Week 12 - Sonet, Network, Transport

Transcript Week 12 - Sonet, Network, Transport

CSIS 625

CSIS 625 Week 12

Overview

• Multicast - specialized network layer protocols • Transport Layer – Up to layer 4 – Ports, Connections, etc • TCP/IP – Network Layer - IP • IP Addresses, Subnets, – Transport Layer - UDP or TCP – ICMP, Arp, etc CSIS 625 2

Multicast Traffic

• Multicast - to send the same data to multiple destinations, but not send multiple copies and not broadcast it to everyone.

• Useful for: – Radio/TV broadcasts where users “tune in” – Teleconferencing – IETF meetings are often sent this way – Distributed updates of information (software updates, database updates, etc) • Uses special set of network (and sometimes data link layer) addresses.

• On a single broadcast LAN, often sent as a broadcast to a special address that allows network interfaces to listen (or ignore) as they choose • On some systems that are not multicast aware, it can be sent multiple times – also called multiple unicast.

CSIS 625 3

Special requirements of multicast

• Routers must be multicast aware.

• Router will possibly forward a packet out multiple ports rather than just one.

• Each multicast aware router must keep track of networks or interfaces that have are “joined” to a particular multicast session.

• Routers must handle nodes, or networks, leaving and joining a multicast session.

– Keep alive messages ensure that nodes who leave improperly are removed from the multicast group • Routing protocol and algorithms needed for routers to determine the shortest path to all group members.

• IGMP – Internet Group Management Protocol – The TCP/IP protocol for managing multicast traffic – Defined in RFC 1112 (version 1) and RFC 2236 (version 2) CSIS 625 4

Transport Layer

• May be connection oriented (TCP) or connectionless (UDP) • Connection Oriented Transport protocol – Provides establishment, maintenance, and termination of a logical connection • End to end delivery of messages (not just packets) – Provides segmentation and reassembly of messages into packets • Addressing - addition of port number • Flow Control • Ordered Delivery • Reliable Delivery • Duplicate Detection CSIS 625 5

Transport Layer

• Transport layer provides for reliable delivery – At least the TCP part of TCP/IP does – There is UDP/IP which is not reliable • Error control and flow control typically done using a sliding window mechanism.

– Sequence numbers with ACKs and NAKs • Transport provides for connection establishment and termination – A 3 way handshake is typical for connection establishment.

– Obviously, not needed for connectionless protocols CSIS 625 6

Transport Layer - Port numbers

• Transport Layer adds to network address the SAP – Service Access Point – In TCP/IP and many protocols this is called the port number – Provides an additional level of addressing beyond the host.

• Allows for an additional level of multiplexing – Typically identifies the service – • HTTP server • SMTP server • POP3 server • Telnet server • etc CSIS 625 7

Port numbers

• How does a user application know what port number to use?

– User “just knows” the number - it is a configuration option – Well known port numbers are used • /etc/services on many systems • This is commonly used for servers – A name server is used – Another application on a well-known port spawns a child application on some other port (remote job management) CSIS 625 8

Connection Establishment

• Typically a three-way handshake • Initiator sends a SYN (Synchronize sequence number) packet • Receiver sends back a SYN packet that also acknowledges the initiators initial sequence number • Initiator sends an ACK packet to acknowledge the receiver’s initial sequence number • Now either side may start sending data • If the SYN packets overlap - no problem both just send ACKs.

CSIS 625 9

Connection Establishment Security concerns • The initial sequence number must be random to prevent session hijacking.

– If not, a malicious sender can create packets that look like they come from a trusted source and inject any data that they choose.

• A malicious initiator can send a lot of initial SYN packets, but never finish the 3-way transaction – This can cause resources on the receiver to be tied up until the three-way handshake times out.

CSIS 625 10

Connection Termination

• One side decides it is done and sends a FIN (Finish) packet to the other.

• The other side responds with a FIN packet.

• After receiving the corresponding FIN packet back the session is considered closed.

• If you receive a FIN packet, it is considered closed after sending a FIN packet back.

CSIS 625 11

Sequence numbers

• Some systems use a sequence number per packet.

• Some systems use an implicit sequence number for each byte. – This means that sequence numbers can increase a lot for every packet of data.

– TCP uses this scheme • By ensuring sequence numbers occur in order we get: – Ordered delivery – Error control for lost or damaged packets – Flow Control – Duplicate detection CSIS 625 12

Retransmission strategy

• A positive acknowledgement of each received segment is required • If an acknowledgement is not received after some time period, a retransmission of the segment occurs – May be lost data segment -or- lost ACK • Timeout for retransmission – May be a fixed value - but it is difficult (impossible?) to get a good value for all situations • Too long means sluggish response to lost packets • Too short means many retransmissions for packets that were delayed (not lost) • Ideal timer is just a little longer than round-trip time – May be adaptive • Difficult because transmission and processing delays can change widely and rapidly.

