École polytechnique fÉdÉrale de lausanne ip … · atm with aal5 hyperchannel ppp 1500 1492 4464...
TRANSCRIPT
1
The Internet Protocol (IP)
Part 2: Related Topics
Jean-Yves Le Boudec
Fall 2007
ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE
2
Contents
! IP Part 1. IP basics
1. Principles
2. Addressing
3. Packet Delivery and Forwarding
4. IP header
! IP Part 2. Related Topics (this module)
5. ICMP
6. Fragmentation
7. IPv6
8. DHCP
9. Static Configuration of Unix Host
10. Terminology
! IP Part 3. Multicast
! Related Modules: Routing
3
5. ICMP: Internet Control Message Protocol
used by router or host to send error or control messages to other hosts
or routers
error or control messages relate to layer 3 only
carried in IP datagrams (protocol type = 1)
! ICMP message types
echo request ( reply) -> used by ping
destination unreachable
time exceeded (TTL = 0) -> used for traceroute responses
address mask request/reply
source quench
redirect - router discovery
timestamps
ICMP messages never sent in response to
ICMP error message - datagram sent or multicast or broadcast IP or layer 2
address - fragment other than first
4
! Sent by router R1 to source host A when R1 receives a packet from A with
destination = B, and R1 finds that the next hop is R2, A is on-link with R2
(thus A should not have sent to R1, but directly to R2)
R1 sends ICMP redirect to A saying next hop for destination B is R2
A updates its routing table with a host route
! General routing principle of the TCP/IP architecture:
host have minimal routing information
learn host routes from ICMP redirects
routers have extensive knowledge of routes
ICMP Redirect
/ /| IP datagram header (prot = ICMP) |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Type=5 | code | checksum |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Router IP address that should be preferred |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| IP header plus 8 bytes of original datagram data |/ /
ICMP Redirect Format
5
ICMP Redirect Example
lrcsuns
in-inr156.1182.5
156.24 156.100
1
4
4
dest IP addr srce IP addr prot data part1: 128.178.29.9 128.178.156.24 udp xxxxxxx2: 128.178.29.9 128.178.156.24 udp xxxxxxx3: 128.178.156.24 128.178.156.1 icmp type=redir code=host cksum
128.178.156.100 xxxxxxx (28 bytes of 1)
4: 128.178.29.9 128.178.156.24 udp .........
3
2
2lemas3
29.1
ed2-el
inr-el29.929.200
ed2-in
6
ICMP Redirect Example (cont’d)
lrcsuns:/export/home1/leboudec$ netstat -nrRouting Table: Destination Gateway Flags Ref Use Interface-------------------- -------------------- ----- ----- ------ ---------127.0.0.1 127.0.0.1 UH 0 11239 lo0128.178.29.9 128.178.156.100 UGHD 0 19 128.178.156.0 128.178.156.24 U 3 38896 le0224.0.0.0 128.178.156.24 U 3 0 le0default 128.178.156.1 UG 0 85883
After 4
7
6. MTU
Link-layer networks havedifferent maximum framelength
! MTU (maximumtransmission unit) =maximum frame sizeusable for an IP packet
! value of short MTU!? oflong MTU!?
