spring 2006 ee 5304/eets 7304 internet protocols
DESCRIPTION
Spring 2006 EE 5304/EETS 7304 Internet Protocols. Lecture 7. More About Addressing. Tom Oh Dept of Electrical Engineering [email protected]. Outline. IP addresses (Comer: Pg. 286) Address resolution protocol (ARP) (Comer: Pg. 311) - PowerPoint PPT PresentationTRANSCRIPT
Spring 2006
EE 5304/EETS 7304 Internet Protocols
Tom OhDept of Electrical Engineering
Lecture 7
More About Addressing
Outline
• IP addresses (Comer: Pg. 286)
• Address resolution protocol (ARP) (Comer: Pg. 311)
• Dynamic host configuration protocol (DHCP) (Comer: Pg. 630)
• Subnetting ( Comer: Pg. 293-294)
• Classless inter-domain routing (CIDR) (Comer: Pg. 293)
• Network address translation (NAT) (Comer: Pg. 390)
• Virtual private networking (VPN) (Comer: Pg. 238, 616)
• Mobile IP
IP Addresses
• IP address = (netID, hostID)
• “netID” originally assigned by Internet Assigned Number Authority (IANA) through Internet Network Information Center (INTERNIC), now handled by Internet Corp. for Assigned Names and Numbers (ICANN)
• All hosts on same network have same netID
• “hostID” is assigned locally
Class A Addresses
• For large networks with many hosts, IP address format:
0nnnnnnn.hhhhhhhh.hhhhhhhh.hhhhhhhh
where0 = first bit to identify class An = netID bitsh = hostID bits
Class A Addresses (cont)
• 128 (7 bits) possible class A networks, except:
• netID = 0000000 reserved for special uses
• netID = 1111111 reserved for special uses
• 10.x.x.x reserved for private networks [RFC 1918]
• May be used within any network, but not routed across the public Internet
• 16,777,216 (24 bits) possible host addresses per network
• hostID = all 0’s: refers to network itself (not any particular host)
• hostID = all 1’s: directed broadcast address (to broadcast to all hosts in network)
Class B Addresses
• For medium networks with many hosts, IP address format:
10nnnnnn.nnnnnnnn.hhhhhhhh.hhhhhhhh
where10 = first 2 bits to identify class Bn = netID bitsh = hostID bits
Class B Addresses (cont)
• 16,384 (14 bits) possible class B networks, except:
• netID = all 0’s reserved for special uses
• netID = all 1’s reserved for special uses
• Range 172.16.x.x - 172.31.x.x reserved for private networks [RFC 1918]
• 65,536 (16 bits) possible host addresses per network
• hostID = all 0’s: refers to network itself (not any particular host)
• hostID = all 1’s: directed broadcast address (to broadcast to all hosts in network)
Class C Addresses
• For small networks with few hosts, IP address format:
110nnnnn.nnnnnnnn.nnnnnnnn.hhhhhhhh
where110 = first 3 bits to identify class Cn = netID bitsh = hostID bits
Class C Addresses (cont)
• 2,097,152 (21 bits) possible class C networks, except:
• netID = all 0’s reserved for special uses
• netID = all 1’s reserved for special uses
• Range 192.168.0.x - 192.168.255.x reserved for private networks [RFC 1918]
• 256 (8 bits) possible host addresses per network
• hostID = all 0’s: refers to network itself (not any particular host)
• hostID = all 1’s: directed broadcast address (to broadcast to all hosts in network)
Class D Addresses
• For multicasting (broadcasting to specific group), IP address format:
110nnnnn.nnnnnnnn.nnnnnnnn.hhhhhhhh
where110 = first 3 bits to identify class Cn = netID bitsh = hostID bits
Class E Addresses
• For experimental purposes, IP address format:
11110bbb.bbbbbbbb.bbbbbbbb.bbbbbbbb
where11110 = first 5 bits to identify class Eb = address bits
Address Resolution Protocol (ARP)
• Routers examine netID part of destination address in IP packets
• Forward packets closer to destination network, ignoring hostID unless the router is on same network as destination host
• How does local router deliver packet to destination host?
