Chapter 4 Network Layer: The Data Plane
Chapter 4: network layer
All material copyright 1996-2016
J.F Kurose and K.W. Ross, All Rights Reserved
Chapter 4: outline
Network layer
4.1 Overview of Network layer
4.4 Generalized Forward and SDN
transport segment from sending to receiving host
application transport network data link physical
• data plane
• match
network
data link physical
data link physical
• control plane
4.2 What’s inside a router 4.3 IP: Internet Protocol
• action
data link physical
data link physical
• datagram format
network
• fragmentation
network layer protocols in every host, router
network
application transport network data link physical
• IPv4 addressing
data link physical
network
• network address translation
data link physical
• IPv6
router examines header fields in all IP datagrams passing through it
• OpenFlow examples of match-plus-action in action
on receiving side, delivers segments to transport layer
network
network
Network Layer: Data Plane 4-1
Network Layer: Data Plane 4-2
Network Layer: Data Plane 4-3
Network Layer: Data Plane 4-4
chapter goals:
understand principles behind network layer services, focusing on data plane:
• network layer service models • forwarding versus routing
• how a router works
• generalized forwarding
instantiation, implementation in the Internet
on sending side encapsulates segments into datagrams
network
network
data link physical
network
network
network
data link physical
data link physical
data link physical
data link physical
Two key network-layer functions
Network layer: data plane, control plane
network-layer functions: analogy: taking a trip
Data plane Control plane
forwarding: move packets forwarding: process of
local,per-routerfunction network-widelogic
from router’s input to appropriate router output
getting through single interchange
determines how datagram arriving on router input
port is forwarded to
router output port
determines how datagram is routed among routers along end-end path from source host to destination host
routing: determine route taken by packets from source to destination
routing: process of planning trip from source to destination
forwarding function
two control-plane approaches:
• routing algorithms
values in arriving packet header
• traditional routing algorithms: implemented in routers
Per-router control plane
Logically centralized control plane
Individual routing algorithm components in each and every router interact in the control plane
A distinct (typically remote) controller interacts with local control agents (CAs)
values in arriving packet header
values in arriving packet header
CA CA CA CA
Routing Algorithm
control plane
control plane
0111 1 32
0111 1 32
Network Layer: Data Plane 4-5
Network Layer: Data Plane 4-6
data plane
data plane
Network Layer: Control Plane 5-7
Network Layer: Control Plane 5-8
0111 1 32
• software-defined networking (SDN): implemented in (remote) servers
CA
Remote Controller
Network service model
Network layer service models:
Q: What service model for “channel” transporting datagrams from sender to receiver?
Network Service Architecture Model
Guarantees ?
Congestion feedback
example services for individual datagrams:
example services for a flow of datagrams:
Internet best effort ATM CBR
Bandwidth Loss none no
Order Timing no no
yes yes yes yes yes no
no (inferred via loss)
no congestion no congestion yes
guaranteed delivery
guaranteed delivery with
in-order datagram delivery
ATM VBR ATM ABR ATM UBR
constant yes rate
guaranteed yes rate
less than 40 msec delay
guaranteed minimum bandwidth to flow
guaranteed no minimum
none no
Chapter 4: outline
Router architecture overview
4.1 Overview of Network layer
4.4 Generalized Forward and SDN
high-level view of generic router architecture:
• data plane
• match
routing processor
routing, management control plane (software) operates in millisecond time frame
• control plane
4.2 What’s inside a router 4.3 IP: Internet Protocol
• action
• datagram format
(hardware) operttes in nanosecond timeframe
• fragmentation
high-seed switching fabric
• IPv4 addressing
• network address translation
• IPv6
router input ports
router output ports
restrictions on changes in inter-packet spacing
yes no
no
• OpenFlow examples of match-plus-action in action
forwarding data plane
Network Layer: Data Plane 4-9
Network Layer: Data Plane 4-10
Network Layer: Data Plane 4-11
Network Layer: Data Plane 4-12
Input port functions
Input port functions
physical layer:
physical layer:
bit-level reception
bit-level reception
decentralized switching:
using header field values, lookup output
data link layer:
decentralized switching:
using header field values, lookup output
data link layer:
e.g., Ethernet see chapter 5
port using forwarding table in input port memory (“match plus action”)
e.g., Ethernet see chapter 5
port using forwarding table in input port memory (“match plus action”)
Destination Address Range
Link Interface 0
when looking for forwarding table entry for given destination address, use longest address prefix that matches destination address.
