Network Layer Protocol & Internet Protocol (IP) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science
Network Layer Features Basic model Node identification Node aggregation End-to-end Packet delivery Broadcast Multicast Failure isolation and Failure recovery Connecting heterogeneous datalinks Information Network 1 / 2013
OSI 7 Layer Reference Model ES (End System) Application Presentation Session Transport Network Data Link Physical Upper Layer Protocol IS (Intermediate System) ES (End System) NFS XDR Sun RPC TCP IP IEEE802.3 Ethernet Coax Physical connection Physical connection Information Network 1 / 2013 3
Connecting Heterogeneous Data Link Network Gateway The gateway forwards IP packets as an intermediate system according to the routing structure. Connecting directory with datalink in same network. Information Network 1 / 2013
TCP/IP as a Layered Protocol Architecture Application TCP Application TCP IP Network Interface Physical IP Network Interface Physical IP Network Interface Physical IP realizes the end-to-end communication Information Network 1 / 2013
TCP/IP as a Layered Protocol Architecture (1) Service relationship is defined by service provider. (2) The layer upper to the IP protocol defines the service. Thereby, it does not matter what comes below the data link layer. Information Network 1 / 2013
IPv4 Information Network 1 / 2013 7
Node Identification Globally unique address space Address space and delegation of authority Network identification and host identification Address class Address class Address space that delegates authority to the layers Ex. IPv4 address 163 221 74 127 0xA3 0xDD 0x4A 0x7F Identifying network Identifying host Network area is 24 bits 163.221.74.127/24 Prefix length Information Network 1 / 2013 8
Node Aggregation 163.221/16 163.221.52/24 163.221.127.0/21... Prefix length = Binary tree level Simple expression Fast and memory-saving Especially in relay node... Information Network 1 / 2013 9
Address Aggregation Aggregating contiguous network blocks 24 C Network Number 00 Host C Network Number 01 Host C Network Number 10 Host C Network Number 11 Host 22 4C Prefix Information Network 1 / 2013 10
Address Aggregation Information Network 1 / 2013 11
End-to-End Packet Delivery 163.221.3.3 163.221.5.5 Network Layer Network Layer Cloud Hosts are present at the cloud edge Identified uniquely by IPv4 address 163.221.4.4 Information Network 1 / 2013 12
Graph Representation of Networks Information Network 1 / 2013 13
Hierarchy Perspective: who carries the ladder? From data link layer to network layer: Network Layer Native to data link layer Ex: LLC/SNAP, NLPID From network layer to datalink layer: Native to network layer ( IPv4 ) Ex) ARP ND (IPv6) Data Link Layer Data Link Layer Information Network 1 / 2013 14
Network to Data Link (1) ARP Address Resolution Protocol (ARP) RFC 826 A B: M a all stations: where is B b a: B is at b a b: A B: M A B C Network layer a b c Data-link layer Information Network 1 / 2013 15
Network to Data Link (2) ARP The case of routed networks A C: M a all stations: where is R r a: R is at r a r: A C: M r all stations: where is C c r: C is at c r c: A C: M R r A a B b Network layer Data-link layer C c D d Information Network 1 / 2013 16
Network to Data Link (3) ARP The case of bridged networks A C: M a all stations: where is C c a: C is at a a c: A C: M T t A a B b Network layer Data-link layer C c D d Information Network 1 / 2013 17
Data Link to Network Several network layer protocols are multiplexed to a single data link layer. Multiplexing, de-multiplexing IPv4 IPv6... IPv4 IPv6... Network? Ethernet Ethernet Datalink Information Network 1 / 2013 18
Ethernet: IEEE802.3, 802.2LLC, Ethernet2 6 6 2 Dst addr Src addr Type DATA (variable) FCS 4 IEEE802.3 (Length < 0x05DC) Length DATA (variable) FCS IEEE802.3 Raw Length (0xFFFF DATA (variable) FCS IEEE802.2 LLC 1 1 1 DSAP SSAP CTL DATA (variable) FCS SNAP 3 2 Protocol ID Type DATA (variable) FCS Information Network 1 / 2013 19
Data Link to Network De-multiplexing with LLC I/G = Individual or group address C/R = Command or response frame SAP address examples: 06 IP packet E0 Novell IPX FE OSI packet AA SubNetwork Access protocol (SNAP) 1 byte 1 1 or 2 bytes Destination SAP Address Source SAP Address Control Information Destination SAP Address Source SAP Address I/G C/R 1 7 bits 1 7 bits Information Network 1 / 2013 20
