Chapter 9
advertisement
Classless and Subnet
Address Extensions
(CIDR)
Chapter 9
Chapter 4
Discussed original Internet addressing scheme
This chapter
See 4 extensions to conserve network prefixes
REVIEW
32-bit addresses are carefully assigned
All hosts on given physical network share a
common prefix
Remainder of the address is the host portion
Chief advantage: keeps routing tables small
Router keeps one entry per network
Original scheme divided by network size
Class A: 8-bit network, 24-bit host
Class B: 16-bit network, 16-bit host
Class C: 24-bit network, 8-bit host
Need to understand:
Individual sites may modify addresses & routes
Modifications must be invisible to the outside
Hosts & routers at the site agree on addressing
Other sites can treat addresses as a normal netid and
hostid combination
Minimizing Network Numbers
Weakness in original scheme: growth
Internet size doubling every 9-15 months
Large admin overhead to manage addresses
Large routing tables
High load on Internet to exchange router information
Eventual exhaustion of the address space
Particularly Class B
How to minimize within the scheme?
Look at three ways
Unnumbered point-to-point
Proxy ARP
Subnet addressing
Extend subnet ideas to network prefixes
Classless addressing
Footnote: was predicted that IPv4 space would be exhausted
by 2000; now appears that with careful allocation and this
chapter’s techniques, it will last until around 2019
Proxy ARP (1)
Technique has various names
Proxy ARP; promiscuous ARP; the ARP hack
Used to map a single IP network prefix into
two physical addresses
Only applies to networks that use ARP to bind
IP addresses to physical addresses
Main Network
H1
H2
H3
Router running proxy ARP
R
H4
H5
Hidden Network
R knows which hosts are on which network
Uses ARP to maintain illusion that only one
network exists
Intercepts ARP requests from one network to the other
Gives its own physical address
Gets datagram
Uses special routing table to route the datagram
Routers running proxy ARP lie
Take advantage of trust in ARP protocol
Mappings are usually installed:
Without checking their validity
Without maintaining consistency
So, ARP table can map several IP addresses to the
same physical address
Some ARP implementations tell
Complain about possible security violations
Spoofing: one machine claims to be another
Cannot use on networks with proxy ARP routers
Advantage of proxy ARP:
Can be added to a single router without
disturbing the other routing tables on the net
Disadvantages:
Only works on networks that use ARP address
resolution
Does not generalize to more complex networks
Does not support reasonable form of routing
Managers must maintain tables of machines and
addresses manually
Subnet Addressing (2)
Most common of the 3 address
extension techniques
Is a required part of IP addressing
General idea:
Site has single IP network address
Actually has two or more physical networks
Only local routers know this
To other routers: single physical network
Network 128.10.1.0
128.10.1.1
H1
Rest of the
Internet
128.10.1.2
H2
R
Network 128.10.2.0
all traffic to
128.10.0.0
128.10.2.1
H3
128.10.2.2
H4
Example of Class B network using subnetting
Third octet distinguishes between the two networks
Fourth octet distinguishes between hosts
IP address now divided into:
Network portion
Remains the same as for networks not subnetting
Local portion
Interpretation left up to the site
Identifies the physical network and host at the site
Result is hierarchical addressing
Top routing hierarchy uses first two octets
Next level (local) uses an additional octet
Lowest level uses the whole address
Advantage of hierarchical addressing:
Accommodates large growth
Disadvantage:
Choosing hierarchical structure is difficult
Hierarchy hard to change once established
Flexibility in subnet addressing
TCP/IP standard allows flexibility
Don’t have to divide local portion into two even
parts for physical net and host
Can partition in any desired fashion
Defines number of subnets
Defines hosts per subnet
Possible fixed-length subnets for Class B
Subnet Bits
Number of Subnets
Hosts per Subnet
0
1
65534
2
2
16382
3
6
8190
4
14
4094
5
30
2046
6
62
1022
7
126
510
8
254
254
9
510
126
10
1022
62
11
2046
30
12
4094