CSIS 625 13

Duplicate detection & Out of Order Data Management

• A receiver doesn’t know if a duplicate is the first copy or second – The first copy may have been delayed causing the second copy to arrive before the first.

• The receiver acknowledges the first copy received • The sequence number window must be large enough so that a packet will die before sequence numbers wrap around • If data is received out of order – Receiver may discard segment – Receiver may hold segment and wait for missing segment CSIS 625 14

TCP/IP Introduction • TCP/IP is the protocol used for the Internet • Developed in the 70’s for the US Department of Defense – Arpanet - Advanced Research Project Agency NETwork • TCP/IP Defines the network and transport layers – Assumes a connectionless, unreliable packet oriented data link and physical layer.

– May use connection oriented or non-packet data link layers, but does not take advantage of their capabilities.

CSIS 625 15

TCP/IP by the layers • ARP - Address Resolution Protocol - a layer-2 to layer-3 address mapping protocol • IP - Internetwork Protocol is the network layer – Best effort unreliable delivery • TCP - Transmission Control Protocol - a connection oriented transport layer – Stream of data that is guaranteed delivery in sequence • UDP - User Datagram Protocol - a connectionless transport layer • Applications do the rest – lately there are some presentation layer type protocols for encryption (SSH is the prime example) • DNS - Domain Name System – A way to map names to IP addresses – Example: www.stthomas.edu => 140.209.3.54

CSIS 625 16

IPv4 Header fields • Ver - version - currently IPv4 or 0100 – IPv6 is starting to deploy - it has a different formatted header • HLen - header length in multiples of 4 bytes – Allows header lengths up to 60 bytes • TOS - Type of Service - supposed to be used for prioritization of data • Total Length - length of IP datagram CSIS 625 18

IPv4 Header fields • Identification, flag, fragment offset – Identification is a unique number for each packet – More fragment flag - tells if this is the last fragment – Don’t fragment flag - tells IP to not fragment this packet – fragment offset - the offset in the packet for this fragment • TTL - Time to live - initialized to 32 and decremented for each hop • Protocol - defines if it is TCP/UDP/ICMP/etc • IP Checksum - calculated over header only CSIS 625 19

IPv4 Addresses • IPv4 addresses are 32 bits.

• Typically written in dotted-decimal notation – Four numbers 0-255 separated by dots.

– 128.11.34.132

• The address is divided into a network portion and a host portion • Initially IPv4 had the concept of network classes that identified how many bits were the network portion based on the first couple of bits.

– Caused address space crunch – This has now been abandoned in all modern IP stacks CSIS 625 20

IPv4 Address Classes

• Class A – 1.0.0.0 -> 126.0.0.0

– 0.* and 127.* reserved • Class B – 128.0.0.0 -> 191.255.0.0

• Class C – 192.0.0.0 -> 223.255.255.0

• Class D/E (Multicast) – 224.0.0.0 -> 255.255.255.255

• Remember - usually not used in practice, just used to designate how much space is given CSIS 625 21

IPv4 Addresses and subnets

• Instead of looking at the first couple of bits and determining what the class is, and therefore what the Network portion is, now all systems use a subnet mask.

• Subnets where started before class notation was abandoned as a way to break down bigger networks.

• Subnet is a 32 bit number that when bitwise and’ed with an address breaks it into a network portion and a host portion CSIS 625 22

IPv4 Subnets • Subnets are generally set with only the most significant bits set to 1’s.

• This allows for a simplification where the address is written with a slash indicating number of bits in subnetmask – Example: 192.176.32.3/24 indicates that the subnet mask is 24 bits or 255.255.255.0. This indicates a network of 192.176.32.0 – Does not have to end up on even byte boundaries.

CSIS 625 23

IP - default gateway.

• An IP node is generally provisioned with – IP address – Subnet mask – Default gateway • The Default gateway is the address that a packet is forwarded to if it isn’t on the same network as the sending node.

• Typically the default gateway is a router that forwards packets to the correct network CSIS 625 24

ICMP - Internet Control Message Protocol • Documented in RFC 792 • Uses IP to transport messages, but is not a fully separate transport layer protocol because it is so integrated with IP • Reports some errors - but not everything so it isn’t there to make IP reliable.

• Does not send error messages when the source of the destination address isn’t an individual address (multi-cast, loopback, etc) • Does not send error messages for ICMP messages (avoid the infinite loop) CSIS 625 25

ICMP - Types of messages: – Echo & Echo Reply • Used for “ping” command to see if a node is there – Destination unreachable • A router in-between can’t forward the packet because a link is down • The end node doesn’t have a service running on that port.

