Upload
domenic-horton
View
215
Download
1
Embed Size (px)
Citation preview
3
Where we’re at…• Internet architecture and history• Internet protocols in practice• Application layer• Transport layer• Network layer
– Network-layer functions– Specific network layer protocols (IPv4)
• IP demux, IP security, IP fragmentation, IP addressing, etc.• IP routing
– Who provides functionality? (Source-routing, virtual circuits, routers)– IP route lookups, Internet area hierarchy, Specific IP routing protocols
– IPv6– Network-layer devices
• Data-link layer• Physical layer
4
IP routing
• Who provides functionality?– Recall…
• Source routes– Calculated by each host and attached to packet
– Network devices stateless
• Virtual circuits– Setup by edge devices
– Network devices have simple lookup tables
• Network routers with global addressing….
5
NL: Network routers (Global IP addresses)
• Most prevalent way to route on the Internet– Each packet has destination IP address– Each router has forwarding table of..
• destination IP next hop IP address
– Distributed routing algorithm for calculating forwarding tables
6
NL: Global Address Example
Receiver
Packet R
Sender
2
34
1
2
34
1
2
34
1
R2
R3
R1
R
RR 3
R 4
R 3
R
7
NL: Issues in Router Table Size
• One entry for every host on the Internet– 100M entries,doubling every year
• One entry for every LAN– Every host on LAN shares prefix– Still too many, doubling every year
• One entry for every organization– Every host in organization shares prefix– Requires careful address allocation– What constitutes an “organization”?
8
NL: Global Addresses
• Advantages– Simple error recovery
• Disadvantages– Every router knows about every destination
• Potentially large tables
– All packets to destination take same route
9
NL: Comparison
Source Routing Global Addresses
Header Size Worst OK – Large address
Router Table Size None Number of hosts (prefixes)
Forward Overhead Best Prefix matching
Virtual Circuits
OK (larger thanglobal if IP payload)
Number of circuits
Good (table index)
Setup Overhead None None
Error Recovery Tell all hosts Tell all routers
Connection Setup
Tell all routers, Tear down circuit
and re-route
10
NL: IP route lookups
• Original IP Route Lookup – In the early days, address classes made it easy
• A: 0 | 7 bit network | 24 bit host (16M each)
• B: 10 | 14 bit network | 16 bit host (64K)
• C: 110 | 21 bit network | 8 bit host (255)
– Address would specify prefix for forwarding table– Simple lookup
11
NL: Original IP Route Lookup – Example
• www.ogi.edu address 129.95.5.30– Class B address – class + network is 129.95
– Lookup 129.95 in forwarding table
– Prefix – part of address that really matters for routing
• Forwarding table contains– List of prefix entries
– A few fixed prefix lengths (8/16/24)
• Large tables– 2 Million class C networks
– Sites with multiple class C networks have multiple route entries at every router
12
NL: Getting a datagram from source to dest.
Classful routing example
IP datagram:
223.1.1.1
223.1.1.2
223.1.1.3
223.1.1.4 223.1.2.9
223.1.2.2
223.1.2.1
223.1.3.2223.1.3.1
223.1.3.27
A
BE
miscfields
sourceIP addr
destIP addr data
• datagram remains unchanged, as it travels source to destination
• addr fields of interest here
Dest. Net. next router Nhops
223.1.1 1223.1.2 223.1.1.4 2223.1.3 223.1.1.4 2
routing table in A
13
NL: Getting a datagram from source to dest.
Starting at A, given IP datagram addressed to B:
• look up net. address of B
• find B is on same net. as A
• link layer will send datagram directly to B inside link-layer frame
– B and A are directly connected
223.1.1.1
223.1.1.2
223.1.1.3
223.1.1.4 223.1.2.9
223.1.2.2
223.1.2.1
223.1.3.2223.1.3.1
223.1.3.27
A
BE
Dest. Net. next router Nhops
223.1.1 1223.1.2 223.1.1.4 2223.1.3 223.1.1.4 2
miscfields223.1.1.1223.1.1.3data
14
NL: Getting a datagram from source to dest.
