CS118 Discussion Week 6: The Network Layer (Data Plane)
Questions?
• From this week or about the HW/Midterm
The Network Layer
• Transport segment from sending to receiving host
• Sender: encapsulates segments into datagrams, passes to link layer • Receiver: delivers segments to transport layer protocol
• Network layer protocols in every Internet device: hosts, routers • Two Key Features:
• Forwarding (move packets from a router’s input link to appropriate router output link)
• Routing (determine route taken by packets from source to destination)
1/21/2021 3
Control Plane
• Network-wide logic
• Determines how datagram is routed among routers along end-to-end
path from source host to destination host
• Two control-plane approaches:
• traditional routing algorithms: implemented in routers
• software-defined networking (SDN): implemented in (remote) servers
1/21/2021 4
Data Plane
• local, per-router function
• determines how datagrams arriving on router input ports are
forwarded to router output ports
• What we’ll be focusing on in this section!
1/21/2021 5
Network Protocols
• Last section we went over two prominent Transport protocols – TCP and UDP.
• For the network layer, there’s (at least right now), only really one game in town.
• IP (Internet Protocol, v4 and v6).
• For the sake of simplicity we’ll go over v4 first.
• Concerns itself with sending information from one address (x.y.z.a) to another.
IPv4
• Quite similar to TCP (the two together are often known as TCP/IP)
• At its core, sends a packet through the network based solely on its Destination Address.
• Interesting fields:
• Identifier primarily used for uniquely
identifying fragments.
• Flags is used to control and identify
fragments.
• The fragment offset field, measured
in units of eight-byte blocks, is 13 bits long and specifies the offset of a particular fragment relative to the beginning of the original unfragmented IP datagram
• TTL is the maximum amount of time a datagram can live in the internet.
• Source/Dest address: what you’d expect.
Network-layer service model: IP
Network Architecture
Internet ATM ATM Internet
Internet
Service Model
best effort Constant Bit Rate
Quality of Service (QoS) Guarantees ?
Bandwidth Loss
none no
Constant rate yes
Order Timing no no
yes yes yes no
Internet “best effort” service model
Available Bit Rate Guaranteed min no
No guarantees on:
i. successful datagram delivery to destination
Intserv Guaranteed yes yes yes yes (RFC 1633)
ii. timing or order of delivery
iii. bandwidth available to end-end flow
Diffserv (RFC 2475)
possible possibly possibly no
Network Layer: 4-9
IP Vs Competitors
Network Architecture
Internet ATM ATM Internet
Internet
Service Model
best effort
Constant Bit Rate
Available Bit Rate
Intserv Guaranteed (RFC 1633)
Diffserv (RFC 2475)
Quality of Service (QoS) Guarantees ?
Bandwidth none
Constant rate Guaranteed min yes
possible
Loss Order Timing no no no
yes yes yes
no yes no
yes yes yes possibly possibly no
Network Layer: 4-10
Evaluation of IP
• Why has IP been so successful?
simplicity of mechanism has allowed Internet to be widely deployed adopted
sufficient provisioning of bandwidth allows performance of real-time applications (e.g., interactive voice, video) to be “good enough” “most of the time”
replicated, application-layer distributed services (datacenters, content distribution networks) connecting close to clients’ networks, allowing services to be provided from multiple locations
congestion control of “elastic” services helps
Application
Transport
Network
Link
HTTP SMTP ….
TCP UDP
IP
The “Narrow Waist”
1/21/2021
12
IPv4 addressing
• IPv4 address: 32-bit identifier associated with each host or router interface – form x.y.z.a (where each of these is a number 0-255)
• interface: connection between host/router and physical link
• routers typically have multiple interfaces
• hosts typically have one or two
interfaces (e.g., wired Ethernet, wireless 802.11)
223.1.1.1
223.1.1.2
223.1.1.3
223.1.1.4
223.1.2.1 223.1.2.9
223.1.3.27
223.1.3.1
223.1.2.2
223.1.3.2
dotted-decimal IP address notation:
223.1.1.1 = 11011111 00000001 00000001 00000001
223 1 1 1
Network Layer: 4-13
Subnetworking
• Computer networks are inherently “hierarchical” • E.g., UCLA’s network vs. Google’s network
• We split the IP address space up into “subnets”
• In other words, logically group hosts by the first n bits of their addresses
• 192.168.0.0-192.168.0.255 can be a subnet
• First 24 bits are network, last 8 bits are host in that network (28-2 hosts)
• We can’t use the first or last address since they’re special • Network identifier and “broadcast” addresses
• Left with 254 host addresses in this subnet
“Classful” Addressing
• In the old days, subnets could only be formed on byte boundaries • E.g., 10.0.0.0-10.255.255.255 or 192.168.54.0-192.168.54.255
• On which byte they were split was determined by their “class” • Class A: Split after first byte (224-2 hosts per subnet)
• Class B: Split after second byte (216-2 hosts per subnet) • Class C: Split after third byte (28-2 hosts per subnet)
• Other classes for special addresses (e.g., multicast)
• However, too coarse-grained to represent structure of Internet •Replaced with “Classless-Interdomain Routing” (CIDR)
CIDR
• Split network and byte portions of address after some number of bits • E.g., 27
• Network represented like 192.168.0.0/25
• First IP address/number of bits in network portion
• This represents network 192.168.0.0-192.168.0.127
• Greater flexibility, can split subnets up into smaller subnets • E.g., CS department subnet with UCLA subnet
• And then, research group subnet with CS department subnet
How do you get an IP Address, anyway?
