1 / 75

COMS/CSEE 4140 Networking Laboratory Lecture 02

COMS/CSEE 4140 Networking Laboratory Lecture 02. Salman Abdul Baset Spring 2008. Previous lecture…. Introduction to the lab equipment A simple TCP/IP example Overview of important networking concepts. Previous lecture…. Web request.

noah
Download Presentation

COMS/CSEE 4140 Networking Laboratory Lecture 02

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. COMS/CSEE 4140 Networking LaboratoryLecture 02 Salman Abdul Baset Spring 2008

  2. Previous lecture… • Introduction to the lab equipment • A simple TCP/IP example • Overview of important networking concepts

  3. Previous lecture… Web request • A user on host argon.netlab.edu (“Argon”) makes web access to URL http://neon.netlab.edu/index.html. • What actually happens in the network? Web page Web client Web server

  4. Agenda • Administrivia • MICE access, lab groups. • Data Link Protocols • Address Resolution Protocol (ARP) • Internet Protocol (IP)

  5. Terminology • Frame • Data link layer terminology for a data unit • Includes error correction • Packet • Network layer and above • PDU • Protocol specific

  6. TCP/IP Suite and OSI Reference Model • The TCP/IP protocol stack does not define the lower layers of a complete protocol stack • How does the TCP/IP protocol stack interface with the data link layer?

  7. Data Link Layer • The main tasks of the data link layer are: • Transfer data from the network layer of one machine to the network layer of another machine • Convert the raw bit stream of the physical layer into groups of bits (“frames”)

  8. Two types of networks at the data link layer • Broadcast Networks: All stations share a single communication channel • Point-to-Point Networks: Pairs of hosts (or routers) are directly connected • Typically, local area networks (LANs) are broadcast and wide area networks (WANs) are point-to-point

  9. Local Area Networks • Local area networks (LANs) connect computers within a building or a enterprise network • Almost all LANs are broadcast networks • Typical topologies of LANs are bus or ring or star • We will work with Ethernet LANs. Ethernet has a bus or star topology. • Comparing topologies: workstation vs. cable failure? Star LAN

  10. MAC and LLC • In any broadcast network, the stations must ensure that only one station transmits at a time on the shared communication channel • The protocol that determines who can transmit on a broadcast channel are called Medium Access Control (MAC) protocol • The MAC protocol are implemented in the MAC sublayer which is the lower sublayer of the data link layer • The higher portion of the data link layer is often called Logical Link Control (LLC)

  11. IEEE 802 Standards • IEEE 802 is a family of standards for LANs, which defines an LLC and several MAC sublayers

  12. Ethernet and IEEE 802.3: Any Difference? • There are two types of Ethernet frames in use, with subtle differences: • “Ethernet” (Ethernet II, DIX) • An industry standards from 1982 that is based on the first implementation of CSMA/CD by Xerox. • Predominant version of CSMA/CD in the US. • 802.3: • IEEE’s version of CSMA/CD from 1985. • Interoperates with 802.2 (LLC) as higher layer. • Difference for our purposes: Ethernet and 802.3 use different methods to encapsulate an IP datagram.

  13. Ethernet II, DIX Encapsulation (RFC 894)

  14. IEEE 802.2/802.3 Encapsulation (RFC 1042)

  15. Ethernet • Speed: 10 Mbps -10 Gbps • Standard: 802.3, Ethernet II (DIX) • Most popular physical layers for Ethernet: • 10Base5 Thick Ethernet: 10 Mbps coax cable • 10Base2 Thin Ethernet: 10 Mbps coax cable • 10Base-T 10 Mbps Twisted Pair • 100Base-TX100 Mbps over Category 5 twisted pair • 100Base-FX100 Mbps over Fiber Optics • 1000Base-FX 1Gbps over Fiber Optics • 10000Base-FX 10Gbps over Fiber Optics (for wide area links)

  16. Bus Topology • 10Base5 and 10Base2 Ethernets have a bus topology

  17. Star Topology • Starting with 10Base-T, stations are connected to a hub in a star configuration

  18. Ethernet Hubs vs. Ethernet Switches • An Ethernet switch is a packet switch for Ethernet frames • Buffering of frames prevents collisions. • Each port is isolated and builds its own collision domain • An Ethernet Hub does not perform buffering: • Collisions occur if two frames arrive at the same time. Hub Switch

