IP and Related Protocols
Outline the basics of IPv6 link-local unicast addresses. super short!
Are only used in a subnetwork and not routed Are used for autoconfiguration purposes Have a prefix of fe80::/10
Draw a basic diagram of the DNS name space.
Diagram slide 69 (lol it's a number)
Given the IP 192.168.40.3 and the netmasks /24 and /21 what are there networks and such?
Example slide 26 - toom hard to copy that giant.. thing here xD
What is the SourceAddress/DestinationAddress field in the packet format?
SrcAddr indicates the initial sender of datagram DstAddr indicates intended final receiver of datagram Are of 32 bits width
What are some basic type code combinations for ICMP? Are they implementation dependent and how do they act around firewalls?
0 0 Echo reply 3 0 Destination network unreachable 3 1 Destination host unreachable 3 2 Destination protocol unreachable 3 3 Destination port unreachable 3 4 Fragmentation required, but DF bit set 3 6 Destination network unknown 3 7 Destination host unknown 4 0 Source quench (Congestion control) 8 0 Echo request 11 0 TTL expired in transit 11 1 Fragment reassembly time exceeded Where the first number is the type, and the second is the code. It is implementation-dependent, which ICMP messages are generated ICMP messages are often suppressed by firewalls, otherwise too much information about internal network structures could be revealed
What is the NAT (solution to IPv4 issues) basic approach?
A NAT router separates a private network from the public IP network NAT router obtains one single public IP address (e.g. via DHCPfrom the Internet provider) Hosts on private network are allocated addresses from private IP address spaces like e.g.: 172.16.0.0/12 192.168.0.0/16 NAT router maps outgoing packets from private network to public IP address and port numbers and vice versa (address re-writing)
What is address aggregation? Provide a really big example. Biggest card EVER.
A big problem in the Internet is the size of forwarding tables Address aggregation is an important approach to reduce this, it makes crucial use of CIDR Consider router G in the following example: Suppose that router G is a "border router" of some organization which has internal networks 130.1.62/24, 130.1.1/24, 130.1.3/24, and 130.1.4/24 Router G does not announce all these four networks but a summarized network 130.1/16 to the outside world (i.e. to routers C, D and others) Outside routers need one forwarding table entry instead of four Any packet from the outside destined to any of the four internal networks will go through router G which (alone) knows how to forward the packet internally In the same example, consider routers C and D: Router D aggregates its two internal networks 130.2.2/24 and 130.2.3/24 as 130.2/16 and advertises the latter Router C has two internal networks from range 130.5 and advertises these as 130.5/16, but also advertises its internal network 130.2.4/24 to the outside world As a result, router G: Has two forwarding table entries (instead of three) for 130.2.x networks: the aggregated 130.2/16 and the individual network 130.2.4/24 Will have two candidate forwarding table entries when it receives a packet destined to 130.2.4.17 To resolve this ambiguity, in case of multiple matching forwarding table entries the most specific entry is chosen Most specific = more ones in the network mask Here: entry 130.2.4/24 from router C is preferred over entry 130.2/16 from router D There is a diagram example on slide 29
What do all fragments of the same message contain?
A full IP header The same identification field A TotalLength field reflecting the fragment size Different values for FragmentOffset field (reflecting the start of the present fragment within the whole message): FragmentOffset specifies offset in multiples of 64 bits The MF (more-fragments) bit set, except for the last fragment, which has non-zero FragmentOffset
Does IP have support for mobility?
A host address is tied to its location in the network, i.e. it is coupled to network topology. When a host switches to another network, it obtains another address and ongoing connections (TCP!) are disrupted - IP therefore has no direct support for mobility!!
How do identifiers work with global unicast addresses?
A host always assigns himself the interface identifier, the network part can be configured in other ways Interface ID often derived from MAC address of interface Every network interface has a unique interface identifier, but can have several IPv6 addresses These would then have the same interface identifier but different network parts
What is DNS caching and why do we do it?