Starting at A, dest. E:– look up network address of E
– E on different network
• A, E not directly attached
– routing table: next hop router to E is 223.1.1.4
– link layer sends datagram to router 223.1.1.4 inside link-layer frame
– datagram arrives at 223.1.1.4
– continued…..
223.1.1.1
223.1.1.2
223.1.1.3
223.1.1.4 223.1.2.9
223.1.2.2
223.1.2.1
223.1.3.2223.1.3.1
223.1.3.27
A
BE
Dest. Net. next router Nhops
223.1.1 1223.1.2 223.1.1.4 2223.1.3 223.1.1.4 2
miscfields223.1.1.1223.1.2.3 data
15
NL: Getting a datagram from source to dest.
223.1.1.1
223.1.1.2
223.1.1.3
223.1.1.4 223.1.2.9
223.1.2.2
223.1.2.1
223.1.3.2223.1.3.1
223.1.3.27
A
BE
miscfields223.1.1.1223.1.2.3 data network router Nhops interface
223.1.1 - 1 223.1.1.4 223.1.2 - 1 223.1.2.9
223.1.3 - 1 223.1.3.27
Dest. next
Arriving at 223.1.4, destined for 223.1.2.2– look up network address of E
– E on same network as router’s
interface 223.1.2.9 • router, E directly attached
– link layer sends datagram to 223.1.2.2 inside link-layer frame
via interface 223.1.2.9 – datagram arrives at 223.1.2.2!!!
(hooray!)
16
NL: IP route lookup and CIDR
• Recall Classless routing (CIDR)– Advantages
• Saves space in route tables
• Makes more efficient use of address space
– ISP allocated 8 class C chunks, 201.10.0.0 to 201.10.7.255
– Allocation uses 3 bits of class C space
– Remaining 21 bits are network number, written as 201.10.0.0/21
– Replace 8 class C entries with 1 combined entry
• Routing protocols carry prefix length with destination network address
– But....Makes route lookup more complex• No longer separate class A/B/C route tables each with O(1) lookup
• One table containing many prefix lengths
• Must match against all routes simultaneously via longest prefix match
17
NL: CIDR exampleISP X given 16 class C networks 200.23.16.* to 200.23.31.* (or 200.23.16/20)
200.23.16.0/24, 200.200.17.0/24200.23.18.0/24, 200.200.19.0/24200.23.20.0/24, 200.200.21.0/24200.23.22.0/24, 200.200.23.0/24
Large company
200.23.16.0/21
Medium company
200.23.24.0/22
200.23.24.0/24200.23.25.0/24200.23.26.0/24200.23.27.0/24
Small company
200.23.28.0/23
200.23.28.0/24200.23.29.0/24
Tiny company
200.23.30.0/24
Adjacent ISP
routerISP X
Route Interface200.23.16/20 1
1 Route Interface200.23.16/21 2200.23.24/22 3200.23.28/23 4200.23.30/24 5
1
23 4
5
18
NL: CIDR, hierarchical addressing, route aggregation
“Send me anythingwith addresses beginning 200.23.16.0/20”
200.23.16.0/23
200.23.18.0/23
200.23.30.0/23
Fly-By-Night-ISP
Organization 0
Organization 7Internet
Organization 1
ISPs-R-Us“Send me anythingwith addresses beginning 199.31.0.0/16”
200.23.20.0/23Organization 2
...
...
