Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

EC310 Lecture 15

advertisement 
EC312 Lesson 27: Routing Part I
Objectives:
(a) State the purpose of the Address Resolution Protocol and describe its role in facilitating communication.
(b) Describe the mechanism for spoofing an ARP cache with misinformation.
(c) Describe how routing works at the network layer.
(d) Construct an optimal routing table for a router given a network diagram and using address aggregation.
(e) Describe how to make a routing decision based on the longest mask matching principle given a network
diagram and a destination IP address.
If you find the above cartoon outlandish, wait till you read this:
http://www.thefiscaltimes.com/Articles/2013/10/08/2-Billion-NSA-Spy-Center-Going-Flames
I. Address Resolution
We mentioned that to internetwork effectively, we must have an agreed upon global addressing scheme. Last
lecture, we discussed the addressing scheme used by the Internet Protocol, and mentioned how it is employed to
make a group of different networks appear to be a single network. This global address is the IP address.
Thus, from the lofty perspective of the network-layer, everyone using the network can be identified by their IP
address, and everyone using the network can interpret IP packets.
But… Wait a minute… Different physical networks do in fact exist. When sending data, the software at the
network layer works with IP addresses but, unfortunately, the data link layer and the physical layer hardware do
not speak IP; i.e., the physical and data link layers do not understand IP addresses or IP packets.
1
To be clear: A data link frame must use the frame format and addressing scheme for the specific technology or
product in use. Ethernet, for example, only understands 48-bit Ethernet addresses properly packaged within
Ethernet frames. Put another way: If we were somehow to place an IP packet directly over Ethernet, the
Ethernet protocol would not know what to make of it.
So, IP addresses must be translated to data link layer addresses before a frame can be sent. And the IP packet
itself must be placed (encapsulated) within the data field of the Ethernet frame.
Translating from an IP address to a hardware address is called address resolution.
1. Address Resolution Schemes. Two address resolution techniques exist:
A. Table Look-up. A network administrator could set up a table that provides the IP address to data link layer
address associations:
IP address
Data link layer address
When the software has an IP address and needs to determine the corresponding data-link address, it consults
the table. Unfortunately, if you ask a network administrator to maintain such a table for a large, complex
and dynamic network, they will want to kill you.
B. Message Exchange. Consider this scheme instead: A computer that needs to translate an IP address to a
data-link address sends a message requesting this information. This request essentially says: "I want to send
data to the user with IP address x; does anyone know the data-link layer address of the user with IP address
x."
We presume that each user knows their own Ethernet address and their own IP address. Another computer
replies with the correct association. This reply essentially says: "The user with IP address x has data link
address y."
2
The respondent providing the correct association can be the target computer (the computer that owns the IP
address x) or a server that stores the full network association table.
This technique is used by the Internet's Address Resolution Protocol.
2. The Address Resolution Protocol (ARP) The Address Resolution Protocol (ARP) has two message types:

A request message containing an IP address for which we want a data link layer address. An ARP
request is broadcast to all computers on the network.

A response message, which contains the IP and matching data link layer address. Only the computer
that corresponds to the IP address sends a response with its data link layer address. The response is not
broadcast, it is sent addressed only to the user that sent the request.
The main use of ARP is to associate a logical software address with a hardware address; that is: find the
hardware address of a node when its IP address is known. Since these days most hardware addresses are
Ethernet, ARP finds most use in associating 32 bit IP addresses to 48 bit Ethernet addresses.
Let's refine the pictures above, in terms of ARP. Suppose we have a network with User A, User B and three
other unnamed users. User A wants to send a packet to a user with IP address 141.23.56.23. To send the
information, User A must learn the Ethernet address for the user with IP address 141.23.56.23. User A sends an
ARP request to all users in the local network.
Forouzan, Data Communications and Networking, McGraw Hill, 2007
3
Example 1
How can an ARP request be sent to all users in the local network?
Solution:
This ARP request is received by all users. Each of the users examines the IP address in the ARP request to see
if that matches their IP address. Let's say that User B has IP address 141.23.56.23. User B (and only User B)
would send an ARP reply containing his Ethernet address. This reply is not broadcast; it is sent in a frame
addressed to User A's Ethernet address.
