nov 02, 2004cs573: network protocols and standards1 subnetting, icmp, nat, bootp network protocols...

Nov 02, 2004 CS573: Network Protocols and Standards

1

Subnetting, ICMP, NAT, BOOTP

Network Protocols and Standards

Autumn 2004-2005

Nov 02, 2004 CS573: Network Protocols and Standards 2

Subnet Routing Conventional routing table entry

(network address, next hop address) Network address format is predetermined for a given

class (e.g., first 16 bits for class B addresses!)

With subnetting, routing table entry becomes (subnet mask, network address, next hop

address) Then compare with network address field of

entries to find next hop address Subnet mask indicates the network address!


Subnet Routing The use of mask generalizes the subnet routing algorithm to

handle all the special cases of the standard algorithm Routes to individual hosts Default route Routes to directly connected networks Routes to conventional networks (that do not use subnet

addressing) Merely combine the 32-bit mask field with the 32-bit IP

address Example: To install a route for:

Individual host (Mask of all 1’s, Host IP address) Default Route (Mask of all 0’s, network address all 0’s) Class B network address (Mask of two octets of 1’s and two of

0’s)


Subnet Routing Algorithm

Extract destination IP (D) from datagram Compute IP address of destination network N If N matches any directly connected network address

Send datagram over that network (obviously encapsulated in a frame)

Else For each entry in the routing table, do N* = bitwise-AND of D and subnet mask If N* equals the network address field of the entry, then

route the datagram to the specified next hop


Subnetting: Example Consider a corporate network assigned

a class C address P.Q.R.00000000 The company needs 5 subnets:

2 subnets of 16 hosts each 3 subnets with 32, 64, and 128 hosts

External routers reach the corporate via single routing table entry P.Q.R.0 network and 255.255.255.0 mask (if

any) What about internal routers?