A nameserver is required to store a name 7→ IP-address mapping for a time that is indicated in the response of the final nameserver Caching Reason: when same name needs to be resolved short time later, it is not necessary to again involve all nameservers, the query can be handled from cache Load reduction on root name servers
This aint a question, just an example of how address resolution in IPv6 works
A source host wishes to send a packet to a local destination host with known IPv6 address but unknown Ethernet MAC address Let the Ethernet MAC address of the destination be aa:bb:cc:17:92:45 The destination derives from this the Ethernet multicast address 33:33:ff:17:92:45 The destination's Ethernet adapter is a-priori configured to listen to this Ethernet multicast address A source host wishing to send to the destination now sends a neighbor-solicitation message to the IPv6 multicast address ff02::1:ff179245, which is directly mapped to the underlying Ethernet multicast address In effect, the neighbor-solicitation address is sent to the specific Ethernet multicast address, to which only the destination has subscribed neighbor-solicitation contains full IPv6 address of destination host Destination responds with neighbor-advertisement, and source stores contained information in its cache
What is a DNS zone?
A zone is a sub-tree of the namespace that is administered separately Example: ac.nz A zone can be sub-divided into further zones, e.g. there could be zones: canterbury.ac.nz massey.ac.nz
If I told you that ARP is dynamic, what does that mean and what are its advantages and disadvantages. Also what is RARP (not rape) cos this fits nowhere else.
ARP is dynamic: The MAC address for a given IP address does not need to be statically configured, but the protocol provides a mechanism to determine this on-the-fly Advantage: nodes can be moved or equipped with new MAC adapters without any re-configuration Disadvantage: a separate protocol is needed, bringing additional complexity and requiring some bandwidth There is also a protocol that lets stations find an IP address for given MAC address, this is called RARP (Reverse ARP (reverse cowgirl))
Why is there a shortage of IPv4 addresses?
Address space is 32 bit, ≈ 4.3 billion addresses This address space will run out soon for various reasons: Inefficient allocation Number of internet hosts has grown dramatically in last two decades, nowadays ≈ 800 million hosts, growth continues A new surge of devices emerges, including: Smartphones Embedded systems / sensor networks / Internet of things IANA assigns the last /8 address block in beginning of 2011 to a regional internet registry (RIR) RIRs run out of addresses about one year later
What are the advantages and disadvantages of NAT?
Advantages: Several hosts can be represented by one public IP address NAT hides internal structure of private network Problems: NAT breaks end-to-end semantics Hosts in private part are not directly reachable (e.g. cannot act as servers) Works only with traffic belonging to certain well-known protocols These issues are particularly problematic for P2P applications
What is the large problem with global unicast addresses? Might have something to do with security..
All IPv6 addresses bound to a particular interface have the same interface identifier In the case of Ethernet interfaces the MAC addresses (and thus the interface IDs) are worldwide unique Therefore: all packets sent via a certain interface have the same interface identifier throughout In IPv4 this is only true for hosts with statically configured IP addresses, most private users get their addresses dynamically assigned This allows to identify users! RFC 4941 specifies privacy extensions
What are the three types of IPv6 addresses?
An 128 bit address is of one of three different types Unicast address: the address is bound to an individual network interface Anycast address: the address is bound to a group of (distinct) interfaces, and a packet to this address is delivered to one group member (e.g. the one closest to sender) Multicast address: the address is bound to a group of (distinct) interfaces, and a packet to this address is delivered to all group members
What are interior gateway protocols? Define some well known ones.
An AS can choose any of the interior gateway protocols to determine routes between routers in the same AS RIP and RIP-2 (Routing Information Protocol): Defined in RFCs 1058 and RFC 1388 Both are distance-vector protocols, metric is hop-count RIP-2 contains improvements to address DV problems EIGRP (Extended Interior Gateway Routing Protocol): used in CISCO routers Loop-free distance-vector protocol OSPF (Open Shortest-Path First): Defined in RFC 1247 It is a link-state protocol Note that all these protocols use shortest-path algorithms
How are IPv6 addresses represented? Quite complicated.
An IPv6 address is represented as eight blocks of 16 bits so that: Each block is represented as 4-digit hexadecimal number Blocks are separated by ":" Example: 5002:3452:0000:0000:0035:6666:7777:9999 Additional rules: leading zeros can be dropped, zero blocks are written as empty string Subsequent zero blocks can be represented by a colon Above example becomes: 5002:3452::35:6666:7777:9999 IPv6 addresses in a URL: http://[5002:3452::35:6666:7777:9999]:8080/ The subnet notation of CIDR is applied to IPv6 as well, e.g. a network can be written as: 5002:3452::/32 which is a shorthand for 5002:3452:0000:0000:0000:0000:0000:0000/32
What are DNS hosts and resolvers?
