Networking - Chapter 4

¡Supera tus tareas y exámenes ahora con Quizwiz!

IPv4 Datagram Format: Datagram Length

16 bits; total length of the IP datagram (header + data), measured in bytes theoretical max size of an IP datagram is 65,535 bytes; datagrams are rarely larger tan 1,500 bytes which allow an IP datagram to fit in the payload field of a maximally sized Ethernet frame

IPv6 Datagram Format: Flow Label

20 bit; identify flow of DG

Router Components

Input ports Output ports Routing Processor Switch Fabric are almost always implemented in hardware

SOHO

Small Office, Home Office

IPv4 Datagram Format: Time-to-Live

TTL field is included to ensure that datagrams do not circulate forever in the network; this field is decremented by one each time the datagram is processed by the router; if the TTL field reaches 0, a router must drop that datagram

Longest Prefix Matching Rule

When there are multiple matches, the router uses the longest prefix matching rule; that is, it finds the longest matching entry in the table and forwards the packet to the link interface associated with the longest prefix match.

DHCP 4 Step Process: Server Offer(s)

a DHCP server receiving a DHCP discover message responds to the client with a DHCP offer message that is broadcast to all nodes on the subnet, again using the IP broadcast address since several DHCP servers can be present on the subnet, the client may find itself in the enviable position of being able to choose from among several offers each server offer message contains the transaction ID of the received discover message, the proposed IP address for the client, the network mask and an IP address lease time

Ports

here port = the physical input and output router interfaces; distinctly different from the software ports associated with network applications discussed in ch 2 + 3 in practice, the number of ports supported by a router can range from a relatively small number in enterprise routers to hundreds of 10 Gbps ports in a router at an ISP's edge - where the number of incoming lines tends to be the greatest

NAT Translation Table

how does a router know the internal host to which it should forward a given datagram? the trick is to use a NAT translation table at the nat router and to include port numbers as well as IP addresses in the table entries

IPv6 Datagram Format: Next Header

identifies the protocol to which the contents (data field) of this DG will be delivered

Switching via a Bus

in this approach, an inpurt port transfers a packet directly to the output port over a shared bus w/o intervention by the routing processor typically done by having the input port pre-pend a switch-internal label (header) to the packet indicating the local output port to which this packet is being transferred and transmitting the packet onto the bus all output ports receive the packet but only the port that matches the label will keep the packet the label is then removed at the output port - this label is only used within the switch to cross the bus if multiple packets arrive to the router at the same time, each at a different input port - all but one must wait since only one packet can cross the bus at a time b/c every packet must cross the single bus, the switching speed of the router is limited to the bus speed (one car in a roundabout at a time) switching via bus is often sufficient for routers that operate in small local area and enterprise networks

IPv6 Datagram Format: Expanded Addressing Capabilities

increases the size of IP address from 32 bits to 128 bits ensures that the world won't run out of IP addresses - literally enough addresses for every grain of sand on the planet to be IP addressable introduced a new type of address called an anycast address

Packet Matching Fields

ingress port src MAC dst MAC ethernet type VLAN ID VLAN pri ip src ip dest ip proto ip tos tcp/udp src port tcp/udp dst port

Checksum

a router comptues the header checksum for each received IP datagram and detects an error condition if the checksum carried in the datagram header does not equal the computed checksum routers typically discard datagrams for which an error has been detected checksum must be recomputed and stored again at each router, since the TTL field (and possibly the options field as well) will change

Internet's Network Layer Provides

a single service known as best-effort service other network architectures have defined and implemented service models that go beyond the Internet's best-effort service (i.e. atm network arch.)

IPv4 Datagram Format: Header Checksum

aids a router in detecting bit errors in a received IP datagram computed by treating each 2 bytes in the header a number and summing these number using 1s complement arithmetic

First-Come-First-Served (FCFC)

aka First-in-First-Out (FIFO) selects packets for link transmission in the same order in which they arrived at the output link queue

Address Aggregation

aka route aggregation or route summarization the ability to use a single prefix to advertise multiple networks works extremely well when addresses are allocated in blocks to ISPs and then from ISPs to client organizations

Plug-and-Play

aka zeroconf (zero-configuration) protocol because of DHCP's ability to automate the network-related aspects of connecting a host into a network, it is often referred to as plug-and-play

Routing Algorithms

algorithms that calculate the paths/route a packet must take to move from sender to receiver determines the contents of a router's forwarding tables the routing algorithm in one router communicates with the routing algorithm function in other routers to compute the values for its forwarding table - done by exchanging routing messages containing routing information according to routing protocols (traditional approach adopted by routing vendors and their products - until recently)

