Chapter 4 Network Layer

Transcription

1 Chapter 4 Network Layer A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and delete slides (including this one) and slide content to suit your needs. They obviously represent a lot of work on our part. In return for use, we only ask the following: If you use these slides (e.g., in a class) in substantially unaltered form, that you mention their source (after all, we d like people to use our book!) If you post any slides in substantially unaltered form on a www site, that you note that they are adapted from (or perhaps identical to) our slides, and note our copyright of this material. Computer Networking: A Top Down Approach 4 th edition. Jim Kurose, Keith Ross Addison-Wesley, July Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Network Layer 4-1

2 Chapter 4: Network Layer Chapter goals: understand principles behind network layer services: network layer service models forwarding versus routing how a router works routing (path selection) dealing with scale advanced topics: IPv6, mobility instantiation, implementation in the Internet Network Layer 4-2

3 Chapter 4: Network Layer 4. 1 Introduction 4.5 Routing algorithms 4.2 Virtual circuit and datagram networks 4.3 What s inside a router 4.4 IP: Internet Protocol Datagram format IPv4 functions ICMP IPv6 Link state Distance Vector Hierarchical routing 4.6 Routing in the Internet RIP OSPF BGP 4.7 Broadcast and multicast routing Network Layer 4-3

4 Network layer transport segment from sending to receiving host on sending side encapsulates segments into datagrams on rcving side, delivers segments to transport layer network layer protocols in every host, router router examines header fields in all IP datagrams passing through it application transport network data link physical network data link physical network data link physical network data link physical network data link physical network data link physical network data link physical network data link physical network data link physical network data link physical network data link physical network data link physical application transport network data link physical Network Layer 4-4

5 Network layer functions Connection setup connection-oriented, hostto-host connection datagram Delivery semantics: Unicast, broadcast, multicast, anycast In-order, any-order Security secrecy, integrity, authenticity Demux to upper layer next protocol Can be either transport or network (tunneling) Quality-of-service provide predictable performance Fragmentation break-up packets based on data-link layer properties Routing path selection and packet forwarding Addressing flat vs. hierarchical global vs. local variable vs. fixed length Network Layer 4-5

6 Chapter 4: Network Layer 4. 1 Introduction 4.5 Routing algorithms 4.2 Virtual circuit and datagram networks 4.3 What s inside a router 4.4 IP: Internet Protocol Datagram format IPv4 functions ICMP IPv6 Link state Distance Vector Hierarchical routing 4.6 Routing in the Internet RIP OSPF BGP 4.7 Broadcast and multicast routing Network Layer 4-6

7 Network service model Combining the functions into a particular network Q: What service model for channel transporting datagrams from sender to rcvr? Example services for Example services for a individual datagrams: flow of datagrams: guaranteed delivery guaranteed delivery with less than 40 msec delay in-order datagram delivery guaranteed minimum bandwidth to flow restrictions on changes in interpacket spacing (jitter) Network Layer 4-7

8 Network layer connection and connection-less service Datagram network provides network-layer connectionless service VC network provides network-layer connection service Analogous to the transport-layer services, but on a host-to-host basis with an in-network implementation Network Layer 4-8

9 Connection-oriented virtual circuits Circuit abstraction Examples: ATM, frame relay, X.25, phone network Model call setup and signaling for each call before data can flow guaranteed performance during call call teardown and signaling to remove call Network support each packet carries circuit identifier (not destination host ID) every router on source-dest path maintains state for each passing circuit link, router resources (bandwidth, buffers) allocated to VC to guarantee circuit-like performance application transport network data link physical 5. Data flow begins 6. Receive data 4. Call connected 3. Accept call 1. Initiate call 2. incoming call application transport network data link physical Network Layer 4-9

10 Connectionless datagram service Postal service abstraction (Internet) Model no call setup or teardown at network layer no service guarantees Network support no state within network on end-to-end connections packets forwarded based on destination host ID packets between same source-dest pair may take different paths application transport network data link physical 1. Send data 2. Receive data application transport network data link physical Network Layer 4-10

11 Datagram or VC network: why? Internet data exchange among computers elastic service, no strict timing req. smart end systems (computers) can adapt, perform control, error recovery simple inside network, complexity at edge many link types different characteristics uniform service difficult ATM evolved from telephony human conversation: strict timing, reliability requirements need for guaranteed service dumb end systems telephones complexity inside network only network provider can deploy new services! Network Layer 4-11

12 Network layer service models: Network Architecture Service Model Bandwidth Guarantees? Loss Order Timing Congestion feedback Internet ATM ATM ATM ATM best effort CBR VBR ABR UBR none constant rate guaranteed rate guaranteed minimum none no yes yes no no no yes yes yes yes no yes yes no no no (inferred via loss) no congestion no congestion yes no Network Layer 4-12

13 Adding circuits to the Internet Intserv, Diffserv, RSVP At the end of course if time permits Chapter 7 in book Network Layer 4-13

14 Chapter 4: Network Layer 4. 1 Introduction 4.5 Routing algorithms 4.2 Virtual circuit and datagram networks 4.3 What s inside a router 4.4 IP: Internet Protocol Datagram format IPv4 functions ICMP IPv6 Link state Distance Vector Hierarchical routing 4.6 Routing in the Internet RIP OSPF BGP 4.7 Broadcast and multicast routing Network Layer 4-14

15 The Internet Network layer Host, router network layer functions: Transport layer: TCP, UDP Network layer Routing protocols path selection RIP, OSPF, BGP forwarding table IP protocol addressing conventions datagram format packet handling conventions ICMP protocol error reporting router signaling Link layer physical layer Network Layer 4-15

16 Chapter 4: Network Layer 4. 1 Introduction 4.5 Routing algorithms 4.2 Virtual circuit and datagram networks 4.3 What s inside a router 4.4 IP: Internet Protocol Datagram format IPv4 functions ICMP IPv6 Link state Distance Vector Hierarchical routing 4.6 Routing in the Internet RIP OSPF BGP 4.7 Broadcast and multicast routing Network Layer 4-16

17 IP datagram format IP protocol version number header length (bytes) type of data max number remaining hops (decremented at each router) upper layer protocol to deliver payload to how much overhead with TCP? 20 bytes of TCP 20 bytes of IP = 40 bytes + app layer overhead ver head. len 16-bit identifier time to live type of service upper layer 32 bits flgs length fragment offset Internet checksum 32 bit source IP address 32 bit destination IP address Options (if any) data (variable length, typically a TCP or UDP segment) total datagram length (bytes) for fragmentation/ reassembly E.g. timestamp, record route taken, specify list of routers to visit. Network Layer 4-17

18 IP header Version Currently at 4, next version 6 Header length Length of header (20 bytes plus options) Type of Service Typically ignored Replaced by DiffServ and ECN Length Length of IP fragment (payload) Identification Flags To match up with other fragments Don t fragment flag More fragments flag Fragment offset Where this fragment lies in entire IP datagram Measured in 8 octet units (11 bit field) Network Layer 4-18

19 IP header (cont) Time to live Ensure packets exit the network Protocol Demultiplexing to higher layer protocols (TCP, UDP, SCTP) Header checksum Source IP, Destination IP (32 bit addresses) Options E.g. Source routing, record route, etc. Performance issues Poorly supported Ensures some degree of header integrity Relatively weak 16 bit Network Layer 4-19

20 Chapter 4: Network Layer 4. 1 Introduction 4.5 Routing algorithms 4.2 Virtual circuit and datagram networks 4.3 What s inside a router 4.4 IP: Internet Protocol Datagram format IPv4 functions ICMP IPv6 Link state Distance Vector Hierarchical routing 4.6 Routing in the Internet RIP OSPF BGP 4.7 Broadcast and multicast routing Network Layer 4-20

21 Recall network layer functions How does IPv4 support.. Connection setup Delivery semantics Security Demux to upper layer Quality-of-service Fragmentation Addressing Routing Network Layer 4-21

22 IP connection setup Hourglass design No support for network layer connections Unreliable datagram service Out-of-order delivery possible Connection semantics only at higher layer Compare to ATM and phone network Network Layer 4-22

23 IP delivery semantics No reliability guarantees Loss No ordering guarantees Out-of-order delivery possible Unicast mostly IP broadcast ( ) not forwarded IP multicast supported, but not widely used to Network Layer 4-23

24 IP security Weak support for integrity IP checksum IP has a header checksum, leaves data integrity to TCP/UDP Catch errors within router or bridge that are not detected by link layer Incrementally updated as routers change fields No support for secrecy, authenticity IPsec Retrofit IP network layer with encryption and authentication Network Layer 4-24

25 Internet checksum (review) Goal: detect errors (e.g., flipped bits) in transmitted packet (note: used at transport layer only) Sender: treat segment contents as sequence of 16-bit integers (See TCP checksum) checksum: addition (1 s complement sum) of segment contents sender puts checksum value into UDP checksum field Receiver: compute checksum of received segment check if computed checksum equals checksum field value: NO - error detected YES - no error detected. But maybe errors nonetheless? Network Layer 4-25

26 IP demux to upper layer Protocol type field 1 = ICMP 2 = IGMP 3 = GGP 4 = IP in IP 6 = TCP 8 = EGP 9 = IGP 17 = UDP 29 = ISO-TP4 80 = ISO-IP 88 = IGRP 89 = OSPFIGP 94 = IPIP Network Layer 4-26

27 IP quality of service IP originally had type-of-service (TOS) field to eventually support quality Not used, ignored by most routers Mid 90s Integrated services (intserv) and RSVP signalling Per-flow end-to-end QoS support Per-flow signaling Per-flow network resource allocation (*FQ, *RR scheduling algorithms) Setup and match flows on connection ID Network Layer 4-27

28 IP quality of service RSVP Provides end-to-end signaling to network elements General purpose protocol for signaling information Not used now on a per-flow basis to support int-serv, but being reused for diff-serv. intserv Defines service model (guaranteed, controlled-load) Dozens of scheduling algorithms to support these services WFQ, W 2 FQ, STFQ, Virtual Clock, DRR, etc. Network Layer 4-28

29 IP quality of service Why did RSVP, intserv fail? Complexity Scheduling Routing (pinning routes) Per-flow signaling overhead Lack of scalability Per-flow state Economics Providers with no incentive to deploy SLA, end-to-end billing issues QoS a weak-link property Requires every device on an end-to-end basis to support flow Network Layer 4-29

30 IP quality of service Now it s diffserv Use the type-of-service bits as a priority marking Core network relatively stateless AF Assured forwarding (drop precedence) EF Expedited forwarding (strict priority handling) Network Layer 4-30

31 IP Fragmentation & Reassembly network links have MTU (max.transfer unit) - largest possible link-level frame. different link types, different MTUs large IP datagram (can be 64KB) fragmented within network one datagram becomes several datagrams IP header on each fragment IP identifier and offset fields to identify and order fragments reassembly fragmentation: in: one large datagram out: 3 smaller datagrams Network Layer 4-31

32 IP Fragmentation & Reassembly Where to do reassembly? End nodes avoids unnecessary work Dangerous to do at intermediate nodes Buffer space Must assume single path through network May be re-fragmented later on in the route again reassembly fragmentation: in: one large datagram out: 3 smaller datagrams Network Layer 4-32

33 IP Fragmentation and Reassembly Example 4000 byte datagram MTU = 1500 bytes length =4000 ID =x fragflag =0 offset =0 One large datagram becomes several smaller datagrams 1480 bytes in data field offset = 1480/8 length =1500 length =1500 length =1040 ID =x ID =x ID =x fragflag =1 fragflag =1 fragflag =0 offset =0 offset =185 offset =370 Network Layer 4-33

34 Fragmentation is Harmful Uses resources poorly Forwarding costs per packet Best if we can send large chunks of data Worst case: packet just bigger than MTU Poor end-to-end performance Loss of a fragment makes other fragments useless Reassembly is hard Buffering constraints Network Layer 4-34

