Chapter 4: Network Layer Chapter goals: understand principles - - PDF document

1

Chapter 4: Network Layer

Chapter goals:

 understand principles behind network layer

services: services:

 network layer service models  forwarding versus routing  how a router works  addressing and routing (path selection)  dealing with scale

d d t i IP 6 lti t

Network Layer (SSL) 4-1

 advanced topics: IPv6, multicast

 instantiation, implementation in the Internet

11/4/2013

Chapter 4: Network Layer

 4. 1 Introduction  4.2 Virtual circuit and

datagram networks

 4.5 Routing algorithms

 Link state  Distance Vector

datagram networks

 4.3 What’s inside a

router

 4.4 IP: Internet

Protocol

 Datagram format  IPv4 addressing  Hierarchical routing

 4.6 Routing in the

Internet

 RIP  OSPF  BGP Network Layer (SSL) 4-2  IPv4 addressing  ICMP  IPv6

 4.7 Broadcast and

multicast routing

11/4/2013

2

Network layer

 delivers segments from

sending to receiving host

 sender encapsulates segments

into datagrams

application transport network data link physical network data link network data link

 Receiver de-encapsulates and

delivers segments to transport layer  network layer in every host,

every router

 router examines IP header

fi ld i i

application transport network network data link physical network data link physical data link physical network data link physical data link physical network data link physical network data link physical network data link physical network d li k

Network Layer (SSL) 4-3

field in every passing datagram (exception: routers

running MPLS)

network data link physical network data link physical data link physical network data link physical

11/4/2013

Key Network-Layer Functions

 forwarding: move a packet from router’s

input interface to an appropriate output input interface to an appropriate output interface

 routing: determine route taken by packets

from source to destination

 global address space and a packet format

Network Layer (SSL) 4-4

 global address space and a packet format  routing protocols (intra-network and inter-

network)

11/4/2013

3

routing protocols

local forwarding table header value output link

Interplay between routing and forwarding

 A routing protocol is a distributed algorithm  Recent development: a Software Defined N t k (SDN)

1

0111

value in arriving packet’s header

header value output link

0100 0101 0111 1001 3 2 2 1

Network (SDN) uses a central controller to compute routes

Network Layer (SSL) 4-5

2 3

11/4/2013

 Before datagrams can flow, end hosts and

routers between them establish a virtual circuit

Virtual circuit networks need 3rd function

circuit

 Routers maintain state info  Following networks designed initially to compete

with IP: ATM, frame relay, X.25

 Designed more recently to enhance IP: MPLS

 Virtual circuits of these networks serve as

virtual links in Internet

Network Layer (SSL) 4-6 11/4/2013

4

Network layer service models

Q: What service model for delivering datagrams from sender to receiver? Desired services for Desired services for a Desired services for individual datagrams (connectionless):

 reliable delivery  guaranteed delivery in

less than some bound, f l 40 Desired services for a flow of datagrams (connection-oriented):

 reliable, in-order

datagram delivery

 guaranteed minimum

bandwidth to flow

Network Layer (SSL) 4-7

for example, 40 msec delay bandwidth to flow

 bound on fluctuations

in inter-packet spacing (jitter)

11/4/2013

Network layer service models:

Network Architecture Service Model Bandwidth Loss Order Timing Congestion feedback Guarantees ? Internet ATM ATM ATM best effort CBR VBR ABR none constant rate guaranteed rate guaranteed no yes yes no no yes yes yes no yes yes no no (inferred via loss) no congestion no congestion yes

Network Layer (SSL) 4-8

ATM UBR g minimum none no y yes no y no

11/4/2013

5

Chapter 4: Network Layer

 4. 1 Introduction  4 2 Virtual circuit and  4.5 Routing algorithms

 Link state

 4.2 Virtual circuit and

datagram networks

 4.3 What’s inside a

router

 4.4 IP: Internet

Protocol

D t f t

 Link state  Distance Vector  Hierarchical routing

 4.6 Routing in the

Internet

 RIP  OSPF Network Layer (SSL) 4-9  Datagram format  IPv4 addressing  ICMP  IPv6  OSPF  BGP

 4.7 Broadcast and

multicast routing

11/4/2013

Virtual circuits: signaling protocols

 used to set up, maintain, tear down VC  not used in today’s Internet (but may be used

underneath the IP layer to provide a virtual link) underneath the IP layer to provide a virtual link)

application transport network data link h l application transport network data link

• 1. Initiate call
• 2. incoming call
• 3. Accept call
• 4. Call connected
• 5. Data flow begins
• 6. Receive data

Network Layer (SSL) 4-10

physical data link physical

11/4/2013

6

Virtual circuit (VC)

 call setup, teardown for each call before data can

flow

 each packet carries a VC identifier which  each packet carries a VC identifier which

 is fixed length and short  only needs to be unique for a link

 every router on source-dest path maintains state

information for each passing VC

i i d t i VC id tifi

Network Layer (SSL) 4-11  incoming and outgoing VC identifiers,  resources allocated to VC (bandwidth, buffers) 11/4/2013

VC Forwarding table

12 22 32

1 2 3

VC number interface

Forwarding table in

interface number Incoming interface Incoming VC # Outgoing interface Outgoing VC # 1 12 3 22 2 63 1 18 3 7 2 17 1 97 3 87

Forwarding table in northwest router:

Network Layer (SSL) 4-12

1 97 3 87 … … … …

11/4/2013

Forwarding is fast because short fixed-length VC numbers are used

• vs. IP forwarding table with variable-length prefixes

7

Datagram networks

 no network-level concept of “connection”  each packet forwarded independently using

destination host address

 packets between same source-dest pair may take  packets between same source dest pair may take

different paths application transport network application transport t k

Network Layer (SSL) 4-13

data link physical network data link physical

• 1. Send data
• 2. Receive data

11/4/2013

Forwarding table

4 billion possible entries

Destination Address Range Link Interface 11001000 00010111 00010000 00000000 through 11001000 00010111 00010111 11111111 11001000 00010111 00011000 00000000 through 1 11001000 00010111 00011000 11111111 11001000 00010111 00011000 00000000

Network Layer (SSL) 4-14 11/4/2013

11001000 00010111 00011000 00000000 through 2 11001000 00010111 00011111 11111111

• therwise

3

8

Longest prefix match

Prefix Match Link Interface 11001000 00010111 00010 11001000 00010111 00011000 1 11001000 00010111 00011 2

• therwise

3

Examples DA: 11001000 00010111 00010110 10100001 Which interface?

