COMPUTER NETWORKING (CS09 603)MODULE III

COMPUTER SCIENCE AND ENGINEERINGMEA ENGINEERING COLLEGE

1. Internetworking IP V4 and V62. Multicast Addresses and Multicast Routing3. DVMRP, PIM, MSDP, MPLS4. Destination based forwarding5. Explicit Routing6. VPN and Tunnels

1. INTERNETWORKING:IPV6The network layer that is present in use in commonly referred to as IPv4. Although IPv4 is well designed and has helped the internet to grow rapidly, it has some deficiencies (Shortage in Address Space), these deficiencies has made it unsuitable for the fast growing internet. To overcome these deficiencies, Internet Protocol, Version 6 protocol has been proposed and it has evolved into a standard. Important features of IPv6 are highlighted below: IPv6 uses 128-bit address instead of 32-bit address to provide larger address space Uses more flexible header format, which simplifies and speeds up the routing process Basic header followed by extended header Resource Allocation options, which was not present in IPv4 Provision of new/future protocol options Support for security with the help of encryption and authentication Support for fragmentation at source

Colon Hexadecimal Notation

To make addresses more readable, IPv6 specifies colon hexadecimal notation (or colon hex for short). In this notation, 128 bits are divided into eight sections, each 2 bytes in length. Two bytes in hexadecimal notation require four hexadecimal digits. Therefore, the address consists of 32 hexadecimal digits, with every four digits separated by a colon.

E.g.: FDEC: BA98: 7654 :3210 :ADBF: BBFF :2922 :FFFFIPV6 ADDRESSES: An IPv6 address consists of 16 bytes. To make the address more readable, IPv6 specifies hexadecimal colon notation the use of which can be explained with the help of figure below :

Abbreviation: Although the IP address even in hexadecimal format is very long, many of the digits are zeros, hence we can abbreviate the address by omitting only the leading zeros of a section (four digits between two colons) as shown in the diagram. Further abbreviation is possible if there are consecutive sections consisting of zeros only. They can be removed altogether and replaced with a double semicolon.

Categories of Addresses: Unicastdefines a single computer Anycastdefines a group of computer with addresses that have the same prefix Multicastdefines a group of computers that may or may not share the same prefix and may or may not be connected to the same physical network. IPV6 PACKET FORMAT Each packet consists of a packet header followed by the payload. The payload has two parts: optional extension header and data from upper layer. The base header is of 40 bytes and the payload may be up to 65536 bytes.

Base Header: Version (4 bits) It indicates the IP version number. Priority (4 bits) It specifies the priority of the packet with respect to traffic congestion. Flow label (24 bits) It is designed to provide special handling for a particular flow of data. Payload length (16 bits) It specifies total length of IP datagram excluding base header. Next header (8 bits) It specifies the header that follows the base header. It may be one of the optional extension headers or an upper layer protocol header. Hop limit (8 bits) Similar to the TTL field in the IPv4 Source address (128 bits) Destination address (128 bits) It generally specifies the final destination of datagram. However if source routing is used, this field contains the address of the next router Extension Headers: Extension headers are supplied to provide extra information, but encoded in an efficient way. Six kinds of extension headers are defined at present. Each one is optional. But in case of more than one header is present, they must appear directly after the fixed base header, and preferably in the order listed. The hop-by-hop header is used to send information that all routers along the path must examine. Datagrams using this header are called Jumbograms. The routing header enlists one or more routers that have to be visited on the way to the destination. Both strict routing (full path specified) and loose routing (selected routers are supplied) are available. The fragment header deals with fragmentation in a way similar to IPv4. it holds the datagram identifier, fragment number, and a bit telling whether more fragments are coming. Unlike IPv4, only source host, and not the routers along the way, can fragment a packet. If an intermediate router receives a packet that is too long, it simply discards it and sends an ICMP message back. Authentication header provides a mechanism to the receiver of a packet to be sure of the sender. The encrypted security payload makes it possible to encrypt the contents of a packet so that only the intended recipient can read it. The destination option header is intended for fields that need only be interpreted at the destination host. Address Space Allocation

1.1 TRANSITION FROM IPV4 TO IPV6Because of the huge number of systems on the Internet, the transition from IPv4 to IPv6 cannot happen suddenly. It will take a considerable amount of time before every system in the Internet can move from IPv4 to IPv6. The transition must be smooth to prevent any problems between IPv4 and IPv6 systems. Three strategies have been devised by the IETF to help the transition see Figure 27.16).