De-multiplexing with LLC/SNAP ORG Type 3 2 SNAP PDU SNAP Header Information LLC PDU AA AA 03 1 1 1 MAC Header FCS Information Network 1 / 2013 21
Implementing the Communication Model Unicast Peer to Peer communication Source and destination address allocation Example p.16, 17, 18 is Unicast Broadcast Multicast Information Network 1 / 2013 22
Broadcast Sending to all hosts running in the same transmission medium (data link). Broadcast communication availability depends on the datalink. Many data links do not support broadcast communication. Does not guarantee a perfect broadcast. Passive hosts will not receive the broadcast. Processing received data depends on the processes run by receiving hosts. IP broadcast Link-layer broadcast Information Network 1 / 2013 23
Bootstrapping with Broadcast Broadcast communication in multi-access network It is absolutely necessary to resolve address from network layer to data link layer. Automatic configuration is absolutely necessary. Bootstrap A: a all stations: who is router r a: router R is at r R r A B C Network layer a b c Data-link layer Information Network 1 / 2013 24
Selective Broadcasting Multicast Multi-point to Multi-point communication Selective broadcasting Membership If host is not a member, it won t be able to listen to communications within the group. Membership management Group Management IP multicast Link-layer multicast Information Network 1 / 2013 25
What if...? Application Presentation Session Transport Network Data Link Physical Application Presentation Session Transport Network Data Link Physical physical connection Failure isolation and Failure recovery Information Network 1 / 2013 26
Failure Isolation: ICMP (1) RFC792 Failure occurs below the data link layer Dropping a Packet In the case a packet did not reach its destination Destination Unreachable Returning to the source address. ICMP Destination Unreachable failure Information Network 1 / 2013 27
Failure Isolation: ICMP (2) End-to-end reachability verification, faulty section judgment Echo Request, Echo Reply Application Presentation Session Transport Network Data Link Physical Application Presentation Session Transport Network Data Link Physical Information Network 1 / 2013 28
Connecting Heterogeneous Data Links (1) Because of heterogeneity... Address architecture is different Resolving with ARP. Multiplexing method is different Resolving with LLC/SNAP Transmission speed is different Resolving with buffer Maximum Transmission Unit (MTU) size is different Fragmentation Information Network 1 / 2013 29
Connecting Heterogeneous Data Links (2) Fragmentation and reassembly Fragmentation Fragmenting a packet and keeping fragments within a maximum frame length. Reassembly Reconstructing the fragmented packet at the destination node. MTU = 9128 MTU = 1520 Information Network 1 / 2013 30
Fragmentation and Reassembly IPv4 header Flags = {0, MF, DF} Fragment offset: 13 bits 0 4 8 16 31 Ver. IHL Type of Service ( Octet Total Length (in Identification Flags Fragment Offset Time to Live Protocol Header Checksum Source Address Destination Address ( any Option (if Information Network 1 / 2013 31
IPv6 Information Network 1 / 2013 32
The End of IPv4 50 Billion individual elements on the Internet in 2014 Information Network 1 / 2013 33
IPv4 Address Allocation Report Date: 27-Apr-2012 http://labs.apnic.net/ipv4/report.html Information Network 1 / 2013 34
Internet Protocol version 6 (IPv6) Developed in early 90s Deployed since late 90s early 2000 Designed to overcome limitations in IPv4 First issue was to deal with addressing From 2 32 to 2 128 (4.3 x 10 9 to 3.4 x 10 38 ) Enhance the security IPsec is built in to IPv6 from the start IPv6 global addressing enables you to minimize devices, minimize delay, and simplify development Headers allow development of new quality and streaming services Information Network 1 / 2013 35
IPv4 vs IPv6 (1) Address architecture Hierarchic structure Introduction of the concept of scope Clear definition of address classes Multicast Standardization Discontinuation of broadcast Able to deal with high-speed networks Simplified header format Suppression of unused fields Static length Discontinuation of checksums Discontinuation of IP header options Discontinuation of en-route packet fragmentation Information Network 1 / 2013 36
