Overview: Addressing
advertisement
Addressing
Jennifer Rexford
Advanced Computer Networks
http://www.cs.princeton.edu/courses/archive/fall08/cos561/
Tuesdays/Thursdays 1:30pm-2:50pm
What is Addressing?
• Providing suitable identifiers to nodes
– So you can direct data to a node
– So you know which node sent the data
– … and how to send data back to that node
• Addressing in the U.S. mail
– Zip code: 08540
– Street: Olden Street
– Building on street: 35
– Room in building: 306
– Name of occupant: Jennifer Rexford
???
Phone Numbers
• Hierarchical
– Country code (1)
– Area code (609)
– Local exchange (258)
– Subscriber number (5182)
• Some exceptions
– 800: indirection service (free for the caller)
– 900: indirection service (billed to the caller)
– Cell phone numbers, where the node is mobile
– ... blurring distinction between name and address
Overview of Today’s Class
• Two widely-used addressing schemes
– Medium Access Control (MAC) addresses
– Internet Protocol (IP) addresses
• Key concepts in addressing
– Number of unique addresses
– Allocating addresses to nodes
– Flat vs. hierarchical structure
– Persistent vs. temporary identifiers
– Handling diminishing address space
– Spoofing of source addresses
• Discussion of Clark88 and Saltzer81 papers
Some Questions
• Could every host on the Internet have an
arbitrary, unique numerical address?
– Would it scale?
• Is hierarchy necessary to make it scale?
– Tying the addressing to the topology & routing?
• What about mobile hosts?
• Who should allocate the addresses?
– Network provider? Device manufacturer?
• Does the sender of the traffic need to
authenticate itself? The destination?
– What about spoofing and impersonation?
Comparing MAC and IP Addresses
MAC
Assignment
IP
Size
Hard-coded in
the adaptor
48 bits
Configured or
learned
32 bits (in v4)
Structure
Flat
Hierarchical
Portability
Constant over life
of the adapter
Delivery within a
single network
Changes with
time and location
Delivery across
an inter-network
Purpose
E.g., social security number vs. postal address
MAC Addresses
MAC Addresses
• Flat name space of 48 bits
– Typically written in six octets in hex
– E.g., 00-15-C5-49-04-A9 for my Ethernet
• Organizationally unique identifier
– Assigned by IEEE Registration Authority
– Determines the first 24 bits of the address
– E.g., 00-15-C5 corresponds to “Dell Inc”
• Remainder of the MAC address
– Allocated by the manufacturer
– E.g., 49-04-A9 for my Ethernet card
Scalability Challenges
• MAC addresses are flat
– Multiple hosts on the same network
– No relationship between MAC addresses
• Data plane
– Forwarding based on MAC address
– Table size? Look-up overhead?
• Control plane
– Determining where the host is located
– Keeping the information up-to-date
Forwarding Frames to Destination Adapter
• Shared media
– Forward all frames on the shared media
– Adapter grabs frames with matching dest address
host
host ...
• Multi-hop switched networks
– Flood every frame over every link?
– Learn where the MAC address is located?
host
host
host
host
host
When to Learn?
• When the adapter connects to the network?
– Requires adaptor to register its presence
– Overhead even when not sending/receiving
– Leading to control messages and large tables
• When the adapter sends a frame?
– Source MAC address is in the frame
– Allows switch to learn about the adapter
• When the adapter needs to receive a frame?
– Destination MAC address is in the frame
– Switch needs to figure out how to get there
Motivation For Self Learning
• Switches forward frames selectively
– Forward frames only on segments that need them
• Switch table
– Maps dest MAC address to outgoing interface
– Goal: construct the switch table automatically
B
A
C
switch
D
Self Learning: Building the Table
• When a frame arrives
– Inspect the source MAC address
– Associate the address with the incoming interface
– Store the mapping in the switch table
– Use a TTL field to eventually forget the mapping
Switch learns
how to reach A.
B
A
C
D
Self Learning: Handling Misses
• When frame arrives with unfamiliar dest
– Forward the frame out all of the interfaces
– … except for the one where the frame arrived
– Hopefully, this case won’t happen very often
Switch floods frame
that is destined to C.
