ppt
advertisement
COMS W4995-1 Lecture 3 IP Addressing Today: IP addressing Data link protocols and ARP Notes about lab IP Addressing Addressing defines how addresses are allocated and the structure of addresses IPv4 Classful IP addresses (obsolete) Classless inter-domain routing (CIDR) (RFC 854, current standard) IP Version 6 addresses What is an IP Address? Why Addresses? End-to-end argument (principle) Reading: http://web.mit.edu/Saltzer/www/publications/endtoend/endtoend.pdf Keep it Simple, Stupid What is an IP Address? An IP address is a unique global address for a network interface. An IP address uniquely identifies a network location. http://www.arin.net/whois http://www.iana.org/ipaddress/ip-addresses.htm Routers forwards a packet based on the destination address of the packet. IPv4 Addresses 32 bits version (4 bits) header length Type of Service/TOS (8 bits) flags (3 bits) Identification (16 bits) TTL Time-to-Live (8 bits) Total Length (in bytes) (16 bits) Protocol (8 bits) Fragment Offset (13 bits) Header Checksum (16 bits) Source IP address (32 bits) Destination IP address (32 bits) Ethernet Header IP Header TCP Header Ethernet frame Application data Ethernet Trailer IP v.4 Addresses 32 bits 0x4 0x5 0x00 9d08 12810 4410 0102 0000000000000 2 0x06 8bff 128.143.137.144 128.143.71.21 Ethernet Header IP Header TCP Header Ethernet frame Application data Ethernet Trailer IP v.4 Addressing An IP address is often written in dotted decimal notation Each byte is identified by a decimal number in the range [0..255]: 10000000 10001111 10001001 10010000 1st Byte 2nd Byte 3rd Byte 4th Byte = 128 = 143 = 137 = 144 128.143.137.144 Structure of an IP address 31 0 network prefix host number An IP address encodes both a network number (network prefix) and an interface number (host number). network prefix identifies a network the host number identifies a specific host (actually, interface on the network). How long the network prefix is? Before 1993: The network prefix is implicitly defined (class-based addressing) After 1993: The network prefix is indicated by a netmask. Before 1993: Class-based addressing The Internet address space was divided up into classes: Class A: Network prefix is 8 bits long Class B: Network prefix is 16 bits long Class C: Network prefix is 24 bits long Class D is multicast address Class E is reserved Classful IP Adresses (Until 1993) Each IP address contained a key which identifies the class: Class A: IP address starts with “0” Class B: IP address starts with “10” Class C: IP address starts with “110” Class D: IP address starts with “1110” Class E: IP address starts wit “11110” The old way: Internet Address Classes bit # 0 Class A 1 7 8 31 0 Network Prefix Host Number 8 bits 24 bits bit # 0 1 2 Class B 10 15 16 network id 110 host Network Prefix Host Number 16 bits 16 bits bit # 0 1 2 3 Class C 31 23 24 network id 31 host Network Prefix Host Number 24 bits 8 bits The old way: Internet Address Classes bit # 0 1 2 3 4 Class D 1110 31 multicast group id bit # 0 1 2 3 4 5 Class E 11110 31 (reserved for future use) The old way: Internet Address Classes Class Leading bits Start End 0.0.0.0 127.255.255.255 CIDR equivalent Class A 0 /8 Class B 10 128.0.0.0 191.255.255.255 /16 Class C 110 192.0.0.0 223.255.255.255 /24 Class D (multicast) 1110 224.0.0.0 239.255.255.255 NA Class E (reserved) 1111 240.0.0.0 255.255.255.255 NA Problems with Classful IP Addresses Fast growing routing table size Each router must have an entry for every network prefix ~ 221 = 2,097,152 class C networks In 1993, the size of routing tables started to outgrow the capacity of routers Other problems with classful addresses Address depletion for large networks Class A and Class B addresses were gone How many