line termination
link layer protocol
lookup, forwarding
switch fabric
line termination
link layer protocol
lookup, forwarding
switch fabric
11001000 00010111 00010000 00000000
through
11001000 00010111 00010111 11111111
11001000 00010111 00011000 00000000
Destination Address Range
Link interface 0
1
2
through
1
11001000 00010111 00010*** ********* 11001000 00010111 00011000 ********* 11001000 00010111 00011*** ********* otherwise
11001000 00010111 00011000 11111111
11001000 00010111 00011001 00000000
2 3
through
3
11001000 00010111 00011111 11111111
otherwise
examples:
(receive)
queueing
(receive)
queueing
goal: complete input port processing at ‘line speed’
destination-based forwarding: forward based only on destination IP address (traditional)
queuing: if datagrams arrive faster than forwarding rate into switch fabric
generalized forwarding: forward based on any set of header field values
Destination-based forwarding
Longest prefix matching
forwarding table
longest prefix matching
Q: but what happens if ranges don’t divide up so nicely?
Network Layer: Data Plane 4-15
DA: 11001000 00010111 00010110 10100001 DA: 11001000 00010111 00011000 10101010
which interface? which interface?
Network Layer: Data Plane 4-13
Network Layer: Data Plane 4-14
Network Layer: Data Plane 4-16
Switching fabrics
Switching via memory
transfer packet from input buffer to appropriate output buffer
first generation routers:
switching rate: rate at which packets can be transfer from inputs to outputs
traditional computers with switching under direct control of CPU
• often measured as multiple of input/output line rate • N inputs: switching rate N times line rate desirable
packet copied to system’s memory
speed limited by memory bandwidth (2 bus crossings per
three types of switching fabrics memory
input port (e.g., Ethernet)
memory
output port (e.g., Ethernet)
memory bus
crossbar
system bus
Switching via a bus
Switching via interconnection network
datagram from input port memory to output port memory via a
overcome bus bandwidth limitations
shared bus
banyan networks, crossbar, other interconnection nets initially developed to connect processors in multiprocessor
buscontention: switchingspeed limited by bus bandwidth
advanced design: fragmenting datagram into fixed length cells, switch cells through the fabric.
32 Gbps bus, Cisco 5600: sufficient speed for access and enterprise routers
bus
crossbar
Network Layer: Data Plane 4-17
Network Layer: Data Plane 4-18
Network Layer: Data Plane 4-19
Network Layer: Data Plane 4-20
datagram)
Cisco 12000: switches 60 Gbps through the interconnection network
Input port queuing
Output ports
This slide in HUGELY important!
fabric slower than input ports combined -> queueing may occur at input queues
datagram buffer
• queueing delay and loss due to input buffer overflow!
Head-of-the-Line (HOL) blocking: queued datagram at front
switch fabric
link line
of queue prevents others in queue from moving forward
layer protocol (send)
termination
switch fabric
switch fabric
buffering required when datagrams arrive Datagram (packets) can be lost
output port contention: only one red datagram can be transferred.
lower red packet is blocked
one packet time later: green packet experiences HOL blocking
rate
scheduling discipline chooses among queued
Output port queueing
How much buffering?
switch fabric
switch fabric
RFC 3439 rule of thumb: average buffering equal to “typical” RTT (say 250 msec) times link capacity C
at t, packets more from input to output
one packet time later
equal to
. RTT C
buffering when arrival rate via switch exceeds output line speed
N
queueing (delay) and loss due to output port buffer overflow!
