Weeks 5-7 DNS, IP Addressing, IP Routing

1

Weeks 5-7DNS, IP Addressing, IP

Routing

2

DNS: Domain Name System

People: many identifiers: SSN, name, passport #

Internet hosts, routers: IP address (32 bit) -

used for addressing datagrams

“name”, e.g., www.yahoo.com - used by humans

Q: map between IP addresses and name ?

Domain Name System: distributed database

implemented in hierarchy of many name servers

application-layer protocol host, routers, name servers to communicate to resolve names (address/name translation) note: core Internet

function, implemented as application-layer protocol

complexity at network’s “edge”

3

DNS

Why not centralize DNS? single point of failure traffic volume distant centralized

database maintenance

doesn’t scale!

DNS services Hostname to IP

address translation Host aliasing

Canonical and alias names

Mail server aliasing Load distribution

Replicated Web servers: set of IP addresses for one canonical name

4

Root DNS Servers

com DNS servers org DNS servers edu DNS servers

poly.eduDNS servers

umass.eduDNS servers

yahoo.comDNS servers

amazon.comDNS servers

pbs.orgDNS servers

Distributed, Hierarchical Database

Client wants IP for www.amazon.com; 1st approx: Client queries a root server to find com DNS

server Client queries com DNS server to get

amazon.com DNS server Client queries amazon.com DNS server to get

IP address for www.amazon.com

5

DNS: Root name servers contacted by local name server that can not resolve name root name server:

contacts authoritative name server if name mapping not known

gets mapping returns mapping to local name server

13 root name servers worldwide

b USC-ISI Marina del Rey, CAl ICANN Los Angeles, CA

e NASA Mt View, CAf Internet Software C. Palo Alto, CA (and 17 other locations)

i Autonomica, Stockholm (plus 3 other locations)

k RIPE London (also Amsterdam, Frankfurt)

m WIDE Tokyo

a Verisign, Dulles, VAc Cogent, Herndon, VA (also Los Angeles)d U Maryland College Park, MDg US DoD Vienna, VAh ARL Aberdeen, MDj Verisign, ( 11 locations)

6

TLD and Authoritative Servers Top-level domain (TLD) servers:

responsible for com, org, net, edu, etc, and all top-level country domains uk, fr, ca, jp. Network solutions maintains servers for com

TLD Educause for edu TLD

Authoritative DNS servers: organization’s DNS servers, providing authoritative hostname to IP mappings for organization’s servers (e.g., Web and mail). Can be maintained by organization or service

provider

7

Local Name Server

Does not strictly belong to hierarchy Each ISP (residential ISP, company,

university) has one. Also called “default name server”

When a host makes a DNS query, query is sent to its local DNS server Acts as a proxy, forwards query into

hierarchy.

8

requesting hostcis.poly.edu

gaia.cs.umass.edu

root DNS server

local DNS serverdns.poly.edu

1

23

4

5

6

authoritative DNS serverdns.cs.umass.edu

78

TLD DNS server

Example

Host at cis.poly.edu wants IP address for gaia.cs.umass.edu

9

requesting hostcis.poly.edu

gaia.cs.umass.edu

root DNS server

local DNS serverdns.poly.edu

1

2

45

6

authoritative DNS serverdns.cs.umass.edu

7

8

TLD DNS server

3

Recursive queries

recursive query: puts burden of

name resolution on contacted name server

heavy load?

iterated query: contacted server

replies with name of server to contact

“I don’t know this name, but ask this server”

10

DNS: caching and updating records once (any) name server learns mapping, it

caches mapping cache entries timeout (disappear) after

some time TLD servers typically cached in local name

servers• Thus root name servers not often visited

update/notify mechanisms under design by IETF RFC 2136 http://www.ietf.org/html.charters/dnsind-charter.html

11

DNS records

DNS: distributed db storing resource records (RR)

Type=NS name is domain (e.g.

foo.com) value is IP address of

authoritative name server for this domain

RR format: (name, value, type, ttl)

Type=A name is hostname value is IP address

Type=CNAME name is alias name for some

“cannonical” (the real) name

www.ibm.com is really servereast.backup2.ibm.com value is cannonical name

Type=MX value is name of mailserver

associated with name

12

DNS protocol, messagesDNS protocol : query and reply messages, both with same message format

msg header identification: 16 bit #

for query, reply to query uses same #

flags: query or reply recursion desired recursion available reply is authoritative

