Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Midterm review
CSCI 466: Networks • Keith Vertanen
Network architecture
2
Encapsula8on
• High-‐level messages encapsulated in low-‐level messages – headers/footer get added by each layer
3
OSI 7-‐layer model
4
OSI 7-‐layer model
5
• Physical layer – Transmission of raw bits
• Data link layer – Aggregate bits into frames – Network adapter + device driver
• Network layer – Message called a packet – Routes in a packet-‐switched network
These three layers are implemented on all network nodes!
Internet architecture
• Popular 4-‐layer model • All roads go through IP
6
Internet protocol graph
Another view of the Internet architecture.
Subnetwork is oAen called network or link layer.
Network performance
7
Bandwidth
• Bandwidth -‐ measure of the frequency band – e.g. voice telephone line supports frequencies from 300 Hz -‐ 3300 Hz, bandwidth = 3000 Hz
• Bandwidth -‐ bits transmiUed per unit 8me – 1 Mbps = 1 x 106 bits/second – e.g. 802.11g wireless has a bandwidth of 54 Mbps
• Bandwidth, mega = 1 x 106 = 1000000 • File size, mega = 220 = 1048576
• Throughput -‐ actual obtainable performance – e.g. 802.11g wireless has a throughput ~22 Mbps
8
Latency
• Latency or delay -‐ how long it takes a message to go from one end of network to other – Measured in units of 8me (o]en ms)
• Round-‐trip ;me (RTT) -‐ how long from source to des8na8on and back to source
• Ji?er -‐ variance in latency (affects 8me sensi8ve applica8ons)
9
Latency
• latency = propaga8on + transmit + queue • propaga8on = distance / speed of light • transmit = size / bandwidth
10
latency
propaga6on transmit queue
Queuing delays inside the network
More important for short messages
More important for long messages
Delay x Bandwidth
• O]en we consider RTT as the delay – Takes RTT = 2 x latency to hear back from receiver
• If sender wants to keep pipe full: – Delay x Bandwidth = # bits transmiUed before hearing from receiver all is well, “bits in flight”
– Delay x Bandwidth = # bits sent before wai8ng for signal from receiver
11
Link capacity – Signal-‐to-‐noise ra8o (SNR), expressed in decibels SNR = 10 log10(S/N) – Example:
• Channel capacity of a voice-‐grade phone line • Frequencies of 300 Hz to 3300 Hz • SNR of 30 dB, 30 = 10 log10(S/N)
C = B log2(1 + S/N) B = 3000 Hz S/N = 1000 C = 3000 log2(1001) = 30 kbps
12
Connec8ng and sending bits
13
Physical connec8vity
Encoding bits
• Non-‐return to zero (NRZ) – Use the obvious mapping:
• Data value 1 high signal • Data value 0 low signal
15
Problems with NRZ
• Non-‐return to zero (NRZ) – Problem 1: baseline wander
• Receiver keeps average of signal seen thus far • Uses average to determine high versus low • Too many consecu8ve 0s or 1s, biases average
– Problem 2: clock recovery • Encoding and decoding driven by clock • Synchroniza8on required between sender and receiver
– Adjust clock on transi8on from high-‐to-‐low or low-‐to-‐high
• Too many consecu8ve 0s or 1s, clocks diverge
16
Manchester encoding
• Manchester encoding – XOR bits with clock signal – 0 bit is low-‐to-‐high transi8on – 1 bit is high-‐to-‐low transi8on – Disadvantage: requires twice the bit rate – Used in 10 Mbps Ethernet
17
Non-‐return to zero inverted
• Non-‐return to zero inverted (NRZI) – To send a 1: transi8on from current level – To sent a 0: stay at current level – Solves consecu8ve 1s problem – S8ll have problem for consecu8ve 0s
18
4B/5B encoding
• 4B/5B encoding – Every 4 bits encoded as 5 bits – Avoid runs of 0s, choose code words smartly:
• No more than one leading 0 • No more than two trailing 0s • Thus no pair of code words has > three consecu8ve 0s
– Transmit using NRZI (avoids runs of 1s) – 80% efficiency – Used in 100 Mbps Ethernet
19
Sen8nel-‐based
• PPP, Point-‐to-‐Point Protocol – Common on Internet links, e.g. dialup & DSL
• PPPoE (PPP over Ethernet), PPPoA (PPP over ATM)
– Special flag value, 0111 1110 – Address, control → uninteres8ng default values – Protocol code, e.g. IP/IPX/LCP – Payload nego8ated via LCP (link control protocol) – Checksum → error detec8on
20
Byte-‐coun8ng
• Byte-‐coun8ng approach – Instead of sen8nels, include count of items – DDCMP (Digital Data Communica8ons Message Protocol) • Created by DEC in 1974
– If count corrupted, causes framing error • May result in incorrect back-‐to-‐back frames • Sen8nel-‐based approaches have same problem
21
Clock-‐based framing
• SONET -‐ Synchronous Op8cal Network – Dominant standard for long haul data – No bit stuffing, fixed frame size, 125 µs – First two bytes of frame contain special bit paUern – Look for special paUern every 810 bytes – Payload XOR scrambled to ensure bit transi8ons
22
Reliable transmission
23
Error detec8on
• Error detec8on – Parity checking – Checksum – Cyclic Redundancy Check
• Error correc8on – Retransmission – Forward error correc8on (ECC)
• Hamming codes, Reed-‐Solomon codes, low-‐density parity check code (LDPC) • Examples: DVDs, WiMax, 802.11n
24
Parity checking
• One dimensional parity – Set parity bit so number of 1s odd or even – Detects all single bit errors – Example (7 bits data, 1 bit data):
25
data even parity odd parity
0010 101 0010 1011 0010 1010
1100 110 1100 1100 1100 1101
0000 000 0000 0000 0000 0001
Checksum
• Internet checksum algorithm – Add up 16-‐bit words and transmit result – Not used in link-‐layer
• Used in higher layers like TCP and UDP – Advantages:
• Small number of redundant bits • Easy to implement
– Disadvantages: • Weak protec8on
26
Common CRC polynomials
27
Name Used in C(x) Generator
CRC-‐8 ATM x8 + x2 + x1 + 1 1 0000 0111
CRC-‐10 ATM x10 + x9 + x5 + x4 + x1 + 1 110 0011 0011
CRC-‐12 Telecom systems x12 + x11 + x3 + x2 + x1 + 1 1 1000 0000 1111
CRC-‐16 USB, Bisync x16 + x15 + x2 + 1 1 1000 0000 0000 0011
CRC-‐CCITT Bluetooth, X.25, SD, HDLC x16 + x12 + x5 + 1 1 0001 0000 0010 0001 CRC-‐32 Ethernet, SATA, MPEG-‐2,
Gzip, PKZIP, PNG, ATM x32 + x26 + x23 + x22 + x16 + x12 + x11 + x10 + x8 + x7 + x5 + x4 + x2 + x1 + 1
1 0000 0100 1100 0001 0001 1101 1011 0111
• CRC will detect: – All single-‐bit errors, if xk and x0 are nonzero – All double-‐bit errors, if C(x) has a factor with 3 or more terms – Any odd number of errors, if C(x) contains the factor (x+1) – Any burst error, if burst is less than k bits
Reliable transmission • Main mechanisms for reliable delivery: – Acknowledgements (ACK)
• Control frame, informs peer frame(s) received okay • Different types
– Selec8ve acknowledgement, specifies received frame – Cumula8ve acknowledgement, received this frame and all previous
– Nega8ve acknowledgement (NACK), frame was corrupt or out of buffer space
– Timeouts • Only wait so long for ACK (frame or ACK may be MIA)
28
Stop-‐and-‐wait
• Stop-‐and-‐wait algorithm: 1. Send a frame, start a 8mer 2. Wait for an ACK 3. If 8meout before ACK, goto 1 4. If ACK, get next frame, goto 1
29
Stop-‐and-‐wait
30
Problem 1: Receiver thinks the retransmission is a new frame, corrup8ng data passed up to network layer.
a) ACK received before 8meout b) original frame is lost
c) ACK is lost d) 8meout triggered too soon
Stop-‐and-‐wait
31
Solu6on 1: Use 1-‐bit sequence number.