Hierarchical addressing allows efficient advertisement of routing information:
19
NL: Another CIDR example
Provider
• Routing to the network • Packet to 10.1.1.3
arrives• Path is R2 – R1 – H1
– H2
H2
H3
H4
R1
10.1.1/24
10.1.1.210.1.1.4
10.1.16/24 10.1.8/24
10.1.3/24
10.1.1.3
10.1.2/24
R2
10.1.3.2
10.1.8.4
10.1.1.110.1.2.210.1.3.1
10.1.8.110.1.2.110.1.16.1
H1
10.1.1.2/31
20
NL: Another CIDR example
Routing table at R2
Destination Next Hop Interface
127.0.0.1 127.0.0.1 lo0
Default or 0/0 provider 10.1.16.1
10.1.8.0/24 10.1.8.1 10.1.8.1
10.1.2.0/24 10.1.2.1 10.1.2.1
10.1.0.0/22 10.1.2.2 10.1.2.1
• Subnet Routing• Packet to 10.1.1.3• Matches 10.1.0.0/22
H2
H3
H4
R1
10.1.1/24
10.1.1.210.1.1.4
10.1.16/24 10.1.8/24
10.1.3/24
10.1.1.3
10.1.2/24
R2
10.1.3.2
10.1.8.4
10.1.1.110.1.2.210.1.3.1
10.1.8.110.1.2.110.1.16.1
H1
10.1.1.2/31
21
NL: Another CIDR example
Routing table at R1Destination Next Hop Interface
127.0.0.1 127.0.0.1 lo0
Default or 0/0 10.1.2.1 10.1.2.2
10.1.3.1 10.1.3.1
10.1.1.0/24 10.1.1.1 10.1.1.1
10.1.2.2 10.1.2.2
• Subnet Routing• Packet to 10.1.1.3• Matches 10.1.1.2/31
• Longest prefix match
10.1.1.4 10.1.1.1
10.1.2.0/24
10.1.1.2/31
10.1.3.0/24
H2
H3
H4
R1
10.1.1/24
10.1.1.210.1.1.4
10.1.16/24 10.1.8/24
10.1.3/24
10.1.1.3
10.1.2/24
R2
10.1.3.2
10.1.8.4
10.1.1.110.1.2.210.1.3.1
10.1.8.110.1.2.110.1.16.1
H1
10.1.1.2/31
10.1.1.3 matches both routes, use longest prefix match
22
NL: Another CIDR example
Routing table at H1Destination Next Hop Interface
127.0.0.1 127.0.0.1 lo0
Default or 0/0 10.1.1.1 10.1.1.4
10.1.1.0/24 10.1.1.4 10.1.1.4
10.1.1.2/31 10.1.1.2 10.1.1.2
• Subnet Routing• Packet to 10.1.1.3• Direct route
• Longest prefix match
H2
H3
H4
R1
10.1.1/24
10.1.1.210.1.1.4
10.1.16/24 10.1.8/24
10.1.3/24
10.1.1.3
10.1.2/24
R2
10.1.3.2
10.1.8.4
10.1.1.110.1.2.210.1.3.1
10.1.8.110.1.2.110.1.16.1
H1
10.1.1.2/31
10.1.1.3 matches both routes, use longest prefix match
23
NL: CIDR Shortcomings
• Customer selecting a new provider– Renumbering required
201.10.0.0/21
201.10.0.0/22 201.10.4.0/24 201.10.5.0/24 201.10.6.0/23
Provider 1 Provider 2
199.31.0.0/16
24
NL: CIDR Shortcomings
• Multi-homing
“Send me anythingwith addresses beginning 200.23.16.0/20”
200.23.16.0/23
200.23.18.0/23
200.23.30.0/23
Fly-By-Night-ISP
Organization 0
Organization 7Internet
Organization 1
ISPs-R-Us“Send me anythingwith addresses beginning 199.31.0.0/16or 200.23.18.0/23”
200.23.20.0/23Organization 2
...
...
