COMP 3234B
Computer and Communication Networks
2nd semester 2020-2021
Network Layer (II)
Prof. C Wu
Department of Computer Science The University of Hong Kong
Roadmap
Network layer
Principles behind network-layer services (ILO1) forwarding vs. routing
network service models
Router (ILO1)
IP (ILO2,5)
DHCP NAT
ICMP (ILO2)
Routing algorithms (ILO3) Routing in the Internet (ILO2,3)
application
transport
network
network
link
physical
IP assignment in the Internet — classful addressing
In the original approach, IP addresses were divided into pre-defined classes:
class A: 8-bit network prefix (16,777,214 hosts) class B: 16-bit network prefix (65,534 hosts) class C: 24-bit network prefix (254 hosts)
Two addresses in each subnet are reserved for special purpose:
— all “0” host bits: used to identify the subnet — all “1” host bits: used as broadcast address
Rapid depletion of blocks of IP addresses!
IP assignment in the Internet — CIDR
Classless Interdomain Routing (CIDR): a.b.c.d/x
network addresses are allocated in 1-bit increments as opposed
to 8-bits in classful network
E.g., 216.3.128.12/25
x most significant bits: network prefix (subnet portion of IP address) an organization is assigned contiguous addresses with a common prefix
used by routers outside the organization’s network
other bits: distinguishing interfaces within the organization used by routers within the organization’s network
may have further subnet structure:
e. g., a.b.c.d/21: an organization’s network;
a.b.c.d/24: a specific subnet within the organization
How does a host get IP address in its local network?
Hardcode an IP address by system admin (the IP address is allocated from a network admin)
Dynamically get an IP address from a server (use DHCP)
DHCP
Dynamic Host Configuration Protocol (DHCP) is an application- layer protocol which uses UDP as the transport-layer protocol
It includes 4 steps
Step 1: DHCP server discovery Step 2: DHCP server offer(s) Step 3: DHCP request
Step 4: DHCP acknowledgement
233.1.1.2%
I”am”a”new”device” connec-ng”to”this”network.” I”need”an”IP”address!”” Which%host%in%this%network% is%responsible%for%allocaAng% IP%address?%
233.1.1.1%
233.1.2.5%
233.1.1.3%
233.1.2.9%
DHCP%server%
233.1.2.1%
Your%computer%
233.1.2.2%
Step 1: DHCP server discovery
The DHCP client creates an IP datagram containing its DHCP discover message along with the broadcast destination IP address of 255.255.255.255 and a source IP address of 0.0.0.0
DHCP+server+
233.1.2.5+
Your+computer+
src:%0.0.0.0,%68% dest:%255.255.255.255,67% DHCPDISCOVER+ yiaddr:%0.0.0.0% Transac9on%ID:%654+
Step%1.%DHCPDISCOVER+
Step 2: DHCP server offer(s)
A DHCP server receiving a DHCP discover message responds to the client with a DHCP offer message that is broadcast to all nodes on the subnet, again using the IP broadcast address of 255.255.255.255
Each server offer message contains the transaction ID of the received discover message, the proposed IP address for the client, the subnet mask, an IP address lease time, and possibly other information (address of first-hop router, name and IP address of DNS sever, etc.)
%src:%233.1.2.5,%67% %dest:%255.255.255.255,68% %DHCPOFFER% %yiaddr:%2233.1.2.4% %Transac3on%ID:%654% %DHCP%server%ID:%233.1.2.5% %Life3me:%3600%secs%
Step%1.%DHCPDISCOVER%
DHCP%server%
233.1.2.5%
Your%computer%
Step%2.%DHCPOFFER%
Step 3: DHCP request
The newly arriving client will choose from among one or more server offers (there can be several DHCP servers on the same subnet) and respond to its selected offer with a DHCP request message, echoing back the configuration parameters.
DHCP+server+
233.1.2.5+
Your+computer+
src:%0.0.0.0,%68%
dest:%255.255.255.255,67%
DHCPREQUEST+
yiaddr:%223.1.2.4%
233.1.2.4
Transac9on%ID:%655% DHCP%server%ID:%233.1.2.5% Life9me:%3600%secs%
Step%1.%DHCPDISCOVER+
Step%2.%DHCPOFFER+
Step%3.%DHCPREQUEST+
Step 4
The server responds to the DHCP request message with a DHCP ACK message, confirming the requested parameters.
