Page 1Peter A. Steenkiste, SCS, CMU1Lecture 11IP Wrap upPeter SteenkisteSchool of Computer ScienceCarnegie Mellon University15-441 Networking, Spring 2004http://www.cs.cmu.edu/~prs/15-441Peter A. Steenkiste, SCS, CMU2Outlinez NAT.z Tunneling.z IPv6.z SNMP.z MPLS.z Multicast.Page 2Peter A. Steenkiste, SCS, CMU3B IPB IPNATsz NAT maps (private source IP, source port) onto (public source IP, unique source port)» reverse mapping on the way back» destination host does not know that this process is happeningz Very simple working solution.» NAT functionality fits well with firewallsPubl A IPPubl A IPB IPB IPA Port’A Port’B PortB PortPriv A IPPriv A IPB IPB IPA PortA PortB PortB PortPubl A IPPubl A IPB PortB PortB IPB IPPriv A IPPriv A IPB PortB PortA PortA PortA Port’A Port’ABPeter A. Steenkiste, SCS, CMU4NAT Considerationsz NAT has to be consistent during a session.» Set up mapping at the beginning of a session and maintain it during the session» Recycle the mapping that the end of the session– May be hard to detectzNAT only work for certain applications.» Some applications (e.g. ftp) pass IP information in payload» Need application level gateways to do a matching translationzNAT has to be consistent with other protocols.» ICMP, routing, …zMany flavors of NAT exist.» Basic, network address port translation (NAPT), bi-directional,..Page 3Peter A. Steenkiste, SCS, CMU5Tunnelingz Force a packet to go to a specific point in the network.» Path taken is different from the regular routingz Achieved by adding an extra IP header to the packet with a new destination address.» Similar to putting a letter in another envelop» preferable to using IP source routing optionz Used increasingly to deal with special routing requirements or new features.» Mobile IP,..» Multicast, IPv6, research, ..Data IP1 IP2IP2IP1Peter A. Steenkiste, SCS, CMU6IP-in-IP Tunnelingz Described in RFC 1993.z IP source and destination address identify tunnel endpoints.z Protocol id = 4.» IPz Several fields are copies of the inner-IP header.» TOS, some flags, ..z Inner header is not modified, except for decrementing TTL.V/HLV/HLTOSTOSLengthLengthIDIDFlags/OffsetFlags/OffsetTTLTTL44H. ChecksumH. ChecksumTunnel Entry IPTunnel Entry IPTunnel Exit IPTunnel Exit IPV/HLV/HLTOSTOSLengthLengthIDIDFlags/OffsetFlags/OffsetTTLTTLProt.Prot.H. ChecksumH. ChecksumSource IP addressSource IP addressDestination IP addressDestination IP addressPayloadPayloadPage 4Peter A. Steenkiste, SCS, CMU7Tunneling ExampleADBECHIJKFGFA->KPayloadA->KPayloadA->KPayloadC->Fa -> b j -> ke -> ftunnelPeter A. Steenkiste, SCS, CMU8Tunneling Considerationsz Implementation diversity.» Some diversity in the implementation» Sometimes merged with multicast code (early versions)zPerformance.» Tunneling adds (of course) processing overhead» Tunneling increases the packet length, which may cause fragmentation– BIG hit in performance in most systems– Tunneling in effect reduces the MTU of the path, but end-points often do not know thisz Security issues.» Should verify both inner and outer headerPage 5Peter A. Steenkiste, SCS, CMU9Tunneling Applicationsz Virtual private networks.» Connect subnets of a corporation using IP tunnels» Often combined with IP SeczSupport for new or unusual protocols.» Routers that support the protocols use tunnels to “bypass” routers that do not support it» E.g. multicastzForce packets to follow non-standard routes.» Routing is based on outer-header» E.g. mobile IPPeter A. Steenkiste, SCS, CMU10IP v6z “Next generation” IP.z Most urgent issue: increasing address space.» 128 bit addresses z Simplified header for faster processing.z Many other changes.z Support for guaranteed services: priority and flow idz Options handled as “next header”» reduces overhead of handling optionsV/PrV/PrFlow labelFlow labelLengthLengthNextNextHop LHop LSource IP addressSource IP addressDestination IP addressDestination IP addressPage 6Peter A. Steenkiste, SCS, CMU11IPv6 Addressingz 128 bit addresses with complex structure.z Examples: format for local configuration, geographical addressing, IPv4 backwards compatible, ..z Provider-based unicast addressing extends the format used in IPv4 with CIDR.Registry010 Provider HostSubNetSubscriberPeter A. Steenkiste, SCS, CMU12Migration from IPv4 to IPv6z Interoperability with IP v4 is necessary for gradual deployment.z Two complementary mechanisms:» dual stack operation: IP v6 nodes support both address types» tunneling: tunnel IP v6 packets through IP v4 cloudszAlternative is to create IPv6 islands, e.g. corporate networks, ...» Use of form of NAT to connect to the outside world» NAT must not only translate addresses but also translate between IPv4 and IPv6 protocolsPage 7Peter A. Steenkiste, SCS, CMU13IPv6 Discussionz Unfortunately there is little motivation for any one organization to move to IP v6.» the challenge is the existing hosts (using IPv4 addresses)» little benefit unless one can consistently use IPv6– can no longer talk to IPv4 nodes directlyzPeople have continued to improve the IPv4 infrastructure.» stretching address space through address translation seems to work reasonably well» New standards, e.g. IP Sec, diff serv, ..zNetworking increasingly supports IPsec.Peter A. Steenkiste, SCS, CMU14Network Managementz What to do when there is a problem?» Loss of connectivity, complaints of slow throughput, ..zHow do you know how busy your network is?» Where are the bottlenecks, is it time for an upgrade, redirect traffic, ..z How can you spot unusual activity?» Somebody attacking a subnet, ..zThese are all hard problems that are typically addressed using multiple tools, but the ability to monitor network status is a common requirement.» “Static” information: what is connected to what?» Dynamic information: what is the throughput on that link?Page 8Peter A. Steenkiste, SCS, CMU15Simple Network Management Protocol (SNMP)z Protocol that allows clients to read and write management information on network elements.» Routers, switches, …» Network element is represented by an SNMP agentz Information is stored in a management information base (MIB).» Have to standardize the naming, format, and interpretation of each item of information» Ongoing activity: MIB entries have to be defined as new technologies are introducedzDifferent methods of interaction supported.» Query response interaction: SNMP agent answers questions» traps: agent notifies
View Full Document
Unlocking...