jrg liebeherr (modified by m. veeraraghavan) 1 icmp the ping tool traceroute program igmp

© Jörg Liebeherr (modified by M. Veeraraghavan) 1

• ICMP

• The PING Tool

•Traceroute program

•IGMP


• The IP (Internet Protocol) relies on several other protocols to perform necessary control and routing functions.

Control

Routing

ICMP IGMP

EGP RIP BGP OSPF

Orientation


ICMP

• The Internet Control Message Protocol (ICMP) is the protocol used for error and control messages in the Internet.

• ICMP provides an error reporting mechanism of routers to the sources.

• All ICMP packets are encapsulated as IP datagrams.• The packet format is simple:

Type(8 bits)

Code(8 bits)

Checksum(16 bits)

(additional information dependent on Type and Code)

32-bit word0 31


Types of ICMP Packets

• Many ICMP packet types exist, each with its own format.• A Selection:

Type Field: Message Type:0 Echo Reply3 Destination Unreachable4 Source Quench5 Redirect (Change Route)8 Echo Request11 Time Exceeded12 Parameter Problem in Datagram13 Timestamp Request17 Address Mask Request


ICMP Message Types

• ICMP messages are either query messages or error messages. • ICMP query messages:

• Echo request / Echo reply• Router advertisement / Router solicitation• Timestamp request / Timestamp reply• Address mask request / Address mask reply

• ICMP error messages:• Host unreachable• Source quench• Time exceeded • Parameter problem


• Each ICMP error message contains the header and at least the first 8 bytes of the IP datagram payload that triggered the error message.

• Problem: How to prevent that too many ICMP messages are sent ?

(e.g., an ICMP packet could trigger an ICMP packet, which triggers …).

ICMP Error Messages

• ICMP error messages are not sent ...

...for multiple fragments of the same IP datagrams

… in response to an error message

… in response to a broadcast packet

… etc.


Example of a Query: ICMP Timestamp • A system (host or router) asks

another system for the current time.

• Time is measured in milliseconds after midnight UTC (Coordinated Universal Time).

• Sender sends a request, receiver responds with reply.

Type(= 13 or 14)

Code(=0) Checksum

32-bit sender timestamp

identifier sequence number

32-bit receive timestamp

32-bit transmit timestamp

Sender

Receiver

TimestampRequest

TimestampReply


Example of an Error Message: Port Unreachable• There are 16 different ICMP error messages (‘codes’) of type

“Destination Unreachable”(Type = 3)

Code: Message Type:0 Network unreachable1 Host unreachable2 Protocol unreachable3 Port unreachable4 Fragmentation needed but

bit not set5 Source route failed6 Destination network

unknown7 Destination node unknown8 Source host isolated

Code: Message Type:9 Destination network

administratively prohibited10 Destination host

administratively prohibited11 Network unreachable for TOS12 Host unreachable for TOS13 Communication administra-

tively prohibited by filtering14 host precedence violation15 precedence cutoff in effect


ICMP Port Unreachable

• RFC 792: If, in the destination host, the IP module cannot deliver the datagram because the indicated protocol module or process port is not active, the destination host may send a port unreachable message to the source host.

• Scenario:

Client

Request a serviceat a port No. 1234

Server

No process is waiting at Port 1234

Port

Unreachabl

e



• Format of the Port Unreachable Message

EthernetHeader IP header ICMP

headerIP header of datagram

from clientat least 8 bytes from IP

payload of client

Type(= 3)

Code(=0-15) Checksum

Unused (Set to 00...0)

ICMP Message

Note: Both UDP and TCPstore the Port Number in the

first 8 bytes !Code = 3 for Port Unreachable


The PING program

• PING (=Packet InterNet Gopher) is a program that utilizes the ICMP echo request and echo reply messages.

• PING is used to verify if a certain host is up and running. It is used extensively for fault isolation in IP networks.

• PING can be used with a wide variety of options, e.g, :

-R Record route. Includes the RECORD_ROUTE option in the ECHO_REQUEST packet and displays the route buffer on

returned packets. -s packetsize Specifies the number of data bytes to be sent (Default is

56)(In newer implementations, -s is used to continuously generate

queries)


Echo Request and Reply

• PING’s are handled directly by the kernel.• Each Ping is translated into an ICMP Echo Request.• The Ping’ed host responds with an ICMP Echo Reply.

AIDA

ICMP ECHO REQUEST

MNG

ICMP ECHO

REPLY


Format of Echo Request and Reply

Type(=0 or 8)

Code(=0) Checksum

optional

identifier sequence number

•Identifier is set to process Id of querying process.•Sequence number is incremented for each new echo request.