  19. Point-to-Point (serial) links • Many data link connections are point-to-point serial links: • Dial-in or DSL access connects hosts to access routers • Routers are connected by high-speed point-to-point links • Here, IP hosts and routers are connected by a serial cable • Data link layer protocols for point-to-point links are simple: • Main role is encapsulation of IP datagrams • No media access control needed

  20. Data Link Protocols for Point-to-Point links • SLIP (Serial Line IP) (RFC 1055) • First protocol for sending IP datagrams over dial-up links (from 1988) • Encapsulation, not much else • PPP (Point-to-Point Protocol) (RFC 1661) • Successor to SLIP (1992), with added functionality • Used for dial-in and for high-speed routers • HDLC (High-Level Data Link) (ISO) • Widely used and influential standard (1979) • Default protocol for serial links on Cisco routers • Actually, PPP is based on a variant of HDLC

  21. PPP - IP encapsulation • The frame format of PPP is similar to HDLC and the 802.2 LLC frame format: • PPP assumes a duplex circuit • Note: PPP does not use addresses • Usual maximum frame size is 1500

  22. Additional PPP functionality • In addition to encapsulation, PPP supports: • multiple network layer protocols (protocol multiplexing) • Link configuration • Link quality testing • Error detection • Option negotiation • Address notification • Authentication • The above functions are supported by helper protocols: • LCP • PAP, CHAP • NCP

  23. PPP Support protocols • Link management: The link control protocol (LCP) is responsible for establishing, configuring, and negotiating a data-link connection. LCP also monitors the link quality and is used to terminate the link. • Authentication: Authentication is optional. PPP supports two authentication protocols: Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP). • Network protocol configuration: PPP has network control protocols (NCPs) for numerous network layer protocols. The IP control protocol (IPCP) negotiates IP address assignments and other parameters when IP is used as network layer.

  24. Agenda • Administrivia • Data Link Protocols • Address Resolution Protocol (ARP) • Internet Protocol (IP)

  25. Overview

  26. ARP (RFC 826) and RARP (RFC 903) • Note: • The Internet is based on IP addresses • Data link protocols (Ethernet, FDDI, ATM) may have different (MAC) addresses • The ARP and RARP protocols perform the translation between IP addresses and MAC layer addresses • We will discuss ARP for broadcast LANs, particularly Ethernet LANs

  27. Processing of IP packets by network device drivers

  28. Topology Web request • A user on host argon.netlab.edu (“Argon”) makes web access to URL http://neon.netlab.edu/index.html. • What actually happens in the network? Web page Web client Web server

  29. Address Translation with ARP ARP Request: Argon broadcasts an ARP request to all stations on the network: “What is the hardware address of Router137?”

  30. Address Translation with ARP ARP Reply: Router 137 responds with an ARP Reply which contains the hardware address

  31. ARP Packet Format

  32. Example • ARP Request from Argon: Source hardware address: 00:a0:24:71:e4:44Source protocol address: 128.143.137.144Target hardware address: 00:00:00:00:00:00Target protocol address: 128.143.137.1 • ARP Reply from Router137: Source hardware address: 00:e0:f9:23:a8:20 Source protocol address: 128.143.137.1 Target hardware address: 00:a0:24:71:e4:44Target protocol address: 128.143.137.144

  33. ARP Cache • Since sending an ARP request/reply for each IP datagram is inefficient, hosts maintain a cache (ARP Cache) of current entries. The entries expire after 20 minutes. • Contents of the ARP Cache: (128.143.71.37) at 00:10:4B:C5:D1:15 [ether] on eth0 (128.143.71.36) at 00:B0:D0:E1:17:D5 [ether] on eth0 (128.143.71.35) at 00:B0:D0:DE:70:E6 [ether] on eth0 (128.143.136.90) at 00:05:3C:06:27:35 [ether] on eth1 (128.143.71.34) at 00:B0:D0:E1:17:DB [ether] on eth0 (128.143.71.33) at 00:B0:D0:E1:17:DF [ether] on eth0

  34. Proxy ARP • Proxy ARP: Host or router responds to ARP Request that arrives from one of its connected networks for a host that is on another of its connected networks.

