1

IP Forwarding

2

Roadmap

• IP forwarding• A protocol design exercise• Notes on the lab

3

Delivery of an IP datagram

Ethernet

TokenRingLANEthernet

H1

R1 R2

R3 R4

H2

Network ofEthernetswitches

Point-to-point link Point-to-point link

IP

• View at the data link layer:– Internetwork is a collection of LANs or point-to-point links or switched

networks that are connected by routers

4

H1

R1 R2

R3 R4

H2

10.2.1.0/24

20.1.0.0/1610.1.2.0/24

10.1.0.0/24 10.3.0.0/16

20.2.1.0/28

Delivery of an IP datagram

IP

• View at the IP layer:– An IP network is a logical entity with a network number– We represent an IP network as a “cloud” – The IP delivery service takes the view of clouds, and ignores the data

link layer view

5

Delivery of IP datagrams

• There are two distinct processes to delivering IP datagrams:

1. Forwarding (data plane): How to pass a packet from an input interface to the output interface?

2. Routing (control plane): How to find and setup the routing tables?

• Forwarding must be done as fast as possible:– on routers, is often done with support of hardware– on PCs, is done in kernel of the operating system

• Routing is less time-critical– On a PC, routing is done as a background process

6

Routing tables

• Each router and each host keeps a routing table which tells the router where to forward an outgoing packet

• Main columns:1. Destination address: where is the IP datagram going to?2. Next hop: how to send the IP datagram?3. Interface: what is the output port?

• Next hop and interface column can often be summarized as one column• Routing tables are set so that datagrams gets closer to the its destination

Destination NextHop

interface

10.1.0.0/2410.1.2.0/2410.2.1.0/2410.3.1.0/2420.1.0.0/1620.2.1.0/28

directdirectR4direct R4R4

eth0eth0serial0eth1eth0eth0

Routing table of a host or router

IP datagrams can be directly delivered (“direct”) or is sent to a router (“R4”)

7

Delivery with routing tables

D e s t i n a t i o n N e x t H o p 1 0 . 1 . 0 . 0 / 2 4 1 0 . 1 . 2 . 0 / 2 4 1 0 . 2 . 1 . 0 / 2 4 1 0 . 3 . 1 . 0 / 2 4 2 0 . 1 . 0 . 0 / 1 6 2 0 . 2 . 1 . 0 / 2 8

d i r e c t R 3 R 3 R 3 R 3 R 3

H 1

R 1 R 2

R 3 R 4

H 2

1 0 . 2 . 1 . 0 / 2 4

2 0 . 1 . 0 . 0 / 1 61 0 . 1 . 2 . 0 / 2 4

1 0 . 1 . 0 . 0 / 2 4 1 0 . 3 . 0 . 0 / 1 6

2 0 . 2 . 1 . 0 / 2 8

2 0 . 2 . 1 . 2 / 2 8

D e s t i n a t i o n N e x t H o p 1 0 . 1 . 0 . 0 / 2 4 1 0 . 1 . 2 . 0 / 2 4 1 0 . 2 . 1 . 0 / 2 4 1 0 . 3 . 1 . 0 / 2 4 2 0 . 1 . 0 . 0 / 1 6 2 0 . 2 . 1 . 0 / 2 8

d i r e c t d i r e c t R 4 d i r e c t R 4 R 4

D e s t i n a t i o n N e x t H o p 1 0 . 1 . 0 . 0 / 2 4 1 0 . 1 . 2 . 0 / 2 4 1 0 . 2 . 1 . 0 / 2 4 1 0 . 3 . 1 . 0 / 2 4 2 0 . 1 . 0 . 0 / 1 6 2 0 . 2 . 1 . 0 / 2 8

R 3 R 3 R 2 d i r e c t d i r e c t R 2

D e s t i n a t i o n N e x t H o p 1 0 . 1 . 0 . 0 / 2 4 1 0 . 1 . 2 . 0 / 2 4 1 0 . 2 . 1 . 0 / 2 4 1 0 . 3 . 1 . 0 / 2 4 2 0 . 2 . 0 . 0 / 1 6 3 0 . 1 . 1 . 0 / 2 8

R 3 d i r e c t d i r e c t R 3 R 2 R 2

D e s t i n a t i o n N e x t H o p 1 0 . 1 . 0 . 0 / 2 4 1 0 . 1 . 2 . 0 / 2 4 1 0 . 2 . 1 . 0 / 2 4 1 0 . 3 . 1 . 0 / 2 4 2 0 . 1 . 0 . 0 / 1 6 2 0 . 2 . 1 . 0 / 2 8

