Network Layer - Introduction ============================= Outline -------- - What is the network layer? - Routers vs switches - IP addresses, prefixes, subnetting, interfaces - Routing vs forwarding - Hierarchical (intradomain and interdomain) routing - Allocation of IP prefixes and IP addresses (static, DHCP) - Public vs private addresses, NATs - IPv6, IP-in-IP tunneling - ICMP, traceroute, ping - IP datagram format, fragmentation ========================================================== * So far, we have studied the network edge (application and transport layers). Now we come to the network core. The network or IP layer takes transport layer payload (e.g., TCP segments), encapsulates it in an IP header to get IP datagrams. The IP datagrams have a source and destination IP addresses. The job of the network layer is to transport this IP datagram from the source IP to destination IP. * The network layer runs on every node that has an IP address, including end hosts and IP routers that connect end hosts (unlike, say, the transport layer that only runs on end hosts). Consider a host A connected over an Ethernet LAN to its "first-hop" IP router R_A, that wants to communicate with host B, which is connected to its IP router R_B. Note that adjacent IP hosts (especially, end hosts and first hop IP routers) needn't be directly connected by a wire (point-to-point link). They can be connected by an Ethernet LAN, wireless LAN, satellite link, whatever. The link layer (layer 2) takes care of moving the IP datagram from from IP hop to the next IP hop, e.g., from end host to its first hop IP router. The network layer deals only at the level of IP hops. * Difference between a router and a switch? Generally, all network elements in a packet-switched network are packet switches, so IP routers are also packet switches, more specifically, layer 3 switches. Link-layer switches or layer 2 switches connect nodes at Layer 2 and route between IP hops based on Layer 2 (MAC) addresses. To avoid confusion, we will refer to layer 3 switches as routers. * Who gets an IP address? Every host? Well, technically, every interface. A host can have multiple network interfaces, each will have its own IP address. [Exercise: run the linux command "ifconfig" to see all the interfaces and IP addresses on your machine.] Why should each interface have a separate IP address (instead of just one IP per host)? Suppose a host has both a wireless interface and a wired interface. For traffic that must flow through the wireless, it will use the wireless interface's IP as the source IP (so that traffic comes back via wireless). If it used same IP for both interfaces, the host wouldn't have control over which traffic flows on which link. * IPv4 addresses are 32-bit (4 byte) numbers, represented by the dotted decimal notation. Groups of IP addresses are called IP prefixes or subnets (subnetworks). E.g., 10.0.0.0/8 denotes a set of 2^24 IP addresses that have the first 8 bits common. This number of bits in common is called the prefix length, and represented by a subnet mask (e.g., subnet mask of 255.0.0.0 denotes IP prefix length 8). * How do you make subnets? Take the number of hosts that will be in close proximity, and allocate a subnet with enough hosts to manage them, so that they can all be served by the same LAN and by the same IP router. For example, suppose CSE has the 10.129/16 prefix. We want to create 4 contiguous subnets for 4 labs that have 200, 100, 50, 50 computers respectively. Then, we take 10.129.0.0/23 (512 addresses) and break it up into 4 subnets as follows: 10.129.0.0/24 (256 addresses), 10.129.1.0/25 (128 addresses), 10.129.1.128/26 (64 addresses), 10.129.1.192/26 (64 addresses). * Another example, consider 3 routers router R1, R2, R3 that each have three interfaces eth0, eth1, eth2. Each router is connected to a LAN on one interface, say eth0. For example, eth0 interface of R1 has IP address 10.1.1.1 and it is connected to an Ethernet LAN with hosts in the subnet 10.1.1.0/24. R1 acts as the first hop IP router for all these hosts. Similar, R2 and R3 host LANs 10.1.2.0/24 and 10.1.3.0/24 respectively. The other two interfaces at these routers is used to connect the three routers in a triangle using point-to-point links. For example, R1-R2, R2-R3 and R3-R1. The IP addresses of point-to-point interfaces at R1 and R2 for the R1-R2 link have to be different from the IP address of the LAN interface: for example, they can be 10.2.1.1 and 10.2.1.2 at R1 and R2 respectively. * Special broadcast IP address: 255.255.255.255. Packets sent to this broadcast address reach all hosts in the "broadcast domain", which is typically all the hosts in a given LAN. * Two functions of the network layer: routing (also called the control plane) and forwarding (also called the dataplane). The granularity of routing and forwarding is an IP prefix (instead of individual IP addresses) for scalability. Understand the various terms - routing protocols, routing tables, forwarding tables. * A forwarding table maps an IP prefix to the next hop IP address. That is, for a given destination IP prefix, the forwarding table tells us which is our next hop IP router, and hence, which link / interface to send packet. At end hosts with one interface typically, the forwarding table is simple, and points to the first hop IP router and the single interface. [Exercise: run the linux command "route -n" at the command line and see your forwarding table.] At the routers, the forwarding tables are more complex, since a router has several interfaces (links), and the forwarding table helps us which outgoing link / interface to send packet on, or equivalently, what the next hop IP address is. How do we obtain the forwarding table on IP routers? * A routing table maps an IP prefix to a set of possible network paths to reach that destination. Out of the various paths, the best path is chosen, and the next hop information is populated in the forwarding table. How to we obtain the routing table? You can of course manually configure routing and forwarding tables for small networks. What about large networks? [A note on longest prefix match: note that all prefixes in the forwarding table need not be disjoint. That is, you can have a forwrding table entry for the "larger" 10.0.0.0/8 and "more specific" 10.0.0.0/16 prefix. If you are looking for a particular IP address, you normally match it with the more specific entry, or a longest prefix match.] * Routing protocols are algorithms (often distributed / decentralized) that run at various routers. Typically, it involves a route announcement phase, where each router conveys some information to the other routers (say, I can be used to reach so-and-so prefix), followed by a route computation