IP / ICMP / ARP / DHCP
Internet Protocol (IP) • Transport packets across routed network/Internet – Packets called “datagrams” – Systems on Internet ...
Internet Protocol (IP) • Transport packets across routed network/Internet – Packets called “datagrams” – Systems on Internet have unique “IP address” • Hierarchical for global routing
• Data Fragments – IP datagram can be large (216 bytes) – May need to go into smaller link-layer protocols (Ethernet) – Has to broken up or “fragmented”, before transmission and then reassembled when received
IPv4 vs IPv6 • IPv4 – Protocol created in 1974 (Cerf, Kahn) – Foundation of modern Internet – Problems • No built in security • Small address space (2^32 or ~4 billion addresses)
• IPv6 – – – – –
Larger address space 2128 Improved multicasting Autoconfiguration Mobility Improved routing
IPv4 Header •
Version (IPv4/IPv6)
•
Hlen – # of 32 bit words in header
•
Type of Service – Differentiated services field (e.g., routine, critical)
•
Length - # of bytes in payload (max 65,535)
•
Identification of fragments
•
Flags/Offset – identify of fragmenting information
•
Time to Live- # of routers packet can traverse
•
Protocol – what higher level protocol is used (TCP, UDP)
•
Addresses – 32bit source, destination addresses
•
Options – (e.g. loose/strict source routing)
IP Addressing • IP Address: – 32 bit address, range [0.0.0.0-255.255.255.255]
• Class of address (identified by first few bits) – Class A: First bit = 0 • 0.0.0.0 – 127.255.255.255
• Hierarchical address (two parts): – Network Address • First x bits of address • Identifies the network of the host
– Host Address: • Last (32-x) bits of address • Identifies the host on the network
– Class B: First two bits = 10 • 128.0.0.0 – 191.255.255.255
– Class C: First 3 bits = 110 • 192.0.0.0 0 223.255.255.255 • s
Fragmentation/Reassembly • Link protocols has Maximum Transmission Unit (MTU) • IP packets must be fragmented when sent across a link with a smaller MTU – Ensures correct reassembly – Set IP “M” flag, – Offset field specifies bytes of offset
Classless Inter-Domain Routing (CIDR) • Transition away from address classes – Enables more conservative allocation of IP addresses
• CIDR notation – Specify network through combination of IP address and routing prefix – Specify subnets for more granular control of address space
• Example: 69.166.48.43/23 IP address Routing prefix
Subnet Examples
CIDR Route Aggregation
Address Resolution Protocol (ARP) •
Problem: – We need to send message to some IP address, but don’t know what MAC address to send to
•
ARP – Protocol to query machines on a network for the correct MAC address • Broadcasts “Who has IP address: 1.2.3.4”??? • 1.2.3.4 should respond “MAC address 00:11:22:33:44:55, for 1.2.3.4”
– System can now correctly address the link layer frame
•
Gratuitous ARP (often done on start up) – Broadcast ARP message with senders IP and MAC address
•
Security Issue: – Attacker can send ARP reply's with wrong address to hijack network traffic!
ARP Packet 1 = Ethernet
Address length Hlen = Link Plen = Net
• Example….
0x0800 = IPv4
1=Request 2=Reply
ICMP • Protocol to support network diagnosis/error reporting • Can identify sender when an error message occurs: – Type 3 -Destination host unreachable • Host, network, or port unreachable
– Type 11 – TTL expired – Type 3 – Echo Request • Ping another system, to ask for a response
Dynamic Host Configuration Protocol (DHCP) • Question: – How do hosts get an IP address, netmask, routing when they first join a network?
• DHCP – DHCP Server has some pool of addresses to allocate to systems
• Protocol – Discovery – client sends broadcast UDP packet asking for an address lease – Offer – server will offer a lease for an address – Request – client a sends acknowledgement that they want to accept the offer – Acknowledgement – includes lease configuration information and duration
IPv6
IPv6 • Addresses – 1234:5678:9abc:def0:1234:5678:9abc:def0 – Consecutive 0000s can be shortened with :: • 1234:5678:9abc:0000:1234:5678:9abc:def0 • 1234:5678:9abc::1234:5678:9abc:def0
– Private address: fc00::/7
• Acquiring – DHCPv6 – Stateless autoconfig
IPv6 Header • Traffic Class = IPv4 TOS • Flow Label – identify the flow, along with src & dst address, used by routers • Hop limit = IPv4 TTL • Next Header – Transport Layer header – IPv6 extension header • Routing • Security • Fragmentation
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| Traffic Class | Flow Label | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Payload Length | Next Header | Hop Limit | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Source Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Destination Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +---------------+----------------+-----------------+----------------| IPv6 header | Routing header | Fragment header | fragment of TCP | | | | header + data | Next Header = | Next Header = | Next Header = | | Routing | Fragment | TCP | +---------------+----------------+-----------------+-----------------
Acquiring an IPv6 Address • Stateless auto configuration – Address has • Subnet prefix (64 bits) • Link local (64 bits) – Automatically set to MAC address with 0xFFFF after 24 bits
• ICMPv6 – Includes Router Advertisement messages – Contain routing prefixes – Nodes can also send Router Solicitation messages
• Applied alone to prevent spoofing, or with ESP – SPI – unique identifier for Security Association – Sequence Number – increasing number, (shouldn’t cycle to prevent replay attack) – Authentication Data – encrypted hash
---^Auth. |Cov|erage | ---| ^ | | |Conf. |Cov|erage* | | v v ------
• Provides confidentiality to message – SPI/Sequence Number – same as AH – Payload Data – encrypted with symmetric key algorithm
IPv6 Routing • Improve because: – No “checksum” • In IPv4 checksum has to be recomputed each hop since TTLs decrement • IPv6 still decrements hop limit, but no checksum to recompute