ISPs-R-Us has a more specific route to Organization 1
25
NL: Longest-prefix matching
• Algorithms and data structures for CIDR-based IP route lookups– Ruiz-Sanchez, Biersack, Dabbous, “Survey and Taxonomy of
IP address Lookup Algorithms”, IEEE Network, Vol. 15, No. 2, March 2001
• Binary trie• Multi-bit trie• LC trie• Lulea trie• Full expansion/compression• Binary search on prefix lengths• Binary range search• Multiway range search• Multiway range trees• Binary search on hash tables (Waldvogel – SIGCOMM 97)
26
NL: Binary trie
Route PrefixesA 0* B 01000*C 011*D 1*E 100*F 1100*G 1101*H 1110*I 1111*
A
0
0
0
0
1
1
0
0 0
0 0
1
1
1 1
1
B
C
D
E
F G H I
• Data structure to support longest-prefix match for forwarding
• Bit-wise traversal from left-to-right
27
NL: Path-compressed binary trie• Eliminate single branch point nodes
• Compare address against all prefixes along path to leaf
– Take deepest match
• Variants include PATRICIA and BSD tries
Route PrefixesA 0* B 01000*C 011*D 1*E 100*F 1100*G 1101*H 1110*I 1111*
A
0
1 0
0
0 0
1
1
1 1
1
B C
D
E
F G H I
0
Bit=3 Bit=2
Bit=3
Bit=4 Bit=4
Bit=1
28
NL: Multi-bit tries
• Compare multiple bits at a time– Stride = number of bits being examined
– Reduces memory accesses
– Increase memory required• Forces table expansion for prefixes falling in between strides
– Two types• Variable stride multi-bit tries
• Fixed stride multi-bit tries
• Most route entries are Class C– Optimize “stride” based on this
29
NL: Variable stride multi-bit trie
• Single level has variable stride lengthsRoute PrefixesA 0* B 01000*C 011*D 1*E 100*F 1100*G 1101*H 1110*I 1111*
A
0 1
0 1
00 01 10 11
A D D
B
CC E
00 01 10 11
GF IH
00 01 10 11
30
NL: Fixed stride multi-bit trie
• Single level has equal strides
Route PrefixesA 0* B 01000*C 011*D 1*E 100*F 1100*G 1101*H 1110*I 1111*
A
000 001 010 011 100 101 110 111
A A
00 01 10 11 00 01 10 11 00 01 10 11
C E D D D
B F F G HG H II
32
NL: Hierarchical routing in the Internet
• Area routing– aggregate routers into
regions, “autonomous systems” (AS)
– administrative autonomy
– routers in same AS run same routing protocol
• “intra-AS” routing protocol or interior gateway protocol (IGP)
• routers in different AS can run different intra-AS routing protocol
• special routers in AS• run intra-AS routing
protocol with all other routers in AS
• also responsible for routing to destinations outside AS– run inter-AS routing
protocol or exterior gateway protocol (EGP) with other gateway routers in other AS’s
gateway routers
33
NL: Example #1
1 2
3
1.11.2
2.1 2.2
3.1 3.2
2.2.1
44.1 4.2
5
5.1 5.2
EGP
IGP
EGPEGP
IGP
IGP
IGPIGP
EGP
EGP
34
NL: Example #2
Gateways:•perform inter-AS routing amongst themselves•perform intra-AS routers with other routers in their AS
inter-AS, intra-AS routing in
gateway A.c
network layer
link layer
physical layer
a
b
b
aaC
A
Bd
A.a
A.c
C.bB.a
cb
c
35
NL: Path Sub-optimality
1 2
3
1.11.2
2.1 2.2
3.1 3.2
2.2.1
3 hop red pathvs.2 hop green path
startend
3.2.1
1.2.1
36
NL: AS Categories
• Stub: an AS that has only a single connection to one other AS - carries only local traffic.
