Data and Computer

Communications
Chapter 18 – Internet Protocols

Ninth Edition
by William Stallings

Data and Computer Communications, Ninth

Edition by William Stallings, (c) Pearson
Education - Prentice Hall, 2011
 Internet Protocols
She occupied herself with studying a map on the
opposite wall because she knew she would have
to change trains at some point. Tottenham Court
Road must be that point, an interchange from the
black line to the red. This train would take her
there, was bearing her there rapidly now, and at
the station she would follow the signs, for signs
there must be, to the Central Line going
westward.
—King Solomon's Carpet.
Barbara Vine (Ruth Rendell)
 
 Internet
 internet
• an interconnected set of networks where each of
the constituent networks retains its identity
 end systems
• devices attached to a network
 intermediate systems
• provide a communications path and perform the
necessary relaying and routing functions
 bridges
• acts as a relay of frames between similar networks
 routers
• routes packets between potentially different networks
Internetworking
Terms
TCP/IP Concepts
 Differences in Networks
 addressing schemes
 maximum packet size
 network access mechanisms
 timeouts
 error recovery
 status reporting
 routing techniques
 user access control
 connection, connectionless
 Connectionless Operation
 Internetworking involves connectionless
operation at the level of the Internet
Protocol (IP)

IP
• initially developed for the DARPA internet
project
• protocol is needed to access a particular
network
Connectionless Internetworking
 Connectionless internet facility is flexible
 IP provides a connectionless service
between end systems.
 Advantages:
• is flexible
• can be made robust
• does not impose unnecessary overhead
 IP
Operation

LAPF : link access

protocol for frame
(frame relay)
 IP Design Issues
 routing
 datagram lifetime
 fragmentation and reassembly
 error control
 flow control
The Internet as a Network
 Routing

source routing
• indicate next
router to which
• source specifies route recording
datagram is sent
• static route to be (for testing &
followed debugging)
• dynamic
• can be useful for
ES / routers maintain security & priority
routing tables
 Datagram Lifetime

 datagrams could loop indefinitely

 consumes resources
 transport protocol may need upper bound on
lifetime of a datagram
• can mark datagram with lifetime
• when lifetime expires, datagram discarded
 Fragmentation and
Re-assembly
 protocol exchanges data between two entities
 lower-level protocols may need to break data up into
smaller blocks, called fragmentation
 reasons for fragmentation:
 network only accepts blocks of a certain size
 more efficient error control & smaller retransmission units
 fairer access to shared facilities
 smaller buffers
 disadvantages:
 smaller buffers
 more interrupts & processing time
 Fragmentation and
Re-assembly
packets get
smaller as data
at destination traverses internet

issue of when to need large buffers

re-assemble at routers

intermediate re- buffers may fill

assembly with fragments

all fragments must

go through same
router
 IP Fragmentation
 IP re-assembles at destination only
 uses fields in header
 Data Unit Identifier (ID)
• identifies end-system-originated datagram
 Data length
• length of user data in octets
 Offset
• position of fragment of user data in original datagram
• in multiples of 64 bits (8 octets)

More flag
• indicates that this is not the last fragment
Fragmentation Example
 Error and Flow Control
 Error control Flow control
 discarded datagram  allows routers to limit
identification is needed the rate they receive
 reasons for discarded data
datagrams include:  send flow control
• lifetime expiration packets requesting
• congestion reduced data flow
• FCS error (ICMP)
(frame check
sequence)
 Internet Protocol (IP) v4

 defined in RFC 791

 www.rfc-editor.org
 partof TCP/IP suite
 two parts

specification of
specification of
actual protocol
interface with a
format and
higher layer
mechanisms
 IP Services
 Primitives  Parameters
 specifies functions to  used to pass data and
be performed control information
 form of primitive
implementation
dependent
 Send : request
transmission of data
unit
 Deliver : notify user of
arrival of data unit
 IP Parameters
 source & destination addresses
 protocol
 type of Service
 identification
 “don’t fragment” indicator
 time to live
 data length
 option data
 user data
 IP Options

route
security
recording

source
routing

stream
identification timestamping
IPv4 Header
 IPv4 Header
 http://www.tcpipguide.com/free/t_IPDatagr
amGeneralFormat.htm

 Important: the « Protocol » field identifies

the nature of the next header (in the data
portion of the IP packet) Ex: TCP, ICMP
 http://www.iana.org/assignments/protocol-num
bers/protocol-numbers.xml
IPv4 Address Formats
 IP Addresses - Class A

 start with binary 0

 all 0 reserved
 01111111 reserved for loopback
• (localhost 127.0.0.1)
 range 1.x.x.x to 126.x.x.x
 IP Addresses - Class B

 start with binary 10

 range 128.x.x.x to 191.x.x.x
 second octet also included in network
address
 214 = 16,384 class B addresses
 IP Addresses - Class C

 start with binary 110

 range 192.x.x.x to 223.x.x.x
 second and third octet also part of network
address
 221 = 2,097,152 addresses
 nearly all allocated
 see IPv6
 IP Addresses
 Decimal code to simplify address
management.  
 00001010  00000000  00000000  00000000 = 10.0.0.0  (classe A)
 Class A examples:
 