13

DNS protocol, messages

Name, type fields for a query

RRs in reponseto query

records forauthoritative servers

additional “helpful”info that may be used

14

Inserting records into DNS

Example: just created startup “Network Utopia” Register name networkuptopia.com at a registrar

(e.g., Network Solutions) Need to provide registrar with names and IP addresses

of your authoritative name server (primary and secondary)

Registrar inserts two RRs into the com TLD server:

(networkutopia.com, dns1.networkutopia.com, NS)(dns1.networkutopia.com, 212.212.212.1, A)

Put in authoritative server Type A record for www.networkuptopia.com and Type MX record for networkutopia.com

How do people get the IP address of your Web site?

15

Network Layer

Goals: understand principles behind network

layer services: routing (path selection) dealing with scale how a router works advanced topics: IPv6, mobility

instantiation and implementation in the Internet

16

Network Layer

Introduction Virtual circuit and

datagram networks What’s inside a

router IP: Internet Protocol

Datagram format IPv4 addressing ICMP IPv6

Routing algorithms Link state Distance Vector Hierarchical routing

Routing in the Internet RIP OSPF BGP

Broadcast and multicast routing

17

Network layer transport segment from sending to receiving

host on sending side encapsulates segments into

datagrams on rcving side, delivers segments to transport

layer network layer protocols in every host, router Router examines header fields in all IP

datagrams passing through it

networkdata linkphysical








application

transportnetworkdata linkphysical

application


18

Key Network-Layer Functions

forwarding: move packets from router’s input to appropriate router output

routing: determine route taken by packets from source to dest.

Routing algorithms

analogy:

routing: process of planning trip from source to dest

forwarding: process of getting through single interchange

19

1

23

0111

value in arrivingpacket’s header

routing algorithm

local forwarding tableheader value output link

0100010101111001

3221

Interplay between routing and forwarding

20

Connection setup

3rd important function in some network architectures: ATM, frame relay, X.25

Before datagrams flow, two hosts and intervening routers establish virtual connection Routers get involved

Network and transport layer cnctn service: Network: between two hosts Transport: between two processes

21

Network service model

Q: What service model for “channel” transporting datagrams from sender to rcvr?

Example services for individual datagrams:

guaranteed delivery Guaranteed delivery

with less than 40 msec delay

Example services for a flow of datagrams:

In-order datagram delivery

Guaranteed minimum bandwidth to flow

Restrictions on changes in inter-packet spacing

22

Network layer service models:

NetworkArchitecture

Internet

ATM

ATM

ATM

ATM

ServiceModel

best effort

CBR

VBR

ABR

UBR

Bandwidth

none

constantrateguaranteedrateguaranteed minimumnone

Loss

no

yes

yes

no

no

Order

no

yes

yes

yes

yes

Timing

no

yes

yes

no

no

Congestionfeedback

no (inferredvia loss)nocongestionnocongestionyes

no

Guarantees ?

23

Network layer connection and connection-less service

Datagram network provides network-layer connectionless service

VC network provides network-layer connection service

Analogous to the transport-layer services, but: Service: host-to-host No choice: network provides one or the

other Implementation: in the core

24

Virtual circuits

call setup, teardown for each call before data can flow each packet carries VC identifier (not destination host

address) every router on source-dest path maintains “state” for

each passing connection link, router resources (bandwidth, buffers) may be

allocated to VC

“source-to-dest path behaves much like telephone circuit” performance-wise network actions along source-to-dest path

25

VC implementation

A VC consists of:1. Path from source to destination2. VC numbers, one number for each link along

path3. Entries in forwarding tables in routers along

path Packet belonging to VC carries a VC

number. VC number must be changed on each

link. New VC number comes from forwarding table

26

Forwarding table

12 22 32

1 23

VC number

interfacenumber

Incoming interface Incoming VC # Outgoing interface Outgoing VC #

1 12 2 222 63 1 18 3 7 2 171 97 3 87… … … …

Forwarding table innorthwest router:

Routers maintain connection state information!

