Chapter 6 IPv4 Addresses – Part 3 CIS 81 Networking Fundamentals Rick Graziani Cabrillo College [email protected] Last Updated: 4/13/2008

Chapter 6IPv4 Addresses – Part 3

CIS 81 Networking Fundamentals

Rick Graziani

Cabrillo College

[email protected]

Last Updated: 4/13/2008

2

Topics

Calculating the number subnets/hosts needed VLSM (Variable Length Subnet Masks) Classful Subnetting IPv6 ICMP: Ping and Traceroute

Calculating the number subnets/hosts needed

4


Network 172.16.1.0/24 Need:

As many subnets as possible, 60 hosts per subnet

172.16.1.0

Network Host

255.255.255.0

5




172.16.1. 0 0 0 0 0 0 0 0

Network Host6 host bits

255.255.255. 0 0 0 0 0 0 0 0

Number of hosts per subnet

6



As many subnets as possible, 60 hosts per subnet New Subnet Mask: 255.255.255.192 (/26)

Number of Hosts per subnet: 6 bits, 64-2 hosts, 62 hosts Number of Subnets: 2 bits or 4 subnets

172.16.1. 0 0 0 0 0 0 0 0


255.255.255. 1 1 0 0 0 0 0 0 255.255.255.192

Number of subnets

7




172.16.1.0

Network Host

255.255.255.0

8




172.16.1. 0 0 0 0 0 0 0 0


255.255.255. 0 0 0 0 0 0 0 0


9



As many subnets as possible, 12 hosts per subnet New Subnet Mask: 255.255.255.240 (/28)


172.16.1. 0 0 0 0 0 0 0 0


255.255.255. 1 1 1 1 0 0 0 0 255.255.255.240

Number of subnets


10



Need 6 subnets, as many hosts per subnet as possible

172.16.1.0

Network Host

255.255.255.0

11



Need 6 subnets, as many hosts per subnet as possible

172.16.1. 0 0 0 0 0 0 0 0

Network Host3 subnet bits

255.255.255. 0 0 0 0 0 0 0 0

Number of subnets

12



Need 6 subnets, as many hosts per subnet as possible New Subnet Mask: 255.255.255.224 (/27)


172.16.1. 0 0 0 0 0 0 0 0

Network Host3 subnet bits

255.255.255. 1 1 1 0 0 0 0 0

Number of subnets

255.255.255.224


VLSM (Variable Length Subnet Masks)

14

VLSM

If you know how to subnet, you can do VLSM.

Example: 10.0.0.0/8 Subnet in /16 subnets: 10.0.0.0/16 10.1.0.0/16 10.2.0.0/16 10.3.0.0/16 Etc.

Subnet one of the subnets (10.1.0.0/16) 10.1.0.0/24 10.1.1.0/24 10.1.2.0/24 10.1.3.0/24 etc

15

VLSM

All other /16 subnets are still available for use as /16 networks or to be subnetted.

Host can only be a member of the subnet. Host can NOT be a member of the network that was subnetted.

10.2.1.55/24

10.2.1.55/16

NO!

YES!

16

VLSM – Using the chart

This chart can be used to help determine subnet addresses.

This can any octet. We’ll keep it simple and make it the

fourth octet.

Network: 172.16.1.0/24 What if we needed 4 subnets? What would the Mask be? What would the addresses of each

subnet be? What would the range of hosts be for

each subnet?

17


Network: 172.16.1.0/24 What if we needed 4 subnets? What would the Mask be?

255.255.255.192 (/26) What would the addresses of each subnet be?

172.16.1.0/26 172.16.1.64/26 172.16.1.128/26 172.16.1.192/26

What would the range of hosts be for each subnet? 172.16.1.0/26: 172.16.1.1-172.16.1.62 172.16.1.64/26: 172.16.1.65-172.16.1.126 172.16.1.128/26: 172.16.1.129-172.16.1.191 172.16.1.192/26: 172.16.1.193-172.16.1.254

18


What if we needed several (four) /30 subnets for our serial links?

