Network Layer
All material copyright 1996-2012
J.F Kurose and K.W. Ross, All Rights Reserved
George Parisis
School of Engineering and Informatics
University of Sussex
Network Layer 4-2
v introduction
v virtual circuit and datagram networks
v what’s inside a router
v IP: Internet Protocol
§ datagram format
§ IPv4 addressing (NAT)
§ ICMP, IPv6
v routing algorithms
§ link state, distance vector
§ hierarchical routing
v routing in the Internet
§ RIP, OSPF
§ BGP
v broadcast routing
Outline
Network Layer 4-3
NAT: network address translation
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
138.76.29.7
local network
(e.g., home network)
10.0.0/24
rest of
Internet
datagrams with source or
destination in this network
have 10.0.0/24 address for
source, destination (as usual)
all datagrams leaving local
network have same single
source NAT IP address:
138.76.29.7,different source
port numbers
Network Layer 4-4
motivation: local network uses just one IP address as far as
outside world is concerned:
§ range of addresses not needed from ISP: just one IP
address for all devices
§ can change addresses of devices in local network
without notifying outside world
§ can change ISP without changing addresses of devices
in local network
§ devices inside local net not explicitly addressable,
visible by outside world (a security plus)
NAT: network address translation
Network Layer 4-5
implementation:
§ outgoing datagrams: replace (source IP address, port #) of every
outgoing datagram to (NAT IP address, new port #)
. . . remote clients/servers will respond using (NAT IP address,
new port #) as destination address/port
§ remember (in NAT translation table) every (source IP address, port
#) to (NAT IP address, new port #) translation pair
§ incoming datagrams: replace (NAT IP address, new port #) in dest
fields of every incoming datagram with corresponding (source IP
address, port #) stored in NAT table
NAT: network address translation
Network Layer 4-6
10.0.0.1
10.0.0.2
10.0.0.3
S: 10.0.0.1, 3345
D: 128.119.40.186, 80
1
10.0.0.4
138.76.29.7
1: host 10.0.0.1
sends datagram to
128.119.40.186, 80
NAT translation table
WAN side addr LAN side addr
138.76.29.7, 5001 10.0.0.1, 3345
…… ……
S: 128.119.40.186, 80
D: 10.0.0.1, 3345
4
S: 138.76.29.7, 5001
D: 128.119.40.186, 80 2
2: NAT router
changes datagram
source addr from
10.0.0.1, 3345 to
138.76.29.7, 5001,
updates table
S: 128.119.40.186, 80
D: 138.76.29.7, 5001
3
3: reply arrives
dest. address:
138.76.29.7, 5001
4: NAT router
changes datagram
dest addr from
138.76.29.7, 5001 to 10.0.0.1, 3345
NAT: network address translation
Network Layer 4-7
v 16-bit port-number field:
§ 60,000 simultaneous connections with a
single LAN-side address!
v NAT is controversial:
§ routers should only process up to layer 3
§ violates end-to-end argument
• NAT possibility must be taken into account by
app designers, e.g., P2P applications
§ address shortage should instead be solved
by IPv6
NAT: network address translation
Network Layer 4-8
NAT traversal problem
v client wants to connect to
server with address 10.0.0.1
§ server address 10.0.0.1 local to
LAN (client can’t use it as
destination addr)
§ only one externally visible
NATed address: 138.76.29.7
v solution1: statically configure
NAT to forward incoming
connection requests at given
port to server
§ e.g., (123.76.29.7, port 2500)
always forwarded to 10.0.0.1
port 25000
10.0.0.1
10.0.0.4
NAT
router
138.76.29.7
client
?