Network Layer (SSL) 4-15

DA: 11001000 00010111 00011000 10101010 Which interface?

11/4/2013

A forwarding table in an Internet core router has about 300,000 IP prefixes

Origins of datagram and VC

Internet (datagram)

 data exchange between

computers “ l ti ” i t i t

ATM (VC)

 evolved from telephony  human conversation:

 “elastic” service, no strict

timing requirement

 many link types

 different characteristics  uniform service difficult

 “smart” end systems

(computers)

 strict timing, reliability

requirements

 need for guaranteed

services

 “dumb” end systems

 telephones  complexity inside Network Layer (SSL) 4-16

( p )

 can adapt, perform

control, error recovery

 simplicity inside network,

complexity at “edge”

 complexity inside

network

11/4/2013

9

Chapter 4: Network Layer

 4. 1 Introduction  4 2 Virtual circuit and  4.5 Routing algorithms

 Link state

 4.2 Virtual circuit and

datagram networks

 4.3 What’s inside a

router

 4.4 IP: Internet

Protocol

D t f t

 Link state  Distance Vector  Hierarchical routing

 4.6 Routing in the

Internet

 RIP  OSPF Network Layer (SSL) 4-17  Datagram format  IPv4 addressing  ICMP  IPv6  OSPF  BGP

 4.7 Broadcast and

multicast routing

11/4/2013

Router architecture overview

Two key router functions:

 run routing protocols (RIP, OSPF, BGP)  forward datagrams from incoming to outgoing link

g g g g

hi h d

routing processor

forwarding data plane (hardware) routing, management control plane (software)

forwarding tables computed,then pushed to input ports

Network Layer 4-18

high-speed switching fabric

router input ports router output ports

(hardware)

10

Chapter 4: Network Layer

 4. 1 Introduction  4.2 Virtual circuit and

datagram networks

 4.5 Routing algorithms

 Link state  Distance Vector

datagram networks

 4.3 What’s inside a

router

 4.4 IP: Internet

Protocol

 Datagram format

IP 4 dd i

 Hierarchical routing

 4.6 Routing in the

Internet

 RIP  OSPF  BGP Network Layer (SSL) 4-19  IPv4 addressing  ICMP  IPv6

 4.7 Broadcast and

multicast routing

11/4/2013

The Internet Network layer

Host, router network layer functions:

Transport layer: TCP, UDP forwarding table Routing protocols

• path selection
• RIP, OSPF, BGP

IP protocol

• addressing conventions
• datagram format
• packet handling conventions

ICMP protocol

• error reporting

“ i li ”

p y ,

Network layer

Network Layer (SSL) 4-20

• router “signaling”

Link layer physical layer

11/4/2013

11

Chapter 4: Network Layer

 4. 1 Introduction  4 2 Virtual circuit and  4.5 Routing algorithms

 Link state

 4.2 Virtual circuit and

datagram networks

 4.3 What’s inside a

router

 4.4 IP: Internet

Protocol

D t f t

 Link state  Distance Vector  Hierarchical routing

 4.6 Routing in the

Internet

 RIP  OSPF Network Layer (SSL) 4-21  Datagram format  IPv4 addressing  ICMP  IPv6  OSPF  BGP

 4.7 Broadcast and

multicast routing

11/4/2013

IP datagram format

ver length 32 bits 16-bit identifier

IP protocol version number header length for fragmentation/ total datagram length (bytes)

head. len type of service

“type” of data

flgs fragment

• ffset

data

header checksum time to live 32 bit source IP address

max number remaining hops (decremented at each router) reassembly upper layer protocol

• ffset

upper layer 32 bit destination IP address Options (if any)

E.g. timestamp, record route t k n sp cif

Network Layer (SSL) 4-22

(variable length, typically a TCP

• r UDP segment)

pp y p to deliver payload to taken, specify list of routers to visit.

11/4/2013

12

IP Fragmentation & Reassembly

 MTU (max.transfer size)

 different link types,

different MTUs

 Support MTU of at least

fragmentation:

l d

reassembly

 Support MTU of at least

576 bytes

 too large IP datagram

“fragmented” within net

 reassembled only at final

destination IP h d bit d t

in: one large datagram

• ut: 3 smaller datagrams

Network Layer (SSL) 4-23  IP header bits used to

identify, order related fragments

11/4/2013

IP Fragmentation and Reassembly

ID =x

• ffset

=0 fragflag =0 length =4000

Example 4000 b t 3980 bytes of data

ID =x

• ffset

=0 fragflag =1 length =1500 ID =x

• ffset

=185 fragflag =1 length =1500 One large datagram becomes several smaller datagrams  4000 byte

datagram

 MTU = 1500 bytes

1480 bytes in data field

Network Layer (SSL) 4-24

x =185 =1 1500 ID =x

• ffset

=370 fragflag =0 length =1040

• ffset =

1480/8

11/4/2013

13

Chapter 4: Network Layer

 4. 1 Introduction  4.2 Virtual circuit and

d t t k

 4.5 Routing algorithms

 Link state  Dist n

V t

datagram networks

 4.3 What’s inside a

router

 4.4 IP: Internet

Protocol

 Datagram format  Distance Vector  Hierarchical routing

 4.6 Routing in the

Internet

 RIP  OSPF  BGP Network Layer (SSL) 4-25  IPv4 addressing  ICMP  IPv6  BGP

 4.7 Broadcast and

multicast routing

11/4/2013

IP Addressing: introduction

 IP address: 32-bit

identifier for an interface

223.1.1.1 223.1.1.2 223.1.2.1

 interface: connection

between host/router and physical link (wired

• r wireless)

 a router typically has

multiple interfaces

223.1.1.3 223.1.1.4 223.1.2.9 223.1.2.2 223.1.3.2 223.1.3.1 223.1.3.27

Network Layer (SSL) 4-26  a host typically has one

interface

223.1.1.1 = 11011111 00000001 00000001 00000001 223 1 1 1

11/4/2013

Dotted decimal notation

14

Subnets

 IP address:

 subnet part (high

• rder bits)

 host part (low order

223.1.1.1 223.1.1.2 223.1.2.1

host part ( ow or r bits)

