Networks, Security, and Privacy 158.235
Dr Hooman Alavizadeh Massey University
1
Network
Layer
Reading: Chapter 5 in the prescribed textbook
2
Network Layer
• Layer 3 in the Internet model
– Responsible for moving messages from a source computer to the intended destination computer
• Mainfunction;
– IP fragmentation
– Addressing – Routing
Internet Model
Application Transport Network Data Link Physical
3
Network Layer Protocols
• Internet Protocol (IP) – IP version 4 (IPv4)
• Most common version of IP used
• 32-bit addresses (232 or ~4.29 billion
possible)
• Exhaustion of address space
Version number
(4 bits)
Header length
(4 bits)
Type of service
(8 bits)
Total length
(16 bits)
IDs (16 bits)
Flags (3 bits)
Packet Offset
(13 bits)
Time to Live / Hop Limit (8 bits)
Protocol (8 bits)
CRC-16 (16 bits)
Source Address
(32 bits)
Destination Address
(32 bits)
Options (32 bits)
User Data
(varies)
4
IP Packet Formats
IPv4 Header: 192 bits (24 bytes)
IP version used: 4
Fragmentation management
Protocol that the ‘user data’ part of the packet uses
Differentiated Service (DS), different traffic class, related to prioritization and QoS
Header length
(4 bits)
Type of service
(8 bits)
Total length
(16 bits)
IDs (16 bits)
Packet Offset
(13 bits)
Time to Protocol Live /
Hop Limit
(8 bits) (8 bits)
Source Address
(32 bits)
Destination IPv4 address (4 bytes)
Source IPv4 address (4 bytes)
Version number
(4 bits)
Flags (3 bits)
CRC-16 (16 bits)
Destinati on Address
(32 bits)
Options
Data
(32 bits)
User (varies)
Total IP Packet length:
max of 2^16 = 65535 (in bytes)
The number of hops the packet can be passed on before it’s considered
‘too long to reach destination’
Options (e.g. record route, security, etc). Affect length of IP header
Length of IP header, minimum = 20 bytes or Maximum = 24 bytes
5
Network Layer Protocols
– IP version 6 (IPv6)
• 128-bit addresses (2128 or ~3.4 × 1038
possible)
• Slowly being adopted due to IPv4 exhaustion
6
Network Link Layer
• IP fragmentation • Addressing
• Routing
7
Packet Fragmentation (IPv4)
• Sometimes, upper-layer datagrams may be quite large.
• Not uncommon to have upper layer datagrams that are larger then size supported by the Maximum Transmission Unit (MTU) of the underlying Data Link Layer
• Packets thus need to be fragmented
8
IP fragmentation, reassembly
• network links have MTU (Maximum Transmission Unit) – largest possible link-level frame
– different link types, different MTUs
• large IP packets divided (“fragmented”) within net
– one packet becomes several packets
– “reassembled” only at final destination
– IP header bits used to identify, order related fragments
fragmentation:
in: one large packet out: 3 smaller packets
reassembly
9
…
…
IP Fragmentation
• Fragmentation management fields:
– identification (16 bits): unique identification for all
packets related to the same upper-layer segment – flags (3 bits): fragment-ability management
• 0xx • x0x • x1x • xx0 • xx1
: not used (reserved) : fragment
: do not fragment
: the last fragment
: more fragments
IDs (16 bits)
Flags (3 bits)
Packet Offset
(13 bits)
– offset (13 bits): starting sequence number for the packet (measured in the unit of 8 byte blocks)
• To keep track of order of packets
10
IP Fragmentation
ID =f2
data =4000
example:
❖ 4000 byte segment
❖ MTU = 1500 bytes
IP overhead (20 byte) + data (1480 byte) = 1500
offset (measured in octet)= 1480/8
one large segment becomes several smaller packets
length =1500
ID =f2
fragflag =x01
offset =0
data =1480
length
ID
fragflag
offset =185
data =1480
=1500
=f2
=x01
length =1060
ID =f2
fragflag =x00
offset =370
data =1040
11
Packet Fragmentation (IPv4)
Desktop
13500 bytes payload
Router 1
Packets re-assembly occurs at destination
Router 2
Laptop
HTTP
TCP
IP
Ethernet
Physical
HTTP
TCP
IP
802.11
Physical
IP
Ethernet
X.25
Physical
Physical
IP
X.25
802.11
Physical
Physical
Fragmentation occurs Ethernet MTU: 1500 bytes
Another fragmentation X.25 MTU: 576 bytes
No fragmentation 802.11 MTU: 7981 bytes
No re-assembly!
