Chapter 19: Network Layer Protocols
Data Transfer (Phase 3)
1. From Remote Host to Home Agent - Remote host wanting to send a packet to a mobile host sends packet as if it is at its home network. Home agent intercepts packet, pretends to be mobile host. 2. From Home Agent to Foreign Agent - Home agent encapsulates packet inside an IP packet, sends it to foreign agent. 3. From Foreign Agent to Mobile Host - Foreign Agent removes original packet, consults registry table to find care-of-address for mobile host, and sends it to mobile host. 4. From Mobile Host to Remote Host - Mobile host wanting to send packet to remote host sends packet with its home address as the source. Transparency - Remote host is unaware of any movement by the mobile host. The remote host sends packets using the home address of the mobile host as the destination address; it receives packets that have the home address of the mobile host as the source address. The movement is totally transparent. The rest of the Internet is unaware of the movement of the mobile host.
Fragmentation Offset Field
13-bit field shows the relative position of fragment in the whole datagram. It is the offset of the data in the original datagram measured in 8-byte units. This means the first byte number must be divisible by 8. See image for an example of a 4000-byte datagram fragmented into 3 fragments.
Identification Field
2-byte field identifies a datagram (and its fragments) originating from source host. The combination of identification and source IP address must uniquely define a datagram (uses a counter to ensure unique identifier). All fragments with same identification value are reassembled into a single datagram.
Flags Field
3-bit field defines 3 flags: 1. Reserved - 1st bit. Not used. 2. Do Not Fragment bit (D bit) - 2nd bit. If value is 1, the machine must not fragment the datagram (sends ICMP to source host if it can't pass the datagram). If its value is 0, the datagram can be fragmented if necessary. 3. More Fragment bit (M bit) - 3rd bit. If its value is 1, datagram is not the last fragment; there are more fragments after this one. If its value is 0, it means this is the last or only fragment.
Q: A packet has arrived with an M bit value of 1. Is this the first fragment, the last fragment, or a middle fragment? Do we know if the packet was fragmented?
A: If the M bit is 1, it means that there is at least one more fragment. This fragment can be the first one or a middle one, but not the last one. We don't know if it is the first one or a middle one; we need more information (the value of the fragmentation offset).
Q: In an IPv4 packet, the value of HLEN is 5, and the value of the total length field is 0028 (base 16). How many bytes of data are being carried by this packet?
A: The HLEN value is 5, which means the total number of bytes in the header is 5 × 4, or 20 bytes (no options). The total length is 0028 (base 16) or 40 bytes, which means the packet is carrying: 40 - 20 = 20 bytes of data.
Q: In an IPv4 packet, the value of HLEN is 1000 (base 2). How many bytes of options are being carried by this packet?
A: The HLEN value is 8, which means the total number of bytes in the header is 8 × 4 = 32 bytes. The first 20 bytes are the base header, the next 12 bytes are the options.
Q: A packet has arrived in which the offset value is 100, the value of HLEN is 5, and the value of the total length field is 100. What are the numbers of the first byte and the last byte?
A: The first byte number is 100 × 8 = 800. The total length is 100 bytes, and the header length is 20 bytes (5 × 4), which means that there are 80 bytes in this datagram. If the first byte number is 800, the last byte number must be 879.
Q: An IPv4 packet has arrived with the first 8 bits as 01000010 The receiver discards the packet. Why?
A: There is an error in this packet. The 4 leftmost bits (0100) show the version, which is correct. The next 4 bits (0010) show an invalid header length (2 × 4 = 8 bytes). The minimum # of bytes in header must be 20. The packet has been corrupted in transmission.
Q: An IPv4 packet has arrived with the first few hexadecimal digits as shown: 45 00 00 28 00 01 00 00 01 02 How many hops can this packet travel before being dropped? The data belong to what upper-layer protocol?
A: To find TTL, we skip 8 bytes (16 hexadecimal digits). TTL is the 9th byte, which is 01 (base 16). This means the packet can travel only one hop. The protocol field is the next byte 02 (base 16), which means that the upper-layer protocol is IGMP.
Q: A packet has arrived in which the offset value is 100. What is the number of the 1st byte? Do we know the number of the last byte?
