The Network 15 Layer IPv4 and IPv6 Part 3

Similar documents
The Netwok 15 Layer IPv4 and IPv6 Part 3

The Netwok Layer IPv4 and IPv6 Part 1

The Netwok Layer IPv4 and IPv6 Part 1

The Netwok Layer IPv4 and IPv6 Part 1

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia

The Netwok Layer IPv4 and IPv6 Part 2

The Netwok Layer IPv4 and IPv6 Part 1

EXAM TCP/IP NETWORKING Duration: 3 hours

The Netwok Layer IPv4 and IPv6 Part 1

The Netwok Layer IPv4 and IPv6 Part 2

EXAM TCP/IP NETWORKING Duration: 3 hours With Solutions

CS 356: Computer Network Architectures. Lecture 10: IP Fragmentation, ARP, and ICMP. Xiaowei Yang

EXAM TCP/IP NETWORKING Duration: 3 hours With Solutions

Lecture 8. Basic Internetworking (IP) Outline. Basic Internetworking (IP) Basic Internetworking (IP) Service Model

Lecture 8. Reminder: Homework 3, Programming Project 2 due on Thursday. Questions? Tuesday, September 20 CS 475 Networks - Lecture 8 1

ET4254 Communications and Networking 1

Tunnels. Jean Yves Le Boudec 2015

ICS 351: Networking Protocols

ETSF05/ETSF10 Internet Protocols Network Layer Protocols

Tunnels. Jean Yves Le Boudec 2015

Packetization Layer Path Maximum Transmission Unit Discovery (PLPMTU) For IPsec Tunnels

Vorlesung Kommunikationsnetze

The TCP/IP Architecture. Jean Yves Le Boudec 2015

The TCP/IP Architecture. Jean Yves Le Boudec 2015

The TCP/IP Architecture. Jean Yves Le Boudec 2015

The TCP/IP Architecture. Jean Yves Le Boudec 2017

Tunnels. Jean Yves Le Boudec 2014

The Internetworking Problem. Internetworking. A Translation-based Solution

Internet Protocols (chapter 18)

CS475 Networks Lecture 8 Chapter 3 Internetworking. Ethernet or Wi-Fi).

SEN366 (SEN374) (Introduction to) Computer Networks

Introduction to Internetworking

On Distributed Communications, Rand Report RM-3420-PR, Paul Baran, August

The TCP/IP Architecture. Jean Yves Le Boudec 2017

The Internet. 9.1 Introduction. The Internet is a global network that supports a variety of interpersonal and interactive multimedia applications.

TCP/IP Protocol Suite

IPv6 Protocols and Networks Hadassah College Spring 2018 Wireless Dr. Martin Land

The Netwok Layer IPv4 and IPv6 Part 2

EXAM TCP/IP NETWORKING Duration: 3 hours

On Distributed Communications, Rand Report RM-3420-PR, Paul Baran, August 1964

Telecom Systems Chae Y. Lee. Contents. Overview. Issues. Addressing ARP. Adapting Datagram Size Notes

IP: Addressing, ARP, Routing


ECE 4450:427/527 - Computer Networks Spring 2017

Computer Networks Principles Network Layer - IP

Configuring IPv6 basics

TSIN02 - Internetworking

CPSC 826 Internetworking. The Network Layer: Routing & Addressing Outline. The Network Layer

TCP/IP THE TCP/IP ARCHITECTURE

Internet Protocol (IP)

IPv6. IPv4 & IPv6 Header Comparison. Types of IPv6 Addresses. IPv6 Address Scope. IPv6 Header. IPv4 Header. Link-Local

The TCP/IP Architecture Jean Yves Le Boudec 2014

The TCP/IP Architecture Jean Yves Le Boudec 2014

Internetworking/Internetteknik, Examination 2G1305 Date: August 18 th 2004 at 9:00 13:00 SOLUTIONS

Outline. IP Address. IP Address. The Internet Protocol. o Hostname & IP Address. o The Address

CSCI-1680 Network Layer: IP & Forwarding Rodrigo Fonseca

CSCI Networking Name:

Network layer: Overview. Network layer functions IP Routing and forwarding NAT ARP IPv6 Routing

CSE/EE 461 Lecture 13 Connections and Fragmentation. TCP Connection Management

Network Layer: Internet Protocol

Introduction to IPv6 - II

Network layer: Overview. Network Layer Functions

ARP, IP. Chong-Kwon Kim. Each station (or network interface) should be uniquely identified Use 6 byte long address