35 Fragmentation Path MTU Discovery Remove fragmentation from the network Mandatory in IPv6 Network layer does no fragmentation Hosts dynamically discover smallest MTU of path Algorithm: Initialize MTU to MTU for first hop Send datagrams with Don t Fragment bit set If ICMP pkt too big msg, decrease MTU What happens if path changes? Periodically (>5mins, or >1min after previous increase), increase MTU Some routers will return proper MTU Network Layer 4-35

36 Fragmentation References Characteristics of Fragmented IP Traffic on Internet Links. Colleen Shannon, David Moore, and k claffy -- CAIDA, UC San Diego. ACM SIGCOMM Internet Measurement Workshop program.html C. A. Kent and J. C. Mogul, "Fragmentation considered harmful," in Proceedings of the ACM Workshop on Frontiers in Computer Communications Technology, pp , Aug acts/87.3.html Network Layer 4-36

37 IP Addressing IP address: 32-bit identifier for host/router interface interface: connection between host, router and physical link routers typically have multiple interfaces host may have multiple interfaces IP addresses associated with interface, not host, router = Network Layer 4-37

38 IP Addressing IP address: network part (high order bits) host part (low order bits) What s a network? all interfaces that can physically reach each other without intervening router each interface shares the same network part of IP address LAN network consisting of 3 IP networks (for IP addresses starting with 223, first 24 bits are network address) Network Layer 4-38

39 Subnets / /24 How to find the networks (subnets)? Detach each interface from router, host create islands of isolated networks Each isolated network is called a subnet Notation: Interfaces on a subnet share identical bits as prefix Bits identified by mask machine addresses all begin with the same 24 bits Also denoted by / /24 Subnet mask: /24 Network Layer 4-39

40 Subnets How many? Network Layer 4-40

41 How do networks get IP addresses? Total IP address size: 4 billion Initially one large class (8-bit network, 24-bit host) ISP given an 8-bit network number to manage Each router keeps track of each network (2 8 =256 routes) Each network has 16 million hosts Problem: one size does not fit all Classful addressing Accomodate smaller networks (LANs) Class A: 128 networks, 16M hosts Class B: 16K networks, 64K hosts Class C: 2M networks, 256 hosts Total routes potentially > 2,113,664 routes! High Order Bits Format 7 bits of net, 24 bits of host (/8) 14 bits of net, 16 bits of host (/16) 21 bits of net, 8 bits of host (/24) Class A B C Network Layer 4-41

42 IP address classes Class A Network ID Host ID to Class B 10 Network ID to Host ID Class C 110 Class D 1110 Class E 1111 Network ID to Multicast Addresses to Reserved for experiments Host ID Network Layer 4-42

43 Special IP Addresses Private addresses Class A: ( /8 prefix) Class B: ( /12 prefix) Class C: ( /16 prefix) : local host (a.k.a. the loopback address) IP broadcast to local hardware that must not be forwarded IP address of unassigned host (BOOTP, ARP, DHCP) Default route advertisement Network Layer 4-43

44 IP Addressing Problem #1 (1984) Inefficient use of address space Class A (rarely given out, sparse usage) Class B = 64k hosts Very few LANs have close to 64K hosts Electrical/LAN limitations, performance or administrative reasons e.g., class B net allocated enough addresses for 64K hosts, even if only 2K hosts in that network Need simple/address-efficient way to get multiple networks Reduce the number of addresses that are assigned, but not used Subnet addressing Split large address ranges into multiple smaller ones (subnet) Dramatically increases potential number of routes! Network Layer 4-44

45 Subnetting Variable length subnet masks Subnet a class B address space into several chunks Network Host Network Subnet Host Mask Network Layer 4-45

46 Subnetting Example Assume an organization was assigned a class B address Assume it has < 100 hosts per subnet How many host bits do we need? Seven What is the network mask? or /25 How many subnets of this size can be created within this address space? List them Network Layer 4-46

47 Subnetting Example Assume an organization was assigned a class B address Assume it has < 100 hosts per subnet How many host bits do we need? Seven What is the network mask? or /25 How many subnets of this size can be created within this address space? 512 (/16 = 2 16 hosts, /25 = 2 7 hosts 2 16 /2 7 = 2 9 = 512) List them /25 ( *******) /25 ( *******) /25 ( *******) /25 ( *******) /25 ( *******) /25 ( *******) Network Layer 4-47

48 Subnetting Example Split the following network into 16 equal subnetworks /17 Network Layer 4-48

49 Subnetting Example Split the following network into 16 equal subnetworks / Split into 16 parts using next 4 significant bits etc. Solution / / /21 etc. Network Layer 4-49

50 IP Address Problem #2 (1991) Address space depletion In danger of running out of classes A and B Class A very few in number, IANA frugal in giving them out Class B subnetting only applied to new allocations of class B existing class B networks sparsely populated people refuse to give it back Class C plenty available, but too small for most domains Supernetting Assign multiple consecutive class C blocks as one block Allows class C usage while limiting number of routes used Network Layer 4-50

51 IP Address Problem #2 (1991) Example Combine the following class C networks into one larger network / / / / / / / /24 Answer: / * * * * * * * * Network Layer 4-51

52 IP Address Problem #3 (1991) Explosion of routes Subnetting class B Increasing use of class C explodes # of routes Remove classes Classless Inter-Domain Routing (CIDR) Arbitrary aggregation of contiguous addresses Network Layer 4-52

53 IP addressing: CIDR Original classful addressing Use class structure (A, B, C) to determine network ID for route lookup CIDR: Classless InterDomain Routing Do not use classes to determine network ID network portion of address of arbitrary length route format: a.b.c.d/x, where x is # bits in network portion of address network part host part /23 Network Layer 4-53

54 CIDR Assign any range of addresses to network Use common part of address as network number e.g., addresses * to * have the first 20 bits in common. Thus, we use this as the network number netmask is /20, /xx is valid for almost any xx /20 Enables more efficient usage of address space (and router tables) More on how this impacts routing later. Network Layer 4-54

55 CIDR example Consider the following sets of /24 networks / / / / / / / /24 Using CIDR, what is the minimum number of prefixes that can be used to represent this range exactly? Network Layer 4-55

56 CIDR example Consider the following sets of /24 networks /24 = * /24 = * / /24 = * /24 = * /24 = * /24 = * / /24 = * /24 = * /23 Using CIDR, what is the minimum number of prefixes that can be used to represent this range exactly? Network Layer 4-56

57 CIDR example Consider the following sets of /24 networks / / / / / / / /24 Using CIDR, what is the minimum number of prefixes that can be used to represent this range exactly? Network Layer 4-57

58 CIDR example Consider the following sets of /24 networks /24 = * /24 = * = / /24 = * = /24 = * = / /24 = * = /24 = * = /24 = * = /24 = * = /22 Using CIDR, what is the minimum number of prefixes that can be used to represent this range exactly? Network Layer 4-58

59 CIDR route aggregation Hierarchical addressing allows efficient advertisement of routing information: Organization /23 Organization /23 Organization /23 Organization Fly-By-Night-ISP Send me anything with addresses beginning /20 Internet /23 ISPs-R-Us Send me anything with addresses beginning /16 Network Layer 4-59

60 CIDR route aggregation ISP X given 16 class C networks * to * (or /20) Adjacent 1 1 Route Interface ISP ISP X /21 2 router / /23 4 Route Interface / /20 1 Large company / /24, / /24, / /24, / /24, /24 Medium company / / / / /24 Small company / / /24 Tiny company / 24 Network Layer 4-60

61 CIDR Shortcomings Customer selecting a new provider Renumbering required / /16 Provider 1 Provider / / / /23 Network Layer 4-61

62 CIDR shortcomings Multi-homing ISPs-R-Us has a more specific route to Organization 1 Organization /23 Organization /23 Organization / Organization /23 Fly-By-Night-ISP ISPs-R-Us Send me anything with addresses beginning /20 Send me anything with addresses beginning /16 or /23 Internet Network Layer 4-62

63 Getting IP addresses Q: How does network get IP addresses? A: organization gets allocated portion of its provider ISP s address space ISPs get it from ICANN: Internet Corporation for Assigned Names and Numbers Allocates addresses, manages DNS, resolves disputes Customers get sub-blocks from ISPs ISP's block /20 Organization /23 Organization /23 Organization / Organization /23 Network Layer 4-63

64 CIDR and IP route lookup (forwarding) IP routing Done only based on destination IP address Lookup route in forwarding table Classful IP Route Lookup In the early days, address classes made it easy A: 0 7 bit network 24 bit host (16M each) B: bit network 16 bit host (64K) C: bit network 8 bit host (255) Address would specify prefix for forwarding table Simple lookup Network Layer 4-64

65 Classful IP forwarding address Class B address route prefix is Lookup in class B forwarding table Prefix part of address that really matters for routing Forwarding table contains List of prefix entries A few fixed prefix lengths (8/16/24) Large tables 2 Million class C networks Sites with multiple class C networks have multiple route entries at every router Network Layer 4-65

66 CIDR and IP forwarding CIDR advantages Saves space in route tables Makes more efficient use of address space ISP allocated 8 class C chunks, to / / / / / / / /24 Combine 8 class C entries with 1 combined entry First 21 bits are network number Written as /21 Routing protocols carry prefix length with destination network address Network Layer 4-66

67 CIDR and IP forwarding CIDR disadvantage Makes route lookup more complex CIDR fundamentally changes route lookup algorithm Before CIDR Separate class A/B/C route tables each with O(1) lookup Table lookup based on class (A,B,C) After CIDR One table containing many prefix lengths Must find the most specific route that matches the destination IP address in packet Must match against all routes simultaneously via longest prefix match Network Layer 4-67

68 Longest prefix matching Prefix Match Link Interface otherwise 3 Examples DA: Which interface? DA: Which interface? Network Layer 4-68

69 CIDR example Routing to the network Packet to arrives Path is R2 R1 H1 H R1 H / H3 H / /24 Provider / /24 R / H Network Layer 4-69

70 CIDR example Subnet Routing Packet to Matches /22 Routing table at R R1 H / H3 H / /24 Destination Next Hop Interface lo0 Default or 0/0 provider / / / /24 R H / / / Network Layer 4-70

71 CIDR example Subnet Routing Packet to Matches /31 Longest prefix match Routing table at R R1 H / H3 H / /24 Destination Next Hop Interface lo / /24 R /24 Default or 0/ / / H / / matches both routes, use longest prefix match Network Layer 4-71

72 CIDR example Subnet Routing Packet to Direct route Longest prefix match R1 H / H3 H / /24 Routing table at H1 Destination Next Hop Interface lo0 Default or 0/ / / /24 R H / / matches both routes, use longest prefix match Network Layer 4-72

73 Longest-prefix matching Algorithms and data structures for CIDR-based IP forwarding Ruiz-Sanchez, Biersack, Dabbous, Survey and Taxonomy of IP address Lookup Algorithms, IEEE Network, Vol. 15, No. 2, March 2001 Binary tree Multi-bit tree LC tree Lulea tree Full expansion/compression Binary search on prefix lengths Binary range search Multiway range search Multiway range trees Binary search on hash tables (Waldvogel SIGCOMM 97) Network Layer 4-73

74 Binary tree Data structure to support longest-prefix match for forwarding Bit-wise traversal from left-to-right Continue as far as possible while keeping track of deepest match Route Prefixes A 0* B 01000* C 011* D 1* E 100* F 1100* G 1101* H 1110* I 1111* A D Example: C E F G H I 0 Example: B Network Layer 4-74

75 Path-compressed binary tree Eliminate single branch point nodes Saves unnecessary memory lookups Branches labelled by bit to examine Continue as far as possible while keeping track of deepest match Variants include PATRICIA and BSD trees Route Prefixes A 0* B 01000* C 011* D 1* E 100* F 1100* G 1101* B H 1110* I 1111* x Bit=3 0 A Bit=1 0 1 Bit=2 1 0 C E D 1 Bit=3 0 1 Example: Bit=4 Bit= F G H I Network Layer 4-75

