Embed Size (px)
Citation preview
W4140 Network Laboratory
Lecture 3Sept 18 - Fall 2006
Shlomo HershkopColumbia University
Announcements
Lab division I will be updating the webpage with lab groups, if everyone in the room would like
to move the lab around a little, that is ok Labs reports
are due generally when the next lab starts…contact me if you need more time. Single report per group, zipped and uploaded to TA through courseworks….include relevant information and name the files using some logical system. README should include everyone’s names and cunix ID
Lab pre-work/post courseworks will have the prelabs, which need to be completed BEFORE your
lab starts…individual work….post labs are to be submitted online (courseworks) by beginning of next lab (or earlier please)….
Lab 1 pre work was not collected, practice one….
reading list: lab 2 chapter 2 (see resources)
The Evolution of Internet
Introductory material.
An overview lecture that covers Internet related topics, including a definition of the Internet, an overview of its history and growth, and standardization and naming.
A Definition
On October 24, 1995, the FNC unanimously passed a resolution defining the term Internet. •RESOLUTION: The Federal Networking Council (FNC) agrees that the following language reflects our definition of the term "Internet". "Internet" refers to the global information system that --
•(i) is logically linked together by a globally unique address space based on the Internet Protocol (IP) or its subsequent extensions/follow-ons;
•(ii) is able to support communications using the Transmission Control Protocol/Internet Protocol (TCP/IP) suite or its subsequent extensions/follow-ons, and/or other IP-compatible protocols; and
•(iii) provides, uses or makes accessible, either publicly or privately, high level services layered on the communications and related infrastructure described herein.
Internet History
1961: Kleinrock - queueing theory shows effectiveness of packet-switching
1964: Baran - packet-switching in military nets
1967: ARPAnet conceived by Advanced Research Projects Agency
1969: first ARPAnet node operational
1972: ARPAnet demonstrated
publicly NCP (Network Control
Protocol) first host-host protocol
first e-mail program ARPAnet has 15 nodes
1961-1972: Early packet-switching principles
Internet History
1970: ALOHAnet satellite network in Hawaii
1973: Metcalfe’s PhD thesis proposes Ethernet
1974: Cerf and Kahn - architecture for interconnecting networks
late70’s: proprietary architectures: DECnet, SNA, XNA
late 70’s: switching fixed length packets (ATM precursor)
1979: ARPAnet has 200 nodes
Cerf and Kahn’s internetworking principles: minimalism, autonomy - no
internal changes required to interconnect networks
best effort service model stateless routers decentralized control
define today’s Internet architecture
1972-1980: Internetworking, new and proprietary nets
Internet History
Early 1990’s: ARPAnet decommissioned
1991: NSF lifts restrictions on commercial use of NSFnet (decommissioned, 1995)
early 1990s: Web hypertext [Bush 1945, Nelson
1960’s] HTML, HTTP: Berners-Lee 1994: Mosaic, later Netscape late 1990’s:
commercialization of the Web
Late 1990’s – 2000’s: more killer apps:
instant messaging, P2P file sharing
network security to forefront
est. 50 million host, 100 million+ users
backbone links running at Gbps
1990, 2000’s: commercialization, the Web, new apps
Applications of the Internet
Traditional core applications:EmailNewsRemote LoginFile Transfer
The killer application:World-Wide Web (WWW), P2P
Future applications:Videoconferencing and TelephonyMultimedia ServicesInternet Broadcast
Growth of the Internet
Source: Internet Software Consortium
Internet Infrastructure
local ISP
campusnetwork
corporatenetwork
IXP
RegionalNetwork
RegionalNetwork
local ISP
local ISP
IXP
IXP
Backbone Network
Backbone Network
RegionalNetwork
RegionalNetwork
Internet Infrastructure
The infrastructure of the Internet consists of a federation of connected networks that are each independently managed (“autonomous system”) Note: Each “autononmous system may consist of
multiple IP networks Hierarchy of network service providers
Tier-1: nation or worldwide network (US: less than 20) Tier-2: regional networks (in US: less than 100) Tier-3: local Internet service provider (in US: several
thousand)
Internet Infrastructure
Location where a network (ISP, corporate network, or regional network) gets access to the Internet is called a Point-of-Presence (POP).
