting for its ACK. When that ACK is received, the congestion window is incremented from one to two, and two segments can be sent. When each of those two segments is acknowledged, the congestion window is increased to four. This provides an exponential growth, although it is not exactly exponential, because the receiver may delay its ACKs, typically sending one ACK for every two segments that it receives.
Page 1.260
20
congestion Detection
Congestion avoidance
rowth
15
10
ssthresh= 16/2= 8
g L inear
slow start
(Round Trip Time)
261
Congestion avoidance Congestion avoidance and slow start are independent algorithms with different objectives. But when congestion occurs TCP must slow down its transmission rate of packets into the network, and invoke slow start to get things going again. In practice, they are implemented together. Congestion avoidance and slow start require that two variables be maintained for each connection: A congestion window, cwnd A slow start threshold size, ssthresh The combined algorithm operates as follows: 1. Initialization for a given connection sets cwnd to one segment and ssthresh to 65535 bytes. 2. The TCP output routine never sends more than the lower value of cwnd or the receiver's advertised window. 3. When congestion occurs (timeout or duplicate ACK), one-half of the current window size is saved in ssthresh. Additionally, if the congestion is indicated by a timeout, cwnd is set to one segment. 4. When new data is acknowledged by the other end, increase cwnd, but the way it increases depends on whether TCP is performing slow start or congestion avoidance. If cwnd is less than or equal to ssthresh, TCP is in slow start; otherwise, TCP is performing congestion avoidance.
Page 1.261
error recovery
multiplexing/ demultiplexing
connection-oriented
262
Reliability: CP assigns a sequence number to each byte transmitted and expects a positive acknowledgment (ACK) from the receiving TCP. If the ACK is not received within a timeout interval, the data is retransmitted. Since the data is transmitted in blocks (TCP segments), only the sequence number of the first data byte in the segment is sent to the destination host. The receiving TCP uses the sequence numbers to rearrange the segments when they arrive out of order, and to eliminate duplicate segments. Flow Control: The receiving TCP, when sending an ACK back to the sender, also indicates to the sender the number of bytes it can receive beyond the last received TCP segment, without causing overrun and overflow in its internal buffers. This is sent in the ACK in the form of the highest sequence number it can receive without problems. This mechanism is also referred to as a window-mechanism. Multiplexing: Achieved through the use of ports, just as with UDP. Logical Connections: The reliability and flow control mechanisms described above require that TCP initializes and maintains certain status information for each data stream. The combination of this status, including sockets, sequence numbers and window sizes, is called a logical connection. Each connection is uniquely identified by the pair of sockets used by the sending and receiving processes. Full Duplex: TCP provides for concurrent data streams in both directions.
Page 1.262
Objective:
263
Page 1.263
264
Page 1.264
Exercise solutions
265
Page 1.265
3 ARP protocol Exercise :Trace of ARP protocol Given the following trace :
Addr. 0000: 0010: 0020:
>600hexa =>EthV2
1) What is the Ethernet protocol (IEEE802.3 ou Ethernet V2)? 2) Indicate the name of various fields and their value below
ARP Message
Hw type
2
EthV2
0001
Type type
0800
2
Legth @MAC
06
1
length @IP
04
1
Operation
0001
2
0A00008C
4
@IP src
0A00008A
4
@IP dest
Eth frame
ffffffffffff
6
@MAC dest
Protocol
2
0806 Request
266
Page 1.266
class B _ B _ A _ C _ B _
195.32.6.0 . . .
267
Page 1.267
@IP
159.173.90.134 159.173.90.34 131.108.2.10 195.32.6.219
Sub-net Mask
255.255.255.128 255.255.255.128 255.255.255.0 . . . 255.255.255.248 . . .
Net Id
159.173.90.128 . . . 159.173.90.0 . . . 131.108.2.0 . . . 195.32.6.216 . . .
268
Page 1.268
@IP
159.173.90.134 159.173.90.34 131.108.2.10 195.32.6.219
Network Broadcast
159.173.255.255 . . . . . . 159.173.255.255 131.108.255.255 . . . 195.32.6.255 . . .
