IPv4 (Review)
advertisement
IPv4 (Review)
Connectionless
Best effort delivery
Transport independent
Semi-fixed header
Options (optional)
Data payload
FLAGS
FRAGMENTATION OFFSET
IPv4
VERSION
PROTOCOL – ADDRESSING – DEPLOYMENT – MOBILITY
IHL
TOS/DS
TOTAL LENGTH
IDENTIFICATION
PROTOCOL
TIME TO LIVE
CHECKSUM
SOURCE ADDRESS
DESTINATION ADDRESS
OPTIONS
IPv4 Options
Problematic design
No specified order
Unrecognized options
Not processed in hardware
May need to change in size
IPv4 TOS/DSCP
Some examples
Limitations
DoD security (RFC 1108)
Source routing
Timestamp
Record route
MTU probe/reply
Experiments
Can’t be relied on
Can’t be used for critical things
Limited total length
Precedence
T
R
M
Classifies service into types
Minimize delay
Maximize throughput
Maximize reliability
Minimize monetary cost
Problems
Classification and PHBs
Expedited forwarding
Low loss, jitter and delay
Assured forwarding
Explicit marking for assurance
Four classes and three levels
Class selectors
Emulates IP precedence
Non-standard PHBs
User-defined
D
DCSP
Differentiates service types
Configurable behavior
Specifies per-hop behavior
Supports experimental DSCPs
Some compatibility
End-to-end behavior
Loosely defined meanings
However: can be used
IP precedence can be emulated
TTL
DCSP code point valid within domain
Prevent routing loops
TTL – Time To Live
o
o
o
DiffServ
Domain
Example application:
traceroute
Maximum hop limit
Each router devreases TTL
When TTL reaches 0 – poof
Maximum TTL – 255
Normal starting TTL – 64
Diffserv
Domain
Diffserv
Domain
TIME TO LIVE
PROTOCOL
CHECKSUM
Packets are classified as they enter the domain
1
IPv4 Routing
Source routing
Routing decisions are
Per-packet
Per-hop
Sender decides route
+ Sender can pick path with
Loose source routing
Strict source routing
Why?
Alternative principles
specific properties
+ More predictible performance
Who decides path?
Reliability
Simplicity
Network decides
Sender decides
-
But?
Network decides route
-
End-to-end QoS is very hard
Jitter-sensitive services
Security considerations
Control considerations
Sender must know network
Bad response to failure
Difficult to load balance
+ Responds well to topology
change
+ Relatively simple to implement
+ Can load balance over multiple
network paths
-
Source routing in IPv4
Loose Source Routing Uses
Two options
Loose source and record route: 131
Strict source and record route: 137
131/137
LENGTH
ADDR1
ADDR1 (contd.)
192.0.1.4
Check return path
o
POINTER
Unpredictible performance
Difficult to ensure specific path
properties (e.g. QoS)
traceroute –g
DEST ME
Detect packet sniffers
o
ping –g
HOST SNIFFER
ADDR2
ADDRn (contd.)
Problems
Useful tool for troubleshooting
Security issues with uncontrolled source routing
192.0.1.5
ICMP ECHO
TO: 192.0.1.4
LSR: 192.0.1.5
Trusted server
147.12.1.6
Loose Source Routing Abuses
Implementations that reverse
the source route makes
spoofing easy
Victim
IP Addressing
Gain access to private networks
Spoof 147.12.1.6
LSR: 192.6.1.8
147.12.1.1
To: 10.0.1.5
LSR: 147.12.1.1
10.0.1.5
Attacker
192.6.1.8
2
Sidebar: Interfaces
o
o
IPv4 addressing in abstract
Link-level endpoint
Has network address
Multiple IP addresses
Multiple protocols
Send IP packet
Sent to
Loopback?
NO
ETHERNET INTERFACE
YES
YES
Loopback interface
o
Sent to IF
address?
NO
NO
For local traffic
YES Broadcast or
ETHERNET
RECEIVE
Multicast?
