IPv4 and IPv6 451
Exhibit A TCP/IP layering model
IPv4 and IPv6
The version of TCP/IP that has been in widespread use for three decades is proto- col revision 4, aka IPv4. It uses four-byte IP addresses. A modernized version, IPv6, expands the IP address space to 16 bytes and incorporates several other les- sons learned from the use of IPv4. It removes several features of IP that experi- ence has shown to be of little value, making the protocol potentially faster and easier to implement. IPv6 also integrates security and authentication into the ba- sic protocol.
All modern operating systems and many network devices already support IPv6.
However, active use of IPv6 remains essentially zero in the real world.3 Experience suggests that it’s probably best for administrators to defer production use of IPv6 to the extent that this is possible. Everyone will eventually be forced to switch to IPv6, but as of 2010 that day is still years away. At the same time, the transition is not so far in the future that you can ignore it when purchasing new network de- vices. Insist on IPv6 compatibility for new acquisitions.
The development of IPv6 was to a large extent motivated by the concern that we are running out of 4-byte IPv4 address space. And indeed we are: projections in- dicate that the current IPv4 allocation system will collapse some time around 2011. (See ipv4.potaroo.net for a daily update.) Even so, mainstream adoption of IPv6 throughout the Internet is probably still not in the cards anytime soon.
More likely, another round of stopgap measures on the part of ISPs and ICANN (or more specifically, its subsidiary IANA, the Internet Assigned Numbers Au- thority) will extend the dominance of IPv4 for another few years. We expect to see wider use of IPv6 on the Internet backbone, but outside of large ISPs, academic sites involved in Internet research, and universal providers such as Google, our
NETWORK LINK PHYSICAL
LAYER LAYER LAYER LAYER LAYER
ARP, device drivers
Copper, optical fiber, radio waves UDP TCP
DNS, Halo 3 traceroute SSH, FTP, HTTP
3. A Google study presented at RIPE 57 in October 2008 indicated that overall IPv6 penetration (actual use, not capability) was 0.24%. No country had IPv6 penetration greater than 0.76%.
IP (Network layer) 的主要功能
Forwarding: Router通常有多個interface (網卡)。把
Routing: 找出往目的地方向的一條路徑。通常由routing algorithms/protocol決定。!
IP封包的格式(v4)表示是否需要特殊處理(如即時的影像或聲音) v4 or v6
Transport layer使 用的協定
(通常為TCP or UDP)
Where is IP packet?
Start of frame delimiter
Length (IEEE 802.
Frame check sequence(3
2‑bit CRC) 7 octets 1 octet 6 octets 6 octets 2 octets (4 octets) 42–1500
octets 4 octets
IP Packet is in
Typical Internet Packet
Maximum transfer unit 453
Exhibit B A typical network packet4
One of the main chores of the link layer is to add headers to packets and to put separators between them. The headers contain each packet’s link-layer addressing information and checksums, and the separators ensure that receivers can tell
where one packet stops and the next one begins. The process of adding these extra bits is known generically as framing.
The link layer is actually divided into two parts: MAC, the Media Access Control sublayer, and LLC, the Link Layer Control sublayer. The MAC layer deals with the media and transmits packets onto the wire. The LLC layer handles the framing.
Today, a single standard for Ethernet framing is in common use: DIX Ethernet II.
Historically, several slightly different standards based on IEEE 802.2 were also used, especially on Novell networks.
Maximum transfer unit
The size of packets on a network may be limited both by hardware specifications and by protocol conventions. For example, the payload of a standard Ethernet frame is traditionally 1,500 bytes. The size limit is associated with the link-layer protocol and is called the maximum transfer unit or MTU. Table 14.1 shows some typical values for the MTU.