Dual StackIt is recommended that all hosts, before migrating completely to version 6, have a dual stack of protocols. In other words, a station must run IPv4 and IPv6 simultaneously until all the Internet uses IPv6

TunnelingTunneling is a strategy used when two computers using IPv6 want to communicate with each ther and the packet must pass through a region that uses IPv4. To pass through this region, the packet must have an IPv4 address. So the IPv6 packet is encapsulated in an IPv4 packet when it enters the region, and it leaves its capsule when it exits the region. It seems as if the IPv6 packet goes through a tunnel at one end and emerges at the other end. To make it clear that the IPv4 packet is carrying an IPv6 packet as data, the protocol value is set to 41.

Header TranslationHeader translation is necessary when the majority of the Internet has moved to IPv6 but some systems still use IPv4. The sender wants to use IPv6, but the receiver does not understand IPv6. Tunneling does not work in this situation because the packet must be in the IPv4 format to be understood by the receiver. In this case, the header format must be totally changed through header translation. The header of the IPv6 packet is converted to an IPv4 header

2. MULTICASTING

In unicasting there is a single sender (source) and a single receiver (destination) In unicast routing, the router forwards the received packet through only one of its interfaces. Multicast: one source to many destinations Main goal: efficient data distribution Avoid data duplication within network

Applications: Broadcast audio/video Push-based systems (e.g., BGP updates) Software distribution Web-cache updates Teleconferencing (audio, video, shared whiteboard, text editor) Multi-player games and Other distributed applications

IP Multicast Architecture:

Multicasting:

2.2 MULTICAST ROUTINGIn multicast routing, the router may forward the received packet through several of itsinterfaces. Every member receives EXACTLY ONE copy of the packet Non-members receive nothing No loops in route Optimal path from source to each destination.

Terminology

Spanning Tree: Source is the root, group members are the leaves. Shortest Path Spanning Tree: Each path from root to a leaf is the shortest according to some metric. Multicast tree: Source-Based Tree: For each combination of (source , group), there is a shortest path spanning tree. Approach 1: DVMRP; an extension of unicast distance vector routing (e.g. RIP) Approach 2: MOSPF; an extension of unicast link state routing (e.g. OSPF) Group-Share Tree One tree for the entire group Rendezvous-Point Tree: one router is the center of the group and therefore the root of the tree. CBT and PIM-SP protocols

3. Distance Vector Multicast Routing Protocol DVMRP: No pre-defined route from source to destination. Tree is gradually created by successive routers along the path. Uses shortest path (fewest hops) Prevent loops: apply Reverse Path Forwarding (RFP) Prevent Duplication: apply Reverse Path Broadcasting (RPB) Multicast with dynamic membership: apply Reverse Path Multicasting (RPM) with pruning, grafting, and lifetime.

RPF (Reverse Path Forwarding):In reverse path forwarding (RPF), the router forwards only the packets that have traveled the shortest path from the source to the router; all other copies are discarded. No Loops.