ETHERNET
SEND
Format { <Network-number>, <host-id>} (RFC1700)
{0,0}
This host on this network (0.0.0.0)
{0, Y}
Specified host on this network
{-1, -1} Limited broadcast (255.255.255.255)
{X, -1} Directed broadcast (e.g. 130.236.189.255)
{X, Y}
Unicast packet
{0, 0}
{X, 0}
(Very) obsolete form of limited broadcast
Obsolete form of directed broadcast (still reserved)
DEQUEUE
ENQUEUE
INPUT QUEUE
Receive IP packet
IPv4 Addresses
Five address classes:
o
o
o
o
o
A – 16 million addresses
B – 65000 addresses
C – 255 addresses
D – Multicast groups
E – Reserved
CIDR Notation
o
o
0 – Class A
10 – Class B
110 – Class C
1110 – Class D
11110 – Class E
Determines network size
Determines address prefix
What is the netmask of
o
o
o
Addresses are attached to
interfaces
What prefix length
o
o
o
o
212.112.0.64/28
64.128.0.0/9
122.14.68.12/30
130.236.189.0/31
o
o
Examples
130.236.178.12/32
130.236.178.0/24
130.236.0.0/16
A.B.C.D – IPv4 Address
L – Prefix length
o
The prefix
o
o
o
Long prefix: more networks
Short prefix: larger networks
Corresponds to the netmask
o
o
o
A single address
Network with 255 addresses
Network with 65k addresses
An old class B network
130.128.0.0/12
o
o
Network with 1M addresses
Aggregate of 16 old class B
networks
Special addresses
130.236.0.0/16
112.54.67.0/28
54.128.0.0/9
How many hosts on
A.B.C.D/L
Try it out!
No address classes
No fixed network boundaries
Explicit netmask
o
o
Prefix determines class
o
o
o
o
o
Addresses are all the same
o
o
o
255.255.255.0
255.255.192.0
255.252.0.0
What the…
o
o
0.0.0.255
0.3.255.255
0.0.0.0/8
”This network”
10.0.0.0/8
RFC1918
14.0.0.0/8
Public-data networks
127.0.0.0/8
Loopback
169.254.0.0/16
Link local addresses
172.16.0.0/12
RFC1918
192.0.2.0
Test-Net
192.88.99.0
6to4 Relay Anycast
192.18.0.0/15
Network interconnect benchmark
testing
224.0.0.0/4
Multicast groups
3
Address aggregation/deaggregation
Aggregation example
Aggregation
Combining multiple network
prefixes into one single prefix
Hide irrelevant network details
Reduce load on e.g. routers
Deaggregation (subnetting)
Separating a single network
prefix into multiple prefixes
Done when dividing an address
space into actual networks
Combine networks
o
A shorter prefix covers more
networks than a longer one
What about holes?
o
o
If you own the space – OK!
If you don’t – be careful
192.0.2.128/25
192.0.2.64/26
192.0.2.0/24
192.0.2.0/27
The CIDR report top 30 deaggregators
Table
AS9498
AS4323
AS18566
AS4755
AS11492
AS22773
AS19262
AS6478
AS8151
AS17488
AS15270
AS18101
AS4780
AS6197
AS2386
AS4134
AS7018
AS19916
AS4766
AS4812
AS855
AS17676
AS7011
AS3356
AS4808
AS5668
AS9443
AS6140
AS7545
AS4668
Total
248289
1111
1383
1041
1553
1210
845
877
1101
1148
961
654
609
597
1035
1351
863
1482
563
842
546
557
506
1032
840
527
668
450
598
499
523
25972
155791
67
368
60
636
431
76
151
379
458
316
98
73
74
518
844
357
1009
100
387
94
113
64
594
415
128
288
75
232
133
173
8711
92498
1044
1015
981
917
779
769
726
722
690
645
556
536
523
517
507
506
473
463
455
452
444
442
438
425
399
380
375
366
366
350
17261
37.3%
94.0%
73.4%
94.2%
59.0%
64.4%
91.0%
82.8%
65.6%
60.1%
67.1%
85.0%
88.0%
87.6%
50.0%
37.5%
58.6%
31.9%
82.2%
54.0%
82.8%
79.7%
87.4%
42.4%
50.6%
75.7%
56.9%
83.3%
61.2%
73.3%
66.9%
66.5%
All ASes
BBIL-AP BHARTI BT INTERNET LTD.
TWTC - Time Warner Telecom, Inc.
COVAD - Covad Communications Co.
VSNL-AS Videsh Sanchar Nigam Ltd. Autonomous System
CABLEONE - CABLE ONE
CCINET-2 - Cox Communications Inc.
VZGNI-TRANSIT - Verizon Internet Services Inc.
ATT-INTERNET3 - AT&T WorldNet Services
Uninet S.A. de C.V.
HATHWAY-NET-AP Hathway IP Over Cable Internet
AS-PAETEC-NET - PaeTec Communications, Inc.