  35. Things to know about ARP • What happens if an ARP Request is made for a non-existing host? Several ARP requests are made with increasing time intervals between requests. Eventually, ARP gives up. • On some systems (including Linux) a host periodically sends ARP Requests for all addresses listed in the ARP cache. This refreshes the ARP cache content, but also introduces traffic. • Gratuitous ARP Requests: A host sends an ARP request for its own IP address: • Useful for detecting if an IP address has already been assigned.

  36. Vulnerabilities of ARP • Since ARP does not authenticate requests or replies, ARP Requests and Replies can be forged • ARP is stateless: ARP Replies can be sent without a corresponding ARP Request • According to the ARP protocol specification, a node receiving an ARP packet (Request or Reply) must update its local ARP cache with the information in the source fields, if the receiving node already has an entry for the IP address of the source in its ARP cache. (This applies for ARP Request packets and for ARP Reply packets) Typical exploitation of these vulnerabilities: • A forged ARP Request or Reply can be used to update the ARP cache of a remote system with a forged entry (ARP Poisoning) • This can be used to redirect IP traffic to other hosts

  37. Agenda • Administrivia • Data Link Protocols • Address Resolution Protocol (ARP) • Internet Protocol (IP)

  38. IP Addresses • Structure of an IP address • Classful IP addresses • Limitations and problems with classful IP addresses • Subnetting • CIDR • IP Version 6 addresses

  39. IP Addresses

  40. IP Addresses

  41. What is an IP Address? • An IP address is a unique global address for a network interface • Exceptions: • Dynamically assigned IP addresses ( DHCP, Lab 7) • IP addresses in private networks ( NAT, Lab 7) • An IP address: - is a 32 bit long identifier - encodes a network number (network prefix) and a host number

  42. Network prefix and host number • The network prefix identifies a network and the host number identifies a specific host (actually, interface on the network). • How do we know how long the network prefix is? • Before 1993: The network prefix is implicitly defined (class-based addressing) or • After 1993: The network prefix is indicated by a netmask. network prefix host number

  43. Dotted Decimal Notation • IP addresses are written in a so-called dotted decimal notation • Each byte is identified by a decimal number in the range [0..255]: • Example: 10000000 10001111 10001001 10010000 1st Byte = 128 2nd Byte = 143 3rd Byte = 137 4th Byte = 144 128.143.137.144

  44. Example • Example: ellington.cs.virginia.edu • Network address is: 128.143.0.0 (or 128.143) • Host number is: 137.144 • Netmask is: 255.255.0.0 (or ffff0000) • Prefix or CIDR notation: 128.143.137.144/16 • Network prefix is 16 bits long 128.143 137.144

  45. Special IP Addresses • Reserved or (by convention) special addresses: • Loopback interfaces • all addresses 127.0.0.1-127.255.255.255 are reserved for loopback interfaces • Most systems use 127.0.0.1 as loopback address • loopback interface is associated with name “localhost” IP address of a network • Host number is set to all zeros, e.g., 128.143.0.0 Broadcast address • Host number is all ones, e.g., 128.143.255.255 • Broadcast goes to all hosts on the network • Often ignored due to security concerns • Test / Experimental addresses Certain address ranges are reserved for “experimental use”. Packets should get dropped if they contain this destination address (see RFC 1918): 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 • Convention (but not a reserved address) Default gateway has host number set to ‘1’, e.g., e.g., 192.0.1.1

  46. Special IPv4 Addresses (RFC 3330)

  47. Subnetting Subnetting University Network • Problem: Organizations have multiple networks which are independently managed • Solution 1: Allocate a separate network address for each network • Difficult to manage • From the outside of the organization, each network must be addressable. • Solution 2:Add another level of hierarchy to the IP addressing structure Engineering School Medical School Library

  48. Address Assignment with Subnetting • Each part of the organization is allocated a range of IP addresses (subnets or subnetworks) • Addresses in each subnet can be administered locally University Network 128.143.0.0/16 Engineering School Medical School 128.143.71.0/24128.143.136.0/24 128.143.56.0/24 Library 128.143.121.0/24

  49. Basic Idea of Subnetting • Split the host number portion of an IP address into a subnet number and a (smaller) host number. • Result is a 3-layer hierarchy • Then: • Subnets can be freely assigned within the organization • Internally, subnets are treated as separate networks • Subnet structure is not visible outside the organization network prefix host number network prefix subnet number host number extended network prefix

  50. Subnetmask • Routers and hosts use an extended network prefix (subnetmask) to identify the start of the host numbers

More Related