Upload
cameron-hutchinson
View
243
Download
0
Embed Size (px)
DESCRIPTION
11/12/15UB Fall 2015 The Role of IP IP provides functionality to interconnected devices across multiple networks IP is implemented in each end system and routers The routers along the way must cope up with: Addressing schemes (IEEE 802 vs. X.25) Maximum packet sizes (fragmentation) Interfaces (hardware/software) Reliability (should be independent of it) CSE565: S. Upadhyaya Lec 22.3
Citation preview
11/12/15 UB Fall 2015 CSE565: S. UpadhyayaLec 22.1
CSE565: Computer SecurityLecture 22 IP Basics
Shambhu Upadhyaya
Computer Science & Eng.
University at BuffaloBuffalo, New York 14260
11/12/15 UB Fall 2015
Outline IP (November 12, 2015) IP Security architecture (November 17, 2015) Authentication Header Key Management
CSE565: S. UpadhyayaLec 22.2
11/12/15 UB Fall 2015
The Role of IP
IP provides functionality to interconnected devices across multiple networks
IP is implemented in each end system and routers
The routers along the way must cope up with: Addressing schemes (IEEE 802 vs. X.25) Maximum packet sizes (fragmentation) Interfaces (hardware/software) Reliability (should be independent of it)
CSE565: S. UpadhyayaLec 22.3
11/12/15 UB Fall 2015
Some Issues of IP Data at higher level are encapsulated in a PDU
(protocol data unit) PDU is passed through one or more networks
and connected routers and to the end system IP header must contain all the necessary
addresses No reliability assurance
Intermediate subnets need not be concerned about reliability requirements
TCP takes care of reliability
CSE565: S. UpadhyayaLec 22.4
11/12/15 UB Fall 2015
Configuration of TCP/IP
CSE565: S. UpadhyayaLec 22.5
Figure: Configuration for TCP/IP Example
11/12/15 UB Fall 2015
Operation of Routers IP is implemented in all end systems and
routers End systems must have compatible protocols
above IP Routers need only have up through IP
CSE565: S. UpadhyayaLec 22.6
11/12/15 UB Fall 2015
Operation, Contd. Block of data from X to Y
PDU is created and IP layer attaches a header (global Internet address of Y)
Since Y is on another network, the packet needs to be sent to router 1 in the form of an LLC PDU
Upon receiving, MAC layer constructs a MAC packet and sticks in the address of router 1
After examination, router 1 routes packets to router 2 (wrapping in another format if necessary)
Router 2 strips off header to determine that the IP packet is destined to Y
Router 2 creates a packet with destination address of Y and sends it onto the LAN
Y removes all headers and forwards data to upperCSE565: S. Upadhyaya
Lec 22.7
Router, Switch and Hub Router is like a computer - acts as gateway
Joins together multiple LANs to a WAN Works at layer 3 of OSI
Switch is less sophisticated Must designate a computer as a gateway Works at layer 2 of OSI Connects devices to form a LAN
Hub is used to connect segments of LAN Works at layer 1 of OSI It is like a splitter
11/12/15 UB Fall 2015 CSE565: S. UpadhyayaLec 22.8
11/12/15 UB Fall 2015
IPv4 20 bytes or 160 bits (minimum) 32 bit address (4.3 billion IP addresses) Study shows that available address space would not last
long In April 2014, North American Registry for Internet
Numbers (ARIN), announced it had reached "phase 4" of its IPv4 countdown plan, with fewer than 17 million IPv4 addresses remaining
CSE565: S. UpadhyayaLec 22.9
The Grim Story of IPv4 ARIN had fewer than 17M addresses left last year ARIN has tightened the address supply and now has
run out of it APNIC (Asia-Pacific registry) reached the 17M
threshold four years ago RIPE NCC (Europe) reached its threshold less than
three years ago Latin America and Caribbean directories in similar
status AfriNIC in Africa is continuing to supply IPv4
addresses
11/12/15 UB Fall 2015 CSE565: S. UpadhyayaLec 22.10
How Did We Get Here
In the 80’s protocols used 16 bit addresses The Internet growth was not predicted well Making the addresses a meager 32 bits was a
big failure of imagination It took only a decade before IP address
numbering ran into trouble Initially a class system – A,B,C to handle
networks and hosts This was later abolished, which improved
situation a bit
11/12/15 UB Fall 2015 CSE565: S. UpadhyayaLec 22.11
Use of IP Address Space
11/12/15 UB Fall 2015 CSE565: S. UpadhyayaLec 22.12
Classless Regime Deployment of new IP address space slowed
down to a much more sustainable pace as the Internet boomed in late 90’s
Around 2000 More and more broadband always-on
connections Few years later
Millions of smartphones continuously connected
Day was saved by NAT adoption
11/12/15 UB Fall 2015 CSE565: S. UpadhyayaLec 22.13
NAT Details These days people use more than one PC ISPs provide more IP addresses for a fee Cheaper solution is to share a single add. With NAT, you get IP addresses from
10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16 address ranges set aside for private use
A home router that implements NAT then translates between the internal address and the regular, public address given out by the ISP
11/12/15 UB Fall 2015 CSE565: S. UpadhyayaLec 22.14
The Stanford vs. China Story
More than a decade ago, Stanford held more IPv4 addresses than the entire China
However, by 2006, organizations in China held a total of 98M IP addresses
Today, China has given out a total of 330M addresses
China is the second largest holder of IPv4 addresses, behind the US with 1.591 billion
China: 1 address for 4, US: 1 user 5 addresses If each user in the world deserves one, we
have a problem!
11/12/15 UB Fall 2015 CSE565: S. UpadhyayaLec 22.15
IP Addresses Held By Country
11/12/15 UB Fall 2015 CSE565: S. UpadhyayaLec 22.16
So, What Now? IPv6 is the solution Read the article: “With the Americas running
out of IPv4, it’s official: The Internet is full” by Iljitsch van Beijnum at arstechnica.com
(http://arstechnica.com/information-technology/2014/06/with-the-americas-running-out-of-ipv4-its-official-the-internet-is-full/)
Also read: http://arstechnica.com/information-technology/2015/07/us-exhausts-new-ipv4-addresses-waitlist-begins/ 11/12/15 UB Fall 2015 CSE565: S. Upadhyaya
Lec 22.17
11/12/15 UB Fall 2015
IPv6 Fixed length of 40 octets 128 bit addresses ( 5x1028 addresses for each of the 7
billion people) U.S. government specified network backbones at federal
agencies must deploy IPv6 by 2008 – the adoption is slow due to lack of client base
Major backbone networks – Amazon, Comcast, HSBC, Akamai, Verizon, etc. have deployed IPv6
CSE565: S. UpadhyayaLec 22.18
Summary IPv4 has already run out of address space IPv6 initiative started in 1995 but adoption is slow,
will become main stream soon Products such as Microsoft OS have support for IPv6
and are enabled by default IPv6 has no backward compatibility since headers
are significantly different You need to run dual stacks to serve both types of
networks Situation is similar to WEP and RSN in the wireless
security domain
11/12/15 UB Fall 2015 CSE565: S. UpadhyayaLec 22.19