Locations (Tier-1 or Tier-2) networks are connected for the purpose of exchanging traffic are called peering points. Public peering: Traffic is swapped in a specific
location, called Internet exchange points (IXPs) Private peering: Two networks establish a direct link
to each other.
Tier-1 ISP: e.g., Sprint
Sprint US backbone network
Who is Who on the Internet ?
Internet Society (ISOC): Founded in 1992, an international nonprofit professional organization that provides administrative support for the Internet. Founded in 1992, ISOC is the organizational home for the standardization bodies of the Internet.
Internet Engineering Task Force (IETF): Forum that coordinates the development of new protocols and standards. Organized into working groups that are each devoted to a specific topic or protocol. Working groups document their work in reports, called Request For Comments (RFCs).
IRTF (Internet Research Task Force): The Internet Research Task Force is a composed of a number of focused, long-term and small Research Groups.
Internet Architecture Board (IAB): a technical advisory group of the Internet Society, provides oversight of the architecture for the protocols and the standardization process
The Internet Engineering Steering Group (IESG): The IESG is responsible for technical management of IETF activities and the Internet standards process. Standards. Composed of the Area Directors of the IETF working groups.
Internet Standardization Process
Working groups present their work i of the Internet are published as RFC (Request for Comments).
RFCs are the basis for Internet standards. Not all RFCs become Internet Standards ! (There are
>3000 RFCs and less than 70 Internet standards A typical (but not only) way of standardization is:
Internet Drafts RFC Proposed Standard Draft Standard (requires 2 working implementation) Internet Standard (declared by IAB)
Assigning Identifiers for the Internet
Who gives University the domain name “netlab.edu” and who assigns it the network prefix “128.143.0.0/16”? Who assigns port 80 as the default port for web servers?
The functions associated with the assignment of numbers is referred to as Internet Assigned Number Authority (IANA).
Early days of the Internet: IANA functions are administered by a single person (Jon Postel).
Today: Internet Corporation for Assigned Names and Numbers (ICANN)
assumes the responsibility for the assignment of technical protocol parameters, allocation of the IP address space, management of the domain name system, and others.
Management of IP address done by Regional Internet Registries (RIRs): APNIC (Asia Pacific Network Information Centre) RIPE NCC (Réseaux IP Européens Network Coordination Centre) ARIN (American Registry for Internet Numbers)
Domain names are administered by a large number of private organizations that are accredited by ICANN.
Summary
Layered Internet architecture Reduce complexity Higher layer views lower layer as service provider Application layer, transport layer, network layer, and
link layer
IP Addressing
Next:
IP addressing
Data link protocols and ARP
Notes about lab
IP Addressing
Addressing defines how addresses are allocated and the structure of addresses
IPv4 Classful IP addresses (obsolete) Classless inter-domain routing (CIDR) (RFC
854, current standard)
IP Version 6 addresses
What is an IP Address?
Why Addresses?
End-to-end argument (principle) Reading:
http://web.mit.edu/Saltzer/www/publications/endtoend/endtoend.pdf
Keep it Simple, Stupid
What is an IP Address?
An IP address is a unique global address for a network interface.
An IP address uniquely identifies a network location. http://www.arin.net/whois http://www.iana.org/ipaddress/ip-addresses.htm
Routers forwards a packet based on the destination address of the packet.