RIL-IDC Reliance Infocom Ltd Internet Data Centre,
SEEDNET Digital United Inc.
BATI-ATL - BellSouth Network Solutions, Inc
INS-AS - AT&T Data Communications Services
CHINANET-BACKBONE No.31,Jin-rong Street
ATT-INTERNET4 - AT&T WorldNet Services
ASTRUM-0001 - OLM LLC
KIXS-AS-KR Korea Telecom
CHINANET-SH-AP China Telecom (Group)
CANET-ASN-4 - Bell Aliant
GIGAINFRA BB TECHNOLOGY Corp.
FRONTIER-AND-CITIZENS - Frontier Communications of America, Inc.
LEVEL3 Level 3 Communications
CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network
AS-5668 - CenturyTel Internet Holdings, Inc.
INTERNETPRIMUS-AS-AP Primus Telecommunications
IMPSAT-USA - ImpSat USA, Inc.
TPG-INTERNET-AP TPG Internet Pty Ltd
LGNET-AS-KR LG CNS
Top 30 total
Deaggregation example (VLSM)
192.0.2.128/25
192.0.2.0/24
192.0.2.64/26
0 1
192.0.2.0/27
0 0 0
192.0.2.32/27
0 0 1
Point-to-point links
Point-to-point links
Standard addressing
One /30 per link
Unnumbered interfaces
Vendor-specific
Borrows IP address from other interface
May not work on multi-access interfaces
No remote management of interface
The problem
50% wasted addresses
Many links in a network
Ergo: many wasted addresses
1
112.212.6.1/24
112.212.6.1/24
Example (Cisco)
interface serial0
ip unnumbered loopback0
112.212.7.1/24
112.212.7.1/24
4
Point-to-point links
Use /31 prefix
Documented in RFC3021
Directed broadcast is not needed
Use the special addresses:
o
o
Multihoming
Better reliability
Better performance
Two kinds of addresses
112.212.6.1/24
112.212.112.4/31
o
o
{ <Network-number>, 0 }
{ <Network-number>, -1 }
Provider independent
Provider aggregable
Other
Othernetworks
networks
I can reach
8.6.3.0/24
TeliaNet
TeliaNet
I can reach
8.0.0.0/8
8.6.3.0/24
AT&T
AT&T
Broadcast using 255.255.255.255
interface ethernet0
ip address 112.212.112.5 255.255.255.254
no ip directed broadcast
Issues
o
o
o
Example (Cisco)
112.212.112.5/31
Actually getting PI addresses
Working with the provider
Small network sizes
I can reach
8.6.3.0/24
112.212.7.1/24
Using
Using provider
provider aggregable
independent
addresses
addresses
IPv4 address space exhaustion
Address Allocation
Currently there are 42 /8s available in the IANA address pool
Almost 178 /8s have been allocated
An additional 36 /8s are reserved address space
IANA
NIRs
allocates
andblocks
LIRsblocks
allocate
(usually
(mostly
/8s)
PA)
to addresses
regional
registries
to
end users
(RIRs)
RIRs
allocate
to national
and
local
registries
(NIRs
and
LIRs)
http://www.potaroo.net/tools/ipv4/index.html
IPv4 address space exhaustion
Why haven’t we run out already?
Private networks using RFC1918 addresses
Network address translation
Dynamic address allocation (DHCP)
Name-based virtual hosting
(Some) reclamation and renumbering
Tighter controls at the RIR level (harder to get addresses)
Solutions?