Router Queues

it is at queues within a router where packets are actually dropped or lost packet queues may form at both the input ports and the output ports the location and extent of queueing (either at the input or output) will depend on the traffic load, the relative speed of the switching fabric and the line speed

Routing Processor

performs control-plane functions. In traditional routers it executes the routing protocols maintains routing tables and attached link state information computes the forwarding table for the router in SDN routers, the routing processor is responsible for communicating with the remote controller in order to (among other activities) receive forwarding table entries computed by the remote controller, and install these entries in the router's input ports. the routing processor also performs the network management functions

Classful Addressing

before CIDR, the network portions of an IP address were constrained to be 8, 16 or 24 bits in length 8 - a, 16 - b, 24-c the requirement that the subnet portion of an IP address be exactly 1, 2 or 3 bytes long turned out to be problematic for supporting rapidly growing organizations with small and medium-sized subnets

Firewall

between network and the internet - most routers today have firewall capability firewalls inspect the datagram and segment header fields, denying suspicious datagrams entry into the internal network; can also block packets based on source and destination IP addresses and port numbers can be configured to track TCP connections, granting entry only to datagrams that belong to approved connects

OpenFlow Devices

can equally perform as a router (L3 device) forwarding datagrams as well as a switch (L2 device) forwarding frames by forwarding on the basis of Ethernet addresses rather than IP addresses

Link-Layer Switches

packet switches base their forwarding decision on values in the fields of the link-layer frame switches are thus referred to as link-layer devices

Round Robin and Weighted Fair Queuing (WFQ)

packets are sorted into class as with priority queuing rather than there being a strict service priority among classes, a round robin scheduler alternates service among the classes class 1 packet transmitted, then class 2, then class 1, then class 2, etc.

Control Packets

packets carrying routing protocol information

IPv6 Datagram Format: Hop Limit

decremented by one by each router that forwards the datagram - if hop limit reaches 0, the DG is discarded

Network Service Model

defines characteristics of end-to-end delivery of packets between sending and receiving hosts services could include: 1. guaranteed delivery 2. guaranteed delivery w/bounded delay = guaranteed delivery within a specified host-to-host delay bound (within 100msec) 3. in-order packet delivery 4. guaranteed minimal bandwidth = service emulates the behavior of a transmission link of a specified bit rate between sending and receiving hosts - as long as the sending host transmits bits at a rate below the specified rate, then all packets are eventually delivered to the destination host 5. security = encrypt datagrams and source and decrypt them at destination partial list; countless variations possible

IPv6 Datagram Format: Data

payload portion of the IPv6 datagram - when DG reaches destination, the payload will be removed from the IP DG and passed on to the protocol specified in the next header field

Drop-Tail

policy to drop the arriving packet

Router: Input Ports

preforms several key functions performs physical layer function of terminating an incoming physical link at the router also performs link-layer functions needed to inter-operate with the link layer at the side of the incoming link; perhaps most crucially, a loopup function is also performed at the input port - it is here that the forwarding table is consulted to determine the router output port to which an arriving packet will be forwarded via the switching fabric control packets are forwarded from an input port to the routing processor port here refers to the physical input and output router interfaces

Network Control Plane

primary role is to coordinate local, per-router forwarding actions so that datagrams are ultimately transferred end-to-end, along paths of routers between source and destination hosts

Classless Interdomain Routing (CIDR)

pronounced 'cider' the internet's address assignment strategy CIDR generalizes the notion of subnet addressing as with subnet address, the 32 bit IP address is divided into two parts and again has the dotted-decimal form a.b.c.d/x where x indicates the number of bits in the first part of the address the x most significant bits of an address of the form a.b.c.d/x constitute the network portion of the IP address and are often referred to as the prefix (or network prefix) of the address an organization is typically assigned a block of contiguous addresses, that is a range of addresses with a common prefix - in this case, the IP addresses of devices within the organization will share the common prefix only these x leading prefix bits are considered by routers outside the organization's network; when a router outside the organization forwards a datagram whose destination address is inside the organization, only the leading x bits of the address need be considered; considerably reduces the size of the forwarding table in these routers, since a single entry of the form a.b.c.d/x will be sufficient to forward packets to any destination within the organization the remaining 32-x bits of an address can be thought of as distinguishing among the devices within the organization, all of which have the same network prefix; these are the bits that will be considered when forwarding packets at routers within the organization; these lower-order bits may (or may not) have an additional subnetting structure

Intserv Architecture

proposed service model extension to Internet architecture aims to provide end-end delay guarantees and congestion-free communication

Output Port Processing

takes packets that have been stored in the output port's memory and transmits them over the output link includes selecting and de-queueing packets for transmission and performing the needed link-layer and physical-layer transmission functions