Take one of the /26 subnets and subnet it again into /30 subnets.

Still have 3 /26 subnets

16 /30 subnets

16 /30 subnets

Classful Subnetting

20

Classful IP Addressing

In the early days of the Internet, IP addresses were allocated to organizations based on request rather than actual need.

When an organization received an IP network address, that address was associated with a “Class”, A, B, or C.

This is known as Classful IP Addressing The first octet of the address determined what class the network belonged

to and which bits were the network bits and which bits were the host bits. There were no subnet masks. It was not until 1992 when the IETF introduced CIDR (Classless

Interdomain Routing), making the address class meaning less. This is known as Classless IP Addressing. For now, all you need to know is that today’s networks are classless, except

for some things like the structure of Cisco’s IP routing table and for those networks that still use Classful routing protocols.

You will learn more about this is CIS 82, CIS 83 and CIS 185.

21

IPv4 Address Classes

22

Address Classes

Class A

Class B

Class C

Network Host Host Host

Network Network Host Host

Network Network Network Host

1st octet 2nd octet 3rd octet 4th octet

N = Network number assigned by ARIN (American Registry for Internet Numbers)H = Host number assigned by administrator

23

Class A addresses

Network Host Host Host

First octet is between 0 – 127, begins with 0

Number between 0 - 127

8 bits 8 bits 8 bits

With 24 bits available for hosts, there a 224 possible addresses. That’s 16,777,216 nodes!

There are 126 class A addresses. 0 and 127 have special meaning and are not used.

16,777,214 host addresses, one for network address and one for broadcast address. Only large organizations such as the military, government agencies, universities, and

large corporations have class A addresses. For example ISPs have 24.0.0.0 and 63.0.0.0 Class A addresses account for 2,147,483,648 of the possible IPv4 addresses. That’s 50 % of the total unicast address space, if classful was still used in the Internet!

Default Mask: 255.0.0.0 (/8)

24

Class B addresses

Network Network Host Host



8 bits 8 bits

With 16 bits available for hosts, there a 216 possible addresses. That’s 65,536 nodes!

There are 16,384 (214) class B networks. 65,534 host addresses, one for network address and one for broadcast

address. Class B addresses represent 25% of the total IPv4 unicast address space. Class B addresses are assigned to large organizations including corporations

(such as Cisco, government agencies, and school districts).

Default Mask: 255.255.0.0 (/16)

25

Class C addresses

Network Network Network Host



8 bits

With 8 bits available for hosts, there a 28 possible addresses. That’s 256 nodes!

There are 2,097,152 possible class C networks. 254 host addresses, one for network address and one for broadcast

address. Class C addresses represent 12.5% of the total IPv4 unicast address

space.

Default Mask: 255.255.255.0 (/24)

26


No medium size host networks In the early days of the Internet, IP addresses were allocated to

organizations based on request rather than actual need.

27

Network based on first octet

The network portion of the IP address was dependent upon the first octet. There was no “Base Network Mask” provided by the ISP. The network mask was inherent in the address itself.

28


Class D Addresses A Class D address begins with binary 1110 in the first octet. First octet range 224 to 239. Class D address can be used to represent a group of hosts called a host

group, or multicast group.

Class E AddressesFirst octet of an IP address begins with 1111

Class E addresses are reserved for experimental purposes and should not be used for addressing hosts or multicast groups.

29

Fill in the information…

1. 192.168.1.3 Class _____ Default Mask:______________

Network: _________________ Broadcast: ________________

Hosts: _________________ through ___________________

2. 1.12.100.31 Class ______ Default Mask:______________


Hosts: _________________ through _____________________

3. 172.30.77.5 Class ______ Default Mask:______________


Hosts: _________________ through _____________________

30

Fill in the information…

1. 192.168.1.3 Class C Default Mask: 255.255.255.0

Network: 192.168.1.0 Broadcast: 192.168.1.255

Hosts: 192.168.1.1 through 192.168.1.254

2. 1.12.100.31 Class A Default Mask: 255.0.0.0


Hosts: 1.0.0.1 through 1.255.255.254

3. 172.30.77.5 Class B Default Mask: 255.255.0.0


Hosts: 172.30.0.1. through 172.30.255.254

31

Class separates network from host bits

The Class determines the Base Network Mask!