Net mask
255.255.255.128 255.255.255.128 255.255.255.0 255.255.255.248
Sub-net Broadcast
159.173.90.255 . . . . . . 159.173.90.127 . . . 131.108.2.255 . . . 195.32.6.223
269
Page 1.269
5 IP protocol 5.1 IP Addressing Static subnetting - Exercise 2 - Answer NetID Netmask NetID 1 NetID 2 NetID 3 NetID 4
1 0 1 0 0 1 0 0 1 1 0 1 0 1 0 1
164
213
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 1 0 0 1 0 0 1 1 0 1 0 1 0 1 0 0 1 0 0 0 0 0 0 0 1 0 1 0 0 1 0 0 1 1 0 1 0 1 0 1 0 0 1 0 0 0 0 0 0 1 1 0 1 0 0 1 0 0 1 1 0 1 0 1 0 1 0 0 1 0 0 0 0 0 1 0 1 0 1 0 0 1 0 0 1 1 0 1 0 1 0 1 0 0 1 0 0 0 0 0 1 1
NetID 1 : 164.213.32.0 / 26 NetID 2 : 164.213.32.64 / 26 NetID 3 : 164.213.32.128 / 26 NetID 4 : 164.213.32.192 / 26
255
0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0
32
255
192 0
. .
213 213
. .
32 32
. .
64
164 164
. .
213 213
. .
32 32
. .
128 192
270
Page 1.270
.1 204.92.77.0 204.92.77.0
e1
e2
.1 204.92.76.0 204.92.76.0
.2
e1
R2
R1
e0
.1 192.168.201.0 192.168.201.0
Network
Mask
Next hop
204.92.76.1
e1 e0 e1
If
Network
Mask
Next hop If
e0 e1 e2 e0
271
An important function of the IP protocol is IP routing. This provides the basic mechanism for routers to interconnect different physical networks. The router only has information about various kinds of destinations: networks that are directly attached to one of the physical networks to which the router is attached. Hosts or networks for which the router has been given explicit definitions. The metrics provide indication about cost of a route to a destination. Metrics are based on : the number of hops, the bandwidth, the delay, ...
Page 1.271
IP@dest
1- Look for the destination IP @ and indicate which class is it 2- Look for the destination MAC @ and explain its value Multicast @ 01:00:5E:00:00:09 Copy of lower significant bits from IP@ Answer : E0.00.00.09 224.0.0.9
Class D (multicast)
272
Page 1.272
AAA Authentication, Authorization and Accounting AAL ATM Adaptation Layer API Application Programming Interface ARP Address Resolution Protocol ARPA Advanced Research Projects Agency AS Autonomous System ASN.1 Abstract Syntax Notation 1 BGP Border Gateway Protocol BIND Berkeley Internet Name Domain BSD Berkeley Software Distribution
CHAP Challenge Handshake Authentication Protocol CIDR Classless Inter-Domain Routing CLNP Connectionless Network Protocol JPEG Joint Photographic Experts Group CORBA Common Object Request Broker Architecture LAC L2TP Access Concentrator COS Class of Service LAN Local Area Network CPCS Common Part Convergence Sublayer LAPB Link Access Protocol Balanced CSMA/CD Carrier Sense Multiple Access with Collision Detection LCP Link Control Protocol LDAP Lightweight Directory Access Protocol LE LAN Emulation (ATM) DARPA Defense Advanced Research Projects Agency LLC Logical Link Layer DCE Data Circuit-terminating Equipment LNS L2TP Network Server LPD Line Printer Daemon DDNS Dynamic Domain Name System LPR Line Printer Requester DES Digital Encryption Standard LSAP Link Service Access Point L2F Layer 2 Forwarding DHCP Dynamic Host Configuration Protocol L2TP Layer 2 Tunnelling Protocol DLC Data Link Control DLCI Data Link Connection Identifier DMZ Demilitarized Zone DNS Domain Name Server DOD U.S. Department of Defense DSA Digital Signature Algorithm DSAP Destination Service Access Point DSS Digital Signature Standard DTE Data Terminal Equipment DVMRP Distance Vector Multicast Routing Protocol EGP Exterior Gateway Protocol ESP Encapsulating Security Payload FDDI Fiber Distributed Data Interface FQDN Fully Qualified Domain Name FR Frame Relay FTP File Transfer Protocol GGP Gateway-to-Gateway Protocol GUI Graphical User Interface HDLC High-level Data Link Control HMAC Hashed Message Authentication Code HTML Hypertext Markup Language HTTP Hypertext Transfer Protocol IAB Internet Activities Board IANA Internet Assigned Numbers Authority ICMP Internet Control Message Protocol ICSS Internet Connection Secure Server IDEA International Data Encryption Algorithm