B
A
C
D
Switch Filtering/Forwarding
When switch receives a frame:
index switch table using MAC dest address
if entry found for destination
then {
if dest on segment from which frame arrived
then drop the frame
else forward the frame on interface indicated
}
else flood
forward on all but the interface
on which the frame arrived
MAC Addresses
• Disadvantages
– Large forwarding tables in the data plane
– Flooding overhead to learn location information
– Lack of privacy
• Advantages
– Persistent identifier (well, except for spoofing)
– Mobile hosts are easy to handle
– Forwarding-table look-up is a simple match
COS 461: Internet Control Protocols (#8)
• Dynamic Host Configuration Protocol (DHCP)
– End host learns how to send packets
– Learn IP address, DNS servers, and gateway
• Address Resolution Protocol (ARP)
– Others learn how to send packets to the end host
– Learn mapping between IP and MAC addresses
??? 1.2.3.7 1.2.3.156
host
host ...
DNS
host
host ...
DNS
5.6.7.0/24
1.2.3.0/24
1.2.3.19
router
router
router
COS 461: Hubs and Switches (#10)
• Different devices switch different things
– Physical layer: electrical signals (repeaters, hubs)
– Link layer: frames (bridges, switches)
– Network layer: packets (routers)
• Key ideas in switches
– Self learning of the switch table
– Cut-through switching
– Spanning trees
• Virtual LANs (VLANs)
Frame Packet TCP
header header header
User
data
Application gateway
Transport gateway
Router
Bridge, switch
Repeater, hub
IP Addresses
IP Addressing: Scalability Through Hierarchy
• Hierarchy through IP prefixes
– Routing between networks
– Allocation of address blocks
• Non-uniform hierarchy
– More efficient address allocation
– More complex packet forwarding
• Dealing with limited address space
– Larger address space (IPv6 with 128 bits)
– Sharing a small set of addresses (NAT)
– Dynamic assignment of addresses (DHCP)
Grouping Related Hosts
• The Internet is an “inter-network”
– Used to connect networks together, not hosts
– Needs a way to address a group of hosts
host
host ...
host
host
host ...
host
LAN 2
LAN 1
router
WAN
LAN = Local Area Network
WAN = Wide Area Network
router
WAN
router
Scalability Challenge
• Suppose hosts had arbitrary IP addresses
– Then every router would need a lot of information
– …to know how to direct packets toward the host
1.2.3.4
5.6.7.8
host
host ...
2.4.6.8
host
1.2.3.5
5.6.7.9
host
host ...
2.4.6.9
host
LAN 2
LAN 1
router
WAN
1.2.3.4
1.2.3.5
forwarding table
router
WAN
router
Hierarchy Through Prefixes
• Divided into network and host portions
• 12.34.158.0/24 is 24-bit prefix (28 addresses)
12
34
158
5
00001100 00100010 10011110 00000101
Network (24 bits)
Host (8 bits)
Example IP Address and Subnet Mask
Address
12
34
158
5
00001100 00100010 10011110 00000101
11111111 11111111 11111111 00000000
Mask
255
255
255
0
Scalability Improved
• Number related hosts from a common subnet
– 1.2.3.0/24 on the left LAN
– 5.6.7.0/24 on the right LAN
1.2.3.4
1.2.3.7 1.2.3.156
host ...
host
5.6.7.8 5.6.7.9 5.6.7.212
host
host
host ...
host
LAN 2
LAN 1
router
WAN
1.2.3.0/24
5.6.7.0/24
forwarding table
router
WAN
router
Easy to Add New Hosts
• No need to update the routers
– E.g., adding a new host 5.6.7.213 on the right
– Doesn’t require adding a new forwarding entry
1.2.3.4
1.2.3.7 1.2.3.156
host ...
host
5.6.7.8 5.6.7.9 5.6.7.212
host
host
host ...
host
LAN 2
LAN 1
router
WAN
router
WAN
router
host
5.6.7.213
1.2.3.0/24
5.6.7.0/24
forwarding table
Classful Addressing (and Dotted Quad Notation)
• In the olden days…
– Class A: 0*
• Very large /8 blocks (e.g., MIT has 18.0.0.0/8)
– Class B: 10*
• Large /16 blocks (e.g,. Princeton has 128.112.0.0/16)
– Class C: 110*
• Small /24 blocks (e.g., AT&T Labs has 192.20.225.0/24)
– Class D: 1110*
• Multicast groups
– Class E: 11110*
• Reserved for future use (sounds a bit scary…)
• And then, address space became scarce…
Classless Inter-Domain Routing (CIDR)
Use two 32-bit numbers to represent a network.