1. 192.168.1.3 Class C Default Mask: 255.255.255.0

Network: 192.168.1.0

2. 1.12.100.31 Class A Default Mask: 255.0.0.0

Network: 1.0.0.0

3. 172.30.77.5 Class B Default Mask: 255.255.0.0

Network: 172.30.0.0

32

Know the classes!

First First Network Host

Class Bits Octet Bits Bits

A 0 0 – 127 8 24

B 10 128 - 191 16 16

C 110 192 - 223 24 8

D 1110 224 – 239

E 1111 240 - 255

33

IP addressing crisis

Address Depletion Internet Routing Table Explosion

34

IPv4 Addressing

Subnet Mask One solution to the IP address shortage was thought to be the subnet

mask. Formalized in 1985 (RFC 950), the subnet mask breaks a single class A, B

or C network in to smaller pieces. This does allow a network administrator to divide their network into subnets. Routers still associated an network address with the first octet of the IP

address.

35

All Zeros and All Ones SubnetsUsing the All Ones Subnet

There is no command to enable or disable the use of the all-ones subnet, it is enabled by default.

Router(config)#ip subnet-zero The use of the all-ones subnet has always been explicitly allowed and the

use of subnet zero is explicitly allowed since Cisco IOS version 12.0.

RFC 1878 states, "This practice (of excluding all-zeros and all-ones subnets) is obsolete! Modern software will be able to utilize all definable networks." Today, the use of subnet zero and the all-ones subnet is generally accepted and most vendors support their use, though, on certain networks, particularly the ones using legacy software, the use of subnet zero and the all-ones subnet can lead to problems.

CCO: Subnet Zero and the All-Ones Subnet http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f18.shtml

36

Long Term Solution: IPv6 (coming)

IPv6, or IPng (IP – the Next Generation) uses a 128-bit address space, yielding

340,282,366,920,938,463,463,374,607,431,768,211,456

possible addresses. IPv6 has been slow to arrive IPv6 requires new software; IT staffs must be retrained IPv6 will most likely coexist with IPv4 for years to come.Some experts believe IPv4 will remain for more than 10 years.

37

Short Term Solutions: IPv4 Enhancements

Discussed in CIS 83 and CIS 185 CIDR (Classless Inter-Domain Routing) – RFCs 1517, 1518, 1519, 1520 VLSM (Variable Length Subnet Mask) – RFC 1009 Private Addressing - RFC 1918 NAT/PAT (Network Address Translation / Port Address Translation) – RFC