TCAM Memory

ternary content-addressable memory is a specialized type of high-speed memory that searches its entire contents in a single clock cycle. The term "ternary" refers to the memory's ability to store and query data using three different inputs: 0, 1 and X

Priority Queuing

Packets arriving at the output link are classified into priority classes upon arrival at the queue in practice, a network operator may configure a queue so that packets carrying network management information (as indicated by source or destination port number) receive priority over user traffic; real-time voice-over-IP packets might receive priority over non-real traffic such as SMTP and IMAP e-mail packets each priority class typically has its own queue when choosing a packet to transmit, the priority queuing discipline will transmit a packet from the highest priority class that has a nonempty queue (that is, has packets waiting for transmission) the choice among packets in the same priority class is typically done in a FIFO manner

Software-Defined Networking (SDN)

control plane where the network is 'software defined' b/c the controller computes forwarding tables and interacts with routers is implemented in software explicitly separates the data plane and control plane by implementing these control plane functions as a separate service, typically in a remote 'controller' alternative approach in which control-plane routing functionality is separated from the physical router - the routing device performs forwarding only, while the remove controller computes and distributes forwarding tables - this remote controller might be implemented in a remote data center with high reliability and redundancy and might be managed by an ISP or some third party routers and remote controller communicate by exchanging messages containing forwarding tables and other pieces of information heart of SDN; these software implementations are also open (publicly available) for research and innovation

Ethernet Type Field

correspond to the upper layer protocol (i.e. IP) to which the frame's payload will be DE-multiplexed and the VLAN fields are concered with so-called virtual local area networks

DHCP 4 Step Process: Server Discovery

first task of a newly arriving host is to find a DHCP server with which to interact done using a DHCP discover message - which a client sends within a UDP packet to port 67; packet is an encapsulated IP DG DHCP client creates an IP DG containing its DHCP discover message along with the broadcast destination IP address (255.255.255.255) and a "this host" source IP address of 0.0.0.0 the DHCP client passes the IP datagram to the link layer which then broadcasts this frame to all nodes attached to this subnet

Wildcards

flow table entries may also have wildcards ip address of 128.119.*.* in a flow table with match the corresponding address field of any DG that has 128.199 as the first bits of its address

data plane role

forward dgs from its input links to its output links

Interchangeable Terms

forwarding and switching forwarding and routing? Routers and switches?

IPv6 Datagram Format: Fields No Longer Present

fragmentation/reassembly - not allowed at intermediate routers; can be performed only the source and destination if an IPv6 DG received by a router is too large to be forwarded over the outgoing link, the router simply drops the DG and sends a packet too big ICMP error message bck to sender sender can then resend the data using a smaller IP DG size considerably speeds up IP forwarding within the network header checksum - because transport-layer and link-layer protocol before checksumming, designers of IP prob. felt that this functionality was sufficiently redundant in the network layer that it could be removed options - not gone away; one of the possible next headers pointed from within the IPv6 header

Internet Corporation for Assigned Names and Numbers (ICANN)

global authority responsible for managing IP address space and allocating address blocks to ISPs and other organizations; based on guidelines set forth in RFC 7020 nonprofit; also manages the DNS root servers in charge of assigning domain names and resolving name disputes allocates addresses to regional internet registries (ARIN, RIPE, APNIC, LACNIC) which together form the Address Supporting Organization of ICANN (ASO-ICANN) and handle allocation/management of addresses within their regions

IPv6 Datagram Format: Payload Length

16 bit value; treated as unsigned integer giving the number of bytes in the IPv6 datagram the following fixed-length 40 byte DG header

Why does TCP/IP perform error checking at both the transport and network layers?

1. note that only the IP header is checksummed at the IP layer, while the TCP/UDP checksum is computed over the entire TCP/UDP segment 2. TCP/UDP and IP do not necessarily have to belong to the same protocol stack tcp can, in principle, run over a different network-layer protocol and IP can carry data that will not be passed to TCP/UDP

Subnet Mask

223.1.1.0/24 - where /24 ('slash-24') is known as a subnet mask and indicates the leftmost 24 bits of the 32 bit ip address to determine subnets, detach each interface from its host or router, creating islands of isolated network with interfaces terminating the end points of the isolated networks - each of these isolated networks is called a subnet an organization with multiple ethernet segments and point-to-point links will have multiple subnets, with all the given devices on a given subnet having the same subnet address - in principle, the different subnets could have quite different subnet address, in practice, their subnet addresses often have much in common

IP Broadcast Address

255.255.255.255 - when a host sends a datagram with this destination address, the message is delivered to all hosts on the same subnet routers optionally and usually don't forward the message into neighboring subnets