Applications in hosts are DNS clients A DNS resolver library is linked to an application Under UNIX: see man page for gethostbyname for a C binding to the resolver nslookup is a command-line version of the resolver The resolver reads a configuration file (often found under /etc/resolv.conf, which contains a line like nameserver 130.149.14.12 The resolver uses the nameserver(s) specified in /etc/resolv.conf to perform name resolution
Explain how the DNS name space is hierarchal.
Arranged as a tree made of nodes Each node has label of up to 63 characters The domain name of any node is the (unique) list of all labels that connect it with the unnamed root All immediate children of a node must have distinct names
What are datagram delivery and best effort?
Basic IP service is datagram delivery This service is: Connectionless: no connection or shared state is set up before datagram delivery starts Unacknowledged: IP does not use acknowledgements Unreliable: on IP level no retransmissions are carried out Unordered: IP does not guarantee in-sequence delivery This kind of guarantee-nothing service is called best effort
What does the DF bit mean in an IP header in terms of fragmentation?
By setting the DF (don't fragment) bit in the IP header a source node forbids fragmentation by intermediate routers When a router receives a datagram with DF set, it: Checks whether outgoing link for this packet has an MTU large enough to transmit the packet If so, the packet is transmitted onto next hop If not, the router drops the datagram and returns an ICMP datagram to original IP source ICMP with type 2 ("destination unreachable") and code 4("fragmentation required, but DF set")
What is the Options field in the packet format?
Contains header field for optional IP features One example option: source routing Options are rarely used
What is the Flags field in the packet format?
Contains two flags relevant for fragmentation and reassembly (DF, Don't Fragment, and MF, More Fragments)
Briefly outline what DNS is and what special features it performs
DNS is responsible for mapping human-readable names to addresses, it is a binding service DNS is used solely by applications, it has no role in the TCP/UDP/IP protocols themselves It has a distributed implementation: It consists of several name servers, which assist end hosts in mapping a name to an address No name server has the full knowledge of all bindings that exist in the Internet Besides mapping names to IP addresses it has additional functions: It allows to return an email server address for a given host It allows to manage alias names for hosts It is also possible to perform reverse lookup, i.e. mapping IP addresses to names
Outline the structure of the global unicast addresses
Diagram slide 100! almost there! The global routing prefix is typically assigned to an ISP or a larger organization The subnet ID refers to a subnet within the organization, also called link in the RFCs The interface ID refers to an individual host interface in a subnetwork The length of the interface ID is 64 bits for almost all global unicast addresses, except those starting with 000 IPv6 addresses with embedded IPv4 address start with 000
Give an example of a header for fragmentation and reassembly using IPv6
Diagram slide 92 where fragment-offset: specifies offset of present fragment in whole datagram (in multiples of 64 bit) M is the "more-fragments" bit identification is an identifier for the datagram Why is there no identification field in the main IPv6 header? The routing-options header contains a list of IP addresses for (loose) source routing
What are IPv6 embedded IPv4 Addresses?
During transition from IPv4 to IPv6 it can be useful to directly embed existing IPv4 addresses into an IPv6 address The "IPv4-Mapped IPv6" address is then defined as: prefix is ::ffff::/96 (80 0 bits, followed by 16 1 bits) the remaining 32 bits are formed by the given IPv4 address
How is a forwarding table entry structured?
Each entry in the forwarding table contains: Destination IP address, which can be either: a full host address (i.e. non-zero host-id) a network address, with netmask depending on the value of a flag Information about next hop, either: IP address of next-hop router (must be directly reachable) IP address of directly-connected network (network address) Flags: A flag telling whether destination IP is host or network A flag telling whether next hop is a router or directly attached network Specification of outgoing interface
How does address resolution work in IPv6?
Each host maintains for each interface a cache that stores bindings between IPv6 addresses and link-layer addresses This cache only contains bindings for hosts/interfaces in the same subnetwork Address resolution relies on IPv6 multicast, which in turn is mapped to Ethernet multicast (when subnetwork is Ethernet)
What are exterior gateway protocols? Define some well known ones.
Exterior gateway protocols (EGP) are used between routers belonging to different AS Major EGP: BGP (Border Gateway Protocol) Defined in RFCs 1267 and 1268 BGP-V4: RFC 4271 A BGP router stores for networks in foreign AS a number of pathes towards this network: Such a path lists all intermediate AS, not individual routers These paths are not determined based on costs only, but also based on a policy Policies are specified based on political or economical considerations
What are the three stages of forwarding a forwarding table?