Receiver can now determine if received frame is a duplicate.
hUp://www.net-‐seal.net/anima8ons.php?aid=37
1
0 0
0
0
0
Sliding window
• Sliding window protocol – BeUer solu8on to bandwidth u8liza8on problem
• Put mul8ple frames in flight • Best known algorithm in networking • Several varia8ons on this idea • Used in TCP
32
Go-‐back-‐n
33
hUp://www.eecis.udel.edu/~amer/450/TransportApplets/GBN/GBNindex.html hUp://www.net-‐seal.net/anima8ons.php?aid=38
• Problem: – Go-‐back-‐n wastes bandwidth re-‐sending frames that may have been received okay
Sliding window: Selec8ve repeat
• Selec8ve repeat – Sender:
• Tracks which frames have been ACK'd • Unacknowledged frames must remain in buffer un8l acknowledged • Timer(s) track if frame needs resending
– Receiver: • Hold out-‐of-‐order frames un8l in order sec8on can be passed up to network layer
34
hUp://www.eecis.udel.edu/~amer/450/TransportApplets/SR/SRindex.html hUp://www.net-‐seal.net/anima8ons.php?aid=39
Mul8ple access networks
35
Ethernet addressing
• Media Access Control address (MAC) – 48-‐bit globally unique address
• 281,474,976,710,656 possible addresses • Should last 8ll 2100 • e.g. 01:23:45:67:89:ab
– Address of all 1's is broadcast • FF:FF:FF:FF:FF:FF
36
Ethernet frame format
• Frame format – Manchester encoded – Preamble products 10-‐Mhz square wave
• Allows clock synch between sender & receiver – Pad to at least 64-‐bytes (collision detec8on)
37
Ethernet
802.3
AlternaIng 0's and 1's (except SoF of 11)
48-‐bit MAC addresses
Ethernet receivers
• Hosts listens to medium – Deliver to host:
• Any frame with host's MAC address • All broadcast frames (all 1's) • Mul8cast frames (if subscribed to) • Or all frames if in promiscuous mode
38
MAC sublayer
• Media Access Control (MAC) sublayer – Who goes next on a shared medium – Ethernet hosts can sense if medium in use – Algorithm for sending data:
1. Is medium idle? If not, wait. 2. Start transmiwng data, listen for collision. 3. If collision detected, transmit 32-‐bit jamming
sequence. Stop transmiwng and go to backoff procedure.
39
Backoff procedure
• Binary exponen8al backoff – First collision
• Wait 0-‐1 8meslots (chosen at random)
– Second collision • Wait 0-‐3 8meslots
– In general, ith collision • Wait a random number of 8meslots between 0 and 2i -‐ 1 (max of 1023 slots)
– Give up a]er 16 or so retries – Timeslot = 51.2 µs
40
Switched Ethernet • Hubs – Made network easier to manage – But did not address capacity problem
• Switches – High-‐speed backplane connec8ng all ports – Only output frame to des8na8on port – Isolates traffic, no collisions, beUer security
41
Ethernet retrospec8ve • Why so popular? – Easy to administer, no rou8ng or config tables – Cheap hardware and wiring – Plays nice with TCP/IP
• Ethernet and IP are connec8onless protocols • Alternates like ATM were not
– Speed increased by order of magnitude periodically without throwing away exis8ng infrastructure
– Borrowed good ideas from other (failed) networking technologies (FDDI, Fiber Channel)
42
Wireless
• Shared medium using wireless – Bit errors more prevalent than wired – Limits on transmit power
• BaUery life, government regula8on
– Difficult to transmit and listen for collisions – Undirected signal
• Interference • Security
43
Wireless topology
• Base sta8on topology – Typically all clients talk to base sta8on – No direct communica8on between clients
44
Wireless topology
• Ad hoc / mesh topology – Nodes are peers – No special base sta8on – Advantages:
• More fault tolerant • Extends range
– Disadvantages: • Nodes are more complex • Nodes may be asked to expend limited resources (e.g. power)
45
One Laptop per Child, uses 802.11s mesh dra] standard.
802.11 collision avoidance
• Collision avoidance – Can’t transmit and listen for collision
• Transmission power swamps receiving circuit • Collision detec8on (CD) as in Ethernet not possible
– Not everyone can hear everything • Hidden node problem:
46
A and C both want to send to B. A and C can’t hear each other so can’t detect their transmissions collided.
802.11 collision avoidance
• Collision avoidance – Lack of global informa8on about who is in range of who • Exposed node problem:
47
C wants to send to D. But C can hear B transmiwng to A. But D cannot hear B, and A cannot hear C. So C could safely transmit to D.