solution
Link-layer Network MTU
Ethernet, WiFi802.3 with LLC/SNAPToken Ring 4 Mb/s 16 Mb/s
FDDIX.25
Frame RelayATM with AAL5Hyperchannel
PPP
1500149244641791443525761600918065535296 to1500
lrcsuns:/export/home1/leboudec$ ifconfig -alo0: flags=849<UP,LOOPBACK,RUNNING,MULTICAST> mtu 8232 inet 127.0.0.1 netmask ff000000le0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500 inet 128.178.156.24 netmask ffffff00 broadcast128.178.156.255 ether 8:0:20:71:d:d4
8
IP Fragmentation
IP hosts or routers may have IP datagrams larger than MTU
! Fragmentation is performed when IP datagram too large
! re-assembly is only at destination, never at intermediate points
! fragmentation is in principle avoided with TCP
R2R1
MTU = 1500 MTU = 620 MTU =1500
IPHeader
1400 BytesIP
Header600 B
IPHeader
600 B
IPHeader
200 B
IPHeader
600 B
IPHeader
600 B
IPHeader
200 B
1 2a
2b
2c
3a
3b
3c
9
IP Fragmentation (2)! IP datagram is fragmented if
MTU of interface < datagram total length
! all fragments are self-contained IP packets
! fragmentation controlled by fields: Identification, Flag and Fragment
Offset
! IP datagram = original ; IP packet = fragments or complete datagram
Fragment data size (here 600) is always a multiple of 8Identification given by source
LengthIdentification
More Fragment flagOffset
8 * Offset
1
1420567000
2a
620567100
2b
620567175600
2c
2205670
1501200
10
Fragmentation Algorithm
! Repeated fragmentations may occur
! Don’t fragment flag prevents fragmentation
! Fragmentation Algorithm:procedure sendIPp(P0):
if P0.totalLength > MTU then data1Length = (MTU-P0.HLEN rounded to multiple of 8) data1= first data1Length bytes of P0 data part data2= remainder of P0 data part header1 = P0.header with More bit set
totalLength = P0.HLEN + data1Length P1= new (IPPacket; header1; data1) send P1 on data link layer header2 = P0.header with
totalLength = P0.totalLength - data1Length fragmentOffset += data1Length/8 P2= new(IPPacket; header2; data2) sendIPp(P2)else send P0 on data link layer
11
IP packet arrival (P0) /* and packet is not a complete datagram */ -> if (P0.(identification, source address)) is new then if (new(fragmentList, P0.(identification, source address), fl)) then insert P0 in fl start reassemblyTimer(fl) else
fl = fragmentList(P0.(identification, source address)) insert(fl,P0)
if fl is complete then deliver IP datagram else start reassemblyTimer(fl)
reassemblyTimer(fl) expires -> send ICMP error message to source delete(fl)
IP packets are sorted in fragment listsone fragment list per (Identification, source IP @)sorted by increasing Fragment Offset
Fragments F1 and F2 are contiguous iff F1.moreBit = 1 F1.fragmentOffset + F1.dataLength/8 = F2.fragmentOffsetFragment List F0…Fn is complete iff
F0.fragmentOffset = 0Fi and Fi+1 are contiguous for i=0…(n-1)Fn.moreBit = 0
Comments: new(fragment list) may fail if there is no buffer left; in that case the datagram is lost
insert may fail; if insert fails, then the fragment is discarded
12
Issues with Fragmentation
! Fragmentation requires re-assembly; issues are
deadlocks
identification wrapping problem
unit of loss is smaller than unit of re-transmission: can worsen
congestion
Q. explain why
! Solution = avoid fragmentation
Path MTU = minimum MTU for all links of one path
Discovery of path MTU
heuristics: local -> 1500; other : 576 (subnetsarelocal variable)
Path MTU discovery avoids fragmentation
solution
13
Path MTU Discovery
! Method for Path MTU (PMTU) discovery
1. host sets Don’t Fragment bit on all datagrams and estimate PMTU to
local MTU
2. routers send an ICMP message: “destination unreachable/
fragmentation needed”
3. host reduces PMTU estimate to next smallest value
4. after timeout, host increases PMTU estimate
route changes may cause 2
14
TCP, UDP and Fragmentation
! The UDP service interface accepts a datagram up to 64 KB
UDP datagram passed to the IP service interface as one SDU
is fragmented at the source if resulting IP datagram is too large
! The TCP service interface is stream oriented
packetization is done by TCP
several calls to the TCP service interface may be grouped into one TCP
segment (many small pieces)
or: one call may cause several segments to be created (one large piece)
TCP always creates a segment that fits in one IP packet: no
fragmentation at source
fragmentation may occur in a router, if IPv4 is used, and if PMTU
discovery is not implemented
Q. If all sources use PMTU discovery, in which cases has a router to
fragment a packet ?
solution
15
7. IPv6
! The current IP is IPv4. IPv6 is the next version of IP
! Why a new version ?
IPv4 address space is too small (32 bits). It will be exhausted some day.
IP over cellular, UMTS
! What does IPv6 do ?