76 Example #2 Create a binary tree that implements the following forwarding table Route Prefixes A 0* B 00010* C 00011* D * Network Layer 4-76

77 Example #2: Binary tree Route Prefixes A 0* B 00010* C 00011* D * 0 A 0 D B C Network Layer 4-77

78 Example #2 Create a path-compressed binary tree that implements the following forwarding table Route Prefixes A 0* B 00010* C 00011* D * Network Layer 4-78

79 Example #2: Path-compressed binary tree Route Prefixes A 0* B 00010* C 00011* D * 0 A Bit=5 1 0 D Bit=1 B C Network Layer 4-79

80 Multi-bit trees Problem with all single-bit trees Still incur too many memory accesses per lookup Lookup done a single bit at a time CPUs access 32-bits at a time Multi-bit trees Compare multiple bits at a time Stride = number of bits being examined Reduces memory accesses Increases memory required Forces table expansion for prefixes falling in between strides Two types Variable stride multi-bit trees Fixed stride multi-bit trees Most route entries are Class C Optimize stride based on this Network Layer 4-80

81 Variable stride multi-bit tree Single level has variable stride lengths Route Prefixes A 0* B 01000* C 011* D 1* E 100* F 1100* G 1101* H 1110* I 1111* A A D D C C E F G H I 0 1 B Stride either 1 or 2 bits Route for C expanded/duplicated Network Layer 4-81

82 Fixed stride multi-bit tree Single level has equal strides Route Prefixes A 0* B 01000* C 011* D 1* E 100* F 1100* G 1101* H 1110* I 1111* A A A C E D D D B F F G G H H I I Network Layer 4-82

83 Issues Scaling IPv6? Stride choice Tuning stride to route table Network Layer 4-83

84 IP Address Problem #4 (1994) Even with CIDR, address space running out IPv6 still being developed, a long way from being deployed Network Address Translation (NAT) Alternate solution to address space depletion problem Kludge (but useful) Sits between your network and the Internet Dynamically assign source address from a pool of available addresses Statistically multiplex address usage Each machine gets unique, external IP address out of pool Replaces local, private, network layer source IP addresses to global IP addresses Has a pool of global IP addresses (less than number of hosts on your network) Network Layer 4-84

85 NAT Illustration Destination Pool of global IP addresses Source Global Internet G P Private Network D g S g Data NAT D g S p Data Operation: Source (S) wants to talk to Destination (D): Create S g -S p mapping Replace S p with S g for outgoing packets Replace S g with S p for incoming packets Network Layer 4-85

86 IP addressing and NAT What if we only have one IP address? Add port translation to NAT Sometimes referred to as NAPT (Network Address Port Translator) Both addresses and ports are translated Translates Paddr + flow info to Gaddr + new flow info Uses TCP/UDP port numbers Potentially thousands of simultaneous connections with one global IP address 16-bit port-number field: 60,000 simultaneous connections with a single LAN-side address! Network Layer 4-86

87 NAT with port translation rest of Internet local network (e.g., home network) / All datagrams leaving local network have same single source NAT IP address: , different source port numbers Datagrams with source or destination in this network have /24 address for source, destination (as usual) Network Layer 4-87

88 NAT Advantages range of addresses not needed from ISP: just a small set of IP addresses for all devices can change addresses of devices in local network without notifying outside world can change ISP without changing addresses of devices in local network devices inside local net not explicitly addressable, visible by outside world (a security plus). Network Layer 4-88

89 NAT Implementation: NAT router must: outgoing datagrams: replace (source IP address, port #) of every outgoing datagram to (NAT IP address, new port #)... remote clients/servers will respond using (NAT IP address, new port #) as destination addr. remember (in NAT translation table) every (source IP address, port #) to (NAT IP address, new port #) translation pair incoming datagrams: replace (NAT IP address, new port #) in dest fields of every incoming datagram with corresponding (source IP address, port #) stored in NAT table Network Layer 4-89

90 NAT example 2: NAT router changes datagram source addr from , 3345 to , 5001, updates table 2 NAT translation table WAN side addr LAN side addr , , 3345 S: , 5001 D: , S: , 3345 D: , : host sends datagram to , S: , 80 D: , : Reply arrives dest. address: , 5001 S: , 80 D: , : NAT router changes datagram dest addr from , 5001 to , 3345 Network Layer 4-90

91 NAT is controversial Routers should only process up to layer 3 violates network transparency key feature that allows one to deploy any application without coordinating with network infrastructure implicit assumption that network header is unchanged in network address shortage should instead be solved by IPv6 Other problems No inbound connections Must be taken into account by app designers, eg, P2P applications Some protocols carry addresses e.g., FTP carries addresses in text What is the problem? Encryption Network Layer 4-91

92 NAT problem #1: traversal Incoming connections client want to connect to server with address server address local to LAN (client can t use it as destination addr) Client? only one externally visible NATted address: solution 1: statically configure NAT to forward incoming connection requests at given port to server NAT router e.g., ( , port 2500) always forwarded to port Or use DMZ host Network Layer 4-92

93 NAT problem #1: traversal solution 2: Universal Plug and Play (UPnP) Internet Gateway Device (IGD) Protocol. Allows NATted host to: learn public IP address ( ) enumerate existing port mappings add/remove port mappings (with lease times) NAT router IGD i.e., automate static NAT port map configuration Network Layer 4-93

94 NAT problem #1: traversal solution 3: relaying (used in Skype) NATed server establishes connection to relay External client connects to relay relay bridges packets between to connections Client 2. connection to relay initiated by client 3. relaying established 1. connection to relay initiated by NATted host NAT router Network Layer 4-94

95 NAT problem #2: loss of transparency Breaks applications that assume network does not modify packets Prevents new applications that make the same assumption Example ftp, NAT, and PORT command Network Layer 4-95

96 ftp, NAT and PORT command Normal FTP mode Server has port 20, 21 reserved Client initiates control connection to port 21 on server Client allocates port X for data connection Client passes its IP address and the data connection port (X) in a PORT command to server Server parses PORT command and initiates connection from its own port 20 to the client on port X What if client is behind a NAT device? Network Layer 4-96

97 ftp, NAT and PORT command Problem ftp server connects to a private IP address! Packet #1 SrcIP= SrcPort=1312 DstIP= DstPort= PORT command Connect to me at IP= Port= NAPT translator ExternalIP= Packet #1 after NAPT SrcIP= SrcPort=2000 DstIP= DstPort= PORT command Connect to me at IP= Port=20 Network Layer 4-97

98 ftp, NAT and PORT command Solution #1 Modify packets at NAT NAT must captures outgoing connections destined for port 21 Looks for PORT command and translates address/port payload _port.htm What if NAT doesn t parse PORT command correctly? What if ftp server is running on a different port than 21? Network Layer 4-98

99 ftp, NAT and PORT command Need to rewrite points to bigger problem! Loss of network transparency Network must modify application data in order for application to run correctly! Packet #1 SrcIP= SrcPort=1312 DstIP= DstPort= PORT command Connect to me at IP= Port= NAPT translator ExternalIP= Packet #1 after NAPT SrcIP= SrcPort=2000 DstIP= DstPort= PORT command Connect to me at IP= Port=2001 Network Layer 4-99

100 ftp, NAT, and PORT command Solution #2 Passive (PASV) mode Client initiates control connection to port 21 on server Client enables Passive mode Server responds with PORT command giving client the IP address and port to use for subsequent data connection (usually port 20, but can be bypassed) Client initiates data connection by connecting to specified port on server Most web browsers do PASV-mode ftp Network Layer 4-100

101 ftp, NAT, and PORT command PASV mode transfers After PASV command SrcIP= SrcPort=21 DstIP= DstPort= PORT command Connect to me at IP= Port= NAPT translator ExternalIP= Network Layer 4-101

102 ftp, NAT, and PORT command Solution #2 What if server is behind a NAT device? See client issues What if both client and server are behind NAT devices? Problem Similar to P2P xfers and Skype See IETF STUN WG Network Layer 4-102

103 Chapter 4: Network Layer 4. 1 Introduction 4.5 Routing algorithms 4.2 Virtual circuit and datagram networks 4.3 What s inside a router 4.4 IP: Internet Protocol Datagram format IPv4 addressing ICMP IPv6 Link state Distance Vector Hierarchical routing 4.6 Routing in the Internet RIP OSPF BGP 4.7 Broadcast and multicast routing Network Layer 4-103

104 ICMP: Internet Control Message Protocol Essentially a network-layer protocol for passing control messages used by hosts & routers to communicate network-level information error reporting: unreachable host, network, port, protocol echo request/reply (used by ping) network-layer above IP: ICMP msgs carried in IP datagrams ICMP message: type, code plus first 8 bytes of IP datagram causing error Type Code description 0 0 echo reply (ping) 3 0 dest. network unreachable 3 1 dest host unreachable 3 2 dest protocol unreachable 3 3 dest port unreachable 3 6 dest network unknown 3 7 dest host unknown 4 0 source quench (congestion control - not used) 8 0 echo request (ping) 9 0 route advertisement 10 0 router discovery 11 0 TTL expired 12 0 bad IP header Network Layer 4-104

105 ICMP and traceroute What do real Internet delay & loss look like? Traceroute program: provides delay measurement from source to router along end-end Internet path towards destination. For all i: sends three packets that will reach router i on path towards destination router i will return packets to sender sender times interval between transmission and reply. 3 probes 3 probes 3 probes Network Layer 4-105

106 ICMP and traceroute Source sends series of UDP segments to dest First has TTL =1 Second has TTL=2, etc. Unlikely port number When nth datagram arrives to nth router: Router discards datagram And sends to source an ICMP message (type 11, code 0) Message includes name of router& IP address When ICMP message arrives, source calculates RTT Traceroute does this 3 times Stopping criterion UDP segment eventually arrives at destination host Destination returns ICMP host unreachable packet (type 3, code 3) When source gets this ICMP, stops. Network Layer 4-106

107 Examples traceroute: gaia.cs.umass.edu to Three delay measurements from gaia.cs.umass.edu to cs-gw.cs.umass.edu 1 cs-gw ( ) 1 ms 1 ms 2 ms 2 border1-rt-fa5-1-0.gw.umass.edu ( ) 1 ms 1 ms 2 ms 3 cht-vbns.gw.umass.edu ( ) 6 ms 5 ms 5 ms 4 jn1-at wor.vbns.net ( ) 16 ms 11 ms 13 ms 5 jn1-so wae.vbns.net ( ) 21 ms 18 ms 18 ms 6 abilene-vbns.abilene.ucaid.edu ( ) 22 ms 18 ms 22 ms 7 nycm-wash.abilene.ucaid.edu ( ) 22 ms 22 ms 22 ms ( ) 104 ms 109 ms 106 ms 9 de2-1.de1.de.geant.net ( ) 109 ms 102 ms 104 ms 10 de.fr1.fr.geant.net ( ) 113 ms 121 ms 114 ms 11 renater-gw.fr1.fr.geant.net ( ) 112 ms 114 ms 112 ms 12 nio-n2.cssi.renater.fr ( ) 111 ms 114 ms 116 ms 13 nice.cssi.renater.fr ( ) 123 ms 125 ms 124 ms 14 r3t2-nice.cssi.renater.fr ( ) 126 ms 126 ms 124 ms 15 eurecom-valbonne.r3t2.ft.net ( ) 135 ms 128 ms 133 ms ( ) 126 ms 128 ms 126 ms 17 * * * 18 * * * 19 fantasia.eurecom.fr ( ) 132 ms 128 ms 136 ms trans-oceanic link * means no response (probe lost, router not replying) Network Layer 4-107

108 Try it Some routers labeled with airport code of city they are located in traceroute Packets go to SEA, back to PDX, SJC traceroute Packets go to SMF, SFO, SJC, NYC, EWR. traceroute Packets go to Pittock block to Eugene traceroute Packets go to SEA and back to PDX Network Layer 4-108