class A/B network prefixes can there be? Limited flexibility for network addresses: Class A and B addresses are overkill (>64,000 addresses) Class C address is insufficient (256 addresses) Classless Inter-domain routing (CIDR) 1993 Full description RFC 1518 & 1519 Network prefix is of variable length Addresses are allocated hierarchically Routers aggregate multiple address prefixes into one routing entry to minimize routing table size CIDR network prefix is variable length 128 Addr Mask 59 16 10000000 10001111 10001001 255 255 255 11111111 11111111 1111111 144 10010000 0 00000000 A network mask specifies the number of bits used to identify a network in an IP address. How? CIDR notation CIDR notation of an IP address: 128.143.137.144/24 /24 is the prefix length. It states that the first 24 bits are the network prefix of the address (and the remaining 8 bits are available for specific host addresses) CIDR notation can nicely express blocks of addresses An address block [128.195.0.0, 128.195.255.255] can be represented by an address prefix 128.195.0.0/16 How many addresses are there in a /x address block? 2 (32-x) CIDR hierarchical address allocation ISP 128.1.0.0/16 128.2.0.0/16 128.0.0.0/8 128.59.0.0/16 University Foo.com Bar.com Library 128.59.44.0/24 128.59.16.150 CS 128.59.16.0/24 IP addresses are hierarchically allocated. An ISP obtains an address block from a Regional Internet Registry An ISP allocates a subdivision of the address block to an organization An organization recursively allocates subdivision of its address block to its networks A host in a network obtains an address within the address block assigned to the network Hierarchical address allocation 128.59.16.[0 – 255] 128.59.16.150 128.59.0.0 – 128.59.255.255 128.0.0.0 - 128.255.255.255 ISP obtains an address block 128.0.0.0/8 [128.0.0.0, 128.255.255.255] ISP allocates 128.59.0.0/16 ([128.59.0.0, 128.59.255.255]) to the university. University allocates 128.59.16.0/24 ([128.59.16.0, 128.59.16.255]) to the CS department’s network A host on the CS department’s network gets one IP address 128.59.16.150 CIDR allows route aggregation You can reach 128.0.0.0/8 via ISP1 128.1.0.0/16 Foo.com ISP3 ISP1 128.2.0.0/16 I 128.0.0.0/8 128.0.0.0/8 ISP1 128.59.0.0/16 Bar.com University Library CS ISP1 announces one address prefix 128.0.0.0./8 to ISP2 ISP2 can use one routing entry to reach all networks connected to ISP1 CIDR summary A network prefix is of variable length: a.b.c.d/x Addresses are hierarchical allocated Routers aggregate multiple address prefixes into one routing entry to minimize routing table size. Security is still an issue Secure Routing & Path validation What problems CIDR does not solve (I) You can reach 128.0.0.0/8 And 204.1.0.0/16 via ISP1 ISP1 ISP2 128.0.0.0/8 204.0.0.0/8 ISP3 128.0.0.0/8 204.1.0.0/16 204.1.0.0/16 ISP1 Mutil-home.com 204.1.0.0/16 ISP1 An multi-homing site still adds one entry into global routing tables What problems CIDR does not solve (II) You can reach 128.0.0.0/8 And 204.1.0.0/16 via ISP1 ISP1 ISP2 128.0.0.0/8 204.0.0.0/8 204.1.0.0/16 ISP3 128.0.0.0/8 204.1.0.0/16 ISP1 Switched.com 204.1.0.0/16 ISP1 A site switches provider without renumbering still adds one entry into global routing tables Global routing tables continue to grow Source: http://bgp.potaroo.net/as4637/ Special IPv4 Addresses Reserved or (by convention) special addresses: Loopback interfaces all addresses 127.0.0.1-127.255.255.255 are reserved for loopback interfaces Most systems use 127.0.0.1 as loopback address loopback interface is associated with name “localhost” Broadcast address Host number is all ones, e.g., 128.143.255.255 Broadcast goes to all hosts on the network Often ignored due to security concerns Test / Experimental