Redefine packet format with a larger address: 128 bits
Otherwise essentially the same as IPv4, but with minor improvementson header format
Facilitate hardware implementation – not seen in this module
! We now review how the IPv6 addresses are made and what newfacilities this allows
Why IPv6 and not IPv5 ? Because the version number 5 is already used by an experimental
Protocol called ST2, used to provide quality of service for example in military networks.
16
IPv6 Addresses
45b
prefix by prov.001 subnet interface Id
3b 64b16b
allocated by customerallocated by IANA
and org / provider
Why IPv6 and not IPv5 ? Because the version number 5 is already used by an experimental
Protocol called ST2, used to provide quality of service for example in military networks.
Address type
17
! IPv6 address is 16B = 128 bits
! Notations: 1 piece = 16 bits = [0-4 ]hexa digits; pieces separated by“:”:: replaces any number of 0s; appears only once in address
! ExamplesA698:6:0945:100:FFFF:96A:A:980:0:0:0:0:0:128.178.156.38
IPv4 comp IPv6 address (dual stack host,,obsolete)2002:80b2:9c26:0:800:2078:30f9
6to4 IPv6 address of dual stack host with IPv4 address 128.178.156.38 and MAC address 08:00:20:78:30:f90:0:0:0:0:FFFF:128.178.156.38
IPv4 mapped address (IPv4 only host)::FFFF:80b2:9c26
same as previous FF02::43
all NTP servers on this LAN0:0:0:0:0:0:0:0 = :: = unspecified address (absence of address)
! hosts may have several addresses
! addresses are: unicast, anycast or multicastno broadcast addresses
IPv6 Addresses: Notation
18
Address type Binary prefix IPv6 notation
------------ ------------- -------------
Unspecified 00...0 (128 bits) ::/128
Loopback 00...1 (128 bits) ::1/128
Multicast 11111111 FF00::/8
Link-Local unicast 1111111010 FE80::/10
Global Unicast (everything else)
From RFC4291, Feb 2006
19
INTERNET PROTOCOL VERSION 6 ADDRESS SPACE
(IANA)
[last updated 27 February 2006]
IPv6 Prefix Allocation Reference Note
----------- ---------- --------- ----
0000::/8 Reserved by IETF [RFC3513] [1] [5]
0100::/8 Reserved by IETF [RFC3513]
0200::/7 Reserved by IETF [RFC4048] [2]
0400::/6 Reserved by IETF [RFC3513]
0800::/5 Reserved by IETF [RFC3513]
1000::/4 Reserved by IETF [RFC3513]
2000::/3 Global Unicast [RFC3513] [3]
4000::/3 Reserved by IETF [RFC3513]
6000::/3 Reserved by IETF [RFC3513]
8000::/3 Reserved by IETF [RFC3513]
A000::/3 Reserved by IETF [RFC3513]
C000::/3 Reserved by IETF [RFC3513]
E000::/4 Reserved by IETF [RFC3513]
F000::/5 Reserved by IETF [RFC3513]
F800::/6 Reserved by IETF [RFC3513]
FC00::/7 Unique Local Unicast [RFC4193]
FE00::/9 Reserved by IETF [RFC3513]
FE80::/10 Link Local Unicast [RFC3513]
FEC0::/10 Reserved by IETF [RFC3879] [4]
FF00::/8 Multicast [RFC3513]
[0] The IPv6 address management function was formally delegated to
IANA in December 1995 [RFC1881].
[1] The "unspecified address", the "loopback address", and the IPv6
Addresses with Embedded IPv4 Addresses are assigned out of the
0000::/8 address block.
[2] 0200::/7 was previously defined as an OSI NSAP-mapped prefix set
[RFC-gray-rfc1888bis-03.txt]. This definition has been deprecated as of December
2004 [RFC4048].
[3] The IPv6 Unicast space encompasses the entire IPv6 address range
with the exception of FF00::/8. [RFC3513] IANA unicast address
assignments are currently limited to the IPv6 unicast address
range of 2000::/3. IANA assignments from this block are registered
in the IANA registry: iana-ipv6-unicast-address-assignments.
[4] FEC0::/10 was previously defined as a Site-Local scoped address
prefix. This definition has been deprecated as of September 2004
[RFC3879].
[5] 0000::/96 was previously defined as the "IPv4-compatible IPv6
address" prefix. This definition has been deprecated by [RFC4291].