IPv4 vs IPv6 (2) Link layer and network layer address resolution ( Protocol ARP -> NDP (Neighbor Discovery Unreachability detection Security IPsec as a standard Flexibility IP extension header MobileIPv6 IPsec Information Network 1 / 2013 37
IPv6 Address Format Information Network 1 / 2013 38
IPv6 Address (1) IPv4 address: 32 Bits (4 Bytes) 4 decimal numbers separated by a dot 192.168.1.240 IPv6 address: 128 Bits (16 Bytes) 8 Groups separated by colons ( : ) Each group represent 4 Hexadecimal digits 2001:0db8:85a3:0000:0000:8a2e:0370:7334 Allowing to remove leading zeros and skip consecutive zero sequence 2001:0db8:85a3:0000:0000:8a2e:0370:7334 2001:db8:85a3:0:0:8a2e:370:7334 2001:db8:85a3::8a2e:370:7334 Information Network 1 / 2013 39
IPv6 Address (2) IPv4 compatibility address ::IPv4 address ::203.178.142.1 Address used for auto-tunneling IPv4-mapped address ::ffff:ipv4 address ::ffff:203.178.142.1 Address expression to show a node implements IPv4 only Information Network 1 / 2013 40
Scope (1) Link-Local To be used for auto-address configuration neighbor discovery Valid in the scope of the given link, not routable fe80::/ 10 prefix Global Global/Universal address Routable Connect to any global scope address anywhere Information Network 1 / 2013 41
Scope (2) Organization Global HOST HOST Organization Link-local Router Link-local HOST Information Network 1 / 2013 42
IPv4 Header Total length: 20 bytes + options Fields in red are suppressed or renamed in IPv6 bit 4 8 16 20 32 version HL ToS Total Length Iden4fica4on Flag Fragment Offset TTL Protocol Header Checksum Source address (32 bits) Des4na4on address (32 bits) Op4ons Padding Information Network 1 / 2013 43
IPv6 Header Fixed length: 40 bytes All optional/additional info is encoded in Extension Header It isn t protected by checksum bit 4 12 16 24 32 version Traffic class Flow label Payload length Next header Hop limit Source address (128 bits) Des4na4on address (128 bits) Information Network 1 / 2013 44
Address Structure (1) Separating network prefix and interface ID ( bits Network prefix (Upper 64 Interface ID (Lower 64 :( bits MAC address (EUI-64) E.g. 00:e0:18:98:93:6d (MAC address) 2001:200:16a:e320:2e0:18ff:fe98:936d 64 bits 64 bits Network Prefix Interface ID 3 45 16 64 001 global routing prefix subnet id interface id IANA RIR RIR LIR /48 block for end user Information Network 1 / 2013 45
Address Structure (2) Address assignment following the network topology RFC2374 3 13 8 24 16 64 FP TLA ID RE NLA ID SLA ID Interface ID RFC2450 3 13 13 6 13 16 64 FP TLA ID RE NLA ID SLA ID Interface ID sub-tla FP Format Prefix RE Reserved TLA ID Top-Level Aggregation Identifier NLA ID Next-Level Aggregation Identifier SLA ID Site-Level Aggregation Identifier Information Network 1 / 2013 46
Address Assignment APNIC 2001:200::/35 2001:200::/29-2001:3f8::/29 TLA ID WIDE sub-tla NAIST USM NLA ID 2001:200:16a::/48 2001:200:703::/48 Information Network 1 / 2013 47
Top Level Aggregator (TLA) Assigned from RIRs (ARIN, RIPE, APNIC) /29 address space 3 13 8 24 FP TLA ID RE NLA ID Previous assignment 3 13 13 19 FP TLA ID SubTLA ID NLA ID Current assignment Information Network 1 / 2013 48
Next Level Aggregator (NLA) ISPs and organizations acquire addresses from TLA Enabling to set a subnet From /35 to /48 address spaces 3 13 8 24 FP TLA ID RE NLA ID Previous assignment 3 13 13 19 FP TLA ID SubTLA ID NLA ID Current assignment Information Network 1 / 2013 49
Site Level Aggregator (SLA) Organizations acquire addresses from NLA. From /49 to /64 address spaces 3 13 13 19 16 FP TLA ID SubTLA ID NLA ID SLA ID Information Network 1 / 2013 50
Unicast Address Unicast Address Assigned to a single interface Address valid at the link scope fe80::2e0:18ff:fe98:936d 10 bits 56 bits 64 bits 1111111010 00000... 0000 interface Id Information Network 1 / 2013 51
Multicast Address Multicast Address Assigned to several interfaces and delivered to all these interfaces 8 bits 4 4 112 bits 11111111 flags scope group ID 0 reserved 1 node-local scope 2 link-local scope 5 site-local scope 8 organization-local scope E global scope F reserved 0000 permanent(defined)address 0001 temporary address Information Network 1 / 2013 52