Network Layer: Data Plane 4-21
Network Layer: Data Plane 4-22
Network Layer: Data Plane 4-23
Network Layer: Data Plane 4-24
queueing
from fabric faster than the transmission
due to congestion, lack of buffers
Priority scheduling – who gets best datagrams for trpaenrfsomrmisasnicoen, network neutrality
• e.g., C = 10 Gpbs link: 2.5 Gbit buffer
recent recommendation: with N flows, buffering
Scheduling mechanisms
Scheduling policies: priority
scheduling: choose next packet to send on link
priority scheduling: send highest priority queued packet
high priority queue (waiting area)
FIFO (first in first out) scheduling: send in order of arrival to queue
arrivals
departures
• real-world example?
• discard policy: if packet arrives to full queue: who to discard?
multiple classes, with different priorities
classify link
• tail drop: drop arriving packet
• priority: drop/remove on priority basis • random: drop/remove randomly
• class may depend on marking or other header info, e.g. IP source/dest, port numbers, etc.
low priority queue (server) (waiting area)
packet arrivals
queue link
packet departures
1324 5
(waiting area)
(server)
Scheduling policies: still more
Scheduling policies: still more
Round Robin (RR) scheduling:
Weighted Fair Queuing (WFQ):
multiple classes
cyclically scan class queues, sending one complete
generalized Round Robin
each class gets weighted amount of service in
packet from each class (if available) real world example?
each cycle
real-world example?
arrivals
service departures
2 1345
packet
in1324 5
1324 5
Network Layer: Data Plane 4-25
Network Layer: Data Plane 4-26
Network Layer: Data Plane 4-27
Network Layer: Data Plane 4-28
• real world example?
packet
in1324 5
arrivals
service departures
2 1345
…
…
Chapter 4: outline
The Internet network layer
4.1 Overview of Network layer
4.4 Generalized Forward and SDN
transport layer: TCP, UDP
• data plane •
match action
• control plane • 4.2 What’s inside a router • 4.3 IP: Internet Protocol
routing protocols
IP protocol
• datagram format
forwarding table
ICMP protocol
• fragmentation
• error reporting • router “signaling”
• IPv4 addressing
• network address translation
link layer physical layer
• IPv6
IP datagram format
IP fragmentation, reassembly
IP protocol version number header length (bytes) “type” of data
32 bits
total datagram length (bytes)
max number remaining hops
header checksum
in: one large datagram out: 3 smaller datagrams
(decremented at each router)
live
layer
32 bit source IP address
• different link types, different MTUs
upper layer protocol to deliver payload to
32 bit destination IP address options (if any)
large IP datagram divided (“fragmented”) within net
how much overhead?
data (variable length, typically a TCP or UDP segment)
• “reassembled” only at final destination
20 bytes of TCP
to visit.
20 bytes of IP
= 40 bytes + app layer overhead
• IP header bits used to identify, order related fragments
ver head. type of len service
length
network links have MTU (max.transfer size) – largest possible link-level frame
16-bit identifier time to upper
flgs
fragment offset
for fragmentation/ reassembly
fragmentation:
OpenFlow examples of match-plus-action in action
network layer
• path selection
• RIP, OSPF, BGP
• addressing conventions
• datagram format
• packet handling conventions
Network Layer: Data Plane 4-29
Network Layer: Data Plane 4-30
e.g. timestamp, record route taken, specify list of routers
• one datagram becomes several datagrams
reassembly
Network Layer: Data Plane 4-31
Network Layer: Data Plane 4-32
host, router network layer functions:
IP fragmentation, reassembly
Chapter 4: outline
example:
length ID fragflag offset =4000=x =0 =0
4.1 Overview of Network layer
4.4 Generalized Forward and SDN
4000 byte datagram MTU = 1500 bytes
one large datagram becomes several smaller datagrams
• data plane
• match
1480 bytes in data field
length ID =1500=x
fragflag offset =1 =0
• OpenFlow examples of match-plus-action in action
offset = 1480/8
length ID =1500 =x
fragflag offset =1 =185
• datagram format
IP addressing: introduction
IP addressing: introduction
IP address: 32-bit identifier for host, router
223.1.1.1
Q: how are interfaces actually connected?