• Multi-homed: an AS that has connections to more than one AS, but does not carry transit traffic
• Transit: an AS that has connections to more than one AS, and carries both transit and local traffic (under certain policy restrictions)
38
NL: Specific IP routing protocols
• Intra-AS routing protocols (interior routing protocols)– GGP– RIP– IGRP– OSPF
• Inter-AS routing protocols (exterior routing protocols)– EGP– BGP
39
NL: Intra-AS Routing
• Generate Intra-AS routing tables
• Also known as Interior Gateway Protocols (IGP)• Most common IGPs
– Distance vector protocols• GGP: Gateway-to-Gateway Protocol (1970s)
• RIP: Routing Information Protocol (1982)
• IGRP: Interior Gateway Routing Protocol (1988)
– Cisco proprietary
– Link state protocols
• OSPF: Open Shortest Path First
• Hierarchical OSPF
40
NL: RIP (Routing Information Protocol)
• Included in BSD-UNIX Distribution in 1982
• Distance metric: # of hops (max = 15 hops)
• Vectors exchanged every 30 sec and when triggered– Static update period leads to synchronization problems
• Split horizon with poisonous reverse
• RIP-2 in 1993 adds prefix mask for CIDR
41
NL: RIP: Link Failure and Recovery
If no advertisement heard after 180 sec --> neighbor/link declared dead
– routes via neighbor invalidated– new advertisements sent to neighbors– neighbors in turn send out new advertisements (if
tables changed)– link failure info quickly propagates to entire net– poison reverse used to prevent count-to-infinity
(infinite distance = 16 hops)
42
NL: RIP Table processing
• RIP routing tables managed by application-level process called route-d (daemon)
• advertisements sent in UDP packets, periodically repeated
43
NL: IGRP (Interior Gateway Routing Protocol)
• CISCO proprietary; successor of RIP (mid 80s)– Distance Vector, like RIP– several cost metrics (delay, bandwidth, reliability, load etc)– 90 sec update with triggered updates– Split horizon
• V1: path holddown• V2: route poisoning• multiple path support
– uses TCP to exchange routing updates
– EIGRP• Loop-free routing via DUAL (based on diffused
computation)• CIDR support
44
NL: Intra-AS Link State Protocols
• OSPF– Uses Link State algorithm
• LS packet dissemination
• Topology map at each node
• Route computation using Dijkstra’s algorithm
– OSPF advertisement carries one entry per neighbor router
– Advertisements disseminated to entire AS (via flooding)
45
NL: OSPF “advanced” features (not in RIP)
• Security: all OSPF messages authenticated (to prevent malicious intrusion); TCP connections used
• Multiple same-cost paths allowed (only one path in RIP)
• For each link, multiple cost metrics for different TOS (eg, satellite link cost set “low” for best effort; high for real time)
• Integrated uni- and multicast support: – Multicast OSPF (MOSPF) uses same topology data base as
OSPF
• Hierarchical OSPF in large domains.
47
NL: Hierarchical OSPF
• Two-level hierarchy: local area, backbone.
– Link-state advertisements only in area – each nodes has detailed area topology; only know
direction (shortest path) to nets in other areas.• Area border routers: “summarize” distances to nets
in own area, advertise to other Area Border routers.• Backbone routers: run OSPF routing limited to
backbone.• Boundary routers: connect to other ASs.
49
NL: Why different Intra- and Inter-AS routing ?
Policy vs. Performance: • Inter-AS
– ISPs want control over how its traffic routed, who routes through its net
– policy and monetary factors dominate over performance
• Intra-AS– single administrative policy
– performance dominates
50
NL: History
• Mid-80s: EGP (Exterior Gateway Protocol)– Used in original ARPAnet – Reachability protocol (no shortest path)
• Single bit for reachability information
– Topology restricted to a tree (no cycles allowed)• ARPA-managed packet switches at top of tree
– Unacceptable once Internet grew to multiple independent backbones
• Result: BGP development
51
NL: BGP
• Link state or distance vector?– Problems with distance-vector:
• Bellman-Ford algorithm may not converge
– More problems with link state:• Everyone sees every link
– LS database too large – entire Internet
– Can’t easily control who uses the network (i.e. an ISP may want to hide particular links from being used by others, but link states are broadcast)
• Metric used by routers not the same – loops– No universal routing metric
– Policy drives routing decisions
52
NL: BGP
• BGP (Border Gateway Protocol): the de facto standard• Path Vector protocol:
– similar to Distance Vector protocol– each Border Gateway broadcast to neighbors (peers)
entire path (I.e, sequence of ASs) to destination• E.g., Gateway X sends its path to dest. Z:
– Path (X,Z) = X,Y1,Y2,Y3,…,Z
– When AS gets route check if AS already in path• If yes, reject route
• If no, add self and (possibly) advertise route further – Allows for policy application (different metrics)
• Metrics are local - AS chooses path, protocol ensures no loops
Supports CIDR aggregation (BGP4)Supports alternative routes
53
NL: Path Selection Criteria
• Path attributes + external (policy) information
• Examples:– Hop count– Policy considerations
• Preference for AS
• Presence or absence of certain AS
– Path origin– Link dynamics– Early-exit
• Hot-potato routing for transit packets
54
NL: Policy with BGP
• BGP provides capability for enforcing various policies
• Policies are not part of BGP: they are provided to BGP as configuration information
• BGP enforces policies by choosing paths from multiple alternatives and controlling advertisement to other AS’s
55
NL: Examples of BGP Policies
• A multi-homed AS refuses to act as transit– Limit path advertisement
• A multi-homed AS can become transit for some AS’s– Only advertise paths to some AS’s
• An AS can favor or disfavor certain AS’s for traffic transit from itself
56
NL: Interconnecting BGP Peers
• BGP uses TCP to connect peers• Advantages:
– Simplifies BGP– No need for periodic refresh - routes are valid until
withdrawn, or the connection is lost• Note recent news on BGP TCP spoofing attack
– Incremental updates
• Disadvantages– Congestion control on a routing protocol?– Poor interaction during high load
57
NL: Internet inter-AS routing: BGP
• BGP messages exchanged using TCP.
• BGP messages:– OPEN: opens TCP connection to peer and
authenticates sender– UPDATE: advertises new path (or withdraws old)– KEEPALIVE keeps connection alive in absence of
UPDATES; also ACKs OPEN request– NOTIFICATION: reports errors in previous msg;
also used to close connection
58
NL: IPv4 summary
• Security
• Error detection
• Delivery semantics
• Quality-of-service
• Fragmentation
• Addressing
• Routing
59
NL: IPv6
• Redefine functions of IP (version 4)– Remove ancillary functionality– Add missing, but essential functionality– Recall, functions of IPv4
• What changes should be made in….– IP addressing– IP delivery semantics– IP quality of service– IP security– IP routing– IP fragmentation– IP error detection
60
NL: IPv6
• Initial motivation: 32-bit address space completely allocated by 2008.
• Additional motivation:– header format to help speed processing/forwarding– header changes to facilitate QoS – new “anycast” address: route to “best” of several
replicated servers
61
NL: IPv6 Header
Source Address (128 bits)
Destination Address (128 bits)
0 4 16 24 32
Version Class Flow Label
Payload Length Next Header Hop Limit
12 19
62
NL: IPv6 Changes
• Scale – addresses are 128bit– Header size?
• Simplification– Removes infrequently used parts of header– 40 byte fixed header vs. 20+ byte variable header
• IPv6 removes checksum– Relies on upper layer protocols to provide integrity– Reduces processing time at each hop
• IPv6 eliminates fragmentation– Requires path MTU discovery
63
NL: IPv6 Changes
• TOS replaced with traffic class octet– Support QoS via DiffServ
• FlowID field– Help soft state systems, accelerate flow classification
– Maps well onto TCP connection or stream of UDP packets on host-port pair
• Easy configuration– Provides auto-configuration using hardware MAC address to
provide unique base
• Additional requirements– Support for security
– Support for mobility
64
NL: IPv6 Changes
• Protocol field replaced by next header field– Unify support for protocol demultiplexing as well as option
processing
• Option processing– Options allowed, but only outside of header, indicated by
“Next Header” field– Options header does not need to be processed by every router
• Large performance improvement• Makes options practical/useful
• ICMPv6: new version of ICMP– additional message types, e.g. “Packet Too Big”– multicast group management functions
65
NL: Transition From IPv4 To IPv6
• Not all routers can be upgraded simultaneous– no “flag days”– How will the network operate with mixed IPv4 and
IPv6 routers?
• Two proposed approaches:– Dual Stack: some routers with dual stack (v6, v4) can
“translate” between formats– Tunneling: IPv6 carried as payload in an IPv4
datagram among IPv4 routers