IPv4 Addresses
Application dataTCP HeaderEthernet Header Ethernet Trailer
Ethernet frame
IP Header
version(4 bits)
headerlength
Type of Service/TOS(8 bits)
Total Length (in bytes)(16 bits)
Identification (16 bits)flags
(3 bits)Fragment Offset (13 bits)
Source IP address (32 bits)
Destination IP address (32 bits)
TTL Time-to-Live(8 bits)
Protocol(8 bits)
Header Checksum (16 bits)
32 bits
IP v.4 Addresses
Application dataTCP HeaderEthernet Header Ethernet Trailer
Ethernet frame
IP Header
0x4 0x5 0x00 4410
9d08 0102 00000000000002
128.143.137.144
128.143.71.21
12810 0x06 8bff
32 bits
IP v.4 Addressing
An IP address is often written in dotted decimal notation
Each byte is identified by a decimal number in the range [0..255]:
1000111110000000 10001001 10010000
1st Byte
= 128
2nd Byte
= 143
3rd Byte
= 137
4th Byte
= 144
128.143.137.144
Structure of an IP address
network prefixnetwork prefix host numberhost number
An IP address encodes both a network number (network prefix) and an interface number (host number). network prefix identifies a network the host number identifies a specific host
(actually, interface on the network).
0 31
How long the network prefix is?
Before 1993: The network prefix is implicitly defined (class-based addressing)
After 1993: The network prefix is indicated by a netmask.
Before 1993: Class-based addressing
The Internet address space was divided up into classes: Class A: Network prefix is 8 bits long
Class B: Network prefix is 16 bits long
Class C: Network prefix is 24 bits long Class D is multicast address Class E is reserved
Classful IP Adresses (Until 1993)
Each IP address contained a key which identifies the class: Class A: IP address starts with “0”
Class B: IP address starts with “10”
Class C: IP address starts with “110” Class D: IP address starts with “1110” Class E: IP address starts wit “11110”
The old way: Internet Address Classes
Class C network id host11 0
Network Prefix24 bits
Host Number8 bits
bit # 0 1 23 242 313
Class B 1 network id host
bit # 0 1 15 162
Network Prefix16 bits
Host Number16 bits
031
Class A 0Network Prefix
8 bits
bit # 0 1 7 8
Host Number24 bits
31
Class D multicast group id11 1bit # 0 1 2 313
04
Class E (reserved for future use)11 1bit # 0 1 2 313
14
05
The old way: Internet Address Classes
The old way: Internet Address Classes
Class Leading bits Start End CIDR equivalent
Class A 0 0.0.0.0 127.255.255.255 /8
Class B 10 128.0.0.0 191.255.255.255 /16
Class C 110 192.0.0.0 223.255.255.255 /24
Class D (multicast) 1110 224.0.0.0 239.255.255.255 NA
Class E (reserved) 1111 240.0.0.0 255.255.255.255 NA
Problems with Classful IP Addresses
Fast growing routing table size Each router must have an entry for every network prefix ~ 221 = 2,097,152 class C networks In 1993, the size of routing tables started to outgrow the
capacity of routers
Other problems with classful addresses
Address depletion for large networks Class A and Class B addresses were gone
How many class A/B network prefixes can there be?
Limited flexibility for network addresses: Class A and B addresses are overkill (>64,000 addresses) Class C address is insufficient (256 addresses)
Classless Inter-domain routing (CIDR) 1993
Full description RFC 1518 & 1519
Network prefix is of variable length
Addresses are allocated hierarchically
Routers aggregate multiple address prefixes into one routing entry to minimize routing table size
CIDR network prefix is variable length
A network mask specifies the number of bits used to identify a network in an IP address.
How?