Prevent Duplication in RPF:

RPF versus RPB: The router with the shortest path to the source becomes the designated parent of a network A Router forwards packets only to its designated child networks

RPB creates a shortest path broadcast tree from the source to each destination. It guarantees that each destination receives one and only one copy of the packet. To convert broadcasting to multicasting, the protocol uses two procedures, pruning and grafting. DVMRP: distance vector multicast routing protocol, RFC1075 flood and prune: Reverse path forwarding, source-based tree RPF tree based on DVMRPs own routing tables constructed by communicating DVMRP routers no assumptions about underlying unicast initial datagram to mcast group flooded everywhere via RPF routers *Not wanting group: send upstream prune msgs Reverse Path Forwarding: example

Multicast OSPF (MOSPF): Add-on to OSPF Recall: flood routing announcements, each node gets entire topology Now each router also keeps track of multicast group members Routers mark link-state advertisement with groups that it has members for Source-based trees Shortest paths to a node form a spanning tree Routing algorithm augmented to compute shortest-path distribution tree from a source to any set of destinations Packets from each source are forwarded on this tree

Core-Based Tree (CBT):In CBT, the source sends the multicast packet (encapsulated in a unicast packet) to the core router. The core router decapsulates the packet and forwards it to all interested hosts.

3.2 PIM (Protocol Independent Multicast):Not dependent on any specific underlying unicast routing algorithm (works with all) two different multicast distribution scenarios:Dense: Group members densely packed, in close proximity. Bandwidth more plentiful Group membership by routers assumed until routers explicitly prune Data-driven construction on M-cast tree (e.g., RPF) Bandwidth and non-group-router processing profligateSparse: Networks with group members small interconnected networks Group members widely dispersed Bandwidth not plentiful No membership until routers explicitly join Receiver- driven construction of M-cast tree (e.g., center-based) Bandwidth and non-group-router processing conservative

PIM- Dense Mode: Flood-and-prune RPF, similar to DVMRP but Underlying unicast protocol provides RPF info for incoming datagram Less complicated (less efficient) downstream flood than DVMRP reduces reliance on underlying routing algorithm Has protocol mechanism for router to detect it is a leaf-node router

PIM - Sparse Mode: Center-based approach Router sends join msg to Rendezvous Point (rp) Intermediate routers update state and forward join After joining via RP, router can switch to source-specific tree Increased performance: less concentration, shorter paths

Sender (s): Unicast data to RP, which distributes down RP-rooted tree RP can extend M-cast tree upstream to source RP can send stop msg if no attached receivers

3.3 Interdomain Multicast (MSDP):PIM-SM has some significant shortcomings when it comes to interdomain multicast. In particular, the existence of a single RP for a group goes against the principle that domains are autonomous. For a given multicast group, all the participating domains would be dependent on the domain where the RP is located. Furthermore, if there is a particular multicast group for which a sender and some receivers shared a single domain, the multicast traffic would still have to be routed initially from the sender to those receivers via whatever domain has the RP for that multicast group. Consequently, the PIM-SM protocol is typically not used across domains, only within a domain. To extend multicast across domains using PIM-SM, Multicast Source Discovery Protocol (MSDP) was devised. MSDP is used to connect different domainseach running PIM-SM internally, with its own RPsby connecting the RPs of the different domains. Each RP has one or more MSDP peer RPs in other domains. Each pair of MSDP peers is connected by a TCP connection over which the MSDP protocol runs. Together, all the MSDP peers for a given multicast group form a loose mesh that is used as a broadcast network. MSDP messages are broadcast through the mesh of peer RPs using the Reverse Path Broadcast Algorithm.

3.4 Multiprotocol Label Switching (MPLS)

Multi Protocol supports protocols even other than IP Supports IPv4, IPv6, IPX, AppleTalk at the network layer Supports Ethernet, Token Ring, FDDI, ATM, Frame Relay, PPP at the link layer Label short fixed length identifier to determine a route Labels are added to the top of the IP packet Labels are assigned when the packet enters the MPLS domain Switching forwarding a packet Packets are forwarded based on the label value NOT on the basis of IP header information

MPLS is A forwarding scheme designed to speed up IP packet forwarding (RFC 3031) Idea: use a fixed length label in the packet header to decide packet forwarding Label carried in an MPLS header between the link layer header and network layer header Support any network layer protocol and link layer protocol