20
IPv6 Multicast Addresses
11111111 flgs scpe group Id
8b 4b 4b 112 bits
flgs: (flags)=000T T=0: well-known T=1: transientscpe: (scope) 0: reserved 1: node local 2:link local 5: site local 8: org local E: global F: reserved examples: FF01::43 = all NTP servers on this node FF02::43 = all NTP servers on this link
FF05::43 = all NTP servers on this site
FF0E::43 = all NTP servers in the Internet
reserved addresses: FF0x::1 all nodes in the scope (x=1, 2) FF0x::2 all routers in the scope (x=1, 2) FF02::1:0 all DHCP servers/relay on this link
solicited node multicast: FF02::1:XXXX:XXXX where XXXX:XXXX= lowest order 32 bits of unicast addr.
21
! Automatic assignment of addresses in hosts is possible, using MAC
address
This is called “stateless” autoconfiguration
! The next slide shows how it works:"#Host creates a link local unicast address from its MAC address (cannot be used outside a
LAN, but can be used to reach a router). Validity of address is verified by sending a packet
to a special multicast address that only nodes with the same MAC address can have.
$#Host asks for a router present and gets a prefix.
The New Address Format Allows
Plug and Play
22
Stateless Autoconfiguration Overviewhost A other host on-link router on-link
A accepts its linklocal unicast address:FE80::0800:2072:8CFC
router response with prefix4001:41:1234:156:128(if M flag set : use DHCP instead)
A accepts its globalunicast address:4001:41:1234:156:128:0800:2072:8CFC
2. RS, multicast to FF02::2
1. NS, multicast to FF02::1:2072:8CFC (dupl test)
A attempts to acquire its link localunicast address:FE80::0800:2072:8CFC
23
IPv6 Host Configuration Example! Output of "netstat -q" at lrcsun12;
Interface Destination/Mask Phys Addr Ref State
--------- ------------------- ---------- ------- ---------------
le0#v6 ff02::2/128 33:33:00:00:00:02 1 REACHABLE
le0#v6 ff02::1:80b2:9c26/128 33:33:80:b2:9c:26 1 REACHABLE
le0#v6 fe80::1:0:800:2078:30f9/128 08:00:20:78:30:f9 1 REACHABLE
le0#v6 ff02::1:2078:30f9/128 33:33:20:78:30:f9 1 REACHABLE
Q. analyze the addresses on the four lines;
given that lrcsun13’s IPv4 address is 128.178.156.38
and lrcsun13’s MAC address is 08-00-20-78-30-F9
solution
24
Compatibility of IPv4 and IPv6
! IPv6 is incompatible with IPv6
Packet format is different – address size does not fit
Software is different – socket programs are differentTCP code for IPv6 need to be different, DNS code etc. because they all contain data
structures for IP addresses that are fixed size
Q. How does a host know, when receiving a packet from Ethernet,
whether it is an IPv4 or IPv6 packet ?
! How can IPv6 be deployed while most systems are IPv4 ?
Main solution: interworking at application layer
solution
25
Interworking at Application Layer
! A dual stack host implement both IPv4 and IPv6; it is configured
with an IPv4 address and an IPv6 address
! Dual stack host uses DNS to know whether to use IPv4 or IPv6 send
packets
hostname2addr(AF_INET6, hostName) returns IPv6 address (read
from AAAA record) if available, else IPv4 mapped address read from A
record
Application
TCP
IPv6
Application
TCP/ IP
IPv4
Application
TCP/ IP
IPv6
TCP
IPv4
Joe’s PC Mail Server Elaine’s PC
IPv6 IPv4
26
Problems solved by Interworking at Application
Layer
! Q. Review the problems posed by the deployment of IPv6 and
discuss whether this dual stack approach solves them.
solution
27
Deployment of IPv6
! IPv6 is implemented in Unix, Windows, Cisco but… is not deployed.
Why ?
Q. Give possible explanations.
solution
28
8. DHCP
! Why invented ?
Allocation of IP addresses is painful and error prone – wrong address =
system does not work
Renumbering is difficult, but once in while is needed
! What does it do ?
Dynamic Host Configuration Protocol = DHCP: Allocate an IP address
and network mask to host when it boots (or on user’s demand)
! How does it do its job ?