27

Virtual circuits: signaling protocols

used to setup, maintain teardown VC used in ATM, frame-relay, X.25 not used in today’s Internet

application


application


1. Initiate call 2. incoming call

3. Accept call4. Call connected5. Data flow begins 6. Receive data

28

Datagram networks no call setup at network layer routers: no state about end-to-end connections

no network-level concept of “connection”

packets forwarded using destination host address packets between same source-dest pair may take

different paths

application


application


1. Send data 2. Receive data

29

Forwarding table

Destination Address Range Link Interface

11001000 00010111 00010000 00000000 through 0 11001000 00010111 00010111 11111111

11001000 00010111 00011000 00000000 through 1 11001000 00010111 00011000 11111111

11001000 00010111 00011001 00000000 through 2 11001000 00010111 00011111 11111111

otherwise 3

4 billion possible entries

30

Longest prefix matching

Prefix Match Link Interface 11001000 00010111 00010 0 11001000 00010111 00011000 1 11001000 00010111 00011 2 otherwise 3

DA: 11001000 00010111 00011000 10101010

Examples

DA: 11001000 00010111 00010110 10100001 Which interface?

Which interface?

31

Datagram or VC network: why?

Internet data exchange among

computers “elastic” service, no

strict timing req. “smart” end systems

(computers) can adapt, perform

control, error recovery simple inside network,

complexity at “edge” many link types

different characteristics uniform service difficult

ATM evolved from telephony human conversation:

strict timing, reliability requirements

need for guaranteed service

“dumb” end systems telephones complexity inside

network

32

Router Architecture Overview

Two key router functions: run routing algorithms/protocol (RIP, OSPF, BGP) forwarding datagrams from incoming to outgoing link

33

Input Port Functions

Decentralized switching: given datagram dest., lookup output

port using forwarding table in input port memory

goal: complete input port processing at ‘line speed’

queuing: if datagrams arrive faster than forwarding rate into switch fabric

Physical layer:bit-level reception

Data link layer:e.g., Ethernetsee chapter 5

34

Three types of switching fabrics

35

Switching Via MemoryFirst generation routers: traditional computers with switching under direct control of CPUpacket copied to system’s memory speed limited by memory bandwidth (2 bus crossings per datagram)

InputPort

OutputPort

Memory

System Bus

36

Switching Via a Bus

datagram from input port memory

to output port memory via a shared bus

bus contention: switching speed limited by bus bandwidth

1 Gbps bus, Cisco 1900: sufficient speed for access and enterprise routers (not regional or backbone)

37

Switching Via An Interconnection Network

overcome bus bandwidth limitations Banyan networks, other interconnection nets

initially developed to connect processors in multiprocessor

Advanced design: fragmenting datagram into fixed length cells, switch cells through the fabric.

Cisco 12000: switches Gbps through the interconnection network

38

Output Ports

Buffering required when datagrams arrive from fabric faster than the transmission rate

Scheduling discipline chooses among queued datagrams for transmission

39

Output port queueing

buffering when arrival rate via switch exceeds output line speed

queueing (delay) and loss due to output port buffer overflow!

40

Input Port Queuing

Fabric slower than input ports combined -> queueing may occur at input queues

Head-of-the-Line (HOL) blocking: queued datagram at front of queue prevents others in queue from moving forward

queueing delay and loss due to input buffer overflow!

41

The Internet Network layer

forwardingtable

Host, router network layer functions:

Routing protocols•path selection•RIP, OSPF, BGP

IP protocol•addressing conventions•datagram format•packet handling conventions

ICMP protocol•error reporting•router “signaling”

Transport layer: TCP, UDP

Link layer

physical layer

Networklayer

42

IP datagram format

ver length

32 bits

data (variable length,typically a TCP

or UDP segment)

16-bit identifier

Internet checksum

time tolive

32 bit source IP address

IP protocol versionnumber

header length (bytes)

max numberremaining hops

(decremented at each router)

forfragmentation/reassembly

total datagramlength (bytes)

upper layer protocolto deliver payload to

head.len

type ofservice

“type” of data flgsfragment

offsetupper layer

32 bit destination IP address

Options (if any) E.g. timestamp,record routetaken, specifylist of routers to visit.

how much overhead with TCP?