 What’s a subnet ?

 device interfaces

with same subnet part of IP address

 can physically reach

223.1.1.3 223.1.1.4 223.1.2.9 223.1.2.2 223.1.3.2 223.1.3.1 223.1.3.27

subnet

Network Layer (SSL) 4-27

 can physically reach

each other without a router

network consisting of 3 subnets

11/4/2013

Notes: (1) Layer-2 devices are part of link; (2) Virtual LAN (VLAN) – see Chapter 5

Subnets

223.1.1.0/24 223.1.2.0/24

Recipe

 To determine the

subnets, detach each subnets, detach each interface from its host or router, creating islands of isolated networks. Each isolated network is a subnet.

Network Layer (SSL) 4-28

223.1.3.0/24

Subnet mask: /24

11/4/2013

15

Subnets

How many?

223.1.1.1 223.1.1.3 223.1.1.4 223.1.1.2 223.1.7.0 223.1.7.1 223.1.8.0 223.1.8.1 223.1.9.1 223.1.9.0

Network Layer (SSL) 4-29

223.1.2.2 223.1.2.1 223.1.2.6 223.1.3.2 223.1.3.1 223.1.3.27

11/4/2013

IP addressing: CIDR

CIDR: Classless InterDomain Routing

 subnet portion of address of variable length  address format: a b c d/x where x is # bits in  address format: a.b.c.d/x, where x is # bits in

subnet portion of address 11001000 00010111 00010000 00000000

subnet part host part

200 23 16 0/23

Network Layer (SSL) 4-30

200.23.16.0/23

11/4/2013

Classful addressing (now obsolete): fixed-length subnet portion of 8, 16 or 24 bits

16

IP addresses: how to get one?

Q: How does host get IP address?

 hard-coded by system admin in a file  DHCP: Dynamic Host Configuration Protocol:

dynamically get address from a server

 “plug-and-play”

Network Layer (SSL) 4-31

p g p y

11/4/2013

DHCP client-server scenario

223.1.1.1 223 1 1 2 223.1.2.1

A

DHCP server

223.1.1.2 223.1.1.3 223.1.1.4 223.1.2.9 223.1.2.2 223.1.3.2 223.1.3.1 223.1.3.27

B E

arriving DHCP client needs address in this network

Network Layer (SSL) 4-32

A router may act as a relay agent

11/4/2013

17

DHCP client-server scenario

DHCP server: 223.1.2.5 arriving client

DHCP discover

src : 0.0.0.0, 68 dest.: 255.255.255.255,67 yiaddr: 0.0.0.0 transaction ID: 654 transaction ID: 654

DHCP offer

src: 223.1.2.5, 67 dest: 255.255.255.255, 68 yiaddr: 223.1.2.4 transaction ID: 654 Lifetime: 3600 secs

DHCP request

src: 0.0.0.0, 68 dest:: 255.255.255.255, 67 yiaddr: 223.1.2.4 Network Layer (SSL) 4-33

time

y transaction ID: 655 Lifetime: 3600 secs

DHCP ack

src: 223.1.2.5, 67 dest: 255.255.255.255, 68 yiaddr: 223.1.2.4 transaction ID: 655 Lifetime: 3600 secs 11/4/2013

Discover & offer messages are optional

DHCP: more than IP address

DHCP can return more than just an allocated IP address on subnet: IP address on subnet:

 address of first-hop router for client  name and IP address of DNS sever  network mask (indicating subnet portion of

address)

Network Layer (SSL) 4-34 11/4/2013

18

IP addresses: how to get them?

 ICANN (Internet Corporation for Assigned

Names and Numbers)/IANA (Internet Assigned Numbers Authority) y)

 allocates IP addresses (IPv4 address exhaustion on

1/31/2011)

 oversees DNS  assigns domain names, resolves disputes

 Regional national and local Internet registries and

Network Layer (SSL) 4-35

 Regional, national, and local Internet registries, and

ISPs

 End-user organization can be assigned IP address space

from one of the above

11/4/2013

IP address prefix: how to get one?

A: Typically, a customer network gets allocated f d P’ dd a portion of its provider ISP’s address space

ISP's block 11001000 00010111 00010000 00000000 200.23.16.0/20 Organization 0 11001000 00010111 00010000 00000000 200.23.16.0/23 Organization 1 11001000 00010111 00010010 00000000 200.23.18.0/23 Organization 2 11001000 00010111 00010100 00000000 200.23.20.0/23

Network Layer (SSL) 4-36

g ... ….. …. …. Organization 7 11001000 00010111 00011110 00000000 200.23.30.0/23

11/4/2013

19

Hierarchical addressing: route aggregation

Organization 0

allows efficient advertisement of routing information

“Send me anything with address beginning

200.23.16.0/20 ”

200.23.16.0/23 200.23.18.0/23 200 23 30 0/23 Fly-By-Night-ISP

Organization 0 Organization 7

Internet

Organization 1

200.23.20.0/23

Organization 2

. . . . . .

Network Layer (SSL) 4-37

200.23.30.0/23

ISPs-R-Us

“Send me anything with address beginning

199.31.0.0/16 ”

11/4/2013

Hierarchical addressing: more specific routes

ISPs-R-Us has a more specific route to Organization 1 this is the reason for longest prefix match

“Send me anything with address beginning

200.23.16.0/20 ” 200.23.16.0/23 Fly-By-Night-ISP

Organization 0 Organization 7

Internet 200.23.20.0/23

Organization 2

. . . . . .