DHCP’server’
233.1.2.5′
Your’computer’
Ok!%Now%I%can%use% the%IP%address%
src:%233.1.2.5,%67%
dest:%255.255.255.255,68%
DHCPACK’
yiaddr:%223.1.2.4%
233.1.2.4
Transac:on%ID:%655% DHCP%server%ID:%233.1.2.5% Life:me:%3600%secs%
223.1.2.4%in%this% network%for%3600′ secs!’
DHCP provides mechanism for client to renew the lease of IP address in use
233.1.2.4
Step%1.%DHCPDISCOVER’
Step%2.%DHCPOFFER’
Step%3.%DHCPREQUEST’
Step%4.%DHCPACK’
NAT (Network Address Translation)
Internet”
One”IP”address”only”
?”
?” ?”
?”
138.76.29.7)
Question: if only one IP address is allocated to your home, how can you support multiple devices at home?
answer: you need an NAT-enabled router
The NAT-enabled router has an interface that is part of the home network (LAN on the right) and another interface to the global Internet (WAN on the left)
LAN: local area network WAN: wide area network
NAT
138.76.29.7( 192.168.1.1(
192.168.1.2( 192.168.1.3(
192.168.1.4(
Internet&
According to RFC1918, the following three blocks of the IP addresses are reserved for private networks:
10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
Each device in the home network is allocated a private IP address
Request from the private network
S”=”192.168.1.2,”3345″ D”=”128.119.40.186,”80″
192.168.1.1(
192.168.1.2( 192.168.1.3(
192.168.1.4(
NAT$transla+on$table$
WAN$side$
LAN$side$
138.76.29.7,”5001$
192.168.1.2,”3345$
…”
…”
Internet&
S”=”138.76.29.7,*5001* D”=”128.119.40.186,”80″
138.76.29.7(
The NAT-enabled router has an NAT translation table
When user at host 192.168.1.2 requests a web page on some web server (IP: 128.119.40.186, port: 80), the NAT router:
replaces the source IP address with its WAN-side IP address 138.76.29.7
replaces the original source port number 3345 with the new source port number 5001
adds an entry to the router’s NAT translation table.
Request from the private network
S(=(138.76.29.7,(5001( D(=(128.119.40.186,(80(
192.168.1.2( 192.168.1.3(
192.168.1.4(
Internet&
138.76.29.7(
192.168.1.1(
NAT&transla-on&table&
WAN&side&
LAN&side&
138.76.29.7,(5001&
192.168.1.2,(3345&
…(
…(
S(=(128.119.40.186,(80( D(=(138.76.29.7,(5001(
The web server is unaware that the arriving datagram containing the HTTP request has been manipulated by the NAT router, responds with a datagram whose destination address is 138.76.29.7 and port 5001.
Request from the private network
Internet&
138.76.29.7(
S(=(128.119.40.186,(80( D(=(192.168.1.2,&3345&
192.168.1.1(
192.168.1.2( 192.168.1.3(
192.168.1.4(
NAT&transla-on&table&
WAN&side&
LAN&side&
138.76.29.7,(5001&
192.168.1.2,(3345&
…(
…(
S(=(128.119.40.186,(80( D(=(138.76.29.7,(5001(
When the response arrives at the NAT router, the router searches the NAT translation table and rewrites the datagram’s destination address and destination port number, and forwards the datagram into the home network.
Request from the external network
138.76.29.7(
HTTP(request( S(=(128.119.40.186,(3345( D&=&138.76.29.7,&80&
192.168.1.1(
192.168.1.2( 192.168.1.3(
192.168.1.4(
Web(browser(
Port%forwarding%rule:” Requests”to”port”80″are” forward”to”192.168.1.3″
Internet&
Problem: NAT allows communication where a host on the private network initiates the connection; what if a server is operated in the private network?