First look for an entry that is a full-host address matching dst - if found, send packet to indicated next hop / outgoing interface and stop processing This is not used very often Next look for an entry that is a network address matching dst - if found, send packet to indicated next hop / outgoing interface and stop processing Finally look for special default entry - if found, send packet to indicated next hop (the default router) and stop processing Otherwise drop packet, send ICMP message back to original sender of datagram
What is a CIDR netmask? give an example.
For a given 32-bit IP address the netmask specifies which bits belong to network-id and which bits belong to host-id The netmask consists of 32 bits, the left k bits are ones, the remaining bits are zeros Examples: 11111111.11110000.00000000.00000000 /12 11111111.11111111.00000000.00000000 /16 11111111.11111111.11100000.00000000 /19 11111111.11111111.11111110.00000000 /23 Where the massive string thing is the netmask, and the /?? on the end is the short hand
What host ID's are assigned in classful addressing?
For each network-id there are two special host-ids: Host-id with all zeros refers to the network as such Host-id with all ones is the broadcast address of this network Example: 130.149.0.0 refers to a class-B network 130.149.255.255 is broadcast address of this network 130.149.49.123 refers to a particular host in that network
What is a DNS nameserver?
For each zone multiple nameservers must be provided by the administrative owner of that zone A nameserver keeps a table of all name 7→ IP-address mappings in a zone When new host is added, administrator allocates name and IP address and enters them into table When host is removed, table entry is deleted as well
What are the negatives of using fragmentation?
Fragmentation/Reassembly creates significant overhead: Several datagrams transmitted per message, each one having full IP header Reassembly adds significant complexity to receiver Upon loss of single fragment the whole message is possibly re-transmitted by higher layers (TCP!) Fragmentation and reassembly complicates operation of application-level firewalls, since these also must implement reassembly logic Application-level firewalls look at user data of packets When user data is spread over several fragments, it must collect them all Exception: the part of user data that is of interest is known to fit in the first fragment
Briefly outline how classless inter domain routing works.
Fundamental question: how many bits to allocate to <network-id>? In the early days, this number was fixed to three different values (classful addressing) This proved inflexible, something better was needed CIDR = Classless Inter-Domain Routing Modern routing protocols (OSPF, RIPv2, BGP) use CIDR In CIDR a network is specified by two values: A 32 bit network address A 32 bit network mask (netmask)
What is the TotalLength field in the packet format?
Gives the total length of datagram in bytes (i.e. up to 65535) Can be modified during fragmentation and reassembly The TotalLength field is part of IP header, since some technologies (Ethernet!) pad up frames to achieve minimum frame size and do not reverse this
Referring to the ARP frame format diagram on page 59, what does each section of it mean? (DON'T CHEAT OR ELSE.. YOU ARE WORSE THAN JESUS)
HardType determines the type of MAC addresses used, 0x0001 for Ethernet 48-bit addresses ProtType determines the higher-layer protocol for which address resolution needs to be done, value 0x0800 for IP HardSize and ProtSize specify the size (in bytes) of the hardware and and protocol addresses - they are 6 and 4 for Ethernet and IP Op distinguishes between ARP-request and ARP-reply, and some other types (RARP is covered as well) The remaining four fields are the mentioned address fields
Outline the basics of a multicast address referring to flag combinations and scopes.
Have a prefix of ff00::/8 After the prefix follow: 4 bits for flags 4 bits for scope Allowed flag combinations: flag=0: well-known multicast address assigned by IANA flag=1: transient or dynamically assigned address flag=3: flag=7: Allowed scopes: scope=1: local to interface (loopback) scope=2: local to subnetwork, not routed scope=4, 5, 8: local to organization, must not leave network of organization, but can be routed internally across different subnetworks of same organization flag=e: global multicast address
Briefly outline what ICMP is.
ICMP = Internet Control Message Protocol Specified in RFC 792 This protocol: Accompanies IP by allowing routers or destination hosts to inform sender about "unusual" situations, including: There is no route to the destination Destination host exists, but is not reachable Fragmentation required but DF set Operates "on top" of IP, i.e. ICMP messages are encapsulated in regular IP datagrams Does not add any additional mechanisms (like error control) to the IP service IP sending host must not rely on ICMP messages
What are network interfaces?
IP addresses are assigned to network interfaces: When a host has three Ethernet adapters, it has three IP addresses, one for each adapter Since most hosts have only one adapter, we speak of the IP address of that host
How are IP addresses written?