• Destination networks are often LANs
• Each host has unique 6-byte LAN (eg, Ethernet) address in addition to IP address
• Local router must forward IP packet to destination host via data link layer (eg, by Ethernet frame)
ARP (cont)
IP packet
Route packet by netID in dest. IP address, towards local router
Local router delivers packet according to
hostID in IP address, via MAC layer
Dest. host
ARP (cont)
• LAN address space is managed by IEEE
• Each LAN adapter manufacturer is assigned unique 3-byte prefix number and manufactures adapters with this prefix + unique 3-byte number
• Unique 6-byte address is burned permanently in each adapter's ROM
• By protocol layering principle, LAN addresses and IP addresses are independent
• Destination IP address in IP packet must be translated into a destination LAN address, but how?
ARP (cont)
• ARP is a protocol to learn the LAN address of a host whose IP address is known [RFC 826]
• Router will broadcast ARP request message to the LAN (sent to LAN broadcast address)
• ARP request contains source IP address, dest. IP address, LAN addresses
• Each host checks if its IP address matches the dest. IP address
• Matching host replies with an ARP response message containing its LAN address
ARP (cont)
ARP request
Dest. host
ARP reply
Dest. host
ARP (cont)
• Router now knows the LAN address to send the packet, and sends packet to dest. LAN address
• Why not just broadcast the IP packet to all hosts in the first place?
• Broadcasting is too expensive - involving all hosts - to be used every time to deliver an IP packet
• For efficiency, all hosts on LAN maintain an ARP cache containing the most recent address mappings learned from ARP queries/responses
• Reverse ARP is opposite procedure to learn the IP address of host when LAN address is known [RFC 903]
Dynamic Host Configuration Protocol (DHCP)
• Hosts are not manufactured with permanent IP addresses, but IP address is configured during installation
• Manual configuration of IP addresses can be avoided by DHCP (dynamic host configuration protocol)
• Host configuration info. is maintained in a DHCP server
• New host can discover address of DHCP server by broadcasting DHCP Discover packet to special reserved IP address 255.255.255.255
DHCP (cont)
• Packet may be forwarded by special DHCP relays to DHCP server, which replies with its IP address
• Host gets assigned an IP address and optionally IP address of its default IP router (to send packets)
Subnetting and Supernetting
• Classful IP addressing:
• NetID part of IP address, called prefix to host address, is unique to each physical network
• All hosts on same physical network share a common prefix
• Class A prefixes are popular and Class B prefixes are running out soonest
• Efficiency may be gained by allowing same network prefix to be shared by multiple physical networks
• Subnetting and supernetting (CIDR)
Subnetting
• Subnetting is a type of hierarchical addressing [RFC 950]
• Example: 2 physical networks share class B address 128.10.x.x
Network 128.10.2.x
Network 128.10.1.xAll traffic to
128.10.x.x is split by router based on 3rd address byte
Class B prefix Physical network
Host
2 bytes 1 byte 1 byte
Subnetting (cont)
• Last 2 bytes are divided into 1 byte to identify physical network and 1 byte for host
• But more flexibility is needed - this example limits 256 subnets and 256 hosts per subnet
• Each organization can choose its own way of partitioning address space
• Partitioning of address space is specified by 32-bit subnet mask
• 1’s signify bits in subnet prefix
• 0’s signify bits in host identifier
Subnetting (cont)
• Example: a subnet mask for a class B address (mask can be written 255.255.255.0):
11111111.11111111.11111111.00000000
Class B prefix - should be all 1’s
Additional bits to identify network
Host identifier
Subnetting (cont)
• More flexibly, 1’s can be anywhere (but not common in practice), for example
11111111.11111111.00011000.01000000
Class B prefix - should be all 1’s
Additional bits to identify network
Host identifier
Classless Inter-Domain Routing (CIDR)
• Suppose a class B address (65,536 hosts) is too large for an organization but class C address (256 hosts) is too small
• Organization would like a block of class C addresses
• Supernetting is classless addressing
• Addresses in a network can span multiple class prefixes
• CIDR [RFC 1517] collapses block of contiguous addresses into single representation
• Lowest 32-bit address + 32-bit CIDR mask
CIDR (cont)
• Example:
10000000.11010011.10101000.00000000
Mask marks end of prefix, so highest address in block is
Lowest address:
CIDR mask:
11111111.11111111.11111000.00000000
10000000.11010011.10101111.11111111
CIDR (cont)
• CIDR notation (aka, slash notation):
128.211.168.0/21
Lowest address in block
Number of 1 bits in CIDR mask (/8, /16, /24
correspond to traditional class A, B, C divisions)
CIDR (cont)
• CIDR complicates routing tables because CIDR addresses are not self-identifying
• Classful addresses had fixed division between network prefix and hostID
• Division between prefix and hostID in CIDR address cannot be determined by looking at address
