IP Layer
Michael Tsai
2016/03/30
ptg
IPv4 and IPv6 451
IP Networking
Exhibit A TCP/IP layering model
IPv4 and IPv6
The version of TCP/IP that has been in widespread use for three decades is proto- col revision 4, aka IPv4. It uses four-byte IP addresses. A modernized version, IPv6, expands the IP address space to 16 bytes and incorporates several other les- sons learned from the use of IPv4. It removes several features of IP that experi- ence has shown to be of little value, making the protocol potentially faster and easier to implement. IPv6 also integrates security and authentication into the ba- sic protocol.
All modern operating systems and many network devices already support IPv6.
However, active use of IPv6 remains essentially zero in the real world.3 Experience suggests that it’s probably best for administrators to defer production use of IPv6 to the extent that this is possible. Everyone will eventually be forced to switch to IPv6, but as of 2010 that day is still years away. At the same time, the transition is not so far in the future that you can ignore it when purchasing new network de- vices. Insist on IPv6 compatibility for new acquisitions.
The development of IPv6 was to a large extent motivated by the concern that we are running out of 4-byte IPv4 address space. And indeed we are: projections in- dicate that the current IPv4 allocation system will collapse some time around 2011. (See ipv4.potaroo.net for a daily update.) Even so, mainstream adoption of IPv6 throughout the Internet is probably still not in the cards anytime soon.
More likely, another round of stopgap measures on the part of ISPs and ICANN (or more specifically, its subsidiary IANA, the Internet Assigned Numbers Au- thority) will extend the dominance of IPv4 for another few years. We expect to see wider use of IPv6 on the Internet backbone, but outside of large ISPs, academic sites involved in Internet research, and universal providers such as Google, our
APPLICATION TRANSPORT
NETWORK LINK PHYSICAL
LAYER LAYER LAYER LAYER LAYER
IP ICMP
ARP, device drivers
Copper, optical fiber, radio waves UDP TCP
DNS, Halo 3 traceroute SSH, FTP, HTTP
arp
3. A Google study presented at RIPE 57 in October 2008 indicated that overall IPv6 penetration (actual use, not capability) was 0.24%. No country had IPv6 penetration greater than 0.76%.
IP (Network layer) 的主要功能
!
1.
Forwarding: Router通常有多個interface (網卡)。把
packet從來源的interface移到目的地方向的interface並發 送出去叫做forwarding。!
一般client並不會開啟此一功能!!
2.
Routing: 找出往目的地方向的一條路徑。通常由routing algorithms/protocol決定。!
!
因為系上通常到特定的目的地都只有一條路徑,我們網管
的工作通常只會接觸到第一部分。
IP封包的格式(v4)
表示是否需要特殊處理(如即時的影像或聲音) v4 or v6用來處理
fragmentation (想想MTU)
最多可以經過 幾台機器(router)
Transport layer使 用的協定
(通常為TCP or UDP)
Where is IP packet?
Preamble
Start of frame delimiter
MAC destination
MAC source
Length (IEEE 802.
3)
802.1Q tag
(optional) Payload
Frame check sequence(3
2‑bit CRC) 7 octets 1 octet 6 octets 6 octets 2 octets (4 octets) 42–1500
octets 4 octets
Ethernet Frame
IP Packet is in
Ethernet’s payload!
Typical Internet Packet
ptg
Maximum transfer unit 453
IP Networking
Exhibit B A typical network packet4
Ethernet framing
One of the main chores of the link layer is to add headers to packets and to put separators between them. The headers contain each packet’s link-layer addressing information and checksums, and the separators ensure that receivers can tell
where one packet stops and the next one begins. The process of adding these extra bits is known generically as framing.
The link layer is actually divided into two parts: MAC, the Media Access Control sublayer, and LLC, the Link Layer Control sublayer. The MAC layer deals with the media and transmits packets onto the wire. The LLC layer handles the framing.
Today, a single standard for Ethernet framing is in common use: DIX Ethernet II.
Historically, several slightly different standards based on IEEE 802.2 were also used, especially on Novell networks.
Maximum transfer unit
The size of packets on a network may be limited both by hardware specifications and by protocol conventions. For example, the payload of a standard Ethernet frame is traditionally 1,500 bytes. The size limit is associated with the link-layer protocol and is called the maximum transfer unit or MTU. Table 14.1 shows some typical values for the MTU.
4. For specificity, RFCs that describe protocols often use the term “octet” instead of “byte.”
Ethernet frame (146 bytes)
Ethernet
header IPv4
header UDP
header Application data
14 bytes 20 bytes 8 bytes
Ethernet CRC
4 bytes 100 bytes
IPv4 packet (128 bytes)
UDP packet (108 bytes)
Table 14.1 MTUs for various types of network
Network type Maximum transfer unit
Ethernet 1,500 bytes (1,492 with 802.2 framing)a
FDDI 4,470 bytes (4,352 for IP/FDDI)
Token ring Configurableb
PPP modem link Configurable, often 512 or 576 bytes Point-to-point WAN links (T1, T3) Configurable, often 1,500 or 4,500 bytes
a. See page 541 for some comments on “jumbo” Ethernet packets.
b. Common values are 552; 1,064; 2,088; 4,508; and 8,232. Sometimes 1,500 to match Ethernet.