MPLS Header Format: Label: 20-bit label value Exp: experimental use Can indicate class of service S: bottom of stack indicator 1 for the bottom label, 0 otherwise TTL: time to live

Need for MPLS: Rapid growth of Internet New latency dependent applications Quality of Service (QoS) Less time at the routers Traffic Engineering Flexibility in routing packets Connection-oriented forwarding techniques with connectionless IP Utilizes the IP header information to maintain interoperability with IP based networks Decides on the path of a packet before sending it Integration of layer 2 and layer 3 Simplified connection-oriented forwarding of layer 2 Flexibility and scalability of layer 3 routing MPLS does not replace IP; it supplements IP Traffic can be marked, classified and explicitly routed QoS can be achieved through MPLS

MPLS Architecture:

LSR = Label Switched RouterLER = Label Edge Router Comparing MPLS with existing IP core and IP/ATM technologies, MPLS has many advantages and benefits: The performance characteristics of layer 2 networks The connectivity and network services of layer 3 networks Improves the price/performance of network layer routing Improved scalability Improves the possibilities for traffic engineering Supports the delivery of services with QoS guarantees Avoids need for coordination of IP and ATM address allocation and routing information

Forwarding Equivalence Class (FEC): A group of packets that require the same forwarding treatment across the same path Packets are grouped based on any of the following Address prefix Host address Quality of Service (QoS) FEC is encoded as the label

FEC Example:Assume packets have the destination address as 124.48.45.20 143.67.25.77 143.67.84.22 124.48.66.90 FEC 1 (label x) FEC 2 (label y)143.67.25.77 124.48.45.20143.67.84.22 124.48.66.90

LER (Label Edge Router): Can be an ATM switch or a router Ingress LER performs the following: Receives the packet Adds label Forwards the packet into the MPLS domain Egress LER removes the label and delivers the packet

LSR (Label Switch Router): A router/switch that supports MPLS Can be a router Can be an ATM switch + label switch controller Label swapping Each LSR examines the label on top of the stack Uses the Label Information Base (LIB) to decide the outgoing path and the outgoing label Removes the old label and attaches the new label Forwards the packet on the predetermined path

4. Destination-Based Forwarding:Consider the network in Figure 4.42. Each of the two routers on the far right (R3 and R4) has one connected network, with prefixes 18.1.1/24 and 18.3.3/24. The remaining routers (R1 and R2) have routing tables that indicate which outgoing interface each router would use when forwarding packets to one of those two networks. When MPLS is enabled on a router, the router allocates a label for each prefix in its routing table, and advertises both the label and the prefix that it represents to its neighboring routers. This advertisement is carried in the (LDP) Label Distribution Protocol. This is illustrated in Figure 4.43. Router R2 has allocated the label value 15 for the prefix 18.1.1 and the label value 16 for the prefix 18.3.3. These labels can be chosen at the convenience of the allocating router, and can be thought of as indices into the routing table. After allocating the labels, R2 advertises the label bindings to its neighbors; in this case, we see R2 advertising a binding between the label 15 and the prefix 18.1.1 to R1. The meaning of such an advertisement is that R2 has said, in effect, please attach the label 15 to all packets sent to me that are destined to prefix 18.1.1. R1 stores the label in a table alongside the prefix that it represents as the remote or outgoing label for any packets that it sends to that prefix.

In Figure 4.43(c), we see another label advertisement from router R3 to R2 for the prefix 18.1.1, and R2 places the remote label that it learned from R3 in the appropriate place in its table. At this point, we can look at what happens when a packet is forwarded in this network. Suppose a packet destined to the IP address 18.1.1.5 arrives from the left to router R1. R1 in this case is referred to as a label edge router (LER); an LER performs a complete IP lookup on arriving IP packets, and then applies labels to them as a result of the lookup. In this case, R1 would see that 18.1.1.5 matches the prefix 18.1.1 in its forwarding table, and that this entry contains both an outgoing interface and a remote label value. R1 therefore attaches the remote label 15 to the packet before sending it. When the packet arrives at R2, R2 looks only at the label in the packet, not the IP address. The forwarding table at R2 indicates that packets arriving with a label value of 15 should be sent out interface 1, and that it should carry the label value 24, as advertised by router R3. R2 therefore rewrites, or swaps, the label, and forwards it on to R3.