109 Chapter 4: Network Layer 4. 1 Introduction 4.5 Routing algorithms 4.2 Virtual circuit and datagram networks 4.3 What s inside a router 4.4 IP: Internet Protocol Datagram format IPv4 addressing ICMP IPv6 Link state Distance Vector Hierarchical routing 4.6 Routing in the Internet RIP OSPF BGP 4.7 Broadcast and multicast routing Network Layer 4-109

110 IPv6 Redefine functions of IP (version 4) What changes should be made in. IP addressing IP delivery semantics IP quality of service IP security IP routing IP fragmentation IP error detection Network Layer 4-110

111 IPv6 Initial motivation: 32-bit address space soon to be completely allocated (est. 2008) Additional motivation: Remove ancillary functionality Speed processing/forwarding Add missing, but essential functionality header changes to facilitate QoS new anycast address: route to best of several replicated servers IPv6 datagram format: fixed-length 40 byte header no fragmentation allowed Network Layer 4-111

112 IPv6 Header (Cont) Priority: identify priority among datagrams in flow Flow Label: identify datagrams in same flow. (concept of flow not well defined). Next header: identify next protocol for data Network Layer 4-112

113 IPv6 Changes Scale addresses are 128bit Header size? Simplification Removes infrequently used parts of header 40 byte fixed header vs. 20+ byte variable header IPv6 removes checksum IPv4 checksum = provide extra protection on top of datalink layer and below transport layer End-to-end principle Is this necessary? IPv6 answer =>No Relies on upper layer protocols to provide integrity Reduces processing time at each hop Network Layer 4-113

114 IPv6 Changes IPv6 eliminates fragmentation Requires path MTU discovery ICMPv6: new version of ICMP additional message types, e.g. Packet Too Big Protocol field replaced by next header field Unify support for protocol demultiplexing as well as option processing Option processing Options allowed, but only outside of header, indicated by Next Header field Options header does not need to be processed by every router Large performance improvement Makes options practical/useful Network Layer 4-114

115 IPv6 Changes TOS replaced with traffic class octet Support QoS via DiffServ FlowID field Help soft state systems, accelerate flow classification Maps well onto TCP connection or stream of UDP packets on host-port pair Additional requirements Support for security Support for mobility Easy auto-configuration Network Layer 4-115

116 Transition From IPv4 To IPv6 Not all routers can be upgraded simultaneous no flag days How will the network operate with mixed IPv4 and IPv6 routers? Two proposed approaches: Dual Stack: some routers with dual stack (v6, v4) can translate between formats Tunneling: IPv6 carried as payload in an IPv4 datagram among IPv4 routers Network Layer 4-116

117 Tunneling Logical view: A B E F tunnel IPv6 IPv6 IPv6 IPv6 Physical view: A B E F IPv6 IPv6 IPv6 IPv6 IPv4 IPv4 Network Layer 4-117

118 Tunneling Logical view: A B E F tunnel IPv6 IPv6 IPv6 IPv6 Physical view: A B C D E F IPv6 IPv6 IPv4 IPv4 IPv6 IPv6 Flow: X Src: A Dest: F data Src:B Dest: E Flow: X Src: A Dest: F Src:B Dest: E Flow: X Src: A Dest: F Flow: X Src: A Dest: F data data data A-to-B: IPv6 B-to-C: IPv6 inside IPv4 B-to-C: IPv6 inside IPv4 E-to-F: IPv6 Network Layer 4-118

119 Dual Stack Approach Dual-stack router translates b/w v4 and v6 v4 addresses have special v6 equivalents Issue: how to translate FlowField of v6? Network Layer 4-119

120 Chapter 4: Network Layer 4. 1 Introduction 4.5 Routing algorithms 4.2 Virtual circuit and datagram networks 4.3 What s inside a router 4.4 IP: Internet Protocol Datagram format IPv4 addressing ICMP IPv6 Link state Distance Vector Hierarchical routing 4.6 Routing in the Internet RIP OSPF BGP 4.7 Broadcast and multicast routing Network Layer 4-120

121 Two Key Network-Layer Functions forwarding: move packets from router s input to appropriate router output routing: determine route taken by packets from source to dest. analogy: routing: process of planning trip from source to dest forwarding: process of getting through single interchange routing algorithms Network Layer 4-121

122 Interplay between routing, forwarding Previously: Forward based on forwarding table Q: How to generate forwarding tables? Routing algorithms and protocols value in arriving packet s header routing algorithm local forwarding table header value output link Network Layer 4-122

123 Who handles IP routing functions? Source (IP source routing) Network edge devices Network routers Network Layer 4-123

124 Source Routing IP source route option Packet carries path to destination Entire path (strict) Partial path (loose) Attach list of IP addresses within header Router processing Examine first step in directions Increment pointer offset in header Forward to step Copy entire source route header on fragmentation Network Layer 4-124

125 Source Routing Example Packet R1/R2/R3 2 R2/R3 2 Sender 1 R R2 4 3 R R3 3 Receiv er Network Layer 4-125

126 Source Routing Advantages Switches can be very simple and fast Disadvantages Variable (unbounded) header size Sources must know or discover topology (e.g., failures) Typical use Ad-hoc networks (DSR) Machine room networks (Myrinet) Network Layer 4-126

127 Network edge device routing Virtual circuits, tag switching Connection setup phase Map IP route into appropriate label, wavelength, circuit at the network edge Switch on label, wavelength, circuit ID in core ATM, MPLS, lambda switching In-network processing Lookup flow ID simple table lookup Potentially replace flow ID with outgoing flow ID Forward to output port Network Layer 4-127

128 Virtual Circuits Examples Packet Sender edge R R ,7 4,2 1,5 3, R3 3 6 Receiver edge 2,2 3,6 Network Layer 4-128

129 Virtual Circuits Advantages More efficient lookup (simple table lookup) Easier for hardware implementations More flexible (different path for each flow) Can reserve bandwidth at connection setup Disadvantages Still need to route connection setup request More complex failure recovery must recreate connection state Typical uses ATM combined with fix sized cells MPLS tag switching for IP networks Network Layer 4-129

130 IP Datagrams on Virtual Circuits Challenge when to setup connections At bootup time permanent virtual circuits (PVC) Large number of circuits For every packet transmission Connection setup is expensive For every connection What is a connection? How to route connectionless traffic? Based on traffic VC for long-lived flows Normal IP forwarding for all other flows Network Layer 4-130

131 Network routers (Global IP addresses) Hop-by-hop forwarding based on destination IP carried by packet Each packet has destination IP address Each router has forwarding table of.. destination IP next hop IP address IP route table calculated in network routers Most prevalent way to route on the Internet Distributed routing algorithm for calculating forwarding tables Network Layer 4-131

132 Global Address Example Packet R 2 R 2 Sender 1 R R2 4 3 R 4 R 3 R R3 3 R Receiver R 3 Network Layer 4-132

133 Global Addresses Advantages Simple error recovery Disadvantages Every router knows about every destination Potentially large tables All packets to destination take same route Network Layer 4-133

134 Comparison Source Routing Global Addresses Header Size Worst OK Large address Router Table Size None Number of hosts (prefixes) Forward Overhead Best Prefix matching Virtual Circuits OK (larger than global if IP payload) Number of circuits Good (table index) Setup Overhead None None Error Recovery Tell all hosts Tell all routers Connection Setup Tell all routers, Tear down circuit and re-route Network Layer 4-134

135 Routing protocols Goal: determine good path (sequence of routers) thru network from source to dest. Graph abstraction for routing algorithms: Graph: G = (N,E) N=graph nodes (routers) A, B, C, D, E, F E=graph edges (links) (A,B), (A,D), (A,C), (B,C), (B,D), (C,D), (C,E), (C,F), (D,E), (E,F) Cost associated with edge Delay, $, congestion Routing algorithms find minimum cost paths through graph A B D C E F Network Layer 4-135

136 Routing Algorithm classification Global or decentralized information? Global: all routers have complete topology, link cost info link state algorithms Decentralized: router knows physically-connected neighbors, link costs to neighbors iterative process of computation, exchange of info with neighbors distance vector algorithms Network Layer 4-136

137 Chapter 4: Network Layer 4. 1 Introduction 4.5 Routing algorithms 4.2 Virtual circuit and datagram networks 4.3 What s inside a router 4.4 IP: Internet Protocol Datagram format IPv4 addressing ICMP IPv6 Link state Distance Vector Hierarchical routing 4.6 Routing in the Internet RIP OSPF BGP 4.7 Broadcast and multicast routing Network Layer 4-137

138 A Link-State Routing Algorithm Dijkstra s algorithm net topology, link costs known to all nodes accomplished via link state broadcast all nodes have same info computes least cost paths from one node ( source ) to all other nodes gives forwarding table for that node iterative: after k iterations, know least cost path to k dest. s Network Layer 4-138

139 Dijkstra s algorithm Start condition Each node assumed to know state of links to its neighbors Step 1: Link state broadcast Each node broadcasts its local link states to all other nodes Reliable flooding mechanism Step 2: Shortest-path tree calculation Each node locally computes shortest paths to all other nodes from global state Dijkstra s shortest path tree (SPT) algorithm Network Layer 4-139

140 Link state broadcast Link State Packets (LSPs) to broadcast state to all nodes Periodically, each node creates a link state packet containing: Node ID List of neighbors and link cost Sequence number Time to live (TTL) Node outputs LSP on all its links Network Layer 4-140

141 Link state broadcast Reliable Flooding When node J receives LSP from node K If LSP is the most recent LSP from K that J has seen so far, J saves it in database and forwards a copy on all links except link LSP was received on Otherwise, discard LSP How to tell more recent Use sequence numbers Same method as sliding window protocols Needed to avoid stale information from flood Problem: sequence number wrap-around» Addressed algorithmically using lollipop sequence numbering Network Layer 4-141

142 Shortest-path tree calculation Notation: c(x,y): link cost from node x to y; = 8 if not direct neighbors D(v): current value of cost of path from source to dest. v p(v): predecessor node along path from source to v N': set of nodes whose least cost path definitively known Network Layer 4-142

143 Dijsktra s Algorithm 1 Initialization: 2 N' = {u} 3 for all nodes v 4 if v adjacent to u 5 then D(v) = c(u,v) 6 else D(v) = Loop 9 find w not in N' such that D(w) is a minimum 10 add w to N' 11 update D(v) for all v adjacent to w and not in N' : 12 D(v) = min( D(v), D(w) + c(w,v) ) 13 /* new cost to v is either old cost to v or known 14 shortest path cost to w plus cost from w to v */ 15 until all nodes in N' Network Layer 4-143

144 Shortest-path tree calculation (Dijkstra s algorithm example) 5 D(v) = min( D(v), D(w) + c(w,v) ) 2 B 3 C 5 A D E 2 1 B C D E F step SPT (N) D(b), P(b) D(c), P(c) D(d), P(d) D(e), P(e) D(f), P(f) 0 A 2, A 5, A 1, A ~ ~ 1 F Network Layer 4-144

145 Dijkstra s algorithm example 5 D(v) = min( D(v), D(w) + c(w,v) ) 2 B 3 C 5 A D E 2 1 B C D E F step SPT D(b), P(b) D(c), P(c) D(d), P(d) D(e), P(e) D(f), P(f) 0 A 2, A 5, A 1, A ~ ~ 1 AD 2, A 4, D 2, D ~ 1 F Network Layer 4-145

146 Dijkstra s algorithm example 5 D(v) = min( D(v), D(w) + c(w,v) ) 2 B 3 C 5 A D E 2 1 B C D E F step SPT D(b), P(b) D(c), P(c) D(d), P(d) D(e), P(e) D(f), P(f) 0 A 2, A 5, A 1, A ~ ~ 1 AD 2, A 4, D 2, D ~ 2 ADE 2, A 3, E 4, E 1 F Network Layer 4-146