More later when we discuss TCP

38

11111111.00000000.00000000.00000000 /8 (255.0.0.0) 16,777,216 host addresses

11111111.10000000.00000000.00000000 /9 (255.128.0.0) 8,388,608 host addresses 11111111.11000000.00000000.00000000 /10 (255.192.0.0) 4,194,304 host addresses 11111111.11100000.00000000.00000000 /11 (255.224.0.0) 2,097,152 host addresses 11111111.11110000.00000000.00000000 /12 (255.240.0.0) 1,048,576 host addresses 11111111.11111000.00000000.00000000 /13 (255.248.0.0) 524,288 host addresses 11111111.11111100.00000000.00000000 /14 (255.252.0.0) 262,144 host addresses 11111111.11111110.00000000.00000000 /15 (255.254.0.0) 131,072 host addresses 11111111.11111111.00000000.00000000 /16 (255.255.0.0) 65,536 host addresses 11111111.11111111.10000000.00000000 /17 (255.255.128.0) 32,768 host addresses 11111111.11111111.11000000.00000000 /18 (255.255.192.0) 16,384 host addresses 11111111.11111111.11100000.00000000 /19 (255.255.224.0) 8,192 host addresses 11111111.11111111.11110000.00000000 /20 (255.255.240.0) 4,096 host addresses 11111111.11111111.11111000.00000000 /21 (255.255.248.0) 2,048 host addresses 11111111.11111111.11111100.00000000 /22 (255.255.252.0) 1,024 host addresses 11111111.11111111.11111110.00000000 /23 (255.255.254.0) 512 host addresses 11111111.11111111.11111111.00000000 /24 (255.255.255.0) 256 host addresses 11111111.11111111.11111111.10000000 /25 (255.255.255.128) 128 host addresses 11111111.11111111.11111111.11000000 /26 (255.255.255.192) 64 host addresses 11111111.11111111.11111111.11100000 /27 (255.255.255.224) 32 host addresses 11111111.11111111.11111111.11110000 /28 (255.255.255.240) 16 host addresses 11111111.11111111.11111111.11111000 /29 (255.255.255.248) 8 host addresses 11111111.11111111.11111111.11111100 /30 (255.255.255.252) 4 host addresses 11111111.11111111.11111111.11111110 /31 (255.255.255.254) 2 host addresses 11111111.11111111.11111111.11111111 /32 (255.255.255.255) “Host Route”

ISPs no longer restricted to three classes. Can now allocate a large range of network addresses based on customer requirements

39

Active BGP entries – March, 2006

http://bgp.potaroo.net/

40

S ubscribers S ubscribers S ubscribers S ubscribers S ubscribers S ubscribers S ubscribers S ubscribers

IS P IS P IS P IS P IS P IS P IS P IS P

R egiona lS erviceP rovider




N etworkS erviceP rovider

N etworkS erviceP rovider

N A P (N etwork A ccess P o in t)

ISP/NAP Hierarchy - “The Internet: Still hierarchical after all these years.” Jeff Doyle (Tries to be anyways!)

IPv6

42

Background

That short-term solution was Network Address Translation (NAT) and RFC 1918.

There are two fundamental drivers behind the growing recognition of the need for IPv6. (NAT stifles innovation in these areas.) New applications using core concepts such as:

mobile IP service quality guarantees end-to-end security peer-to-peer networking.

Rapid modernization of heavily populated countries such as India and China.

A compelling statistic is that the number of remaining unallocated IPv4 addresses is almost the same as the population of China: about 1.3 billion.

43

IPv6

IPv6 replaces the 32-bit IPv4 address with a 128-bit address, making 340 trillion trillion trillion IP addresses available.

340,282,366,920,938,463,463,374,607,431,768,211,456 addresses

Represented by breaking them up into eight 16-bit segments. Each segment is written in hexadecimal between 0x0000 and 0xFFFF,

separated by colons.

An example of a written IPv6 address is

3ffe:1944:0100:000a:0000:00bc:2500:0d0b

44

Global Unicast Addresses

Note: This format, specified in RFC 3587, obsoletes and simplifies an earlier format that divided the IPv6 unicast address into Top Level Aggregator (TLA), Next-Level Aggregator (NLA), and other fields. However, you should be aware that this obsolescence is relatively recent and you are likely to encounter some books and documents that show the old IPv6 address format.

Replaced with

45


The host portion of the address is called the Interface ID. The reason for this name is that a host can have more than one IPv6

interface, and so the address more correctly identifies an interface on a host than a host itself.

But that subtlety only goes so far: A single interface can have:

multiple IPv6 addresses, and an IPv4 address in addition.

46


Subnet Identifier is part of the network portion of the address rather than the host portion.

A big benefit is that the Interface ID can be a consistent size for all IPv6 addresses.

And making the Subnet ID a part of the network portion creates a clear separation of functions: The network portion provides the location of a device down to the specific

data link and the host portion provides the identity of the device on the data link.