20 bytes of TCP 20 bytes of IP = 40 bytes + app

layer overhead

43

IP Fragmentation & Reassembly network links have MTU

(max.transfer size) - largest possible link-level frame. different link types,

different MTUs large IP datagram divided

(“fragmented”) within net one datagram becomes

several datagrams “reassembled” only at

final destination IP header bits used to

identify, order related fragments

fragmentation: in: one large datagramout: 3 smaller datagrams

reassembly

44

IP Fragmentation and Reassembly

ID=x

offset=0

fragflag=0

length=4000

ID=x

offset=0

fragflag=1

length=1500

ID=x

offset=185

fragflag=1

length=1500

ID=x

offset=370

fragflag=0

length=1040

One large datagram becomesseveral smaller datagrams

Example 4000 byte

datagram MTU = 1500 bytes

1480 bytes in data field

offset =1480/8

45

IP Addressing: introduction IP address: 32-bit

identifier for host, router interface

interface: connection between host/router and physical link router’s typically have

multiple interfaces host may have

multiple interfaces IP addresses

associated with each interface

223.1.1.1

223.1.1.2

223.1.1.3

223.1.1.4 223.1.2.9

223.1.2.2

223.1.2.1

223.1.3.2223.1.3.1

223.1.3.27

223.1.1.1 = 11011111 00000001 00000001 00000001

223 1 11

46

IP Addressing Internet Scaling Problems

In the early nineties, the Internet has experienced two major scaling issues as it has struggled to provide continuous and uninterrupted growth:

• The eventual exhaustion of the IPv4 address space • The ability to route traffic between the ever increasing number

of networks that comprise the Internet

The first problem is concerned with the eventual depletion of the IP address space. The current version of IP, IP version 4 (IPv4), defines a 32-bit address which means that there are only 2 32 (4,294,967,296) IPv4 addresses available. This might seem like a large number of addresses, but as new markets open and a significant portion of the world's population becomes candidates for IP addresses, the finite number of IP addresses will eventually be exhausted.

47

IP Addressing The address shortage problem is aggravated by

the fact that portions of the IP address space have not been efficiently allocated. Also, the traditional model of classful addressing does not allow the address space to be used to its maximum potential.

The Address Lifetime Expectancy (ALE) Working Group of the IETF has expressed concerns that if the current address allocation policies are not modified, the Internet will experience a near to medium term exhaustion of its unallocated address pool. If the Internet's address supply problem is not solved, new users may be unable to connect to the global Internet!

48

Trends

49

Classful IP Addressing

One of the fundamental features of classful IP addressing is that each address contains a self-encoding key that identifies the dividing point between the network prefix and the host-number.

50

Class A Networks

Each Class A network address has an 8-bit network-prefix with the highest order bit set to 0 and a seven-bit network number, followed by a 24-bit host-number.

Today, it is no longer considered 'modern' to refer to a Class A network. Class A networks are now referred to as "/8s" (pronounced "slash eight" or just "eights") since they have an 8-bit network-prefix.

51

Class A Networks A maximum of 126 (2^7 -2) /8 networks can be

defined. The calculation requires that the 2 is subtracted because the /8 network 0.0.0.0 is reserved for use as the default route and the /8 network 127.0.0.0 (also written 127/8 or 127.0.0.0/8) has been reserved for the "loopback" function.

Each /8 supports a maximum of 16,777,214 (2^24 -2) hosts per network. The host calculation requires that 2 is subtracted because the all-0s ("this network") and all-1s ("broadcast") host-numbers may not be assigned to individual hosts.

The /8 address space is 50% of the total IPv4 unicast address space.

52

Classful Addressing ContinuedClass B Networks

Each Class B network address has a 16-bit network-prefix with the two highest order bits set to 1-0 and a 14-bit network number, followed by a 16-bit host-number.

Class B networks are now referred to as"/16s" since they have a 16-bit network-prefix.A maximum of 16,384 (2^14 ) /16 networks can be defined with up to 65,534 (2^16 -2) hosts per network, it represents 25% of the total IPv4 unicast address space.

53

Classful Addressing Continued Class C Networks

Each Class C network address has a 24-bit network-prefix with the three highest order bits set to 1-1-0 and a 21-bit network number, followed by an 8-bit host-number.

Class C networks are now referred to as "/24s" since they have a 24-bit network-prefix.

A maximum of 2,097,152 (2^21 ) /24 networks can be defined with up to 254 (2^8 -2) hosts per network. It represents 12.5% (or 1/8th) of the total IPv4 unicast address space.

Other Classes Class D addresses have their leading four-bits set to 1-1-

1-0 and are used to support IP Multicasting. Class E addresses have their leading four-bits set to 1-1-1-1 and are reserved for experimental use.

54

Dotted Decimal Notation

Dotted-decimal notation divides the 32-bit Internet address into four 8-bit (byte) fields and specifies the value of each field independently as decimal number with the fields separated by dots.