Introduction to routing in the Internet

IPv6 Protocol Architecture

Internetwork Protocols

Introduction to routing in the Internet

Guide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols

L10: Simple Internetworking. Hui Chen, Ph.D. Department of Engineering & Computer Science Virginia State University Petersburg, VA 23806

Network Basic v0.1. Network Basic v0.1. Chapter 3 Internet Protocol. Chapter 3. Internet Protocol

CS 348 Computer Networks. IP and Routing. Indian Institute of Technology, Bombay

ICS 451: Today's plan

Internet Protocol, Version 6

Connection Oriented Networking MPLS and ATM

CSC 401 Data and Computer Communications Networks

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

cs144 Midterm Review Fall 2010

Lecture 11: Fragmentation & Addressing. CSE 123: Computer Networks Stefan Savage

Internet Protocol. Outline Introduction to Internet Protocol Header and address formats ICMP Tools CS 640 1

Chapter 5 Network Layer

Position of IP and other network-layer protocols in TCP/IP protocol suite

Chapter 4: outline. 4.5 routing algorithms link state distance vector hierarchical routing. 4.6 routing in the Internet RIP OSPF BGP

b. Suppose the two packets are to be forwarded to two different output ports. Is it

Recap. Recap. Internetworking. First mile problem. Internet. End Users. Last mile problem. Direct link networks Packet switching.

Internet. Organization Addresses TCP/IP Protocol stack Forwarding. 1. Use of a globally unique address space based on Internet Addresses

(Chapters 2 3 in Huitema) E7310/Internet basics/comnet 1

Department of Computer and IT Engineering University of Kurdistan. Network Layer. By: Dr. Alireza Abdollahpouri

Computer Network Fundamentals Spring Week 4 Network Layer Andreas Terzis

Internet. 1) Internet basic technology (overview) 3) Quality of Service (QoS) aspects

ELEC / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition

CMPE 150/L : Introduction to Computer Networks. Chen Qian Computer Engineering UCSC Baskin Engineering Lecture 12

Network Layer. Chapter 5 Section 5.1, 5.3, 5.5, 5.6. CS 360 Spring 2012 Pacific University

EC441 Fall 2018 Introduction to Computer Networking Chapter4: Network Layer Data Plane

FINAL EXAM - SLOT 2 TCP/IP NETWORKING Duration: 90 min. With Solutions

Operation Manual IPv6 H3C S3610&S5510 Series Ethernet Switches Table of Contents. Table of Contents

EITF25 Internet Techniques and Applications L7: Internet. Stefan Höst

Cisco IP Fragmentation and PMTUD

CS 457 Lecture 11 More IP Networking. Fall 2011

CSCI-1680 Network Layer:

Fundamentals of Computer Networking AE6382

Transcription:

1 ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE The Network 15 Layer IPv4 and IPv6 Part 3 Jean Yves Le Boudec 2017

Contents 9. Proxy ARP 10. Fragmentation 11. Interworking h4 h6 with NATs Textbook Chapter 5: The Network Layer 2

dest next-hop interface 12.12.12.0/24 On-link eth0 12.12.12.4/32 12.12.12.2 eth0 0/0 12.12.12.2 eth0 Reminder: IP principle says one subnet = one LAN 9. Proxy ARP 12.12.12.0/24 23.23.23.0/24 R1 R2 R3 12.12.12.4 dest next-hop interface 12.12.12.0/24 On-link eth0 23.23.23.0/24 On-link eth1 12.12.12.4/32 23.23.23.2 eth1 Assume you want to cheat with this principle, e.g. 12.12.12.4 is in the wrong place, but you want to keep it that way. You can support this configuration with /32 entries (with IPv4) in forwarding tables dest next-hop interface 12.12.12.0/24 23.23.23.1 eth0 23.23.23.0/24 On-link eth0 12.12.12.4/32 On-link eth1 at R1, R2 and R3 ( Host Routes ) 3

Does this solve the problem? A. Yes because R2 now send packets to 12.12.12.4 on the correct interface B. No this does not work because subnets cannot be split across multiple locations C. No it does not work for other reasons D. I don t know 4

7 sic500cs should be a. VPN Tunnel 128.178.84.133 128.178.84.3 sic500cs stisun1 15.7 greenmac 128.178.84.1 ed0-ext 15.13 EPFL-Backbone 15.221 ed2-in All subnets have 255.255.255.0 netmask Subnet 84 is on both sides of sic500cs A. Router B. Bridge C. Application Layer gateway D. I don t know