DHCP servers maintain lists of addresses and prefixes that are
available for allocation
MAC address used to identify a host to DHCP server
DHCP was initially developed for IPv6, so we show it in this context
29
DHCPv6
! For IPv6, this is an alternatively to stateless address allocation
Provides more control about who is allowed to insert itself in the
network
The next slides show how DHCPv6 (i.e. DHCP for IPv6) works
2: sent to IPv6 multicast address: well known, link scope address transId =
set by client; token = depends on type of network (MAC@ on Ethernet)UDP
destination port shown
4: sent to multicast address to inform other servers
5 is the commit flow; commitment done by server when sending message;
done by client on reception option field contains: printer addr, DNS server
address, name of a file to retrieve from server with for example config info
(such as name)
30
DHCPv6 Address Acquisition
assignment of link local address
DISCOVER(IP DA=FE02::1:0, SA=lla, netHdr=UDP;udp dport=DHCPv6s; transId, interface token=MACaddr,client link addr=lla,client addr=::)
1
2
3
4
5
CONF-RESP(IP DA=lla, SA=dsa, netHdr=UDP; udp dport=DHCPv6c; transId, interface token=MACaddr,client link addr=lla; client addr=ca)
ACCEPT(IP DA=FE02::1:0, SA=lla, netHdr=UDP; udp dport=DHCPv6s; transId, interface token=MACaddr,client link addr=lla,client addr=ca)
SERVER-ACK(IP DA=lla, SA=dsa, netHdr=UDP; udp dport=DHCPv6s; transId, interface token=MACaddr,client link addr=lla; client addr=ca)
commitcommit
DHCPv6client(host)
DHCPv6server
31
DHCP with Remote DHCP Server
DISCOVER(IP DA=?, SA=?,…gateway addr=?,…)
assignment oflink local address
1
2
3 CONF-RESP(IP DA=?, SA=?,…gateway addr=?,…)
DHCPv6client(host)
DHCPv6server
DHCPv6relay
(router)
DISCOVER(IP DA=?, SA=?,…gateway addr=?,…)
IPv6address=ra
IPv6address=dsa
CONF-RESP(IP DA=?, SA=?,…client link addr=?,…)
Q1. replace ‘?’ by plausible values
Q2. does DHCP relay keep state information ?
Solutions
32
DHCP for IPv4
! Originally, DHCP was intended for IPv6
! Q: How would one map the concepts of DHCP used with IPv6 to
IPv4 ?
! Q: is DHCP relay a router function ?
! Q: should the DHCP server be colocated on router or not ?
solution
33
Functions Developed for IPv6 Can Often be
Retrofitted to IPv4
! Example: DHCP
! Other functions such as quality of service, mobility, security are
now supported equally well by IPv6 and IPv4.
! Example: can you do stateless address allocation in IPv4 as in IPv6
?
Q. Explain how you would do it using private IP addresses instead
of link local unicast address.
solution34
9. Terminology
! Architecture IP router
a system that forwards packets based on IP addresses
performs packet forwarding + control method
! Implementation:
any UNIX machine can be configured as IP router
normally, dedicated box with specialized hardware called router
35
What is a “Multiprotocol Router” ?
! Multiprotocol router
a system that forwards packets based on layer 3 addresses for various
protocol architectures (ex: IP, Appletalk)
CISCO, IBM, etc…
most multiprotocol routers perform both bridging and routing
architecture: bridge + router
implementation: one CISCO
IP router boxes also perform other functions: port filtering, DHCP relay,
…
! Q. In a pure IP world (if all machines run TCP/IP) do we need
multiprotocol routers ?
A. Yes if both IPv4 and IPv6 are used.
solution
36
Example of Combined Functions in One Product! Put a bridge + Ethernet concentrator + router in the same box
! The resulting product is called “switching router”
Avoids ARP broadcastsThe words switches and routers are normally used in many different ways. For us, a switch is an
intermediate system for connection oriented network layers such as ATM or Frame Relay. For the
commercial literature, it usually means a fast packet forwarder, usually implemented in hardware. In reality,
routers can be implemented exactly in the same way and with the same performance as “switches”. The
main difference is for multiprotocol routers that need to understand not just one network layer, but many. In
such cases, only software implementations are available. In contrast, IP only routers are emerging with a
performance similar to that of switches.