Carrier Sense, Mul8ple Access w/ Collision Avoidance
• CSMA/CA – Don’t send if you hear transmission – If you sent recently, don’t be greedy
• Use random backoff
– Explicit ACK from receiver to sender • Exponen8al backoff if bad/missing ACK
48
802.11 frame format
• Source and des8na8on addresses – Four 48-‐bit MAC addresses:
• Allows for frame going via distribu8on system: – Addr1 – ul8mate des8na8on – Addr2 – immediate sender, AP that forwarded to ul8mate des8na8on
– Addr3 – intermediate des8na8on, AP that accepted frame from sender
– Addr4 – original sender
49
Node communica8on
• Node-‐to-‐node communica8on – Simple case:
• A wants to talk to C • Send via AP-‐1
– Complex case: • A wants to talk to F • Send to AP-‐1 • Goes through distribu8on system • AP-‐3 sends to F
50
Switching
51
Hardware terminology
52
Analog devices, clean up signal, amplify, put out on another cable
Operates on frames, looks at MAC addresses
Operates on packets, uses IP addresses
Connect different connec8on-‐oriented protocols, e.g. TCP/IP to SCTP
Understands format and contents of data, e.g. translate Internet message to SMS message
Connec8onless approach
• Datagram model – Each frame has enough info to get it to des8na8on (its MAC address)
– To forward, switch consults a forwarding table
53
Des8na8on Port -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ A 3 B 0 C 3 D 3 E 2 F 1 G 0 H 0 Forwarding Table for Switch 2
Connec8on-‐oriented approach
• Virtual circuit switching – Establish a virtual circuit (VC) – Requires ini8al setup from host to des8na8on – e.g. ATM, Frame relay X.25
54
A wants to send data to B. Establish a connec8on state (VC table) in each switch between A and B. VC table entry has a virtual circuit iden8fier (VCI) that will be in frames belonging to this connec8on.
Backward learning
• Switch starts knowing nothing – Promiscuous mode, listens to all traffic on all ports – Hash table, des8na8on → output port
• Frame arrives on port, add entry based on who sent it
– Topology can change as machine/bridges powered on and off • Table entries purged a]er a few minutes
55
Rou8ng procedure • Port for des8na8on same as source port
→ do nothing • Port for des8na8on different from source port
→ forward on des8na8on port • If des8na8on port unknown
→ flood on all ports except source port
56
hUp://www.cisco.com/image/gif/paws/10607/lan-‐switch-‐transparent.swf
Spanning tree algorithm
• Algorithm: – Each bridge has unique iden8fier
• Based on MAC address of switch
– Root is bridge with smallest ID – Root forwards all frames over all ports – Each bridge computes shortest path to root
• This port is the bridge's root port – Each network segment (mul8-‐drop/hub)
• Bridge closest to root is that segment's designated port
57
Spanning tree, no shared segments
58
1) B1 has the lowest ID, news spreads, all bridges agree B1 is root. 2) B2 and B3 are directly connect to root, added to tree 3) B4 can reach B1 in two hops via B3 or B2, B2 wins (lower ID) 4) B5 can reach B1 in two hops via B3 (other paths are three hops) 5) Links from B3 to B4 and from B4 to B5 turned off
Example VLAN
59
• Sewng up a VLAN – Switches must be VLAN-‐aware – Each host given a "color" – Configura8on tables in the bridges
• What colors aUached to which ports
VLAN details
• Problem: How does bridge know frame color? – IEEE 802.1Q – Changed Ethernet header to add VLAN iden8fier
60
Internet Protocol (IP) and addressing
61
Internet Protocol (IP)
• Packet delivery model – Connec8onless – Best-‐effort (unreliable)
• Packets may be lost • Packets may arrive out of order • Duplicate packets may occur • Packet may get delayed
• Global addressing scheme – How do we iden8fy hosts on the network?