IP Address (v4)
•
AAA.BBB.CCC.DDD (4 bytes) = ? # total hosts
•
Network + host address —> same network address == same network (subnet)
Class 1st byte Format Comments
A 1-127 N.H.H.H Very early networks
B 128-191 N.N.H.H Large sites
(hard to get)
C 192-223 N.N.N.H Easy to get
(often obtained in sets)
D 224-239 - Multicast addresses
E 240-255 - Experimental addresses
Historical Internet Classes (no mask)
But this is inefficient
•
Most networks only have ~100 hosts
•
Class A & B addresses are wasted
•
Thus we need to find a way to further split the
networks! (subnetting)
Netmask
•
Netmask ==
32-bit number with leading 1’s + trailing 0’s
•
Digits mapped to 1’s —> network address Digits mapped to 0’s —> host address
•
Expressed as (a) 0xffffffc0 or (b) 255.255.255.192
ptg Tricks and tools for subnet arithmetic 459
IP Networking
Exhibit C Netmask base conversion
A /26 network has 6 bits left (32 – 26 = 6) to number hosts. 26 is 64, so the network has 64 potential host addresses. However, it can only accommodate 62 actual
hosts because the all-0 and all-1 host addresses are reserved (they are the network and broadcast addresses, respectively).
In our 128.138.243.0/26 example, the extra two bits of network address obtained by subnetting can take on the values 00, 01, 10, and 11. The 128.138.243.0/24 net- work has thus been divided into four /26 networks:
•
128.138.243.0/26 (0 in decimal is 00000000 in binary)•
128.138.243.64/26 (64 in decimal is 01000000 in binary)•
128.138.243.128/26 (128 in decimal is 10000000 in binary)•
128.138.243.192/26 (192 in decimal is 11000000 in binary)The boldfaced bits of the last byte of each address are the bits that belong to the network portion of that byte.
Tricks and tools for subnet arithmetic
It’s confusing to do all this bit twiddling in your head, but some tricks can make it simpler. The number of hosts per network and the value of the last byte in the
netmask always add up to 256:
last netmask byte = 256 – net size
For example, 256 – 64 = 192, which is the final byte of the netmask in the preced- ing example. Another arithmetic fact is that the last byte of an actual network
address (as opposed to a netmask) must be evenly divisible by the number of hosts per network. We see this fact in action in the 128.138.243.0/26 example, where the last bytes of the networks are 0, 64, 128, and 192—all divisible by 64.7 Given an IP address (say, 128.138.243.100), we cannot tell without the associated netmask what the network address and broadcast address will be. Table 14.3 on the next page shows the possibilities for /16 (the default for a class B address), /24 (a plausible value), and /26 (a reasonable value for a small network).
The network address and broadcast address steal two hosts from each network, so it would seem that the smallest meaningful network would have four possible
IP address
Decimal netmask Hex netmask
Binary netmask
128 138 243 0
255 f f
1111 1111
255 f f
1111 1111
255 f f
1111 1111
192 c 0
1100 0000
. . .
. . .
. . .
. . .
7. Of course, 0 counts as being divisible by any number…
Two Special Addresses
•
Network address
= “network address” + “host address = 0”
•
Broadcast address
= “network address” + “host address = all 1’s”
Setting Interface Address
•
ifconfig -a —> display all interfaces
•
ifconfig eth0 192.168.25.1 netmask 255.255.255.0
—> set the IP and netmask of an interface
•
ifconfig eth0 up
—> enable the interface
•
ifconfig eth0 media auto
—> set the media type to auto-sense
Why do we need to know the
“network address”?
•
Answer: we need to know if the destination host can be reached directly (in the same network).
•
How? Q: is the network address the same?
•
Question: what if it is not on the same newtwork?
•
Answer: we ask a host to relay for us.
•
Question: but, which host?
(it has to be on the same network as us)
系上防火牆的Routing table (部分)
Routing Table:!
192.168.48.0 255.255.248.0 192.168.55.254!
192.168.219.0 255.255.255.0 192.168.219.254!
140.112.28.0 255.255.252.0 140.112.30.254!
0.0.0.0 0.0.0.0 140.112.x.x 140.112.28.0/
255.255.252.0
140.112.30.254 192.168.55.254
192.168.48.0/
255.255.248.0
192.168.219.0/
255.255.255.0
192.168.219.254
How to represent
a group of destination hosts?