R 1 R 1 d i r e c t R 4 d i r e c t d i r e c t

D e s t i n a t i o n N e x t H o p 1 0 . 1 . 0 . 0 / 2 4 1 0 . 1 . 2 . 0 / 2 4 1 0 . 2 . 1 . 0 / 2 4 1 0 . 3 . 1 . 0 / 2 4 2 0 . 1 . 0 . 0 / 1 6 2 0 . 2 . 1 . 0 / 2 8

R 2 R 2 R 2 R 2 R 2 d i r e c t

to:20.2.1.2

8

Processing of an IP datagram in IP

UDP TCP

Inputqueue

Lookup nexthop

RoutingProtocol

Destinationaddress local?

Staticrouting

Yes

Senddatagram

IP forwardingenabled?

No

Discard

Yes No

Demultiplex

routingtable

IP module

Data Link Layer

IP router: IP forwarding enabledHost: IP forwarding disabled

9

Processing of an IP datagram in IP

• Processing of IP datagrams is very similar on an IP router and a host

• Main difference: “IP forwarding” is enabled on router and disabled on host

• IP forwarding enabled if a datagram is received, but it is not for the local system, the datagram will be sent to a different system

• IP forwarding disabled if a datagram is received, but it is not for the local system, the datagram will be dropped

10

Processing of an IP datagram at a router

1. IP header validation

2. Process options in IP header

3. Parsing the destination IP address

4. Routing table lookup

5. Decrement TTL

6. Perform fragmentation (if necessary)

7. Calculate checksum

8. Transmit to next hop

9. Send ICMP packet (if necessary)

Receive an IP datagram

11

Routing table lookup

• When a router or host need to transmit an IP datagram, it performs a routing table lookup

• Routing table lookup: Use the IP destination address as a key to search the routing table.

• Result of the lookup is the IP address of a next hop router, and/or the name of a network interface

Destination address

Next hop/interface

network prefixor

host IP addressor

loopback addressor

default route

IP address of next hop router

or

Name of a network interface

12

Type of routing table entries

• Network route– Destination addresses is a network address (e.g., 10.0.2.0/24)– Most entries are network routes

• Host route– Destination address is an interface address (e.g., 10.0.1.2/32)– Used to specify a separate route for certain hosts

• Default route – Used when no network or host route matches – The router that is listed as the next hop of the default route is the

default gateway (for Cisco: “gateway of last resort)

• Loopback address– Routing table for the loopback address (127.0.0.1)– The next hop lists the loopback (lo0) interface as outgoing interface

13

=

Routing table lookup: Longest Prefix Match

• Longest Prefix Match: Search for the routing table entry that has the longest match with the prefix of the destination IP address

1. Search for a match on all 32 bits2. Search for a match for 31 bits …..32. Search for a match on 0 bits

Host route, loopback entry 32-bit prefix match

Default route is represented as 0.0.0.0/0 0-bit prefix match

128.143.71.21

The longest prefix match for 128.143.71.21 is for 24 bits with entry 128.143.71.0/24

Datagram will be sent to R4

Destination address Next hop

10.0.0.0/8 128.143.0.0/16 128.143.64.0/20 128.143.192.0/20 128.143.71.0/24 128.143.71.55/32 0.0.0.0/0 (default)

R1 R2 R3 R3 R4 R3 R5

14

Route Aggregation

• Longest prefix match algorithm permits to aggregate prefixes with identical next hop address to a single entry

• This contributes significantly to reducing the size of routing tables of Internet routers

Destination Next Hop

10.1.0.0/2410.1.2.0/2410.2.1.0/2410.3.1.0/2420.0.0.0/8

R3directdirect

R3R2

Destination Next Hop

10.1.0.0/2410.1.2.0/2410.2.1.0/2410.3.1.0/2420.2.0.0/1620.1.1.0/28

R3directdirect

R3R2R2

15

How do routing tables get updated?

• Adding an interface:– Configuring an interface eth2 with

10.0.2.3/24 adds a routing table entry:

• Adding a default gateway:– Configuring 10.0.2.1 as the

default gateway adds the entry:

• Static configuration of network routes or host routes

• Update of routing tables through routing protocols

• ICMP messages

Destination Next Hop/interface

10.0.2.0/24 eth2

Destination Next Hop/interface

0.0.0.0/0 10.0.2.1

16

A Route Aggregation Example

• Algorithm:– More specific address prefixes that have the same next

hop may be aggregated into one more general address prefix if their address blocks are contiguous.