147 Dijkstra s algorithm example 5 D(v) = min( D(v), D(w) + c(w,v) ) 2 B 3 C 5 A D E 2 1 B C D E F step SPT D(b), P(b) D(c), P(c) D(d), P(d) D(e), P(e) D(f), P(f) 0 A 2, A 5, A 1, A ~ ~ 1 AD 2, A 4, D 2, D ~ 2 ADE 2, A 3, E 4, E 3 ADEB 3, E 4, E 1 F Network Layer 4-147

148 Dijkstra s algorithm example 5 D(v) = min( D(v), D(w) + c(w,v) ) 2 B 3 C 5 A D E 2 1 B C D E F step SPT D(b), P(b) D(c), P(c) D(d), P(d) D(e), P(e) D(f), P(f) 0 A 2, A 5, A 1, A ~ ~ 1 AD 2, A 4, D 2, D ~ 2 ADE 2, A 3, E 4, E 3 ADEB 3, E 4, E 4 ADEBC 4, E 1 F Network Layer 4-148

149 Dijkstra s algorithm example 5 D(v) = min( D(v), D(w) + c(w,v) ) 2 B 3 C 5 A D E 2 1 B C D E F step SPT D(b), P(b) D(c), P(c) D(d), P(d) D(e), P(e) D(f), P(f) 0 A 2, A 5, A 1, A ~ ~ 1 AD 2, A 4, D 2, D ~ 2 ADE 2, A 3, E 4, E 3 ADEB 3, E 4, E 4 ADEBC 4, E 5 ADEBCF 1 F Network Layer 4-149

150 Dijkstra s algorithm example Resulting shortest-path tree from A: B C A F D E Resulting forwarding table in A: destination B D E C F link (A,B) (A,D) (A,D) (A,D) (A,D) Network Layer 4-150

151 Link state algorithm characteristics Computation overhead n nodes each iteration: need to check all nodes, w, not in N n*(n+1)/2 comparisons: O(n**2) more efficient implementations possible: O(n log(n)) Space requirements Size of LSDB Bandwidth requirements Reliable flooding O(N*E) Stability Consistent LSDBs required for loop-free paths A 1 X B 3 D C Packet from C A may loop around BDC if B knows about failure and C & D do not Network Layer 4-151

152 Link-state algorithm issues Oscillations possible: e.g., link cost = amount of carried traffic Example: path to A flaps as traffic routed clockwise and counter-clockwise Common problem in load-based link metrics A. Khanna and J. Zinky, "The Revised ARPANET Routing Metric," in ACM SIGCOMM, 1989, pp D A 1 1+e e C e initially B 1 D A 2+e e 1 C 0 B recompute routing D A 0 2+e e C B recompute D A 2+e e 1 C e recompute B Network Layer 4-152

153 Chapter 4: Network Layer 4. 1 Introduction 4.5 Routing algorithms 4.2 Virtual circuit and datagram networks 4.3 What s inside a router 4.4 IP: Internet Protocol Datagram format IPv4 addressing ICMP IPv6 Link state Distance Vector Hierarchical routing 4.6 Routing in the Internet RIP OSPF BGP 4.7 Broadcast and multicast routing Network Layer 4-153

154 Distance vector routing algorithms Variants used in Early ARPAnet RIP (intra-domain routing protocol) BGP (inter-domain routing protocol) Distributed next hop computation Gossip with immediate neighbors until you find the best route Best route is achieved when there are no more changes Unit of information exchange Vector of distances to destinations Network Layer 4-154

155 Distance Vector Algorithm Bellman-Ford algorithm (1957) Define D x (y) := cost of least-cost path from x to y Then D x (y) = min {c(x,v) + D v (y) } v where min is taken over all neighbors v of x Network Layer 4-155

156 Bellman-Ford example 5 B-F equation says: u 1 2 v x w y z D u (z) = min { c(u,v) + D v (z), c(u,x) + D x (z), c(u,w) + D w (z) } Clearly, D v (z) = 5, D x (z) = 3, D w (z) = 3 Node that achieves minimum is next hop in shortest path? forwarding table = min {2 + 5, 1 + 3, 5 + 3} = 4 Network Layer 4-156

157 Bellman-Ford Update distance information iteratively Start with link table (as with Dijkstra), calculate distance table iteratively Distance table data structure table of known distances and next hops kept per node row for each possible destination column for each directly-attached neighbor to node D E () A B C D destination cost to destination via A B D A 1 7 B E C D 2 Distance table at node E Network Layer 4-157

158 Bellman-Ford algorithm Centralized version For node i while there is a change in D for all k not neighbor of i for each j neighbor of i D i (k,j) = c(i,j) + D j (k,*) if D i (k,j) < D i (k,*) { D i (k,*) = D i (k,j) H i (k) = j D i (k,*) i D j (k,*) c(i,j) k j c(i,j ) j k D j (k,*) } D X (Y,Z) = = distance from X to Y, via Z as next hop c(x,z) + min {D Z (Y,w)} w D X (Y,*) = H X (Y) = Minimum known distance from X to Y Next hop node from X to Y Network Layer 4-158

159 Distance table example for node E A 7 1 D E (C,D) D E (A,D) D E (A,B) B E C D = c(e,d) + min {D D (C,w)} w = 2+2 = 4 = c(e,d) + min {D D (A,w)} w = 2+3 = 5 2 loop! = c(e,b) + min {D B (A,w)} w = 8+6 = 14 destination D E () A B C D cost to destination via A B loop! H X (Y) = D Network Layer 4-159

160 Distance table gives forwarding table H (Y) X D () E cost to destination via A B D Outgoing link to use, cost A A A,1 destination B C destination B C D,5 D,4 D D D,4 Distance table Routing table Network Layer 4-160

161 Distributed Bellman-Ford Make Bellman algorithm distributed (Ford-Fulkerson 1962) Each node i has distance vector estimates to other nodes Iterate Each node sends around and recalculates D[i,*] When a node x receives new DV estimate from neighbor, it updates its own DV using B-F equation: D x (y)? min v {c(x,v) + D v (y)} for each node y? N If estimates change, broadcast entire table to neighbors continues until no nodes exchange info. self-terminating: no signal to stop D[i,*] eventually converges to shortest distance Network Layer 4-161

162 Distributed Bellman-Ford overview Each node: wait for (change in local link cost of msg from neighbor) recompute distance table if least cost path to any dest has changed, notify neighbors Asynchronous: triggered updates Iterative: no need to exchange info/iterate in lock step! When local link costs change When neighbor sends a message that its least cost path has changed for a node Distributed: nodes communicate only with directly-attached neighbors each node notifies neighbors only when its least cost path to any destination changes neighbors then notify their neighbors if necessary Network Layer 4-162

163 Distributed Bellman-Ford algorithm At all nodes, X: 1 Initialization: 2 for all adjacent nodes v: 3 D X (*,v) = infinity /* the * operator means "for all rows" */ 4 D X (v,v) = c(x,v) 5 for all destinations, y 6 send min w (D X (y,w)) to each neighbor /* w over all X's neighbors */ Network Layer 4-163

164 Distributed Bellman-Ford algorithm 8 loop 9 wait (until I see a link cost change to neighbor V 10 or until I receive update from neighbor V) if (c(x,v) changes by d) 13 /* change cost to all dest's via neighbor v by d */ 14 /* note: d could be positive or negative */ 15 for all destinations y: D X (y,v) = D X (y,v) + d else if (update received from V wrt destination Y) 18 /* shortest path from V to some Y has changed */ 19 /* V has sent a new value for its min w (D V (Y,w)) */ 20 /* call this received new value is "newval" */ 21 for the single destination Y: D X (Y,V) = c(x,v) + newval if we have a new min w (D X (Y,w)for any destination Y 24 send new value of min w (D X (Y,w)) to all neighbors forever Network Layer 4-164

165 Analyzing Distributed Bellman-Ford Continuously send local distance tables of best known routes to all neighbors until your table converges Computation diffuses until all nodes converge Will computation converge quickly and deterministically? Not all the time, pathologic cases possible (count-toinfinity) Several algorithms for minimizing such cases Network Layer 4-165

166 DBF example Initial Distance Vectors 7 B 1 C Info at Node Distance to Node A B C D E A 0 7 ~ ~ 1 A 8 2 B ~ 8 C ~ ~ 1 2 D ~ ~ E D E 1 8 ~ 2 0 Network Layer 4-166

167 DBF example What is the new distance table at E after E receives D s Routes? 7 B 1 C Info at Node Distance to Node A B C D E A 0 7 ~ ~ 1 A 8 2 B ~ 8 C ~ ~ 1 2 D ~ ~ E D E 1 8 ~ 2 0 Network Layer 4-167

168 DBF example What is the new distance table at E after E receives D s Routes? Cost to C is updated from ~ to 4 7 B 1 C Info at Node Distance to Node A B C D E A 0 7 ~ ~ 1 A 8 2 B ~ 8 C ~ ~ 1 2 D ~ ~ E D E Network Layer 4-168

169 DBF example What is the new distance table at A after A receives B s Routes? 7 B 1 C Info at Node Distance to Node A B C D E A 0 7 ~ ~ 1 A 8 2 B ~ 8 C ~ ~ 1 2 D ~ ~ E D E Network Layer 4-169

170 DBF example What is the new distance table at A after A receives B s Routes? Cost to C is updated from ~ to 8, cost to E unchanged 7 B 1 C Info at Node Distance to Node A B C D E A ~ 1 A 8 2 B ~ 8 C ~ ~ 1 2 D ~ ~ E D E Network Layer 4-170

171 DBF example What is the new distance table at A after A receives E s Routes? 7 B 1 C Info at Node Distance to Node A B C D E A ~ 1 A 8 2 B ~ 8 C ~ ~ 1 2 D ~ ~ E D E Network Layer 4-171

172 DBF example What is the new distance table at A after A receives E s Routes? Cost to C is updated from 8 to 5, cost to D updated from ~ to 3 7 B 1 C Info at Node Distance to Node A B C D E A A 8 2 B ~ 8 C ~ ~ 1 2 D ~ ~ E D E Network Layer 4-172

173 DBF example And so on, until final distances... 7 B 1 C Info at Node Distance to Node A B C D E A A 8 2 B C D E D E Network Layer 4-173

174 DBF example E s routing table B 1 C E s routing table 7 Next hop dest A B D A 8 2 A E 2 D B C D Network Layer 4-174

175 DBF (another example) X 2 Y 7 1 Z D X (Y,Z) = c(x,z) + min {D Z (Y,w)} = 7+1 = 8 w D X (Z,Y) = c(x,y) + min {D Y (Z,w)} = 2+1 = 3 w Network Layer 4-175

176 DBF (another example) See book for explanation of this example X 2 Y 7 1 Z Network Layer 4-176

177 DBF (good news example) Link cost changes: node detects local link cost change updates distance table (line 15) if cost change in least cost path, notify neighbors (lines 23,24) 1 X 4 Y 50 1 Z fast convergence Network Layer 4-177

178 terminates DBF (good news example) good news travels fast t 0 ) y detects link-cost change, updates its DV, informs neighbors. t 1 ) z receives the update from y and updates its table. It computes a new least cost to x and sends its neighbors its DV. t 2 ) y receives z s update and updates its distance table. y s least costs do not change and hence y does not send any message to z. x 1 4 y 50 1 z Network Layer 4-178

179 DBF (count-to-infinity example) Link cost changes: good news travels fast bad news travels slow - count to infinity problem! alternate route implicitly used link that changed 60 X 4 Y 50 1 Z algorithm continues on! Network Layer 4-179

180 How are loops caused? Observation 1: Y s metric to X increases Observation 2: Z picks Y as next hop to X But, the implicit path from Z to X includes itself! Network Layer 4-180

