CIDR and ICMP

School of Information Technologies

CIDR and ICMP

NETS3303/3603

Week 5

Proxy ARP Clarifications

• Two broadcast domains sharing network address through proxy ARP

• Someone else could masquerade too

192.168.10.0/24

Who has B’s MAC?

Outcome

• CIDR addressing and forwarding

• Learn about role of ICMP

• Protocol specifics

• Know about applications that use ICMP

Classless Inter-DomainRouting (CIDR)

• Problem– Continued exponential Internet growth– Subnetting insufficient– Limited IP addresses (esp. Class B)

CIDR Addressing

• Solution to problem– Temporary fix until next generation of IP– Backward compatible with classful addressing– Permits network prefix to be arbitrary length

• CIDR was predicted to work ‘‘for a few years’’– Extremely successful!– Will work for at least 20 years!

One Motivation For CIDR: Class C

• Fewer than seventeen thousand Class B numbers (total)

• More than two million Class C network numbers• No one wants Class C (too small)• CIDR allows

– Merging Class C numbers into a single prefix

– Splitting a Class B along power of two boundaries

CIDR and Supernetting

• CIDR’s first use• Supernetting allows to assign a block of class C

addresses• E.g.: A medium-sized org expects to have 200

networks (assign class B is wasteful!)• So, an ISP can assign a block of contiguous class

C numbers– (192.100.0.0 – 192.100.255.0)

CIDR Notation

• Addresses written NUMBER/m– NUMBER is IP prefix– m is ‘‘address mask’’ length

• Example: 214.5.48.0/20– Prefix occupies 20 bits– Suffix occupies 12 bits

• Mask values must be converted to dotted decimal when configuring a router (and binary internally)– 255.255.240.0

CIDR & Routing Table

• CIDR involves changing forwarding as well as addressing

• Store address mask with each route

• Send pair of (address, mask) whenever exchanging routing information

• Known as a CIDR block

Examples of CIDR Blocks

• The corresponding CIDR block:– 128.211.168/21

• Example of /30 CIDR Block– 128.211.176.212/30

Implementation Of CIDR Route Lookup

• Each entry in routing table has address plus mask

• Search is organized from most-specific to least-specific (i.e., entry with longest mask is tested first)

• Known as longest-prefix lookup or longest-prefix search

Implementing Longest-Prefix Matching

• Unlike classful addressing, the prefix boundary is not obvious

• So, cannot easily use hashing• A data structure of choice is binary trie

– An ordered tree structure

– Support fast lookup for variable key-length

• Identifies unique prefix needed to match route

Example Of Unique Prefixes & Trie

Path for prefix 0101

Internet Control Message Protocol

• considered part of IP• functionality includes:

– error messages (ttl exceeded, destination unreachable, router is out of memory, can’t fragment packet)

– network management (ping/traceroute)– end host configuration (router advert, netmask)

• error messages go from router/end host to original sender, not between intermediate hops– why? => don’t know route

ICMP Ideas

• error messages typically sent to IP sender– later may forward to application

• ICMP error messages never generated due to:– ICMP error message (creates loop!)– broadcasts/multicasts packets

• Why? prevent broadcast storms• ICMP error messages contains offending IP

header + 1st 8 bytes of IP data (contains tcp/udp ports)

Protocols

Encapsulation

ICMP transmitted within IP datagram so that it is routable(unlike arp)

Header

checksum covers icmp header/data

ICMP messages (not all)

continued…

ICMP redirect

• limited form of dynamic routing technique• only done on same link• situation:

– 1. assume dumb host with 1 default routing table entry– 2. two routers on same link, one is default, one is route

to net X– 3. dumb host sends pkt to net X via default router– 4. default router sends ICMP redirect with correct

router address to dumb host

Redirect Illustration

Dest Unreachable

• Host or router cannot deliver a datagram• Return IP header & first 8 bytes of payload• Codes

– 0 Network unreachable

– 1 Host unreachable

– 2 Protocol unreachable

– 3 Port unreachable

– Etc.

Source Quench

• Primitive flow control mechanism– No flow control in IP itself (data rate)

• Source quench alerts sender– A packet was discarded– Slow down transmission rate

• Returned is IP header plus 8 bytes of data

Time Exceeded

• If TTL value 0, discard packet and issue ICMP time exceeded, code 0

• If all fragments not received within a certain time limit, discard fragments and issue ICMP time exceeded, code 1

Parameter problem

• If the IP header format wrong– Issue ICMP parameter problem

• Code 0 faulty header field, pointer field in ICMP addresses start byte of problem in IP header

• Code 1 required part of option is missing

ping - ICMP echo request/reply

• ping program, useful diagnostic tool, uses ICMP echo request/reply packets

• Linux implementation uses “raw” sockets - i/f directly to ip layer, bypass transports

• ping would send 1 pkt per second• some newer pings require -s to do that and only

do one ping with this output:– hostname is alive

• ping adds identifier/sequence number fields to packets

• sequence # allows you to see if packets lost• ping will also do roundtrip timing

More ping

• so what do you learn using ping?– timing info, does it take too long ?

