Digital Security - UC San Diego

Download Report

Transcript Digital Security - UC San Diego

Internet Protocol Fundamentals

Gateway to the World

By Eric L. Michelsen

Inductive Logic

 Internet Protocol Services  Where in the Stack Is IP?

 IP Addressing  IP Networks and Hosts  IP Network Classes  Multi-homed hosts  Routing  Minimum Host Configuration

Topics

 Point to Point Links  Subnetting  Classless Inter-Domain Routing (CIDR)  Private Addressing  DNS  UDP  TCP: Reliable Delivery  IPv6 (IP, the Next Generation)

Inductive Logic

11/9/2000 2

Where in the Stack is IP?

 IP is a layer 3 protocol (network layer)  IP is designed to run over any and all link layers (layer 2) 4 3 2 1 5 6 7  IP folk used to think of a 4-layer stack OSI Application Telnet, FTP, email, Netware services Presentation Session 4 IP Application Transport Network Link Physical UDP, TCP, Novell SPX IP, IPX, NetBIOS Ethernet II, IEEE 802.2

10Base-T, T1, V.34, EIA-232 3 2 1 Transport Network Physical TCP, UDP IP 11/9/2000

Inductive Logic

Internet Protocol Services

 IP v4 (RFC-791, and

many

others)  IP provides 3 primary Services: • • • Global addressing Best-effort (not guaranteed) datagram delivery Fragmentation  Base protocol on which

many

built others are  Upper layers provide reliability as needed  Fragmentation is inefficient, and generally avoided.

Inductive Logic

11/9/2000 4

IP Addressing

 32-bit (4-octet) address, written in

dotted decimal

: • w.x.y.z

e.g., 206.71.190.4

w, x, y, and z are octets, ranging from 0 to 255  Each IP address is globally unique • except for private addresses  An

IP network

is a group of hosts that can communicate “directly” with each other • “directly” means no intervening IP devices  All IP packets include the destination and source IP address

Inductive Logic

11/9/2000 5

IP Networks and Hosts

 A typical IP network might be an Ethernet: Host 206.71.190.1

Host 206.71.190.2

Host 206.71.190.3

Host 206.71.190.4

206.71.190.0

 Each host interface has an IP address  An IP address includes two parts: the

network address

, and the

host address

, e.g.

network 206.71.190 .4

host  All hosts on net have the same network address  The network as a whole is referred to as host = 0 11/9/2000

Inductive Logic

Another Sample IP Network

 Full-mesh Frame Relay network • Any two hosts can communicate “directly”  Broadcasts must be duplicated by sender to each VC Host 206.71.190.2

Host 206.71.190.1

PVC Single IP Interface PVC PVC PVC PVC PVC The whole mesh is network 206.71.190.0

Host 206.71.190.3

PVC Host 206.71.190.4

Inductive Logic

11/9/2000 7

Classical Class

 Network/host address sizes vary in classes: • Class A: N.h.h.h (0.0.0.0 to 127.0.0.0)  128 networks, 16M hosts per network  Example: 10.1.1.1

network 10 , host .1.1.1

• Class B: N.N.h.h (128.0.0.0 to 191.255.0.0)  16,384 networks, 65k hosts per network  Example: 132.10.5.17

network 132.10

, host .5.17

• • Class C: N.N.N.h (192.0.0.0 to 223.255.255.0)  2M networks, 254 hosts per network  Example: 206.71.190.13

Classes D & E are “special” network 206.71.190

, host .13

 Host address of all 1s (e.g., 206.71.190.255) means

broadcast

to an entire IP network (deprecated)

Inductive Logic

11/9/2000 8

Multi-homed Host

 A host may appear on multiple networks  Each network

interface

has an IP address 199.107.10.0

199.107.10.12

multi-homed Host 206.71.183.4

206.71.183.0

 A multi-homed host may be used to forward packets between networks (i.e., as a

router

)

Inductive Logic

11/9/2000 9

Routing

 Connecting networks into an “internetwork” Host 192.168.1.0

Host Host 192.168.20.0

Host 192.168.1.1

Router 206.71.183.1

Host Host 206.71.183.0

192.168.20.1

Router 206.71.183.2

Host Host

Inductive Logic

11/9/2000 10

Minimum Host Configuration

   2 configuration items required for full internetwork access: • • An IP address A default router Host learns new routes from default router with

redirects

Every host (not just routers) must maintain a routing table 192.168.1.0

192.168.20.0

11/9/2000 192.168.1.1

Router 206.71.183.1

forwarded 1 st packet 206.71.183.0

subsequent packets 192.168.20.1

Router 206.71.183.2

1 st packet to 192.168.1.x

redirect Host IP 206.71.183.9

Default router 206.71.183.2

Inductive Logic

Point-to-Point Links

 Numbered Link: standard IP (wasteful) • • All hosts must have same network number Wastes a whole network address for 2 hosts Host 206.71.190.1

206.71.190.0

Host 206.71.190.2

 Unnumbered Link: efficient • No network number • • Host addresses are completely arbitrary Used almost exclusively on routers, and host PPP links Router 206.71.190.3

unnumbered Router 199.107.183.15

Inductive Logic

11/9/2000 12

Subnet Masks

 The

subnet mask

defines which parts of an IP address are the ‘network’ and ‘host’ parts  1s in the subnet mask specify network address bits, 0s specify host address bits  Standard class subnet masks: • Class A: 255 .0.0.0

11111111.