181 DBF: (count-to-infinity example) dest cost B 1 C 2 A 1 X B dest cost A 1 C C dest cost A 2 B 1 Network Layer 4-181

182 DBF: (count-to-infinity example) C Sends Routes to B dest cost dest cost B 1 C 2 A B A ~ C C dest cost A 2 B 1 Network Layer 4-182

183 DBF: (count-to-infinity example) B Updates Distance to A dest cost dest cost B 1 C 2 A B A 3 C C dest cost A 2 B 1 Network Layer 4-183

184 DBF: (count-to-infinity example) B Sends Routes to C dest cost dest cost B 1 C 2 A B A 3 C C dest cost A 4 B 1 Network Layer 4-184

185 DBF: (count-to-infinity example) C Sends Routes to B dest cost dest cost B 1 C 2 A B A 5 C C dest cost A 4 B 1 Network Layer 4-185

186 Solutions to looping Split horizon Do not advertise route to X to an adjacent neighbor if your route to X goes through that neighbor If C routes through B to get to A, C does not advertise (C=>A) route to B. Poisoned reverse Advertise an infinite distance route to X to an adjacent neighbor if your route to X goes through that neighbor If C routes through B to get to A, C advertises to B that its distance to A is infinity Network Layer 4-186

187 Split-horizon with poisoned reverse If Z routes through Y to get to X : Z tells Y its (Z s) distance to X is infinite (so Y won t route to X via Z) will this completely solve count to infinity problem? 60 X 4 Y 50 1 Z can now select and advertise route to X via Z algorithm terminates new route to X not involving Y route to X through Y goes thru Z poison it! Network Layer 4-187

188 Solutions to looping Split horizon with poisoned reverse Works for two node loops Does not work for loops with more nodes A 1 B 1 1 C X 1 D Network Layer 4-188

189 Other solutions to looping Route poisoning Advertise infinite cost on a route to everyone (not just next hop) when lowest cost route increases Gets rid of stale information throughout network Used in conjunction with Path Holdown Path Holddown Freeze route for a fixed time Do not switch to an alternate while route poisoning is happening In our example, A and B delay changing and advertising new routes A and B both set route to D to infinity after single step Configuring holddown delay Delay too large: Slow convergence Delay too small: Count-to-infinity more probable Network Layer 4-189

190 Other solutions to looping Path vector Select loop-free paths Each route advertisement carries entire path If a router sees itself in path, it rejects the route BGP does it this way Space proportional to diameter of network Network Layer 4-190

191 Looping Do solutions completely eliminate loops? No! Transient loops are still possible Why? Because implicit path information may be stale See this in BGP convergence Only way to fix this Ensure that you have up-to-date information by explicitly querying Network Layer 4-191

192 Comparing link-state vs. distance vector Communication costs Processing costs Optimality Stability Convergence time Loop freedom Oscillation damping Network Layer 4-192

193 Message complexity, network bandwidth Link State vs. Distance Vector LS: with n nodes, E links, O(nE) msgs sent Send info about your neighbors to everyone Small messages broadcast globally DV: exchange between neighbors only Send everything you know to your neighbors Large messages, but transfers only to neighbors Network Layer 4-193

194 Link State vs. Distance Vector Speed of Convergence LS: O(n 2 ) algorithm requires O(nE) msgs Faster can forward LSPs before processing Single SPT calculation DV: convergence time varies Fast with triggered updates count-to-infinity problem may be routing loops Network Layer 4-194

195 Link State vs. Distance Vector Space requirements: LS: maintains entire topology DV: maintains only neighbor state path vector maintains routes proportional to network diameter Network Layer 4-195

196 Link State vs. Distance Vector Robustness: LS DV Can be made robust since sources are aware of alternate paths within topology Can advertise incorrect paths to all destinations Incorrect calculation can spread to entire network Network Layer 4-196

197 Chapter 4: Network Layer 4. 1 Introduction 4.5 Routing algorithms 4.2 Virtual circuit and datagram networks 4.3 What s inside a router 4.4 IP: Internet Protocol Datagram format IPv4 addressing ICMP IPv6 Link state Distance Vector Hierarchical routing 4.6 Routing in the Internet RIP OSPF BGP 4.7 Broadcast and multicast routing Network Layer 4-197

198 Hierarchical Routing Our routing study thus far - idealization all routers identical network flat not true in practice scale: with 200 million destinations: can t store all dest s in routing tables! routing table exchange would swamp links! Flat routing does not scale administrative autonomy internet = network of networks each network admin may want to control routing in its own network Network Layer 4-198

199 Routing Hierarchies Key observation Need less information with increasing distance to destination Hierarchical routing saves table size reduces update traffic allows routing to scale Two radically different approaches The area hierarchy The landmark hierarchy Covered in advanced topics at end of course... Network Layer 4-199

200 Network Layer Areas Divide network into areas Areas can have nested sub-areas No path between two sub-areas of an area can exit that area Within area, each node has routes to every other node Outside area Each node has routes for other top-level areas only (not nodes within those areas) Inter-area packets are routed to nearest appropriate border router

201 Internet Routing Hierarchy Internet areas called autonomous systems (AS) administrative autonomy routers in same AS run same routing protocol intra-as routing protocol (IGP) Each AS can run its own intra-as routing protocol Border routers Special routers in AS that directly link to another AS Responsible for routing to destinations outside AS run intra-as routing protocol with all other routers in AS run inter-as routing protocol or exterior gateway protocol (EGP) with other gateway routers in other AS s Network Layer 4-201

202 Network Layer Internet Routing Hierarchy a C C.b b d A A.a a b A.c c B.a a B c Border router A.c b Routing protocols Inter-AS externally Intra-AS internally Forwarding table configured by both network layer Forwarding Table link layer physical layer

203 Network Layer Why different Intra- and Inter-AS routing? Policy: Intra-AS: single administrative policy No policy decisions needed, performance dominates Focus on performance Inter-AS: ISP wants control over how its traffic routed, who routes through its net. Policy and monetary factors dominate over performance

204 Inter-AS tasks Suppose router in AS1 receives datagram for destination outside of AS1 router should forward packet to gateway router, but which one? AS1 must: 1. learn which dests reachable through AS2, which through AS3 2. propagate this reachability info to all routers in AS1 Job of inter-as routing! 3c 3a 3b AS3 1a 1c 1d 1b AS1 2a 2c AS2 2b Network Layer 4-204

205 Example: Setting forwarding table in router 1d suppose AS1 learns (via inter-as protocol) that subnet x reachable via AS3 (gateway 1c) but not via AS2. inter-as protocol propagates reachability info to all internal routers. router 1d determines from intra-as routing info that its interface I is on the least cost path to 1c. installs forwarding table entry (x,i) 3c 3a 3b AS3 1a 1c 1d x 1b AS1 2a 2c 2b AS2 Network Layer 4-205

206 Network Layer Example: Choosing among multiple ASes now suppose AS1 learns from inter-as protocol that subnet x is reachable from AS3 and from AS2. to configure forwarding table, router 1d must determine towards which gateway it should forward packets for dest x. this is also the job of inter-as routing protocol! 3c 3a 3b AS3 1a 1c 1d x 1b AS1 2a 2c AS2 2b

207 Network Layer Example: Choosing among multiple ASes Cost-based selection Learn from inter-as protocol that subnet x is reachable via multiple gateways Use routing info from intra-as protocol to determine costs of least-cost paths to each of the gateways Choose the gateway that has the smallest least cost Determine from forwarding table the interface I that leads to least-cost gateway. Enter (x,i) in forwarding table

208 Network Layer AS Categories Stub: an AS that has only a single connection to one other AS - carries only local traffic. Multi-homed: an AS that has connections to more than one AS, but does not carry transit traffic Transit: an AS that has connections to more than one AS, and carries both transit and local traffic (under certain policy restrictions)

209 Network Layer AS categories example AS1 AS1 AS3 AS2 AS1 AS3 AS2 Transit Stub AS2 Multi-homed

210 Path Sub-optimality start end hop red path vs. 2 hop green path Network Layer 4-210

211 Chapter 4: Network Layer 4. 1 Introduction 4.5 Routing algorithms 4.2 Virtual circuit and datagram networks 4.3 What s inside a router 4.4 IP: Internet Protocol Datagram format IPv4 addressing ICMP IPv6 Link state Distance Vector Hierarchical routing 4.6 Routing in the Internet RIP OSPF BGP 4.7 Broadcast and multicast routing Network Layer 4-211

212 Intra-AS Routing Also known as Interior Gateway Protocols (IGP) Most common Intra-AS routing protocols: RIP: Routing Information Protocol Distance-vector OSPF: Open Shortest Path First Link-state IGRP: Interior Gateway Routing Protocol (Cisco proprietary) Distance-vector Network Layer 4-212

213 RIP (Routing Information Protocol) Distance vector algorithm Distance metric: # of hops (max = 15 hops) Vectors exchanged every 30 sec and when triggered Static update period leads to synchronization problems Split horizon with poisonous reverse Included in BSD-UNIX Distribution in 1982 RIP-2 in 1993 adds prefix mask for CIDR From router A to subsets: z u A C B D v y w x destination hops u 1 v 2 w 2 x 3 y 3 z 2 Network Layer 4-213

214 RIP: Example z w x y A D B C Destination Network Next Router Num. of hops to dest. w A 2 y B 2 z B 7 x Routing table in D Network Layer 4-214

215 RIP: Example Dest Next hops w - 1 x - 1 z C Advertisement from A to D w x y A D B z C Destination Network Next Router Num. of hops to dest. w A 2 y B 2 z B A 7 5 x Routing table in D Network Layer 4-215

216 RIP: Link Failure and Recovery If no advertisement heard after 180 sec --> neighbor/link declared dead routes via neighbor invalidated new advertisements sent to neighbors neighbors in turn send out new advertisements (if tables changed) link failure info quickly propagates to entire net poison reverse used to prevent ping-pong loops (infinite distance = 16 hops) Network Layer 4-216

217 RIP Table processing RIP routing tables managed by application-level process called routed (route daemon) advertisements sent in UDP packets, periodically repeated routed routed Transprt (UDP) Transprt (UDP) network (IP) forwarding table forwarding table network (IP) link link physical physical Network Layer 4-217

218 IGRP (Interior Gateway Routing Protocol) CISCO proprietary; successor of RIP (mid 80s) Distance Vector, like RIP several cost metrics (delay, bandwidth, reliability, load etc) 90 sec update with triggered updates Split horizon V1: path holddown V2: route poisoning uses TCP to exchange routing updates EIGRP Loop-free routing via DUAL (based on diffused computation) CIDR support Network Layer 4-218

219 Chapter 4: Network Layer 4. 1 Introduction 4.5 Routing algorithms 4.2 Virtual circuit and datagram networks 4.3 What s inside a router 4.4 IP: Internet Protocol Datagram format IPv4 addressing ICMP IPv6 Link state Distance Vector Hierarchical routing 4.6 Routing in the Internet RIP OSPF BGP 4.7 Broadcast and multicast routing Network Layer 4-219

220 Network Layer OSPF (Open Shortest Path First) open : publicly available Uses Link State algorithm LS packet dissemination Topology map at each node Route computation using Dijkstra s algorithm Advertisements disseminated to entire AS (via flooding) Carried in OSPF messages directly over IP (rather than TCP or UDP

221 OSPF advanced features (not in RIP) Security: all OSPF messages authenticated (to prevent malicious intrusion) Multiple same-cost paths allowed (only one path in RIP) Integrated uni- and multicast support: Multicast OSPF (MOSPF) uses same topology data base as OSPF Hierarchical OSPF in large domains. Network Layer 4-221

222 Network Layer Hierarchical OSPF two-level hierarchy: local area, backbone. Link-state advertisements only in area each nodes has detailed area topology; only know direction (shortest path) to nets in other areas. area border routers: summarize distances to nets in own area, advertise to other Area Border routers. backbone routers: run OSPF routing limited to backbone. boundary routers: connect to other AS s.

