IP Layer

27  Download (0)

Full text


IP Layer

Michael Tsai




IPv4 and IPv6 451

IP Networking

Exhibit A TCP/IP layering model

IPv4 and IPv6

The version of TCP/IP that has been in widespread use for three decades is proto- col revision 4, aka IPv4. It uses four-byte IP addresses. A modernized version, IPv6, expands the IP address space to 16 bytes and incorporates several other les- sons learned from the use of IPv4. It removes several features of IP that experi- ence has shown to be of little value, making the protocol potentially faster and easier to implement. IPv6 also integrates security and authentication into the ba- sic protocol.

All modern operating systems and many network devices already support IPv6.

However, active use of IPv6 remains essentially zero in the real world.3 Experience suggests that it’s probably best for administrators to defer production use of IPv6 to the extent that this is possible. Everyone will eventually be forced to switch to IPv6, but as of 2010 that day is still years away. At the same time, the transition is not so far in the future that you can ignore it when purchasing new network de- vices. Insist on IPv6 compatibility for new acquisitions.

The development of IPv6 was to a large extent motivated by the concern that we are running out of 4-byte IPv4 address space. And indeed we are: projections in- dicate that the current IPv4 allocation system will collapse some time around 2011. (See ipv4.potaroo.net for a daily update.) Even so, mainstream adoption of IPv6 throughout the Internet is probably still not in the cards anytime soon.

More likely, another round of stopgap measures on the part of ISPs and ICANN (or more specifically, its subsidiary IANA, the Internet Assigned Numbers Au- thority) will extend the dominance of IPv4 for another few years. We expect to see wider use of IPv6 on the Internet backbone, but outside of large ISPs, academic sites involved in Internet research, and universal providers such as Google, our





ARP, device drivers

Copper, optical fiber, radio waves UDP TCP

DNS, Halo 3 traceroute SSH, FTP, HTTP


3. A Google study presented at RIPE 57 in October 2008 indicated that overall IPv6 penetration (actual use, not capability) was 0.24%. No country had IPv6 penetration greater than 0.76%.


IP (Network layer) 的主要功能



Forwarding: Router通常有多個interface (網卡)。把

packet從來源的interface移到目的地方向的interface並發 送出去叫做forwarding。!



Routing: 找出往目的地方向的一條路徑。通常由routing algorithms/protocol決定。!






表示是否需要特殊處理(如即時的影像或聲音) v4 or v6




Transport layer使 用的協定

(通常為TCP or UDP)


Where is IP packet?


Start of frame delimiter

MAC destination

MAC source

Length (IEEE 802.


802.1Q tag

(optional) Payload

Frame check sequence(3

2‑bit CRC) 7 octets 1 octet 6 octets 6 octets 2 octets (4 octets) 42–1500

octets 4 octets

Ethernet Frame

IP Packet is in 

Ethernet’s payload!


Typical Internet Packet


Maximum transfer unit 453

IP Networking

Exhibit B A typical network packet4

Ethernet framing

One of the main chores of the link layer is to add headers to packets and to put separators between them. The headers contain each packet’s link-layer addressing information and checksums, and the separators ensure that receivers can tell

where one packet stops and the next one begins. The process of adding these extra bits is known generically as framing.

The link layer is actually divided into two parts: MAC, the Media Access Control sublayer, and LLC, the Link Layer Control sublayer. The MAC layer deals with the media and transmits packets onto the wire. The LLC layer handles the framing.

Today, a single standard for Ethernet framing is in common use: DIX Ethernet II.

Historically, several slightly different standards based on IEEE 802.2 were also used, especially on Novell networks.

Maximum transfer unit

The size of packets on a network may be limited both by hardware specifications and by protocol conventions. For example, the payload of a standard Ethernet frame is traditionally 1,500 bytes. The size limit is associated with the link-layer protocol and is called the maximum transfer unit or MTU. Table 14.1 shows some typical values for the MTU.