223.1.1.1
interface
223.1.1.2
223.1.1.4
223.1.2.1 223.1.2.9
A: we’ll learn about that in chapter 5, 6.
223.1.1.2
223.1.1.4
223.1.2.1 223.1.2.9
interface: connection between host/router and physical link
223.1.1.3
223.1.3.27
223.1.1.3
223.1.3.27
• router’s typically have multiple interfaces
223.1.2.2
223.1.2.2
• host typically has one or two interfaces (e.g., wired Ethernet, wireless 802.11)
A: wired Ethernet interfaces connected by Ethernet switches
IP addresses associated with each interface
223.1.1.1 = 11011111 00000001 00000001 00000001 223 1 1 1
For now: don’t need to worry about how one interface is connected to another (with no intervening router)
A: wireless WiFi interfaces connected by WiFi base station
length ID =1040 =x
fragflag offset =0 =370
• network address translation
223.1.3.1
223.1.3.2
223.1.3.1
223.1.3.2
Network Layer: Data Plane 4-33
Network Layer: Data Plane 4-34
Network Layer: Data Plane 4-35
Network Layer: Data Plane 4-36
• control plane
4.2 What’s inside a router 4.3 IP: Internet Protocol
• action
• fragmentation
• IPv4 addressing
• IPv6
Subnets IP address:
Subnets
• subnet part – high order bits
223.1.1.1
recipe
223.1.1.1
• host part – low order bits
223.1.2.2
223.1.2.2
what’s a subnet ?
223.1.1.3
223.1.3.27
223.1.1.3
223.1.3.27
• device interfaces with same subnet part of IP address
subnet
subnet
• can physically reach each other without intervening router
network consisting of 3 subnets
223.1.3.0/24
Subnets how many?
223.1.1.2
IP addressing: CIDR
223.1.2.1
223.1.2.2
223.1.3.1
223.1.3.27 223.1.3.2
11001000 00010111 00010000 00000000 200.23.16.0/23
223.1.9.1 223.1.2.6
223.1.7.1
subnet host part part
223.1.1.1
223.1.1.4
CIDR: Classless InterDomain Routing
223.1.1.2 223.1.1.4
223.1.2.1 223.1.2.9
to determine the subnets, detach each interface from its host or router, creating islands of isolated networks
223.1.1.2 223.1.1.4
223.1.2.1 223.1.2.9
223.1.3.1
223.1.3.2
each isolated network is called a subnet
223.1.3.1
223.1.3.2
223.1.9.2
223.1.7.0
• address format: a.b.c.d/x, where x is # bits in subnet portion of address
223.1.8.1
223.1.8.0
223.1.1.3
• subnet portion of address of arbitrary length
Network Layer: Data Plane 4-37
Network Layer: Data Plane 4-38
Network Layer: Data Plane 4-39
Network Layer: Data Plane 4-40
223.1.1.0/24
223.1.2.0/24
subnet mask: /24
IP addresses: how to get one?