Network Layer (SSL) 4-38

200.23.18.0/23 200.23.30.0/23

Organization 1

ISPs-R-Us

“Send me anything with address beginning 199.31.0.0/16

• r 200.23.18.0/23 ”

11/4/2013

20

NAT: Network Address Translation

10 0 0 1

local network 10.0.0/24 rest of Internet

10.0.0.1 10.0.0.2 10.0.0.3 10.0.0.4 138.76.29.7

Data rams ith s urce r All d t s l i l l

Network Layer (SSL) 4-39

Datagrams with source or destination within network have 10.0.0/24 addresses for source, destination All datagrams leaving local network have same single source NAT IP address: 138.76.29.7, different source port numbers

11/4/2013

NAT: Network Address Translation

 Motivation: local network uses just one IP address as

far as outside world is concerned

 can change addresses of devices in local network

without notifying outside world

 can change ISP without changing addresses of

devices in local network

 d

i s insid l l n t n t xpli itl

Network Layer (SSL) 4-40

 devices inside local net not explicitly

addressable/visible by outside world (a security plus).

11/4/2013

21

NAT: Network Address Translation

1: host 10.0.0.1 sends datagram with port number 3345 NAT translation table WAN side addr LAN side addr 138 76 29 7 5001 10 0 0 1 3345 2: NAT router changes datagram’s dd d

10.0.0.1 10.0.0.2

S: 10.0.0.1, 3345 D: 128.119.40.186, 80

1

10.0.0.4 138 76 29 7

port number 3345 138.76.29.7, 5001 10.0.0.1, 3345 …… ……

S: 128 119 40 186 80

4

S: 138.76.29.7, 5001 D: 128.119.40.186, 80

2 source addr and port number

Network Layer (SSL) 4-41

10.0.0.3 138.76.29.7

S: 128.119.40.186, 80 D: 10.0.0.1, 3345

4

S: 128.119.40.186, 80 D: 138.76.29.7, 5001

3 3: Reply arrives for 138.76.29.7, 5001 4: NAT router changes datagram’s dest addr and port number to 10.0.0.1, 3345

11/4/2013

NAT: Network Address Translation

 16-bit port-number field:

 60,000 simultaneous connections with a single

P dd IP address  NAT is controversial:

 routers should only process up to layer 3

• violates “end-to-end argument”

 NAT possibility must be taken into account by

app designers eg IPsec P2P applications

Network Layer (SSL) 4-42

app designers, eg, IPsec, P2P applications

 address shortage should instead be solved by

IPv6

11/4/2013

22

NAT traversal problem

 client wants to connect to

server with address 10.0.0.1

 only one externally visible IP

address: 138.76.29.7

10.0.0.1

Cli

 statically configure NAT to

forward incoming connection requests at given port to server

 e.g., (123.76.29.7, port 2500)

always forwarded to 10.0.0.1 port 2500

10.0.0.4

NAT router

138.76.29.7

Client ?

Network Layer (SSL) 4-43

p  use UPnP IGD protocol to

configure

 Vulnerable to access/attack

from the Internet

11/4/2013

NAT traversal problem

 solution 3: relaying (used in Skype)

 relay bridges packets between to connections

138.76.29.7

Client

10.0.0.1

NAT t

• 1. connection to

relay initiated by host behind NAT

• 2. connection

to relay initiated by client

• 3. relaying

established

Network Layer (SSL) 4-44

 Both hosts may be behind NATs router

11/4/2013

23

Chapter 4: Network Layer

 4. 1 Introduction  4 2 Virtual circuit and  4.5 Routing algorithms

 Link state

 4.2 Virtual circuit and

datagram networks

 4.3 What’s inside a

router

 4.4 IP: Internet

Protocol

D t f t

 Link state  Distance Vector  Hierarchical routing

 4.6 Routing in the

Internet

 RIP  OSPF Network Layer (SSL) 4-45  Datagram format  IPv4 addressing  ICMP  IPv6  OSPF  BGP

 4.7 Broadcast and

multicast routing

11/4/2013

ICMP: Internet Control Message Protocol

 “above” IP in network layer

 ICMP msgs carried in IP

datagrams

 error reporting:

Type Code description 0 0 echo reply (ping) 3 0 dest. network unreachable 3 1 dest host unreachable

 error reporting:

unreachable host, network, port, protocol

 echo request/reply (used

by ping)  ICMP message type, code plus first 8 bytes

3 2 dest protocol unreachable 3 3 dest port unreachable 3 6 dest network unknown 3 7 dest host unknown 4 0 source quench (congestion control - not used) 8 0 echo request (ping) 9 t d ti t

Network Layer (SSL) 4-46

• f IP datagram causing error

9 0 route advertisement 10 0 router discovery 11 0 TTL expired 12 0 bad IP header

11/4/2013

24

Traceroute uses ICMP messages

 Source sends series of

UDP segments to dest

 First has TTL =1  S c nd h s TTL 2

 When “TTL expired” message

arrives, source calculates RTT

 Second has TTL=2,

…, each with unlikely port number  When nth datagram arrives

to nth router:

 Router discards datagram

and

 sends to source a “TTL

 Traceroute does this 3 times

for each TTL value Stopping criterion

 Such a UDP segment arrives

at destination host

 Destination returns msg “dest

Network Layer (SSL) 4-47  sends to source a TTL

expired” message with name of router & IP address  Destination returns msg dest

port unreachable” packet

 Upon receipt of this msg,

source stops.