addresses 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 Convention (but not a reserved address) Default gateway has host number set to ‘1’, e.g., 128.195.4.1 Special IPv4 Addresses (RFC 3330) Addresses CIDR Equivalent Purpose RFC Class # of addresses 0.0.0.0 - 0.255.255.255 0.0.0.0/8 Zero Addresses RFC 1700 A 16,777,216 10.0.0.0 - 10.255.255.255 10.0.0.0/8 Private IP addresses RFC 1918 A 16,777,216 127.0.0.0 - 127.255.255.255 127.0.0.0/8 Localhost Loopback Address RFC 1700 A 16,777,216 169.254.0.0 - 169.254.255.255 169.254.0.0/16 Zeroconf RFC 3330 B 65,536 172.16.0.0 - 172.31.255.255 172.16.0.0/12 Private IP addresses RFC 1918 B 1,048,576 192.0.2.0 - 192.0.2.255 192.0.2.0/24 Documentation and Examples RFC 3330 C 256 192.88.99.0 - 192.88.99.255 192.88.99.0/24 IPv6 to IPv4 relay Anycast RFC 3068 C 256 192.168.0.0 - 192.168.255.255 192.168.0.0/16 Private IP addresses RFC 1918 C 65,536 198.18.0.0 - 198.19.255.255 198.18.0.0/15 Network Device Benchmark RFC 2544 C 131,072 224.0.0.0 - 239.255.255.255 224.0.0.0/4 Multicast RFC 3171 D 268,435,456 240.0.0.0 - 255.255.255.255 240.0.0.0/4 Reserved RFC 1700 E 268,435,456 IP Addressing (Summary) Addressing defines how addresses are allocated and the structure of addresses IPv4 Classful IP addresses (obsolete) Classless inter-domain routing (CIDR) (current standard) IP Version 6 addresses IPv6 - IP Version 6 IP Version 6 Designed to be the successor to the currently used IPv4 Specification completed in 1994 Makes improvements to IPv4 (no revolutionary changes) One (not the only !) feature of IPv6 is a significant increase in of the IP address to 128 bits (16 bytes) IPv6 will solve – for the foreseeable future – the problems with IP addressing 1024 addresses per square inch on the surface of the Earth. IPv6 Header 32 bits version (4 bits) Traffic Class (8 bits) Flow Label (24 bits) Next Header (8 bits) Payload Length (16 bits) Hop Limits (8 bits) Source IP address (128 bits) Destination IP address (128 bits) Ethernet Header IPv6 Header TCP Header Ethernet frame Application data Ethernet Trailer Notation of IPv6 addresses Convention: The 128-bit IPv6 address is written as eight 16bit integers (using hexadecimal digits for each integer) CEDF:BP76:3245:4464:FACE:2E50:3025:DF12 Short notation: Abbreviations of leading zeroes: CEDF:BP76:0000:0000:009E:0000:3025:DF12 CEDF:BP76:0:0:9E :0:3025:DF12 “:0000:0000:0000” can be written as “::” CEDF:BP76:0:0:FACE:0:3025:DF12 CEDF:BP76::FACE:0:3025:DF12 IPv4 address in IPv6 IPv6 addresses derived from IPv4 addresses have 96 leading zero bits. Convention allows to use IPv4 notation for the last 32 bits. ::80:8F:89:90 ::128.143.137.144 IPv6 vs. IPv4: Address Comparison IPv4 has a maximum of 232 4 billion addresses IPv6 has a maximum of 2128 = (232)4 4 billion x 4 billion x 4 billion x 4 billion addresses Is IPv6 widely deployed? Data Link Layer The main tasks of the data link layer are: Transfer data from the network layer of one machine to the network layer of another machine Convert the raw bit stream of the physical layer into groups of bits (“frames”) Network Layer Network Layer Data Link Layer Data Link Layer Physical Layer Physical Layer TCP/IP Protocol Stack The TCP/IP protocol stack runs on top of multiple data link layers. Two data link layer technologies •Broadcast •Point-to-Point Application Layer Transport Layer Network Layer (Data) Link Layer Logical Link Control (LLC) Media Access Control (MAC) Sublayer in Local Area Networks Two types of networks at the data link layer Broadcast Networks: All stations share a single communication channel Point-to-Point Networks: Pairs of hosts (or routers) are directly connected Broadcast Network Point-to-Point Network Typically, local area networks (LANs) are