47


With very few exceptions: Interface ID is 64 bits Subnet ID field is 16 bits

provides for 65,536 separate subnets

The IANA and the Regional Internet Registries (RIRs) assign IPv6 prefixes—normally /32 or /35 in length—to the Local Internet Registries (LIRs).

The LIRs, which are usually large Internet Service Providers, then allocate longer prefixes to their customers. In the majority of cases, the prefixes assigned by the LIRs are /48.

48

Background

IPv4 will exist for some time, as the transition begins to IPv6. Other new protocols have been developed in support of IPv6:

Routing protocols (OSPFv3) so routers can learn about IPv6 network addresses.

ICMPv6

49

ICMP: Ping and Trace

51

ICMP (Internet Control Message Protocol) ICMP: A Layer 3 protocol Used for sending messages Encapsulated in a Layer 3, IP packet Uses Type and Code fields for various messages

Ethernet Header (Layer 2)

IP Header (Layer 3)

ICMP Message (Layer 3)

Ether. Tr.

Ethernet Destination Address (MAC)

Ethernet Source Address (MAC)

Frame Type

Source IP Add. Dest. IP Add. Protocol field

Type 0 or 8

Code 0

Check- sum

ID Seq. Num.

Data FCS

Partial list

52

ICMP

Unreachable Destination or Service

Used to notify a host that the destination or service is unreachable. When a host or router receives a packet that it cannot deliver, it may send

an ICMP Destination Unreachable packet to the host originating the packet.

The Destination Unreachable packet will contain codes that indicate why the packet could not be delivered.From a router: 0 = network unreachable – Does not have a route in the routing table 1 = host unreachable – Has a route but can’t find host. (end router)From a host: 2 = protocol unreachable 3 = port unreachable

Service is not available because no daemon is running providing the service or because security on the host is not allowing access to the service.


IP Header (Layer 3)


Ether. Tr.



Frame Type


Type 0 or 8

Code 0

Check- sum

ID Seq. Num.

Data FCS

53

172.30.1.20 172.30.1.25

54

Ping Uses ICMP message encapsulated within an IP Packet

Protocol field = 1

Does not use TCP or UDP

Format ping ip address (or ping <cr> for extended ping) ping 172.30.1.25


IP Header (Layer 3)


Ether. Tr.



Frame Type


Type 0 or 8

Code 0

Check- sum

ID Seq. Num.

Data FCS

55

Echo Request The sender of the ping, transmits an ICMP message, “Echo Request”

Echo Request - Within ICMP Message Type = 8 Code = 0


IP Header (Layer 3)

ICMP Message - Echo Request (Layer 3)

Ether. Tr.



Frame Type

Source IP Add. 172.30.1.20 Dest. IP Add. 172.30.1.25 Protocol field 1

Type 8

Code 0

Check- sum

ID Seq. Num.

Data FCS

56

Echo Reply The IP address (destination) of the ping, receives the ICMP message,

“Echo Request” The ip address (destination) of the ping, returns the ICMP message, “Echo

Reply”

Echo Reply - Within ICMP Message Type = 0 Code = 0


IP Header (Layer 3)

ICMP Message - Echo Reply (Layer 3)

Ether. Tr.



Frame Type

Source IP Add. 172.30.1.25 Dest. IP Add. 172.30.1.20 Protocol field 1

Type 0

Code 0

Check- sum

ID Seq. Num.

Data FCS

57

Ping example

58

Q: Are pings forwarded by routers?

A: Yes! This is why you can ping devices all over the Internet.

Q: Do all devices forward or respond to pings?

A: No, this is up to the network administrator of the device. Devices, including routers, can be configured not to reply to pings (ICMP echo requests). This is why you may not always be able to ping a device. Also, routers can be configured not to forward pings destined for other devices.

Pings may fail

59

Traceroute

Traceroute is a utility that records the route (router IP addresses) between two devices on different networks.