11/4/2013

Chapter 4: Network Layer

 4. 1 Introduction  4 2 Virtual circuit and  4.5 Routing algorithms

 Link state

 4.2 Virtual circuit and

datagram networks

 4.3 What’s inside a

router

 4.4 IP: Internet

Protocol

D t f t

 Link state  Distance Vector  Hierarchical routing

 4.6 Routing in the

Internet

 RIP  OSPF Network Layer (SSL) 4-48  Datagram format  IPv4 addressing  ICMP  IPv6  OSPF  BGP

 4.7 Broadcast and

multicast routing

11/4/2013

25

IPv6

 Initial motivation: 32-bit address space soon

to be completely allocated. p y

 Additional motivation:

 simpler header format to speed up

processing/forwarding

 header change to facilitate QoS

 IPv6 datagram format:

Network Layer (SSL) 4-49

g

 fixed-length 40 byte header  no fragmentation allowed

11/4/2013

IPv6 Header (Cont)

Priority: identify priority among datagrams in flow Flow Label: identify datagrams in same “flow.” (concept of “flow” not defined). Next header: identify upper layer protocol for data Next header: identify upper layer protocol for data

Network Layer (SSL) 4-50 11/4/2013

26

Other Changes from IPv4

 Checksum: removed entirely to reduce

processing time at each hop processing time at each hop

 Options: allowed, but outside of header,

indicated by “Next Header” field

 ICMPv6: new version of ICMP

 additional message types, e.g. “Packet Too Big”

i l di lti t t f ti

Network Layer (SSL) 4-51

 including multicast group management functions

11/4/2013

Transition From IPv4 To IPv6

 Not all routers can be upgraded simultaneous

 no “flag day”  no flag day”  How will the network operate with mixed IPv4 and

IPv6 routers?  Tunneling: IPv6 carried as payload in IPv4

datagram among IPv4 routers

Network Layer (SSL) 4-52

datagram among IPv4 routers

11/4/2013

27

Tunneling

A B E F

IPv6 IPv6 IPv6 IPv6 tunnel

Logical view: Physical view: A B E F

IPv6 IPv6 IPv6 IPv6 IPv4 IPv4

Network Layer (SSL) 4-53 11/4/2013

Tunneling

A B E F

IPv6 IPv6 IPv6 IPv6 tunnel

Logical view: Ph i l i A B E F C D Physical view:

IPv6 IPv6 IPv6 IPv6 IPv4 IPv4

Flow: X Src: A Dest: F data Flow: X Src: A Dest: F data Flow: X Src: A Dest: F

Src:B Dest: E

Flow: X Src: A Dest: F

Src:B Dest: E Routers B and E have dual stacks. In this example, B encapsulates v6 packet in v4

Network Layer (SSL) 4-54

B-to-C: IPv6 inside IPv4 D-to-E: IPv6 inside IPv4

data data

A-to-B: IPv6 E-to-F: IPv6

p packet. Later E extracts v6 packet from v4 packet.

11/4/2013

28

Concept – Tunnel as a virtual link

Many possibilities: l ( l )

 IPv6 in IPv4 tunnel (previous example)  IPv4 in IPv6 tunnel  IPv4 in IPv4 tunnel  IPv4 in MPLS tunnel  IPv4 in MPLS tunnel

…

11/4/2013 Network Layer (SSL) 4-55

Chapter 4: Network Layer

 4. 1 Introduction  4.2 Virtual circuit and

datagram networks

 4.5 Routing protocols

 Link state  Distance Vector

datagram networks

 4.3 What’s inside a

router

 4.4 IP: Internet

Protocol

 Datagram format  Distance Vector  Hierarchical routing

 4.6 Routing in the

Internet

 RIP  OSPF  BGP Network Layer (SSL) 4-56  IPv4 addressing  ICMP  IPv6  BGP

 4.7 Broadcast and

multicast routing

11/4/2013

29

u w v

z

2 2 5 3 5

Graph abstraction

u y

x z

2 1 3 1 1 2

Graph: G = (N,E) N = set of routers = { u, v, w, x, y, z } E = set of links ={ (u,v), (u,x), (v,x), (v,w), (x,w), (x,y), (w,y), (w,z), (y,z) }

Network Layer (SSL) 4-57

Remark: Graph abstraction is also useful in other network contexts Example: P2P, where N is set of peers and E is set of TCP connections

11/4/2013

Graph abstraction: link costs

w v

3 5

• c(x,x’) = cost of link (x,x’)

u y

x

w v

z

2 2 1 3 1 1 2 5 3

• cost could be 1, or inversely

related to bandwidth, or inversely related to “congestion”, etc. Cost of path (x1, x2, x3,…, xp) = c(x1,x2) + c(x2,x3) + … + c(xp-1,xp)

Routing protocol tries to find least-cost path

Network Layer (SSL) 4-58

Routing protocol tries to find least cost path

11/4/2013

Comments:

• full-duplex links may not have symmetric costs
• cost of path computation is ad hoc if the link cost

metric is not additive

30

Routing Algorithm classification

Global or decentralized information?

Global info: ll t h l t

Static or dynamic?

 all routers have complete

topology, link costs

 link state protocols

Decentralized info:

 router knows physically-

connected neighbors, link  Static - only after

topology change

 Dynamic

 periodic update  in response to link

Network Layer (SSL) 4-59

g , costs to neighbors

 distance vector protocols  in response to link

cost changes

 may result in route

flaps

11/4/2013

Chapter 4: Network Layer

 4. 1 Introduction  4 2 Virtual circuit and  4.5 Routing algorithms

 Link state

 4.2 Virtual circuit and

datagram networks

 4.3 What’s inside a

router

 4.4 IP: Internet

Protocol

D t f t

 Link state  Distance Vector  Hierarchical routing

 4.6 Routing in the

Internet

 RIP  OSPF Network Layer (SSL) 4-60  Datagram format  IPv4 addressing  ICMP  IPv6  OSPF  BGP

 4.7 Broadcast and

multicast routing

11/4/2013

31

A Link-State Routing protocol

 net topology, link costs known to every node

 accomplished via link state broadcast  all nodes have same info  all nodes have same info