• Dynamic Host Configuration Protocol (DHCP)
• Send a broadcast message to the local network asking for an address
• DHCP server will record address “lease” assignment and respond with IP address for host to use
• Response also includes information about which DNS servers to use and the local router’s IP address
• DHCP address “leases” are refreshed periodically
• Your home network uses DHCP, with the server running in your router
Modifications to IP: NAT
• Problem: IPv4 is running out of addresses
• Who would have thought that there would be more than ~4B (2^32) hosts on the Internet?
• “640K[ofRAM]oughttobeenoughforanybody”–(allegedly)BillGates,1981
• Stopgap Solution (“NAT”): Hide private networks behind gateways
• Use a “private” IP address in one of the following ranges: • 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12
• Reuse these private addresses between networks
• Map internal IP and port numbers to external IP and port numbers • And update packet headers as packets pass through router
Network Address Translation (NAT)
https://commons.wikimedia.org/wiki/File:NAT_Concept-en.svg
Modifications to IP: IPv6
• Better Solution: Expand IP address space from 32 to 128 bits! • 2^128 IP addresses!
• Represented as 8 groups of 4 hex digits
• 2001:0db8:85ae:0000:0000:0000:1234:5678:90ab
• However, greater IP address sizes mean packet format changes, which hampers adoption
• Therefore, IPv6 adoption has been very slow (30~34% as of Jan 2021) • A long time for a protocol devised in the 1990s
• Instead, people still mostly use IPv4 with NAT
• But adoption is progressing
• In late 2020, US government mandated that 80% of federal networks had to be *IPv6-only* by 2025
Working with the Data Plane: OpenFlow
• More abstractly, what is forwarding?
• Match + Action sequence: packet comes in, match it with something in the
forwarding table, take an action based on that. • Turn this into a flow table abstraction.
Router’s flow table define router’s match+action rules
Flow table
match
action
src = *.*.*.*, dest=3.4.*.* src=1.2.*.*, dest=*.*.*.*
src=10.1.2.3, dest=*.*.*.*
forward(2) drop
send to controller
* : wildcard
OpenFlow
• OpenFlow is a programmable network protocol that lets you input these match + action rules manually.
• Here are a few examples: Firewall:
Switch Port
MAC src
MAC dst
Eth type
VLAN ID
VLAN Pri
IP Src
IP Dst
IP Prot
IP ToS
TCP s-port
TCP d-port
Action
22 drop Block (do not forward) all datagrams destined to TCP port 22 (ssh port #)
***********
Switch Port
MAC src
MAC dst
Eth type
VLAN ID
VLAN Pri
IP Src
IP Dst
IP Prot
IP ToS
TCP s-port
TCP d-port
Action
* * * * * * 128.119.1.1 * * * * * drop
Block (do not forward) all datagrams sent by host 128.119.1.1
OpenFlow example
Host h6
10.3.0.6
s3
4
1s1 1 s2
Orchestrated tables can create network-wide behavior, e.g.,:
datagrams from hosts h5 and h6 should be sent to h3 or h4, via s1 and from there to s2
1 2
controller
3
Host h5
10.3.0.5
Host h1
10.1.0.1
2 4 3
Host h2
10.1.0.2
2 4 Hosth4 3 10.2.0.4
Host h3
10.2.0.3
Network Layer: 4-23
OpenFlow example
Host h6
10.3.0.6
3
Orchestrated tables can create network-wide behavior, e.g.,:
datagrams from hosts h5 and h6 should be sent to h3 or h4, via s1 and from there to s2
match
IP Src = 10.3.*.* IP Dst = 10.2.*.*
action
forward(3)
2
1
4
s3
controller
Host h5
10.3.0.5
Host h1
10.1.0.1
1s1 1 s2
2 4 2 Hosth4
33
match
ingress port = 1 IP Src = 10.3.*.* IP Dst = 10.2.*.*
action
forward(4)
4
10.2.0.4
match
ingress port = 2 IP Dst = 10.2.0.3
ingress port = 2 IP Dst = 10.2.0.4
action
forward(3)
forward(4)
Host h2
10.1.0.2
Host h3
10.2.0.3
Network Layer: 4-24
Middleboxes
Middlebox (RFC 3234)
“any intermediary box performing functions apart from normal, standard functions of an IP router on the data path between a source host and destination host”
Middleboxes are everywhere!
Firewalls, IDS: corporate, institutional, service providers, ISPs
NAT: home, cellular, institutional
Application-
specific: service providers,
institutional, CDN
national or global ISP
Load balancers: corporate, service
provider, data center, mobile nets
datacent network
er
enterprise network
Caches: service provider, mobile, CDNs
Middleboxes
initially: proprietary (closed) hardware solutions
move towards “whitebox” hardware implementing open APIs
move away from proprietary hardware solutions
programmable local actions via match+action
move towards innovation/differentiation in software
SDN: (logically) centralized control and configuration management often in private/public cloud
network functions virtualization (NFV): programmable services over white box networking, computation, storage
Router Algorithms
• How do we figure out where to send IP packets next in a router?
• Find the “longest-prefix matching” route!
• What does this mean?
• “Routes” in a router take the form: Network/LengthSend on Port X
• Or alternatively “Length” can be a bit mask, e.g., 24255.255.255.0
• Find the route with the greatest length “L” that matches the first “L” bits of
the IP packet’s destination address
• Then, send the packet on the port listed in the longest matching route
Final Reminders
• Homework 2 is due Monday, February 15
• Project 1 is due Tuesday, February 16 (extended deadline!)
• Project 2 will be released soon and will deal with routers themselves
• We think this project will be a lot of fun and will give you hands on experience
with the inner workings of routers (they’re comparatively simple actually!)
• Most of the router is already implemented, but we leave some specific functionality for you to implement
• You will be allowed to work in groups of up to 2 people