62
IP packet format
63
• Version – "4" IPv4
• HLen – # of 32-‐bit words in header – "5" for typical 20-‐byte IPv4 header
• TOS – Type of service – Allows for quality of service
• Length – Total length, max size 65535 bytes – Links may have small limits
• Ident / Flags / Offset – Used when packets are split up
IP packet format
64
• TTL – Time=to-‐live – Iden8fy packets stuck in loop
• Protocol – Used to demux higher-‐level
protocol – e.g. "6" Transmission Control
Protocol (TCP), "17" User Datagram Protocol (UDP)
• Checksum – One's complement IP checksum
algorithm – Not strong protec8on, but cheap to
calculate
Fragmenta8on and reassembly
65
• Reassembly can be done independent of order of arrival
• Fragments may also be fragmented • No aUempt to recover if fragment missing • Hosts can do MTU discovery
– Probe message to determine max packet size
IPv4 address format
66
• Classful addressing (before 1993): – Class A: 128 networks with 16 million hosts – Class B: 16,384 networks with 65,536 hosts – Class C: 2 million networks, 256 hosts
Subnewng examples
67
CIDR examples
68
Private IP addresses
• Private networks (home networks, etc.) – Use specified part of IP address space – Not globally routable
69 hUp://xkcd.com/742/
ARP procedure • If des8na8on IP in sender's ARP table: – fire off link-‐layer packet – otherwise send ARP query using broadcast address
• ARP query: – IP address you're looking for – Your own IP and hardware address – Des8na8on responds with hardware address – Other hosts can ignore or refresh their ARP tables
70
DHCP
• Dynamic Host Configura8on Protocol (DHCP) – DHCP server provides config info – Gives out IP addresses and default router
• DHCP server has pool of available IP addresses • Admin can set DHCP server to give out same IP to given hardware address • Addresses leased for a given 8me period
– How do hosts discover DHCP server? • New hosts sends out broadcast DHCPDISCOVER message
71
Network error repor8ng
• Internet Control Message Protocol (ICMP) – Rides on top of IP (like TCP/UDP) – Error messages sent back to host by routers – ICMP used by some user u8li8es:
• traceroute • ping
72
Path MTU discovery
• Set Don't Fragment (DF) bit in IP packet flags • Any router with < MTU – Drop packet – Send back ICMP Fragmenta8on Required with MTU size – Host can then reduce its packet size
• Problems: – Some routers don't generate ICMP messages – Intermediate firewalls may filter ICMP messages
73
Intradomain rou8ng
74
Distance vector rou8ng
• Each node maintains state – Cost of direct link to each of your neighbors – Least cost route known to all des8na8ons
• Routers send periodic updates – Send neighbor your array – When you receive an update from your neighbor
• Update array entries if new info provides shorter route – Converges quickly (if no topology changes)
75
Distance vector example: step 1
76
Table for A Dst Cst Hop A 0 A B 4 B C ∞ – D ∞ – E 2 E F 6 F
Table for B Dst Cst Hop A 4 A B 0 B C ∞ – D 3 D E ∞ – F 1 F
Table for C Dst Cst Hop A ∞ – B ∞ – C 0 C D 1 D E ∞ – F 1 F
Table for D Dst Cst Hop A ∞ – B 3 B C 1 C D 0 D E ∞ – F ∞ –
Table for E Dst Cst Hop A 2 A B ∞ – C ∞ – D ∞ – E 0 E F 3 F
Table for F Dst Cst Hop A 6 A B 1 B C 1 C D ∞ – E 3 E F 0 F
Op6mum 1-‐hop paths
A
E
F
C
D
B
2
3
6
4 1
1
1
3
Distance vector example: step 2
77
Table for A Dst Cst Hop A 0 A B 4 B C 7 F D 7 B E 2 E F 5 E
Table for B Dst Cst Hop A 4 A B 0 B C 2 F D 3 D E 4 F F 1 F
Table for C Dst Cst Hop A 7 F B 2 F C 0 C D 1 D E 4 F F 1 F
Table for D Dst Cst Hop A 7 B B 3 B C 1 C D 0 D E ∞ – F 2 C
Table for E Dst Cst Hop A 2 A B 4 F C 4 F D ∞ – E 0 E F 3 F
Table for F Dst Cst Hop A 5 B B 1 B C 1 C D 2 C E 3 E F 0 F
Op6mum 2-‐hop paths
A
E
F
C
D
B
2
3
6
4 1
1
1
3
Distance vector example: step 3
78
Table for A Dst Cst Hop A 0 A B 4 B C 6 E D 7 B E 2 E F 5 E
Table for B Dst Cst Hop A 4 A B 0 B C 2 F D 3 D E 4 F F 1 F
Table for C Dst Cst Hop A 6 F B 2 F C 0 C D 1 D E 4 F F 1 F
Table for D Dst Cst Hop A 7 B B 3 B C 1 C D 0 D E 5 C F 2 C
Table for E Dst Cst Hop A 2 A B 4 F C 4 F D 5 F E 0 E F 3 F
Table for F Dst Cst Hop A 5 B B 1 B C 1 C D 2 C E 3 E F 0 F
Op6mum 3-‐hop paths
A
E
F
C
D
B
2
3
6
4 1
1
1
3
Link state rou8ng
• Link state rou8ng – Second major class of intradomain rou8ng – Each router tracks its immediate links
• Whether up or down • Cost of link