55

Limitations to Classful Addressing During the early days of the Internet, the seemingly

unlimited address space allowed IP addresses to be allocated to an organization based on its request rather than its actual need. As a result, addresses were freely assigned to those who asked for them without concerns about the eventual depletion of the IP address space.

The decision to standardize on a 32-bit address space meant that there were only 2^32 (4,294,967,296) IPv4 addresses available. A decision to support a slightly larger address space would have exponentially increased the number of addresses thus eliminating the current address shortage problem.

56

Limitations to Classful Addressing The classful A, B, and C octet boundaries were

easy to understand and implement, but they did not foster the efficient allocation of a finite address space. Problems resulted from the lack of a network class that was designed to support medium-sized organizations. A /24, which supports 254 hosts, is too small while a /16,

which supports 65,534 hosts, is too large. In the past, the Internet has assigned sites with several

hundred hosts a single /16 address instead of a couple of /24s addresses. Unfortunately, this has resulted in a premature depletion of the /16 network address space. The only readily available addresses for medium-size organizations are /24s which have the potentially negative impact of increasing the size of the global Internet's routing table.

57

Subnetting In 1985, RFC 950 defined a standard procedure to

support the subnetting, or division, of a single Class A, B, or C network number into smaller pieces.

Subnetting was introduced to overcome some of the problems that parts of the Internet were beginning to experience with the classful two-level addressing hierarchy: Internet routing tables were beginning to grow. Local administrators had to request another network number

from the Internet before a new network could be installed at their site.

Three-level hierarchy is used

58

Subnetting

59

What did subnetting bring? Subnetting attacked the expanding routing table

problem by ensuring that the subnet structure of a network is never visible outside of the organization's private network.

The route from the Internet to any subnet of a given IP address is the same, no matter which subnet the destination host is on. This is because all subnets of a given network number use the same network-prefix but different subnet numbers.

The routers within the private organization need to differentiate between the individual subnets, but as far as the Internet routers are concerned, all of the subnets in the organization are collected into a single routing table entry.

60

Subnetting contd

This allows the local administrator to introduce arbitrary complexity into the private network without affecting the size of the Internet's routing tables.

Subnetting overcame the registered number issue by assigning each organization one (or at most a few) network number(s) from the IPv4 address space. The organization was then free to assign a distinct subnetwork number for each of its internal networks. This allows the organization to deploy additional

subnets without needing to obtain a new network number from the Internet.

61

Example

• The size of the global Internet routing table does not grow because the site administrator does not need to obtain additional address space and the routing advertisements for all of the subnets are combined into a single routing table entry.• The local administrator has the flexibility to deploy additional subnets without obtaining a new network number from the Internet.• Route flapping (i.e., the rapid changing of routes) within the private network does not affect the Internet routing table

62

Extended Network PrefixInternet routers use only the network-prefix of the destination address to route traffic to a subnetted environment. Routers within the subnetted environment use the extended-network-prefix to route traffic between the individual subnets. The extended-network-prefix is composed of the classful network-prefix and the subnet-number.

130.5.5.25/24 notation is used to describe the IP address

63

Subnet Design Considerations1) How many total subnets does the organization

need today?2) How many total subnets will the organization

need in the future?3) How many hosts are there on the

organization's largest subnet today?4) How many hosts will there be on the

organization's largest subnet in the future?

64

Subnet Design Considerations The first step in the planning process is to take the

maximum number of subnets required and round up to the nearest power of two. For example, if a organization needs 9 subnets, 2^3 (or 8) will not provide enough subnet addressing space, so the network administrator will need to round up to 2^4 (or 16). Also leave room for growth.

The second step is to make sure that there are enough host addresses for the organization's largest subnet. If the largest subnet needs to support 50 host addresses today, 2^5 (or 32) will not provide enough host address space so the network administrator will need to round up to 2^6 (or 64).

The final step is to make sure that the organization's address allocation provides enough bits to deploy the required subnet addressing plan.

65

Subnet Example An organization has been assigned the

network number 193.1.1.0/24 and it needs to define six subnets. The largest subnet is required to support 25 hosts.

66

Subnet example contd

A 27-bit extended-network-prefix leaves 5 bits to define host addresses on each subnet.

This means that each subnetwork with a 27-bit prefix represents a contiguous block of 2^5 (32) individual IP addresses. However, since the all-0s and all-1s host addresses cannot be allocated, there are 30 (2^5 -2) assignable host addresses on each subnet.