A: To find the number of the first byte, we multiply the offset value by 8. This means that the first byte number is 800. We cannot determine the number of the last byte unless we know the length of the data.
Registration (Phase 2)
After a mobile host has moved to a foreign network and discovered the foreign agent, it must register. There are 4 aspects of registration: 1. The mobile host must register itself with the foreign agent. 2. The mobile host must register itself with its home agent. This is normally done by the foreign agent on behalf of the mobile host. 3. The mobile host must renew registration if it has expired. 4. The mobile host must cancel its registration (deregistration) when it returns home. Misc. o Registration messages are encapsulated in a UDP user datagram. o An agent uses the well-known port 434; a mobile host uses an ephemeral (temporary) port.
Packet Modification
An attacker intercepts a packet, changes its contents, and sends the new packet to the receiver. Can be detected using a data integrity mechanism. The receiver, before opening and using the contents of the message, can use this mechanism to make sure that the packet has not been changed during the transmission (see Ch. 32).
Packet Sniffing
An attacker intercepts an IP packet and makes a copy of it. Packet sniffing is a passive attack, in which the attacker does not change the contents of the packet. Difficult to detect. Can use encryption to protect packet's contents.
IP Spoofing
An attacker masquerades as somebody else and creates an IP packet that carries the source address of another computer. Can be prevented using an origin authentication mechanism (see Ch. 32).
ICMPv4 Checksum (Binary)
Calculated over the entire message.
Agent Discovery (Phase 1)
Consists of 2 subphases: 1. A mobile host must discover (learn the address of) a home agent before it leaves its home network. 2. A mobile host must also discover a foreign agent after it has moved to a foreign network. This consists of learning the care-of address and the foreign agent's address. Agent discovery involves 2 types of messages: 1. Advertisement 2. Solicitation
ICMPv4 Messages
Divided into 2 broad categories: 1. Error-Reporting Messages - Report errors at router or destination host. 2. Query Messages - Occur in pairs. Help a host or network manager get specific information from a router or another host.
Mobile IP
Extension of IP protocol that allows mobile computers to connect to the Internet.
IPv4 Checksum
Header is divided into 2-byte sections. All of the sections are added and the sum is complemented after wrapping the leftmost digit. The result is inserted in the checksum field (see image). Calculations in hexadecimal: (Wrapped Sum) = Sum % FFFF Checksum = FFFF - (Wrapped Sum)
Addressing (Mobile IP)
IP addresses were originally designed to work with stationary hosts; part of the address defines the network to which the host is attached. However, mobile computers can move between networks, making the address invalid. Several solutions have been proposed to solve addressing, including: o Changing the Address o Two Addresses
ICMPv4
IPv4 has no error-detecting or error-correcting mechanisms. It also lacks a mechanism for host and management queries. ICMPv4 was designed to compensate for the above 2 deficiencies. It is a auxiliary protocol; its messages are encapsulated by IP datagrams.
Security of IPv4 Datagrams
IPv4 was not designed with security. There are 3 security issues concerning IP protocol: 1. Packet Sniffing 2. Packet Modification 3. IP Spoofing
Inefficiency in Mobile IP
Inefficiency can be severe (double crossing or 2X) or moderate (triangle routing or dog-leg routing).
Changing the Address
Lets the mobile host change its address as it goes to the new network (using DHCP). Has several drawbacks: 1. Configuration files must be changed. 2. Must reboot when moving b/w networks. 3. DNS tables need to be revised. 4. Data exchange is interrupted if host moves b/w networks during transmission (ports and IP addresses of the client and server must remain constant during connection).
Maximum Transfer Unit (MTU)
Max size of frame payload. Datagram must be less than the MTU. MTU differs b/w physical networks. Fragmentation allows datagrams > MTU to pass through networks.
ICMPv4 Message Formats
Message has an 8-byte header and variable-length data section. The first 4 bytes are common to both categories of message: o Type - 1-byte field defines type of message o Code - 1-byte field specifies the reason for the message o Checksum - 2-byte field for error-detection. Data Section in: o Error messages - Carries information for finding the original packet that had the error. o Query Messages - Carries extra information based on the type of query.
