IT 263 Spring 2006/2007 John Kristoff - DePaul University 1Applied Networks & SecurityThe Internet Protocol (IP)http://condor.depaul.edu/~jkristof/it263/John [email protected] 263 Spring 2006/2007 John Kristoff - DePaul University 2Will layer 2 networking suffice?IT 263 Spring 2006/2007 John Kristoff - DePaul University 3Layer 2 networking services•Physical link specific connectivity•Link unique addressing (identification)•Limited number of station attachments•Limitation size, scope and scaleIT 263 Spring 2006/2007 John Kristoff - DePaul University 4Layer 3 networking services•Internetworking for data link technologies•Globally unique addressing•Scalable (hierarchical) routing•Common communications format across hosts•Packet fragmentation capability•Hardware independent interface•Packet independenceIT 263 Spring 2006/2007 John Kristoff - DePaul University 5The Internet Protocol (IP)•Connectionless•Unreliable•Simple (relatively)•The thin waist in the hourglass modelIT 263 Spring 2006/2007 John Kristoff - DePaul University 6What can IP do for us?•Abstracts multiple and various data link networks•Common communications format•Hardware independence•Upper layer independence•Per-packet independence•Global, abstracted not data link specific, addressing•Scalable routing (so far anyway)•Packet fragmentation capabilityIT 263 Spring 2006/2007 John Kristoff - DePaul University 7IP layer in perspective•Layer 1 has repeaters, hubs, modems, etc.•Layer 2 has bridges/switches•IP (layer 3) has routers•Bridges segment layer 2 networks•Routers segment layer 3 networks•Hosts need to know nothing about bridges/switches to talk to hosts on the other side of the bridge/switch•Hosts need to know about routers to talk to hosts on the other side of routersIT 263 Spring 2006/2007 John Kristoff - DePaul University 8Bridging versus IP routing•Bridges learn where all other hosts are by examining source addresses in transmissions•Bridges learn who is “root bridge” and sets ports to forward or block to avoid loops based on this•Routers only learn about specific hosts directly attached to local interfaces, using ARP if necessary•Routers learn (or use static mappings) where other IP networks are and can use one or more equal paths to “forward” packets to themIT 263 Spring 2006/2007 John Kristoff - DePaul University 9Hierarchical RoutingIT 263 Spring 2006/2007 John Kristoff - DePaul University 10IP datagram*diagram courtesy of http://www.netbook.cs.purdue.eduIT 263 Spring 2006/2007 John Kristoff - DePaul University 11Inside an IP datagram•Version field•Usually set to binary 0100 (is what in decimal?)•Header length•Length of IP header in 32-bit words (4 octets)•Typically set to 5 (as in 5 * 4 octets = 20 bytes)•Type of Service (Tos) – redefined in newer RFCs•An indication of quality/class of service•Rarely used with success outside a single ASIT 263 Spring 2006/2007 John Kristoff - DePaul University 12Inside an IP datagram [cont.]•Total length•total IP datagram length in octets•maximum value is 65535, but rarely > 1500•Identification•to identify fragments of a single IP datagram•experimentally used in tracing DDoS sources•Flags•bit 0 reserved•others for fragmentation handling (DF/MF)IT 263 Spring 2006/2007 John Kristoff - DePaul University 13Inside an IP datagram [cont.]•Fragment offset•helps piece together fragments•Time to live (TTL)•limts the number of router hops datagram incurs•counts down to zero, at zero it is discarded•Protocol type•indicates next (upper?) layer protocol in payload•Does it have to be an “upper” layer?IT 263 Spring 2006/2007 John Kristoff - DePaul University 14Inside an IP datagram [cont.]•Header checksum•used to verify header validity at each hop•Source/Destination address•32-bit addresses•Options (optional, duh)•rarely used, padded to 32-bit boundary if needed•Payload (next protocol plus it's data)•variable lengthIT 263 Spring 2006/2007 John Kristoff - DePaul University 15IP address•Virtual, not specific to a hardware device•32-bit fixed address length (IPv4)•Unique address for each interface (typically)•Global registrar or upstream provider assigns network bits (prefix)•Local network admin assigns subnet and host bits (suffix)•Usually written in dotted decimal (dotted quad)•e.g. 140.192.5.1IT 263 Spring 2006/2007 John Kristoff - DePaul University 16IP address types•Unicast (one-to-one)•source addresses should always be unicast•Multicast (one-to-many)•receivers join/listen to group destination address•Broadcast (one-to-all)•special case of multicast, usually unnecessary•Anycast (one-to-one-of-many)•usually one-to-nearest, often used for reliabilityIT 263 Spring 2006/2007 John Kristoff - DePaul University 17IP address notation*diagram courtesy of http://www.netbook.cs.purdue.eduIT 263 Spring 2006/2007 John Kristoff - DePaul University 18Special IP addresses*diagram courtesy of http://www.netbook.cs.purdue.eduIT 263 Spring 2006/2007 John Kristoff - DePaul University 19Classful IP addressing*diagram courtesy of http://www.netbook.cs.purdue.eduIT 263 Spring 2006/2007 John Kristoff - DePaul University 20Classful address sizes*diagram courtesy of http://www.netbook.cs.purdue.eduIT 263 Spring 2006/2007 John Kristoff - DePaul University 21Example IP network*diagram courtesy of http://www.netbook.cs.purdue.eduIT 263 Spring 2006/2007 John Kristoff - DePaul University 22Example IP router addressingdiagram courtesy of http://www.netbook.cs.purdue.eduIT 263 Spring 2006/2007 John Kristoff - DePaul University 23Let's look at a “route server”•http://www.routeviews.org•We'll telnet into a router and look around, particularly at the routing tableIT 263 Spring 2006/2007 John Kristoff - DePaul University 24Classful addressing limitations•Internet growth and address depletion•Route table size (potentially lots of class C nets)•Misappropriation of addresses•Lack of support for varying sized networks•Class B is often too big, Class C often too smallIT 263 Spring 2006/2007 John Kristoff - DePaul University 25IP addressing solutions•Subnetting•Supernetting•Classless interdomain routing (CIDR)•Variable length subnet masks (VLSM)•BOOTP and DHCP (temporary addresses)•NATs with port address translation (yucky!)IT 263 Spring 2006/2007 John Kristoff - DePaul University 26SubnettingIT