IP addresses have a width of 32 bits They are supposed to be worldwide unique This is not really true anymore with NAT . . . IP addresses are written in dotted-decimal notation, e.g.: 130.149.49.77 where decimal (!) numbers are separated by dots
Briefly outline the address resolution protocol.
IP addresses only have a meaning to IP and higher layers In an Ethernet, stations have own 48-bit MAC addresses An Ethernet station picks up a packet only if the destination MAC address matches its own MAC address (ignoring broadcast/multicast), IP addresses and other packet contents are ignored An IP address is assigned to an Ethernet adapter ARP provides a binding service: it determines MAC address for given IP address ARP is specified in RFC 826 ARP is not restricted to Ethernet MACs, but in general is geared towards LANs with broadcast capabilities
What are routers, hosts and datagrams?
IP packets are called datagrams End stations are called hosts IP routers are called routers
What is IPv6 and its major features?
IP version 6 (IPv6) is specified in RFC 2460 (1998) It is the designated successor of IPv4 Major features: Huge address space, 128 bit addresses Mechanisms for autoconfiguration Allows to route all packets of a flow on the same path Many similarities to IPv4: connectionless best-effort service packets are routed independently addresses consist of network-part and host-part 2^128 ≈ 3.4 · 10^38 addresses
In IP networks what address field to routers look at and what do they do to determine the output port? Refer to forwarding tables.
In IP networks a router getting a packet on some input port looks at the DestinationAddress field to determine the output port The router consults a forwarding table: The forwarding table lists all networks the router knows with their <network-id> and the output port to send the packet to in order to reach that network The router performs a table lookup for an incoming packet, it searches the forwarding table for a matching network entry Time required for table lookup depends on the number of networks stored in the table
How does auto-host-configuration work in IPv6? this is VERY long but not very complex. Refer to the neighbor discovery protocol.
In IPv6 hosts interact with routers to determine their IP address, this does not need separate DHCP server DHCP servers can still exist, providing hosts with: DNS server addresses NTP server addresses . . . Key difference: a DHCP server in IPv6 responds with (almost) immutable data and does not maintain state State in IPv4: current list of allocated addresses! In IPv6 address construction is done using the neighbor discovery protocol (NDP), which also replaces ARP NDP relies on an extended version of ICMP, ICMPv6 Immediately after reboot a host determines the interface ID for each of its interfaces Then the host assigns a link-local ID to each interface It then sends a router-solicitation request to the well-known link-local multicast address ff02::2 Routers respond with a router-advertisement, including a list of available network prefixes Routers also send advertisements periodically to link-local multicast address Upon receiving router-advertisement, a host assigns an IPv6 address to its interface by: Selecting a prefix Concatenating prefix and interface identifier Furthermore, the host selects a default router for this interface (e.g. the one that sent the prefix) List of valid prefixes is maintained as soft-state, periodic router-advertisements refresh this state
Explain the next-header field in detail. This is the biggest field.
In IPv6 the main header is deliberately kept simple and these aspects have been moved to extension headers There can be several extension headers, placed contiguously after the main header There is a recommended order for the extension headers Each extension header has again a next-header field Last extension header specifies higher layer protocol in its next-header With one exception (hop-by-hop options) extension headers are ignored by routers and only processed by destination
How is a full host name represented?
In the written representation a full host name is represented by its name, followed by its domain, all labels are separated by "." Example: www.canterbury.ac.nz Here: www is the host name canterbury.ac.nz is its domain name
Outline how IPv6 interface identifiers work.
Interface IDs distinguish interfaces on a subnetwork (e.g. shared Ethernet network) Must be unique within that network Interface IDs have a size of 64 bits (except for addresses starting with 000) and follow modified EUI64 format Depending on type of network adapter they can be constructed directly from MAC address Example: Ethernet: Let aa:bb:cc:dd:ee:ff the Ethernet MAC address of the adapter To create a 64 bit interface ID two bytes ff and fe are inserted in the middle Results in ::aabb:ccff:fedd:eeff
How does IPv6 address allocation work?
Internet Service Providers (ISP) often get a /32 network from a RIR The ISP subdivides this into subnets at its discretion and allocates these subnets to customers It is required that end customers get at least /64 networks, but can be larger
What is the HeaderChecksum field in the packet format?
Is calculated over IP header only, not the data (TCP, UDP etc. have their own checksums to cover their data)
Outline the process of forwarding tables in hosts.