Forouzan, Data Communications and Networking, McGraw Hill, 2007
Note that ARP allows the seamless addition of new hosts while avoiding the need for a centralized database
containing IP address to Ethernet address pairings.
3. ARP Caching Most computer network communication involves a series of packet exchanges. During the
first exchange, a host learns the target host’s Ethernet address. But, what does it do for the second exchange?
Suppose, in the picture above, that User A has to send more data to IP address 141.23.56.23 a moment after the
first exchange. It would be wasteful to have to go through the whole ARP Request/ARP Reply rigmarole all
over again.
To avoid excess ARP traffic, each user maintains a table of recently received IP address – Ethernet Address
associations in a table called an ARP cache. In the example above, User A would make the following entry in
its ARP cache:
141.23.56.23
:
A4:6E:F4:59:83:AB
Before sending an ARP request, a user first checks its ARP cache to see if it already has the Ethernet address
that it needs (i.e., the Ethernet address for a specific IP address).
ARP table entries can become incorrect without warning. For this reason, each entry in the ARP cache has a
timer associated with it. When the timer expires, the entry is deleted from the cache. Typical values for this
timeout are 10 minutes.
Example 2
The Address Resolution Protocol works at which two layers?
Solution:
4
Figure 21.3 Encapsulation of ARP packet
4. ARP Packet
An ARP request is encapsulated in an Ethernet frame as shown below.
Forouzan, Data Communications and Networking, McGraw Hill, 2007
This frame is identified as an ARP message by a specific entry in the Ethernet frame's Type field. The ARP
Figure
21.2
ARP packet
packet format
is shown
below:
21.5
Forouzan, Data Communications and Networking, McGraw Hill, 2007
21.4
Example
3
How many bytes are in an ARP Request packet? How many bytes are in an ARP reply packet?
Solution:
Several of the fields in the ARP Request and ARP Reply will always be the same.

The first field is the hardware type: for Ethernet, this will always be 1.

Second field is the network layer protocol type: for IP this is always 080016

The third field is the length of the hardware address in bytes: for Ethernet, this will be 6

The fourth field is the length of the network layer protocol address in bytes: for IP this is always 4
An ARP Request is differentiated from an ARP Reply by the entry in the Operation field: A 1 is placed in this
field for ARP Request packets, and a 2 is placed in this field for ARP reply packets.
5
Let's look at an example in gory detail. Suppose, in the picture below, User A has IP address N1 and Ethernet
address L1 and that User System B has IP address N2 and Ethernet address L2.
Suppose User A wants to send important information to his friend, who he happens to know has IP address N2.
But User A does not know the proper Ethernet address. (Recall that User A cannot just put his information in
an IP packet, and just transmit the IP packet. User B's Network Interface card (NIC) expects to see an Ethernet
frame. It will not know what to make of an IP packet.)
User A would encapsulate an ARP request inside an Ethernet frame as shown below.
L1
Note that in the picture above, the letter M is used to denote the Ethernet broadcast address
FF:FF:FF:FF:FF:FF. The broadcast address is placed in the field for the destination address in the
Ethernet frame. Thus all other users—User B, User X, User Y and User Z—will received this frame and pass it
up to the network layer for examination.
Note that User A has included his own Ethernet address and IP address (L1 and N1) in the ARP request
message. Why would he do this, if his goal is simply to determine the Ethernet address for the user with IP
address N2?
The reason is this: If User A needs to send data to User B, it will very often mean that User B will have to send
data to User A soon thereafter. Most data exchanges are, after all, interactive. Thus, User B will likely need to
know User A's IP address-Ethernet address association. To save User B the trouble of having to send her own
ARP request (for A's information) in the future, User A will include its IP-Ethernet address pairing in its request
for B's information.
Notice that all hosts on the network immediately learn IP address – Ethernet address association for User A.
Thus all users make the following entry in their ARP cache:
N1
:
L1
6
Now, User B recognizes that the target IP address in the ARP Request is her IP address. Thus, it is User B's
Ethernet address that is being requested. This, User B will craft an ARP Reply packet as shown below.