14
13
8190
6
14
16382
2
* Avoids all 0s and all 1s subnet and host addresses
Variable-length subnets
Choosing a partition chooses a subnet
scheme
Most sites use fixed-length
But, some sites need more internal
flexibility
May select a subnet partition on a per-network
basis
Partitions do not vary over time; only between networks
All hosts and routers attached must honor the scheme
Too many disadvantages; we will not
consider
Implementing subnets with masks
32-bit mask is used to specify the division of the
IP address
Mask bit set: treat as part of subnet prefix
Mask bit 0: treat as part of host id
Example:
11111111 11111111 11111111 00000000
First three octets identify the network
Fourth octet identifies a host on the network
Don’t have to use contiguous bits in the mask
Makes understanding routing tricky
Subnet mask representation
Specifying masks in binary is difficult
Awkward
Error prone
Most IP sw uses dotted decimal representation
Works best when subnetting is aligned on octets
Class B: 3rd octet for physical net; 4th for host
Notation: 255.255.255.0
Another way is a 3-tuple representation
{<network number>, <subnet mask>, <host number>}
Value –1 means “all ones”
Above example: {-1, -1, 0}
Forwarding with subnets
Must modify our standard routing algorithm
All hosts and routers attached to a network using
subnet addressing must use subnet forwarding
Not so obvious:
Other hosts & routers at the site may have to as well
Unless restrictions on using subnetting are followed
Net 1 (not a subnet address)
R1
Net 2 (subnet of address N)
H
R2
Net 3 (subnet of address N)
Illegal topology
H would have to use subnet routing even though Net 1
does not have a subnet address
Theoretically simple subnet rule
For optimal forwarding
Machine M must use subnet forwarding for an IP
network address N
Unless there is a single path P such that P is a shortest
path between M and every physical network that is a
subset of N
Still, hard to assign subnets
Shortest path can change (HW fail; re-routing)
Rule does not consider site boundaries
Subnetting should be kept as simple as possible
All subnets of a given network IP address should be
contiguous
The masks should be uniform across all networks
All machines should participate in subnet routing
Subnet forwarding algorithm
Algorithm searches a table of routes like before
Normal entries for standard algorithm:
(network address, next hop address)
Per-host and default routes are special cases
Must be checked explicitly
Algorithm compares network portion of
destination to the network address field
Knows how address is partitioned
With subnets, not possible to know the partitioning
from the address alone
Modified algorithm needs additional information
Must have the subnet mask
Table entries are of the form:
(address mask, network address, next hop address)
Address mask used in routing
Extracts right bits for comparison with network address entry
Performs bit-wise Boolean and
32-bit destination IP address
Subnet mask field
Checks to see if result matches entry’s network address field
If so, next hop address is used to route the datagram
By using arbitrary masks, will not need the
special case checking of the standard algorithm
Example: route to single host
Mask of all 1’s
Network address equal to host’s IP address
Example: default route
Mask of all 0’s
Network address of all 0’s
Example: route to non-subnetted Class B
Mask of two octets of 1’s and two octets of 0’s
Thus, the “unified” routing algorithm will contain
fewer special cases
Algorithm:
Forward_IP_Datagram (datagram, routing_table)
Extract destination IP address, ID, from datagram;
If prefix of ID matches address of any directly connected
network send datagram to destination over that network
(This involves resolving ID to a physical address,
encapsulating the datagram, and sending the frame.)
else
for each entry in routing table do
Let N be the bitwise-and of ID and the subnet mask
If N equals the network address field of the entry then
forward the datagram to the specified next hop address
endforloop
If no matches were found, declare a routing error
Maintenance of subnet masks
How do subnet masks get propagated?
Answer that question later
How do subnet masks get assigned?