4. For specificity, RFCs that describe protocols often use the term “octet” instead of “byte.”

Ethernet frame (146 bytes)


header IPv4

header UDP

header Application data

14 bytes 20 bytes 8 bytes

Ethernet CRC

4 bytes 100 bytes

IPv4 packet (128 bytes)

UDP packet (108 bytes)

Table 14.1 MTUs for various types of network

Network type Maximum transfer unit

Ethernet 1,500 bytes (1,492 with 802.2 framing)a

FDDI 4,470 bytes (4,352 for IP/FDDI)

Token ring Configurableb

PPP modem link Configurable, often 512 or 576 bytes Point-to-point WAN links (T1, T3) Configurable, often 1,500 or 4,500 bytes

a. See page 541 for some comments on “jumbo” Ethernet packets.

b. Common values are 552; 1,064; 2,088; 4,508; and 8,232. Sometimes 1,500 to match Ethernet.


IP Address (v4)

AAA.BBB.CCC.DDD (4 bytes) = ? # total hosts

Network + host address —> same network address == same network (subnet)

Class 1st byte Format Comments

A 1-127 N.H.H.H Very early networks

B 128-191 N.N.H.H Large sites 

(hard to get)

C 192-223 N.N.N.H Easy to get

(often obtained in sets)

D 224-239 - Multicast addresses

E 240-255 - Experimental addresses

Historical Internet Classes (no mask)


But this is inefficient

Most networks only have ~100 hosts

Class A & B addresses are wasted

Thus we need to find a way to further split the

networks! (subnetting)



Netmask == 

32-bit number with leading 1’s + trailing 0’s

Digits mapped to 1’s —> network address
 Digits mapped to 0’s —> host address

Expressed as (a) 0xffffffc0 or (b)

ptg Tricks and tools for subnet arithmetic 459

IP Networking

Exhibit C Netmask base conversion

A /26 network has 6 bits left (32 – 26 = 6) to number hosts. 26 is 64, so the network has 64 potential host addresses. However, it can only accommodate 62 actual

hosts because the all-0 and all-1 host addresses are reserved (they are the network and broadcast addresses, respectively).

In our example, the extra two bits of network address obtained by subnetting can take on the values 00, 01, 10, and 11. The net- work has thus been divided into four /26 networks: (0 in decimal is 00000000 in binary) (64 in decimal is 01000000 in binary) (128 in decimal is 10000000 in binary) (192 in decimal is 11000000 in binary)

The boldfaced bits of the last byte of each address are the bits that belong to the network portion of that byte.

Tricks and tools for subnet arithmetic

It’s confusing to do all this bit twiddling in your head, but some tricks can make it simpler. The number of hosts per network and the value of the last byte in the

netmask always add up to 256:

last netmask byte = 256 – net size

For example, 256 – 64 = 192, which is the final byte of the netmask in the preced- ing example. Another arithmetic fact is that the last byte of an actual network

address (as opposed to a netmask) must be evenly divisible by the number of hosts per network. We see this fact in action in the example, where the last bytes of the networks are 0, 64, 128, and 192—all divisible by 64.7 Given an IP address (say,, we cannot tell without the associated netmask what the network address and broadcast address will be. Table 14.3 on the next page shows the possibilities for /16 (the default for a class B address), /24 (a plausible value), and /26 (a reasonable value for a small network).

The network address and broadcast address steal two hosts from each network, so it would seem that the smallest meaningful network would have four possible

IP address

Decimal netmask Hex netmask

Binary netmask

128 138 243 0

255 f f

1111 1111

255 f f

1111 1111

255 f f

1111 1111

192 c 0

1100 0000

. . .

. . .

. . .

. . .

7. Of course, 0 counts as being divisible by any number…


Two Special Addresses

Network address 

= “network address” + “host address = 0”

Broadcast address

= “network address” + “host address = all 1’s”


Setting Interface Address

ifconfig -a —> display all interfaces

ifconfig eth0 netmask

—> set the IP and netmask of an interface

ifconfig eth0 up

—> enable the interface

ifconfig eth0 media auto 

—> set the media type to auto-sense


Why do we need to know the

“network address”?