9 Assume you want to have sic500cs operating as a router greenmac VPN Tunnel 128.178.84.133 sic500cs 128.178.84.3 128.178.84.1 ed0-ext 15.13 stisun1 15.7 15.221 ed2-in EPFL-Backbone This deviates from the IP principle: one subnet = one LAN Therefore we need a second deviation (at least) to compensate We can use PROXY ARP sic500cs answers for ARP REQs / NDP NSs on behalf of greenmac

ed0 ext has a packet to 128.178.84.133 and sends an ARP REQ VPN Tunnel 128.178.84.133 128.178.84.3 sic500cs stisun1 15.7 greenmac 128.178.84.1 ed0-ext 15.13 EPFL-Backbone 15.221 ed2-in 1. All subnets have 255.255.255.0 netmask 2. Subnet 84 is on both sides of sic500cs 3. sic500cs does PROXY- ARP on behalf of greenmac A. sic500cs replies with own MAC address B. sic500cs replies with the MAC address of greenmac C. Greenmac replies with his MAC address D. Greenmac replies with the MAC address of sic500cs E. I don t know 10

10. Fragmentation Link layer networks have different maximum frame lengths MTU (maximum transmission unit) = maximum frame size usable for an IP packet MAC layer options and tunnels make this worse Link layer Network Ethernet, WiFi VPN Tunnel in IPv4 Token Ring 4 Mb/s 16 Mb/s FDDI X.25 Frame Relay ATM with AAL5 Hyperchannel PPP MTU 1500 1400 4464 17914 4352 576 1600 9180 65535 296 to 1500 Z:\>netsh interface ipv6 show subinterfaces MTU MediaSenseState Bytes In Bytes Out Interface 4294967295 1 0 28980 Loopback Pseudo Interface 1 1500 5 0 0 Wireless Network Connection 2 1400 1 19419 14328 VPN EPFL 1500 1 126682357 17501036 Local Area Connection 1280 5 0 536 Local Area Connection* 12 12

13 IPv4 Fragmentation IPv4 hosts or routers may have IP datagrams larger than MTU Fragmentation is performed when IP datagram too large re assembly is only at destination, never at intermediate points fragmentation is in principle avoided with TCP MTU = 1500 MTU = 620 MTU =1500 R1 R2 1 IP Header 1400 Bytes

14 IPv4 header fields 1 and 4 2a, 3a 2b,3b 2c, 3c Length Identification More Fragment flag Offset 8 * Offset 1420 567 0 0 0 620 567 1 0 0 620 567 1 75 600 220 567 0 150 1200 4 IPv4 Header 1400 Bytes MTU = 1500 MTU = 620 MTU =1500 R1 R2 1 IPv4 Header 1400 Bytes 2a IPv4 Header 600 B 3a IPv4 Header 600 B 2b IPv4 Header 600 B 3b IPv4 Header 600 B 2c IPv4 Header 200 B 3c IPv4 Header 200 B

IPv4 Fragmentation (2) IP datagram is fragmented if MTU of interface < datagram total length all fragments are self contained IP packets fragmentation controlled by fields: Identification, Flag and Fragment Offset in IPv4 header; IP datagram = original ; IP packet = fragments or complete datagram 1 2a 2b 2c Length Identification More Fragment flag Offset 8 * Offset 1420 567 0 0 0 620 567 1 0 0 620 567 1 75 600 220 567 0 150 1200 Fragment data size (here 600) is always a multiple of 8 Identification given by source 15

16 IPv6 Fragmentation Same as IPv4 except Routers never fragment drop packet if too large Fragmentation header is a «next header» Minimum MTU is 1280 Bytes (vs 68 for IPv4)

17 Fragmentation Considered Harmful Fragmentation requires re assembly at destination; this may cause deadlocks and identification wrapping problems unit of loss is smaller than unit of re transmission: can worsen congestion (avalanche effect) Solution = avoid fragmentation as much as possible by discovering Path MTU (= minimum MTU along one path)

Path MTU is kept in destination cache by operating system 18 Methods for setting Path MTU Path MTU Discovery (PMTUD) 1. Host sets Don t Fragment bit on all datagrams (IPv4 only with IPv6 routers never fragment) 2. sets PathMTU to local MTU 3. routers send ICMP message: destination unreachable/ fragmentation needed if MTU is too large 4. host reduces PathMTU estimate to next smallest value 5. after timeout, host increases PMTU estimate Packetization Layer Path MTU Discovery (PLPMTUD) does not require routers to send ICMP messages relies on TCP making Path MTU probes from time to time; estimate the largest possible Path MTU that works by observing packets that were acknowledged