IP Address

32 bits long (4 bytes) - there are a total of 232 (4 billion) possible IP addresses - these addresses are typically written in so-called dotted-decimal notation - in which each byte of the address is written in its decimal form and is separated by a period from the other bytes in the address for example, the IP address 193.32.216.9 - the 193 is the decimal equivalent of the first 8 bits of the address, the 32 is the decimal equivalent of the second 8 bits of the address and so on; thus, the address 193.32.216.9 in binary notation is 11000001 00100000 11011000 00001001 each interface on every host and router in the global internet must have an IP address that is globally unique (except for interfaces behind NATs) addresses cannot be chosen willy-nilly - a portion of an interface's IP address will be determined by the subnet to which it is connected

IPv6 Datagram Format: Version

4 bit; identifies the IP version number IPv6 = 6 IPv4 =/ 4

IPv4 Datagram Format: Header Length

4 bits; IPv4 datagram can contain a variable number of options (included in the IPv4) datagram header) needed to to determine where in the IP datagram the payload (transport-layer segment being encapsulated in this datagram) actually begins most IP datagrams do not contain options so typically an IP datagram has a 20-byte header

IPv4 Datagram Format: Version Number

4 bits; specify the IP protocol version of the datagram; by looking at the version number, the router can determine how to interpret the remainder of the IP datagram (diff. versions use diff. datagram formats)

IPv6 Datagram Format: Traffic Class

8 bit; can be used to give priority to certain datagrams within a flow or be used to give priority to DG from certain applications

Dynamic Host Configuration Protocol

Host addresses can also be configured manually but is done using DHCP allows a host to obtain (be allocated) an IP address automatically a network administrator can configure DHCP so that a given host receives the same IP address each time it connects to the network or a host may be assigned a termporary IP address that will be different each time the host connects to the network DHCP also allows a host to learn additional information, such as a subnet marks, the address of its first-hop router (often called the default gateway) and the address of its local DNS server client-server protocol; with a client typically being a newly arriving host waiting to obtain network configuration information including an IP address for itself

IPv4 to IPv6

IPv6 is backward compatible; IPv4 systems are not capable of handling IPv6 datagrams several options are possible 1. flag day - shut the internet off and upgrade - unthinkable today 2. tunneling

2011

IANA allocated out the last remaining pool; of unassigned IPv4 addresses to a regional registry - while these registries still have available IPv4 addresses within their pool, once these addresses are exhausted, there are no more available address blocks that can be allocated from a central poo;

Datagram Reassembly

IPv4 designers decided to put the job of DG reassembly in the end systems rather than in network routers - otherwise it would introduce significant complication into the protocol and damper router performance when a destination host receives a series of DGs from the same source, it needs to determine whether any of these DGs are fragments of some original, larger DG if the DGs ARE fragments, it must further determine when it has received the last fragment and how the fragments it has received should be pieced back together to form the original DG. To allow the destination host to perform these reassembly tasks, the designers of IP (version 4) put identification, flag, and fragmentation offset fields in the IP datagram header. When a datagram is created, the sending host stamps the datagram with an identification number as well as source and destination address when a router needs to fragment a datagram, each resulting DG (fragment) is stamped with the source address, destination address and identification number of the original DG when the destination receives a series of DG from the same sending host, it can examine the ID numbers of the DG to determine which of the DGs are actually fragments of the same larger DG b/c IP is an unreliable service, one or more of the fragments may never arrive at the destination - in order for the destination host to be absolutely sure it has received the last fragment of the original DG, the last fragment of the flag bit is set to 0, whereas all the other fragments have this flag bit set to 1 in order for the destination host to determine whether a fragment is missing (and also be able to reassemble the fragments in their proper order), the offset field is used to specify where the fragment fits within the original IP DG

IPv6 Datagram Format: Flow Labeling

IPv6 has elusive definition of flow yet to be determined

Middleboxes

NAT boxes re-write header IP addresses and port numbers firewalls block traffic based on header-field values or redirect packets for additional processing such as deep packet inspection (DPI) load balancers forward packets requesting a given service (i.e. HTTP request) to one of a set of servers that provide that service "or network appliance is a computer networking device that transforms, inspects, filters or otherwise manipulates traffic for purposes other than packet forwarding"

Output Queuing

Queueing can occur at the switch's output port in the time it takes to send a single packet onto the outgoing link, N new packets will arrive at this output port - since the output port can transmit only a single packet in a unit of time (the packet transmission time), the N arriving packets will have to queue (wait) for transmission over the outgoing link. occurs when the switching fabric is N times faster than the port line speeds - eventually, the number of queued packets can grow large enough to exhaust available memory at the output port when there is not enough memory to buffer an incoming packet, a decision must be made to either drop the arriving packet (drop-tail) or remove one or more already-queued packets to make room for the newly arrived packet in some cases, it may be advantageous to drop (or mark the header of) a packet before the buffer is full in order to provide a congestion signal to the sender a number of proactive packet-dropping and -marking policies have been proposed and analyzed; one of the most widely studied and implemented AQM algorithms is the Random Early Detection (RED) algorithm