4. For specificity, RFCs that describe protocols often use the term “octet” instead of “byte.”
Ethernet frame (146 bytes)
header Application data
14 bytes 20 bytes 8 bytes
4 bytes 100 bytes
IPv4 packet (128 bytes)
UDP packet (108 bytes)
Table 14.1 MTUs for various types of network
Network type Maximum transfer unit
Ethernet 1,500 bytes (1,492 with 802.2 framing)a
FDDI 4,470 bytes (4,352 for IP/FDDI)
Token ring Configurableb
PPP modem link Configurable, often 512 or 576 bytes Point-to-point WAN links (T1, T3) Configurable, often 1,500 or 4,500 bytes
a. See page 541 for some comments on “jumbo” Ethernet packets.
b. Common values are 552; 1,064; 2,088; 4,508; and 8,232. Sometimes 1,500 to match Ethernet.
IP Address (v4)
AAA.BBB.CCC.DDD (4 bytes) = ? # total hosts
Network + host address —> same network address == same network (subnet)
Class 1st byte Format Comments
A 1-127 N.H.H.H Very early networks
B 128-191 N.N.H.H Large sites
(hard to get)
C 192-223 N.N.N.H Easy to get
(often obtained in sets)
D 224-239 - Multicast addresses
E 240-255 - Experimental addresses
Historical Internet Classes (no mask)
But this is inefficient
Most networks only have ~100 hosts
Class A & B addresses are wasted
Thus we need to find a way to further split the
32-bit number with leading 1’s + trailing 0’s
Digits mapped to 1’s —> network address Digits mapped to 0’s —> host address
Expressed as (a) 0xffffffc0 or (b) 255.255.255.192
ptg Tricks and tools for subnet arithmetic 459
Exhibit C Netmask base conversion
A /26 network has 6 bits left (32 – 26 = 6) to number hosts. 26 is 64, so the network has 64 potential host addresses. However, it can only accommodate 62 actual
hosts because the all-0 and all-1 host addresses are reserved (they are the network and broadcast addresses, respectively).
In our 220.127.116.11/26 example, the extra two bits of network address obtained by subnetting can take on the values 00, 01, 10, and 11. The 18.104.22.168/24 net- work has thus been divided into four /26 networks:
•22.214.171.124/26 (0 in decimal is 00000000 in binary)
•126.96.36.199/26 (64 in decimal is 01000000 in binary)
•188.8.131.52/26 (128 in decimal is 10000000 in binary)
•184.108.40.206/26 (192 in decimal is 11000000 in binary)
The boldfaced bits of the last byte of each address are the bits that belong to the network portion of that byte.
Tricks and tools for subnet arithmetic
It’s confusing to do all this bit twiddling in your head, but some tricks can make it simpler. The number of hosts per network and the value of the last byte in the
netmask always add up to 256:
last netmask byte = 256 – net size
For example, 256 – 64 = 192, which is the final byte of the netmask in the preced- ing example. Another arithmetic fact is that the last byte of an actual network
address (as opposed to a netmask) must be evenly divisible by the number of hosts per network. We see this fact in action in the 220.127.116.11/26 example, where the last bytes of the networks are 0, 64, 128, and 192—all divisible by 64.7 Given an IP address (say, 18.104.22.168), we cannot tell without the associated netmask what the network address and broadcast address will be. Table 14.3 on the next page shows the possibilities for /16 (the default for a class B address), /24 (a plausible value), and /26 (a reasonable value for a small network).
The network address and broadcast address steal two hosts from each network, so it would seem that the smallest meaningful network would have four possible
Decimal netmask Hex netmask
128 138 243 0
255 f f
255 f f
255 f f
192 c 0
. . .
. . .
. . .
. . .
7. Of course, 0 counts as being divisible by any number…
Two Special Addresses
= “network address” + “host address = 0”
= “network address” + “host address = all 1’s”
Setting Interface Address
ifconfig -a —> display all interfaces
ifconfig eth0 192.168.25.1 netmask 255.255.255.0
—> set the IP and netmask of an interface
ifconfig eth0 up
—> enable the interface
ifconfig eth0 media auto
—> set the media type to auto-sense
Why do we need to know the
Answer: we need to know if the destination host can be reached directly (in the same network).