Format Prefix (1) Usage Prefix Occupation Reserved 0000 0000 1/256 Unassigned 0000 0001 1/256 Reserved for NSAP Allocation 0000 001 1/128 Reserved for IPX Allocation 0000 010 1/128 Unassigned 0000 011 1/128 Unassigned 0000 1 1/32 Unassigned 0001 1/16 Aggregatable Global Unicast Address 001 1/8 Unassigned 010 1/8 Unassigned 011 1/8 Unassigned 100 1/8 Unassigned 101 1/8 Information Network 1 / 2013 53
Format Prefix (2) Usage Prefix Occupation Unassigned 110 1/8 Unassigned 1110 1/16 Unassigned 1111 0 1/32 Unassigned 1111 10 1/64 Unassigned 1111 110 1/128 Unassigned 1111 1110 0 1/512 Link-Local Unicast Address 1111 1110 10 1/1024 Multicast Address 1111 1111 1/256 Unassigned is dealt with as Unicast from now on. Information Network 1 / 2013 54
Defined Multicast Address FF00:0:0:0:0:0:0:0 reserved FF01:0:0:0:0:0:0:0 reserved : FF0F:0:0:0:0:0:0:0 reserved FF01:0:0:0:0:0:0:1 All IPv6 nodes address (node-local) FF02:0:0:0:0:0:0:1 All IPv6 nodes address (link-local) FF01:0:0:0:0:0:0:2 All IPv6 routers address (node-local) FF02:0:0:0:0:0:0:2 All IPv6 routers address (link-local) FF02:0:0:0:0:0:0:C DHCP servers / relay agents FF02:0:0:0:0:1:x:x Solicited-Node address Information Network 1 / 2013 55
IPv6 Important Features ICMPv6 NDP IPsec Dual Stack operation & transition to IPv6 Information Network 1 / 2013 56
IPv6 Advantages More efficient address space allocation End-to-end addressing; no NAT anymore Fragmentation only by the source host Routers don t calculate header checksum (speed up) Multicasting instead of broadcasting Built-in security mechanisms Single control protocol (ICMPv6) Auto-configuration etc. Information Network 1 / 2013 57
Hands-on: Network Information Network I 58
Overview Obtaining an IP address o Dynamic Host Configuration Protocol (DHCP) How Domain Name System works? Network tools o o o o o ipconfig / ifconfig nslookup <domain_name> tracert / traceroute Speed test Traffic monitoring tool: Ntop Network intrusion: Smurf attack 59
To See IP Address Windows command: ipconfig all Mac command: ifconfig -a IP address version 6 IP address version 4 60
To See DHCP Server's IP Address in Windows Windows command: ipconfig -all Automatic Addressing by DHCP Server 61
For Mac Mac command: ifconfig -a Mac command: ipconfig getpacket <interface_name> IP address version 6 IP address version 4 DHCP server's I
How DHCP Works? (Dynamic Host Configuration Protocol) DHCP Client 00:a0:24:71:e4:44 DHCP Server DHCPRELEASE DHCP Server 63
To Capture DHCP traffic with Wireshark 1. Start a Wireshark (For window, please run as administrator) Start capturing 2 1 Select a interface 64
Capturing DHCP traffic with Wireshark (cont.) 2. Open a command prompt or a terminal 3. For Windows: o o type ipconfig /release and press Enter type ipconfig /renew and press Enter For Mac: o o type sudo ifconfig set <your_interface_name> BOOTP type sudo ifconfig set <your_interface_name> DHCP 4. Stop the Wireshark capture 65
Capturing DHCP traffic with Wireshark (cont.) 4. Filter: bootp 66
Domain Name Server (DNS) Windows command: ipconfig -all Mac command: ipconfig getpacket <interface_name> Domain Name Server IP address DNS IP DHCP Addresses server's address 67
How Domain Name System Works? 68
Domain Name <-> IP Address Command: nslookup <domain_name> Command: nslookup <ip_address> Reverse nslookup 69
Default Gateway Windows command: ipconfig -all Mac command: ipconfig getpacket <interface_name> Default Gateway's IP DNS IP DHCP Addresses server's address
See the Path of the Packets Window command: tracert <domain_name> Mac command: traceroute <domain_name> First hop is your gateway IP address 71
See the Path of the Packets (cont.) Window command: tracert <domain_name> Mac command: traceroute <domain_name> The packet is dropped 72
Visual Traceroute http://en.dnstools.ch/visual-traceroute.html 73
Speed Test http://www.speedtest.net 74
Network Traffic Monitoring Tool: NTOP 1. Run Ubuntu machine in Virtual Box Password: network2013 2. Open Terminal 3. Check your interface name by this command: ifconfig 4. Install NTOP by this command: sudo apt-get install ntop 5. Run the NTOP program by this command: sudo /etc/init.d/ntop start 75
6. Open a browser and go to: http://localhost:3000 76
http://localhost:3000/sortdataprotos.html Keep playing the Internet!!! 77
http://localhost:3000/hostsinfo.html 78
Network Intrusion: Distributed-DenialOf-Service Attacks Smurf Attack 79
Network Intrusion Prevention Anti-virus software Intrusion Prevention System Network Intrusion Detection System (NIDS) 80