L1
L2
To complete the story: After User A receives the ARP Reply from User B, User A will send the IP packet to
User B by placing the IP packet in the data field of an Ethernet frame.
Example 4
In the protocol layering model of TCP/IP, how is a host identified:
(a) At the Network Layer
(b) At the Data Link Layer
Solution:
Example 5
What are the two types of messages used by the Address Resolution Protocol?
Solution:
Example 6
When a sender wants to find out what MAC address corresponds to an IP address, to which MAC address
would she send an ARP request? (Circle the appropriate answer(s))
(a) 0.0.0.0
(b) ff:ff:ff:ff:ff:ff
(c) 255.255.255.255
(d) 00:00:00:00:00:00
Solution:
Example 7
Can an ARP Reply be sent without an ARP request?
Solution:
7
5. ARP Spoofing
A major flaw with ARP is that an ARP Reply message can be sent without a preceding
ARP Request. To see what problems might ensue, consider again our local network, for which we now know
User A and User B's IP address and Ethernet address pairing. We also indicate the IP address-Ethernet address
pairing for User X, who is actually Evil Jose!
Suppose User X (Evil Jose) sends an ARP Reply that, for practical purposes, says: IP address N2 is paired with
Ethernet address L3. Notice that this ARP Reply is not preceded by an ARP Request from any user.
Nevertheless, all other users—trusting souls that they are—will update their ARP cache with the entry:
N2
:
L3
Note that this information pairing is not correct: the correct Ethernet address for User B (who has IP address
N2) is L2, not L3. So…why would Evil Jose have sent this bad gouge to all users on this local network,
corrupting everyone's ARP cache?
He did this because he's frickin' EVIL!
Suppose User A now wants to send an IP packet to his friend (User B) with IP address N2. User A will check
his ARP cache and see that the packet should be encapsulated in an Ethernet frame addressed to … L3 (Evil
Jose). Thus the IP packet intended for User B will instead be routed to Evil Jose.
Sending an ARP Reply with an incorrect IP address–Ethernet address pairing with the intent to misdirect traffic
is termed ARP spoofing. If an attacker with Ethernet address Attacker's Ethernet Address wants
to steal traffic from a user with IP address Victim's IP address, he sends an ARP Reply saying:
IP address Victim's IP address is associated with Ethernet
address Attacker's Ethernet Address.
Example 8
One of your crewmembers has downloaded ARP-spoofing software.
(a) What does ARP spoofing software do?
(b) What is one malevolent purpose he could use this for?
Solution:
8
II. Sending IP Packets to Users on Your Own Network
If a destination IP address is in our same network, we directly deliver the IP packet. This is called, shockingly,
direct delivery. In direct delivery, the destination is on the same network as the sender. No routers are
involved as intermediaries.
How does the sender know the destination is on the same network?
The IP addresses of all machines on a single network will have the same network ID. So, the sender looks at
the destination’s network ID. Thus, a host can easily see if another host is directly connected.
How do we route to other hosts on the same network? Simple! The sender encapsulates the datagram in a data
link frame, binds the destination IP address to a physical hardware address, and sends the resulting frame
directly to the destination.
Example 9
Your IP Address is 10.16.58.92/27. Can you use direct delivery to send messages to the host
10.16.58.129?
Solution:
Example 10
Your IP Address is 10.226.58.15/24. Could you use direct delivery to send messages to the host
10.226.58.229?
Solution:
III Routing
If the destination IP address is not in our same network (i.e., if it does not have the same network ID), we
cannot directly deliver the IP packet. We must route the IP packet using routers: The source computer sends
the IP packet to the first router, who passes the IP packet to the next router, and so forth, until the final router
delivers the IP packet to the destination.
Routers operate at the network layer; indeed, one of the key network layer functions is routing: choosing an
appropriate path for packet flow.
9
Forouzan, Data Communications and Networking, McGraw Hill, 2007
2. Routing Tables We route IP packets by using a routing table, which must (somehow) convey the route to
the final destination. Each entity—host or router--maintains an IP routing table which provides information on
how to reach possible destinations. A host or router consults a routing table when making routing decisions.