– Each router broadcasts link state • Informa8on disseminated to all nodes • Routers have global state from which to compute path
– e.g. Open Shortest Path First (OSPF)
79
1. Learning about your neighbors • Beaconing – Find out about your neighbors when you boot – Send periodic "hello" messages to each other – Detect a failure a]er several missed "hellos"
• Beacon frequency is tradeoff: – Detec8on speed – Bandwidth and CPU overhead – Likelihood of false detec8on
80
"hello"
"good day fine sir"
2. Sewng link costs
• Assign a link cost for each outbound link – Manual configura8on – Automa8c
• Inverse of link bandwidth – 1-‐Gbps cost 1 – 100-‐Mbps cost 10
• Measure latency by sending an ECHO packet
81
hUp://xkcd.com/85/
3. Building link state packets
• Package info into a Link State Packet (LSP) – Iden8ty of sender – List of neighbors – Sequence number of packet – Age of packet
82
4. Distribu8ng link state
• Flooding – Send your LSP out on all links – Next node sends LSP onward using its links
• Except for link it arrived on
83
a) LSP arrives at node X b) X floods LSP to A and C c) A and C flood LSP to B
(but not X) d) flooding complete
Shortest path rou8ng
84 Building rou8ng table for node D.
Scaling up
• How to scale a single company's network? – Add a level of hierarchy
• Within a single organiza8on (aka autonomous system)
– Rou8ng areas • Most routers in a single area
– Routers only send informa8on within their area – Detailed topology for only their area – Traffic going outside of area, send to backbone
• Area 0 = backbone – Some routers in both backbone and other area(s) – Area Border Router (ABR)
85
Rou8ng areas
86
R1, R2, and R3 are in the backbone area. R1 is an ABR for area 1 and 2. R2 is an ABR for area 2. R3 is an ABR for area 3.
Interdomain rou8ng
87
Path-‐vector rou8ng • Extension of distance-‐vector – Support flexible rou8ng policies – Avoid count-‐to-‐infinity problem
• Key idea: adver8se the en8re path – Distance vector: send distance metric per des8na8on d – Path vector: send the enIre path per des8na8on d
88
d
“d: path (2,1)” “d: path (1)”
data traffic data traffic 2 1 3
AS stub
89
Stub AS – Single connec8on to another AS – AS only carries local traffic – e.g. Small corpora8on, university
AS mul8homed
90
Mul8homed AS – Connected to mul8ple ASes – Refuses to carry transit traffic – Improves reliability
AS transit
91
Transit AS – Connected to mul8ple ASes – Designed to carry transit and local
traffic
Peering point
92
Peering point – Allows ASes to connect directly,
bypassing a transit AS.
Border Gateway Protocol
• Interdomain rou8ng protocol for the Internet – Prefix-‐based path-‐vector protocol – Policy-‐based rou8ng using AS paths – Evolved over the past 18 years
93
• 1989 : BGP-1 [RFC 1105], replacement for EGP • 1990 : BGP-2 [RFC 1163] • 1991 : BGP-3 [RFC 1267] • 1995 : BGP-4 [RFC 1771], support for CIDR • 2006 : BGP-4 [RFC 4271], update
Incremental Protocol • Routers form mesh over TCP • A node learns mul8ple paths to des8na8on – Stores all routes in rou8ng table – Applies policy to select single ac8ve route – May adver8se route to neighbors
• Incremental updates – Announcement
• Upon selec8ng new ac8ve route, add node id to path • Op8onally adver8se to each neighbor
– Withdrawal • If ac8ve route is no longer available, send message to neighbors
94
BGP decision process
• Policy decision by AS, various possibili8es: – Route via peered network instead of transit – Shorter AS path beUer
• Debatable since we don't know how many hops in AS
– Lowest cost for your AS • Get it off your network sooner
– Provide best quality of service for your customer
95
Rou8ng packet inside your AS
• Hot-‐potato (early exit) rou8ng – Each router selects closest exit point from AS – Minimize your costs in shipping around data – Based on intra-‐domain rou8ng (e.g. OSPF)
• Cold-‐potato (late exit) rou8ng – Keep packet in your AS as long as possible – Maximize control and quality of service
96
Rou8ng security
• Prefix hijacking – Adver8se you handle a prefix of another AS – e.g. Pakistan Telecom vs. YouTube, Feb 24th 2008
• Government didn't like video, orders ISPs to block:
97
Address scarcity
98
NAT
• Network address transla8on (NAT) – Quick fix to address scarcity – Home/business gets one public IP
• Private IP addresses for all hosts inside network – NAT box translates at boundary to public IP
99
NAT an abomina8on?