DHCP: Dynamic Host Configuration Protocol
Q: How does a host get IP address?
hard-coded by system admin in a file
goal: allow host to dynamically obtain its IP address from network server when it joins network
• Windows: control-panel->network->configuration- >tcp/ip->properties
• can renew its lease on address in use
• allows reuse of addresses (only hold address while
• UNIX: /etc/rc.config
DHCP: Dynamic Host Configuration Protocol:
connected/“on”)
• support for mobile users who want to join network (more
dynamically get address from as server • “plug-and-play”
DHCP overview:
DHCP client-server scenario
DHCP client-server scenario
223.1.1.0/24
dest.: 255.255.255.255,67 DHCPysiaedrdvr:er0o.0u.0t.0there? transaction ID: 654
223.1.1.1
223.1.2.1
223.1.1.2 223.1.1.4
223.1.2.9
arriving DHCP client needs address in this network
dest: 255.255.255.255, 68 seryviaedrd!rrH: 2e2r3e.1’s.2.a4n IP
223.1.1.3
223.1.3.27
src: 0.0.0.0, 68
223.1.3.1
223.1.3.2
DHCP ACK
223.1.3.0/24
transaction ID: 655 lifetime: 3600 secs
DHCP server
Broadcast: is there a
223.1.2.2
DHCP request
223.1.2.0/24
yiaddrr: 223.1.2.4 trhaanstaIcPtionadIDd: r6e5s5s! lifetime: 3600 secs
Network Layer: Data Plane 4-41
Network Layer: Data Plane 4-42
Network Layer: Data Plane 4-43
Network Layer: Data Plane 4-44
shortly)
• host broadcasts “DHCP discover” msg [optional]
• DHCP server responds with “DHCP offer” msg [optional] • host requests IP address: “DHCP request” msg
• DHCP server sends address: “DHCP ack” msg
DHCP server: 223.1.2.5
DHCP discover
arriving client
dest:: 255.255.255.255, 67
Broadcast: OK. I’ll take
DHCP offer
src : 0.0.0.0, 68
src: 223.1.2.5, 67
Broadcast: I’m a DHCP
transaction ID: 654
address you can use
lifetime: 3600 secs
src: 223.1.2.5, 67
dest: 255.255.255.255, 68
Broadcast: OK. You’ve
yiaddrr: 223.1.2.4
got that IP address!
DHCP: more than IP addresses
DHCP: example
DHCP can return more than just allocated IP address on subnet:
DHCP DHCP DHCP UDP DHCP IP DHCP Eth
connecting laptop needs its IP address, addr of first-hop router, addr of DNS server: use DHCP
• address of first-hop router for client
Phy
• name and IP address of DNS sever
• network mask (indicating network versus host portion of address)
DHCP DHCP DHCP UDP DHCP IP DHCP Eth
168.1.1.1
DHCP: example
IP addresses: how to get one?
DHCP DHCP DHCP DHCP
DHCP UDP IP Eth Phy
DCP server formulates DHCP ACK containing client’s IP address, IP address of first-hop router for client, name & IP address of DNS server
Q: how does network get subnet part of IP addr?
A: gets allocated portion of its provider ISP’s address
DHCP DHCP DHCP DHCP
DHCP UDP IP Eth Phy
encapsulation of DHCP server, frame forwarded to client, demuxing up to DHCP at client
ISP’s block
11001000 00010111 00010000 00000000
200.23.16.0/20
DHCP
router with DHCP server built into router
client now knows its IP address, name and IP address of DSN server, IP address of its first-hop router
Organization 0 Organization 1 Organization 2
11001000 00010111 00010000 00000000 11001000 00010111 00010010 00000000 11001000 00010111 00010100 00000000
200.23.16.0/23 200.23.18.0/23 200.23.20.0/23
Network Layer: Data Plane 4-45
Network Layer: Data Plane 4-46
Network Layer: Data Plane 4-47
Network Layer: Data Plane 4-48
DHCP
DHCP request encapsulated in UDP, encapsulated in IP, encapsulated in 802.1 Ethernet
space
… Organization 7
….. …. 11001000 00010111 00011110 00000000
…. 200.23.30.0/23
Phy
router with DHCP server built into router
Ethernet frame broadcast (dest: FFFFFFFFFFFF) on LAN, received at router running DHCP server
Ethernet demuxed to IP demuxed, UDP demuxed to DHCP
Hierarchical addressing: route aggregation
Hierarchical addressing: more specific routes
hierarchical addressing allows efficient advertisement of routing information:
ISPs-R-Us has a more specific route to Organization 1
Organization 0 200.23.16.0/23
Organization 0 200.23.16.0/23
Organization 1 200.23.18.0/23
“Send me anything with addresses beginning 200.23.16.0/20”
“Send me anything with addresses beginning 200.23.16.0/20”
Organization 2 200.23.20.0/23
. .