12
Network Link Layer
• IP fragmentation • Addressing
• Routing
13
IP Addressing
• 4 byte (32 bit) addresses – Strings of 32 binary bits
• Dotted decimal notation
– Used to make IP addresses easier to
understand for human readers
– Breaks the address into four bytes and writes the digital equivalent for each byte
• Example: 128.192.56.1
Network portion
10 00 00 00
1 1 00 0 00 0
0 01 1 1 00 0
0 00 0 00 01
Host portion
14
IP Addressing
• A portion of an IP address represents the network and the rest identifies the host
• Classful addressing 223.1.1.2
– Uses the first bits to determine
number of hosts
– Discontinued (but nomenclature still used)
• Classless Inter-Domain Routing (CIDR)
– No fixed subnet part and host parts
– Flexible way to decide
223.1.1.1
223.1.1.4
223.1.2.1 223.1.2.9
223.1.1.3
223.1.3.27
223.1.3.1
223.1.2.2
223.1.3.2
223.1.1.1 = 11011111 00000001 00000001 00000001
223 1 1 1
15
Classful Addressing
7 bits
24 bits
16 bits
8 bits
2^7 →128 networks
2^24 → over 16 millions hosts
per network
2^31 → over 2 Billion addresses
in total
2^14→over 16K networks
2^16 → over 65K hosts per network 2^30 → over 1 Billion addresses
in total
2^21 → over 2 million networks 2^8→255 hosts per network 2^29 → 536 Million addresses
Multicast address
2^28 = 268 Million addresses
Reserved
2^28 = 268 Million addresses
0
Net ID
Host ID
Class A
Class B
Class C
Class D Class E
0 -127
14 bits
128 -191
192 -223
21 bits
10
Net ID
Host ID
1 10
Net ID
Host ID
1 1 10
1 11 1
16
Classless Inter-Domain Routing
▪ Subnet portion of address of arbitrary length
▪ address format: a.b.c.d/x, where x is # bits in subnet portion of address
subnet part
host part
11001000 00010111 00010000 00000000 200.23.16.0/23
17
IP Assignment
Q: How does a host get IP address?
• hard-coded by system admin in a file
– Windows: control-panel->network->configuration->tcp/ip- >properties
– UNIX: /etc/rc.config
• DHCP: Dynamic Host Configuration Protocol:
– Plug and play
18
DHCP Scenario
223.1.1.0/24
223.1.1.1
DHCP server
223.1.2.9
223.1.2.1
223.1.1.2 223.1.1.4
arriving DHCP client needs address in this network
223.1.1.3
223.1.3.1
223.1.3.27
223.1.2.2
223.1.2.0/24
223.1.3.2
223.1.3.0/24
19
DHCP
Goal allow host to dynamically obtain its IP address from network server when it joins network
– can renew its lease on address in use
– allows reuse of addresses (only hold address while
connected/“on”)
– support for mobile users who want to join network
How it works:
– host broadcasts “DHCP discover” msg
– DHCP server responds with “DHCP offer” msg – host requests IP address: “DHCP request” msg – DHCP server sends address: “DHCP ack” msg
20
DHCP server: 223.1.2.5
DHCP discover
arriving client
DHCP Scenario
src : 0.0.0.0, 68
Broadcast: is there a
dest.: 255.255.255.255,67 DHCPysiaedrdvr:er0o.0u.0t.0there? transaction ID: 654
DHCP offer
src: 223.1.2.5, 67
Broadcast: I’m a DHCP
dest: 255.255.255.255, 68
server! Here’s an IP address
DHCP request
yiaddrr: 223.1.2.4 tranysoaucticoannIDu:s6e54 lifetime: 3600 secs
src: 0.0.0.0,68
dest:: 255.255.255.255, 67
Broadcast: OK. I’ll take
yiaddrr: 223.1.2.4
that IP address!
transaction ID: 655 lifetime: 3600 secs
DHCP ACK
Broadcast: OK. You’ve
src: 223.1.2.5, 67
dest: 255.255.255.255, 68
got that IP address!