phase, where this information collected from other routers is digested. Together, the routing protocols result in routers discovering several paths to a given destination, and hence building their routing tables. Link state (LS) and Distance Vector (DV) are two popular types of routing protocols. At the core, these are simple shortest path computation algorithms. * Routing in the Internet is typically hierarchical. Typically in an organization (Autonomous System or AS), hosts are grouped into subnets based on physical proximity. A subnet is connected by a layer 2 technology (e.g., Ethernet) to its first hop IP router. Multiple IP routers are connected to each other by point-to-point links or Ethernet. All these routers in an organization run an "intra-domain" routing protocol (like OSPF or RIP) to compute paths among themselves. For every router in an organization knows how to reach other internal IP destinations. * What about IP destinations outside the organiztion? There are special "border" routers at the edges of organizations that connect to other border routers. Internet Service Providers (ISPs) run a bunch of borer routers that connect various "stub" organizations and other ISPs. These border routers run "inter-domain" routing protocols (BGP is the defacto standard today). These inter-domain routing protocols determine paths between organizations. The intra-domain and inter-domain routing protocols together fill up the forwarding tables in such a way that every IP router along the path can correctly route packets. * Why separate inter-domain and intra-domain? For scale (do not want to run routing protocols over millions of routers) and policy (inter-domain routing involves more than shortest path routing). More on interdomain routing later. * How are IP addresses allocated? One technique is to get IP addresses from your ISP. For example, suppose your ISP has 103.21.0.0/16. He may decide to give 103.21.0.0/24 to the customer network. The ISP will jointly announce the bigger /16 prefix. When traffic to the /24 prefix reaches the ISP, the traffic is routed to the customer organization. * When you have IP addresses from your ISP, what happens if you change ISPs? You have to renumber. Instead, you can apply and get your own IP address prefix from Internet registries. You can then announce your prefix via ISPs and the rest of the Internet can reach you. * Once you have a prefix, how do you allocate individual IP addresses? You can allocate them statically or dynamically using DHCP. How does DHCP work? Whenever a client joins, it sends a DHCP discover message to the broadcast 255.255.255.255 IP address. ANy DHCP servers that listen to this message will send out DHCP offers. The client will accept one of the offers, and send a DHCP request message to the DHCP server whose request it has accepted. The server will then send DHCP ACK. The DHCP address has a validity. * Sometimes the IP prefix you get may not have enough addresses for all your hosts, especially now due to IPv4 address exhaustion. What do you do? Have some public IPs and rest are private IP addresses, like in IITB. The private IP addresses are 10.0.0.0/8 and 192.168.0.0/16. In IITB, we assign addresses to all hosts from 10.0.0.0/8 prefix. Only web servers and other hosts that receive traffic from outside get public IPs. * What is the problem with private IP? Private IP addresses do not have routes in the external Internet, so hosts outside cannot reach you. Even if you originate the TCP connection, you must still receive SYN ACK etc at your IP address. Solution: Network Address Translator (NAT). IITB has a NAT (several of them) at the edge. A NAT rewrites IP headers, replaces the private IP, port with a public IP, port. A NAT can handle several (more than 60,000) connections using one public IP and all port numbers. * A more permanent solution to IP address exhuastion is to move to IPv6. IPv6 has 128 bit addresses (instead of 32-bit in IPv4), so everyone (and everything!) can have an IP address. * The concept of tunnelling: suppose you want to communicate between two different IP spaces. For example, you have two organizations that run IPv6 and want to communicate using IPv6, but the network path between them supports only IPv4. Or, two branches of an organization share a private IP address space, but have to communicate over the public Internet to connect the two branches (the motivation for VPN). In such cases, you can tunnel an IP packet inside another IP packet. For example, consider A-B-C-D. The links A-B and C-D are IPv6 (or private IP) and B-C is public IPv4. Now, when B gets a IPv6 packet for D, it puts it inside (as payload) another IPv4 packet whose destination address is C. When C gets this regular looking packet, a field in the header will indicate that the payload is another IP datagram (not a TCP segment for example), so C removes the outer IP header and forwards the original IPv6 datagram to D. This idea of tunneling is widely used in providing VPN access to private address spaces inside an organization as well. In addition to tunneling, VPNs also encrypt data on the public Internet to provide security. * Another addition to IP is ICMP (Internet Control Message Protocol). Whenever an error occurs at the network layer, ICMP message is sent to the source. ICMP message is carried as a payload in an IP datagram. Common ICMP messages are echo reply (in response - to echo request ICMP message, used by ping), TTL expired (used by - traceroute to discovers routers at various hop lengths). * IP fragmentation. Usually, the payload (say, TCP segment) is sized so that one TCP segment fits inside one IP datagram and reaches the receiver intact. However, in some cases, if the maximum transmission unit (MTU) along the path is incorrectly estimated, then an IP datagram may become too big to be send in one piece over a link. In that case, the datagram is fragmented. All fragments of one datagram are given the same identifier. Each datagram has an offset associated with it, specifying where it must be inserted during reassembly. The last fragment has a flag indicating all pieces are done. Fragmentation can happen anywhere along the path, reassembly of all datagrams happens at the receiver.In general fragmentation is avoided because it is expensive, and opens up lots of attacks where weird fragments are sent causing receiver to collapse while trying to fit them together. * What are all the fields in the IP header? Version - 4 bits Header length - 4 bits TOS (type of service) - 8 bits Datagram length - 16 bits Fragmentation related (identifier, offset, flags) - 32 bits TTL - 8 bits Protocol (TCP, UDP etc) - 8 bits Header checksum - 16 bits Source and destination IP addresses - 32 + 32 bits