Dijkstra’s algorithm

 computes least cost paths from one node (“source”) to all

• ther nodes in a graph

 iterative: after k iterations, source knows least-cost

paths to k destinations

Network Layer (SSL) 4-61

p

 yields forwarding table for source node 11/4/2013

Link State Broadcast

 Flooding

 Source node of “link

st t ” s ds k t

C B

state” sends packet to all neighbors

 Intermediate node

resends to neighbors except where packet arrived M d l

A E D C B F

Network Layer (SSL) 4-62

 Many duplicates

which must be recognized by nodes

11/4/2013

32

Chapter 4: Network Layer

 4. 1 Introduction  4.2 Virtual circuit and

datagram networks

 4.5 Routing algorithms

 Link state  Distance Vector

datagram networks

 4.3 What’s inside a

router

 4.4 IP: Internet

Protocol

 Datagram format

IP 4 dd i

 Distance Vector  Hierarchical routing

 4.6 Routing in the

Internet

 RIP  OSPF  BGP Network Layer (SSL) 4-63  IPv4 addressing  ICMP  IPv6

BGP  4.7 Broadcast and

multicast routing

11/4/2013

Distance Vector Algorithm basis

Bellman-Ford Equation (dynamic programming) Define d ( ) : st f l st st p th f m x t dx(y) := cost of least-cost path from x to y Then dx(y) = min {c(x,v) + dv(y) }

Network Layer (SSL) 4-64

x(y)

{ ( , )

v(y) }

where min is taken over all neighbors v of x

v

11/4/2013

33

Bellman-Ford example

5

Clearly, dv(z) = 5, dx(z) = 3, dw(z) = 3 B-F equation says:

u y

x

w v

z

2 2 1 3 1 2 5 3 5

du(z) = min { c(u,v) + dv(z), c(u,x) + dx(z), c(u,w) + dw(z) } = min {2 + 5, 1 + 3, 5 + 3} = 4

Network Layer (SSL) 4-65

1

The node that achieves minimum is next hop in shortest path ➜ put it in forwarding table

11/4/2013

Distance Vectors Protocol (1)

 Node x

 knows cost to each neighbor v: c(x,v)  sends its own distance vector (DV) estimate

[DX(y): y є N ] to its neighbors periodically where Dx(y) denotes estimate of least cost

from x to y

Network Layer (SSL) 4-66

 From each neighbor v, x receives

[Dv(y): y є N ]

11/4/2013

34

Distance Vector Protocol (2)

 When a node x receives a new DV estimate from a

neighbor, it updates its own DV estimate using B-F equation: q

Dx(y) ← minv{c(x,v) + Dv(y)} for each node y ∊ N

If the v that achieves least cost to y is new, node x updates its forwarding table and DV

Network Layer (SSL) 4-67

 Eventually, assuming that link costs and topology do

not change, the estimate Dx(y) converges to the actual least cost dx(y) for all x, y

11/4/2013

Distance Vector Protocol - summary

Distributed, asynchronous,

Each node:

y , iterative

waits for a change in local link cost or a msg from a neighbor recomputes estimates

Initially, Dx(y) = c(x,y) if x and y are direct neighbors; otherwise,

Network Layer (SSL) 4-68

if DV estimate for any dest has changed, updates its

• wn state and notifies its

neighbors

g Dx(y) = ∞

11/4/2013

35

x y z x y 0 2 7 ∞ ∞ ∞ rom cost to x y z x y rom cost to 2 0 1 node x table

Dx(y) = min{c(x,y) + Dy(y), c(x,z) + Dz(y)}

= min{2+0 , 7+1} = 2

Dx(z) = min{c(x,y) + Dy(z),

c(x,z) + Dz(z)} = min{2+1 , 7+0} = 3 update interface to send to dest z

3 2 y z ∞ ∞ ∞ fr from y z fr x y z x y z ∞ ∞ ∞ ∞ ∞ cost to ∞ 2 0 1 7 1 0

x

z

1 2 7

y

node y table node z table

to dest z

• Each row in a table is a distance

Network Layer (SSL) 4-69

from x y z x y z ∞ ∞ ∞ 7 1 cost to ∞ ∞ ∞ time node z table

11/4/2013

E vector

• Assume synchronous operations for

this example – nodes y and z also received their DV updates

x y z x y 0 2 7 ∞ ∞ ∞ rom cost to x y z x y 0 2 3

• m

cost to x y z x y 0 2 3 rom cost to 2 0 1 2 0 1 node x table y z ∞ ∞ ∞ fr from y z fro y z fr x y z x y z ∞ ∞ ∞ ∞ ∞ cost to x y z x y z 0 2 7 from cost to x y z x y z 0 2 3 from cost to ∞ 2 0 1 7 1 0 2 0 1 7 1 0 2 0 1 3 1 0 2 0 1 3 1 0

x

z

1 2 7

y

node y table node z table

Network Layer (SSL) 4-70

from x y z x y z 0 2 3 from cost to x y z x y z 0 2 7 from cost to x y z x y z ∞ ∞ ∞ 7 1 cost to ∞ ∞ ∞ 2 0 1 3 1 0 3 1 0 2 0 1 time node z table

11/4/2013

No more change

36

Distance Vector: good news travels fast

1

y detects a lower link cost to x, updates its DV, and sends new DV to node z. z receives y’s updated DV x z

1 4 50

y z receives y s updated DV, updates its own DV, and sends new DV to its neighbors. later, y receives z’s updated DV. y’s least cost does not change. A similar interaction between nodes x d

Network Layer (SSL) 4-71

and z. The DV protocol converges quickly.

11/4/2013

Distance Vector: “count to infinity” problem

Link cost increase:

 Y still has stale information

saying that it can go to X via Z

bad news travels slowly!

in 6

 44 iterations (msg exchanges

between y and z) before protocol stabilizes

Poisoned reverse:

 If Z routes through Y to get to

X : x z

1 4 50

y

60

Network Layer (SSL) 4-72

X

 Z tells Y its (Z’s) distance to

X is infinite (so Y won’t route to X via Z)  will this completely solve count

to infinity problem?