Running Ping

aida: ping mng.poly.eduPING mng.poly.edu (128.238.42.105): 56 data bytes64 bytes from 128.238.42.105: icmp_seq=0 ttl=128 time=0.718 ms64 bytes from 128.238.42.105: icmp_seq=1 ttl=128 time=3.408 ms64 bytes from 128.238.42.105: icmp_seq=2 ttl=128 time=3.171 ms64 bytes from 128.238.42.105: icmp_seq=3 ttl=128 time=0.701 ms64 bytes from 128.238.42.105: icmp_seq=4 ttl=128 time=0.693 ms64 bytes from 128.238.42.105: icmp_seq=5 ttl=128 time=1.528 ms64 bytes from 128.238.42.105: icmp_seq=6 ttl=128 time=0.689 ms64 bytes from 128.238.42.105: icmp_seq=7 ttl=128 time=3.077 ms^C--- mng.poly.edu ping statistics ---8 packets transmitted, 8 packets received, 0% packet lossround-trip min/avg/max = 0.689/1.748/3.408 ms


Running Ping to a different machine

Aida: ping www.cologne.dePING fileserv1.cologne.de (194.94.233.1): 56 data bytes64 bytes from 194.94.233.1: icmp_seq=0 ttl=240 time=447.080 ms64 bytes from 194.94.233.1: icmp_seq=1 ttl=240 time=368.383 ms64 bytes from 194.94.233.1: icmp_seq=2 ttl=240 time=353.992 ms64 bytes from 194.94.233.1: icmp_seq=3 ttl=240 time=323.380 ms64 bytes from 194.94.233.1: icmp_seq=4 ttl=240 time=353.782 ms64 bytes from 194.94.233.1: icmp_seq=5 ttl=240 time=326.356 ms^C--- fileserv1.cologne.de ping statistics ---7 packets transmitted, 6 packets received, 14% packet lossround-trip min/avg/max = 323.380/362.162/447.080


Running Ping on a different machine

duke% ping mngmng.poly.edu is alive


Traceroute program

• Uses ICMP and TTL rather than the IP Record Route option• Why not use RR option?

– RR option not always implemented in routers– RR is a one-way option - need to get a return message– Room allocated in options field not sufficient


Traceroute operation

Router Router

IP datagram (TTL=1;dest.=D)

ICMP Time Exceeded

IP datagram (TTL=2;dest.=D)

UDP datagram (large portnumber > 30,000)


HostD

HostS

ICMP Time Exceeded


LAN Output

Svr4% traceroute slip

traceroute to slip (140.252.3.65), 30 hops max, 40 byte packets

1 bsdi (140.252.13.35) 20ms 10ms 10ms

2 slip (140.252.13.65) 120ms 120ms 120ms

• At each TTL value, three datagrams are sent– Times correspond to the round-trip times for each

datagram


IP Source routing option

• Sender specifies the route– Strict source routing: sender specifies exact path; if the

next hop in the source route isn’t a directly connected network, an ICMP “source route failed” error is returned

• traceroute -G netb -G gateway -G gabby westgate– Loose source routing: sender specifies a list of IP

addresses that the datagram must traverse, but in addition,it can traverse other routers between any two addresses in the list

• traceroute -g netb -g gabby westgate


Format of source route option in IP header

• Code: 0x83 for loose source routing; 0x89 for strict source routing

• Ptr: points to the next router address in the list

code len ptr IPAddr #2IPAddr #1 IPAddr #9

39 bytes

1 1 1 4 bytes 4 bytes 4 bytes

......


Fields in the source route option

• Len: length of the option in bytes. It can be a maximum of 39 bytes (36 for the 9 IP addresses and 3 bytes for code, len, ptr)

• Ptr: 1-based index into the 39-byte option of where to store (or use) the next address. In the record route option, it indicates where to store; in source route option, it indicates the next address to use. Min. value is 4; it changes to 8, 12, 16, upto 36. When it is 40, it means the option is full.


Example of IP source routing

• Host S sends a source routed datagram to destination D• Note: Destination IP address changed on each hop• RFC 791 does not say anything about the source address in

the IP header changing. So the source address stays the same even with source routing.

• In hop-by-hop routing, both source and destination addresses stay unchanged.

S DR3R2R1dest=R1{#R2,R3,D} {R1,#R3,D}

dest=R2 dest=R3 dest=D

{R1, R2, R3#}{R1,R2,#D}

dest=D{#R1,R2,R3}


How source routing works

• Sending host gets source list from the application. It removes the first entry and makes it the destination address of the IP header (R1). It leaves the ptr at 4, moves entries 1 position to the left; hence #R2, R3, D. The # sign indicates where the ptr is pointing. It adds the destination address to the end of the source route list in the source route option field.

• Each router checks if it is the destination; – if not, it just forwards the datagram. This can happen if

loose source routing is used; only then the source routing module can get the packet.