Most end hosts leverage the default route mechanism: An end host can differentiate between packets to local destinations and to all other destinations Packets to local destinations are delivered directly Packets to all other destinations are sent to default router Therefore, forwarding tables in end hosts can be made out of just two entries: One entry for the local network The default route The default route must be configured
Outline the process of forwarding tables in routers.
Most routers at the "border" of the Internet only have forwarding table entries for a subset of all networks attached to the Internet, for all other networks they rely on default routers Some routers in the core: do not have a default router are the default routers of other routers must know (almost) all the Internet networks
Referring to DNS, what are names, addresses and binding services?
Names denote / refer to "things" In general: persons, cats, ships, . . . In networks: nodes, networks, data, transactions, . . . Often, but not always: names are unique Addresses: information needed to find these things Street address, IP address, MAC address Often, but not always, unique Addresses often have hierarchical structure to support their intended use, e.g. in routing protocols Binding services: map names to addresses or vice versa (also called name resolution) Example: DNS maps www.canterbury.ac.nz to 132.181.2.23
Briefly outline some other problems of IPv4.
No security architecture No (easy) support for Quality-of-Service No (easy) support for mobility: IP addresses are tied to network locations (through network part of IP address) When network part changes, IP address changes Changing IP address breaks ongoing TCP connections or UDP sessions Routers have to re-compute checksum field for each packet after TTL adjustment Requires additional configuration mechanisms, e.g. DHCP, ARP
Outline the basic packet processing cycle using the image on slide 33 for reference as it is a lot to remember.
Packet processing chain is followed in routers and hosts Incoming packets are checked for correctness and stored in IP input queue - correctness includes: right value in IP version field correct IP header checksum Next, packet options are processed: Options are rarely used Special case: source routing option, then packet is delivered to IP output stage Next, it is checked if packet is destined to this host / router or to broadcast address If so, protocol demultiplexing is carried out: The protocol field in IP header is checked for its value Packet payload is delivered to the software entity implementing the indicated higher-layer protocol Packet is not processed any further! If packet is not destined to this host/router or broadcast address: If packet forwarding is not enabled, the packet is dropped Otherwise: Check if packet is destined to a directly reachable station (e.g. on same Ethernet) - if so, deliver packet directly If packet is not destined to directly reachable station, consult forwarding table to determine next hop / outgoing interface Decrement TTL value, drop packet when it reaches zero Recompute packet header checksum Hand packet over to outgoing interface Forwarding table is maintained by a routing daemon, i.e. a process executing a routing protocol Note that datagrams to be routed can come from local applications or from other hosts via IP input queue
What are reserved IP address blocks and what are some of the more common ones?
Private-use IP addresses are often used for broadband clients or by NAT boxes The "traditional" loopback address of a host is 127.0.0.1, but any address from 127.0.0.0/8 network serves same purpose Packets with private addresses are not routed in the public internet, only within the provider network 10.0.0.0/8 Private-use IP networks 127.0.0.0/8 Host loopback network 169.254.0.0/16 Link-local for point-to-point links (e.g. dialup) 172.16.0.0/12 Private-use IP networks 192.168.0.0/16 Private-use IP networks
What is the Protocol field in the packet format?
Protocol field indicates the higher-layer protocol that generated the payload This field provides protocol multiplexing In other words: provides different SAPs
What four classes does classful addressing divide IP addresses into?
Refer to slide 21 as it is 90% images
Draw a nice sexy picture of the packet format in IPv6.
Slide 88. Dat image. Dat's it.
What are the source-quench, TTL expiration and Fragment reassembly timeout type/code combinations, and what do they do?
Source-quench (type=4, code=0): generated by an IP router when it has to drop a packet because of congestion Intention is to let source host throttle its rate TTL expiration (type=11, code=0): generated by an IP router when it drops a packet because its TTL value reached zero Fragment reassembly timeout (type=11, code=1): Generated by destination when not all fragments of a message have been received within timeout Used to invite higher-layer protocol at sending host to re-transmit message IP itself does not perform any retransmission!
What is the TOS/DSCP field in the packet format?
TOS = Type Of Service, DSCP = DiffServ Code Point Allows to mark packets for differentiated treatment to achieve Quality-Of-Service (QoS), e.g. express priorities DiffServ [6] is framework for Internet QoS, another is IntServ [14] Most routers ignore the TOS/DSCP field
What are the destination unreachable type/code combinations (one type many codes)?