11/4/2013

37

Chapter 4: Network Layer

 4. 1 Introduction  4 2 Virtual circuit and  4.5 Routing algorithms

 Link state

 4.2 Virtual circuit and

datagram networks

 4.3 What’s inside a

router

 4.4 IP: Internet

Protocol

D t f t

 Link state  Distance Vector  Hierarchical routing

 4.6 Routing in the

Internet

 RIP  OSPF Network Layer (SSL) 4-73  Datagram format  IPv4 addressing  ICMP  IPv6  OSPF  BGP

 4.7 Broadcast and

multicast routing

11/4/2013

Hierarchical network

Our routing study thus far

 all routers identical  network “flat”

scale: hundreds of millions destinations:

 can’t store all dest’s in

forwarding tables administrative autonomy

 internet is a network of

networks

 each network admin may

n tw r f at … not true in practice

Network Layer (SSL) 4-74

forwarding tables

 Link State and

Distance Vector do not scale

 each network admin may

want to control routing in its own network

11/4/2013

38

Hierarchical Routing

 aggregate routers into

regions, autonomous Gateway router

 has direct link to a

systems (AS)

 routers in same AS run

same routing protocol

 intra-AS routing

protocol  has direct link to a

router in another AS

Network Layer (SSL) 4-75  routers in different

ASes can run different intra-AS routing protocols

11/4/2013

Inter-AS routing

 suppose router in AS1

receives datagram destined outside of AS1: AS1 must:

1.

learn which dests are reachable through AS2, which through AS3

2

propagate this S

 router should

forward packet to a neighbor AS, but which one?

• 2. propagate this

reachability info to all routers in AS1 Job of inter-AS routing is performed by border gateway routers

Network Layer (SSL) 4-76

3b 1d 3a 1c 2a AS3 AS1

AS2

1a 2c 2b 1b 3c

11/4/2013

39

3b 3a 2a AS3 2c 2b 3c

Interconnected ASes

1d 1c AS3 AS1

AS2

1a 2b 1b

Intra-AS Inter-AS

 forwarding table

configured by both intra- and inter-AS routing protocols

Network Layer (SSL) 4-77

Routing Routing Forwarding table

 intra-AS protocol sets

entries for internal dests

 inter-AS & intra-AS

protocols set entries for external dests

11/4/2013

Example: Setting forwarding table in router 1d

 AS1 learns from inter-AS protocol that subnet x is

reachable via AS3 (gateway 1c) but not via AS2.

 inter-AS protocol propagates reachability info to all

internal routers.

 for subnet x , router 1d determines from intra-AS

routing info that its interface I is on the least cost path to 1c

 installs forwarding table entry (x,I)

x

Note: both inter-AS and intra-AS are d

Network Layer (SSL) 4-78 11/4/2013

3b 1d 3a 1c 2a

AS3

AS1 AS2 1a 2c 2b 1b 3c used

40

Example: Choosing among multiple ASes

 now suppose AS1 learns from inter-AS protocol that

subnet x is reachable from AS3 and from AS2.

 to configure forwarding table, router 1d needs to

know which gateway it should forward packets for know which gateway it should forward packets for dest x

 this is also a task of inter-AS routing protocol

3b 3c 3a

x

Network Layer (SSL) 4-79

?

11/4/2013

AS3

AS2

3b AS1 1c 1a 1d 1b 2a 2c 2b

• ther

networks

• ther

networks

Chapter 4: Network Layer

 4. 1 Introduction  4 2 Virtual circuit and  4.5 Routing algorithms

 Link state

 4.2 Virtual circuit and

datagram networks

 4.3 What’s inside a

router

 4.4 IP: Internet

Protocol

D t f t

 Link state  Distance Vector  Hierarchical routing

 4.6 Routing in the

Internet

 RIP  OSPF Network Layer (SSL) 4-80  Datagram format  IPv4 addressing  ICMP  IPv6  OSPF  BGP

 4.7 Broadcast and

multicast routing

11/4/2013

41

Intra-AS Routing

 also known as Interior Gateway Protocols (IGP)  most common Intra-AS routing protocols:  most common Intra-AS routing protocols:

 RIP: Routing Information Protocol  OSPF: Open Shortest Path First  EIGRP (Cisco) – distance vector with “loop-

freedom”

Network Layer (SSL) 4-81

freedom

11/4/2013

RIP ( Routing Information Protocol)

 distance vector algorithm  included in BSD-UNIX Distribution in 1982  included in BSD-UNIX Distribution in 1982  distance metric: # of hops (max = 15 hops) B A

u v w

destination hops u 1 v 2 w 2 From router A to subnets:

Network Layer (SSL) 4-82

D

C

x y z

x 3 y 3 z 2

11/4/2013

42

RIP advertisements

 distance vectors: exchanged with

neighbors every 30 sec via Response neighbors every 30 sec via Response Message (also called advertisement)

 each advertisement: list of up to 25

destination subnets within AS

Network Layer (SSL) 4-83 11/4/2013

RIP Table processing

 RIP routing tables managed by application-level

process called routed (daemon)

 advertisements sent in UDP packets, periodically

p p y repeated

network forwarding Transprt (UDP) routed network Transprt (UDP) routed forwarding

Network Layer (SSL) 4-84

physical link g (IP) table physical link (IP) g table

11/4/2013

43

OSPF (Open Shortest Path First)

 “open”: publicly available  uses Link State algorithm  OSPF advertisement carries one entry per neighbor  OSPF advertisement carries one entry per neighbor

router

 advertisements disseminated to entire AS (via

flooding)

 carried in OSPF messages directly over IP (rather than TCP

• r UDP)

 security: all OSPF messages authenticated

Network Layer (SSL) 4-85

 security: all OSPF messages authenticated  …

11/4/2013

Note: IS-IS routing protocol: nearly identical to OSPF

Hierarchical OSPF

Network Layer (SSL) 4-86 11/4/2013

44

Chapter 4: Network Layer

 4. 1 Introduction  4 2 Virtual circuit and  4.5 Routing algorithms

 Link state

 4.2 Virtual circuit and

datagram networks

 4.3 What’s inside a

router

 4.4 IP: Internet

Protocol

D t f t

 Link state  Distance Vector  Hierarchical routing

 4.6 Routing in the

Internet

 RIP  OSPF Network Layer (SSL) 4-87  Datagram format  IPv4 addressing  ICMP  IPv6  OSPF  BGP

 4.7 Broadcast and

multicast routing

11/4/2013

Internet inter-AS routing: BGP

 BGP (Border Gateway Protocol): the de

facto standard AS d i i i f

 an AS advertises its existence to rest of

Internet: “I am here” and

• 1. obtains reachability information from

neighboring ASes (using eBGP)

• 2. propagates reachability information to all

internal routers of the AS (using iBGP)

Network Layer (SSL) 4-88

( g )

• 3. determines “good” routes to other ASes based
• n reachability information and policy.