IPv6
5
Dealing With Congestion
Network assisted (e.g. ATM)
Explicit network layer support
for congestion control
Congestion can be managed
End-to-end (e.g. IP)
No support for congestion
control in the network layer
Congestion is inferred from
other events
Explicit Congestion Notification
ACTIVE QUEUE MANAGEMENT
Queue management
Random early detect
Tail drop
Drop packets when queue
becomes full
Random Early Drop/Detect
Drop packets when queue is
starting to get full
Problems
Queues remain full
Global synchronization
Problems
Tuning issues
Increases jitter
Interaction with TCP
Interaction with QoS
Incoming
packet
Compute average
queue length
avg > maxth
avg < minth
maxth > avg > minth
Calculate mark
probability
With probability 1-pm
Random early DROP is useless
and IP traditionally has no
mechanism for marking
Explicit Congestion Notification (ECN)
Detect, don’t drop
IP Header
New field in IP header
DSCP
o
o
Performance
Fairness issues
Improves goodput
Tuning issues
ECN
0
0
1
1
0
1
0
1
Deployment
Broken firewalls
Anternate
implementations
Router
ECT
CE
ECE
CWR
FIN
RST
SYN
ACK
PSH
ECE
Reserved
URG
Explicit Congestion Echo
Congestion Window Reduced
Mark/drop
packet
TCP header
New flags in TCP header
o
o
Else
ECN in TCP
Not-ECT
ECT(1)
ECT(0)
CE
CWR
Low two bits of TOS
Four ECN codepoints
Enqueue
packet
6
Mobile IP
Mobility
Moving between networks
Not the same as portability
Mobile IP
Mobile node
Care-of address: 172.16.0.23
Home address: 130.236.189.65
Foreign Agent
172.16.0.0/24
Examples
Working from a hotel
Roaming between WLANs
Internet
Alternative to VPNs
Home Agent
Home Network
130.236.189.0/24
Correspondent Node
Mobile IP Components
Mobile Node (MN)
The entity that moves between
networks
Has a permanent home address in
its home network
Mobile IP Components
Mobile node
Care-of address: 172.16.0.23
Home address: 130.236.189.65
Foreign Agent
172.16.0.0/24
Home Agent (HA)
Foreign Agent (FA)
Care-of Address (COA)
Router on home network
Binds home address with care-of
address
Forwards packets to MN
Internet
Address of MN in foreign network
Sent by FA to HA when MN registers
Often address of FA
Internet
Home Agent
Home Agent
Home Network
Home Network
130.236.189.0/24
130.236.189.0/24
Correspondent Node
Correspondent Node
Mobile IP Support Services
Mobile IP Tables
Agent discovery
MN must discover FA or HA in
current network
FA and HA broadcast their
presence
Uses ICMP Router Discovery
Protocol (IDRP)
Registration
When MN is not at home it
registers its COA with its HA
Mobile node
Care-of address: 172.16.0.23
Home address: 130.236.189.65
Router on foreign network
MN registers with FA on attach
MN sends/receives via HA through FA
Foreign Agent
(FA de-capsulates)
172.16.0.0/24
Home Agent
Registration request
Registration reply
Visitor List
COA
Lifetime
Home Address
Home Agent
MAC
Lifetime
130.236.189.65
172.16.0.23
200
130.236.189.65
130.236.189.1
0:8:…
200
130.236.189.71
172.16.0.23
181
130.236.189.71
130.236.189.1
0:2c:…
181
8.23.122.121
8.23.122.1
0:2c:…
312
Registration reply
Home Address
130.236.189.66
Internet
Foreign Agent
Mobility Binding Table
192.0.2.1
195
Binds home address to COA
Identifies visiting mobile nodes
Maps MNs home address to its HA
and MAC address
Registration request
Home Agent
7
Mobile IP Routing
Mobile IP Routing
Triangle routing
MN sends packets using home
address
Traffic to MN is sent to HA
o HA encapsulates and sends
packets to FA
o FA de-capsulates and sends
packets to MN
Care-of address: 172.16.0.23
Home address: 130.236.189.65
Mobile node
Foreign Agent
SRC
MN
DST
CN
MN
CN
1
5
172.16.0.0/24
2
Internet
MN
HA
COA
CN
CN
MN
4
Home Agent
3
CN
MN
Home Network
130.236.189.0/24
Correspondent Node
Mobile IP Concerns
Route Optimization
Packet filtering
BCP is to not allow outbound traffic
from non-local sources
Foreign network firewalls
COA: 172.16.0.23
HA: 130.236.189.65
172.16.0.0/24
Registration and authentication
Performance
IPv4
Direct notification of CN
CN tunnels to MN
MN
Foreign Agent
Security
Mobile node
Internet
What if FA and CN are close, but
HA is a long way off?
FA
Issues
What if MN moves?
Security
g
in
nd
Bi
i
rn
wa
ng
Internet
Reliability
Single HA is vulnerable
e
g updat
Bindin
quest
re
g
in
Bind
owledge
g ackn
Bindin
Home Agent
Home Network
130.236.189.0/24
Correspondent Node
HA
Home Network
CN
Mobile IP
Challenges
Smooth handoffs
Route optimization
Security
Quality of Service
IPv6
Additional mobility support
Supports route optimization
Supports smooth handoffs
IP Implementation Issues
Still a research area
8
Flags
o
o
Which IP datagram is this?