Flow

RFC 2460 states that this allows labeling of packets belonging to particular flows for which the sender requests special handling - such as non-default quality of service or real-time service audio/video = poss. treated as flow vs file transfer or email = not treated as flow possible that a high priority user (someone paying for better traffic service) might also be treated as flow

IPv4 Datagram Format: Type of Service

TOS bits were included in the IPv4 to allow different types of IP datagrams to be distinguished from each other i.e - real-time datagrams (IP telephony) from non-real-time traffic (FTP) specific level of service to be provided is a policy issue determined and configured by the network administrator for the router; two of the TOS bits are used for Explicit Congestion Notification

Action: Dropping

a flow table with no action indicates that a matched packet should be dropped

Packet Switch

a general packet-switching device that transfers a packet from input link interface to output link interface - according to values in a packet's header fields

Weighted Fair Queuing (WFQ)

a generalized form of round robin queuing that has been widely implemented in routers arriving packets are classified and queued in the appropriate per-class waiting area serves classes in a circular manner (1, then 2, then 1, etc) also a work-conserving queuing discipline and thus will immediately move on to the next class in the service seq. when it finds an empty class queue differs from round robin in that each class may receive a differential amount of service in any interval of time

OpenFlow

a highly visible and successful standard that has pioneered the notion of match-plus-action forwarding abstraction and controllers as well as the SDN revolution more generally openflow 1.0 - introduced key SDN abstractions and functionality in a particularly clear and concise manner later versions of openflow introduced additional capabilities as a result of experience gained through implementation and use

How Hosts and Routers are Connected into the Internet

a host typically has only a single link into the network; when IP in the host wants to send a DG, it does so over this link the boundary between the hosts and the physical layer is called an interface because a router's job is to receive a DG on one link and forward the DG on some other link a router necessarily has two more links to which it is connected - the boundary between the router and any one of its links is also called an interface; a router thus has multiple interfaces, one for each of its links because every host and router is capable of sending and receiving IP DGs, IP requires each host and router interface to have its own IP address thus, an IP address is technically associated with an interface rather than with the host or router containing that interface

IPv4 Datagram Format: Options

allow an IP header to be extended meant to be used rarely - hence the decision to save overhead by not including the information in options fields in every datagram header mere existence of options does complicate matters - since DG headers can be of variable length one cannot determine a priori where the data field will start and since some DG may require option processing and others not, the amount of tiem needed to process an IP DG at a router can vary greatly IP options were not included in IPv6 header

Anycast Address

allows a DG to be delivered to any one group of hosts

OpenFlow's Match Abstraction

allows for a match to be made on selected fields from 3 layers of protocol headers (thus defying the layering principle we studied in chapter 1) source and interfaces destination MAC addresses are link-layer addresses associated with the frame's sending and receiving the set of 12 values than can be matched in openflow 1.0 specification has grown to 41 values in more recent openflow specifications

Subnet

also called an IP network or simply a network in Internet literature

Routers

bases their forwarding decision on header values in the network-layer datagram routers are thus network-layer devices do not run application and transport layer protocols

Port Processing

although lookup is arguably the most important action in input port processing, many other actions must be taken: 1. physical and link layer processing 2. the packet's version number, checksum and time to live field processing 3. counters used for network management (such as number of IP datagrams received) must be updated the input steps of looking up a dest. IP address (a match) and then sending the packet into the switching fabric to the specified output port (action) is a specific case of a more general "match plus action" abstraction that is performed in many networked devices, not just routers

Action: Forwarding

an incoming packet may be forwarded to a particular physical output port, broadcast over all ports (minus the port it arrived) or multicast over a selected set of ports packet may be encapsulated and sent to the remote controller for the device that controller may (may not) take some action on the packet including installing new flow table entries and may return the packet to the device for forwarding under the updated set of flow table rules

Head-of-the-Line (HOL) blocking

any packet behind the queued packet must also wait even their destination port is available in an input-queued switch, a queued packet in an input queue must wait for transfer through the fabric (even though its output port is free) because it is blocked by another packet at the head of the line the input queue will grow to unbounded length (equiv to saying that sign. packet loss will occur) under certain assumptions as soon as the packet arrival rate on the input links reaches only 58% of their capacity

Hardware-Based Matching

as in the case of destination-based forwarding, matching is most rapidly perform in TCAM memory with more than a million destination address entries being possible a packet that matches no flow table entry can be dropped or sent to the remote controller for more processing