19 IPv6 example :\>netsh interface ipv6 show destinationcache Interface 12: Local Area Connection PMTU Destination Address Next Hop Address 1500 2a00:1450:4001:c02::54 fe80::208:e3ff:feff:fc50 1500 2a00:1450:4002:801::100c fe80::208:e3ff:feff:fc50 1500 2a00:1450:4003:803::100f fe80::208:e3ff:feff:fc50 1500 2a00:1450:400a:804::1008 fe80::208:e3ff:feff:fc50 1500 2a00:1450:400a:805::100d fe80::208:e3ff:feff:fc50 1500 2a00:1450:400a:805::100f fe80::208:e3ff:feff:fc50 1500 2a00:1450:400a:807::1018 fe80::208:e3ff:feff:fc50 1500 2a00:1450:400a:807::101f fe80::208:e3ff:feff:fc50 1500 2a03:2880:f006:101:face:b00c:0:1 fe80::208:e3ff:feff:fc50 1500 2a02:26f0:12:198::eed fe80::208:e3ff:feff:fc50

20 TCP, UDP and Fragmentation The UDP service interface accepts a datagram up to 64 KB (by default) or up to 4GB (with IPv6 jumbo payload extension header UDP datagram passed to the IP service interface as one SDU is fragmented at the source if resulting IP datagram is too large to fit on Path MTU The TCP service interface is stream oriented packetization is done by TCP fragmentation should in principle be avoided TCP connections negotiate an MSS (maximum segment size) Host operating system should verify that

21 When a host generates UDP traffic, the port number is always present in all packets A. True B. False C. True with IPv4, false with IPv6 D. True with IPv6, false with IPv4 E. I don t know

23 One TCP segment is contained in one IPv4 datagram that is fragmented by a router on its way from source to destination. One of the fragments is lost. What will TCP re transmit? A. The bytes that were in the missing fragment B. The bytes that were in all fragments of the datagram, missing or not C. It depends whether the loss is detected by fast retransmit or by timeout D. I don t know

11. IPv4 and IPv6 Interworking IPv4 and IPv6 are incompatible v4 only host cannot handle IPv6 packets v6 only host cannot handle IPv4 packets What needs to be solved: interworking: h6 to h4 like to like access 6 to 6 over 4 4 to 4 over 6 with NATs In this module we study interworking like to like access is studied in tunnels 25

Reminder: Dual Stack Application Layer Gateways (ALG46s) can be used to solve h4 to h6 Interworking 26 Homer s PC Web proxy Web server Application ALG46 Application TCP TCP TCP TCP/ IP IPv6 IPv6 IPv4 IPv4 IPv6 IPv4 Application layer gateway (e.g. web proxy) relays HTTP questions / answers. ALG must be dual stack Simple but performance is not optimal (store and forward) Plus dependency on application

NAT64 (RFC6146) is an alternative solution to solve h6 to h4 interworking h6 (client6) NAT??? h4 s IPv 6 translated address h4 (server4) 2001:620:618:dede::baba IPv6 only host IPv6 Internet 1 2 IPv4 Internet 192.0.2.1 IPv4 only host??? h6 s IPv 4translated address NAT64 translates an IPv4 packet into an IPv6 packet and viceversa; no encapsulation NAT uses an IPv4 address pool to translate IPv6 address (No need for IPv6 private pool) Port translation is used (as in any NAT) to save number of IPv4 addresses of the pool To h6, h4 appears under an IPv6 translated address To h4, h6 appears under an IPv4 translated address 27

Translation from IPv6 address to IPv4 translated address is stateful From: 2001:620:618:dede::baba Next hdr : tcp Srce port = 2345 h6 (client6) NAT64 From: 120.130.26.33 Protocol type: tcp Srce port = 1763 h4 (server4) 2001:620:618:dede::baba IPv6 only host IPv6 Internet 1 2 IPv4 Internet 192.0.2.1 IPv4 only host v6 v4 2001:620:618:dede::baba tcp port 2345 120.130.26.33 tcp port 1763 NAT table NAT owns pool 120.130.26/24 Packet from h6 is translated by NAT to next available IPv4 source address /port number combination this is the usual NAT s job Need to keep table of all existing mapping this is called stateful operation 28

Translation from IPv4 address to IPv6 translated address is stateless 64:ff9b::c000:201 h6 (client6) 2001:620:618:dede::baba IPv6 only host IPv6 Internet NAT64 1 2 h4 (server4) IPv4 Internet 192.0.2.1 IPv4 only host IPv4 addresses are mapped to valid IPv6 addresses such as 64:ff9b::c00:201 Such an address is an IPv4 embedded IPv6 address The block 64:ff9b::/96 is a well know prefix reserved for that use; other prefixes (ISP specific) may be used This is called stateless operation 29