1000111110000000 10001001 10010000
1111111111111111 1111111 00000000
128 59 16 144
255 255 255 0
Addr
Mask
CIDR notation
CIDR notation of an IP address: 128.143.137.144/24 /24 is the prefix length. It states that the first 24 bits are the
network prefix of the address (and the remaining 8 bits are available for specific host addresses)
CIDR notation can nicely express blocks of addresses An address block
[128.195.0.0, 128.195.255.255] can be represented by an address prefix 128.195.0.0/16
How many addresses are there in a /x address block? 2 (32-x)
CIDR hierarchical address allocation
IP addresses are hierarchically allocated. An ISP obtains an address block from a Regional Internet Registry An ISP allocates a subdivision of the address block to an organization An organization recursively allocates subdivision of its address block to
its networks A host in a network obtains an address within the address block assigned
to the network
ISP128.0.0.0/8
128.1.0.0/16
Foo.com
128.2.0.0/16
Library CS
128.59.0.0/16
128.59.44.0/24 128.59.16.0/24
University
Bar.com
128.59.16.150
Hierarchical address allocation
ISP obtains an address block 128.0.0.0/8 [128.0.0.0, 128.255.255.255] ISP allocates 128.59.0.0/16 ([128.59.0.0, 128.59.255.255]) to the
university. University allocates 128.59.16.0/24 ([128.59.16.0, 128.59.16.255]) to the
CS department’s network A host on the CS department’s network gets one IP address
128.59.16.150
128.0.0.0 - 128.255.255.255
128.59.0.0 – 128.59.255.255
128.59.16.[0 – 255]128.59.16.150
CIDR allows route aggregation
ISP1 announces one address prefix 128.0.0.0./8 to ISP2 ISP2 can use one routing entry to reach all networks
connected to ISP1
ISP1128.0.0.0/8
128.1.0.0/16
Foo.com
128.2.0.0/16
Library CS
128.59.0.0/16
UniversityBar.com
IISP3
You can reach 128.0.0.0/8 via ISP1
128.0.0.0/8 ISP1
CIDR summary
A network prefix is of variable length: a.b.c.d/x
Addresses are hierarchical allocated
Routers aggregate multiple address prefixes into one routing entry to minimize routing table size.
Security is still an issue Secure Routing & Path validation
What problems CIDR does not solve (I)
An multi-homing site still adds one entry into global routing tables
Mutil-home.com
128.0.0.0/8204.0.0.0/8
204.1.0.0/16
ISP2 ISP1
You can reach 128.0.0.0/8And 204.1.0.0/16 via ISP1
ISP3
204.1.0.0/16 ISP1204.1.0.0/16128.0.0.0/8 ISP1
What problems CIDR does not solve (II)
A site switches provider without renumbering still adds one entry into global routing tables
Switched.com
128.0.0.0/8204.0.0.0/8
204.1.0.0/16
204.1.0.0/16
ISP2 ISP1
You can reach 128.0.0.0/8And 204.1.0.0/16 via ISP1
ISP3
128.0.0.0/8 ISP1
204.1.0.0/16 ISP1
Global routing tables continue to grow
Source: http://bgp.potaroo.net/as4637/
Special IPv4 Addresses
Reserved or (by convention) special addresses: Loopback interfaces
all addresses 127.0.0.1-127.255.255.255 are reserved for loopback interfaces
Most systems use 127.0.0.1 as loopback address loopback interface is associated with name “localhost”
Broadcast address Host number is all ones, e.g., 128.143.255.255 Broadcast goes to all hosts on the network Often ignored due to security concerns
Test / Experimental addresses 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255
Convention (but not a reserved address) Default gateway has host number set to ‘1’, e.g., 128.195.4.1
Special IPv4 Addresses (RFC 3330)
AddressesCIDR Equivalent
Purpose RFC Class# of addresses
0.0.0.0 - 0.255.255.255 0.0.0.0/8 Zero Addresses RFC 1700 A 16,777,216
10.0.0.0 - 10.255.255.255 10.0.0.0/8 Private IP addresses RFC 1918 A 16,777,216
127.0.0.0 - 127.255.255.255 127.0.0.0/8