• Modern routers understand CIDR notation since 1993 (approval of CIDR)
• Various approaches to looking up prefix in routing tables
Network Address Translation (NAT)
• Private TCP/IP networks can use arbitrary IP addresses if isolated from public Internet
• But private networks often want Internet access
• Usually small fraction of hosts want Internet access at any same time
• NAT allows private networks to access Internet through at least one globally valid IP address, say G, while keeping their private IP addresses [RFC 3022]
• Private IP addresses are not globally unique
• Helps IP address shortage because private addresses can be re-used in other private domains
Network Address Translation (NAT)
• NAT box is computer interconnecting private network and public Internet, running NAT software, assigned IP address G
• If private network host wants to access Internet, NAT box translates public address G to private address
Internet Private IP network
Globally unique address G Private non-
unique address P
NAT
NAT (cont)
• From internal view, NAT box is like a router with reach to public Internet - works transparently to hosts
• Outgoing packets from private host have source IP address changed from private host address to public address G
• Incoming packets have destination IP address changed from G to private host address
• Advantage: NAT boxes can be installed without changing existing hosts and routers
NAT (cont)
• Address translation is done by NAT translation table
• Initialized manually (but takes work)
• Built dynamically by watching addresses in outgoing packets (but communication cannot be initiated from Internet side)
• Built dynamically by handling domain name lookups for private hosts (but works only if sender performs domain name lookup before sending data)
Public address Private address
G1 P1
G2 P2
NAT (cont)
• ISPs often use NAT tables built dynamically by outgoing packets
• ISP customer is assigned a private address when dialed in
• NAT table entry is initialized by customer’s packet to Internet
Internet dialup
ISP using NAT
ISP customer NAT
NAT (cont)
• ICMP complicates NAT
Internet Private IP network
Packet with source address G
NAT Private
address P
ICMP Destination Unreachable message contains original packet
header (with source address G though)
NAT must open ICMP message and translate
address G to P
Virtual Private Networks (VPN)
• Many private organizations have distributed sites that need to be networked together privately, but leased lines are expensive and maybe inefficient (if not used all the time)
• Frame relay and ATM virtual circuits can interconnect sites more efficiently than leased lines, but involve subscription fees
• VPNs allow private networking over public Internet
• Internet offers ubiquity (access from anywhere) and efficiency (packets)
VPN (cont)
• VPN allows private communications over public network
• Tunnels allow packet delivery
• Encryption allows privacy
Private network
Private network
Private network
tunnels
VPN (cont)
• Tunnels use IP-in-IP encapsulation
• Real packet for dest. host is carried in payload of outer IP packet
• Outer IP packet serves to deliver inner packet unchanged through Internet
• For privacy, inner packet is first encrypted
• Encryption scrambles data mathematically into unreadable form, depending on a secret key, but reversible by decryption with same secret key
VPN (cont)
tunnel
Private network
Private network
Encrypt
•••
•••
Decrypt
•••
•••
Private address P1
Router address R1
Router address R2
Private address P2
source P1 to dest. P2
Add outer packet header with source
R1 to dest. R2
Remove outer packet header after delivery
Mobile IP
• A limitation of IP addresses: netID part of IP address assumes fixed location
• A mobile host may connect to Internet from different networks
• Must change its IP address or routers must propagate a host-specific route across Internet
• Mobile IP [RFC 2002] extends IP to support mobile hosts under constraints:
• Transparent to applications, transport layer protocols, existing routers
• No changes to existing IP addresses
Mobile IP (cont)
• Mobile hosts have 2 addresses and make use of tunneling
• Primary address on “home” network is permanent
• Used by applications and transport protocols
• Secondary (”care-of”) address on “foreign” network is temporarily assigned when roaming
• Obtained by registering with foreign network
• Not known by applications - known only by mobile host and “agents” in home network and foreign network
Mobile IP (cont)
• VPN allows private communications over public network
Home network
Packet to permanent
address
tunnel
Home agent tunnels packet to care-of address
Foreign network
Delivered to care-of address; original packet
recovered
Mobile IP (cont)
• Roaming mobile host registers with foreign agent in foreign network
• Obtains care-of address from foreign host
• Informs home agent of care-of address
• Mobile host must register again if visit new foreign network
• Mobile host must de-register when returning home to stop packet forwarding