Fly-By-Night-ISP
Organization 2 200.23.20.0/23 .
Fly-By-Night-ISP
. Organization 7 .
Internet
. . Organization 7 .
Internet
200.23.30.0/23
200.23.30.0/23
IP addressing: the last word…
NAT: network address translation
ISPs-R-Us
“Send me anything with addresses beginning 199.31.0.0/16”
ISPs-R-Us
“Send me anything
with addresses beginning 199.31.0.0/16 or 200.23.18.0/23”
Q: how does an ISP get block of addresses?
A: ICANN: Internet Corporation for Assigned
rest of Internet
local network (e.g., home network) 10.0.0/24
10.0.0.1 10.0.0.2 10.0.0.3
Names and Numbers http://www.icann.org/ • allocates addresses
• manages DNS
• assigns domain names, resolves disputes
10.0.0.4
Network Layer: Data Plane 4-49
Network Layer: Data Plane 4-50
Network Layer: Data Plane 4-51
Network Layer: Data Plane 4-52
Organization 1 200.23.18.0/23
all datagrams leaving local network have same single source NAT IP address: 138.76.29.7,different source port numbers
datagrams with source or destination in this network have 10.0.0/24 address for source, destination (as usual)
138.76.29.7
NAT: network address translation
NAT: network address translation
motivation: local network uses just one IP address as far as outside world is concerned:
implementation: NA T router must:
outgoing datagrams: replace (source IP address, port #) of
range of addresses not needed from ISP: just one IP address for all devices
every outgoing datagram to (NAT IP address, new port #)
can change addresses of devices in local network without notifying outside world
. . . remote clients/servers will respond using (NAT IP address, new port #) as destination addr
can change ISP without changing addresses of devices in local network
remember (in NA T translation table) every (source IP address, port #) to (NAT IP address, new port #) translation pair
devices inside local net not explicitly addressable, visible by outside world (a security plus)
incoming datagrams: replace (NA T IP address, new port #) in dest fields of every incoming datagram with corresponding (source IP address, port #) stored in NAT table
NAT: network address translation
NAT: network address translation
2: NAT router changes datagram source addr from 10.0.0.1, 3345 to 138.76.29.7, 5001, updates table
NAT translation table
1: host 10.0.0.1 sends datagram to 128.119.40.186, 80
16-bit port-number field:
• 60,000 simultaneous connections with a single
2
S: 138.76.29.7, 5001 D: 128.119.40.186, 80
10.0.0.4
S: 128.119.40.186, 80 D: 138.76.29.7, 5001
3
10.0.0.3
3: reply arrives dest. address: 138.76.29.7, 5001
4: NAT router
changes datagram
dest addr from
138.76.29.7, 5001 to 10.0.0.1, 3345
•
NAT traversal: what if client wants to connect to server behind N A T?
WAN side addr
LAN side addr
138.76.29.7, 5001
10.0.0.1, 3345
LAN-side address! NA T is controversial:
……
……
138.76.29.7
S: 128.119.40.186, 80 D: 10.0.0.1, 3345
4
• NAT possibility must be taken into account by app designers, e.g., P2P applications
S: 10.0.0.1, 3345
D: 128.119.40.186, 80
10.0.0.1 10.0.0.2
• • •
routers should only process up to layer 3 address shortage should be solved by IPv6 violates end-to-end argument
1
Network Layer: Data Plane 4-53
Network Layer: Data Plane 4-54
Network Layer: Data Plane 4-55
Network Layer: Data Plane 4-56
Chapter 4: outline
IPv6: motivation
4.1 Overview of Network layer
4.4 Generalized Forward and SDN
initial motivation: 32-bit address space soon to be completely allocated.