Consider this naïve proposal for the use of a routing table: Maintain in each entity a routing table which lists
every possible destination IP address, and the full path needed from the entity to reach each possible
destination. In this scheme, a routing table might have billions of entries (since there might be billions of IP
addressesFigure
in use at any
time),Route
and each
of these versus
entries would
have multiple
pieces of data associated with it
22.2
method
next-hop
method
(the full route to the destination for this entry in the table).
This approach is not practical; the resulting routing tables would be gargantuan. Think of how slow routing
would be if the decision on where to send each and every packet required consultation with a table of billions of
entries. Moreover, think of the problem of constantly updating these huge tables as IP addresses are reassigned
to different hosts throughout the Internet.
So, early on, three clever ideas were employed to make routing tables as small as possible.
First clever idea: For each destination IP address, only store in the routing table the IP address of the next
hop.
Consider the small network below which shows three networks interconnected with two routers: R1 and R2.
Each of the three networks has many hosts connected to it, but, for simplicity, we only show two hosts: Host A
and Host B.
From Forouzan, Data Communications and Networking, McGraw Hill, 2007
10
22.5
Figure 22.2 Route method versus next-hop method
Let's consider the routing table for Host A, and, in particular, let's look at the entry for Host B. Originally, the
entry for Host B would have been:
2 Route
versus
next-hop
method
Thismethod
entry means:
To reach
Host B, send
the packet to router R1, who will in turn send it to router R2, who will
then send it to Host B.
The first clever idea recognizes that a host or router does not need to maintain information in its routing table
about the full path to a destination. Host A's routing table entry for Host B can be reduced to:
Router R1 will have its own routing table that will tell it that the next hop for destination Host B is router R2.
R2 will have its own routing table that will tell it that the next hop for destination Host B is direct delivery to
Host B.
Second clever idea: Instead of having routing table entries for each and every destination host, store routing
Figurenetworks.
22.3 Host-specific versus network-specific method
table entries for destination
Consider the network below which shows a portion of the routing table for Host S. Note that Host S has entries
for Hosts A, B, C and D.
22.5
Figure 22.3 Host-specific versus network-specific method
From Forouzan, Data Communications and Networking, McGraw Hill, 2007
Note that all four of these hosts (A, B, C and D) are on the same network N2. All packets delivered to these
four hosts will be delivered to the same network. Thus, we can collapse the four entries for A, B, C and D into
a single entry in the
routing table.
22.6
From Forouzan, Data Communications and Networking, McGraw Hill, 2007
11
22.6
All entities that connect to the same physical network share a common prefix (the network ID). Thus, routing
tables only need to contain network prefixes, and not complete IP addresses. Thus routing decisions are made
based on table lookup where routing tables keep only the network portion of the IP addresses (so the size of the
routing table is, at worst, proportional to the number of networks, not the number of hosts).
Third clever idea: Default Routing
To avoid large routing tables, group multiple destinations into a single default case. That is, when we want to
route a packet, we first check to see if the destination network ID is in the routing table; if not, send the packet
to the default router.
Figure
22.4
Default
method
Consider Host
A in the
network
below:
From Forouzan, Data Communications and Networking, McGraw Hill, 2007
22.7Host A has a connection to network N2 via router R1, and has a connection to the rest of the world
We see that
via router R2. It would make sense for Host A to have an entry in its routing table for network N2. But it would
make no sense for Host A to have any entries for any other specific networks since any destination other than
N2 will always be routed via router R2. So, by default, if the destination is not N2, we should send the packet
to R2.
Default routing is most useful when a host has a single connection to the Internet. Then routing is easy: If the
destination's network ID does not match mine, send the packet to the default router.
So, let's summarize the decisions that are made in routing, and show the form of the routing table.
Step 1. A packet shows up at a router X, needing to be routed to its final destination.
Step 2. Router X examines the destination's IP address and extracts the network address. In order to
extract the network address, the routing table for each network address must have the associated
12
mask. So, a column for the mask is included as the first column in the routing table for Router
X, shown below.