The "destination-unreachable" messages (type=3): code=0 (destination network unreachable) and code=1 (destination host unreachable): generated when: router finds that the cost to reach a non-directly connected host are infinity (e.g. are link failure) router could not deliver datagram to directly connected host code=2 (protocol unreachable): IP datagram refers to non-existent higher-layer protocol in destination (compare protocol-type field) code=3 (port unreachable): used with TCP / UDP code=6 (destination network unknown) and code=7 (destination host unknown): generated when: a router could not determine a next-hop to a non-directly connected host or network In these messages first 32 bits of the variable ICMP message part are 0, following bytes contain IP header and first few bytes of offending IP datagram
Applying a routing protocol to the internet would be super dumb and not possible. What is done instead?
The Internet therefore is subdivided into autonomous systems (AS): An AS is administered by one authority An AS has a unique 16-bit identifier Examples: a University campus, a corporation Routing protocols that route . . . within an AS are called interior gateway protocols across AS are called exterior gateway protocols
Outline the DNS query process
The host hands over a name to its local resolver Example: www.canterbury.ac.nz The resolver library sends a request to its nameserver The nameserver: Checks if the requested name is in its zone table If so, it returns a response to the resolver, which includes the name → IP-address binding Otherwise, it contacts a root name server Currently there are 13 known root servers The nameserver must know IP addresses of all of them as part of its configuration The root server returns name and address of a nameserver responsible for the top-level domain of the request Here: nz It next connects to the nameserver for zone nz, which returns name and address of the nameserver for zone ac.nz It next connects to the nameserver for zone ac.nz which returns name and address of the nameserver for zone canterbury.ac.nz It next connects to the nameserver for zone canterbury.ac.nz which then returns the IP address for host www.canterbury.ac.nz
Is the header format of IPv6 better than IPv4? why?
The main header of IPv6 is simpler than the one of IPv4 The header format is extensible by explicit introduction of extension headers It is easier to add additional extension headers than to modify existing packet header structure to accommodate new function extension headers replace functions that previously had own fields in IPv4 header, e.g. fragmentation Note: no header checksum =⇒ no re-calculation after hop-limit modification
For the 11 cards after this one, what diagram should i refer to?
The one on slide 11 if you know whats bad for Pree. For all of them when applicable use big endian byte ordering.
What are primary and secondary nameservers and why do they exist?
There are primary nameservers and secondary nameservers: These are independent and redundant servers Reason: fault tolerance A primary nameserver reads the mapping table from a file A secondary nameserver reads mappings from primary nameserver (zone transfer) Secondary nameservers update their tables regularly against a primary nameserver A nameserver can handle several zones
What is the internal structure of an IP address?
They have an internal structure: <network-id> <host-id> where: <network-id> denotes a network (e.g. an Ethernet) <host-id> refers to a host within this network The <host-id> must only be unique w.r.t. its network
What is a maximum transmission unit and why does it need to be defined?
This maximum size is also known as maximum transmission unit (MTU) Higher-layer protocols (TCP, UDP) and applications should not be required to know these maximal sizes: One reason: "software hygiene", separation of concerns Another reason: it is not well defined: Different packets of the same flow can take different routes A packet can use different technologies while on travel Even if all packets go the same route, this route can change due to link failures / restores
Briefly outline the process of fragmenting and reassembling messages.
To cope with smaller MTUs: Sender IP instance partitions message into fragments Fragment size is chosen as MTU of outgoing link Each fragment is transmitted individually as a full IP packet, with header information specifying that this is a fragment and giving the position of fragment in whole message IP instance at destination buffers received fragments, re-assembles message and delivers to higher layers In addition, every intermediate router can: fragment a full message further fragment a fragment when necessary for transmission on next hop
What is the Identification field in the packet format?
Uniquely identifies each datagram sent on a given interface Incremented by source host before sending new datagram Routers do not touch this field
What are all the address ranges for IPv6?
Unspecified address: ::/128 Loopback address: ::1/128 Multicast address: FF00::/8 Link-local unicast: FE80::/10 Global unicast: everything else Anycast addresses are taken from unicast address spaces A certain subspace of global unicast addresses is reserved for embedded IPv4 addresses (useful for IPv4 - IPv6 integration)
What are some temporary solutions to the IPv4 problem?
Upcoming shortage of addresses known since long time, "temporary" solutions have been adopted: NAT boxes Dynamic temporary assignment from address pool (DHCP)
Given three stations A, B and C, where A and B are in the same IP network, outline in depth how the ARP would operate. Make sure to mention address resolution and the ARP Cache! Longest card in the history of quizlet - prepare your rectum.