Two Addresses
Mobile IP has 2 addresses for a mobile host: one home address and one care-of address. The home address is permanent; the care-of address changes as the mobile host moves from one network to another.
Destination Unreachable (Type 3)
Most widely used error message. Uses codes (0 to 15) to define type of error message and the reason why a datagram has not reached its final destination (i.e., code 0 tells the source that a host is unreachable).
Fragmentation Example
Note: Image is a more detailed example of the image from Fragmentation Offset Field flashcard. Strategy for reassembly: a. The first fragment has an offset field value of 0. b. Divide the length of the first fragment by 8. The second fragment has an offset value equal to that result. c. Divide the total length of the first and second fragment by 8. The third fragment has an offset value equal to that result. d. Continue the process. The last fragment has its M bit set to 0. e. Continue the process. The last fragment has a more bit value of 0.
Double Crossing
Occurs when a remote host communicates with a mobile host that has moved to the same network as the remote host. When the mobile host sends a packet to the remote host, there is no inefficiency; the communication is local. However, when the remote host sends a packet to the mobile host, the packet crosses the Internet twice.
Triangle Routing
Occurs when the remote host communicates with a mobile host that is not attached to the same network as the remote host. When the mobile host sends a packet to the remote host, there is no inefficiency. However, when the remote host sends a packet to the mobile host, the packet goes from the remote host to the home agent and then to the mobile host. The packet travels the two sides of a triangle, instead of just one side.
Solution to Inefficieny
One solution is for the remote host to bind the care-of address to the home address of a mobile host. For example, when a home agent receives the first packet for a mobile host, it forwards the packet to the foreign agent; it could also send an update binding packet to the remote host so that future packets to this host could be sent to the care-of address. The remote host can keep this information in a cache. The problem with this strategy is that the cache entry becomes outdated once the mobile host moves. In this case the home agent needs to send a warning packet to the remote host to inform it of the change.
IPv4 Datagram Format
Packets used by IP are called datagrams. Datagrams are variable-length and consist of 2 parts: 1. Header - Contains information essential for routing and delivery. 20 to 60 bytes long. Divided into 4-byte sections. 2. Payload (Data) - Packet coming from other protocols that use the service of IP. Analogy: Payload: content of a package. Header: information written on the package
IP Security (IPSec)
Protocol used in conjunction with IP protocol to create a connection-oriented service b/w 2 entities in which they can exchange IP packets without worrying about the packet sniffing, packet modification, and IP spoofing. Provides 4 services: 1. Defining Algorithms and Keys - 2 entities that want to create a secure channel b/w themselves can agree on some available algorithms and keys to be used for security purposes. 2. Packet Encryption - Packets exchanged b/w 2 parties can be encrypted for privacy using one of the encryption algorithms and a shared key agreed upon in the first step. 3. Data Integrity - Guarantees that packet is not modified during transmission. If the received packet does not pass the data integrity test, it is discarded. 4. Origin Authentication - Authenticates the origin of the packet to ensure it is not created by an imposter.
Agent Solicitation
When a mobile host has moved to a new network and has not received agent advertisements, it can initiate an agent solicitation. It can use the ICMP solicitation message to inform an agent that it needs assistance.
Agent Advertisement
When a router advertises its presence on a network using an ICMP router advertisement, it can append an agent advertisement to the packet if it acts as an agent. The field descriptions are as follows: o Type - 1-byte field is set to 16. o Length - 1-byte field defines the total length of the extension message (not the length of the ICMP advertisement message). o Sequence number - 2-byte field holds the message number. The recipient can use the sequence number to determine if a message is lost. o Lifetime - 2-byte field defines the # of seconds that the agent will accept requests. If the value is a string of 1's, the lifetime is infinite. o Code - 1-byte flag in which each bit is set (1) or unset (0). o Care-of Addresses - This field contains a list of addresses available for use as care-of addresses. The selection of this care-of address is announced in the registration request. This field is only used by a foreign agent.
IPv4
A connectionless protocol that uses the datagram approach to deliver packets. Packets may be lost or corrupted. Packets may arrive out of order. IPv4 is unreliable and relies on a higher-level protocol (i.e., TCP) to solve these problems.