The “switching router” concept is an example of product, which is new as a product, but from an
architecture viewpoint is nothing new. Since the router is in the same box as the Ethernet concentrator, it
can know (by software) the MAC address of directly attached systems. Thus, the ARP broadcasts are
avoided.
Router
SwitchingRouter
SwitchingRouter
M1p.h1
M2p.h2
M3q.h1
M8q.1
M4q.h3
M9p.1
1
2
H1 H2
37
Why are Bridges called “Multiprotocol” ?
! Some network protocols (ex:
Appletalk, IPX, IPv6) are not
compatible with IPv4
routers must be multiprotocol
but bridges work independently
of which network layer protocol
is used -- they are called
“multiprotocol” in the
commercial literature!
LLC
PHY
MAC
Appletalk
LLC
PHY
MAC
Ap
ple
talk
IP
TCP
PHY
MAC
IP
TCP
Bridge
A B
C
LLC
PHY
MAC
Appletalk
LLC
PHY
MAC
Appletalk
LLC
PHY
MAC
Ap
ple
talk
IP
TCP
LLC
PHY
MAC
Ap
ple
talk
IP
TCP
PHY
MAC
IP
TCP
PHY
MAC
IP
TCP
BridgeBridge
A B
C
B (an old Macintosh file server) runs only
Appletalk. Only applications using the Appletalk
protocols can be used (MacOS file sharing,
printing). TCP/IP applications such as the web
cannot be used on B.
C (a modern PC) runs only TCP/IP. All TCP/IP
applications can be used, but not native MacOS
file sharing.
A (a windows server) runs both in parallel. It can
talk to both C and B.
A bridge can be used to interconnect A, B and C;
there is nothing special to do. If a router is used
instead, it must run in parallel Appletalk and IP.
The protocol stacks shown are all implemented in
software. They use the standard Ethernet adapters.
38
What is a “Non Routable Protocol” ?
! NetBIOS was originally developed to work only in one bridged LAN
uses LLC-2, similar to TCP but located in layer 2 (also called NETBEUI)
in that form, it is not “routable”: can only be bridgedNetBIOS is an interface for distributed applications that is commonly used with
IBM and Microsoft systems. Only MAC addresses are used. In addition, NetBIOS
offers a naming service. This version of NetBIOS works only in a bridged
environment.
! NetBIOS today is offered as a TCP/IP application
uses the NBT reserved port
Windows machines at EPFL use TCP/IP only
LLC2
PHY
MAC
NetBIOS
LLC2
PHY
MAC
NetBIOS
Layer 2
R1
MACMAC
PHY R2
Bridge
App App
LLC2
PHY
MAC
NetBIOS
LLC2
PHY
MAC
NetBIOS
Layer 2
R1R1
MACMAC
PHY R2R2
Bridge
App App
39
Virtual LANs and Subnets
! IP requires machines to be organized by subnets
-- This is a problem when machines (and people) move
! One solution is provided by layer 2: virtual LANs
What is does : define LANs independent from location
How: associate (by configuration rules) hosts with virtual LAN labels.
The picture shows two virtual LANs: (ACLNV) and (BDMPU). The concentrators perform bridging between
the different collision domains of the same virtual LAN.
Between two virtual LANs, a router must be used. The figure shows one router that belongs to both VLANs
Between X1 and X2, the two virtual LANs use the same physical link. This is made possible by adding a label
to the Ethernet packet header, that identifies the virtual LAN.
Q. How many spanning trees are there in this network ?
solution
! Q. Can you think of another solution to the same problem ?
solution
40
Virtual
LAN
Concen-
trator
Virtual
LAN
Concen-
trator
Virtual
LAN
Concen-
trator
A
B
C
D
VU
L
M
N
P
X1 X2
X3
Virtual
LAN
Concen-
trator
Virtual
LAN
Concen-
trator
Virtual
LAN
Concen-
trator
A
B
C
D
VU
L
M
N
P
X1 X2
X3
Router
41
Solutions
42
MTU
! value of short MTU ?
reduces queue lengths and delays
on lossy links (radio) reduces proba of packet error
! of long MTU ?
reduces per packet processing
back
43
Issues with Fragmentation
! Fragmentation requires re-assembly; issues are
deadlocks
identification wrapping problem
unit of loss is smaller than unit of re-transmission: can worsencongestion
Q. explain whyA. when a network is congested, packets get lost. Assume everydatagram is fragmented in 10, and a single loss causesretransmission. The losses of a n packets (belonging to differentdatagrams) causes 10n retransmissions, which increases the offeredtraffic and makes congestion worse.