– Source Quench • Meant to be a way for the destination to tell the source to slow down • Often not used – Redirect • A router tells the previous node a better way to send the packet.

– Time Exceeded • The TTL value of a packet counted down to zero before the packet could be delivered. • Used by the traceroute command.

CSIS 625 26

Transport layer – UDP/IP • UDP is simple in that all it really has to support in addition to the IP header is port addresses.

Transport layer – TCP/IP • TCP is connection oriented so it must provide connection setup and teardown as well as provide mechanisms for reliable packet delivery.

TCP Header • Port Addresses – used to identify services • Sequence Number & Acknowledgement number – used for sliding window flow control and error control • HLEN – Header length in multiples of 4 • Resv – Reserved for future use • Flags – – URG – Urgent – there is urgent data in the data portion – ACK – The acknowledgement field is valid – PSH – Push – higher throughput is desired – RST – – SYN – Sequence number synchronization in the connection setup – FIN – connection termination • Window Size – The number of packets that can be sent.

• Checksum – error detection for the header (not the data) • Urgent pointer – an offset into the data portion for where the urgent data is (if the URG flag is set.

CSIS 625 29

TCP flow control • • • • • • TCP uses a modified sliding window technique - called a credit scheme Each ACK has both a number in the window for the bytes that are being acknowledged, and a number in the window that may be sent up to before acknowledgement.

Slow Start - developed by Van Jacobson - 1988 – Exponentially increases the window size as data is successfully sent.

– Allows the amount of data being sent to grow up to the network capacity.

– Causes “slowness” for very short data transfers Dynamic Window Sizing on Congestion – When a packet is lost, and retransmitted – the window size is cut dramatically and slow-start redone up to ½ the previous level.

– From that point on – a slower linear rather than exponential growth is taken.

These methods when widely implemented allow the Internet to work even in the face of extreme loads.

Fortunately few people have the ability to re-write their TCP/IP stack and defeat these mechanisms.

CSIS 625 30

ARP - Address Resolution Protocol • Used as a way for IP to map an Ethernet Address to an IP address • When a node wants to send an IP datagram over an Ethernet network, it needs to know the MAC address of the destination.

• An Ethernet broadcast is sent out asking who owns this IP address • The node with the address replies.

• From the reply the original node gets the MAC address.

• Now the IP packet can be sent over the Ethernet to the destination.

CSIS 625 31

ARP Cache • The sender keeps a cache of recently resolved addresses so it doesn’t have to ARP before sending every packet – This cache can often be displayed using “arp” command – This cache must time out if one node stops using an IP address and another starts.

• When one node sends out an arp reply message, all nodes on a broadcast network may add it to their cache.

CSIS 625 32

Proxy-ARP • Sometimes an administrator will want to merge two separate Ethernet networks to look like one for IP packets • A router can be configured so that it will send an ARP response on an interface for a whole range of IP addresses. • The router will then receive the packets, and forward them to the correct Ethernet network – Will need to do an ARP request on that interface to find the actual node’s MAC address.

– Router will typically be configured to proxy-ARP in both directions. CSIS 625 33

DNS - Domain Name System • A protocol and the whole system for mapping names of machines to IP addresses • The protocol is usually over UDP packets.

– Unreliable, but since message is only one packet to the server and one packet in response it has lower overhead than TCP.

• A node is typically configured with the IP address of one or more DNS servers.

– If the first one fails to respond, the second one is used, etc.

• Top Level Domain - the last set of letters after a period (.) in a domain name.

• Root name server - the master domain name server for a given top level domain.

CSIS 625 34

DNS Control • ICANN - Internet Corporation for Assigned Names and Numbers – Created by US government as a way to sort out the management of DNS – Very controversial in how it has been handling things • Each of the top level domains has a single database maintainer – .com, .net, .org are all through Network Solutions – .gov is controlled by the United States government – Each country has a two letter top level domain • (.us, .cc, .tv, .ru, .uk, .de, .au, etc.) – There may be multiple companies that register names into that database, but a single database exists.

• Some people have started creating alternative name 35

TCP/IP Additional resource • • http://cache.3com.com/www.3com.com/other/pdfs/solution s/en_US/50130201a.pdf

http://www4.ulpgc.es/tutoriales/tcpip/pru/ CSIS 625 36

Week 12 - Sonet, Network, Transport

Transcript Week 12 - Sonet, Network, Transport

CSIS 625 Week 12

Overview

Multicast Traffic

Special requirements of multicast

Transport Layer

Transport Layer

Transport Layer - Port numbers

Port numbers

Connection Establishment

Connection Termination

Sequence numbers

Retransmission strategy

Duplicate detection & Out of Order Data Management

IPv4 Address Classes

IPv4 Addresses and subnets

Directory