Subnetting: Example

S5

S4

S3

S2

S1

255.255.255.1 0000000P.Q.R.1 111 hhhh

255.255.255.1 0000000P.Q.R.1 110 hhhh

255.255.255.1 0000000P.Q.R.1 101 hhhh

255.255.255.1 0000000P.Q.R.1 100 hhhh

255.255.255.1 0000000P.Q.R.1 011 hhhh

255.255.255.1 0000000P.Q.R.1 010 hhhh

255.255.255.1 0000000P.Q.R.1 001 hhhh

P.Q.R.1 0000000

255.255.255.1 0000000P.Q.R.1 000 hhhh

255.255.255.11 000000P.Q.R.01 11 hhhh

255.255.255.11 000000P.Q.R.01 10 hhhh

255.255.255.11 000000P.Q.R.01 01 hhhhP.Q.R.01 000000

255.255.255.11 000000P.Q.R.01 00 hhhh

255.255.255.111 00000P.Q.R.001 1 hhhhP.Q.R.001 00000

255.255.255.111 00000P.Q.R.001 0 hhhh

P.Q.R.0001 0000255.255.255.1111 0000P.Q.R.0001 hhhh

P.Q.R.0000 0000255.255.255.1111 0000P.Q.R.0000 hhhh

IP addresses Network/Subnet addressSubnet Mask Subnet Name{{


Subnetting: Example

S5

S4

S3

S2

S1

255.255.255.1 0000000

P.Q.R.1 0000000P.Q.R.1

hhhhhhh

255.255.255.11 000000

P.Q.R.01 hhhhhh

P.Q.R.01 000000

P.Q.R.001 00000255.255.255.1110

0000P.Q.R.001

hhhhh

P.Q.R.0001 0000255.255.255.1111 0000P.Q.R.0001 hhhh

P.Q.R.0000 0000255.255.255.1111 0000P.Q.R.0000 hhhh

IP addresses Network/Subnet addressSubnet Mask Subnet Name


Subnetting: Routing Table

P5

P4

P3

P2

P1

255.255.255.1 0000000

P.Q.R.1000 0000

255.255.255.11 000000

P.Q.R.0100 0000

P.Q.R.0010 0000255.255.255.1110

0000

P.Q.R.0001 0000255.255.255.1111

0000

P.Q.R.0000 0000255.255.255.1111

0000

Network/Subnet addressSubnet Mask Next Hop/Port



P.Q.R.0000 0000 / 28 P1

P.Q.R.0001 0000 / 28 P2

P.Q.R.0010 0000 / 27 P3

P.Q.R.0100 0000 / 26 P4

P.Q.R.1000 0000 / 25 P5

Network/Subnet address Next Hop/Port

Number after / indicates number of bits to look at!


Subnetting: Routing TableSubnet S4 has 64 hosts. Can we make two subnets? 16+48?

255.255.255.11 000000P.Q.R.01 11 hhhh

255.255.255.11 000000P.Q.R.01 10 hhhh

255.255.255.11 000000P.Q.R.01 01 hhhh P.Q.R.0100 0000

255.255.255.11 000000P.Q.R.01 00 hhhh

Old mask Old subnet New mask

255.255.255.11 000000P.Q.R.01 hhhhhh

255.255.255.11 000000P.Q.R.01 hhhhhh

255.255.255.11 000000P.Q.R.01 hhhhhh

255.255.255.1111 0000P.Q.R.01 00 hhhh{

S4255.255.255.11 000000

P.Q.R.01 hhhhhh

P.Q.R.01 000000

S41255.255.255.1111 0000

P.Q.R.0100 hhhh

P.Q.R.0100 0000

S42255.255.255.11 000000

P.Q.R.01 hhhhhh

P.Q.R.01 000000



What if an IP in S42 is received?It will match on the second entry!

What if an IP in S41 is received?It will match both entries!Which entry should be used?

USE LONGEST PREFIX MATCH

S41255.255.255.1111 0000

P.Q.R.0100 hhhh

P.Q.R.0100 0000

S42255.255.255.11 000000

P.Q.R.01 hhhhhh

P.Q.R.01 000000


Subnetting: Routing TableWhere else longest prefix match can be used?

P345

P345

P345

P2

P1

255.255.255.1 0000000 P.Q.R.1000 0000

255.255.255.11 000000 P.Q.R.0100 0000

P.Q.R.0010 0000255.255.255.1110 0000

P.Q.R.0001 0000255.255.255.1111 0000

P.Q.R.0000 0000255.255.255.1111 0000


Aggre

gate

P345

P2

P1

P.Q.R.0000 0000255.255.255.0000 0000

P.Q.R.0001 0000255.255.255.1111 0000

P.Q.R.0000 0000255.255.255.1111 0000


Router

Router

S1S2

S5S4S3


Supernet Addressing Use of many IP network addresses for a

single organization Example:

To conserve class B addresses, issue multiple class C address to the same organization

Issue: increase in the number of entries in the routing tables for routers outside the network

Solutions: Collapse a block of contiguous class C address into

the pair: (network address, count) where network address is the smallest number in the block


Supernet Addressing It requires each block to be a power of 2

and uses bit mask to identify the size of the block

Example Dotted decimal 32-bit binary equivalent

Lowest: 234.170.168.0 11101010 10101010 10101000 00000000

Highest: 234.170.175.255 11101010 10101010 10101111 11111111

A block of 2048 addresses 32-bit mask is 11111111 11111111 11111000 00000000

Do we really need address classes when we have masks?

Answer: NO CIDR (Classless Inter Domain Routing)


Supernet Addressing In the router, the entry consists of:

The lowest address and the 32-bit mask

A block of addresses can be subdivided, and separate route can be entered for each subdivision

When looking up a route, the routing software uses a longest-match paradigm to select a route


16

ICMP: Internet Control Message Protocol


Autumn 2004-2005


ICMP Motivation Questions in Routing:

What if a router cannot route or deliver a datagram? What if a router experiences congestion? What if the TTL expires?