1) Violates the IP model – Every host should have unique iden8fier
2) Breaks end-‐to-‐end connec8vity model – Any host can send a packet to any other host at any 8me
3) Not connec8onless – NAT box has state, effec8vely circuit switching – Single point of failure
4) Network layers are not independent – NAT looks into the payload
100
NAT an abomina8on?
5) Forces use of TCP/UDP protocols – Anything else, NAT fails to find TCP Source port
6) Breaks if mul8ple TCP/IP or UDP ports – e.g. FTP and H.323 Internet telephony
7) Limited number of hosts on NAT box – Only 16-‐bits in TCP Source port – Can't have > 64K machines on a single IP
101
UDP hole punching
102
Bob Alice
Skype server 3.3.3.3
1.1.1.1 1234
2.2.2.2 5678
3. Bob sends Alice UDP packet on port 1234. Alice's firewall drops.
Bob Alice
Skype server 3.3.3.3
1.1.1.1 1234
2.2.2.2 5678
4. Alice sends Bob UDP packet on port 5678. Bob's firewall thinks it is a response to his blocked ini8al packet.
IPv6 goals & features 1. Support billions of hosts – 2128 addresses ≈ 3 x 1038 – If en8re planet covered with computers:
• 7 x 1023 IPs/ m2, pessimis8c u8liza8on scenario: 1000 IPs / m2
– Address format: 8 groups of 4 hex digits
103
Full address 8000:0000:0000:0000:0123:4567:89AB:CDEF
Abbreviated 8000::0123:4567:89AB:CDEF
IPv4 mapped to IPv6 ::FFFF:192.31.20.46
00...0 (128 bits) Unspecified
00…1 (128 bits) Loopback
1111 1111… Mul8cast address
1111 1110 10… Link-‐local unicast
Everything else Global unicast addresses, 99% of the space
IPv6 goals & features 2. Simplify the protocol – Allow routers to process packets faster – Support gigabit/terabit rou8ng
• Predictable header size (40 bytes) • Removed liUle used fields • No checksum
– Allow future protocol evolu8on – Extension headers
104
IPv6 fixed 40-‐byte header.
IPv6 goals & features 3. Autoconfigura8on of hosts – Guaranteed unique IPv6 address: prefix + 48-‐bit MAC – Avoid users having to read/write 16 bytes addresses
105 192.168.1.3 8000:0000:0000:0000:0123:4567:89AB:CDEF
IPv6 goals & features 4. Mul8cast/mul8media – Mul8cast a requirement, no longer op8onal – IPv4 DiffServ field + new 20-‐bit traffic flow field – Anycast, one address for a group of nodes
• Delivery to only one node • Fault-‐tolerance, load balancing • Rou8ng to closest node
106
Unicast Broadcast Mul8cast Anycast
IPv6 goals & features 5. Improved security – IP security architecture (IPSec)
• End-‐to-‐end security at the network layer • Must be in a IPv6 complaint node • An op8onal feature of an IPv4 node
– Authen8ca8on header (AH) • Supports many different authen8ca8on techniques • Protects against aUacks based on masquerading
– Encapsula8ng security payload (ESP) • Integrity and confiden8ality of datagram
107
IPv6 goals & features 6. Support for mobile hosts – Mobile clients likely to be majority of IPv6 hosts – Mobile IPv6 (RFC 3775) – Use IPv6 features:
• Stateless autoconfigura8on • Neighbor discovery • Extension headers such as rou8ng header
108
Mobile IP • Rou8ng to mobile hosts
– Home address • Permanent IP of mobile host
– Home agent • Router on your home network • Acts as your agent when you aren't aUached to the home network
– Foreign agent • Located on network mobile host connected to • Not always required
109
Deploying IPv6 • Dual-‐stack opera8on – IPv6 nodes also run IPv4 – Consult version field in header to decide – Supported by major OS's for a long 8me
110
Deploying IPv6 • Tunneling IPv6 over IPv4 networks – Route IPv6 traffic over network segment that only understands IPv4
111