Ping
A debugging tool that uses ICMP to find if a host is alive and responding. Can also calculate RTT. Ping inserts departure time and when the packet arrives, it subtracts it from the arrival time.
Traceroute
A debugging tool that uses ICMP to find the IP address of every router in the path and that of the destination. Sends echo request messages with changing TTL and an invalid port #. Each router sends a time-exceed error message and the destination sends a destination unreachable error message (code 3: port not found). These error messages include the IP addresses. Misc. o Traceroute is the UNIX program. In Windows, the program is tracecert. o Also sets a timer to find RTT for each router and the destination (usually sends 3 messages to better estimate RTT).
IPv4 Fragmentation
A larger datagram is divided into smaller datagrams. Each new datagram has its own header with most of the fields copied over. A datagram may be fragmented several times before it reaches the final destination (if it encounters a smaller MTU). Fragmentation is done by the source host or any router in the path. Reassembly is done by destination host. An even stronger objection for reassembling packets during the transmission is the loss of efficiency (copying fields, recalculating checksum, etc.).
Registration Reply
A registration reply is sent from the home agent to the foreign agent and then relayed to the mobile host. The reply confirms or denies the registration request. The fields are similar to those of the registration request with the following exceptions: o Type - 1-byte field defines the type of message. For a reply, the value is 3. o Code - 1-byte field that replaces the flag field. Shows the result of the registration request (acceptance or denial). o Care-of address - Field is not needed.
Registration Request
A registration request is sent from the mobile host to the foreign agent to register its care-of address and also to announce its home address and home agent address. The foreign agent, after receiving and registering the request, relays the message to the home agent. Note that the home agent now knows the address of the foreign agent because the IP packet that is used for relaying has the IP address of the foreign agent as the source address. The field descriptions are as follows: o Type - 1-byte field defines the type of message. For a request, the value is 1. o Flag - 1-byte field defines forwarding information. The value of each bit can be set or unset. o Lifetime - This field defines the # of seconds the registration is valid (0s: deregistration, 1s: infinite lifetime). o Home address - Permanent (first) address of the mobile host. o Home agent address - Address of the home agent. o Care-of address - Temporary (second) address of the mobile host. o Identification - 8-byte # that is inserted into the request by the mobile host and repeated in the reply message. It matches a request with a reply. o Extensions - Variable-length extensions are used for authentication. They allow a home agent to authenticate the mobile agent.
Q: A packet has arrived with an M bit value of 1 and a fragmentation offset value of 0. Is this the first fragment, the last fragment, or a middle fragment?
A: Because the M bit is 1 and the offset value is 0, it is the first fragment.
Q: A packet has arrived with an M bit value of 0. Is this the first fragment, the last fragment, or a middle fragment? Do we know if the packet was fragmented?
A: If the M bit is 0, it means that there are no more fragments; the fragment is the last one. However, we cannot say if the original packet was fragmented or not. A non-fragmented packet is considered the last fragment.
Error-Reporting Messages
Report problems that a router or a destination host may encounter when it processes an IP packet back to the source host. Does not correct errors. All error-reporting messages contain a data section that includes the IP header of the original datagram plus the first 8 bytes of data in that datagram. The 8 bytes of data are included because the first 8 bytes provide information about the port numbers (UDP and TCP) and sequence number (TCP). This information is needed so the source can inform the protocols (TCP or UDP) about the error.
Foreign Agent
The foreign agent is usually a router attached to the foreign network. The foreign agent receives and delivers packets sent by the home agent to the mobile host. The mobile host can also act as a foreign agent. To do this, a mobile host must be able to receive a care-of address by itself (using DHCP) and needs software to communicate with the home agent and to have two addresses. When the mobile host and the foreign agent are the same, the care-of address is called a collocated care-of address. The advantage of using a collocated care-of-address is that the mobile host can move to any network without worrying about the availability of a foreign agent.