How source routing works (Contd.)

– If it is the destination, and ptr is not greater than length, next address in the source list becomes the destination address of the IP packet.

– IP address of outgoing interface becomes source address just used and ptr is incremented. Hence {R1, #R3, D}.

– Using above approach the source list received at the far end can be used to supply a reverse route in its reply.

R1 R2135.170.98.2 135.170.58.4

Dest=R1=135.170.98.2 {R1=135.170.58.4, #R2, D}

R1 has different values on the two sides


IP Multicasting

• Multicasting is one-to-many or many-to-many communications.

Unicast Broadcast Multicast

• IP supports multicasting via the help of additional routing protocols.


The IP Protocol Stack

• IP Multicasting only supports UDP at the higher layers (there is no multicast TCP !).

Socket Layer

Network Interface

Internet Protocol (IP)

TCP UDP

Stream

User Level

IP Multicast

SocketsDatagramSockets

MulticastSockets

RTP


IP Multicasting

• There are three essential components of the IP multicast service:

• IP Multicast Addressing• IP Group Management • Multicast Routing

• We will discuss addressing and group management


Semantics of IP Multicast

• There are many different ways to implement multicast communications.

• IP multicast works as follows:• Multicast groups are identified by a class D address.• Hosts (more precisely: interfaces) can join and leave a

multicast group dynamically• Every IP datagram sent to a multicast group is

transmitted to all members of the group


Multicast Addressing

Class D 1 multicast group id28 bits

01 1

• All Class D addresses are multicast addresses:

Class From To

D 224.0.0.0 239.255.255.255


Types of Multicast addresses

• Special and reserved Class D addresses, e.g,

224.0.0.1 All systems on this subnet224.0.0.2 All routers on this subnet224.0.1.1 NTP (Network Time Protocol)224.0.0.9 RIP-2 (a routing protocol)


Multicast Address Translation

• The leftmost byte (first byte) of any ethernet address must be 01 to specify a multicast address• Ethernet addresses corresponding to IP multicasting are in the range of 01:00:5e:00:00:00 to 01:00:5e:7f:ff:ff• Why map an IP multicast address to an ethernet multicast address?

– To avoid sending one ethernet frame per host– Hosts in multicast group will enable their ethernet device drivers to receive these multicast frames - called

“joining the multicast group”


Multicast Address Mapping

0000000100000000 01011110 0------- EthernetAddress

1110xxxx x------- -------- -------- Class DIP Address

IdentifesClass D

Ignored 23-bitaddress

-------- --------

Ethernet Addresseswith 01:00:5e in thefirst 3 bytes arereserved for IPmulticast


Not unique mapping

• Mapping procedure is not unique– 32 different multicast IP (Class D) addresses will map to the

same multicast ethernet address– Example:224.128.64.32 (hex: e0.80.40.20) and 224.0.64.32

(hex: e0:00:40:20) both map to the ethernet address 01:00:5e:00:40:20

• Ethernet device driver or IP module may need to perform filtering since the interface card may receive multicast frames in which the host is really not interested

Interface card Device Driver IP


IGMP

• The Internet Group Management Protocol (IGMP) is a simple protocol for the support of IP multicast.

• IGMP is defined in RFC 1112.• IGMP is used by multicast routers to keep track of

membership in a multicast group.• Support for:

– Joining a multicast group– Query membership– Send membership reports


IGMP Packet Format

• IGMP messages are only 8 bytes long

Ethernet Header IP header IGMPMessage

8 bytes20 bytes14 bytes

Version(= 1)

Type(=1-2) (unused)

32-bit Class D address

Checksum

•Type: 1 = query sent by router, 2 = report sent by host


IGMP Protocol

MulticastRouter

Host A Host B

Ethernet

IGMP query

IGMP Report


• A host sends an IGMP report when it joins a multicast group (Note: multiple processes on a host can join. A report is sent only for the first process).

• No report is sent when a process leaves a group.• A multicast router regularly multicasts an IGMP query to all

hosts (group address is set to zero).• A host responds to an IGMP query with an IGMP report.• Multicast router keeps a table of which of its interfaces have one or more

hosts in a multicast group. When the router receives a multicast datagram to forward, it forwards the datagram only out the interfaces that still have hosts with processes belonging to that group.

IGMP Protocol


IGMP Protocol

MulticastRouter

Host A Host B

Ethernet

IGMP queryIGMP group address = 0Dest IP address = 224.0.0.1src IP addre = router's IP address

IGMP reportIGMP group address = group addressDest IP address = group addresssrc IP addre = host's IP address

224.0.0.1 means all systems on this subnet

Router is asking each host to identify each group on that interface

jrg liebeherr (modified by m. veeraraghavan) 1 icmp the ping tool traceroute program igmp

Documents