Network number = IP address + Mask
IP Address : 12.4.0.0
Address
Mask
IP Mask: 255.254.0.0
00001100 00000100 00000000 00000000
11111111 11111110 00000000 00000000
Network Prefix
for hosts
Usually written as 12.4.0.0/15
CIDR = Hierarchy in Address Allocation
• Prefixes are key to Internet scalability
– Routing protocols and packet forwarding based on prefixes
– Today, routing tables contain ~150,000-200,000 prefixes
12.0.0.0/16
12.1.0.0/16
12.2.0.0/16
12.3.0.0/16
12.0.0.0/8
:
:
:
12.253.0.0/16
12.254.0.0/16
12.3.0.0/24
12.3.1.0/24
:
:
12.3.254.0/24
12.253.0.0/19
12.253.32.0/19
12.253.64.0/19
12.253.96.0/19
12.253.128.0/19
12.253.160.0/19
12.253.192.0/19
:
:
:
Obtaining a Block of Addresses
• Separation of control
– Prefix: assigned to an institution
– Addresses: assigned to nodes by the institution
• Who assigns prefixes?
– Internet Corp. for Assigned Names and Numbers
• Allocates large blocks to Regional Internet Registries
– Regional Internet Registries (RIRs)
• E.g., ARIN (American Registry for Internet Numbers)
• Allocated to ISPs and large institutions in a region
– Internet Service Providers (ISPs)
• Allocate address blocks to their customers
• Who may, in turn, allocate to their customers…
whois –h whois.arin.net 128.112.136.35
OrgName: Princeton University
OrgID: PRNU
Address: Office of Information Technology
Address: 87 Prospect Avenue
City: Princeton
StateProv: NJ
PostalCode: 08544-2007
Country: US
NetRange: 128.112.0.0 - 128.112.255.255
CIDR: 128.112.0.0/16
NetName: PRINCETON
NetHandle: NET-128-112-0-0-1
Parent: NET-128-0-0-0-0
NetType: Direct Allocation
RegDate: 1986-02-24
Longest Prefix Match Forwarding
• Forwarding tables in IP routers
– Maps each IP prefix to next-hop link(s)
• Destination-based forwarding
– Packet has a destination address
– Router identifies longest-matching prefix
– Pushing complexity into forwarding decisions
forwarding table
destination
12.34.158.5
4.0.0.0/8
4.83.128.0/17
12.0.0.0/8
12.34.158.0/24
126.255.103.0/24
outgoing link
Serial0/0.1
Are 32-bit Addresses Enough?
• Not all that many unique addresses
– 232 = 4,294,967,296 (just over four billion)
– Plus, some are reserved for special purposes
– And, addresses are allocated in larger blocks
• And, many devices need IP addresses
– Computers, PDAs, routers, tanks, toasters, …
• Long-term solution: a larger address space
– IPv6 has 128-bit addresses (2128 = 3.403 × 1038)
Short-Term Solutions: Limping Along
• Network Address Translation
(COS 461 lecture #9)
– Allowing multiple hosts to share an IP address
– IP addresses not unique and not end-to-end
138.76.29.7
10.0.0.1
NAT
10.0.0.2
inside
outside
Short-Term Solutions: Limping Along
• Dynamic Host Configuration Protocol
(lecture #8)
– Share a pool of addresses among many hosts
– Dynamically assign an IP address upon request
arriving
client
DHCP server
233.1.2.5
Growth in the Number of IP Prefixes
Internet
bust
Internet
boom
CIDR
pre-CIDR
recovery?