Port forwarding (or port mapping) – configuring the NAT router to send all packets received on a particular port to a specific host on the private network
e.g., if external hosts need to access a web server (port 80) operating on machine 192.168.1.3, it will be necessary to define a port forwarding rule on the router, redirecting all TCP packets received on port 80 to machine 192.168.1.3
IPv6
Initial motivation
32-bit address space completely allocated by the Internet Assigned Number Authority (IANA) on Feb. 3, 2011
Additional motivation:
to improve existing IPv4
IPv6 datagram format
IPv4 datagram format
ver
head. len
32 bits
type of service
length
fragment offset
16-bit identifier
time to live
upper layer
32 bit source IP address
32 bit destination IP address
Options (if any)
data
flgs
header checksum
IPv6 (cont’d)
Expanded address space: 128 bits
Fixed-length 40-byte header
allows fast processing of IPV6 datagram
no options field (but can be pointed to from “next header” field)
Flow labeling and priority
service differentiation among datagrams belonging to different flows
no fragmentation/reassembly allowed at the routers
can only be done at source/destination hosts to speed up IP forwarding
2001:0000:3238:DFE1:0063:0000:0000:FEFB
no header checksum
IPv6 datagram format
identify priority among datagrams in flow
identify datagrams in same flow
ususally specify upper-layer protocol used by payload; or indicate the type of extension header (if present) immediately following the IPv6 header
checksum: removed entirely to reduce processing time at each hop
Illustrations of Next Header:
https://tools.ietf.org/html/rfc2460
IPv4 —> IPv6
Not all routers can be upgraded simultaneous
How will the network operate with mixed IPv4 and IPv6 routers?
Dual-stack approach: IPv6 routers also have a complete IPv4 implementation, with both an IPv4 address and an IPv6 address
use IPv4 to communicate with IPv4 routers use IPv6 to communicate with IPv6 routers
Tunneling: IPv6 carried as payload in IPv4 datagram among IPv4 routers
IPv4 header fields
IPv4 source, dest addr
IPv6 header fields
IPv6 source dest addr
UDP/TCP payload
IPv6 datagram IPv4 datagram
IPv4 payload
IPv4 —> IPv6 (cont’d)
Tunneling
logical view:
physical view:
AB
IPv6 IPv6
IPv4 tunnel connecting IPv6 routers
EF
IPv6 IPv6
ABCDEF
IPv6
IPv6 IPv4 IPv4
IPv6 IPv6
flow: X src: A dest: F
data
src:B dest: E
flow: X src: A dest: F
data
Flow: X Src: A Dest: F
data
src:B dest: E
Flow: X Src: A Dest: F
data
A-to-B: IPv6
B-to-C: IPv6 inside IPv4
D-to-E:
IPv6 inside E-to-F:
IPv4 IPv6
IPv6 adoption
DNS has supported IPv6 since 2008
All major OSs in use included IPv6 implementation by 2011
More than 44% of Google users in US access services via IPv6 as of January 2021
Still need a long time for wide deployment, thinking of application-level changes needed (WWW, streaming media, social app, …)
ICMP
Internet Control Message Protocol
Used by hosts & routers to communicate network-layer information among each other
error reporting
unreachable host/network/port/protocol
echo request, reply
e.g., used in ping, traceroute
ICMP message contains
type
code
header and first 8 bytes of IP datagram that
caused the ICMP message to be generated
“Above” IP:
ICMP messages carried inside IP datagrams
in the IP datagram carrying an ICMP message, the
Type Code description
0 0
3 0
3 1
3 2
3 3
3 6
3 7
4 0
echo reply (ping)
dest. network unreachable dest host unreachable
dest protocol unreachable dest port unreachable
dest network unknown dest host unknown
source quench (congestion control – not used)
echo request (ping)
router advertisement router discovery
8 0
9 0
10 0
110 TTL expciereded 120 bad IP header
“upper layer protocol” header specifies ICMP
Traceroute using ICMP
Source host sends series of UDP segments to destination with unlikely UDP port numbers
first set has TTL =1 second set has TTL=2 etc.
When an IP datagram in nth set arrives at nth router:
router discards datagram and sends back to source host an ICMP message (type 11, code 0, including name and IP address of router)
When ICMP message arrives, source records RTTs and name/IP address of the nth router
stopping:
UDP segment eventually arrives at destination host;
destination returns ICMP “port unreachable” message (type 3, code 3); source stops after receiving this ICMP message
✦ ✦ ✦
3 probes 3 probes
3 probes
Required reading
Computer Networking: A Top-Down Approach (7th Edition) Ch 4.3.3, 4.3.4, 4.3.5, 5.6
Acknowledgement:
Some materials are extracted from the slides created by Prof. Jim F. Kurose and Prof. Keith W. Ross for the textbook.