223 Hierarchical OSPF Network Layer 4-223

224 Network Layer Chapter 4: Network Layer 4. 1 Introduction 4.5 Routing algorithms 4.2 Virtual circuit and datagram networks 4.3 What s inside a router 4.4 IP: Internet Protocol Datagram format IPv4 addressing ICMP IPv6 Link state Distance Vector Hierarchical routing 4.6 Routing in the Internet RIP OSPF BGP 4.7 Broadcast and multicast routing

225 Network Layer History Mid-80s: EGP (Exterior Gateway Protocol) Used in original ARPAnet Reachability protocol (no shortest path) Single bit for reachability information Topology restricted to a tree (no cycles allowed) ARPA-managed packet switches at top of tree Unacceptable once Internet grew to multiple independent backbones Result: BGP development

226 Network Layer BGP BGP (Border Gateway Protocol): the de facto standard BGP provides each AS a means to: 1. Get subnet reachability information from neighbor ASs. 2. Propagate reachability information to routers within AS. 3. Determine good routes to subnets based on reachability information and policy. Allows a subnet to advertise its existence to rest of the Internet: I am here What if a subnet lies about who it is? Recent route hijackings

227 Network Layer Inter-AS routing: BGP Link state or distance vector? Problems with distance-vector: Bellman-Ford algorithm may not converge More problems with link state: Everyone sees every link LS database too large entire Internet Can t easily control who uses the network (i.e. an ISP may want to hide particular links from being used by others, but link states are broadcast) Metric used by routers not the same loops No universal routing metric Policy drives routing decisions Result: BGP is a distance-vector protocol

228 Network Layer BGP Path Vector protocol: BGP advertisements to neighbors (peers) contain entire path (i.e, sequence of ASs) to a destination E.g., Gateway X sends its path to dest. Z: Path (X,Z) = X,Y1,Y2,Y3,,Z When AS gets route check if AS already in path If yes, reject route If no, add self and (possibly) advertise route further Allows for policy application (different metrics) Metrics are local - AS chooses path, protocol ensures no loops Supports CIDR aggregation (BGP4)

229 BGP basics Pairs of routers (BGP peers) exchange routing info over semipermanent TCP connections: BGP sessions Note that BGP sessions do not correspond to physical links. Two types ebgp and ibgp ebgp between gateways ibgp from gateway to internal routers of an AS AS2 advertises a prefix to AS1 AS2 is promising it will forward any datagrams destined to that prefix towards the prefix. AS2 can aggregate prefixes in its advertisement 3c 3a 3b AS3 1a AS1 1c 1d 1b 2a 2c AS2 2b ebgp session ibgp session Network Layer 4-229

230 Distributing reachability info With ebgp session between 3a and 1c, AS3 sends prefix reachability info to AS1. 1c can then use ibgp do distribute this new prefix reach info to all routers in AS1 1b can then re-advertise the new reach info to AS2 over the 1b-to-2a ebgp session When router learns about a new prefix, it creates an entry for the prefix in its forwarding table. 3c 3a 3b AS3 1a AS1 1c 1d 1b 2a 2c AS2 2b ebgp session ibgp session Network Layer 4-230

231 Path attributes & BGP routes advertised prefix includes BGP attributes. prefix + attributes = route two important attributes: AS-PATH: contains ASs through which prefix advertisement has passed: e.g, AS 67, AS 17 NEXT-HOP: indicates specific internal-as router to next-hop AS. (may be multiple links from current AS to next-hop-as) when gateway router receives route advertisement, uses import policy to accept/decline. Network Layer 4-231

232 Network Layer BGP messages Exchanged using TCP. Advantages: Simplifies BGP No need for periodic refresh - routes are valid until withdrawn, or the connection is lost Incremental updates Disadvantages BGP TCP spoofing attack Congestion control on a routing protocol? Poor interaction during high load (Code Red)

233 Network Layer BGP messages Example messages OPEN: opens TCP connection to peer and authenticates sender UPDATE: advertises new path (or withdraws old) KEEPALIVE keeps connection alive in absence of UPDATES; also ACKs OPEN request NOTIFICATION: reports errors in previous msg; also used to close connection

234 Network Layer Policy with BGP BGP provides capability for enforcing various policies Policies are not part of BGP: they are provided to BGP as configuration information BGP enforces policies by choosing paths from multiple alternatives and controlling advertisement to other AS s

235 Network Layer Path Selection Criteria Path attributes + external (policy) information Examples: Hop count Policy considerations Preference for AS Presence or absence of certain AS Path origin rejecting false routes Link dynamics Early-exit Hot-potato routing for transit packets

236 Network Layer Examples of BGP Policies A multi-homed AS refuses to act as transit Limit path advertisement A multi-homed AS can become transit for some AS s Only advertise paths to some AS s An AS can favor or disfavor certain AS s for traffic transit from itself

237 Network Layer BGP routing policy B legend: provider network W A C X customer network: Y Figure 4.5-BGPnew: a simple BGP scenario A,B,C are provider networks X,W,Y are customers (of provider networks) X is dual-homed: attached to two networks X does not want to route from B via X to C.. so X will not advertise to B a route to C

238 BGP routing policy (2) B legend: provider network W A C X customer network: Y Figure 4.5-BGPnew: a simple BGP scenario A advertises to B the path AW B advertises to X the path BAW Should B advertise to C the path BAW? No! B gets no revenue for routing CBAW since neither W nor C are B s customers B wants to force C to route to w via A B wants to route only to/from its customers! Network Layer 4-238

239 Network Layer Network Layer summary Service model Network-layer functions Instantiation on the Internet Delivery model Addressing Forwarding Routing

240 Extra slides Network Layer 4-240

241 Getting a datagram from source to dest. Classful routing example IP datagram: misc fields source IP addr dest IP addr data datagram remains unchanged, as it travels source to destination addr fields of interest here A B routing table in A Dest. Net. next router Nhops E Network Layer 4-241

242 Network Layer Getting a datagram from source to dest. Starting at A, given IP datagram addressed to B: misc fields look up net. address of B find B is on same net. as A link layer will send datagram directly to B inside link-layer frame data B and A are directly connected A B Dest. Net. next router Nhops E

243 Network Layer Getting a datagram from source to dest. misc fields Starting at A, dest. E: look up network address of E E on different network A, E not directly attached routing table: next hop router to E is link layer sends datagram to router inside linklayer frame datagram arrives at data continued.. A B Dest. Net. next router Nhops E

244 Network Layer Getting a datagram from source to dest. misc fields data network Arriving at , destined for look up network address of E E on same network as router s interface router, E directly attached link layer sends datagram to inside link-layer frame via interface datagram arrives at !!! (hooray!) A B Dest. next router Nhops interface E

245 Network Layer Issues in Router Table Size One entry for every host on the Internet 100M entries One entry for every LAN Every host on LAN shares prefix Still too many One entry for every organization Every host in organization shares prefix Requires careful address allocation What constitutes an organization?

246 Network Layer Binary tree Route Prefixes A 0* B 01000* C 011* D 1* E 100* F 1100* G 1101* H 1110* I 1111*

247 NAT example #2 Use the source port field (of TCP or UDP) along with pool of IP addresses Example: single, globally routable external IP address Packet #1 SrcIP= SrcPort=1312 DstIP= DstPort= Packet #2 SrcIP= SrcPort=1312 DstIP= DstPort= NAPT translator ExternalIP= Network Layer 4-247

248 NAT example #2 Packet #1 SrcIP= SrcPort=1312 DstIP= DstPort= Packet #1 after NAPT SrcIP= SrcPort=2000 DstIP= DstPort=21 Packet #2 after NAPT SrcIP= SrcPort=2001 DstIP= DstPort=21 Packet #2 SrcIP= SrcPort=1312 DstIP= DstPort= NAPT translator ExternalIP= Network Layer 4-248

249 NAT example #2 Reply #1 SrcIP= SrcPort=21 DstIP= DstPort=2000 Reply #2 SrcIP= SrcPort=21 DstIP= DstPort= NAPT translator ExternalIP= Network Layer 4-249

250 NAT example #2 Reply #1 after NAPT SrcIP= SrcPort=21 DstIP= DstPort= Reply #1 SrcIP= SrcPort=21 DstIP= DstPort=2000 Reply #2 SrcIP= SrcPort=21 DstIP= DstPort=2001 Reply #2 after NAPT SrcIP= SrcPort=21 DstIP= DstPort= NAPT translator ExternalIP= Network Layer 4-250

251 Link-state broadcasts: Wrapped sequence numbers Wrapped sequence numbers 0-N where N is large If difference between numbers is large, assume a wrap A is older than B if. A < B and A-B < N/2 or A > B and A-B > N/2 What about new nodes or rebooted nodes that are out of sync with sequence number space? Lollipop sequence (Perlman 1983) Network Layer 4-251

252 Network Layer Lollipop sequence numbers Divide sequence number space Special negative sequence for recovering from reboot New and rebooted nodes use negative sequence numbers Upon receipt of negative number, other nodes inform these nodes of current up-to-date sequence number A older than B if A < 0 and A < B A > 0, A < B and (B A) < N/4 A > 0, A > B and (A B) > N/4 -N/2 0 N/2-1

253 Network Layer Distance Vector Algorithm D x (y) = estimate of least cost from x to y Distance vector: D x = [D x (y): y? N ] Node x knows cost to each neighbor v: c(x,v) Node x maintains D x = [D x (y): y? N ] Node x also maintains its neighbors distance vectors For each neighbor v, x maintains D v = [D v (y): y? N ]

254 D x (y) = min{c(x,y) + D y (y), c(x,z) + D z (y)} = min{2+0, 7+1} = 2 node x table cost to cost to x y z x y z x y z node y table cost to x y z from from from x y z node z table cost to x y z x y z from x y z time D x (z) = min{c(x,y) + D y (z), c(x,z) + D z (z)} = min{2+1, 7+0} = 3 x 2 y 7 1 z Network Layer 4-254

255 D x (y) = min{c(x,y) + D y (y), c(x,z) + D z (y)} = min{2+0, 7+1} = 2 node x table cost to cost to cost to x y z x y z x y z x x x y y y z z z node y table cost to cost to cost to x y z x y z x y z x x x y y y z z z node z table cost to cost to cost to x y z x y z x y z from from from x y z from from from x y z from from from x y z time D x (z) = min{c(x,y) + D y (z), c(x,z) + D z (z)} = min{2+1, 7+0} = 3 x 2 y 7 1 z Network Layer 4-255

256 D x (y) = min{c(x,y) + D y (y), c(x,z) + D z (y)} = min{2+0, 7+1} = 2 node x table cost to cost to cost to x y z x y z x y z x x x y y y z z z node y table cost to cost to cost to x y z x y z x y z x x x y y y z z z node z table cost to cost to cost to x y z x y z x y z from from from x y z from from from x y z from from from x y z time D x (z) = min{c(x,y) + D y (z), c(x,z) + D z (z)} = min{2+1, 7+0} = 3 x 2 y 7 1 z Network Layer 4-256

257 Network Layer VC implementation A VC consists of: 1. Path from source to destination 2. VC numbers, one number for each link along path 3. Entries in forwarding tables in routers along path Packet belonging to VC carries a VC number. VC number must be changed on each link. New VC number comes from forwarding table

258 Network Layer Forwarding table VC number Forwarding table in northwest router: interface number Incoming interface Incoming VC # Outgoing interface Outgoing VC # Routers maintain connection state information!