Header (IPv4 Datagram Format)
The header includes the following fields: o Version Number (VER) - 4-bit field defines the version of IPv4 protocol (4). o Header Length (HLEN) - 4-bit field defines total length of header. To fit, total length is divided into 4-byte words (i.e., 60 bytes / 4 bytes/word = 15 words). o Service Type - 1-byte field defines how the datagram should be handled. o Total Length - 2-byte field defines length of header plus data in bytes. Can find length of data by: (Data Length) = (Total Length) - (HLEN x 4). Useful to find data length when padding is used. o Identification, Flags, and Fragmentation Offset - 3 fields related to datagram fragmentation (size of datagram larger than underlying network can carry). o Time-to-live (TTL) - Controls max # of hops (routers) visited (2 x Max # Routers in Path). Each router decrements value by 1. If 0, datagram is discarded. o Protocol - Specifies protocol for multiplexing/demultiplexing (see image). o Header checksum - Used for error-checking (only checks errors in header, not the payload). Must be recalculated at each router (TTL changes at each router). o Source and Destination Addresses - IP addresses for source and destination. Destination address is either known by protocol using IP or provided by DNS. o Options - Up to 40 bytes used for network testing and debugging.
Options Field
The header of the IPv4 datagram is made of 2 parts, one fixed-length and one variable-length. The fixed part is 20 bytes long and was discussed previously. The variable part contains options that can be a maximum of 40 bytes (in multiples of 4-bytes). Options are not required, but can be used for network testing and debugging. Options are divided into 2 broad categories: 1. Single-byte 2. Multiple-byte
Home Agent
The home agent is usually a router attached to the home network of the mobile host. The home agent acts on behalf of the mobile host when a remote host sends a packet to the mobile host. The home agent receives the packet and sends it to the foreign agent.
Network Layer Protocols
The network layer can be thought of as 1 main protocol and (IPv4) and 3 auxiliary protocols: 1. Internet Control Message Protocol (ICMPv4) 2. Internet Group Management Protocol (IGMP) 3. Address Resolution Protocol (ARP) IPv4 and ICMPv4 are discussed here. (ARP was discussed in Ch. 9.)
Single-Byte Options
There are 2 single-byte operations: 1. No Operation - 1-byte used as a filler b/w options. 2. End of Option - 1-byte used for padding at the end of the option field (can only be used as last option).
Fields Related to Fragmentation
There are 3 header fields related to fragmentation: 1. Identification 2. Flags 3. Fragmentation Offset
Multiple-Byte Options
There are 4 multiple-byte options: 1. Record Route - Used to record Internet routers that handle datagram (can list up to 9 router addresses). 2. Strict Source Route - Used by source to predetermine a route for the datagram. Can only visit and must visit all routers in its list. 3. Loose Source Route - Must visit all routers in its list, but can visit other routers, too. 4. Timestamp - Records datagram processing time at router.
Three Phases (Mobile IP)
To communicate with a remote host, a mobile host goes through 3 phases: 1. Agent Discovery 2. Registration 3. Data Transfer
Agents (Mobile IP)
To make the change of address transparent requires a home agent and a foreign agent. Agents are both hosts and routers (their specific function is performed in the application layer).
Echo Request (Type 8) and Echo Reply (Type 0)
Used by host or router to test the liveliness of another host or router. A host or router sends an echo request; if the host or router receives the echo request, it responds with an echo reply.
Timestamp Request (Type 13) and Timestamp Reply (Type 14)
Used to find the roundtrip time (RTT) b/w 2 devices or to check if 2 devices' clocks are synced. Sends a 32-bit number that represent UTC.
Source Quench (Type 4)
Uses code 0 when the network has encountered congestion and the datagram has been dropped; the source needs to slow down sending more datagrams. ICMP adds a kind of congestion control mechanism to the IP protocol by using this type of message.
Parameter Problem (Type 12)
Uses code 0 when there is a problem in the header of a datagram or code 1 when options may be missing or cannot be interpreted.
Time Exceeded (Type 11)
Uses codes 0 and 1 when TTL value becomes 0. Code 0 is the default; code 1 indicates not all fragments of a datagram arrive within a predefined period of time.
Redirection Message (Type 5)
Uses codes 0 to 3 when the source uses the wrong router to send its message. Router redirects message to appropriate router, but informs source that it needs to change its default router. IP address of the default router is sent in the message.