67

Example ContinuedBase Net: 11000001.00000001.00000001 .00000000 = 193.1.1.0/24Subnet #0: 11000001.00000001.00000001. 000 00000 = 193.1.1.0/27Subnet #1: 11000001.00000001.00000001. 001 00000 = 193.1.1.32/27Subnet #2: 11000001.00000001.00000001. 010 00000 = 193.1.1.64/27Subnet #3: 11000001.00000001.00000001. 011 00000 = 193.1.1.96/27Subnet #4: 11000001.00000001.00000001. 100 00000 = 193.1.1.128/27Subnet #5: 11000001.00000001.00000001. 101 00000 = 193.1.1.160/27Subnet #6: 11000001.00000001.00000001. 110 00000 = 193.1.1.192/27Subnet #7: 11000001.00000001.00000001. 111 00000 = 193.1.1.224/27

Subnet #6: 11000001.00000001.00000001.110 00000 = 193.1.1.192/27

Host #1: 11000001.00000001.00000001.110 00001 = 193.1.1.193/27Host #2: 11000001.00000001.00000001.110 00010 = 193.1.1.194/27Host #3: 11000001.00000001.00000001.110 00011 = 193.1.1.195/27

.

.Host #28: 11000001.00000001.00000001.110 11100 =

193.1.1.220/27Host #29: 11000001.00000001.00000001.110 11101 =

193.1.1.221/27Host #30: 11000001.00000001.00000001.110 11110 =

193.1.1.222/27

Subnets

Hosts belonging to Subnet 6

68

Variable Length Subnet Masks In 1987, RFC 1009 specified how a subnetted network could use more

than one subnet mask. When an IP network is assigned more than one subnet mask, it is considered a network with "variable length subnet masks" (VLSM) since the extended-network-prefixes have different lengths.

There are several advantages to be gained if more than one subnet mask can be assigned to a given IP network number:

Multiple subnet masks permit more efficient use of an organization's assigned IP address space.

Multiple subnet masks permit route aggregation which can significantly reduce the amount of routing information at the "backbone" level within an organization's routing domain.

Example. A /16 network with a /22 extended-network prefix permits 64 subnets each of which supports a maximum of 1,022 hosts. This is fine if the organization wants to deploy a number of large

subnets, but what about the occasional small subnet containing only 20 or 30 hosts? Since a subnetted network could have only a single mask, the network administrator was still required to assign the 20 or 30 hosts to a subnet with a 22-bit prefix. This assignment would waste approximately 1,000 IP host addresses for each small subnet deployed!

69

Example Continued One solution to this problem was to allow a

subnetted network to be assigned more than one subnet mask.

Assume that in the previous example, the network administrator is also allowed to configure the 130.5.0.0/16 network with a /26 extended-network-prefix.

A /26 extended-network prefix permits 1024 subnets (2^10 ), each of which supports a maximum of 62 hosts (2^6 -2).

The /26 prefix would be ideal for small subnets with less than 60 hosts, while the /22 prefix is well suited for larger subnets containing up to 1000 hosts.

70

Recursive Definition of an Organization’s Address Space

The 11.0.0.0/8 network is first configured with a /16 extended-network-prefix.The 11.1.0.0/16 subnet is then configured with a /24 extended-network-prefix11.253.0.0/16 subnet is configured with a /19 extended-network-prefix. Notethat the recursive process does not require that the same extended-network-prefix be assigned at each level of the recursion. Also, the recursive sub-division of the organization's address space can be carried out as far as the network administrator needs to take it.

subnet

sub-subnet sub2-subnet

71

Route Aggregation

72

Requirements for VLSM Design The successful deployment of VLSM has three prerequisites:

The routing protocols must carry extended-network-prefix information with each route advertisement.

• The bottom line is that if you want to deploy VLSM in a complex topology, you must select OSPF or IS-IS as the Interior Gateway Protocol (IGP) rather than RIP-1!

• It should be mentioned that RIP-2, defined in RFC 1388, improves the RIP protocol by allowing it to carry extended-network-prefix information. Therefore, RIP-2 supports the deployment of VLSM.

All routers must implement a consistent forwarding algorithm based on the "longest match.“. A route with a longer extended-network-prefix is said to be "more specific" while a route with a shorter extended-network-prefix is said to be "less specific.“

For route aggregation to occur, addresses must be assigned so that they have topological significance.