Localhost Loopback Address
RFC 1700 A 16,777,216
169.254.0.0 - 169.254.255.255 169.254.0.0/16 Zeroconf RFC 3330 B 65,536
172.16.0.0 - 172.31.255.255 172.16.0.0/12 Private IP addresses RFC 1918 B 1,048,576
192.0.2.0 - 192.0.2.255 192.0.2.0/24Documentation and Examples
RFC 3330 C 256
192.88.99.0 - 192.88.99.255 192.88.99.0/24
IPv6 to IPv4 relay Anycast
RFC 3068 C 256
192.168.0.0 - 192.168.255.255 192.168.0.0/16 Private IP addresses RFC 1918 C 65,536
198.18.0.0 - 198.19.255.255 198.18.0.0/15
Network Device Benchmark
RFC 2544 C 131,072
224.0.0.0 - 239.255.255.255 224.0.0.0/4 Multicast RFC 3171 D 268,435,456
240.0.0.0 - 255.255.255.255 240.0.0.0/4 Reserved RFC 1700 E 268,435,456
IP Addressing (Summary)
Addressing defines how addresses are allocated and the structure of addresses
IPv4 Classful IP addresses (obsolete) Classless inter-domain routing (CIDR) (current
standard)
IP Version 6 addresses
IPv6 - IP Version 6
IP Version 6 Designed to be the successor to the currently used IPv4 Specification completed in 1994 Makes improvements to IPv4 (no revolutionary changes)
One (not the only !) feature of IPv6 is a significant increase in of the IP address to 128 bits (16 bytes)
IPv6 will solve – for the foreseeable future – the problems with IP addressing
1024 addresses per square inch on the surface of the Earth.
IPv6 Header
Application dataTCP HeaderEthernet Header Ethernet Trailer
Ethernet frame
IPv6 Header
version(4 bits)
Traffic Class(8 bits)
Flow Label(24 bits)
Payload Length (16 bits)Next Header
(8 bits)Hop Limits (8 bits)
Source IP address (128 bits)
32 bits
Destination IP address (128 bits)
Notation of IPv6 addresses
Convention: The 128-bit IPv6 address is written as eight 16-bit integers (using hexadecimal digits for each integer)
CEDF:BP76:3245:4464:FACE:2E50:3025:DF12
Short notation:Abbreviations of leading zeroes:CEDF:BP76:0000:0000:009E:0000:3025:DF12 CEDF:BP76:0:0:9E :0:3025:DF12 “:0000:0000:0000” can be written as “::”CEDF:BP76:0:0:FACE:0:3025:DF12 CEDF:BP76::FACE:0:3025:DF12
IPv4 address in IPv6
IPv6 addresses derived from IPv4 addresses have 96 leading zero bits.
Convention allows to use IPv4 notation for the last 32 bits.::80:8F:89:90 ::128.143.137.144
IPv6 vs. IPv4: Address Comparison
IPv4 has a maximum of 232 4 billion addresses
IPv6 has a maximum of 2128 = (232)4
4 billion x 4 billion x 4 billion x 4 billion addresses
Is IPv6 widely deployed?
Data Link Layer
The main tasks of the data link layer are: Transfer data from the network layer of one machine to the
network layer of another machine Convert the raw bit stream of the physical layer into groups
of bits (“frames”)
NetworkLayer
Data LinkLayer
PhysicalLayer
NetworkLayer
Data LinkLayer
PhysicalLayer
TCP/IP Protocol Stack
ApplicationLayer
TransportLayer
NetworkLayer
(Data) LinkLayer
The TCP/IP protocol stack runs on top of multiple data link layers.
Two data link layer technologies
•Broadcast
•Point-to-Point
Logical LinkControl (LLC)
Media AccessControl (MAC)
Sublayer inLocal AreaNetworks
Two types of networks at the data link layer
Broadcast Networks: All stations share a single communication channel
Point-to-Point Networks: Pairs of hosts (or routers) are directly connected
Typically, local area networks (LANs) are broadcast and wide area networks (WANs) are point-to-point
Broadcast Network Point-to-Point Network
Local Area Networks
Local area networks (LANs) connect computers within a building or a enterprise network
Almost all LANs are broadcast networks Typical topologies of LANs are bus or ring or star We will work with Ethernet LANs. Ethernet has a bus or
star topology.