.5 Simplified forwarding module in classless address
So, Router X applies the mask in the first line of the table to the destination IP address:
.5 Simplified forwarding module in classless address
and checks to see if the extracted network ID matches the Network address show on the first
line:
.5 Simplified forwarding module in classless address
If it matches … Joy! … send the packet to the Next-hop address which is on this Interface:
.5 Simplified forwarding module in classless address
If it does not match, repeat the process for the second line of the routing table.
13
Example 11
Figure 22.6 Configuration for Example 22.1
The router R1 in the figure below connects the four different networks shown. The four networks connect to
the router’s four interfaces, labeled m0, m1, m2 and m3.
180.70.65.128/26
180.70.65.135/26
m3
(a)
Why does the router R1 have 4 different IP addresses?
Solution:
(b)
22.11
How would you verify that the router address 180.70.65.135/26 on the m0 interface is indeed on
the network 180.70.65.128/26 ?
Solution:
(c)
Your friend says: "Wait just a minute! The two different networks 180.70.65.128/26 and
180.70.65.192/26 look very similar. Are these really two different networks…i.e., are these really
two non-overlapping blocks of addresses?" How would you reply?
Solution:
(d)
Construct the routing
table.
Table
22.1 Routing table for router R1 in Figure 22.6
/26
We will see later that it is best to order the table by decreasing mask value…but let's proceed.
(e)
Suppose an IP packet with destination IP address 180.70.65.140 arrives at router R1. Explain how
the routing table is used to make a routing decision.
22.12
14
Solution:
(f)
Suppose an IP packet with destination IP address 201.4.22.35 arrives at router R1. What does it do?
Solution:
Figure 22.7 Address aggregation
Figure 22.7 Address aggregation
3. Address Aggregation Consider the network below, examining also the routing table for router R2.
From Forouzan, Data Communications and Networking, McGraw Hill, 2007
m0
m0
m0
m1
22.17
Notice that the four addresses are disposed of in the same way: place on interface mo. Let's look at just the last
octet of these four network addresses:
140.24.7.0 last octet:
140.24.7.64 last octet:
140.24.7.128 last octet:
140.24.7.192 last octet:
0
0
1
1
22.17
0
1
0
1
0
0
0
0
0
0
0
0
0
0
0
0
mask
15
0
0
0
0
0
0
0
0
0
0
0
0
Note that the first two bits in this fourth octet are part of the mask (which is /26). But examine these two bits
carefully! Any values of these two bits (00, 01, 10, 11) yield the same result: Send it out on interface m0.
Since these values of these two bits do not need to be considered (since they can take on any of the four
possibilities while yielding the same routing decision) we can move the mask up to /24 and consolidate these
four entries on a single line:
Example 12
Given the following diagram:
Use the technique of address aggregation to create the routing table for Router R2 with the minimum number of
entries.
Solution:
mask
Consider the following network, and the following routing table for router R2.
destination address 140.24.7.200 arrives at router R2.
16
Suppose a packet with
hing
igure 22.8 Longest mask matching
matching
matching
8
What happens? We see the IP packet is routed to the wrong location. How can we fix this problem?
To prevent this problem, routing tables are sorted from longest mask to shortest mask. This principle is called
longest mask matching.
Assistant Professor Patrick Vincent
Help us improve these notes! Send comments, corrections and clarifications to vincent@usna.edu
17
Related documents
7. Refer to the exhibit. Which value will be configured for Default
7. Refer to the exhibit. Which value will be configured for Default
CCNA 2 - Chapter 8 Study Guide 1. Why
CCNA 2 - Chapter 8 Study Guide 1. Why
Warriors of the net questions 1. What three things are put on the
Warriors of the net questions 1. What three things are put on the
Project-2 Overview
Project-2 Overview
PresentationTopicARPattack
PresentationTopicARPattack
prelab2
prelab2
IP Addresses
IP Addresses
STATEMENT OF WORK (SOW)
STATEMENT OF WORK (SOW)
TAP 206- 4: Motion under gravity
TAP 206- 4: Motion under gravity
Download
advertisement