17

A Protocol Design Example

• DoS is not even close to be solved .

18

Researchers have proposed a packet logging algorithm to track down the attackers

• A router logs every packet it sends by computing a short packet digest.

• A victim can send queries to routers to obtain the trace of a packet.

19

Your task is to design the query protocol.

1. What’s the task of the protocol?2. Which entities would exchange messages of this protocol?3. What messages do we need?4. What actions would these entities take when they

receive/send the messages to achieve the task?5. Does the design achieve the task?6. Can we optimize it?

• What are the desired properties of this protocol? • E.g., low message overhead, secure …

7. Which protocol we have studied so far handles simple/generic queries?

8. Can we extend the existing protocols?

20

21

ICMP message format

additional informationor

0x00000000

type code checksum

bit # 0 15 23 248 317 16

4 byte header:• Type (1 byte): type of ICMP message• Code (1 byte): subtype of ICMP message• Checksum (2 bytes): similar to IP header checksum.

Checksum is calculated over entire ICMP messageIf there is no additional data, there are 4 bytes set to zero.

each ICMP messages is at least 8 bytes long

22

Query message

• Source IP address: router/host• Destination IP address: next hop router• Contents:

– Packet digest– Originator’s IP address

23

Reply Message

• Source IP address: router that has the packet digest• Destination IP address: the originator’s IP address• Content

– Packet digest– What else are needed for the victim to determine the order

of routers that forward the packet?

24

Analysis of this protocol

• Message overhead• How about the message get lost?

– Sequence numbers will help• How long will it take for a message to come back?

25

Notes on Lab

26

Loop back interface

• In the first lab report, there was a question in exercise 7:• "How many of the Linux PCs responded to the broadcast ping?"

• (1.1) some students answer that 4 machines reply, according to the output of ping, like:• ping -c 2 -b 10.0.1.255• WARNING: pinging broadcast address• PING 10.0.1.255 (10.0.1.255) 56(84) bytes of data.• 64 bytes from 10.0.1.11: icmp_seq=1 ttl=64 time=0.456 ms• 64 bytes from 10.0.1.12: icmp_seq=1 ttl=64 time=0.744 ms (DUP!)• 64 bytes from 10.0.1.14: icmp_seq=1 ttl=64 time=1.39 ms (DUP!)• 64 bytes from 10.0.1.13: icmp_seq=1 ttl=64 time=1.48 ms (DUP!)• 64 bytes from 10.0.1.11: icmp_seq=2 ttl=64 time=0.034 ms

• (1.2) But some students answer that 3 machines reply, according to the output of tcpdump, which is something like:• tcpdump -n• tcpdump: listening on eth0• 16:24:58.460818 10.0.1.11 > 10.0.1.255: icmp: echo request (DF)• 16:24:58.461098 10.0.1.12 > 10.0.1.11: icmp: echo reply• 16:24:58.461437 arp who-has 10.0.1.11 tell 10.0.1.14• 16:24:58.461474 arp reply 10.0.1.11 is-at 0:4:75:ac:87:e9• 16:24:58.461499 arp who-has 10.0.1.11 tell 10.0.1.13• 16:24:58.461509 arp reply 10.0.1.11 is-at 0:4:75:ac:87:e9• 16:24:58.461745 10.0.1.14 > 10.0.1.11: icmp: echo reply• 16:24:58.461843 10.0.1.13 > 10.0.1.11: icmp: echo reply• 16:24:59.466162 10.0.1.11 > 10.0.1.255: icmp: echo request (DF)• 16:24:59.466422 10.0.1.13 > 10.0.1.11: icmp: echo reply• 16:24:59.466538 10.0.1.12 > 10.0.1.11: icmp: echo reply• 16:24:59.466635 10.0.1.14 > 10.0.1.11: icmp: echo reply• 16:25:03.453514 arp who-has 10.0.1.11 tell 10.0.1.12• 16:25:03.453538 arp reply 10.0.1.11 is-at 0:4:75:ac:87:e9

• Question: which answer is correct?

27

Processing of IP packets by network device drivers

loopbackDriver

IP Input

Put on IPinput queue

ARPdemultiplex

Ethernet Frame

Ethernet

IP destination of packet= local IP address ?

IP destination = multicastor broadcast ?

IP Output

Put on IPinput queue

No: get MACaddress withARP

ARPPacket

IP datagram

No

Yes

YesEthernet

Driver