•Bus LAN •Ring LAN
MAC and LLC
In any broadcast network, the stations must ensure that only one station transmits at a time on the shared communication channel
The protocol that determines who can transmit on a broadcast channel are called Medium Access Control (MAC) protocol
The MAC protocol are implemented in the MAC sublayer which is the lower sublayer of the data link layer
The higher portion of the data link layer is often called Logical Link Control (LLC) Logical Link
Control
Medium AccessControlD
ata
Link
Laye
r
to Physical Layer
to Network Layer
IEEE 802 Standards
IEEE 802 is a family of standards for LANs, which defines an LLC and several MAC sublayers
80
2.3
80
2.4
80
2.5
80
2.1
1
802.2
802.1
IEEE 802 standard
MediumAccessControl
PhysicalLayer
Logical LinkControl
IEEEReference
Model
PhysicalLayer
Data LinkLayer
HigherLayer
Higher layer issues
LLC
CS
MA
/CS
Token
bus
Token
ring
Wireless
lan
Ethernet
Speed: 10Mbps -10 Gbps Standard: 802.3, Ethernet II (DIX)
Most popular physical layers for Ethernet:
10Base5 Thick Ethernet: 10 Mbps coax cable 10Base2 Thin Ethernet: 10 Mbps coax cable 10Base-T 10 Mbps Twisted Pair 100Base-TX 100 Mbps over Category 5 twisted pair 100Base-FX 100 Mbps over Fiber Optics 1000Base-FX 1Gbps over Fiber Optics 10000Base-FX 1Gbps over Fiber Optics (for wide area
links)
Bus Topology
Ethernet
10Base5 and 10xBase2 Ethernets has a bus topology
Starting with 10Base-T, stations are connected to a hub in a star configuration
Star Topology
Hub
Ethernet Hubs vs. Ethernet Switches An Ethernet switch is a packet switch for Ethernet frames
Buffering of frames prevents collisions. Each port is isolated and builds its own collision domain
An Ethernet Hub does not perform buffering: Collisions occur if two frames arrive at the same time.
HighS
peedB
ackplane
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
OutputBuffers
InputBuffers
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
Hub Switch
Ethernet and IEEE 802.3: Any Difference?
There are two types of Ethernet frames in use, with subtle differences:
“Ethernet” (Ethernet II, DIX (Digital-Intel-Xerox) An industry standards from 1982 that is based on the first
implementation of CSMA/CD by Xerox. Predominant version of CSMA/CD in the US.
802.3: IEEE’s version of CSMA/CD from 1985. Interoperates with 802.2 (LLC) as higher layer.
Difference for our purposes: Ethernet and 802.3 use different methods to encapsulate an IP datagram.
Ethernet II, DIX Encapsulation (RFC 894)
802.3 MAC
destinationaddress
6
sourceaddress
6
type
2
data
46-1500
CRC
4
0800
2
IP datagram
38-1492
0806
2
ARP request/reply
28
PAD
10
0835
2
RARP request/reply
28
PAD
10
IEEE 802.2/802.3 Encapsulation (RFC 1042)
802.3 MAC
destinationaddress
6
sourceaddress
6
length
2
DSAPAA
1
SSAPAA
1
cntl03
1
org code0
3
type
2
data
38-1492
CRC
4
802.2 LLC 802.2 SNAP
- destination address, source address:MAC addresses are 48 bit
- lengt h : frame length in number of bytes- DSAP, SSAP : always set to 0xaa- Ctrl: set t o 3- org code: set to 0- type field identifies the content of the
data field- CRC: cylic redundancy check
0800
2
IP datagram
38-1492
0806
2
ARP request/reply
28
PAD
10
0835
2
RARP request/reply
28
PAD
10
Dial-Up Access
AccessRouter
Modems
Point-to-Point (serial) links Many data link connections are
point-to-point serial links: Dial-in or DSL access connects hosts to
access routers Routers are connected by
high-speed point-to-point links
Here, IP hosts and routers are connected by a serial cable
Data link layer protocols for point-to-point links are simple: Main role is encapsulation of IP datagrams No media access control needed
Point-to-Point Links
Router
Router
Router Router
Data Link Protocols for Point-to-Point links
SLIP (Serial Line IP) First protocol for sending IP datagrams over dial-up links (from
1988) Encapsulation, not much else