Harder question
Each site free to choose masks for own networks
Nonuniform masks give more flexibility, but may cause
ambiguity
Valid assignments may become invalid as hosts are added
Usually:
Select contiguous bits from the local portion to ID a network
Use the same partition for all local physical networks on site
Broadcasting to subnets
More difficult
Router cannot just send broadcast packet to all
interfaces that share the subnet prefix
Will cause a routing loop
Use reverse path forwarding to prevent loops
Router extracts source of broadcast datagram
Looks up source in routing table
Discards datagram unless it arrived on the interface used to
route to the source (the shortest path)
Is possible to broadcast to a specific subnet
Consistent subnets masks are critical
Anonymous Point-to-Point (3)
Original IP scheme
Each network was assigned a unique prefix
Point-to-point connections viewed as networks
Different view as addresses became scarce
Anonymous networking
Invented to avoid assigning such prefixes
Does not number leased lines
Does not assign host address to routers at each end
No HW address needed; next hop address ignored
Figure 9.8
-Called unnumbered or anonymous network
-Possible since only one destination
Classless Addressing (4)
(Supernetting)
Subnetting invented in early 1980s
By 1993, saw address space still in trouble
New IP version in works with bigger addresses
Needed something until new version standardized
Temporary solution was classless addressing
Permits a network prefix to be of arbitrary length
Also invented forwarding & route propagation
techniques
Entire technology: Classless Inter-Domain Routing
Was adopted because:
Different number of networks in each class
Class C number were being requested slowly
Class B numbers were running out quickly
Early use of classless: supernetting
Organization wants Class B address
Instead, give block of Class C addresses
Suppose organization wanted 200 networks
With Class B, want to subnet with 3rd octet
Assign 256 contiguous Class C numbers instead
CIDR address blocks and bit masks
Intended use beyond single organization
For hierarchical Internet
ISPs get large part of the address space
They, in turn, allocate to their subscribers
Uses a bit mask to identify the size of the block
For 2048 addresses starting at 128.211.168.0
lowest: 128.211.168.0
10000000 11010011 10101000 00000000
highest: 128.211.175.255 10000000 11010011 10101111 11111111
Mask: 11111111 11111111 11111000 00000000
To specify the block of addresses, CIDR needs
32-bit value of lowest address
32-bit mask
Mask delineates the end of the prefix
Above, need 21 bits set in the mask
CIDR notation
Also called slash notation
Used to specify the address and mask
For the previous example:
128.211.168.0/21
/21 denotes 21 bits in a mask
Classless addressing provides complete
flexibility in allocating various size blocks
ISP can choose to assign each customer a block
of appropriate size
If it owns a block of N bits, can assign a customer any
piece of more than N bits
Example: ISP has 128.211.0.0/16
Can give a customer the 2048 addresses in the /21 range
Or, small customer with 2 computers, use 128.211.176.212/30
Lowest: 128.211.176.212
Highest: 128.211.176.215
10000000 11010011 10110000 11010100
10000000 11010011 10110000 11010111
Recap:
Classless addressing is used by ISPs
Treats IP addresses as arbitrary integers
Allows network admin to assign addresses in
contiguous blocks
Number of addresses in each block is a power of two
Data structures and algorithms
Want speed
Primary: speed for finding next hop
Secondary: speed of making changes in table
CIDR address in not self-identifying
Router cannot determine division between prefix and
suffix by just looking at the address
For classful addressing, only needed hashing
Router extracts network portion, N, and uses as hash key
Computes hash function h(N)
Result is index
Router cannot find hash key for arbitrary address
Alternatives:
Search by mask length
Iterates over all possible divisions between prefix/suffix
Disadvantage: iteration is slow
Better alternative: binary trie structure
Hierarchical data structure
Successive address bits determine a path from the root down
PATRICIA and level compressed tries
Are optimized to allow skipping of levels that do not
distinguish between routes
32-bit Address
Unique Prefix
00110101 00000000 00000000 00000000
00
01000110 00000000 00000000 00000000
0100
01010110 00000000 00000000 00000000
0101
01100001 00000000 00000000 00000000
011
10101010 11110000 00000000 00000000
1010
10110000 00000010 00000000 00000000
10110
10111011 00001010 00000000 00000000
10111
Interior node
Exterior node
Summary
Four techniques to conserve IP addresses
Proxy ARP
Router impersonates computer on another physical
net
Subnet addressing
TCP/IP standard
Sites can share a single IP network address among
multiple physical networks
Unnumbered point-to-point
Point-to-point links have no prefix
CIDR
Major shift in IP technology
Classless addressing with arbitrary prefix and suffix
boundaries
Not self-identifying like classful addresses
Significant changes to algorithms and data structures