• data plane
• match
additional motivation:
• header format helps speed processing/forwarding • header changes to facilitate QoS
• control plane
4.2 What’s inside a router 4.3 IP: Internet Protocol
• action
• datagram format
• OpenFlow examples of match-plus-action in action
IPv6 datagram format:
• fragmentation
• fixed-length 40 byte header • no fragmentation allowed
• IPv4 addressing
• network address translation
• IPv6
IPv6 datagram format
Other changes from IPv4
priority: identify priority among datagrams in flow flow Label: identify datagrams in same “flow.”
checksum: removed entirely to reduce processing time at each hop
(concept of“flow” not well defined). next header: identify upper layer protocol for data
options: allowed, but outside of header, indicated by “Next Header” field
ver
pri flow label payload len next hdr
ICMPv6: new version of ICMP
• additional message types, e.g. “Packet Too Big” • multicast group management functions
source address (128 bits)
destination address (128 bits)
data 32 bits
Network Layer: Data Plane 4-59
Network Layer: Data Plane 4-60
hop limit
Network Layer: Data Plane 4-57
Network Layer: Data Plane 4-58
Transition from IPv4 to IPv6
T unneling
not all routers can be upgraded simultaneously
A
B IPv4 tunnel connecting IPv6 routers
E F
• no “flag days”
logical view:
• how will network operate with mixed IPv4 and IPv6 routers?
physical view:
IPv6 IPv6
A B C
IPv6 IPv6 D E F
tunneling: IPv6 datagram carried as payload in IPv4 datagram among IPv4 routers
IPv6 IPv6 IPv4
IPv4 IPv6 IPv6
logical view:
Google: 8% of clients access services via IPv6
NIST: 1/3 of all US government domains are IPv6
physical view:
capable
IPv4 header fields
IPv4 source, dest addr
IPv6 header fields
IPv6 source dest addr
IPv4 payload
T unneling
IPv6: adoption
A B
IPv4 tunnel connecting IPv6 routers
E F
UDP/TCP payload
IPv6 datagram IPv4 datagram
IPv6 ABCDEF
IPv6
IPv6 IPv4 src:B
IPv4 IPv6 src:B
IPv6
Long (long!) time for deployment, use •20 years and counting!
flow: X src: A dest: F
dest: E
dest: E
flow: X src: A dest: F
data
Flow: X Src: A Dest: F
Flow: X Src: A Dest: F
data
•think of application-level changes in last 20 years: WWW, Facebook, streaming media, Skype, …
A-to-B: IPv6
B-to-C: IPv6 inside IPv4
B-to-C: IPv6 inside IPv4
E-to-F: IPv6
IPv6
IPv6 IPv6
data
data
Network Layer: Data Plane 4-61
Network Layer: Data Plane 4-62
Network Layer: Data Plane 4-63
Network Layer: Data Plane 4-64
• Why?