PPP (Point-to-Point Protocol):• Successor to SLIP (1992), with added functionality• Used for dial-in and for high-speed routers
HDLC (High-level Data Link Control) :• Widely used and influential standard (1979)• Default protocol for serial links on Cisco routers• Actually, PPP is based on a variant of HDLC
PPP - IP encapsulation
The frame format of PPP is similar to HDLC and the 802.2 LLC frame format:
PPP assumes a duplex circuit Note: PPP does not use addresses Usual maximum frame size is 1500
7E
flag
1
FF
addr
1
03
ctrl
1 2
protocol
<= 1500
data
2
CRC
7E
flag
1
0021 IP datagram
C021 link control data
8021 network control data
Additional PPP functionality
In addition to encapsulation, PPP supports: multiple network layer protocols (protocol multiplexing) Link configuration Link quality testing Error detection Option negotiation Address notification Authentication
The above functions are supported by helper protocols: LCP PAP, CHAP NCP
PPP Support protocols
Link management: The link control protocol (LCP) is responsible for establishing, configuring, and negotiating a data-link connection. LCP also monitors the link quality and is used to terminate the link.
Authentication: Authentication is optional. PPP supports two authentication protocols: Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP).
Network protocol configuration: PPP has network control protocols (NCPs) for numerous network layer protocols. The IP control protocol (IPCP) negotiates IP address assignments and other parameters when IP is used as network layer.
Address Resolution Protocol(ARP)
NetworkLayer
Link Layer
IP
ARP NetworkAccess RARP
Media
ICMP IGMP
TransportLayer
TCP UDP
Overview
ARP and RARP
Note: The Internet is based on IP addresses Data link protocols (Ethernet, FDDI, ATM) may have different
(MAC) addresses
The ARP and RARP protocols perform the translation between IP addresses and MAC layer addresses
We will discuss ARP for broadcast LANs, particularly Ethernet LANs
RARP
Ethernet MACaddress(48 bit)
ARPIP address(32 bit)
Processing of IP packets by network device drivers
loopbackDriver
IP Input
Put on IPinput queue
ARPdemultiplex
Ethernet Frame
Ethernet
IP destination of packet= local IP address ?
IP destination = multicastor broadcast ?
IP Output
Put on IPinput queue
No: get MACaddress withARP
ARPPacket
IP datagram
No
Yes
YesEthernet
Driver
Address Translation with ARP
ARP Request: Argon broadcasts an ARP request to all stations on the network: “What is the hardware address of 128.143.137.1?”
Argon 128.143.137.144
00:a0:24:71:e4:44
Router137128.143.137.1
00:e0:f9:23:a8:20
ARP Request: What is the MAC address of 128.143.71.1?
Address Translation with ARP
ARP Reply: Router 137 responds with an ARP Reply which contains the hardware address
Argon128.143.137.144
00:a0:24:71:e4:44
Router137128.143.137.1
00:e0:f9:23:a8:20
ARP Reply:The MAC address of 128.143.71.1is 00:e0:f9:23:a8:20
ARP Packet Format
Destinationaddress
6
ARP Request or ARP Reply
28
Sourceaddress
6 2
CRC
4
Type0x8060
Padding
10
Ethernet II header
Hardware type (2 bytes)
Hardware addresslength (1 byte)
Protocol addresslength (1 byte)
Operation code (2 bytes)
Target hardware address*
Protocol type (2 bytes)
Source hardware address*
Source protocol address*
Target protocol address*
* Note: The length of the address fields is determined by the corresponding address length fields
Example
ARP Request from Argon:
Source hardware address: 00:a0:24:71:e4:44Source protocol address: 128.143.137.144Target hardware address: 00:00:00:00:00:00Target protocol address: 128.143.137.1
ARP Reply from Router137:
Source hardware address: 00:e0:f9:23:a8:20 Source protocol address: 128.143.137.1 Target hardware address: 00:a0:24:71:e4:44Target protocol address: 128.143.137.144
ARP Cache
Since sending an ARP request/reply for each IP datagram is inefficient, hosts maintain a cache (ARP Cache) of current entries. The entries expire after a time interval.