broadcast and wide area networks (WANs) are point-to-point Local Area Networks Local area networks (LANs) connect computers within a building or a enterprise network Almost all LANs are broadcast networks Typical topologies of LANs are bus or ring or star We will work with Ethernet LANs. Ethernet has a bus or star topology. •Bus LAN •Ring LAN MAC and LLC In any broadcast network, the stations must ensure that only one station transmits at a time on the shared communication channel The protocol that determines who can transmit on a broadcast channel are called Medium Access Control (MAC) protocol The MAC protocol are implemented in the MAC sublayer which is the lower sublayer of the data link layer The higher portion of the data link to Network Layer layer is often called Logical Link Logical Link Control (LLC) Data Link Layer Control Medium Access Control to Physical Layer IEEE 802 Standards IEEE 802 is a family of standards for LANs, which defines an LLC and several MAC sublayers IEEE 802 standard IEEE Reference Model Higher layer issues 802.1 Logical Link Control 802.2 LLC 802.11 Wireless lan 802.5 Token ring 802.4 Token bus 802.3 CSMA/CS Medium Access Control Physical Layer Higher Layer Data Link Layer Physical Layer Ethernet Speed: Standard: 10Mbps -10 Gbps 802.3, Ethernet II (DIX) Most popular physical layers for Ethernet: 10Base5 10Base2 10Base-T 100Base-TX 100Base-FX 1000Base-FX 10000Base-FX Thick Ethernet: 10 Mbps coax cable Thin Ethernet: 10 Mbps coax cable 10 Mbps Twisted Pair 100 Mbps over Category 5 twisted pair 100 Mbps over Fiber Optics 1Gbps over Fiber Optics 1Gbps over Fiber Optics (for wide area links) Bus Topology 10Base5 and 10xBase2 Ethernets has a bus topology Ethernet Star Topology Starting with 10Base-T, stations are connected to a hub in a star configuration Hub Ethernet Hubs vs. Ethernet Switches An Ethernet switch is a packet switch for Ethernet frames Buffering of frames prevents collisions. Each port is isolated and builds its own collision domain An Ethernet Hub does not perform buffering: Collisions occur if two frames arrive at the same time. Hub Switch CSMA/CD CSMA/CD CSMA/CD CSMA/CD CSMA/CD CSMA/CD CSMA/CD CSMA/CD CSMA/CD CSMA/CD CSMA/CD CSMA/CD CSMA/CD HighSpeed Backplane CSMA/CD Input Buffers CSMA/CD CSMA/CD Output Buffers Ethernet and IEEE 802.3: Any Difference? There are two types of Ethernet frames in use, with subtle differences: “Ethernet” (Ethernet II, DIX (Digital-Intel-Xerox) 802.3: An industry standards from 1982 that is based on the first implementation of CSMA/CD by Xerox. Predominant version of CSMA/CD in the US. IEEE’s version of CSMA/CD from 1985. Interoperates with 802.2 (LLC) as higher layer. Difference for our purposes: Ethernet and 802.3 use different methods to encapsulate an IP datagram. Ethernet II, DIX Encapsulation (RFC 894) 802.3 MAC destination address source address type data CRC 6 6 2 46-1500 4 0800 IP datagram 2 38-1492 0806 ARP request/reply 2 28 0835 2 PAD 10 RARP request/reply PAD 28 10 IEEE 802.2/802.3 Encapsulation (RFC 1042) 802.3 MAC 802.2 LLC 802.2 SNAP destination address source address length DSAP AA SSAP AA cntl 03 org code 0 type data CRC 6 6 2 1 1 1 3 2 38-1492 4 0800 IP datagram 2 38-1492 0806 ARP request/reply PAD 2 28 10 - destination address, source address: MAC addresses are 48 bit - length: frame length in number of bytes - DSAP, SSAP: always set to 0xaa - Ctrl: set to 3 - org code: set to 0 - type field identifies the content of the data field - CRC: cylic redundancy check 0835 2 RARP request/reply PAD 28 10 Point-to-Point (serial) links Many data link connections are point-to-point serial links: Dial-in or DSL access connects hosts to access routers Routers are connected by high-speed point-to-point