21
DHCP Scenario
DHCP server: 223.1.2.5
DHCP discover
arriving client
src : 0.0.0.0, 68
dest.: 255.255.255.255,67 yiaddr: 0.0.0.0
DHCP offer
DHCP request
src: 0.0.0.0,68
dest:: 255.255.255.255, 67 yiaddrr: 223.1.2.4
src: 223.1.2.5, 67
dest: 255.255.255.255, 68 yiaddrr: 223.1.2.4
DHCP ACK
src: 223.1.2.5, 67
dest: 255.255.255.255, 68 yiaddrr: 223.1.2.4
22
Address Resolution
• Addresses exist at different layers
Address Type Example Example Address
Application layer Web address (URL) www.indiana.edu
Transport layer Port Numbers 80
Network layer IP address 129.79.78.193 (4 bytes)
Data link layer MAC address 1C-6F-65-F8-33-8A (6 bytes)
• Addresses may be translated (resolved) from one layer to another
23
Address Resolution
• Server Name Resolution
– Translating destination host’s domain name to
its corresponding IP address
– www.yahoo.com is resolved to→204.71.200.74
– Uses one or more Domain Name Service (DNS) servers to resolve the address
• Data Link Layer Address Resolution
– Identifying the MAC address of the next node
(that packet must be forwarded)
– Uses Address Resolution Protocol (ARP)
24
DNS: domain name system
Domain Name System:
• hostname to IP address translation
• distributed database implemented in hierarchy of
many name servers
• application-layer protocol: hosts, name servers communicate to resolve names (address/name translation)
why not centralize DNS?
• single point of failure
• traffic volume
• distant centralized database • maintenance
doesn’t scale!
25
DNS: domain name system
com DNS servers
yahoo.com DNS servers
Root DNS Servers
……
org DNS servers
pbs.org DNS servers
edu DNS servers
poly.edu umass.edu DNS serversDNS servers
amazon.com DNS servers
client wants IP for www.amazon.com; 1st approx:
– client queries root server to find com DNS server
– client queries .com DNS server to get amazon.com DNS server
– client queries amazon.com DNS server to get IP address for www.amazon.com
26
DNS: root name servers
• contacted by local name server that can not resolve name
• root name server:
–contacts authoritative name server if name mapping not known –gets mapping
–returns mapping to local name server
c. Cogent, Herndon, VA (5 other sites) d. U Maryland College Park, MD
h. ARL Aberdeen, MD
j. Verisign, Dulles VA (69 other sites )
e. NASA Mt View, CA
f. Internet Software C.
Palo Alto, CA (and 48 other sites)
a. Verisign, Los Angeles CA (5 other sites)
b. USC-ISI Marina del Rey, CA l. ICANN Los Angeles, CA
k. RIPE London (17 other sites)
i. Netnod, Stockholm (37 other sites)
m. WIDE Tokyo (5 other sites)
13 root name “servers” worldwide
(41 other sites)
g. US DoD Columbus, OH (5 other sites)
27
Local DNS name server
• does not strictly belong to hierarchy • each ISP (residential ISP, company,
university) has one
– also called “default name server”
• when host makes DNS query, query is sent to its local DNS server
– has local cache of recent name-to-address translation pairs (but may be out of date!)
– acts as proxy, forwards query into hierarchy
29
DNS example
root DNS server
•
host at cis.poly.edu wants IP address for gaia.cs.umass.edu
iterated query:
❖ contacted server replies with name of server to contact
❖ “I don’t know this name, but ask this server”
2
3
4 5
6
authoritative DNS server
dns.cs.umass.edu
gaia.cs.umass.edu
TLD DNS server
local DNS server
dns.poly.edu
1
requesting host
cis.poly.edu
7
8
30
DNS example
root DNS server
3 7
recursive query:
❖ puts burden of name resolution on contacted name server
❖ heavy load at upper levels of hierarchy?
2
6
TLD DNS server
4
authoritative DNS server
dns.cs.umass.edu
gaia.cs.umass.edu
local DNS server
dns.poly.edu
5
18
requesting host
cis.poly.edu
31
ARP name resolution
• Identifying the MAC address by IP address • Operation
– Broadcast an ARP message to all nodes on a LAN asking which node has a certain IP address
– Host with that IP address then responds by sending back its MAC address
– Store this MAC address in its address table
– Send the message to the destination node
32
MAC addresses and ARP
• 32-bitIPaddress:
– network-layer address for interface
– used for layer 3 (network layer) forwarding
• MAC (or LAN or physical or Ethernet) address:
– function: used ‘locally” to get frame from one interface to another physically-connected interface (same network, in IP-addressing sense)
– 48 bit MAC address (for most LANs) burned in NIC ROM, also sometimes software settable
– e.g.: 1A-2F-BB-76-09-AD
hexadecimal (base 16) notation
(each “number” represents 4 bits) 33
LAN addresses (more)
• MAC address allocation administered by IEEE
• manufacturer buys portion of MAC address space (to assure uniqueness)
• analogy:
– MAC address: like Social Security Number – IP address: like postal address
• MAC flat address ➜ portability
– can move LAN card from one LAN to another
• IP hierarchical address not portable
– address depends on IP subnet to which node
is attached
34
ARP
Question: how to determine a MAC address knowing its
IP address?