ATM Network Architecture

asynchronous transfer mode; provides for guaranteed in-order delay, bounded delay and guaranteed minimal bandwidth

Forwarding Table Lookup

conceptually simple hardware logic just searches through the forwarding table looking for the longest prefix match must be performed in nanoseconds not only must lookup be performed in hardware but techniques beyond a simple linear search through a large table are needed special attention must also be paid to memory access times, resulting in designs with embedded on-chip DRAM and faster SRAM (used as DRAM cache) memories Ternary Content Addressable Memories (TCAMs) are also often used for lookup once a packet's output port has been determined via the lookup, the packet can be sent into the switching fabric

Switching Fabric

connects the router's input ports to its output ports very heart of a router completely contained within the router - a network inside of a network router in some designs, a packet may be temporarily blocked from entering the switching fabric if packets from other input ports are currently using the fabric a blocked packet will be queued at the input port and then scheduled to cross the fabric at a later point in time switching can be accomplished in a number of ways

Non-Preemptive Priority Queuing

discipline in which the transmission of a packet is not interrupted once it has begun

Work-Conserving Queuing

discipline will never allow the link to remain idle whenever there are packets (of any class) queued for transmission a work-conserving round robin discipline that looks for a packet of a given class but finds none will immediately check the next class in the round robin sequence

Flow Table Entry

each entry in a flow table includes: 1. a set of header field values to which an incoming packet will be matched 2. a set of counters that are updated as packets are matched to flow table entries - these counters might include the number of packets that have been matched by that table entry and the time since the table entry was last updated 3. a set of actions to be taken when a packet matches a flow table entry - these actions might be to forward the packet to a given output port, to drop the packet, makes copies of the packet and sent them to multiple output ports and/or re-write selected header fields

Flow Table Priority

each flow table entry also has an associated priority if a packet matches multiple flow table entries, the selected match and corresponding action will be that of the highest priority entry with which the packet matches

Action

each flow table entry has a list of zero or more actions that determine the processing that is to be applied to a packet that matches a flow table entry among the most important actions are forwarding, dropping and modify-field if there are multiple actions they are performed in the order specified in the list

Fragment

each of these smaller DGs

Switching via Memory (Early)

earliest routers were traditional computers w/ switching between input/output ports being done under direct control of the CPU (routing processor) input/output ports function as traditional I/O devices in a traditional OS an input port w/an arriving packet would signal the router processor via an interrupt packet was then copied from the input port into processing memory processor would then extract the dest. address from the header, lookup the appropriate output port in the forwarding table and copy the packet to the output port's buffer memory bandwidth is such that a max. of B packets per second can be written into, or read from, memory - the overall forwarding throughput (the rate at which packets are transferred from input ports to output ports) must be less than B/2 also, two packets cannot be forwarded at the same time, even if they have different dest. ports - since only one memory read/write can be done at a time over the shared system bus

Router: Forwarding Table

either computed or updated by the routing processor (using a routing protocol to interact with the routing processors in other network routers) or is received from a remote SDN (software defined network) controller copies of forwarding table are made - allowing decisions to be made locally at each input port, w/o invoking the centralized routing processor on a per-packet basis thus avoiding a centralized processing bottleneck

Tunneling

key concept with applications in many other scenarios beyond 4 to 6 transition with tunneling, an IPv6 node on the sending side of the tunnel takes the entire IPv6 datagram and puts it in the data (payload) field of the IPv4 datagram this IPv4 DG is then addressed to the IPv6 node on the receiving side of the tunnel and sent to the first node in the tunnel the intervening IPv4 routers in the tunnel route this IPv4 datagram among themselves just as they would any other DG receiving IPv6 nodes eventually receives IPv4 DG containing IPv6 datagram, determines that the IPv6 is inside, extracts it and then routes the DG exactly as it would had it received the v6 DG directly

Forwarding Table

key element in every network router a router forwards a packet by examining the value of one or more fields in the arriving packet's header; then uses these header values to index into its forwarding table the value stored in the forwarding table entry for those values indicates the outgoing link interface at that router to which that packet is to be forwarded

IPv4 Datagram Format: Data (Payload)

last and most important field in most cases, the data field of an IP DG contains the transport layer segment (TCP or UDP) to be delivered to the destination data field can carry other types of data such as ICMP messages

Flow Table

match-plus-action forwarding table in openflow in practice, a flow table may be implemented by multiple flow tables for performance or cost reasons essentially an API, the abstraction through which an individual packet switch's behavior can be programmed

Forwarding

one function; most common; most important implemented on data plane refers to the router-local action of transferring a packet from an input link interface to the appropriate output link interface; takes place at very short timescales (few nanoseconds) - typically implemented in hardware when a packet arrives at a router's input link, the router must move the packet to the appropriate output link a packet might also be blocked from exiting the router or it might be duplicated and sent over multiple outgoing links data plane