Answer: we need to know if the destination host can be reached directly (in the same network).

How? Q: is the network address the same?

Question: what if it is not on the same newtwork?

Answer: we ask a host to relay for us.

Question: but, which host? 

(it has to be on the same network as us)


系上防火牆的Routing table (部分)

Routing Table:!!!! 140.112.x.x


How to represent 

a group of destination hosts?

CIDR == Classless Inter-Domain Routing

Borrowing the netmask idea:

IPs from192.144.0.0 to,

we can say (21==

Any IP address falls in that “network” 

(though might not be a real network), can be

represented by that CIDR


Private IP

Private IP

==IPs that are not globally allocated to anyone

IP Class From To CIDR range

Class A

Class B

Class C


NAT (Network Address Translation)

門 :

只有一塊門 發給我們,怎麼辦 ?

馬撒起 菜瓜布








: Src:!



Dest: 對照表:!

• 菜瓜布有連到8.8.8.8!

• 要找助教請轉到192.168.0.4


Dest: Src:!



Routing Table

netstat -nr (不看hostname) or 
 netstat -r (看hostname)


route add default gw

—> all traffic not to local subnets goes to the gw

route add -net netmask

—> all traffic that has destination address with the

described network address goes to


ICMP (Internet Control Message Protocol)

一些管理用的 息,用來通知client關於網路的狀況。!



通知client此路不通。(Destination network/host/protocol/port unreachable or unknown)!


Ping使用的echo request & reply!








TTL expire (用來偵測或預防路徑中的loop或是traceroute使用)



馬撒起 菜瓜布



Bit Torrent 封包

Firewall 規則表:!

1. 如果是小小郭的封 包,直接丟掉!

2. 如果是Bit Torrent 封 包,直接丟掉!

3. 如果是去以下IP address的封包 (x.x.x.x, y.y.y.y, z.z.z.z)直接丟掉!

4. 剩下的可以過


DNS (Domain Name Service)

一言以 之: 將名稱轉為IP的服務!


Domain name -> IP (type A): 

! ntucsv.csie.ntu.edu.tw ->!

@domainname的mail server (type MX):

! csie.ntu.edu.tw -> ms.csie.ntu.edu.tw!

Domain name -> domain name (type CNAME):

! www.csie.ntu.edu.tw -> ntucsv.csie.ntu.edu.tw!

IP -> domain name (type PTR)

! -> csman.csie.ntu.edu.tw!

可以多重宣告: 增加可靠度或分散性.!



分散式的架構: 分層負責 (recursive query)


(Local DNS的角色)

Your Machine IP of www.ntu.edu.tw?

Root DNS

.tw NS!

(Top-level Domain 
 DNS server)


(Authoritative DNS Server)


(Authoritative DNS) 我不負責主管ntu.edu.tw!







如果local DNS本身主管被查詢的domain,則可以直接



Local DNS可以暫存之前查詢過的結果。!

主要用來減輕主管DNS server及網路的負擔。!

每筆在主管DNS server上的紀錄都有對應的TTL值,規範可




nameserver nameserver nameserver

search csie.ntu.edu.tw


—> resolve incomplete names (linux1 —>


nameserver —> specify the address of the DNS server



Top 10 DNS attacks:


security0/top-10-dns-attacks-likely-to-infiltrate-your- network.html#slide1

Distributed Reflection DoS attack

Cache poisoning / DNS hijacking (sol: DNSSEC)

TCP SYN floods




dig @ -t MX csie.ntu.edu.tw

dig @ www.csie.ntu.edu.tw



找出linux1到www.nasa.gov經過了 些機器(domain name可) keyword: mtr, traceroute

找出csie.ntu.edu.tw和ntu.edu.tw的mail server們 (SMTP)的IP是什麼










Related subjects :