137.196.7.23 A
LAN 71-65-F7-2B-08-53
• A broadcasts ARP query packet, containing B’s IP address
137.196.7.14
B
58-23-D7-FA-20-B0
– dest MAC address = FF-FF- FF-FF-FF-FF
– all nodes on LAN receive ARP query (broadcast)
ARP query
ARP reply
Src IP address
137.196.7.23
137.196.7.14
Dest IP address
137.196.7.14
137.196.7.23
Src MAC address
71-65-F7-2B-08- 53
58-23-D7-FA-20- B0
Dest MAC address
FF-FF-FF-FF- FF-FF
71-65-F7-2B-08- 53
• B receives ARP packet, replies to A with its (B’s) MAC address
– frame sent to A’s MAC address (unicast)
35
Network Link Layer
• IP fragmentation • Addressing
• Routing
36
Routing
• Process of determining the route (or path) a message will travel from the sending computer to the receiving computer
• Routers
– Special purpose devices used to handle routing decisions on
the Internet
– Maintain their own routing tables
• Routing Tables
– Shows which path to send packets on to reach a given
destination
– Kept by computers making routing decisions
37
Routing
• Unicast – one computer to another computer
• Broadcast – one computer to all computers in the network
• Multicast – one computer to a group of computers (e.g., videoconference)
38
Routing
39
Types of Routing
• Centralized routing
– Decisions made by one central computer
– Used on small, mainframe-based networks – Not common anymore
• Decentralized routing
– Decisions made by each node independently of one another
– Information needs to be exchanged to prepare routing tables
– Used by the Internet
40
Statc vs. Dynamic
• Static routing:
– Fixed routing tables
– Manually configured by network administrator
– Used on relatively simple networks with few
routing options that rarely change
• Dynamic routing
– Routing tables updated periodically
– Routers exchange information using protocols to
update tables
41
Dynamic Routing Algorithms
• Distance Vector
– Uses the least number of hops to decide how to route a packet
• Link State
ABCG
DF E
From A to G→ABCG
– Uses a variety of information types to decide how to route a packet (more sophisticated)
• e.g., number of hops, congestion, speed of circuit
– Provides more reliable, up to date paths to destinations
42
Routing Protocols
• Used to exchange info among nodes for building and maintaining routing tables
• Types of Routing Protocols
– Interior routing protocols (RIP, OSPF, EIGRP, ICMP)
• Operate within a network
• Provide detailed info about each node and paths
– Exterior routing protocols (BGP)
• Operate between networks (autonomous systems)
43
Routing Information Protocol (RIP)
• Dynamic distance vector protocol used for interior routing
• Operations:
– Commonly used in smaller networks
– Network managers use RIP to build a routing table
– When a new node added, RIP counts number of hops between computers and updates routing tables
– Routing table status are broadcasted periodically (every minute or so) by all nodes
44
Open Shortest Path First (OSPF)
• A dynamic hybrid (distance vector + link state) interior routing protocol
– More reliable paths: Incorporates traffic and error rate measures
– Most widely used interior routing protocol on large enterprise networks, preferred by TCP/IP
– Less burdensome to the network
• Only the updates sent (not entire routing tables) and only to other routers (no broadcasting)
45
•
Other Interior Routing Protocols
Enhanced Interior Gateway Routing Protocol (EIGRP)
– A dynamic hybrid interior protocol (developed by Cisco)
– Records transmission capacity, delay time, reliability and
load for all paths
– Keeps the routing tables for its neighbors and uses this
information in its routing decisions as well
Internet Control Message Protocol (ICMP)
– Simplest and most basic: checks the reachability of a certain nodes and paths (e.g., Ping)
– An error reporting protocol (report routing errors to message senders)
•
46
Exterior Routing Protocols
• Border Gateway Protocol (BGP)
– Used to exchange routing info between
autonomous systems
– Based on a dynamic distance vector algorithm
– Far more complex than interior routing protocols
– Provide routing info only on selected routes (e.g., preferred or best route)
• Too many routes; can’t maintain tables of every single route
47
Internet Routing using
BGP, OSPF and RIP
48
END
49