73

Classless Inter Domain Routing (CIDR) By 1992, the exponential growth of the

Internet was beginning to raise serious concerns among members of the IETF about the ability of the Internet's routing system to scale and support future growth. These problems were related to: The near-term exhaustion of the Class B network

address space The rapid growth in the size of the global Internet's

routing tables The eventual exhaustion of the 32-bit IPv4 address

space

74

CIDR CIDR was officially documented in September 1993 in RFC 1517,

1518, 1519, and 1520. CIDR supports two important features that benefit the global Internet routing system: CIDR eliminates the traditional concept of Class A, Class B, and

Class C network addresses. This enables the efficient allocation of the IPv4 address space which will allow the continued growth of the Internet until IPv6 is deployed.

CIDR supports route aggregation where a single routing table entry can represent the address space of perhaps thousands of traditional classful routes. This allows a single routing table entry to specify how to route traffic to many individual network addresses. Route aggregation helps control the amount of routing information in the Internet's backbone routers, reduces route flapping (rapid changes in route availability), and eases the local administrative burden of updating external routing information.

Without the rapid deployment of CIDR in 1994 and 1995, the Internet routing tables would have in excess of 70,000 routes (instead of the current 30,000+) and the Internet would probably not be functioning today!

75

CIDR CIDR eliminates the traditional concept of Class A, Class B, and

Class C network addresses and replaces them with the generalized concept of a "network-prefix."

Routers use the network-prefix, rather than the first 3 bits of the IP address, to determine the dividing point between the network number and the host number. As a result, CIDR supports the deployment of arbitrarily sized networks rather than the standard 8-bit, 16-bit, or 24-bit network numbers associated with classful addressing.

In the CIDR model, each piece of routing information is advertised with a bit mask (or prefix-length). The prefix-length is a way of specifying the number of leftmost contiguous bits in the network-portion of each routing table entry.

Example. All prefixes with a /20 prefix represent the same amount of address space (2^12 or 4,096 host addresses). Furthermore, a /20 prefix can be assigned to a traditional Class A, Class B, or Class C network number.

76

CIDR Address Blocks

77

Efficient Address Allocation Assume that an ISP has been assigned the address block

206.0.64.0/18. This block represents 16,384 (2^14 ) IP addresses which can be interpreted as 64 /24s.

If a client requires 800 host addresses, rather than assigning a Class B (and wasting ~64,700 addresses) or four individual Class Cs (and introducing 4 new routes into the global Internet routing tables), the ISP could assign the client the address block 206.0.68.0/22, a block of 1,024 (2^10 ) IP addresses (4 contiguous /24s).

78

CIDR Address Allocation Example For this example, assume that an ISP owns the address

block 200.25.0.0/16. This block represents 65, 536 (2^16 ) IP addresses (or 256 /24s).

From the 200.25.0.0/16 block it wants to allocate the 200.25.16.0/20 address block. This smaller block represents 4,096 (2^12 ) IP addresses (or 16 /24s).

If you look at the ISP's /20 address block as a pie, in a classful environment it can only be cut into 16 equal-size pieces.

79

CIDR Address Allocation However, in a classless environment, the ISP is free to cut

up the pie any way it wants. It could slice up the original pie into 2 pieces (each 1/2 of

the address space) and assign one portion to Organization A, then cut the other half into 2 pieces (each 1/4 of the address space) and assign one piece to Organization B, and finally slice the remaining fourth into 2 pieces (each 1/8 of the address space) and assign it to Organization C and Organization D.

Each of the individual organizations is free to allocate the address space within its "Intranetwork" as it sees fit.

80

CIDR vs VLSM CIDR has the same familiar look and feel of VLSM CIDR and VLSM are essentially the same thing since they both

allow a portion of the IP address space to be recursively divided into subsequently smaller pieces.

The difference is that with VLSM, the recursion is performed on the address space previously assigned to an organization and is invisible to the global Internet. CIDR, on the other hand, permits the recursive allocation of an address block by an Internet Registry to a high-level ISP, to a mid-level ISP, to a low-level ISP, and finally to a private organization's network.

Just like VLSM, the successful deployment of CIDR has three prerequisites: The routing protocols must carry network-prefix information with

each route advertisement. All routers must implement a consistent forwarding algorithm based

on the "longest match.“ For route aggregation to occur, addresses must be assigned so that

they are topologically significant.

81

Controlling the Growth of Internet's Routing Tables

• Within a domain, detailed information is available about all of the networks that reside in the domain. • Outside of an addressing domain, only the common network prefix is advertised. This allows a single routing table entry to specify a route to many individual network addresses.