IDLC Integrated Data Link Control IDRP Inter-Domain Routing Protocol IEEE Institute of Electrical and Electronics Engineers IESG Internet Engineering Steering Group IETF Internet Engineering Tas k Fo r ce IGMP Internet Group Management Protocol IGP Interior Gateway Protocol IKE Internet Key Exchange IMAP Internet Message Access Protocol IMS Information Management System IP Internet Protocol IPSec IP Security Architecture IPX Internetwork Packet Exchange IRFT Internet Research Task Force ISAKMP Internet Security Association and Key Management Protocol ISDN Integrated Services Digital Network ISO International Organization for Standardization ISP Internet Service Provider
Glossary
MAC Medium Access Control MD2 RSA Message Digest 2 Algorithm MD5 RSA Message Digest 5 Algorithm MIB Management Information Base MILNET Military Network MIME Multipurpose Internet Mail Extensions MLD Multicast Listener Discovery MOSPF Multicast Open Shortest Path First MPC Multi-Path Channel MPEG Moving Pictures Experts Group MPLS Multiprotocol Label Switching MPOA Multiprotocol over ATM MPTN Multiprotocol Transport Network MS-CHAP Microsoft Challenge Handshake Authentication Protocol MTA Message Transfer Agent MTU Maximum Transmission Unit NAT Network Address Tr an sl a t i o n NBDD NetBIOS Datagram Distributor NBNS NetBIOS Name Server NCP Network Control Protocol NCSA National Computer Security Association
Page 1.273
NDIS Network Driver Interface Specification NetBIOS Network Basic Input/Output System NFS Network File System NIC Network Information Center NIS Network Information Systems NIST National Institute of Standards and Technology NMS Network Management Station NNTP Network News Transfer Protocol NRZ Non-Return-to-Zero NRZI Non-Return-to-Zero Inverted NSAP Network Service Access Point NTP Network Time Protocol NVT Network Virtual Ter mi na l OSI Open Systems Interconnect OSPF Open Shortest Path First PAP Password Authentication Protocol PDU Protocol Data Unit PGP Pretty Good Privacy PI Protocol Interpreter PIM Protocol Independent Multicast PKCS Public Key Cryptosystem PKI Public Key Infrastructure PNNI Private Network-to-Network Interface POP Post Office Protocol POP Point-of-Presence PPP Point-to-Point Protocol PPTP Point-to-Point Tunneling Protocol PRI Primary Rate Interface PSDN Packet Switching Data Network PSTN Public Switched Telephone Network PVC Permanent Virtual Circuit QLLC Qualified Logical Link Control QoS Quality of Service RACF Resource Access Control Facility RADIUS Remote Authentication Dial-In User Service RARP Reverse Address Resolution Protocol RAS Remote Access Service RC2 RSA Rivest Cipher 2 Algorithm RC4 RSA Rivest Cipher 4 Algorithm REXEC Remote Execution Command Protocol RFC Request for Comments RIP Routing Information Protocol RIPE Rseaux IP Europens RISC Reduced Instruction-Set Computer RPC Remote Procedure Call RSH Remote Shell RSVP Resource Reservation Protocol RTCP Realtime Control Protocol RTP Realtime Protocol SA Security Association SAP Service Access Point SDLC Synchronous Data Link Control
Glossary
SET Secure Electronic Transaction SGML Standard Generalized Markup Language SHA Secure Hash Algorithm S-HTTP Secure Hypertext Transfer Protocol SLA Service Level Agreement SLIP Serial Line Internet Protocol SMI Structure of Management Information S-MIME Secure Multipurpose Internet Mail Extension SMTP Simple Mail Transfer Protocol SNA System Network Architecture SNAP Subnetwork Access Protocol SNMP Simple Network Management Protocol SOA Start of Authority SPI Security Parameter Index SSL Secure Sockets Layer SSAP Source Service Access Point SSP Switch-to-Switch Protocol SSRC Synchronization Source SVC Switched Virtual Circuit TACACS Terminal Access Controller Access Control System TCP Transmission Control Protocol TCP/IP Transmission Control Protocol/Internet Protocol TFTP Trivial File Transfer Protocol TLPB Transport-Layer Protocol Boundary