We have two stations A and B attached to the same Ethernet, having the following addresses: MAC A:11:11:11:11:11:11 B: 22:22:22:22:22:22 IP A:130.149.49.11 B:130.149.49.22 Both A and B are in the same IP network 130.149.49.00/24, which is an Ethernet network Station A wishes to send an IP packet to address 130.149.49.22 and does not yet have any information about the corresponding MAC address Each station maintains an ARP Cache, which stores the mappings from IP to MAC addresses that the station currently knows about Station A broadcasts an ARP-request message (displayed in wireshark as arp who-has), indicating: A's own IP and MAC address B's IP address Broadcasting means: packet is sent to Ethernet broadcast address!! Any host C having an IP address other than 130.149.49.22 simply drops the ARP-request packet Upon receiving the ARP request, host B (with IP address 130.149.49.22) performs the following actions: It stores a binding between between A's IP and MAC address in its own ARP cache It responds with an ARP-reply packet that includes: B's MAC and IP address A's MAC and IP address ARP reply is unicast to A's MAC addr. (Why no broadcast?) Upon receiving ARP response from B, station A stores a binding between B's IP and MAC address in its ARP cache This procedure is called address resolution ARP does not make any retransmissions in case the ARP request is not answered, this is left to higher layers If a station wants to send an IP packet to a local destination with address xx.xx.xx.xx, it: first checks the ARP cache whether a binding for xx.xx.xx.xx can be found If so, the packet is encapsulated in an Ethernet frame and directed to the MAC address found in the ARP cache Otherwise, the address resolution procedure is started and the packet is sent when the result is available
What happens when the destination receives its first fragment? A hint is TIMERS OK DUDE.
When the destination receives the first fragment, it: Allocates buffer large enough for whole message Starts a timer When all fragments arrive before timer expiration: Timer is canceled Re-assembled packet is handed over to higher layers Buffer is de-allocated When timer expires before all fragments have arrived: The already received fragments are dropped, buffer is freed ICMP message (type 11, code 1) is sent to source host
How does host configuration work in IPv4? refer to DHCP.
With IPv4 a host needs to obtain at minimum the following information before attaching to the Internet: An IPv4 address An IPv4 netmask Address of default router Addresses of name servers (DNS) Addresses of NTP servers . . . This information has been supplied using DHCP A DHCP server maintains a pool of IP addresses Hosts request an address from this pool Address allocation is soft-state Problem: DHCP server must be provided and configured
What is the Time-To-Live field in the packet format?
gives upper limit to number of routers a packet can traverse decremented by each router, forces re-computation of checksum when TTL=1 and packet cannot be directly delivered to destination, datagram is discarded, sender is notified (ICMP message) Typical initial values: 32 or 64
What is the FragmentOffset field in the packet format?
is used for fragmentation and reassembly gives the offset of the current fragment within entire datagram, in multiples of eight bytes
What are the next-header, hop-limit, and source/destination addresses fields in the packet diagram of IPv6?
next-header is a dual-use field: it either encodes the encapsulated higher-layer protocol (e.g. TCP, UDP, or encapsulated IPv4/IPv6) or it specifies the type of the next extension header 6 Encapsulated payload is TCP segment 17 Encapsulated payload is UDP datagram 0 Next header contains hop-by-hop options 43 Next header contains routing options 44 Next header is fragmentation header 50 Next header concerns payload encryption 51 Next header is authentication header hop-limit: similar to IPv4's TTL field source-address and destination-address: contain IPv6 addresses of source and destination
What is the HdrLen field in the packet format?
specifies the length of IP header as number of 32-bit words If the Options field does not use a multiple of 32 bits, a Padding field is used to fill up to 32 bits When HdrLen > 5, then an Options field is present
Referring to the ICMP message format diagram on page 62, what does each section of it mean? (DON'T CHEAT OR ELSE.. YOU ARE WORSE THAN PONG)
type and code specify actual ICMP message type and sub-type checksum covers ICMP header and data, with checksum assumed as zero
What are the version, traffic-class, flow-label and payload-length fields in the packet diagram of IPv6?
version field: IP version number, fixed to 6 traffic-class: allows to treat traffic of different applications (e.g. Voice over IP vs. web traffic) differently, related to Quality-of-Service flow-label: allows application of label-switching: All packets of the same flow can be handled to take the same route when appropriate routing / forwarding protocols are used Useful for traffic engineering payload-length: denotes length of payload in bytes, without main header