Continued Growth in the Number of Prefixes
• Since 2005
– Now up to 250,000-300,000 prefixes
• Increased concern about scalability
– Data plane: longest-prefix match lookup times
– Control plane: memory and messages for routing
protocols
– http://trac.tools.ietf.org/group/irtf/trac/wiki/RoutingResearchGroup
• Exploration of architectural alternatives
– Avoid routers needing to know all prefixes
– Routing on ASes, using tunnels, caching, etc.
http://trac.tools.ietf.org/group/irtf/trac/wiki/RoutingResearchGroup
Design Philosophy of the DARPA
Internet Protocols
David Clark
Proc. ACM SIGCOMM, 1988
Fundamental Goal
• Effective technique for multiplexed utilization
of existing interconnected networks
• Concrete objective: connect the ARPAnet and
the ARPA packet radio network
• Must grapple with
– Diverse technologies, including legacy networks
– Separate administrative control
Second-Level Goals
• Main goals
– Survivability in the face of failure
– Multiple types of communication service
– Wide variety of network technologies
• Other goals
– Distributed management of resources
– Cost effectiveness
– Host attachment with low level of effort
– Accountability of resources
Design Consequences of the Goals
• Effective multiplexed utilization of existing networks
– Packet switching, not circuit switching
• Continued communication despite network failures
– Routers don’t store state about ongoing transfers
– End hosts provide key communication services
• Support for multiple types of communication service
– Multiple transport protocols (e.g., TCP and UDP)
• Accommodation of a variety of different networks
– Simple, best-effort packet delivery service
– Packets may be lost, corrupted, or delivered out of order
• Distributed management of network resources
– Multiple institutions managing the network
– Intradomain and interdomain routing protocols
Different Goals, Different Outcomes
• What about the unique needs of:
– Network operators for commercial carriers
– Secure, mission-critical networks (e.g., military)
• Different goals, and different priorities
– How would the goals differ?
– How would the priorities differ?
• Different outcomes
– What design decisions would change?
Mismatch With Network Operators
• Accountability of network resources
– But, routers don’t maintain state about transfers
– But, measurement isn’t part of the infrastructure
• Reliability/predictability of services
– But, IP doesn’t provide performance guarantees
– But, equipment is not very reliable (no “five-9s”)
• Fine-grain control over the network
– But, routers don’t do fine-grain resource allocation
– But, network self-configures after failures
• End-to-end control over communication
– But, end hosts adapt to congestion
– But, traffic may traverse multiple domains
Mismatch With Security
• The Internet must support multiplexed
utilization of existing interconnected networks
– Doesn’t consider the need to balance trade-offs
between interconnectivity and security
– Required security mechanisms are driven by the
limitations of the least capable legacy network
• Internet communication must continue despite
loss of networks or gateways
– Oversimplifies the nature of modern threats by not
including cyberattacks, signals intelligence, …
http://www.darpa.mil/STO/solicitations/AGN/index.html
Mismatch With Security
• The Internet must support multiple types of
communications service
– Mission-specific secure networks are not an
appropriate arena for experimentation/innovation
– Lack of separation between user applications and
network services needlessly exposes essential
services to easy attack by users
• The Internet architecture must accommodate
a variety of networks
– Cross-domain security solutions are particularly
difficult to design
Mismatch With Security
• The Internet architecture must permit
distributed management of its resources
– Existing distributed management is largely based
on assumptions of trust, allowing a single inept or
malicious user or administrator to create chaos
– Protocols do not have ways to limit damage from
errors or malicious users
– Defensive systems are layered upon protocols at
additional cost and complexity, instead of being
jointly designed with those protocols
– Configuration complexity and human error are the
largest source of vulnerability in many networks
Mismatch With Security
• Internet architecture must be cost effective
– To the extent that economic considerations may
be a root cause of poor security, a criterion
concerning the cost of network defense should
perhaps have a higher priority
• Internet architecture must permit host
attachment with a low level of effort
– It is unclear what minimum requirements must be
imposed on end systems in a secure network
• Resources used must be accountable
– Authentication and accountability are central to
availability, integrity, and confidentiality
Trade-Offs in Goals
• Is it possible to address these problems
– Decentralized management of the Internet
– Diverse layer-2 technologies like wireless
– Naïve, selfish, or malicious hosts
• Without sacrificing the other goals?
• Without a major change to the architecture?