Fragmentation is needed when the
datagram is larger than the path
MTU.
Fragmentation is an integral part of
IP.
Are there fragments?
May I fragment you?
Fragmentation offset
o
Which fragment is this?
IDENTIFICATION
FLAGS
IP HEADER
o
Reassembly of fragments
Identification
ID:
Flags:
Offset:
Length:
131
MF
0
100
IP HEADER
ID:
Flags:
Offset:
Length:
131
MF
200
100
IP HEADER
Fragmentation
ID:
131
Flags:
Offset: 300
Length: 45
REASSEMBLY BUFFER
FRAGMENTATION OFFSET
IP HEADER
Reassembly of fragments
ID:
Flags:
Offset:
Length:
Ping of Death
131
MF
0
100
Unspecified border cases
o
o
Deployment issues
o
Different implementations
behave differently
Some implementations don’t
behave well at all
Failure to communicate
Security issues
o
o
Direct attacks
Information gathering
IP HEADER
131
MF
50
200
So what?
Some IP implementations
would crash during reassembly
Fragment 1
o
o
Size: 65500 bytes
Offset: Zero
Fragment 2
o
o
Size 2048 bytes
Offset: 65500 bytes
REASSEMBLY BUFFER
ID:
Flags:
Offset:
Length:
Offset:
Length:
IP HEADER
ID:
131
Flags:
Offset: 300
Length: 45
IP HEADER
IP HEADER
REASSEMBLY BUFFER
Create IP datagram larger than
65535 bytes
Offset:
Length:
65500
2048
0
65500
Fragmentation abuse
Other examples
Reassembly timeouts (IP)
ID field generation (IP)
Retransmission timeouts (TCP)
Overlapping segments (TCP)
Initial window size (TCP)
ISN generation (TCP)
Query ID generation (DNS)
IDS Rules:
o
o
Datagrams starting with
”HACKME” are rejected
Pass all others
ID: 131; MF; FO: 0 H E A R N O T H
”Packet starts with HEARNO. Safe! I’ll pass it along.”
ID: 131; MF; FO: 8 I N G S C A R Y
That’s a fragment and it doesn’t look scary.
ID: 131; MF; FO: 1 A C K M E
I
That’s a fragment and it doesn’t look scary.
FOOLED
YOU!
ID: 131; --; FO: 9
AM
E V I L !
That’s a fragment and it doesn’t look scary.
REASSEMBLY BUFFER (ON VICTIM)
H A
E C
A R
KM
NO
E T H
I I N
AM
G S C
E A
V RI Y
L !
9
Internet Control Message Protocol
Some common ICMP types
0
Echo request
3
Destination unreachable
4
Source quench
5
Redirect
6
Alternate host address
8
Echo
9
Router advertisement
10
Router selection
11
Time Exceeded
12
Parameter Problem
13
Timestamp request
14
Timestamp reply
15
Information request
16
Information reply
17
Address mask request
18
Address mask reply
And That’s it for raw IP
(but we’re not quite done yet)
ICMP Uses
Traceroute
Examine a patcket’s path
through the network
Operation:
o
o
Send UDP packets with
increasing TTL
Match returning time exceeded
ICMP messages with UDP
packets
Destination unreachable codes [partial]
0 Net Unreachable
1
Host Unreachable
2 Protocol Unreachable
3
Port Unreachable
4 Fragmentation Needed
5
Source Route Failed
Time Exceeded codes
0 Time to live exceeded in transit
1
Fragment reassembly time exceeded
TYPE
CODE
CHECKSUM
DATA
ICMP Abuses
Path MTU discovery (RFC 1191)
Discover the smallest MTU
between communicating hosts
Operation
o
o
o
Set DF bit in all packets
Routerse set next-hop MTU
when sending fragmentation
neede messages
Decrease MTU when
fragmentation needed ICMP
messages are seen
Various messages
o
10.6.0.0/16
Redirect messages
o
Map out and get information
about hosts and networks
Fool a host or router to re-route
traffic (a bad thing)
Source quench messages
o
Echo request
SRC: 192.0.2.26
DST: 10.6.255.255
Cause denial of service
192.0.2.26
Summary
Topics covered:
IP protocol format
IP addressing
Subnetting/supernetting
Address planning
Address allocation
Fragmentation/reassembly
Congestion control
ICMP
Mobile IP
Missed topics:
Differentiated services
Most IP options
IP routing (later)
IPv6 (later)
10