60

Tracroute

http://en.wikipedia.org/wiki/Traceroute On modern Unix and Linux-based operating systems, the traceroute utility

by default uses UDP datagrams with a destination port number starting at 33434.

The traceroute utility usually has an option to specify use of ICMP echo request (type 8) instead.

The Windows utility uses ICMP echo request, better known as ping packets.

Some firewalls on the path being investigated may block UDP probes but allow the ICMP echo request traffic to pass through.

There are also traceroute implementations sending out TCP packets, such as tcptraceroute or Layer Four Trace.

In Microsoft Windows, traceroute is named tracert. A new utility, pathping, was introduced with Windows NT, combining ping

and traceroute functionality. All these traceroutes rely on ICMP (type 11) packets coming back.

61

Trace ( Cisco = traceroute, tracert,…) is used to trace the probable path a packet takes between source and destination.

Probable, because IP is a connectionless protocol, and different packets may take different paths between the same source and destination networks, although this is not usually the case.

Trace will show the path the packet takes to the destination, but the return path may be different. This is more likely the case in the Internet, and less likely within your own

autonomous system. Linux/Unix Systems

Uses ICMP message within an IP Packet Both are layer 3 protocols. Uses UDP as a the transport layer. We will see why this is important in a moment.

Trace (Traceroute)

62

Format (trace, traceroute, tracert) RTA# traceroute ip address

RTA# traceroute 192.168.10.2

10.0.0.0/8 172.16.0.0/16 192.168.10.0/24

.1 .1 .1.2 .2 .2

RTA RTB RTC RTD

Trace

63

How it works (using UDP) - Fooling the routers & host! Traceroute uses ping (echo requests) Traceroute sets the TTL (Time To Live) field in the IP Header, initially to “1”

10.0.0.0/8 172.16.0.0/16 192.168.10.0/24

.1 .1 .1.2 .2 .2

DA = 192.168.10.2, TTL = 1

RTA RTB RTC RTD

Data Link Header (Layer 2)

IP Header (Layer 3)

ICMP Message - Echo Request (trace) UDP (Layer 4)

DataLink Tr.

Data Link Destination Address

Data Link Source Address

…… Source IP Add. 10.0.0.1 Dest. IP Add. 192.168.10.2 Protocol field 1 TTL 1

Type 8 Code 0

Chk sum

ID Seq. Num

Data DestPort 35,000

FCS

Trace

64

RTB - TTL: When a router receives an IP Packet, it decrements the TTL by 1. If the TTL is 0, it will not forward the IP Packet, and send back to the

source an ICMP “time exceeded” message. ICMP Message: Type = 11, Code = 0

10.0.0.0/8 172.16.0.0/16 192.168.10.0/24

.1 .1 .1.2 .2 .2

DA = 192.168.10.2, TTL = 1

ICMP Time Exceeded, SA = 10.0.0.2

RTA RTB RTC RTD


IP Header (Layer 3)

ICMP Message - Time Exceeded DataLink Tr.



…. Source IP Add. 10.0.0.2 Dest. IP Add. 10.0.0.1 Protocol field 1

Type 11 Code 0

Chk sum

ID Seq. Num.

Data FCS

Trace

65

RTB After the traceroute is received by the first router, it decrements the TTL by 1

to 0. Noticing the TTL is 0, it sends back a ICMP Time Exceeded message back

to the source, using its IP address for the source IP address. Router B’s IP header includes its own IP address (source IP) and the sending

host’s IP address (dest. IP).

10.0.0.0/8 172.16.0.0/16 192.168.10.0/24

.1 .1 .1.2 .2 .2

DA = 192.168.10.2, TTL = 1


RTA RTB RTC RTD


IP Header (Layer 3)





Type 11 Code 0

Chk sum

ID Seq. Num.

Data FCS

66

RTA, Sending Host The traceroute program of the sending host (RTA) will use the source IP

address of this ICMP Time Exceeded packet to display at the first hop.