links Here, IP hosts and routers are connected by a serial cable Data link layer protocols for point-to-point links are simple: Main role is encapsulation of IP datagrams No media access control needed Access Router Modems Dial-Up Access Router Router Router Point-to-Point Links Router Data Link Protocols for Point-to-Point links SLIP (Serial Line IP) PPP (Point-to-Point Protocol): • • First protocol for sending IP datagrams over dial-up links (from 1988) Encapsulation, not much else Successor to SLIP (1992), with added functionality Used for dial-in and for high-speed routers HDLC (High-level Data Link Control) : • • • Widely used and influential standard (1979) Default protocol for serial links on Cisco routers Actually, PPP is based on a variant of HDLC PPP - IP encapsulation The frame format of PPP is similar to HDLC and the 802.2 LLC frame format: flag addr ctrl 7E FF 03 1 1 1 protocol data CRC flag 7E 2 <= 1500 0021 IP datagram C021 link control data 8021 network control data PPP assumes a duplex circuit Note: PPP does not use addresses Usual maximum frame size is 1500 2 1 Additional PPP functionality In addition to encapsulation, PPP supports: multiple network layer protocols (protocol multiplexing) Link configuration Link quality testing Error detection Option negotiation Address notification Authentication The above functions are supported by helper protocols: LCP PAP, CHAP NCP PPP Support protocols Link management: The link control protocol (LCP) is responsible for establishing, configuring, and negotiating a data-link connection. LCP also monitors the link quality and is used to terminate the link. Authentication: Authentication is optional. PPP supports two authentication protocols: Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP). Network protocol configuration: PPP has network control protocols (NCPs) for numerous network layer protocols. The IP control protocol (IPCP) negotiates IP address assignments and other parameters when IP is used as network layer. Address Resolution Protocol (ARP) Overview TCP UDP ICMP IP IGMP ARP Network Access RARP Media Transport Layer Network Layer Link Layer ARP and RARP Note: The Internet is based on IP addresses Data link protocols (Ethernet, FDDI, ATM) may have different (MAC) addresses The ARP and RARP protocols perform the translation between IP addresses and MAC layer addresses We will discuss ARP for broadcast LANs, particularly Ethernet LANs IP address (32 bit) ARP RARP Ethernet MAC address (48 bit) Processing of IP packets by network device drivers IP Input IP Output Put on IP input queue Yes Yes IP destination = multicast or broadcast ? No IP destination of packet = local IP address ? loopback Driver Put on IP input queue No: get MAC address with ARP Ethernet Ethernet Driver ARP ARP Packet IP datagram demultiplex Ethernet Frame Address Translation with ARP ARP Request: Argon broadcasts an ARP request to all stations on the network: “What is the hardware address of 128.143.137.1?” Argon 128.143.137.144 00:a0:24:71:e4:44 ARP Request: What is the MAC address of 128.143.71.1? Router137 128.143.137.1 00:e0:f9:23:a8:20 Address Translation with ARP ARP Reply: Router 137 responds with an ARP Reply which contains the hardware address Argon 128.143.137.144 00:a0:24:71:e4:44 Router137 128.143.137.1 00:e0:f9:23:a8:20 ARP Reply: The MAC address of 128.143.71.1 is 00:e0:f9:23:a8:20 ARP Packet Format Ethernet II header Destination address Source address Type 0x8060 6 6 2 ARP Request or ARP Reply 28 10 Hardware type (2 bytes) Hardware address length (1 byte) Padding CRC 4 Protocol type (2 bytes) Protocol address length (1 byte) Operation code (2 bytes) Source hardware address* Source protocol address* Target hardware address* Target protocol