How is the v4 address 192.0.2.1 translated to the v6 address 64:ff9b::c000:201? 30 64:ff9b::c000:201 h6 (client6) 2001:620:618:dede::baba IPv6 only host IPv6 Internet NAT64 1 2 h4 (server4) IPv4 Internet 192.0.2.1 IPv4 only host A. The NAT keeps a translation table B. It is algorithmic C. None of the above D. I don t know

How does client6 knows that NAT64 should be used? infoscience.epfl.ch AAAA 64:ff9b::c000:201 DNS64 infoscience.epfl.ch A 192.0.2.1 DNS h6 (client6) 2001:620:618:dede::baba IPv6 only host infoscience.epfl.ch? IPv6 Internet NAT64 A and AAAA infoscience.epfl.ch? h4 (server4) IPv4 Internet 192.0.2.1 IPv4 only host DNS64 is used in combination with stateful NAT64 DNS64 responds with translated IPv6 address if no AAAA record is found This is transparent to client6 32

33 NAT64, putting things together infoscience.epfl.ch AAAA 64:ff9b::c000:201 DNS64 infoscience.epfl.ch A 192.0.2.1 DNS h6 (client6) 2001:620:618:dede::baba IPv6 only host infoscience.epfl.ch? IPv6 Internet NAT64 A and AAAA infoscience.epfl.ch? h4 (server4) IPv4 Internet 192.0.2.1 IPv4 only host To: 64:ff9b::c000:201 From: 2001:620:618:dede::baba Next Header : tcp Source port 2345 Dest Port : 80 GET / To: 192.0.2.1 From: 120.130.26.33 Protocol type: tcp Source port 1763 Dest Port : 80 GET /

34 How does NAT64 translate 120.130.26.33 to 2001:620:618:dede::baba? h6 (client6) NAT64 h4 (server4) 2001:620:618:dede::baba IPv6 only host IPv6 Internet IPv4 Internet 192.0.2.1 IPv4 only host To: 2001:620:618:dede::baba From: 64:ff9b::c000:201 Next Header : tcp Source port 80 Dest Port : 2345 <html><head>loula From: 192.0.2.1 To: 120.130.26.33 Protocol type: tcp Source port 80 Dest Port : 1763 <html><head>loula A. Algorithmically using the 64:ff9b::/96 prefix B. Algorithmically using a different prefix C. Using its NAT table and with the help of the port numbers D. I don t know

client4 to server6 with NAT64 NAT64 and DNS64 support client6 server4 The reverse client4 server6 works with NAT64 with static configuration of NAT64 mapping from server IPv6 address to server s IPv4 translated address is stateful and requires ad hoc configuration of NAT64; must be put in DNS as A record. mapping from client4 IPv4 address to client s IPv6 translated address is stateless NAT64 2001:620:618:dede::baba server6 IPv6 Internet IPv4 Internet 194.23.24.25 client4 To: 2001:620:618:dede::baba From: 64:ff9b::c217:1819 Next Header : tcp Source port: 1763 Dest Port : 80 GET / From: 194.23.24.25 To: 120.130.26.33 Protocol type: tcp Source port: 1763 Dest Port : 80 GET / IPv6 address and port IPv4 address and port NAT64 table 2001:620:618:dede::baba ; port x 120.130.26.33 : port x, static 36

Pros and Cons of NAT64 37

39 All links are Ethernet v2 with MTU = 1500 Bytes. Assume all hosts perform Path MTU and discover the best possible Path MTU value. What is the value of Path MTU at server4 for the interaction with client6? A. 1500 Bytes B. 1480 Bytes C. 1460 Bytes D. I don t know

Conclusion Proxy ARP / NDP is a trick used to solve the problems caused by a subnet present at different locations Fragmentation is due to different MAC layers having different packet sizes; MTU is by definition the max length of an IP packet at a given interface. When a packet is too large, it can be either discarded or fragmented. Fragmentation occurs only at IPv6 hosts, IPv4 hosts or IPv4 routers. Re assembly is never done by routers. Fragmentation may cause problems and should be avoided if possible. Translation between IPv4 and IPv6 is a possible solution to the h4 h6 interworking problem. It uses NAT64. Translation is stateless between an IPv4 address and a translated IPv6 address; it is stateful between an IPv6 address and a translated IPv4 address. NAT64 is automatic for client6< > server4 and static for server6 < > client4. Both require some manipulation of DNS. 41

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback