CEN-444 Networks Structure And Protocols Internet protocol And Routing Mohammed Saleem Bhat m.bhat@mu.edu.sa Computer Engineering and Networks, College of Engineering , Majmaah University Routing Outline: IP: Internet Protocol. IP Addressing/ Subnet Mask. ARP: Address Resolution Protocol / IPV6 Routing VLANS: (Virtual LAN) TCP/UDP : Transmission Control Protocol / User Datagram Protocol NATing SNMP : Simple Network Management Protocol VPN: Virtual Private Networks . Computer Engineering and Networks, College of Engineering , Majmaah University Internet Protocol IP as a Routed Protocol IP is a connectionless, unreliable, best-effort delivery protocol. IP accepts whatever data is passed down to it from the upper layers and forwards the data in the form of IP Packets. All the nodes are identified using an IP address. Packets are delivered from the source to the destination using IP address Computer Engineering and Networks, College of Engineering , Majmaah University Internet Protocol Packet Propagation Computer Engineering and Networks, College of Engineering , Majmaah University Internet Protocol IP Address IP address is for the INTERFACE of a host. Multiple interfaces mean multiple IP addresses, i.e., routers. 32 bit IP address in dotted-decimal notation for ease of reading, i.e., 193.140.195.66 Address 0.0.0.0, 127.0.0.1 and 255.255.255.255 carries special meaning. IP address is divided into a network number and a host number. Also bits in Network or Host Address cannot be all 0 or 1. Computer Engineering and Networks, College of Engineering , Majmaah University Internet Protocol IP Address Computer Engineering and Networks, College of Engineering , Majmaah University Internet Protocol IP Address Computer Engineering and Networks, College of Engineering , Majmaah University Internet Protocol IP Address Class A : Address begins with bit 0. It has 8 bit network number (range 0.0.0.0-to-127.255.255.255), 24 bit host number. Class B : Address begins with bits 10. It has 16 bit network number (range 128.0.0.0-to-191.255.255.255), 16 bit host number. Class C : Address begins with bits 110. It has 24 bit network number (range 192.0.0.0-to-223.255.255.255), 8 bit host number. Class D : Begins with 1110, multicast addresses (224.0.0.0to-239.255.255.255) Class E : Begins with 11110, unused Computer Engineering and Networks, College of Engineering , Majmaah University Internet Protocol Subnet Mask Consider IP address = 192.168.2.25 First few bits (left to right) identify network/subnet Remaining bits identify host/interface Number of subnet bits is called subnet mask, e.g. Subnet IP Address range is 192.168.2.0 – 192.168.2.255 or Mask = 255.255.255.0 Subnet IP Address range is 192.168.2.0 – 192.168.2.15 or Mask = 255.255.255.240 Computer Engineering and Networks, College of Engineering , Majmaah University Internet Protocol IP Address, Subnet Mask and Gateway IP Address and Subnet Mask define the Subnet For Example IP address 172.31.1.0 and Subnet Mask of 255.255.240.0 means that the subnet address ranges from 172.31.0.0 to 172.31.15.255 Another notation is 172.31.1.0/28 The first Address is the Network Address and the last Address is the Broadcast Address. They are reserved and cannot be assigned to any node. The Gateway Address is the Address of the router where the packet should be sent in case the destination host does not belong to the same subnet Computer Engineering and Networks, College of Engineering , Majmaah University Internet Protocol IP Configuration of an Interface Static DHCP Computer Engineering and Networks, College of Engineering , Majmaah University Internet Protocol ARP ARP (Address Resolution Protocol) is used in Ethernet Networks to find the MAC address of a node given its IP address. Source node (say 192.168.2.32) sends broadcast message (ARP Request) on its subnet asking ``Who is 192.168.2.33’’. All computers on subnet receive this request Destination responds (ARP Reply) since it has 192.168.2.33 Provides its MAC address in response Computer Engineering and Networks, College of Engineering , Majmaah University Internet Protocol IPv6 Internet Protocol Version 4 is the most popular protocol in use today, although there are some questions about its capability to serve the Internet community much longer. IPv4 was finished in the 1970s and has started to show its age. The main issue surrounding IPv4 is addressing—or, the lack of addressing—because many experts believe that we are nearly out of the four billion addresses available in IPv4. Although this seems like a very large number of addresses, multiple large blocks are given to government agencies and large organizations. IPv6 could be the solution to many problems posed by IPv4 Computer Engineering and Networks, College of Engineering , Majmaah University Internet Protocol IPv6 IPv6 uses 128 bit address instead of 32 bit address. The IPv6 addresses are being distributed and are supposed to be used based on geographical location. Computer Engineering and Networks, College of Engineering , Majmaah University Routing ROUTING Computer Engineering and Networks, College of Engineering , Majmaah University Routing Router A router is a device that determines the next network point to which a packet should be forwarded toward its destination Allow different networks to communicate with each other A router creates and maintain a table of the available routes and their conditions and uses this information to determine the best route for a given packet. A packet will travel through a number of network points with routers before arriving at its destination. There can be multiple routes defined. The route with a lower weight/metric will be tried first. Computer Engineering and Networks, College of Engineering , Majmaah University Routing Routing Computer Engineering and Networks, College of Engineering , Majmaah University Routing Routing Protocols Static Routing Dynamic Routing IGP (Interior Gateway Protocol): Route data within an Autonomous System RIP (Routing Information Protocol) RIP-2 (RIP Version 2) OSPF (Open Shortest Path First) IGRP (Interior Gateway Routing Protocol) EIGRP (Enhanced Interior Gateway Routing Protocol) IS-IS EGP (Exterior Gateway Protocol): Route data between Autonomous Systems BGP (Border Gateway Protocol) Computer Engineering and Networks, College of Engineering , Majmaah University Internetworking Devices Internetworking Devices Device Description Hub Hubs are used to connect multiple users to a single physical device, which connects to the network. Hubs and concentrators act as repeaters by regenerating the signal as it passes through them. Bridge Bridges are used to logically separate network segments within the same network. They operate at the OSI data link layer (Layer 2) and are independent of higher-layer protocols. Switch Switches are similar to bridges but usually have more ports. Switches provide a unique network segment on each port, thereby separating collision domains. Today, network designers are replacing hubs in their wiring closets with switches to increase their network performance and bandwidth while protecting their existing wiring investments. Router Routers separate broadcast domains and are used to connect different networks. Routers direct network traffic based on the destination network layer address (Layer 3) rather than the workstationand dataNetworks, link layerCollege or MACofaddress. Computer Engineering Engineering , Majmaah University VLAN VLAN Computer Engineering and Networks, College of Engineering , Majmaah University VLAN VLANs VLANs (Virtual LAN) enable network managers to group users logically (based on functions, project teams or applications) rather than by physical location. Traffic can only be routed between VLANs. VLANs provide the segmentation traditionally provided by physical routers in LAN configuration. Computer Engineering and Networks, College of Engineering , Majmaah University VLAN VLANs and Inter VLAN Routing Computer Engineering and Networks, College of Engineering , Majmaah University VLAN Advantages of Using VLANs Broadcast Control— Just as switches physically isolate collision domains for attached hosts and only forward traffic out a particular port, VLANs provide logical bridging domains that confine broadcast and multicast traffic to the VLANs. Security— If you do not allow routing in a VLAN, no users outside of that VLAN can communicate with the users in the VLAN and vice versa. This extreme level of security can be highly desirable for certain projects and applications. Performance— You can assign users that require highperformance or isolated networking to separate VLANs. Computer Engineering and Networks, College of Engineering , Majmaah University TCP/UDP TCP/UDP Computer Engineering and Networks, College of Engineering , Majmaah University TCP/UDP TCP/UDP Transport Layer Protocol TCP is connection Oriented (uses checksum and acknowledgment) UDP is Connectionless Both use the concept of Connection Port Number (16 Bit Source Port Number and Destination Port Number) Standard Applications have standard Port Numbers (Email 25, Telnet 23, FTP 20 & 21, SSH 22) Computer Engineering and Networks, College of Engineering , Majmaah University Natting NATTING Computer Engineering and Networks, College of Engineering , Majmaah University Natting Private vs Public IP Addresses Whatever connects directly into Internet must have public (globally unique) IP address There is a shortage of public IPv4 address So Private IP addresses can be used within a private network Three address ranges are reserved for private usage 10.0.0.0/8 172.16.0.0/16 to 172.31.0.0/16 192.168.0.0/24 to 192.168.255.0/24 A private IP is mapped to a Public IP, when the machine has to access the Internet Computer Engineering and Networks, College of Engineering , Majmaah University Natting NAT NAT (Network Address Translation) Maps Private IPs to Public IPs It is required because of shortage of IPv4 Address H1 H3 H2 10.0.1.2 10.0.1.3 Private network 1 H5 213.168.112.3 10.0.1.1 H4 10.0.1.2 10.0.1.1 10.0.1.3 Private network 2 Internet Router/NAT 128.195.4.119 Router/NAT 128.143.71.21 Computer Engineering and Networks, College of Engineering , Majmaah University Natting NAT Static NAT : Maps unique Private IP to unique Public IP Dynamic NAT : Maps Multiple Private IP to a Pool of Public IPs (Port Address Translation : Maps a Public IP and Port Number to a service in Private IP) Source = 128.143.71.21 Source port = 3200 Source = 10.0.1.2 Source port = 2001 Private address: 10.0.1.2 H1 Private network Private address: 10.0.1.3 H2 Source = 10.0.1.3 Source port = 1090 128.143.71.21 Internet NAT Source = 128.143.71.21 Destination = 4444 Computer Engineering and Networks, College of Engineering , Majmaah University SNMP SNMP Computer Engineering and Networks, College of Engineering , Majmaah University SNMP Simple Network Management Protocol SNMP is a framework that provides facilities for managing and monitoring network resources on the Internet. Components of SNMP: SNMP agents SNMP managers Management Information Bases (MIBs) SNMP protocol itself SNMP agent SNMP manager SNMP protocol messages SNMP agent SNMP agent Computer Engineering and Networks, College of Engineering , Majmaah University SNMP SNMP SNMP is based on the manager/agent model consisting of a manager, an agent, a database of management information, called as MIB. The manager provides the interface between the human network manager and the management system. The agent provides the interface between the manager and the physical device(s) being managed. Computer Engineering and Networks, College of Engineering , Majmaah University SNMP SNMP SNMP uses five basic messages (GET, GET-NEXT, GETRESPONSE, SET, and TRAP) to communicate between the manager and the agent. The GET and GET-NEXT messages allow the manager to request information for a specific variable. The agent, upon receiving a GET or GET-NEXT message, will issue a GET-RESPONSE message to the manager with either the information requested or an error indication as to why the request cannot be processed. A SET message allows the manager to request a change be made to the value of a specific variable in the case of an alarm remote that will operate a relay. The agent will then respond with a GET-RESPONSE message indicating the change has been made or an error indication as to why the change cannot be made. The TRAP message allows the agent to spontaneously inform the manager of an ‘important’ event. Computer Engineering and Networks, College of Engineering , Majmaah University VPN VPN Computer Engineering and Networks, College of Engineering , Majmaah University VPN VPN VPN is a private connection between two systems or networks over a shared or public network (typically Internet). VPN technology lets an organization securely extend its network services over the Internet to remote users, branch offices, and partner companies. In other words, VPN turns the Internet into a simulated private WAN. VPN is very appealing since the Internet has a global presence, and its use is now standard practice for most users and organizations. Computer Engineering and Networks, College of Engineering , Majmaah University VPN VPN Computer Engineering and Networks, College of Engineering , Majmaah University VPN How VPN Works To use the Internet as a private Wide Area Network, organizations may have to address two issues : First, networks often communicate using a variety of protocols, such as IPX and NetBEUI, but the Internet can only handle TCP/IP traffic. So VPN may need to provide a way to pass non-TCP/IP protocols from one network to another. Second data packets traveling the Internet are transported in clear text. Therefore, anyone who can see Internet traffic can also read the data contained in the packets. This is a problem if companies want to use the Internet to pass important, confidential business information. Computer Engineering and Networks, College of Engineering , Majmaah University VPN How VPN Works VPN overcome these obstacles by using a strategy called Tunneling. Instead of packets crossing the Internet out in the open, data packets are fist encrypted for security, and then encapsulated in an IP packet by the VPN and tunneled through the Internet. The VPN tunnel initiator on the source network communicates with a VPN tunnel terminator on the destination network. The two agree upon an encryption scheme, and the tunnel initiator encrypts the packet for security. Computer Engineering and Networks, College of Engineering , Majmaah University VPN Advantages of Using VPN VPN technology provides many benefits. Perhaps the biggest selling point for VPN is cost savings. One can avoid having to purchase expensive leased lines to branch offices or partner companies. On another cost-related note, you can evade having to invest in additional WAN equipment and instead leverage your existing Internet installation. Another benefit of VPN is that it is an ideal way to handle mobile users. Computer Engineering and Networks, College of Engineering , Majmaah University