Chapter 4: outline
Generalized Forwarding and SDN
4.1 Overview of Network layer
4.4 Generalized Forward and SDN
Each router contains a flow table that is computed and distributed by a logically centralized routing controller
• data plane
• • •
match action
logically-centralized routing controller
• control plane
4.2 What’s inside a router 4.3 IP: Internet Protocol
OpenFlow examples of match-plus-action in action
control plane data plane
• datagram format
local flow table headers counters actions
• fragmentation
• IPv4 addressing
• network address translation
0100 1101 values in arriving
1 3 2
• IPv6
OpenFlow data plane abstraction
OpenFlow data plane abstraction
flow: defined by header fields
generalized forwarding: simple packet‐handling rules
flow: defined by header fields
generalized forwarding: simple packet‐handling rules
• Pattern: match values in packet header fields
• Actions: for matched packet: drop, forward, modify, matched
• Pattern: match values in packet header fields
• Actions: for matched packet: drop, forward, modify, matched
packet or send matched packet to controller • Priority: disambiguate overlapping patterns • Counters: #bytes and #packets
packet or send matched packet to controller • Priority: disambiguate overlapping patterns • Counters: #bytes and #packets
Flow table in a router (computed and distributed by
1. src=1.2.*.*, dest=3.4.5.*drop
2. src = *.*.*.*, dest=3.4.*.*forward(2)
3. src=10.1.2.3, dest=*.*.*.*send to controller
controller) define router’s match+action rules
Network Layer: Data Plane 4-65
packet’s header
Network Layer: Data Plane 4-66
Network Layer: Data Plane 4-67
* : wildcard
OpenFlow: Flow Table Entries
Examples
Rule
Action
Stats
Port src
* **
dst
Examples
OpenFlow abstraction
Destination-based layer 2 (switch) forwarding:
match+action: unifies different kinds of devices
Packet + byte counters
IP datagrams destined to IP address 51.6.0.8 should be forwarded to router output port 6
1. Forward packet to port(s)
2. Encapsulate and forward to controller 3. Drop packet
4. Send to normal processing pipeline
5. Modify Fields
Firewall:
VLAN MAC MAC Eth IP IP IP
Link layer Network layer Transport layer
Switch
Port ID src dst type Src Dst Prot sport dport
Switch MAC MAC Eth VLAN IP IP IP TCP TCP Action Port src dst type ID Src Dst Prot sport dport
Router
• match: longest
Firewall
• match: IP addresses
* 22:A7:23:* * * * * * * * port3 11:E1:02
layer 2 frames from MAC address 22:A7:23:11:E1:02 should be forwarded to output port 6
destination IP prefix • action: forward out
and TCP/UDP port
TCP
TCP
MAC Eth VLAN IP IP IP TCP TCP Forward * ** * * 128.119.1.1* * * * drop
Network Layer: Data Plane 4-71
Network Layer: Data Plane 4-72
Destination-based forwarding:
Switch MAC MAC
Eth VLAN IP IP IP TCP TCP Action type ID Src Dst Prot sport dport
Switch MAC Port src
MAC dst
Eth VLAN IP type ID Src
IP IP TCP
Dst Prot sport dport
* * *
* * * 51.6.0.8* * * port6
TCP
* * * * * * 22 drop
do not forward (block) all datagrams destined to TCP port 22
Switch MAC
Port src dst type ID Src Dst Prot sport dport
do not forward (block) all datagrams sent by host 128.119.1.1
a link
Switch deny
• match: destination MAC address
NAT
• match: IP address
• action: forward or flood
and port
• action: rewrite
numbers
• action: permit or
address and port
Forward
OpenFlow example
Example: datagrams from hosts h5 and h6 should be sent to h3 or h4, via s1 and from there to s2
Chapter 4: done! 4.1 Overview of Network
match
action forward(3)
IP Src = 10.3.*.* IP Dst = 10.2.*.*
Host h6 10.3.0.6
layer: data plane and control plane
4.4 Generalized Forward and SDN
match
action forward(4)
Host h3 10.2.0.3
ingress port = 2 IP Dst = 10.2.0.3 ingress port = 2 IP Dst = 10.2.0.4
ingress port = 1 IP Src = 10.3.*.* IP Dst = 10.2.*.*
forward(4)
Host h5 10.3.0.5
• datagram format • fragmentation
• IPv4 addressing • NAT
Host h1 10.1.0.1
3
1 2
s3 controller 4
4.2 What’s inside a router 4.3 IP: Internet Protocol
• match plus action
• OpenFlow example
2
4
Host h4 10.2.0.4
3
1 s1 3
1 4 2
s2
Question: how do forwarding tables (destination-based forwarding) or flow tables (generalized forwarding) computed?
Host h2 10.1.0.2
match
action forward(3)
• IPv6
Answer: by the control plane (next chapter)
Network Layer: Data Plane 4-74