82

Routing In a Classless Envir.

Organization A using ISP1 and its addresses

Organization A using ISP2 and ISP1’s addresses

83

Example Continued• The "best" thing for the size of the Internet's routing tables would be to have Organization A obtain a block of ISP #2's address space and renumber. • This would allow the eight networks assigned to Organization A to be hidden behind the aggregate routing advertisement of ISP #2. • Unfortunately, renumbering is a labor-intensive task which could be very difficult, if not impossible, for Organization A.

• Let the ISP2 inject a specific route 200.25.16.0/21 to the Internet

• Longest prefix match algorithms will make sure that Org A traffic will go through ISP2 at the expense of specific routes in the routing table

84

Address Allocation in the Private Internet

RFC 1918 requests that organizations make use of the private Internet address space for hosts that require IP connectivity within their enterprise network, but do not require external connections to the global Internet.

For this purpose, the IANA has reserved the following three address blocks for private internets: 10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

Any organization that elects to use addresses from these reserved blocks can do so without contacting the IANA or an Internet registry.

Since these addresses are never injected into the global Internet routing system, the address space can simultaneously be used by many different organizations.

The disadvantage to this addressing scheme is that it requires an organization to use a Network Address Translator (NAT).

85

NAT: Network Address Translation

10.0.0.1

10.0.0.2

10.0.0.3

10.0.0.4

138.76.29.7

local network(e.g., home network)

10.0.0/24

rest ofInternet

Datagrams with source or destination in this networkhave 10.0.0/24 address for

source, destination (as usual)

All datagrams leaving localnetwork have same single source

NAT IP address: 138.76.29.7,different source port numbers

86


Motivation: local network uses just one IP address as far as outside word is concerned: no need to be allocated range of addresses from

ISP: - just one IP address is used for all devices can change addresses of devices in local network

without notifying outside world can change ISP without changing addresses of

devices in local network devices inside local net not explicitly

addressable, visible by outside world (a security plus).

87


Implementation: NAT router must:

outgoing datagrams: replace (source IP address, port #) of every outgoing datagram to (NAT IP address, new port #). . . remote clients/servers will respond using (NAT IP

address, new port #) as destination addr.

remember (in NAT translation table) every (source IP address, port #) to (NAT IP address, new port #) translation pair

incoming datagrams: replace (NAT IP address, new port #) in dest fields of every incoming datagram with corresponding (source IP address, port #) stored in NAT table

88


10.0.0.1

10.0.0.2

10.0.0.3

S: 10.0.0.1, 3345D: 128.119.40.186, 80

1

10.0.0.4

138.76.29.7

1: host 10.0.0.1 sends datagram to 128.119.40, 80

NAT translation tableWAN side addr LAN side addr

138.76.29.7, 5001 10.0.0.1, 3345…… ……

S: 128.119.40.186, 80 D: 10.0.0.1, 3345

4

S: 138.76.29.7, 5001D: 128.119.40.186, 80

2

2: NAT routerchanges datagramsource addr from10.0.0.1, 3345 to138.76.29.7, 5001,updates table

S: 128.119.40.186, 80 D: 138.76.29.7, 5001

3

3: Reply arrives dest. address: 138.76.29.7, 5001

4: NAT routerchanges datagramdest addr from138.76.29.7, 5001 to 10.0.0.1, 3345

89


16-bit port-number field: 60,000 simultaneous connections with a

single LAN-side address! NAT is controversial:

routers should only process up to layer 3 violates end-to-end argument

• NAT possibility must be taken into account by app designers, eg, P2P applications

address shortage should instead be solved by IPv6

90

ICMP: Internet Control Message Protocol

used by hosts & routers to communicate network-level information error reporting:

unreachable host, network, port, protocol

echo request/reply (used by ping)

network-layer “above” IP: ICMP msgs carried in IP

datagrams ICMP message: type, code

plus first 8 bytes of IP datagram causing error

Type Code description0 0 echo reply (ping)3 0 dest. network unreachable3 1 dest host unreachable3 2 dest protocol unreachable3 3 dest port unreachable3 6 dest network unknown3 7 dest host unknown4 0 source quench (congestion control - not used)8 0 echo request (ping)9 0 route advertisement10 0 router discovery11 0 TTL expired12 0 bad IP header

Documents

Weeks 5-7 DNS, IP Addressing, IP Routing