Switching via an Interconnection Network

more sophisticated; overcomes the bandwidth limitation of a single, shared bus a crossbar switch is an interconnection network consisting of 2N buses that connect N input ports to N output ports each vertical bus intersects each horizontal bus at a crosspoint - which can be opened or closed at any time by a switch fabric controller (whose logic is part of the switching fabric itself) when a packet arrives from port A and needs to be forwarded to port Y, the switch controller closes the crosspoint at the intersection of buses A and Y and port A then sends the packet onto its bus, which is picked up only by bus U. other packets can be forwarded on different lines crossbar switches are capable of forwarding multiple packets in parallel a crossbar switch is non-blocking - a packet being forwarded to an output port will not be blocked from reaching the output port as long as no other packet is being forwarded to that output port however, if two packets from two different input ports are destined to the same output port, then one will have to wait at the input since only one packet can be sent over a given bus at a time more sophisticated interconnection networks use multiple stages of switching elements to allow packets from different input ports to proceed towards the same output port at the same time through the multi-stage switching fabric a router's switching capacity can also be scaled by running multiple switching fabrics in parallel - in this approach, input ports and output ports are connected to N switching fabrics that operate in parallel; an input port breaks a packet into smaller chunks and "sprays" the chunks through different switching fabrics to the selected output port - which reassembles the chunks back into the original packet

OpenFlow Not Matching

not all fields in an IP header can be matched such matching on the basis of TTL field or datagram length field this has to do with the tradeoff between functionality and complexity

IPv6 Datagram Format: Streamlined 40-byte Header

number of IPv4 fields have been dropped or made optional allows for faster processing of the DG by a router a new encoding of options allows for more flexible options processing

Active Queue Management (AQM)

number of proactive packet-dropping and -marking policies; collectvely known

Input Queuing

occurs at the input ports; happens when the switch fabric is not fast enough (relative to input line speeds) to transfer all arriving packets through the fabric without delay as packets must join input port queues to wait their turn to be transferred through the switching fabric to the output port if two packets are destined for the same output queue, then one of the packets will be blocked and must wait at the input queue - the switching fabric can transfer only one packet to a given output port at a time; multiple packets can be transferred in parallel as long as their output ports are different may also cause HOL blocking

Ternary Content Addressable Memories (TCAMs)

often used for lookup a 32-bit IP address is presented to the memory, which returns the content of the forwarding table entry for that address in essentially constant time some routers/siwtches can hold upwards of a million TCAM forwarding table entries

Network Layer

provides host to host communication relied on by transport layer unlike transport and application layers, there is a piece of the network layer in each and every host and router in the network network-layer protocols are among the most challenging (and interesting) in the protocol stack primary role of the network layer is move packets from sending host to a receiving host; does so with two important network-layer functions: forwarding and routing (often used interchangeably)

Realm with Private Addresses

refers to a network whose addresses only have meaning to devices within that network

Prefix

style of forwarding table, the router matches a prefix of the packet's destination address with the entries in the table; if there's a match, the router forwards the packet to a link associated with the match. it is possible for a destination address to match more than one entry.

Ingress Port

refers to the input port at the packet switch on which a packet is received

DHCP: Shortcoming

since a new IP address is obtained from DHCP each time a node connects to a new subnet, a TCP connection to a remote application cannot be maintained as a mobile node moves between subnets

Best-Effort Service

single service the network layer provides with BES, packets are neither guaranteed to be received in the order they were sent nor is their eventual delivery even guaranteed; there is no guarantee on the end-to-end delay nor is there a minimal bandwidth guarantee in spite of well-developed alternates, the internet's basic best-effort service model + adequate bandwidth provisioning have arguably proven to be more than 'good enough' to enable an amazing range of applications

Output Ports

stores packets received from the switching fabric and transmits these packets on the outgoing link by performing the necessary link-layer and physical-layer functions. When a link is bidirectional (that is, carries traffic in both directions), an output port will typically be paired with the input port for that link on the same line card.