What has been accomplished by all this application and swapping of labels? Observe that when R2 forwarded the packet in this example, it never actually needed to examine the IP address. Instead, R2 looked only at the incoming label. Thus, we have replaced the normal IP destination address lookup with a label lookup. To understand why this is significant, it helps to recall that although IP addresses are always the same length, IP prefixes are of variable length, and the IP destination address lookup algorithm needs to find the longest match; the longest prefix that matches the high-order bits in the IP address of the packet being forwarded. By contrast, the label forwarding mechanism just described is an exact match algorithm. It is possible to implement a very simple exact match algorithm, for example, by using the label as an index into an array, where each element in the array is one line in the forwarding table.

MPLS Applications: Traffic Engineering Virtual Private Network Quality of Service (QoS)

5. EXPLICIT ROUTING: Two options for route selection:1. Hop by hop routing2. Explicit routing Explicit Routing (Source Routing) is a very powerful technique With pure datagram routing, overhead of carrying complete explicit route is prohibitive MPLS allows explicit route to be carried only at the time the LSP is setup, and not with each packet MPLS makes explicit routing practicalRouting protocols used in conjunction with MPLS are based on distributed computation which may contain loops Loops handling - 3 categories1. Loop Mitigation/Survival2. Loop Detection3. Loop Prevention

MPLS (Helps to Implement Explicit Routing In IP Networks)IP has a source routing option, but it is not widely used for several reasons, including the fact that only a limited number of hops can be specified and because it is usually processed outside the fast path on most routers. MPLS provides a convenient way to add capabilities similar to source routing to IP networks, although the capability is more often called explicit routing rather than source routing. One reason for the distinction is that it usually isnt the real source of the packet that picks the route. More often it is one of the routers inside a service providers network. Figure 4.46 shows an example of how the explicit routing capability of MPLS might be applied. This sort of network is often called a fish network because of its shape (the routers R1 and R2 form the tail; R7 is at the head). R2-to-R7 traffic constitutes a second FEC (Forwarding Equivalence Class). Forwarding traffic in these two classes along different paths is difficult with normal IP routing, because R3 doesnt normally look at where traffic came from in making its forwarding decisions. Because MPLS uses label swapping to forward packets, it is easy enough to achieve the desired routing if the routers are MPLS-enabled. If R1 and R2 attach distinct labels to packets before sending them to R3thus identifying them as being in different FECs then R3 can forward packets from R1 and R2 along different paths. The question that then arises is, how do all the routers in the network agree on what labels to use and how to forward packets with particular labels? Clearly, we cant use the same procedures as described in the preceding section to distribute labels, because those procedures establish labels that cause packets to follow the normal paths picked by IP routing, which is exactly what we are trying to avoid. Instead, a new mechanism is needed. It turns out that the protocol used for this task is the Resource Reservation Protocol (RSVP) well talk more about this protocol, but for now it suffices to say that it is possible to send an RSVP message along an explicitly specified path (e.g., R1-R3-R6-R7) and use it to set up label forwarding table entries all along that path. This is very similar to the process of establishing a virtual circuit.Suppose that the operator of the network in Figure 4.46 has determined that any traffic flowing from R1 to R7 should follow the path R1-R3-R6-R7, and that any traffic going from R2 to R7 should follow the path R2-R3-R4-R7. One reason for such a choice would be to make good use of the capacity available along the two distinct paths from R3 to R7. We can think of the R1-to-R7 traffic as constituting one forwarding equivalence class, and the R2-to-R7 traffic constitutes a second FEC. Forwarding traffic in these two classes along different paths is difficult with normal IP routing, because R3 doesnt normally look at where traffic came from in making its forwarding decisions. Because MPLS uses label swapping to forward packets, it is easy enough to achieve the desired routing if the routers are MPLS-enabled. If R1 and R2 attach distinct labels to packets before sending them to R3thus identifying them as being in different FECsthen R3 can forward packets from R1 and R2 along different paths.