Network Layer 4-9
NAT traversal problem
v solution 2: Universal Plug and
Play (UPnP) Internet Gateway
Device (IGD) Protocol. Allows
NATed host to:
v learn public IP address
(138.76.29.7)
v add/remove port mappings
(with lease times)
i.e., automate static NAT port
map configuration
10.0.0.1
NAT
router
IGD
Network Layer 4-10
NAT traversal problem
v solution 3: relaying (used in Skype)
§ NATed client establishes connection to relay
§ external client connects to relay
§ relay bridges packets between to connections
138.76.29.7
client
1. connection to
relay initiated
by NATed host
2. connection to
relay initiated
by client
3. relaying
established
NAT
router
10.0.0.1
Network Layer 4-11
v introduction
v virtual circuit and datagram networks
v what’s inside a router
v IP: Internet Protocol
§ datagram format
§ IPv4 addressing (NAT)
§ ICMP, IPv6
v routing algorithms
§ link state, distance vector
§ hierarchical routing
v routing in the Internet
§ RIP, OSPF
§ BGP
v broadcast routing
Outline
Network Layer 4-12
ICMP: internet control message protocol
v used by hosts & routers to
communicate network-level
information
§ error reporting: unreachable
host, network, port, protocol
§ echo request/reply (used by
ping)
v network-layer “above” IP:
§ ICMP msgs carried in IP
datagrams
v ICMP message: type, code
plus first 8 bytes of IP
datagram causing error
Type Code description
0 0 echo reply (ping)
3 0 dest. network unreachable
3 1 dest host unreachable
3 2 dest protocol unreachable
3 3 dest port unreachable
3 6 dest network unknown
3 7 dest host unknown
4 0 source quench (congestion
control – not used)
8 0 echo request (ping)
9 0 route advertisement
10 0 router discovery
11 0 TTL expired
12 0 bad IP header
Network Layer 4-13
Traceroute and ICMP
v source sends series of UDP
segments to dest
§ first set has TTL =1
§ second set has TTL=2, etc.
§ unlikely port number
v when nth set of datagrams
arrives to nth router:
§ router discards datagrams
§ and sends source ICMP
messages (type 11, code 0)
§ ICMP messages includes
name of router & IP address
v when ICMP messages
arrives, source records RTTs
stopping criteria:
v UDP segment eventually
arrives at destination host
v destination returns ICMP
“port unreachable” message
(type 3, code 3)
v source stops
3 probes
3 probes
3 probes
Network Layer 4-14
IPv6: motivation
v initial motivation: 32-bit address space soon to
be completely allocated.
v additional motivation:
§ header format helps speed processing/forwarding
§ header changes to facilitate Quality of Service (QoS)
IPv6 datagram format:
§ fixed-length 40 byte header
§ no fragmentation allowed
Network Layer 4-15
IPv6 datagram format
priority: identify priority among datagrams in flow
flow Label: identify datagrams in same “flow.”
(concept of “flow” not well defined).
next header: identify upper layer protocol for data
data
destination address
(128 bits)
source address
(128 bits)
payload len next hdr hop limit
flow label pri ver
32 bits
Network Layer 4-16
Other changes from IPv4
v checksum: removed entirely to reduce
processing time at each hop
v options: allowed, but outside of header,
indicated by “Next Header” field
v ICMPv6: new version of ICMP
§ additional message types, e.g. “Packet Too Big”
§ multicast group management functions
v fragmentation not supported (Packet Too
Big)
Network Layer 4-17
Transition from IPv4 to IPv6
v not all routers can be upgraded simultaneously
§ no “flag days”
§ how will network operate with mixed IPv4 and
IPv6 routers?
v dual stack (DNS to check IPv6 capabilities)
v tunneling: IPv6 datagram carried as payload in
IPv4 datagram among IPv4 routers
IPv4 source, dest addr
IPv4 header fields
IPv4 datagram
IPv6 datagram
IPv4 payload
UDP/TCP payload
IPv6 source dest addr
IPv6 header fields
Network Layer 4-18
Tunneling
physical view:
IPv4 IPv4
A B
IPv6 IPv6
E
IPv6 IPv6
F C D
logical view:
IPv4 tunnel
connecting IPv6 routers
E
IPv6 IPv6
F A B
IPv6 IPv6
Network Layer 4-19
flow: X
src: A
dest: F
data
A-to-B:
IPv6
Flow: X
Src: A
Dest: F
data
src:B
dest: E
B-to-C:
IPv6 inside
IPv4
E-to-F:
IPv6
flow: X
src: A
dest: F
data
B-to-C:
IPv6 inside
IPv4
Flow: X
Src: A
Dest: F
data
src:B
dest: E
physical view:
A B
IPv6 IPv6
E
IPv6 IPv6
F C D
logical view:
IPv4 tunnel
connecting IPv6 routers
E
IPv6 IPv6
F A B
IPv6 IPv6
Tunneling
IPv4 IPv4
Network Layer 4-20
IPv6: adoption
v US National Institutes of Standards estimate
[2013]:
§ ~3% of industry IP routers
§ ~11% of US gov’t routers
v Long (long!) time for deployment, use
§ 20 years and counting!
§ think of application-level changes in last 20 years:
WWW, Facebook, …
§ Why?
Network Layer 4-21
Summary
v NAT
v ICMP
v IPv6