Router needs to inform the source to take action to avoid or correct the problem

ICMP – error reporting mechanism Can only report condition back to the original source Routers and hosts send error or control messages to

others Specified in RFC 792


ICMP ICMP messages are encapsulated in IP datagrams, with

protocol type 1 In the data portion of the datagram, first byte indicates the

ICMP message type and the format for the rest of the message

Some ICMP packets have a code that further qualifies the type Most ICMP messages include the full IP header plus the first 8

bytes of the data portion of the datagram they refer to Helps sender identify the packet

To avoid explosion of ICMP messages No ICMP packets are generated to report errors on ICMP packets If an ICMP message is generated about a fragmented datagram,

it is generated only for the first fragment (fragment 0)


Some ICMP Message Types

Type Field

ICMP Message Type

0 Echo Reply

3 Destination Unreachable

4 Source Quench

5 Redirect (change a route)

8 Echo Request

9 Router Advertisement

10 Router Solicitation

11 Time Exceeded for a Datagram

12 Parameter Problem on a Datagram

13 Timestamp Request

14 Timestamp Reply

17 Address Mask Request

18 Address Mask Reply

Reference:RFC 1700


Echo Request/Reply Testing destination reachability and status

Echo Request Message Echo Reply Message

Command used to send ICMP echo request is, in most systems, called “ping”

Echo request may contain some data, which is returned unchanged in the reply

The ICMP Echo Request/Reply header also contains a sequence number and identifier, to aid the host in matching the request with the reply


Echo Request/Reply

ICMP Echo Request or Reply Message Format

TYPE(0/8) CODE(0)

IDENTIFIER

CHECKSUM

SEQUENCE NUMBER

OPTIONAL DATA

… … …


Destination Unreachable Reports of unreachable

destinations When a router can not forward or

deliver an IP datagram, it sends a “destination unreachable” message back to the original source

Code determines specific condition (see table)


Destination Unreachable

ICMP Destination Unreachable Message Format

TYPE(3) CODE(0-12) CHECKSUM

UNUSED (MUST BE ZERO)

INTERNET HEADER+FIRST 8 BYTES OF DATA

… … …


Destination Unreachable Codes

Code Value

Meaning

0 Network Unreachable

1 Host Unreachable

2 Protocol Unreachable

3 Port Unreachable

4 Fragmentation Needed and DF Set

5 Source Route Failed

6 Destination Network Unknown

7 Destination Host Unknown

8 Source Host Isolated

9 Communication with Destination Network Administratively Prohibited

10 Communication with Destination Host Administratively Prohibited

11 Network Unreachable for Type of Service

12 Host Unreachable for Type of Service


ICMP Source Quench Congestion and datagram flow control

Report congestion to the original source Request to source to reduce current rate

Usually sent for each datagram discarded Can be sent by a host or a router Some routers may be more sophisticated

Monitor incoming traffic Quench sources that have the highest rates Avoid congestion by quenching before

datagrams are lost


Source Quench

ICMP Source Quench Message Format

TYPE(4) CODE(0) CHECKSUM



… … …


ICMP Redirect Message Host sends a datagram to router R1 to

be forwarded to a certain destination Router R1 looks at its routing table, and

finds the next router in the path as R2 If R2 is directly accessible to the sending

host, R1 generates an ICMP Redirect Message back to the sender. R1 also forwards the datagram to R2 normally

The purpose is to inform the host that there is a better route to that destination


ICMP Redirect MessageTYPE(5) CODE(0-3) CHECKSUM

SUGGESTED ROUTER INTERNET ADDRESS


… … …

Code Value

Meaning

0 Redirect datagrams for the Net (now obsolete)

1 Redirect datagrams for the Host

2 Redirect datagrams for the Type of Service and Net

3 Redirect datagrams for the Type of Service and Host


ICMP Time ExceededTYPE(11) CODE(0/1) CHECKSUM



… … …

Code Value

Meaning

0 Time-to-live count Exceeded

1 Fragment reassembly time exceeded

A router sends this message whenever a datagram is discarded because theTTL field in the datagram has reached zero or because its reassembly timerExpired while waiting for fragments


Address Mask Request/Reply Obtaining a subnet mask

ICMP address mask request message ICMP address mask reply message

Request Sent directly to the router (if known) Broadcast (if router unknown)

Response is unicast if the request contains a valid IP address; otherwise, it is a broadcast

Any host can respond (see RFC 950)


Address Mask Request/Reply

ICMP address mask request or reply message format.Usually, hosts broadcast a request without knowing which specific router will respond.