RTA# traceroute 192.168.10.2Type escape sequence to abort. Tracing the route to 192.168.10.2 1 10.0.0.2 4 msec 4 msec 4 msec

10.0.0.0/8 172.16.0.0/16 192.168.10.0/24

.1 .1 .1.2 .2 .2

DA = 192.168.10.2, TTL = 1


RTA RTB RTC RTD


IP Header (Layer 3)





Type 11 Code 0

Chk sum

ID Seq. Num.

Data FCS

67

RTA The traceroute program increments the TTL by 1 (now 2 ) and resends the

ICMP Echo Request packet.


IP Header (Layer 3)


DataLink Tr.




Type 8 Code 0

Chk sum

ID Seq. Num


FCS

10.0.0.0/8 172.16.0.0/16 192.168.10.0/24

.1 .1 .1.2 .2 .2

DA = 192.168.10.2, TTL = 1

DA = 192.168.10.2, TTL = 2


RTA RTB RTC RTD

68

RTB This time RTB decrements the TTL by 1 and it is NOT 0. (It is 1.) So it looks up the destination ip address in its routing table and forwards it on to

the next router.RTC RTC however decrements the TTL by 1 and it is 0. RTC notices the TTL is 0 and sends back the ICMP Time Exceeded message

back to the source. RTC’s IP header includes its own IP address (source IP) and the sending host’s

IP address (destination IP address of RTA). The sending host, RTA, will use the source IP address of this ICMP Time

Exceeded message to display at the second hop.

10.0.0.0/8 172.16.0.0/16 192.168.10.0/24

.1 .1 .1.2 .2 .2

DA = 192.168.10.2, TTL = 1

DA = 192.168.10.2, TTL = 2



RTA RTB RTC RTD

69

.

10.0.0.0/8 172.16.0.0/16 192.168.10.0/24

.1 .1 .1.2 .2 .2

DA = 192.168.10.2, TTL = 1

DA = 192.168.10.2, TTL = 2



RTA RTB RTC RTD


IP Header (Layer 3)


DataLink Tr.




Type 8 Code 0

Chk sum

ID Seq. Num


FCS


IP Header (Layer 3)


DataLink Tr.




Type 8 Code 0

Chk sum

ID Seq. Num


FCS


IP Header (Layer 3)





Type 11 Code 0

Chk sum

ID Seq. Num.

Data FCS

RTA to RTB

RTB to RTC

70

The sending host, RTA: The traceroute program uses this information (Source IP Address) and

displays the second hop.

RTA# traceroute 192.168.10.2Type escape sequence to abort. Tracing the route to 192.168.10.2 1 10.0.0.2 4 msec 4 msec 4 msec 2 172.16.0.2 20 msec 16 msec 16 msec

10.0.0.0/8 172.16.0.0/16 192.168.10.0/24

.1 .1 .1.2 .2 .2

DA = 192.168.10.2, TTL = 1

DA = 192.168.10.2, TTL = 2



RTA RTB RTC RTD


IP Header (Layer 3)





Type 11 Code 0

Chk sum

ID Seq. Num.

Data FCS

71

The sending host, RTA: The traceroute program increments the TTL by 1 (now 3 ) and resends the

Packet.


IP Header (Layer 3)


DataLink Tr.




Type 8 Code 0

Chk sum

ID Seq. Num


FCS

10.0.0.0/8 172.16.0.0/16 192.168.10.0/24

.1 .1 .1.2 .2 .2

DA = 192.168.10.2, TTL = 1

DA = 192.168.10.2, TTL = 2

DA = 192.168.10.2, TTL = 3



RTA RTB RTC RTD

72

.


IP Header (Layer 3)


DataLink Tr.




Type 8 Code 0

Chk sum

ID Seq. Num


FCS


IP Header (Layer 3)


DataLink Tr.