Squeezing Oversized IP DG into smaller payload field on another link

solution is to fragment the payload in the IP DG into two or more smaller IP DG, encapsulate each of these smaller IP DGs in a separate link-layer frame and send these frames over the outgoing link

Switching via Memory (Modern)

some modern routers switch via memory a major difference from early routers, is that the lookup of the dest. address and the storing of the packet into the appropriate memory location are performed by processing on the input line cards in some ways - routers that switch via memory look very much like shared-memory multiprocessors - with the processing on a line card switching (writing) packets into the memory of the appropriate output port

Address Lease Time

the amount of time for which the IP address will be valid - it is common for the server to set the lease time to several hours or days

Maximum Transmission Unit (MTU)

the maximum amount of data that a link-layer frame can carry not all link-layer protocols can carry network-layer packets of the same size because each IP DG is encapsulated within the link-layer frame for transport from one router to the next, MTU of the link-layer protocol places a hard limit on the length of an IP datagram hard limit of size not the problem; what becomes a problem is that each of the links along the route between sender and destination can use different link-layer protocols and each of these protocols can have different MTUs

Routing

the network layer must determine the route or path taken by packets as they flow from a sender to a receiver refers to the network-wide process that determines the end-to-end paths that packets take from source to destination; takes place on much longer timescales (seconds) - implemented in software control plane

DHCP 4 Step Process: Request

the newly arriving client will choose from among one or more server offers and respond to its selected offer with a DHCP request message - echoing back the configuration parameters

Data-Plane

the primary data-plane role of each router is to forward datagrams from its input links to its output links

DHCP 4 Step Process: ACK

the server responds to the DHCP request message with a DHCP ACK message, confirming the request parameters once a client receives the DHCP ACK, the interaction is complete and the client can us the DHCP allocated IP address for the lease duration since a client may want to use its address beyond the lease expiration - DHCP also provides a mechanism that allows a client to renew its lease on an IP address

Action: Modify-field

the values in ten packet headers minus ip protocol field may be re-written before the packet is forwarded to the chosen output port

Network Address Translation (NAT)

there are hundreds of thousands of home networks, many using the same address space - devices within a given home network can send packets to each other using those address however, packets forwarded beyond the home network into the larger global internet cannot use those addresses a nat enabled router does not look like a router to the outside world, instead - the NAT router behaves to the outside world as a single device with a single IP address - all traffic leaving the home router for the larger internet has a source IP address of #.#.#.# in essence, the nat-enabled router is hiding the details of the home network from the outside world the router gets its address from the ISPs DHCP server - and the router runs a DHCP server to provide addresses to computers within the NAT-DHCP router controlled home network's address space

IPv4 Datagram Format: Identifier, Flags, Fragmentation Offset

these three fields to do with the so-called IP fragmentation IPv6 does not allow for fragmentation

control plane role

to coordinate these local, per-router forwarding actions to that datagrams are ultimately transferred end-to-end, along paths of routers between source and dest. hosts

Internet Router's Forwarding Decision

traditionally been based solely on a packet's destination address has been a proliferation of middleboxes that perform many layer-3 functions middleboxes, layer2 switches and layer 3 routers - each with its owns pecialized hardware, software and management interfaces have resulted in costly headaches for many network operators recent advances in software defined networking have promised and are now delivering a unified approach towards providing many of these network layer functions and certain link layer functions in a modern, elegant and integrated manner

IPv4 Datagram Format: Protocol

typically only used when an IP datagram reaches its final destination; the value of the field indicates the specific transport-layer protocol to which the data portion of this IP datagram should be passed 6 = passed with TCP 17 = passed with UDP protocol number in the IP datagram has a role that is analogous to the role of the port number field in the transport-layer segment protocol number is glue that binds the network and transport layers together, whereas the port number is the glue that binds the transport and application layers together

Intrusion Detection System (IDSs)

typically situated at the network boundary performs 'deep packet inspection' - examining not only header fields but also the payloads in the DG (including application layer data) has a database of packet signatures that are known to be part of attacks; DB is automatically updated as new attacks are discovered if a match is found - an alert is created an intrusion prevention system (IPS) is similar except that it actually blocks packets in addition to creating alerts not 100%

IPv4 Datagram Format: Source and Destination IP Addresses

when a source creates a datagram, it inserts its IP address into the source IP address field and inserts the address of the ultimate destination into the destination IP address field often, the source host determines the destination address via a DNS lookup

Packet Schedular

when more packets arrive on output link than are being sent; the output link must choose one packet, among those queued, for transmission

Remote Controller vs Individual Control Components

while it is possible for the control components at the individual packet switch to interact with each other, in practice, generalized match-plus-action capabilities are implemented via a remote controller that computes, installs and updates these tables


Conjuntos de estudio relacionados

Chapter 07: Designing Organization Structure

View Set

Unit five- The executive Branch and the Bureaucracy

View Set

BA10 5.01 Accounting- Chapter 11

View Set

DE Public Speaking Final Exam Review 2

View Set

Promulgated Contracts-Level 9 MAIN SUMMARY

View Set

Us History Civil War to Present CH 16

View Set

Sodium-Na (Hypernatremia, Hyponatremia)

View Set

Chapter 11: Small Business Pricing, Distribution, and Location

View Set