TYPE(17/18) CODE(0)

IDENTIFIER

CHECKSUM

SEQUENCE NUMBER

ADDRESS MASK


Router Advertisement/Solicitation Options for the host to learn the router

address(es) Manually enter entries

Not up to date and cumbersome Host listens to routing protocol messages

Protocols and their messages differ Complexity is introduced at the host

Use of ICMP messages as defined in RFC 1256 Routers periodically send an ICMP “router

Advertisement” – either broadcast or multicast Hosts may solicit such advertisements with a

Router Solicitation message


Router Advertisement


LIFETIME (SEC)

ROUTER ADDRESS [1]

NUM ADDRS ADDR ENTRYSZIE = 2

ROUTER ADDRESS [2]

PREFERENCE LEVEL [2]

PREFERENCE LEVEL [1]

… … …


Router Solicitation


RESERVED

– Default advertisement rate is once every 7-10 minutes– The router solicitation message causes the routers to

send their advertisements earlier– Lifetime of advertisements is typically 30 minutes


Application: Traceroute Goal: Find the path a packet takes between two hosts Originator host sends a series of packets, starting with

TTL=1 and increasing the TTL for each packet The first router in the path will drop the TTL=1 packet

and send back an ICMP Time Exceeded Host learns who is the first hop

Second router in the path will drop the packet that originated with TTL=2 and send back an ICMP Time Exceeded

Third router will do the same upon receiving packet that originated with TTL=3

By collecting the ICMP responses, the host can figure out the path taken by the packet. Will this work?


Application: Traceroute Current method described above requires 2N

messages for a N-hop path Will also give wrong results if path changes

ICMP Traceroute (RFC 1393) can do it in N+1 messages

Idea: Define a traceroute IP option Send an IP packet with this option set Every intermediate system handling this

packet will send back an ICMP traceroute to the source


Application: TracerouteTracing route to nova.stanford.edu [171.64.90.123] over a maximum of 30 hops:

1 <10 ms <10 ms <10 ms shahalami.lums.edu.pk [203.128.0.1] 2 1938 ms 1890 ms 1860 ms 202.125.139.29 3 1515 ms 1875 ms 1938 ms 202.125.139.249 4 1812 ms 1672 ms 1578 ms 202.125.159.53 5 1969 ms 1672 ms 1953 ms 203.208.147.85 6 1437 ms 1641 ms 1594 ms p5-2.nycmny1-cr11.bbnplanet.net [4.25.14.41] 7 1593 ms 1688 ms 1719 ms p3-0.nycmny1-nbr1.bbnplanet.net [4.24.10.78] 8 1859 ms * 1687 ms so-6-0-0.chcgil2-br2.bbnplanet.net [4.24.4.17] 9 1610 ms 1718 ms 1625 ms so-1-0-0.dnvtco1-br2.bbnplanet.net [4.24.9.62] 10 1516 ms 1718 ms 2000 ms p15-0.snjpca1-br2.bbnplanet.net [4.0.6.225] 11 1922 ms 1844 ms 1562 ms p2-0.paix-bi3.bbnplanet.net [4.24.7.38] 12 1562 ms 1813 ms 1812 ms p2-0.paix-bi2.bbnplanet.net [4.0.3.174] 13 1828 ms 1625 ms 1688 ms p6-0.paloalto-nbr1.bbnplanet.net [4.0.6.97] 14 1844 ms 1734 ms 2016 ms p1-0.paloalto-cr1.bbnplanet.net [4.0.6.74] 15 2031 ms 1813 ms 1687 ms p1-0-0.paloalto-cr13.bbnplanet.net [4.0.2.222] 16 2109 ms 1985 ms 1937 ms sunet-gateway.stanford.edu [198.31.10.1] 17 * * * Request timed out. 18 * * * Request timed out. 19 2078 ms 2203 ms 2078 ms nova.Stanford.EDU [171.64.90.123]