Type 8 Code 0

Chk sum

ID Seq. Num


FCS

10.0.0.0/8 172.16.0.0/16 192.168.10.0/24

.1 .1 .1.2 .2 .2

DA = 192.168.10.2, TTL = 1

DA = 192.168.10.2, TTL = 2

DA = 192.168.10.2, TTL = 3



RTA RTB RTC RTD


IP Header (Layer 3)


DataLink Tr.




Type 8 Code 0

Chk sum

ID Seq. Num


FCS

RTA to RTB

RTB to RTC

RTC to RTD

73

RTB This time RTB decrements the TTL by 1 and it is NOT 0. (It is 2.) So it looks up the destination ip address in its routing table and forwards it on to the next

router.RTC This time RTC decrements the TTL by 1 and it is NOT 0. (It is 1.) So it looks up the destination ip address in its routing table and forwards it on to the next

router.RTD RTD however decrements the TTL by 1 and it is 0. However, RTD notices that the Destination IP Address of 192.168.0.2 is it’s own interface. Since it does not need to forward the packet, the TTL of 0 has no affect.

10.0.0.0/8 172.16.0.0/16 192.168.10.0/24

.1 .1 .1.2 .2 .2

DA = 192.168.10.2, TTL = 1

DA = 192.168.10.2, TTL = 2

DA = 192.168.10.2, TTL = 3



RTA RTB RTC RTD

74

RTD RTD sends the packet to the UDP process. UDP examines the unrecognizable port number of 35,000 and sends back an

ICMP Port Unreachable message to the sender, RTA, using Type 3 and Code 3.


IP Header (Layer 3)

ICMP Message – Port Unreachable DataLink Tr.




Type 3 Code 3

Chk sum

ID Seq. Num.

Data FCS


IP Header (Layer 3)


DataLink Tr.




Type 8 Code 0

Chk sum

ID Seq. Num


FCS

75

Sending host, RTA RTA receives the ICMP Port Unreachable message. The traceroute program uses this information (Source IP Address) and displays

the third hop. The traceroute program also recognizes this Port Unreachable message as

meaning this is the destination it was tracing.

10.0.0.0/8 172.16.0.0/16 192.168.10.0/24

.1 .1 .1.2 .2 .2

DA = 192.168.10.2, TTL = 1

DA = 192.168.10.2, TTL = 2

DA = 192.168.10.2, TTL = 3



ICMP Port Unreachable, SA = 192.168.10.2

RTA RTB RTC RTD


IP Header (Layer 3)

ICMP Message – Port Unreachable DataLink Tr.




Type 3 Code 3

Chk sum

ID Seq. Num.

Data FCS

76

10.0.0.0/8 172.16.0.0/16 192.168.10.0/24

.1 .1 .1.2 .2 .2

DA = 192.168.10.2, TTL = 1

DA = 192.168.10.2, TTL = 2

DA = 192.168.10.2, TTL = 3



ICMP Port Unreachable, SA = 192.168.10.2

RTA RTB RTC RTD

Sending host, RTA RTA, the sending host, now displays the third hop. Getting the ICMP Port Unreachable message, it knows this is the final hop

and does not send any more traces (echo requests).

RTA# traceroute 192.168.10.2Type escape sequence to abort. Tracing the route to 192.168.10.2 1 10.0.0.2 4 msec 4 msec 4 msec 2 172.16.0.2 20 msec 16 msec 16 msec 3 192.168.10.2 16 msec 16 msec 16 msec

77

For more information on ICMP and other TCP/IP topics, I recommend: TCP/IP Illustrated, Volume I – R.W. Stevens

Recommended Reading

http://www.amazon.com/exec/obidos/tg/stores/detail/-/books/0201633469/reader/2/102-1499200-2096936

Chapter 6IPv4 Addresses – Part 3

CIS 81 Networking Fundamentals

Rick Graziani

Cabrillo College

[email protected]

Last Updated: 4/13/2008

Documents

Chapter 6 IPv4 Addresses – Part 3 CIS 81 Networking Fundamentals Rick Graziani Cabrillo College [email protected] Last Updated: 4/13/2008