11/4/2013

45

BGP basics

 eBGP session: two BGP routers (“peers”) exchange

messages over semi-permanent TCP connections

• advertising paths to various destination network prefixes

(“ th t ” t l)  when AS3 advertises a prefix to AS1, AS3 promises it

will forward datagrams towards that prefix

 AS3 can aggregate prefixes in its advertisement

(“path vector” protocol) 3c 3a

BGP message

Network Layer (SSL) 4-89

AS3

AS2

3b 3a AS1 1c 1a 1d 1b 2a 2c 2b

• ther

networks

• ther

networks

message

11/4/2013

BGP basics: distributing path information

 using eBGP session between 3a and 1c, AS3 sends

prefix reachability info to AS1.

 1c can then use iBGP to distribute new prefix info to all

routers in AS1  when a router learns of a new prefix, it creates

entry for prefix in its forwarding table.

 In this example, router 1b can then re-advertise new

reachability info to AS2 over 1b-to-2a eBGP session 3a

eBGP session

Network Layer (SSL) 4-90

AS3

AS2

3b 3a AS1 1c 1a 1d 1b 2a 2c 2b

• ther

networks

• ther

networks

iBGP session

11/4/2013

46

Path attributes & BGP routes

 advertised prefix includes BGP attributes.

 prefix + attributes = “route”

 two important attributes:

 AS-PATH: contains ASes through which prefix

advertisement has passed: e.g, AS 67, AS 17

 NEXT-HOP: the router interface (IP address) that

begins the AS path

• there may be multiple links from current AS to next-hop-

AS

Network Layer (SSL) 4-91

AS

 when a gateway router receives route

advertisement, it uses the AS’s import policy to accept or decline.

11/4/2013

BGP route selection

 router may learn more than 1 route to

some prefix Router must select one route some prefix. Router must select one route

 elimination rules:

1.

local preference value attribute (policy decision)

2.

shortest AS-PATH

3

closest NEXT-HOP router: hot potato routing

Network Layer (SSL) 4-92

3.

closest NEXT HOP router: hot potato routing

4.

(additional criteria) …

11/4/2013

47

BGP routing policy example

A B

W X

legend: provider network  A,B,C are provider networks  X,W,Y are customers (of provider networks)  X i d

l h d tt h d t t t k

A C

W Y

customer network:

Network Layer (SSL) 4-93

 X is dual-homed: attached to two networks

 X does not want to route from B via itself to C  .. so X will not advertise to B that it has a route to

C

11/4/2013

BGP routing policy example (2)

A B C

W X

legend: customer t k peer provider networks  A advertises path AW to B  B advertises path BAW to X  Should B advertise path BAW to C ?

N B ts “ ” f ti CBAW si

C

Y

networks:

Network Layer (SSL) 4-94

 No - B gets no “revenue” for routing CBAW since

neither C nor A nor W is a customer of B

 B wants to route only to/from its customers

11/4/2013

48 Why different Intra- and Inter-AS routing ? Scale:

 hierarchical routing reduces table size, also

update traffic update traffic Policy:

 Inter-AS: admin wants control over how its traffic is

routed, who routes through its net.

 Intra-AS: single admin, so no policy decisions needed

Performance:

Network Layer (SSL) 4-95

Performance:

 Intra-AS: can focus on performance  Inter-AS: policy dominates performance

11/4/2013

Chapter 4: Network Layer

 4. 1 Introduction  4 2 Virtual circuit and  4.5 Routing algorithms

 Link state

 4.2 Virtual circuit and

datagram networks

 4.3 What’s inside a

router

 4.4 IP: Internet

Protocol

D t f t

 Link state  Distance Vector  Hierarchical routing

 4.6 Routing in the

Internet

 RIP  OSPF Network Layer (SSL) 4-96  Datagram format  IPv4 addressing  ICMP  IPv6  OSPF  BGP

 4.7 Broadcast and

multicast routing

11/4/2013

49

Broadcast routing

 flooding: each node sends a broadcast packet

to all other neighbors

 routing loops & broadcast storm – not a solution

 controlled flooding (some duplicates)

 node sends to all other neighbors only if the

packet is new

• node keeps track of packet IDs already sent
• used in Link State protocol

 construct a spanning tree first

Network Layer (SSL) 4-97

 construct a spanning tree first

 no redundant packet received by any node  both communication and storage overheads

11/4/2013

Multicast – 3 approaches

• 1. multiple unicasts

source duplication as well as in-network

duplication

Network Layer (SSL) 4-98 11/4/2013

50

Multicast – 3 approaches

• 2. network-supported multicast



address indirection – multicast group address



group management protocol - identify routers with multicast recipients with multicast recipients



no duplication

3 application-layer multicast

Network Layer (SSL) 4-99

• 3. application layer multicast

 no source duplication  in-network duplication

11/4/2013

Multicast Tree options

 GROUP SHARED TREE (left figure) : single tree for

all senders; bidirectional edges

Network Layer (SSL) 4-100

 SOURCE BASED TREE (right figure): each source is

the root of its own tree connecting to all members

 separate trees for different senders 11/4/2013

51

Chapter 4: summary

 4. 1 Introduction  4 2 Virtual circuit and  4.5 Routing algorithms

 Link state

 4.2 Virtual circuit and

datagram networks

 4.3 What’s inside a

router

 4.4 IP: Internet

Protocol

D t f t

 Link state  Distance Vector  Hierarchical routing

 4.6 Routing in the

Internet

 RIP  OSPF Network Layer (SSL) 4-101  Datagram format  IPv4 addressing  ICMP  IPv6  OSPF  BGP

 4.7 Broadcast and

multicast routing

11/4/2013

End of Chapter 4

Network Layer (SSL) 4-102 11/4/2013