address* * Note: The length of the address fields is determined by the corresponding address length fields Example ARP Request from Argon: Source hardware address: Source protocol address: Target hardware address: Target protocol address: 00:a0:24:71:e4:44 128.143.137.144 00:00:00:00:00:00 128.143.137.1 ARP Reply from Router137: Source hardware address: Source protocol address: Target hardware address: Target protocol address: 00:e0:f9:23:a8:20 128.143.137.1 00:a0:24:71:e4:44 128.143.137.144 ARP Cache Since sending an ARP request/reply for each IP datagram is inefficient, hosts maintain a cache (ARP Cache) of current entries. The entries expire after a time interval. Contents of the ARP Cache: (128.143.71.37) at 00:10:4B:C5:D1:15 [ether] on eth0 (128.143.71.36) at 00:B0:D0:E1:17:D5 [ether] on eth0 (128.143.71.35) at 00:B0:D0:DE:70:E6 [ether] on eth0 (128.143.136.90) at 00:05:3C:06:27:35 [ether] on eth1 (128.143.71.34) at 00:B0:D0:E1:17:DB [ether] on eth0 (128.143.71.33) at 00:B0:D0:E1:17:DF [ether] on eth0 Proxy ARP Proxy ARP: Host or router responds to ARP Request that arrives from one of its connected networks for a host that is on another of its connected networks. Things to know about ARP What happens if an ARP Request is made for a nonexisting host? Several ARP requests are made with increasing time intervals between requests. Entually, ARP gives up (timeout). On some systems (including Linux) a host periodically sends ARP Requests for all addresses listed in the ARP cache. This refreshes the ARP cache content, but also introduces traffic. Gratuitous ARP Requests: A host sends an ARP request for its own IP address: Useful for detecting if an IP address has already been assigned. Vulnerabilities of ARP 1. Since ARP does not authenticate requests or replies, ARP Requests and Replies can be forged 2. ARP is stateless: ARP Replies can be sent without a corresponding ARP Request 3. According to the ARP protocol specification, a node receiving an ARP packet (Request or Reply) must update its local ARP cache with the information in the source fields, if the receiving node already has an entry for the IP address of the source in its ARP cache. (This applies for ARP Request packets and for ARP Reply packets) Vulnerabilities of ARP Typical exploitation of these vulnerabilities: A forged ARP Request or Reply can be used to update the ARP cache of a remote system with a forged entry (ARP Poisoning) This can be used to redirect IP traffic to other hosts Some notes on Lab 2 What is a single-segment network? 128.59.1.100 128.59.1.200 128.59.1.300 128.59.2.0/24 128.59.1.0/24 128.59.1.1 128.59.2.100 128.59.2.1 128.59.3.1 128.59.2.200 128.59.3.0/24 128.59.3.100 128.59.3.200 A single-segment network consists of interfaces connected by a single physical link, either a point-topoint link or a broadcast link. Interfaces on the same single-segment network have the same network prefix. How to identify a single segment IP network 128.59.2.100 128.59.1.100 128.59.1.200 128.59.1.300 128.59.1.1 128.59.3.1 128.59.2.200 128.59.3.100 128.59.2.1 128.59.3.200 Detach interfaces from routers or hosts Each isolated island is a single segment IP network Each interface on the same single segment IP network must have the same network address prefix Protocol specification vs implementation According to the ARP protocol specification, a node receiving an ARP packet (Request or Reply) must update its local ARP cache with the information in the source fields, if the receiving node already has an entry for the IP address of the source in its ARP cache. (This applies for ARP Request packets and for ARP Reply packets) Implementation may differ from the specification What you observe in the lab may not be universally true.