Contents of the ARP Cache:(128.143.71.37) at 00:10:4B:C5:D1:15 [ether] on eth0
(128.143.71.36) at 00:B0:D0:E1:17:D5 [ether] on eth0
(128.143.71.35) at 00:B0:D0:DE:70:E6 [ether] on eth0
(128.143.136.90) at 00:05:3C:06:27:35 [ether] on eth1
(128.143.71.34) at 00:B0:D0:E1:17:DB [ether] on eth0
(128.143.71.33) at 00:B0:D0:E1:17:DF [ether] on eth0
Proxy ARP
Proxy ARP: Host or router responds to ARP Request that arrives from one of its connected networks for a host that is on another of its connected networks.
128.143.137.1/1600:e0:f9:23:a8:20
128.143.71.1/24
128.143.0.0/16Subnet
128.143.71.0/24Subnet
Router137
ARP Request:What is the MAC addressof 128.143.71.21?
128.143.137.144/16128.143.171.21/2400:20:af:03:98:28
Argon Neon
ARP Reply:The MAC address of128.143.71.21 is00:e0:f9:23:a8:20
Things to know about ARP
What happens if an ARP Request is made for a non-existing host?Several ARP requests are made with increasing time intervals between requests. Entually, ARP gives up (timeout).
On some systems (including Linux) a host periodically sends ARP Requests for all addresses listed in the ARP cache. This refreshes the ARP cache content, but also introduces traffic.
Gratuitous ARP Requests: A host sends an ARP request for its own IP address: Useful for detecting if an IP address has already been assigned.
Vulnerabilities of ARP1. Since ARP does not authenticate requests or replies,
ARP Requests and Replies can be forged
2. ARP is stateless: ARP Replies can be sent without a corresponding ARP Request
3. According to the ARP protocol specification, a node receiving an ARP packet (Request or Reply) must update its local ARP cache with the information in the source fields, if the receiving node already has an entry for the IP address of the source in its ARP cache. (This applies for ARP Request packets and for ARP Reply packets)
Vulnerabilities of ARP
Typical exploitation of these vulnerabilities:
A forged ARP Request or Reply can be used to update the ARP cache of a remote system with a forged entry (ARP Poisoning)
This can be used to redirect IP traffic to other hosts
Some notes on Lab 2
What is a single-segment network?
A single-segment network consists of interfaces connected by a single physical link, either a point-to-point link or a broadcast link.
Interfaces on the same single-segment network have the same network prefix.
128.59.1.100
128.59.1.200
128.59.1.300
128.59.1.1
128.59.2.100
128.59.2.200
128.59.3.100 128.59.3.200
128.59.2.1
128.59.3.1
128.59.1.0/24128.59.2.0/24
128.59.3.0/24
How to identify a single segment IP network
Detach interfaces from routers or hosts Each isolated island is a single segment IP network Each interface on the same single segment IP network
must have the same network address prefix
128.59.1.100
128.59.1.200
128.59.1.300
128.59.1.1 128.59.2.1
128.59.3.1
128.59.2.100
128.59.2.200
128.59.3.100 128.59.3.200
Protocol specification vs implementation
According to the ARP protocol specification, a node receiving an ARP packet (Request or Reply) must update its local ARP cache with the information in the source fields, if the receiving node already has an entry for the IP address of the source in its ARP cache. (This applies for ARP Request packets and for ARP Reply packets)
Implementation may differ from the specification
What you observe in the lab may not be universally true.