00000000.00000000.00000000

• Class B: 255.255

.0.0

11111111.11111111

.00000000.00000000

• Class C: 255.255.255

11111111.11111111.11111111

.00000000

Inductive Logic

11/9/2000 13

Subnetting

 Creates networks smaller than the default for their class (breaks up Class A, B, & C networks) • Example: subnet mask 255.255.255.192 = 11111111.11111111.11111111.11

000000 creates a subnet of 64 addresses (62 hosts) • Can use 255.255.255.0 on an (otherwise) Class B network to create 256 Class-C-size subnets (254 hosts)  Network part is always on left end of subnet mask  Handy table: 128 192 224 1000 0000 1100 0000 1110 0000 240 248 252 1111 0000 1111 1000 1111 1100  Sometimes written as /

, where

Network part, e.g., /26 is # bits in => 255.255.255.192

Inductive Logic

11/9/2000 14

Examples of IP Subnetting

192.168.1.0

 192.168.1.0/24 (mask 255.255.255.0) • standard Class C • 254 hosts: 192.168.1.1 - 192.168.1.254

192.168.1.0/24  192.168.2.0/25 (mask 255.255.255.128) • 126 hosts: 192.168.2.1 - 192.168.2.126

 192.168.2.128/26 (mask 255.255.255.192) • 62 hosts: 192.168.2.129 - 192.168.2.190

 192.168.2.192/27 (mask 255.255.255.224) • 30 hosts: 192.168.2.193 - 192.168.2.222

192.168.1.255

192.168.2.0

192.168.2.0/25 192.168.2.127

192.168.2.128

192.168.2.128/26 192.168.2.191

192.168.2.192/27

Inductive Logic

11/9/2000 15

CIDR

 Classless Inter-Domain Routing  Eliminates Class A, B, and C networks.

 Subnet masks must be specified for everything • This is a 3rd piece of configuration now required by an IP host:  IP address  Subnet mask  Default Router  Widely used, and growing

Inductive Logic

11/9/2000 16

Private Addresses

 IETF set aside some addresses for “private” use: • 1 Class A network • • 16 Class B networks 256 Class C networks 10.0.0.0

172.16.0.0 - 172.31.0.0

192.168.*.0

 Internet routers are configured to discard packets addressed to these addresses  These addresses are not visible to the Internet, so multiple sites can use them at will

Inductive Logic

11/9/2000 17

DNS: Domain Name System

 RFCs 1034, 1035  Memorizing IP addresses is difficult  DNS is a distributed directory of names, and associated IP addresses, and other info • “First DNS server” is a 4th piece of IP host config  Hierarchical system of shared authority • Right parts are higher authority than left www .enterprise.com

Enterprise Administered InterNIC Administered

Inductive Logic

11/9/2000 18

UDP: User Datagram Protocol

 RFC 768  Built above IP (Layer 4, Transport)  Best-effort, datagram (packet) delivery (

connectionless

)  Adds an additional addressing layer:

port

• Each UDP datagram includes a 16-bit destination and 16-bit source port • There are many “well-known” ports, which essentially act as Server IDs or Protocol IDs for UDP  DNS  BOOTP/DHCP  TFTP  SNMP port 53 ports 67 (server), 68 (client) port 69 port 161 11/9/2000

Inductive Logic

TCP: Transmission Control Protocol

 RFC 793, plus many modifications   Reliable, error-corrected

stream

of data Connection oriented (has setup and teardown)     Uses a highly efficient, self-adjusting pacing mechanism for high throughput No packetization (or frame) boundaries • Packetization of data stream into IP packets is invisible to the application layer Packet boundaries (if needed) must be created by higher layers Like UDP, has

ports

. Well known ports:  FTP control  Telnet  SMTP port 20 port 23 port 25

Inductive Logic

11/9/2000 20

IPv6 (IPng)

 Primarily intended to address the problem of running out of IP addresses  Aka Network Engineer Employment Act of 1994 • • Nearly every IP protocol must change Nearly every IP software application must change  Addresses extended to 16 octets (128 bits) • Enough for each molecule on the surface of the earth to have its own IP address   Part of address is locally assigned Fragmentation confined to endpoints (routers don’t fragment, hosts do)

Inductive Logic

11/9/2000 21

 This slide intentionally left blank 11/9/2000

Inductive Logic

 This slide intentionally left blank 11/9/2000

Inductive Logic

Digital Security - UC San Diego

Transcript Digital Security - UC San Diego

Internet Protocol Fundamentals

Gateway to the World

Topics

Where in the Stack is IP?

Internet Protocol Services

IP Addressing

IP Networks and Hosts

Another Sample IP Network

Classical Class

Multi-homed Host

Routing

Minimum Host Configuration

Point-to-Point Links

Subnet Masks

Subnetting

Examples of IP Subnetting

CIDR

Private Addresses

DNS: Domain Name System

UDP: User Datagram Protocol

TCP: Transmission Control Protocol

IPv6 (IPng)

Directory