•
CIDR == Classless Inter-Domain Routing
•
Borrowing the netmask idea:
IPs from192.144.0.0 to 192.144.7.0,
we can say 192.144.0.0/21 (21==255.255.248.0)
•
Any IP address falls in that “network”
(though might not be a real network), can be
represented by that CIDR
Private IP
•
Private IP
==IPs that are not globally allocated to anyone
IP Class From To CIDR range
Class A 10.0.0.0 10.255.255.255 10.0.0.0/8
Class B 172.16.0.0 172.31.255.255 172.16.0.0/12
Class C 192.168.0.0 192.168.255.255 192.168.0.0/16
NAT (Network Address Translation)
門 : 140.112.91.208
只有一塊門 發給我們,怎麼辦 ?
馬撒起 菜瓜布
凱莉
小小郭
內部用: 192.168.0.2
內部用: 192.168.0.3
內部用: 192.168.0.4
內部用: 192.168.0.5
內部用門
:192.168.0.254 Src: 192.168.0.2!
Dest: 8.8.8.8
Src: 140.112.91.208!
Dest: 8.8.8.8 對照表:!
• 菜瓜布有連到8.8.8.8!
• 要找助教請轉到192.168.0.4
Src: 8.8.8.8!
Dest: 140.112.91.208 Src: 8.8.8.8!
Dest: 192.168.0.2
Routing Table
•
netstat -nr (不看hostname) or netstat -r (看hostname)
!
•
route add default gw 140.112.30.254
—> all traffic not to local subnets goes to the gw
•
route add -net 132.236.220.64 netmask 255.255.255.192
—> all traffic that has destination address with the
described network address goes to 132.236.220.64
ICMP (Internet Control Message Protocol)
一些管理用的 息,用來通知client關於網路的狀況。!
常用的用途:!
1.
通知client此路不通。(Destination network/host/protocol/port unreachable or unknown)!
2.
Ping使用的echo request & reply!
!
!
!
!
!
!
3.
TTL expire (用來偵測或預防路徑中的loop或是traceroute使用)
Firewall
馬撒起 菜瓜布
凱莉
小小郭
Bit Torrent 封包
Firewall 規則表:!
1. 如果是小小郭的封 包,直接丟掉!
2. 如果是Bit Torrent 封 包,直接丟掉!
3. 如果是去以下IP address的封包 (x.x.x.x, y.y.y.y, z.z.z.z)直接丟掉!
4. 剩下的可以過
DNS (Domain Name Service)
一言以 之: 將名稱轉為IP的服務!
常見的轉換種類:!
Domain name -> IP (type A):
! ntucsv.csie.ntu.edu.tw -> 140.112.30.28!
@domainname的mail server (type MX):
! csie.ntu.edu.tw -> ms.csie.ntu.edu.tw!
Domain name -> domain name (type CNAME):
! www.csie.ntu.edu.tw -> ntucsv.csie.ntu.edu.tw!
IP -> domain name (type PTR)
! 140.112.30.21 -> csman.csie.ntu.edu.tw!
可以多重宣告: 增加可靠度或分散性.!
例如www.google.com的A指到了6個IP!
分散式的架構: 分層負責 (recursive query)
csman.csie.ntu.edu.tw!
(Local DNS的角色)
Your Machine IP of www.ntu.edu.tw?
Root DNS
.tw NS!
(Top-level Domain DNS server)
.edu.tw!
(Authoritative DNS Server)
.ntu.edu.tw!
(Authoritative DNS) 我不負責主管ntu.edu.tw!
請問負責.tw的機器
我負責主管ntu.edu.tw!
www.ntu.edu.tw=x.x.x.x
DNS的細節
!
如果local DNS本身主管被查詢的domain,則可以直接
回覆。!
例如140.112.30.21如果被查詢www.csie.ntu.edu.tw!
Local DNS可以暫存之前查詢過的結果。!
主要用來減輕主管DNS server及網路的負擔。!
每筆在主管DNS server上的紀錄都有對應的TTL值,規範可
以被占存多久。
/etc/resolv.conf
nameserver 140.112.30.21 nameserver 140.112.254.4 nameserver 140.112.2.2
search csie.ntu.edu.tw
•
search
—> resolve incomplete names (linux1 —>
linux1.csie.ntu.edu.tw)
•
nameserver —> specify the address of the DNS server
DNS延伸閱讀
•
Top 10 DNS attacks:
http://www.networkworld.com/article/2886283/
security0/top-10-dns-attacks-likely-to-infiltrate-your- network.html#slide1
•
Distributed Reflection DoS attack
•
Cache poisoning / DNS hijacking (sol: DNSSEC)
•
TCP SYN floods
常用DNS指令
•
Examples:
•
dig @8.8.8.8 -t MX csie.ntu.edu.tw
•
dig @140.112.30.21 www.csie.ntu.edu.tw
課堂作業
•
找出linux1到www.nasa.gov經過了 些機器(domain name可) keyword: mtr, traceroute
•
找出csie.ntu.edu.tw和ntu.edu.tw的mail server們 (SMTP)的IP是什麼
•
答案請寄給hsinmu+wnfa16spring-0330@gmail.com
延伸閱讀
•