• BBN (4.0.0.0) , General Electric (3.0.0.0), Apple
(17.0.0.0), AT&T (12.0.0.0), IBM (9.0.0.0), MIT
(18.0.0.0)
 Class B example :  UQAC (132.212.0.0)
 IP Addresses
 IP addresses index :
 http://cqcounter.com/whois/ip/
 (http://www.ip2location.com/)
 IP Addresses
 Special cases :
 
 "loopback address" : 127.0.0.1
 Non-routable addresses :
• 10.0.0.0       à   10.255.255.255 (Class A)
• 172.16.0.0    à   172.31.255.255 (Class B)
• 192.168.0.0   à   192.168.255.255 (Class C)
 if hostid = 00....0 => IP address of the local network
 if hostid = 111....1 => "broadcast" address of the local
network
 
 IP Addresses
 
 Addresses assigned by central organisations
 IANA (ARIN, RIPR NCC, LACNIC and APNIC)
 InterNIC: www.internic.net (http://www.internic.ca/)
 Godaddy
 IP Addresses
 Configuration

  ipconfig /all
 netmask, default gateway…
 ping 127.0.0.1  (and pinging your own
address)
 Subnets and Subnet Masks
 allows arbitrary complexity of internetworked
LANs within organization
 insulate overall internet from growth of network
numbers and routing complexity
 site looks to rest of internet like single network
 each LAN assigned subnet number
 host portion of address partitioned into subnet
number and host number
 local routers route within subnetted network
 subnet mask indicates which bits are subnet
number and which are host number
IP Addresses and Subnet Masks
 Other
notation used to represent the
netmask: CIDR notation

 The
number after the ‘/’ represents the
number of ‘1’ of the netmask.

 Ex.: 132.212.203.0/24 indicates that

the netmask is 255.255.255.0
 Subnet mask:
 Allows to define netid and subnetid.
Class C address example: 200.123.15.0
 Document 1
 Document 2
 
 Subnets and Subnet Masks
 When is the default gateway actually used ?
Decision based on netmask
 Notes:
 RFC 950 suggest not to use subnets having all 0s and all
1s. (2 subnets not used)
 Modern routers can use those two particular subnets..

 To display routing table on a PC :  netstat –r

• A computer can have more than one interface
 Each has a default gateway
• Example of use : route.xls
 extracted from : Document
Subnets and Subnet Masks
 Subnets and Subnet Masks
 NAT (network address translation)
 Formerly « IP masquarading » (using LINUX)
 Remapping of IP addresses
 Can be implemented in various ways…

 Popular method : « port forwarding »

table of correspondence (stored in the gatway

memory)

Proxy server..
Subnets and Subnet Masks
 Obtaining an IP address
 DHCP :
 dynamic host configuration protocol
 belongs to the application layer
 uses UDP port 68 on the client and port 67 on
the server
 see figure in
http://
wiki.cas.mcmaster.ca/index.php/Dynamic_Host_
Configuration_Protocol
 Information sent by DHCP server
Default gateway
Domain name
Name servers …
 Network adapter
configuration
 In a command window => ipconfig /all

 In a program, one can use GetAdaptersInfo()

https
://msdn.microsoft.com/en-us/library/windows/desktop/aa
366062(v=vs.85).
aspx
 Address Resolution Protocol
(ARP)

need MAC address to send to LAN host

• manual
• included in network address
• use central directory
• use ARP (address resolution protocol)
ARP (RFC 826) provides dynamic “IP to
Ethernet” address mapping
• source broadcasts ARP request
• destination replies with ARP response
 Address Resolution Protocol
(ARP)

Sequence of events :

• See
http://www.tcpipguide.com/free/t_ARPAddressSpecificationandGeneralOperation-2.htm

• Broadcast at the MAC (Ethernet) level

• No IP header => just ARP header

To read the arp table on a PC : arp –a

Note: one can modify the arp table if he has admin status …
(« spoofing »)
 Internet Control Message
Protocol (ICMP)
 RFC 792
 transfer messages from routers and hosts
to hosts
 provides feedback about problems
• datagram cannot reach its destination
• router does not have buffer capacity to forward
• router can send traffic on a shorter route
 encapsulated in IP datagram
 hence not reliable
ICMP Message Format
(inserted at the end of the IP header)
 Common ICMP Messages
 destinationunreachable
 time exceeded (traceroute)
 parameter problem
 source quench
 redirect
 echo & echo reply
 timestamp & timestamp reply
 address mask request & reply
 IP Versions
 IP v 1-3 defined and replaced
 IP v4 - current version
 IP v5 - streams protocol
 IP v6 - replacement for IP v4
 during development, it was called IPng (IP
Next Generation)
 Why Change IP?

