chapter 5: internet protocols bits 2513: internet technology
TRANSCRIPT
Chapter 5: Internet Protocols
BITS 2513: Internet Technology
To support the Internet and all its services, many protocols are necessary.
Some protocols that we will look at:• IP • IPv6• ARP: Address Resolution Protocol• ICMP: Internet Control Message Protocol• TCP (Transmission Control Protocol) • UDP (User Datagram Protocol)• SMTP (Simple Mail Transfer Protocol) • SNMP (Simple Network Management Protocol)
Protocol
• A protocol is set of rules and conventions used to impose a standardized, structured language for the communication between multiple parties.
• For example, a protocol might define the order in
which information is exchanged between two parties.
• In fact, a data exchange can only take place between two computers using the same protocol.
IP : Internet Protocol• IP is the standard that defines the manner in which the network layers of
two hosts interact. These hosts may be on the same network or reside on physically distinct heterogeneous networks.
• IP provides a connectionless, unreliable, best-effort packet delivery service.
• A best-effort delivery service means that packets might be discarded during transmission, but not without a good reason.
• It has two primary responsibilities:
1. providing connectionless, 2. best-effort delivery of datagrams through a network and providing fragmentation
and reassembly of datagrams to support data links with different maximum-transmission unit (MTU) sizes. The IP addressing scheme is integral to the process of routing IP datagrams through an internetwork. Each IP address has specific components and follows a basic format. These IP addresses can be subdivided and used to create addresses for subnetworks.
The Internet Protocol (IP)
• IP prepares a packet for transmission across the Internet.
• The IP header is encapsulated onto a transport data packet.
• The IP packet is then passed to the next layer where further network information is encapsulated onto it.
IP Packet
IPv6
• IPv6 is also called next generation IP or IPng. • The increasing in Web-based business has created
immense demand for Internet addresses. • Currently, most Web sites use IPv4 networking, but this
protocol is running out of address space.
• The IPv6 networking foundation, which is compatible and interoperable with IPv4, was created to solve these problems:– Exhaustion of the IPv4 address space – Exhaustion of the capacity for global routing tables – Complexities in configurations – Poor security at the IP level – Poor delivery of real-time data
ASSIGNMENT 2 (Part 1)
• IPv6 is now gaining popularity compared to IPv4 addressing.– What do you understand about IPv6?– List down and describe the differences between IPv4
and IPv6 addressing– List down and describe the similarities between IPv4
and IPv6– What are the advantages of using IPv6 addressing?
• Please submit latest by 24th October 2011
ARP (address resolution protocol)
• Address resolution provides a mapping between two different forms of addresses– 32-bit IP addresses and whatever the
data link uses• ARP is a protocol used to do address
resolution in the TCP/IP protocol suite (RFC826)
• ARP provides a dynamic mapping from an IP address to the corresponding hardware address
Why it is needed?ARP
The address resolution protocol is needed
• because IP addresses only make sense to
the TCP/IP protocol suite.
• A data link, such as Ethernet, has its own
addressing scheme to which any network
layer using the data link must conform.
Basic Idea
• ARP is required on multi-access channels and relies on the ability to broadcast
• The protocol is simple:– broadcast a packet containing the IP address
of the destination machine– the machine with that address, or possibly a
server, sends a reply containing the hardware address
– upon receipt the hardware address is used to send the original packet
ARP Cache
• Essential to the efficient operation of ARP is the maintenance of a cache on each host
• The cache maintains the recent IP to physical address mappings
• Each entry is aged (usually the lifetime is 20 minutes) forcing periodic updates of the cache
• ARP replies are often broadcast so that all hosts can update their caches
Step when ARP request packet generated
– The IP module sends a packet, destined for another host in the network, to the ARP module.
– The ARP module looks up the ARP table (cache) to resolve the IP address.
– If the supplied IP address is present in the ARP cache, it is resolved into its Ethernet address.
– If the ARP module is not able to find an entry for this IP address in the ARP cache, then it sends an ARP request packet to the Ethernet driver, to resolve the IP address to the Ethernet address.
– After the IP address is resolved by the ARP module, the packet is sent to the Ethernet driver for transmission.
Step for ARP request packet is received by a host
– If the IP address to be resolved is for this host, then the ARP module sends an ARP reply packet with its Ethernet MAC address.
– If the IP address to be resolved is for this host, then the ARP module updates its ARP cache with the source Ethernet MAC address to source IP address mapping present in the ARP request packet. If the entry is already present in the cache, it is overwritten. If it is not present, it is added.