! Solution = avoid fragmentation
Path MTU = minimum MTU for all links of one path
Discovery of path MTU
heuristics: local -> 1500; other : 576 (subnetsarelocal variable)
Path MTU discovery avoids fragmentation
back
44
Fragmentation (sol)
! The UDP service interface accepts a datagram up to 64 KB
UDP datagram passed to the IP service interface as one SDU
is fragmented at the source if resulting IP datagram is too large
! The TCP service interface is stream oriented
packetization is done by TCP
several calls to the TCP service interface may be grouped into one TCP segment
(many small pieces)
or: one call may cause several segments to be created (one large piece)
TCP always creates a segment that fits in one IP packet: no fragmentation at
source
fragmentation may occur in a router, if IPv4 is used, and if PMTU discovery is not
implemented
Q. If all sources use PMTU discovery, in which cases has a router to
fragment a packet ?
A. 1. UDP packets sent by sources that have a larger local MTU than the
path MTU
2. TCP packets where PMTU estimation failed (due to path changes)
back
45
IPv6 Host Configuration Example! Output of "netstat -q" at lrcsun12;
Interface Destination/Mask Phys Addr Ref State
--------- ------------------- ---------- ------- ---------------
le0#v6 ff02::2/128 33:33:00:00:00:02 1 REACHABLE
le0#v6 ff02::1:80b2:9c26/128 33:33:80:b2:9c:26 1 REACHABLE
le0#v6 fe80::1:0:800:2078:30f9/128 08:00:20:78:30:f9 1 REACHABLE
le0#v6 ff02::1:2078:30f9/128 33:33:20:78:30:f9 1 REACHABLE
Q. analyze the addresses on the four lines;
given that lrcsun13’s IPv4 address is 128.178.156.38
and lrcsun13’s MAC address is 08-00-20-78-30-F9
A.
ff02::2/128 33:33:00:00:00:02 all routers on link
ff02::1:80b2:9c26/128 33:33:80:b2:9c:26 snmc addr of ::128.178.156.38 (specialmulticast address)
fe80::1:0:800:2078:30f9/128 08:00:20:78:30:f9 link local of lrcsun13
ff02::1:2078:30f9/128 33:33:20:78:30:f9 snmc addr of above
Comment: could have been present:
4800::1:0:800:2078:30f9/128 08:00:20:78:30:f9 configured addr of lrcsun13
back
46
Compatibility of IPv4 and IPv6
! IPv6 is incompatible with IPv6
Packet format is different – address size does not fit
Software is different – socket programs are differentTCP code for IPv6 need to be different, DNS code etc. because they all contain data
structures for IP addresses that are fixed size
Q. How does a host know, when receiving a packet from Ethernet,
whether it is an IPv4 or IPv6 packet ?
A. The protocol type in the Ethernet header is different
! How can IPv6 be deployed while most systems are IPv4 ?
Main solution: interworking at application layer
back
47
Problems solved by Interworking at Application
Layer
! Q. Review the problems posed by the deployment of IPv6 and
discuss whether this dual stack approach solves them.
A. 1. PCs deployed with only IPv6 addresses (IPv4 address
exhaustion). They can access the IPv6 services directly. For
services provided by IPv4 servers, they have no access, except if
the server is dual stack. This is OK for email, as the PC connects to
its local server, which we assume runs both IPv6 and IPv4. In
contrast, web access requires something else: web proxies that
run both IPv6 and IPv4.
2. This solution does not solve the problem of interconnecting IPv6
devices over a network of IPv4 only routers, and vice-versa. See
module “mixed.ppt” for how this can be done.
back
48
Deployment of IPv6
! IPv6 is implemented in Unix, Windows, Cisco but… is not deployed. Why ?Q. Give possible explanations.A.