6. VPN (Virtual Private Network) and Tunnel:

Virtual Private Network is a type of private network that uses public telecommunication, such as the Internet, instead of leased lines to communicate. Became popular as more employees worked in remote locations. Terminologies to understand how VPNs work. Employees can access the network (Intranet) from remote locations. Secured networks. The Internet is used as the backbone for VPNs Saves cost tremendously from reduction of equipment and maintenance costs. Scalability

Types of VPN: Server based Firewall based Router based (including VPN appliancesAdvantages: Greater scalability Easy to add/remove users Reduced long-distance telecommunications costs Mobility SecurityDisadvantages Lack of standards Understanding of security issues Unpredictable Internet traffic Difficult to accommodate products from different vendors

Remote access VPN:

Working: Two connections one is made to the Internet and the second is made to the VPN. Datagrams contains data, destination and source information. Firewalls VPNs allow authorized users to pass through the firewalls. Protocols protocols create the VPN tunnels.

Encryption: Encryption -- is a method of scrambling data before transmitting it onto the Internet. Public Key Encryption Technique Digital signature for authentication

Tunneling:A virtual point-to-point connection made through a public network. It transports encapsulated datagrams. The portion of the network where the data is encapsulated

Two types of end points: Remote Access Site-to-Site

Site to Site:

Remote access VPN:

Four Protocols used in VPN: PPTP :Point-to-Point Tunneling Protocol L2TP :Layer 2 Tunneling Protocol IPsec :Internet Protocol Security SOCKS:is not used as much as the ones above

PPTP: Encapsulate and encrypt the data to be sent over a corporate or public IP networkL2TP: Encrypted and encapsulated to be sent over a communication links that support user datagram mode of transmission Examples of links include X.25, Frame Relay and ATM IPSEC: Encapsulate and encrypt in an IP header for transmission over an IP network

ATM circuit is emulated in Tunnel:The simplest form of MPLS VPN to understand is a layer 2 VPN. In this type of VPN, MPLS is used to tunnel layer 2 data (such as Ethernet frames or ATM cells) across a network of MPLS-enabled routers. one reason for tunnels is to provide some sort of network service (such as multicast) that is not supported by some routers in the network. The same logic applies here: IP routers are not ATM switches, so you cannot provide an ATM virtual circuit service across a network of conventional routers. However, if you had a pair of routers interconnected by a tunnel, they could send ATM cells across the tunnel and emulate an ATM circuit. The term for this technique within the IETF is pseudowire emulation. We have already seen how IP tunnels are built: The router at the entrance of the tunnel wraps the data to be tunneled in an IP header (the tunnel header), which represents the address of the router at the far end of the tunnel, and sends the data like any other IP packet. The receiving router receives the packet with its own address in the header, strips the tunnel header, and finds the data that was tunneled, which it then processes. Exactly what it does with that data depends on what it is. For example, if it were another IP packet, it would then be forwarded on like a normal IP packet. However, it need not be an IP packet, as long as the receiving router knows what to do with non-IP packets. Well return to the issue of how to handle non-IP data in a moment.

Forwarding ATM cells along Tunnel:1. An ATM cell arrives on the designated input port with the appropriate VCI value (101 in this example).2. The head router attaches the demultiplexing label that identifies the emulated circuit.3. The head router then attaches a second label, which is the tunnel label that will get the packet to the tail router. This label is learned by mechanisms .4. Routers between the head and tail forward the packet using only the tunnel label.5. The tail router removes the tunnel label, finds the demultiplexing label, and recognizes the emulated circuit.6. The tail router modifies the ATM VCI to the correct value (202 in this case) and sends it out the correct port.