address space
exhaustion: requirements for new types of
• two level addressing (network service
and host) wastes space • address configuration
• network addresses used even • routing flexibility
if not connected • traffic support
• growth of networks and the
Internet
• extended use of TCP/IP
• single address per host
 IPv6 RFCs

 RFC 1752 - Recommendations for the IP Next

Generation Protocol
 requirements
 PDU formats
 addressing, routing security issues
 RFC 2460 - overall specification
 RFC 4291 - addressing structure
 IPv6 Enhancements
 expanded 128-bit address space
 improved option mechanism
 most not examined by intermediate routes
 dynamic address assignment (no more
DHCP)
 increased addressing flexibility
 anycast & multicast
 support for resource allocation
 labeled packet flows
 IPv6
 Basics:
• Network prefix (48 bits) + subnet (16 bits) +
interface ID (64 bits)
 Interface ID can be used for additionnal subnet masking
• www.tc.mtu.edu/ipv6/basics.php
• Expanded and Compressed notation (: ::)
 Uncompressed: fc00:0:3:0:0:0:23:a
 Compressed: fc00:0:3::23:a
• Can compress only once
• Leading and ending zeros can be omitted
 Examples: ::1 and fc00:0:3:1ad3::

• Netmask (CIDR notation Ex: /48)

 IPv6
 Basics:
• http://www.tunnelsup.com/subnet-calculator
 Calculate
• 2001:0db8:85a3::8a2e:0370:7334/64
• 2001:0db8:85a3::/48/64 (see subnet prefix)

 Brackets in URL : http://[2001:db8:85a3:8d3:1319:8a2e:370:7348]/

(colon usually defines ports so backets are required to avoid confusion)
 IPv6
 Address types :
 http://www.ripe.net/lir-services/new-lir/ipv6_reference_card.pdf
• Link local addresses are used in one single network
segment, they can't be routed. Unique local addresses can
be routed, but only within one routing domain. So an ISP can
choose to use ULA for services which can't be publicly
accessible.
• Note: the example of unique local addresses is not correct
(should be fc00:f53b:82e4::53)
• Address space still not completely defined
• Ex PC de l’UQAC : fe80::517:ed90:ee5:7e15/10

 http://
www.iana.org/assignments/ipv6-address-s
 IPv6
PDU
(Packet)
Structure
IP v6 Header
 IP v6 Flow Label

 related sequence of packets

 special handling
 A flow is identified by source and destination
addresses + flow label
 router treats flow as sharing attributes
 may treat flows differently (a particular flow uses
the same path -> guarantees same order
delivery)
 alternative to including all information in every
header
 have requirements on flow label processing
 IPv6 Addresses
 128 bits long
 assigned to interface
 single interface may have multiple unicast
addresses

three types of addresses:

• unicast - single interface address
• anycast - one of a set of interface addresses
(still no clear usage of anycast…)
• multicast - all of a set of interfaces
 Hop-by-Hop Options
 must be examined by every router
 if unknown discard/forward handling is specified
 next header
 header extension length
 options
 Pad1
 PadN
 Jumbo payload (> 64kB)
 Router alert
 Fragmentation Header

 In IPv6, fragmentation only allowed at source

 no fragmentation at intermediate routers
 node must perform path discovery to find
smallest MTU of intermediate networks
 set source fragments to match MTU
 otherwise limit to 1280 octets
 Routing Header
 contains a list of one or more intermediate nodes
to be visited on the way to a packet’s destination
• next header
header • header extension length
includes • routing type
• segments left
• initial destination address is first on list
Type 0 routing • current destination address is next on
provides a list list
of addresses • final destination address will be last in
list
 Destination Options Header

carries optional format same as

information for hop-by-hop
destination node header
IPv6 Extension Headers
Virtual Private Network (VPN)
 set
of computers interconnected using an
unsecure network
• e.g. linking corporate LANs over Internet
 usingencryption & special protocols
to provide security against
• eavesdropping
• entry point for unauthorized users
 proprietary solutions are problematical
• development of IPSec standard
 IPSec
 RFC 1636 (1994) identified security need
 encryption and authentication necessary
security features in IPv6
 designed also for use with current IPv4
 applications needing security include:
 branch office connectivity
 remote access over Internet
 extranet and intranet connectivity for partners
 electronic commerce security
 IPSec Functions
authentication header (AH)
• for authentication only

Encapsulating Security Payload (ESP)

• for combined authentication/encryption

a key exchange function

• manual or automated

VPNs usually need combined function

IP Security Scenario
 Benefits of IPsec
 provides strong security for external traffic
 resistant to bypass
 Located below transport layer hence
 => transparent to applications
 can be transparent to end users
 can provide security for individual users if
needed
 IPsec vs https
 https
 encrypts data at the application level
 uses special port 443
 IPsec
 encrypts data at the network level
 all applications data (not only http data) are
encrypted.
 any port can be used
 Summary

 internetworking principles
 Internet protocol operation
 design issues, connectionless operation
 IP
 services, addresses, subnets, ICMP, ARP
 IPv6
 structure, header, addresses
 VPNs and IP Security
 IPsec applications, benefits, functions