Application: Traceroutetraceroute to suraj.lums.edu.pk (203.128.0.6): 1-30 hops, 38 byte packets

1 quad-rtr.Stanford.EDU (171.64.90.1) 1.49 ms (ttl=64!) 1.25 ms (ttl=64!) 1.32 ms (ttl=64!) 2 default-gateway-2.Stanford.EDU (198.31.86.129) 2.27 ms 1.98 ms 2.82 ms 3 sunet-gateway.Stanford.EDU (198.31.86.1) 2.18 ms 1.18 ms 1.25 ms 4 g1.ba21.b003123-1.sfo01.atlas.cogentco.com (66.250.7.137) 3.27 ms 3.79 ms 3.04 ms 5 g1-1.core01.sfo01.atlas.cogentco.com (66.28.6.9) 4.23 ms 3.40 ms 3.18 ms 6 p5-0.core03.sfo01.atlas.cogentco.com (66.28.4.146) 3.44 ms 3.51 ms 5.33 ms 7 ds3.st-paix.ix.singtel.com (198.32.176.50) 10.9 ms (ttl=248!) 10.2 ms (ttl=248!) 12.1 ms (ttl=248!) 8 p6-1.plapx-cr1.ix.singtel.com (203.208.172.45) 12.9 ms 13.5 ms 13.6 ms 9 POS2-0.above-core1.ix.singtel.com (202.160.250.45) 14.6 ms 14.0 ms 13.3 ms10 203.208.154.94 (203.208.154.94) 63.7 ms 58.7 ms 57.6 ms11 203.208.154.97 (203.208.154.97) 78.1 ms (ttl=244!) 80.7 ms (ttl=244!) 82.0 ms (ttl=244!)12 203.208.154.102 (203.208.154.102) 79.9 ms 80.5 ms 78.3 ms13 203.208.147.86 (203.208.147.86) 373 ms (ttl=241!) 323 ms (ttl=241!) 310 ms (ttl=241!)14 202.125.159.46 (202.125.159.46) 326 ms (ttl=240!) 329 ms (ttl=240!) 328 ms (ttl=240!)15 202.125.139.250 (202.125.139.250) 328 ms (ttl=239!) 326 ms (ttl=239!) 326 ms (ttl=239!)16 202.125.139.30 (202.125.139.30) 2075 ms (ttl=238!) 2146 ms (ttl=238!) 2216 ms (ttl=238!)17 suraj.lums.edu.pk (203.128.0.6) 2395 ms (ttl=237!) 2294 ms (ttl=237!) 2209 ms (ttl=237!)


39

Network Address Translation


Autumn 2004-2005


Private Networks Private networks have no “direct”

connection to the Internet Blocks of addresses have been reserved

for the private networks (RFC 1918) Blocks in different classes

10.0.0.0 – 10.255.255.255 (1 class A) 172.16.0.0 – 172.31.255.255 (16 class B) 192.168.0.0 – 192.168.255.255 (256 class

C)


Purpose Machines in the

protected network can access the Internet normally

Packets coming from the protected network all appear to be coming from IP1

Addresses in the protected network are in the private range

Host 1

Host 2

Host N

ProtectedNetwork

Firewall

Internet

IP1 IP2


Implementation Hosts inside the private network are configured

to use the firewall (IP2) as their gateway The firewall rewrites the IP datagram header for

the outbound packets, replacing the source IP with IP1

All packets “seem” to be coming from IP1 The destination IP in the packets received from

the Internet is IP1; it is rewritten replacing IP1 with the IP address of the internal destination

Problem: How to figure out what is the right destination in the private network?