How? Q: is the network address the same?
Question: what if it is not on the same newtwork?
Answer: we ask a host to relay for us.
Question: but, which host?
(it has to be on the same network as us)
系上防火牆的Routing table (部分)
192.168.48.0 255.255.248.0 192.168.55.254!
192.168.219.0 255.255.255.0 192.168.219.254!
22.214.171.124 255.255.252.0 126.96.36.199!
0.0.0.0 0.0.0.0 140.112.x.x 188.8.131.52/
How to represent
a group of destination hosts?
CIDR == Classless Inter-Domain Routing
Borrowing the netmask idea:
IPs from184.108.40.206 to 220.127.116.11,
we can say 18.104.22.168/21 (21==255.255.248.0)
Any IP address falls in that “network”
(though might not be a real network), can be
represented by that CIDR
==IPs that are not globally allocated to anyone
IP Class From To CIDR range
Class A 10.0.0.0 10.255.255.255 10.0.0.0/8
Class B 172.16.0.0 172.31.255.255 172.16.0.0/12
Class C 192.168.0.0 192.168.255.255 192.168.0.0/16
NAT (Network Address Translation)
門 : 22.214.171.124
只有一塊門 發給我們，怎麼辦 ?
:192.168.0.254 Src: 192.168.0.2!
Dest: 126.96.36.199 對照表:!
Dest: 188.8.131.52 Src: 184.108.40.206!
netstat -nr (不看hostname) or netstat -r (看hostname)
route add default gw 220.127.116.11
—> all traffic not to local subnets goes to the gw
route add -net 18.104.22.168 netmask 255.255.255.192
—> all traffic that has destination address with the
described network address goes to 22.214.171.124
ICMP (Internet Control Message Protocol)
通知client此路不通。(Destination network/host/protocol/port unreachable or unknown)!
Ping使用的echo request & reply!
TTL expire (用來偵測或預防路徑中的loop或是traceroute使用)
Bit Torrent 封包
1. 如果是小小郭的封 包，直接丟掉!
2. 如果是Bit Torrent 封 包，直接丟掉!
3. 如果是去以下IP address的封包 (x.x.x.x, y.y.y.y, z.z.z.z)直接丟掉!
DNS (Domain Name Service)
一言以 之: 將名稱轉為IP的服務!
Domain name -> IP (type A):
! ntucsv.csie.ntu.edu.tw -> 126.96.36.199!
@domainname的mail server (type MX):
! csie.ntu.edu.tw -> ms.csie.ntu.edu.tw!
Domain name -> domain name (type CNAME):
! www.csie.ntu.edu.tw -> ntucsv.csie.ntu.edu.tw!
IP -> domain name (type PTR)
! 188.8.131.52 -> csman.csie.ntu.edu.tw!
分散式的架構: 分層負責 (recursive query)
Your Machine IP of www.ntu.edu.tw?
(Top-level Domain DNS server)
(Authoritative DNS Server)
(Authoritative DNS) 我不負責主管ntu.edu.tw!
nameserver 184.108.40.206 nameserver 220.127.116.11 nameserver 18.104.22.168
—> resolve incomplete names (linux1 —>
nameserver —> specify the address of the DNS server
Top 10 DNS attacks:
Distributed Reflection DoS attack
Cache poisoning / DNS hijacking (sol: DNSSEC)
TCP SYN floods
dig @22.214.171.124 -t MX csie.ntu.edu.tw
dig @126.96.36.199 www.csie.ntu.edu.tw
找出linux1到www.nasa.gov經過了 些機器(domain name可) keyword: mtr, traceroute
找出csie.ntu.edu.tw和ntu.edu.tw的mail server們 (SMTP)的IP是什麼