259 Network Layer Forwarding table 4 billion possible entries Destination Address Range Link Interface through through through otherwise 3

260 RIP Table example (continued) Router: giroflee.eurocom.fr Destination Gateway Flags Ref Use Interface UH lo U 2 13 fa U le U 2 25 qaa U 3 0 le0 default UG Three attached class C networks (LANs) Router only knows routes to attached LANs Default router used to go up Route multicast address: Loopback interface (for debugging) Network Layer 4-260

261 DUAL Distributed Update Algorithm Garcia-Luna-Aceves 1989 Goal: Avoid transient loops in DV and LS algorithms Similar in flavor to route poisoning and path holddown 2 ideas A path shorter than current path cannot contain a loop Based on diffusing computation (Dijkstra-Scholten 1980) Wait until computation completes before changing routes in response to a new update Similar to path-holddown 3 kinds of messages Update, query, reply 2 states for routers Active (queries outstanding), passive Network Layer 4-261

262 Network Layer DUAL On update if (lower cost) adopt else if (higher cost) { if (from next hop) { if (any path exists < old length from next hop) switch path else freeze route send query to all neighbors except next hop go into active wait for reply from all neighbors update route return to passive } send reply to all querying neighbors }

263 Network Layer Hierarchical routing example IGP EGP IGP IGP EGP EGP EGP IGP EGP IGP

264 Network Layer Inter-AS routing EGP BGP

265 Network Layer BGP route selection Router may learn about more than 1 route to some prefix. Router must select route. Elimination rules: 1. Local preference value attribute: policy decision, hot potato routing 2. Shortest AS-PATH 3. Closest NEXT-HOP router 4. Additional criteria

266 Network Layer Path attributes & BGP routes When advertising a prefix, advert includes BGP attributes. prefix + attributes = route Two important attributes: AS-PATH: contains the ASs through which the advert for the prefix passed: AS 67 AS 17 NEXT-HOP: Indicates the specific internal-as router to next-hop AS. (There may be multiple links from current AS to next-hop-as.) When gateway router receives route advert, uses import policy to accept/decline.

267 Network Layer Interconnected ASes 3c 3a 3b AS3 1a 1c 1d 1b Intra-AS Routing algorithm AS1 Forwarding table Inter-AS Routing algorithm 2a 2c AS2 2b Forwarding table is configured by both intra- and inter-as routing algorithm Intra-AS sets entries for internal dests Inter-AS & Intra-As sets entries for external dests

268 Inter-AS tasks Suppose router in AS1 receives datagram for which dest is outside of AS1 Router should forward packet towards one of the gateway routers, but which one? AS1 needs: 1. to learn which dests are reachable through AS2 and which through AS3 2. to propagate this reachability info to all routers in AS1 Job of inter-as routing! 3c 3a 3b AS3 1a 1c 1d 1b AS1 2a 2c AS2 2b Network Layer 4-268

269 Network Layer Example: Setting forwarding table in router 1d Suppose AS1 learns from the inter-as protocol that subnet x is reachable from AS3 (gateway 1c) but not from AS2. Inter-AS protocol propagates reachability info to all internal routers. Router 1d determines from intra-as routing info that its interface I is on the least cost path to 1c. Puts in forwarding table entry (x,i).

270 Network Layer Example: Choosing among multiple ASes Now suppose AS1 learns from the inter-as protocol that subnet x is reachable from AS3 and from AS2. To configure forwarding table, router 1d must determine towards which gateway it should forward packets for dest x. This is also the job on inter-as routing protocol! Hot potato routing: send packet towards closest of two routers. Learn from inter-as protocol that subnet x is reachable via multiple gateways Use routing info from intra-as protocol to determine costs of least-cost paths to each of the gateways Hot potato routing: Choose the gateway that has the smallest least cost Determine from forwarding table the interface I that leads to least-cost gateway. Enter (x,i) in forwarding table

271 Distance Vector in Practice RIP and RIP2 BGP Uses split-horizon/poison reverse Propagates entire path Path also used for effecting policies Network Layer 4-271

272 Network Layer BGP path selection router may learn about more than 1 route to some prefix. Router must select route. elimination rules: 1. local preference value attribute: policy decision 2. shortest AS-PATH 3. closest NEXT-HOP router: hot potato routing 4. additional criteria

273 Network Layer Chapter 4: Network Layer 4. 1 Introduction 4.5 Routing algorithms 4.2 Virtual circuit and datagram networks 4.3 What s inside a router 4.4 IP: Internet Protocol Datagram format IPv4 addressing ICMP IPv6 Link state Distance Vector Hierarchical routing 4.6 Routing in the Internet RIP OSPF BGP 4.7 Broadcast and multicast routing

274 Network Layer Broadcast Routing deliver packets from source to all other nodes source duplication is inefficient: duplicate R1 duplicate creation/transmission R1 R2 R2 duplicate R3 R4 R3 R4 source duplication in-network duplication source duplication: how does source determine recipient addresses?

275 Network Layer In-network duplication flooding: when node receives brdcst pckt, sends copy to all neighbors Problems: cycles & broadcast storm controlled flooding: node only brdcsts pkt if it hasn t brdcst same packet before Node keeps track of pckt ids already brdcsted Or reverse path forwarding (RPF): only forward pckt if it arrived on shortest path between node and source spanning tree No redundant packets received by any node

276 Network Layer Spanning Tree First construct a spanning tree Nodes forward copies only along spanning tree A A c B c B F E D F E D (a) Broadcast initiated at A G (b) Broadcast initiated at D G

277 Spanning Tree: Creation Center node Each node sends unicast join message to center node Message forwarded until it arrives at a node already belonging to spanning tree A A c 3 B c B F 1 4 E 2 D 5 F E D G G (a) Stepwise construction of spanning tree (b) Constructed spanning tree Network Layer 4-277

278 Multicast Routing: Problem Statement Goal: find a tree (or trees) connecting routers having local mcast group members tree: not all paths between routers used source-based: different tree from each sender to rcvrs shared-tree: same tree used by all group members Shared tree Source-based trees

279 Approaches for building mcast trees Approaches: source-based tree: one tree per source shortest path trees reverse path forwarding group-shared tree: group uses one tree minimal spanning (Steiner) center-based trees we first look at basic approaches, then specific protocols adopting these approaches

280 Shortest Path Tree mcast forwarding tree: tree of shortest path routes from source to all receivers Dijkstra s algorithm S: source R1 1 R R4 5 R5 LEGEND router with attached group member router with no attached group member R3 R6 6 R7 i link used for forwarding, i indicates order link added by algorithm

281 Reverse Path Forwarding rely on router s knowledge of unicast shortest path from it to sender each router has simple forwarding behavior: if (mcast datagram received on incoming link on shortest path back to center) then flood datagram onto all outgoing links else ignore datagram

282 Reverse Path Forwarding: example S: source R2 R1 R4 R5 LEGEND router with attached group member router with no attached group member R3 R6 R7 datagram will be forwarded datagram will not be forwarded result is a source-specific reverse SPT may be a bad choice with asymmetric links

283 Reverse Path Forwarding: pruning forwarding tree contains subtrees with no mcast group members no need to forward datagrams down subtree prune msgs sent upstream by router with no downstream group members S: source LEGEND R1 R4 router with attached group member R3 R2 R6 P P R7 R5 P router with no attached group member prune message links with multicast forwarding

284 Shared-Tree: Steiner Tree Steiner Tree: minimum cost tree connecting all routers with attached group members problem is NP-complete excellent heuristics exists not used in practice: computational complexity information about entire network needed monolithic: rerun whenever a router needs to join/leave

285 Center-based trees single delivery tree shared by all one router identified as center of tree to join: edge router sends unicast join-msg addressed to center router join-msg processed by intermediate routers and forwarded towards center join-msg either hits existing tree branch for this center, or arrives at center path taken by join-msg becomes new branch of tree for this router

286 Center-based trees: an example Suppose R6 chosen as center: LEGEND R1 3 R4 router with attached group member R3 R2 1 R6 2 R7 R5 1 router with no attached group member path order in which join messages generated

287 Internet Multicasting Routing: DVMRP DVMRP: distance vector multicast routing protocol, RFC1075 flood and prune: reverse path forwarding, source-based tree RPF tree based on DVMRP s own routing tables constructed by communicating DVMRP routers no assumptions about underlying unicast initial datagram to mcast group flooded everywhere via RPF routers not wanting group: send upstream prune msgs

288 DVMRP: continued soft state: DVMRP router periodically (1 min.) forgets branches are pruned: mcast data again flows down unpruned branch downstream router: reprune or else continue to receive data routers can quickly regraft to tree following IGMP join at leaf odds and ends commonly implemented in commercial routers Mbone routing done using DVMRP

289 Tunneling Q: How to connect islands of multicast routers in a sea of unicast routers? physical topology logical topology mcast datagram encapsulated inside normal (non-multicastaddressed) datagram normal IP datagram sent thru tunnel via regular IP unicast to receiving mcast router receiving mcast router unencapsulates to get mcast datagram

290 PIM: Protocol Independent Multicast not dependent on any specific underlying unicast routing algorithm (works with all) two different multicast distribution scenarios : Dense: group members densely packed, in close proximity. bandwidth more plentiful Sparse: # networks with group members small wrt # interconnected networks group members widely dispersed bandwidth not plentiful

291 Consequences of Sparse-Dense Dichotomy: Dense group membership by routers assumed until routers explicitly prune data-driven construction on mcast tree (e.g., RPF) bandwidth and nongroup-router processing profligate Sparse: no membership until routers explicitly join receiver- driven construction of mcast tree (e.g., center-based) bandwidth and non-grouprouter processing conservative

292 PIM- Dense Mode flood-and-prune RPF, similar to DVMRP but underlying unicast protocol provides RPF info for incoming datagram less complicated (less efficient) downstream flood than DVMRP reduces reliance on underlying routing algorithm has protocol mechanism for router to detect it is a leaf-node router

293 PIM - Sparse Mode center-based approach router sends join msg to rendezvous point (RP) intermediate routers update state and forward join after joining via RP, router can switch to source-specific tree increased performance: less concentration, shorter paths R3 R2 R1 join join all data multicast from rendezvous point R6 join R4 R5 R7 rendezvous point

294 PIM - Sparse Mode sender(s): unicast data to RP, which distributes down RP-rooted tree RP can extend mcast tree upstream to source RP can send stop msg if no attached receivers no one is listening! R3 R2 R1 join join all data multicast from rendezvous point R6 join R4 R5 R7 rendezvous point

295 Network Layer Chapter 4: Network Layer 4. 1 Introduction 4.5 Routing algorithms 4.2 Virtual circuit and datagram networks 4.3 What s inside a router 4.4 IP: Internet Protocol Datagram format IPv4 addressing ICMP IPv6 Link state Distance Vector Hierarchical routing 4.6 Routing in the Internet RIP OSPF BGP 4.7 Broadcast and multicast routing

296 Network Layer Router Architecture Overview Two key router functions: Routing Determine route taken by packets from source to destination Run protocol (RIP, OSPF, BGP) Generate forwarding table from routing algorithms Algorithms based on either (LS,DV) Forwarding Process of moving packets from input port to output port Lookup forwarding table given information in packet Switch/forward datagrams from incoming to outgoing link based on route

297 Network Layer What Does a Router Look Like? Routing processor/controller Handles routing protocols, error conditions Line cards Network interface cards Forwarding engine Fast path routing (hardware vs. software) Backplane Switch or bus interconnect

298 Network Layer Typical mode of operation Packet arrives arrives at inbound line card Header transferred to forwarding engine Forwarding engine determines output interface given a table initialized by routing processor Forwarding engine signals result to line card Packet copied to outbound line card

299 Network Layer Routing Processor Runs routing protocol Uploads forwarding table to forwarding engines Forwarding engines with two forwarding tables to allow easy switchover (double buffering) Typically performs slow-path processing ICMP error messages IP option processing IP fragmentation IP multicast packets

300 Network Layer Input Port Functions Physical layer: bit-level reception Data link layer: e.g., Ethernet see chapter 5 Decentralized switching: given datagram dest., lookup output port using forwarding table in input port memory goal: complete input port processing at line speed queuing: if datagrams arrive faster than forwarding rate into switch fabric

301 Input Port Queuing Fabric slower than input ports combined => queuing may occur at input queues Head-of-the-Line (HOL) blocking: queued datagram at front of queue prevents others in queue from moving forward queueing delay and loss due to input buffer overflow! Network Layer 4-301