TLS Transport Layer Security TOS Type of Service TRD Transit Routing Domain TTL Time to Live UDP User Datagram Protocol UID Unique Identifier URI Uniform Resource Identifier URL Uniform Resource Locator VPN Virtual Private Network VRML Virtual Reality Modeling Language VRRP Virtual Router Redundancy Protocol VTAM Virtual Telecommunications Access Method WAE Wireless Application Environment WAP Wireless Application Protocol WSP Wireless Session Protocol WTP Wireless Transaction Protocol WAN Wide Area Network WWW World Wide Web XDR External Data Representation XML Extensible Markup Language 3DES Triple Digital Encryption Standard
Page 1.274
dec 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63
hex 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37 38 39 3A 3B 3C 3D 3E 3F
bin 00000000 00000001 00000010 00000011 00000100 00000101 00000110 00000111 00001000 00001001 00001010 00001011 00001100 00001101 00001110 00001111 00010000 00010001 00010010 00010011 00010100 00010101 00010110 00010111 00011000 00011001 00011010 00011011 00011100 00011101 00011110 00011111 00100000 00100001 00100010 00100011 00100100 00100101 00100110 00100111 00101000 00101001 00101010 00101011 00101100 00101101 00101110 00101111 00110000 00110001 00110010 00110011 00110100 00110101 00110110 00110111 00111000 00111001 00111010 00111011 00111100 00111101 00111110 00111111
dec 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127
hex 40 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F 50 51 52 53 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F 60 61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 71 72 73 74 75 76 77 78 79 7A 7B 7C 7D 7E 7F
bin 01000000 01000001 01000010 01000011 01000100 01000101 01000110 01000111 01001000 01001001 01001010 01001011 01001100 01001101 01001110 01001111 01010000 01010001 01010010 01010011 01010100 01010101 01010110 01010111 01011000 01011001 01011010 01011011 01011100 01011101 01011110 01011111 01100000 01100001 01100010 01100011 01100100 01100101 01100110 01100111 01101000 01101001 01101010 01101011 01101100 01101101 01101110 01101111 01110000 01110001 01110010 01110011 01110100 01110101 01110110 01110111 01111000 01111001 01111010 01111011 01111100 01111101 01111110 01111111
dec 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191
hex 80 81 82 83 84 85 86 87 88 89 8A 8B 8C 8D 8E 8F 90 91 92 93 94 95 96 97 98 99 9A 9B 9C 9D 9E 9F A0 A1 A2 A3 A4 A5 A6 A7 A8 A9 AA AB AC AD AE AF B0 B1 B2 B3 B4 B5 B6 B7 B8 B9 BA BB BC BD BE BF
bin 10000000 10000001 10000010 10000011 10000100 10000101 10000110 10000111 10001000 10001001 10001010 10001011 10001100 10001101 10001110 10001111 10010000 10010001 10010010 10010011 10010100 10010101 10010110 10010111 10011000 10011001 10011010 10011011 10011100 10011101 10011110 10011111 10100000 10100001 10100010 10100011 10100100 10100101 10100110 10100111 10101000 10101001 10101010 10101011 10101100 10101101 10101110 10101111 10110000 10110001 10110010 10110011 10110100 10110101 10110110 10110111 10111000 10111001 10111010 10111011 10111100 10111101 10111110 10111111
dec 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255
hex C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF D0 D1 D2 D3 D4 D5 D6 D7 D8 D9 DA DB DC DD DE DF E0 E1 E2 E3 E4 E5 E6 E7 E8 E9 EA EB EC ED EE EF F0 F1 F2 F3 F4 F5 F6 F7 F8 F9 FA FB FC FD FE FF
bin 11000000 11000001 11000010 11000011 11000100 11000101 11000110 11000111 11001000 11001001 11001010 11001011 11001100 11001101 11001110 11001111 11010000 11010001 11010010 11010011 11010100 11010101 11010110 11010111 11011000 11011001 11011010 11011011 11011100 11011101 11011110 11011111 11100000 11100001 11100010 11100011 11100100 11100101 11100110 11100111 11101000 11101001 11101010 11101011 11101100 11101101 11101110 11101111 11110000 11110001 11110010 11110011 11110100 11110101 11110110 11110111 11111000 11111001 11111010 11111011 11111100 11111101 11111110 11111111
Page 1.275
276
Page 1.276