– are packets being lost (why? didn’t tell you)

– you can route

– end system’s tcp/ip stack is working at least

• echo reply sent by end system’s ICMP module

ping example

• $ ping cse.ogi.eduPING cse.ogi.edu (129.95.20.2): 56 data bytes64 bytes from 129.95.20.2 icmp_seq=0 time=8ms64 bytes from 129.95.20.2 icmp_seq=1 time=8ms64 bytes from 129.95.20.2 icmp_seq=2 time=20ms---cse.ogi.edu PING statistics ---3 packets transmitted, 3 packets received, 0% lossround-trip (ms) min/avg/max = 8/12/20

traceroute

• traceroute (a command) allows you to determine the routers from one end to another

% traceroute north.pole.com• uses ICMP ttl exceeded and UDP port unreachable

(or ICMP echo reply) messages to do the job

traceroute example

• % traceroute cse.ogi.edu (from sirius.cs.pdx.edu)traceroute to cse.ogi.edu (129.95.20.2), 30 hops max ...1. pdx-gwy (131.252.20.1) 3 ms 4 ms 3 ms2. 198.104.197.58 (198.104.197.58) 7 ms 4 ms 8 ms3. portland1-gw.nwnet.net (198.104.196.193) 6 ms 5 ms 5

ms4. ogi-gw-nwnet.net (198.104.196.129) 8 ms 7 ms 7 ms5. cse.ogi.edu (129.95.20.2) 14 ms 7 ms 9 ms

traceroute algorithm• ttl = 1 (to 1st router)

while we haven’t got UDP port unreachablesend raw/ip packet with ttl == 1get responseif rcv ttl error

compute roundtrip timeelse if UDP port unreachable quit

print output ttl++end

Address mask

• If host does not know its netmask, issue ICMP Address mask request (Type 17)

• Router on network replies with mask

• Can be unicast or broadcast

• Often used at bootstrapping

Router solicitation

• Host wants to learn about network topology issues ICMP RS message (type 10)

• Routers reply with a router advertisement (type 9)

Packet-pair

• Problem, what is the bandwidth of the links between my machine and destination?

• Use packet-pair to find bottleneck link speed

Bandwidth Estimation Algorithm

• Issue two packets back-to-back

• Each link will space packets

• Remote host might compact again

• Read time between packets on return path

probesizeBW

endend 12

Packet-pair

IP Final frontier, Mobility

• Once a socket opened, address cannot change– Change address – lose connection– Change place of attachment – lose routing

• One solution MobileIP - RFC2002

MobileIP

• MIP allows hosts to migrate to foreign networks

• Communication handled by Home Agent in home network

• Helper router in foreign network Foreign Agent

Home Network

Foreign Network

IP Tunnelling

Router

IP Tunnelling

Summary

• CIDR substantially overcame IPv4 address issues– Required routing table and prefix-lookup change too

• ICMP provides error and management support• Many useful network tools exploit ICMP to help

check network health• Next: Autonomous System and Routing

architecture

CIDR and ICMP

Documents

CIDR y VLSM

Ca Ex S2 M06 Vlsm And Cidr

CIDR –VLSM –AS

VLSM y CIDR

VLSM & CIDR

LivelloRete ARP –ICMP -DHCPdisi.unitn.it/~locigno/teaching-duties/reti/05.2_ARP-ICMP-DHCP.pdfICMP Format and Encapsulation •ICMP uses IP to transport messages: –when a router

CA Ex s2m06 Vlsm and Cidr

VLSM and CIDR

Covert Channel over ICMP - Exploit Database · Introduction and Overview: An ICMP covert tunnel establishes a covert connection between two computers using ICMP echo requests and

Faculty of Engineering · PDF fileSeminar & Technical ... IP Addressing IPv4, IP Address Classes, Subnetting, CIDR/Supernetting, IP Fragmentation, ARP, DHCP, RARP, ICMP, IPv6

Cidr y vlsm

Classless and Subnet Address Extensions (CIDR)

VLSM and CIDR - Leaman · Classful and Classless IP Addressing Classless Inter-domain Routing (CIDR – RFC 1517) Advantage of CIDR :-More efficient use of IPv4 address space

UNIDAD IV VLSM Y CIDR. CIDR En 1993, el IETF introdujo el Classless Inter- Domain Routing o CIDR (RFC 1517). CIDR permitía: • Un uso más eficiente del

VLSM and CIDR Review

Advanced ICMP Techniques - ICMP Scanning 11.15

D-Computers, Computer Networks & Broadband, Application ... Communication.pdf · 13 Network Layer Protocols ( IP, RARP, ARP, ICMP, IGMP) 43-44 14 VLSM, CIDR-Router & Routed network,

Enhanced Interior Gateway Protocol. OSPFEIGRP Supports CIDR and VLSM, rapid convergence, partial updates, neighbour discovery Supports CIDR and VLSM,

CSS 432: Subnetting, CIDR, and Global Internet1 CSS432 Subnetting and CIDR Textbook Ch3.2.5 Global Internet Textbook Ch4.1 Professor: Munehiro Fukuda

β U.E. ARESfourmaux/ARes/AResC1v5b-6.pdf · Réseau - IPv4, adressage CIDR,... translation ... interrogation écrite possible sur les TD préc ... Analyse IP/ICMP 7 Correction