– If the IP address to be resolved is not for this host, then the ARP module discards the ARP request packet.
arp Commnd
• The arp command on a Unix system can be used to see the contents of the ARP cachekiev> arp -aNet to Media TableDevice IP Address Mask Flags Phys Addr------ -------------------- --------------- ----- ---------------hme0 redshirt 255.255.255.255 00:60:08:8b:e9:aahme0 tiger 255.255.255.255 08:00:20:85:f6:8dhme0 thunderbolt 255.255.255.255 08:00:20:9a:af:60hme0 starfury 255.255.255.255 08:00:20:9a:af:79hme0 cs3-router 255.255.255.255 00:10:11:09:f0:28hme0 epsilon3-38 255.255.255.255 08:00:20:86:71:c0hme0 mordor-38 255.255.255.255 08:00:20:96:01:adhme0 itlabman 255.255.255.255 00:00:c0:65:d7:b9hme0 joanne 255.255.255.255 00:05:02:59:51:52hme0 laurie 255.255.255.255 00:05:02:79:c4:20hme0 kiev 255.255.255.255 SP 08:00:20:9e:f2:99
ARP Packet Format
168
Sender’s Protocol Address
Target Hardware Address
31
Hardware Type
Hardware Size Protocol Size Operation
Protocol Type
Sender’s Hardware Address (for Ethernet 6 bytes)
Target Hardware Address
Target Protocol Address
Sender’s Hardware Address
Sender’s Protocol Address
Proxy ARP
• Proxy ARP lets a router answer ARP requests on one of its networks for a host on another of its networks
• This fools the sender of the ARP request into thinking that the router is the destination
• The router is acting as a proxy agent for the destination, relaying packets to it from other hosts
Proxy ARP
• Proxy ARP is also known as promiscuous ARP or the ARP hack
• The names come from the other use of proxy ARP: to hide two physical networks from each other, with a router between the two
• This has been used to separate hosts running two different versions of TCP/IP
Gratuitous ARP
• Gratuitous (Unnecessary ) ARP occurs when a host sends an ARP request looking for its own IP address
• This can happen at bootstrap time• Gratuitous ARP provides two features
– it lets a host determine if another host is already configured with the same IP address
– if the host sending the gratuitous ARP has just changed its hardware address, the packet causes other hosts on the net to update their ARP cache entries
Issues
• ARP will be a dangerous protocol– a bogus host can issue a gratuitous ARP and
change cache entries– a bogus host can send replies giving its own
hardware address (instead of the target)
• Broadcasting can be expensive– excessive use of bandwidth– CPU costs
ICMPInternet Control Message Protocol • is used by routers and nodes, performs
the error reporting for the Internet Protocol.
• is a helper protocol that supports IP with facility for – Error reporting (invalid IP address, invalid
port address and the packet has hopped too many times)
– Simple queries
ICMP (Cont)
• ICMP messages are encapsulated as IP datagrams:
IP header ICMP message
IP payload
ICMP message format
additional informationor
0x00000000
type code checksum
bit # 0 15 23 248 317 16
4 byte header:• Type (1 byte): type of ICMP message• Code (1 byte): subtype of ICMP message• Checksum (2 bytes): similar to IP header checksum.
Checksum is calculated over entire ICMP message
If there is no additional data, there are 4 bytes set to zero. each ICMP messages is at least 8 bytes long
ICMP Query message
ICMP query:
• Request sent by host to a router or host
• Reply sent back to querying host
Host
ICMP Request
Host or router
ICMP Reply
ICMP Error message
• ICMP error messages report error conditions • Typically sent when a datagram is discarded• Error message is often passed from ICMP to the
application program
Host
IP datagram
Host or router
ICMP ErrorMessage
IP datagramis discarded
ASSIGNMENT 2 (Part 2)
• TCP and UDP are the most used transport protocol in the network. – What are the advantages of using TCP over UDP? List down
and describe.– TCP is a reliable method because it creates connection first
before sending data through the 3-way handshake. Describe.– UDP is not a reliable method to transport data because it does
not have Acknowledgement (ACK) packet. However, it is still used in the Internet as one of the most popular transport method. Describe why.
• Please submit latest by 24th October 2011
SMTPSimple Mail Transfer Protocol
• is the protocol which the majority of all mails are transferred around the Internet.
• For Ability Mail Server to be able to receive mails it uses a built in SMTP server which handles and processes all incoming mail.
• SMTP is an essential part of Ability Mail Server and in most circumstances should always be enabled.
• The SMTP service can generally be used in 2 different ways. 1. To accept mail from the Internet, usually from other mail servers,
and then deliver it to local accounts (incoming mail traffic).2. To allow local users to use the SMTP for their outbound mail,
which the mail server should deliver to the correct local or external account
Network Management
SNMP -History
Simple Network Management Protocol
• SNMP is the prevailing standard for management of TCP/IP networks. SNMP is layered on top of UDP, the User Datagram Protocol.
• An SNMP management station monitors and controls a managed node by issuing requests directed to the agent residing in the managed node. The agent interprets the request and performs the function accordingly.
• All SNMP transactions take place using PDUs (Protocol Data Units).
• IETF RFCs 1155, 1156, and 1157 define the Simple Network Management Protocol (SNMP)
• The Internet community developed SNMP to allow diverse network objects to participate in a global network management architecture.
• Network managing systems can poll network entities implementing SNMP for information relevant to a particular network management implementation.
• Network management systems learn of problems by receiving traps or change notices from network devices implementing SNMP.
Security in SNMP
• SNMP v1 – very limited security
- Security in SNMP is commonly referred to as trivial authentication.
- You must know the device’s IP address in order to talk to it.
- Your must also know the community string, a “password” that is sent in clear text as part of the SNMP message.
Security improvements – SNMP V3
• SNMPv3 provides encryption and authentication as part of the core protocol. Specifically, SNMPv3 with USM (User based security model) recognizes three levels of security:
1. Without authentication and without privacy (noAuthNoPriv)
2. With authentication but without privacy (authNoPriv)
3. With authentication and privacy (authPriv)