1. IPv6 is incompatible, so a smooth deployment is not easy. If I installIPv6 in my PC and remove IPv4, I cannot access the existing base of IPv4services.
2. Address space exhaustion is not critical in the US, which is themain source of product development. This is because many networks usenetwork address translation or HTTP proxies that allow one to use privateaddresses for hosts.
3. The benefit of introducing IPv6 is for others (those who do not haveenough addresses). There is no incentive for a company to move to IPv6(but there are many associated costs).
So the move to IPv6 is likely to occur under pressure of serious problems –it is like moving to green power sources…
back
49
DHCP with Remote DHCP Server
DISCOVER(IP DA=FE02::1:0, SA=lla,…gateway addr=::,…)
assignment oflink local address
1
2
3CONF-RESP(IP DA=lla, SA=dsa,…gateway addr=ra,…)
DHCPv6client(host)
DHCPv6server
DHCPv6relay
(router)
DISCOVER(IP DA=dsa, SA=ra,…gateway addr=ra,…)
IPv6address=ra
IPv6address=dsa
CONF-RESP(IP DA=ra, SA=dsa,…client link addr=lla,…)
Q2. no; DHCP relay puts all needed info in request and so
does the DHCPv6 server
back
50
DHCP for IPv4
! Originally, DHCP was intended for IPv6
! Q: How would one map the concepts of DHCP used with IPv6 to
IPv4 ?
! A: one needs to replace the IPv6 multicast address and the link
local address;
client sends DHCPDISCOVER to broadcast IP address; source IP
address =0; UDP is used (ports 67 on server, 68 on client); message
contains the MAC address of client
DHCP server or relay (colocated in router) receives it and answers;
sends it to the MAC address of client, to IP address = broadcast or the
address allocated to client
! Q: is DHCP relay a router function ?
no, it can be colocated in a router but is not a layer-3 IS function
! Q: should the DHCP server be colocated on router or not ?
DHCP server requires permanent storage (disk) usually better placed
on a server than on a router.
back
51
Functions Developed for IPv6 Can Often be
Retrofitted to IPv4
! Example: DHCP
! Other functions such as quality of service, mobility, security arenow supported equally well by IPv6 and IPv4.
! Example: can you do stateless address allocation in IPv4 as in IPv6?Q. Explain how you would do it using private IP addresses insteadof link local unicast address.A. 1. when booting, host uses 192.168.x.y where x and y are drawnat random. An ARP packet is broadcast to resolve this address tocheck if it is use. If not, host keeps this address.
However, this works only for hosts on the same LAN, and theaddress obtained in this way is private, so we need for example aNetwork Address Translator between this host and the rest of theinternet. So we have an example where IPv6 brings more (the IPv6address allocated in this way is globally unique and is validworldwide).
back52
What is a “Multiprotocol Router” ?
! Multiprotocol router
a system that forwards packets based on layer 3 addresses for various
protocol architectures (ex: IP, Appletalk)
CISCO, IBM, etc…
most multiprotocol routers perform both bridging and routing
architecture: bridge + router
implementation: one CISCO
IP router boxes also perform other functions: port filtering, DHCP relay,
…
! Q. In a pure IP world (if all machines run TCP/IP) do we need
multiprotocol routers ?
A. Yes if both IPv4 and IPv6 are used.
back
53
Virtual LANs and Subnets
! IP requires machines to be organized by subnets
-- This is a problem when machines (and people) move
! One solution is provided by layer 2: virtual LANs
What is does : define LANs independent from location
How: associate (by configuration rules) hosts with virtual LAN labels.
The picture shows two virtual LANs: (ACLNV) and (BDMPU). The concentrators perform
bridging between the different collision domains of the same virtual LAN.
Between two virtual LANs, a router must be used. The figure shows one router that belongs
to both VLANs
Between X1 and X2, the two virtual LANs use the same physical link. This is made possible
by adding a label to the Ethernet packet header, that identifies the virtual LAN.
Q. How many spanning trees are there in this network ?
A. 2 (one per virtual LAN)
back
54
Virtual LANs and Subnets
! Q. Can you think of another solution to the same problem ?
A. DHCP
back