Demultiplexing Incoming Packets There is not enough information in the

IP header to demultiplex incoming packets

It is necessary to use information from the higher layers (transport layer)

Common transport layers: TCP and UDP Transport layer has the concept of port

which identifies which process in the host should finally get the packet


Ports 16-bit numbers

identifying which process should get the packet

UDP and TCP ports exist in different spaces

Each packet carries two port numbers

The source port of the process which generated it in the source host

The destination port of the process which should get it at the destination

IP

TCP UDP

Telnet FTP


Implementation (revisited) Upon receiving an outbound packet from a host in

the private network, the firewall: Rewrites the source IP with its own IP (IP1) Generates a local source port and rewrites the source

port in the packet as this port and makes a record of it Upon receiving an inbound packet from the

Internet, the firewall checks whether the destination port in the packet is in the list of local ports:

If not, the packet is dropped Can not initiate connections from outside!

If yes, the firewall knows where to send this packet


46

Dynamic Addressing


Autumn 2004-2005


BOOTP Alternative to RARP

RARP operates at a low level, requesting the direct access to the network hardware

Difficult for an application programmer to build a server

RARP gives “only” the IP address


BOOTP Devised to allow a machine to

obtain: Its IP address Address of a router Subnet mask to use Address of a name server

Can be implemented with an application program Uses UDP/IP for communication


BOOTP Using IP to determine an IP address

Request from a client is broadcast on the local network using IP address all 1’s

Since the client does not know its IP address (yet!), the reply from the server must also be broadcast; otherwise

Using clients IP address would require use of ARP to map IP address to a hardware address, which in turn requires client to already know its IP address

Using client’s request to manually add an entry to its ARP cache – Not desirable


BOOTP Reliability in communication is

based on UDP checksum Timeout and retransmissions

To minimize collisions among many clients, use random timeouts

Increase timeouts with each retransmission Starting with the interval 0-4 seconds Doubling interval each retransmission up to 60s


BOOTP Message Format

OP HTYPE HLEN HOPS

Seconds UnusedTransaction ID

Client IP AddressYour IP Address

Server IP Address

Client Hardware Address (16 octets)Router IP Address

Boot File Name (128 octets)Server Hostname (64 octets)

Vendor-specific area (64 octets)

0 8 16 24 31 bits


BOOTP Message Field OP

Specifies whether a request(1) or reply(2) HTYPE and HLEN

Hardware type and address length (For Ethernet, HTYPE is 1 and HLEN is 6)

HOPS Client passes 0 in this field; BOOTP server increments it if

the request is passed to another server across a router Transaction ID

Contains an integer that machines use to match requests with responses

Seconds Number of seconds since the client started to boot


BOOTP Message Remaining fields in the message

To allow the greatest flexibility Clients fill in as much information as they

know; unknown fields are set to zero Example

If server IP or server hostname are non-zero, only the server with matching address/name will answer the request

If they are zero, any server that receives the request will reply


BOOTP Message Format BOOTP can be used by a client that already

knows its IP address (e.g., to obtain boot file information)

A client that knows its IP address places it in the client IP address field; other clients set this field to zero

If the client’s IP address in the request message is zero, a server returns the client IP address in the “your IP address” field


DHCP Dynamic Host Configuration Protocol RARP and BOOTP designed for relatively static

environment Each host a permanent network connection Manager creates a BOOTP configuration file specifying

BOOTP parameters for each host Manager configures server with mapping of host

identifier to IP address New Requirements

Portable computers Number of computers exceeds available IP host

addresses (although not all will be up and running at the same time)


DHCP DHCP allows:

Manual configuration Automatic configuration Manager let DHCP server assign a

permanent address when a computer first attaches to the network

Dynamic configuration Loaning IP addresses for a limited time

nov 02, 2004cs573: network protocols and standards1 subnetting, icmp, nat, bootp network protocols...

Documents