Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
TCP/IP
Page 1
CONTENTS
INTRODUCTION TO TCP/IP
IP LAYER PROTOCOLS
IP OVER LAN / MAN / WAN TCP/IP : TRANSPORT LAYER
TCP/IP : APPLICATIONS
IP NETWORK INTERCONNECTIONS NETWORK ADMINISTRATION SECURITY IP VERSION 6
TCP/IP
Page 2
TCP/IP
Page 3
DEFINITIONS
Network architecture covers all the hardware and software resources for interchanging data between two remotely located data processing systems The OSI model (Open Systems Interconnection) is a 7-layer architecture for communication between two open systems Communication between layers is defined by the concept of service Communication between peer layers is defined by the concept of communication protocol The TCP/IP architecture incorporates only three functional layers
TCP/IP
Page 4
FUNCTIONAL STRUCTURE
Transport Network
TCP/IP
Page 5
ENCAPSULATION
Layer (N+1)
(N+1) - PDU
(N)-PCI
(N) - SDU
Layer (N)
(N) - PDU
PDU : Protocol Data Unit SDU : Service Data Unit PCI : Protocol Control Information
Convention Layer 1 PDU : bit Layer 2 PDU : frame Layer 3 PDU : packet Layer 4 PDU : message
TCP/IP
Page 6
- TRANSFER
- RELEASE Connectionless mode has only one phase: - TRANSFER
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000
TCP/IP
Page 7
RELIABLE TRANSFER
The concept of reliable transfer involves 3 functions: - SEQUENCING - ERROR RECOVERY - FLOW CONTROL
TCP/IP
Page 8
CLIENT-SERVER MODEL
A machine (host) running a SERVER software package (process), responds to requests sent by a CLIENT
It is always the CLIENT that sends requests to the server
TCP/IP
Page 9
ARCHITECTURES
OSI Architecture
Application Presentation Session Transport VT, FTAM, X400,CMIP ASN.1 X409 ISO 8326
Novell Architecture
TCP/IP Architecture Telnet FTP, NFS SMTP HTTP SNMP TCP UDP IP
Microsoft Architecture
NCP SAP
S.M.B. NetBios
NetBeui
SPX
IPX FDDI DQDB MAN
Network
Link Physical
HDLC, LAP-B, FR, ATM, X21, V35, S,T Copper, FO, Microwave WAN
802.2 802.x
LAN
TCP/IP
Page 10
IP-RELATED ORGANIZATIONS
ISOC ("internet society") defines policy and development objectives IAB (Internet Activities Board) coordinates research and development activities IETF (Internet Engineering Task Force) manages technical standards IRTF (Internet Research Task Force) responsible for network development NICs (Network Information Centre) In France : AFNIC (www.nic.fr) In United States : INTERNIC (www.internic.net)
TCP/IP
Page 11
The RFCs published by the IETF are the equivalent of ITU recommendations RFCs have no version N, but the number is changed on each update. Everyone can contribute
Document references on protocols and services Technical publications on networks Since 1969 (ARPANET) : more than 2300 RFCs Freely available over the Internet (www.internic.net) Not all RFCs are equivalent to standards
State
Standard Draft standard Proposed Experimental Informational
Status
Required Recommended Elective Limited use Not recommended
TCP/IP
Page 12
TCP/IP ARCHITECTURE
ping
IGP / EGP
ICMP
FDDI MAN
True or False
IP was created in the beginning of the 80 s, when the first PCs appeared. The OSI model has been defined in order to classify TCP/IP protocols. Both IP and X25 protocols allow to transmit data, but with different advantages
TCP/IP
Page 14
TCP/IP
Page 15
IP LAYER
IP : MEDIATION LAYER
WAN ppp
PSTN ISDN
Internet
FDDI
TCP/IP
Page 17
IP ADDRESSES (V4)
10010110 150 .
00001010 10 .
00010100 20 .
00011110 30
TCP/IP
Page 18
IP ADDRESSES : CLASSES
Net Id
Host Id
Net Id
Host Id
TCP/IP
Page 19
IP ADDRESSES : CLASSES
Nets : 128
Class A : NET ID 1st octet, Host ID 3 octets. 1st octet value from 1 to 126 Nets : 16 384 Hosts : 65 534
Class B : NET ID 2 octets, Host ID 2 octets. 2nd octet value from 128 to 191
Hosts : 254
Class C : NET ID 3 octets, Host ID 1 octet. 1st octet value from 192 to 223
TCP/IP
Page 20
IP ADDRESSES : FEATURES
150.10.0.0 represents any host on network 150.10 Value 1 : represents ALL Hosts 150.10.255.255 represents all hosts on network 150.10
TCP/IP
Page 21
IP ADDRESSES : FEATURES
Any station can be reached at its UNICAST address Eg. : 150.10.20.30 Any station can be reached at its BROADCAST address Selected broadcast Eg. : 150.10.255.255
TCP/IP
Page 22
IP ADDRESSES : MASK
The function of routing is to reach any host in a network Eg. : 150.10.0.0 The HOST part of the UNICAST address must be masked Eg. : 150.10.20.30 must be converted to 150.10.0.0 A logical AND must be applied to the UNICAST address and the mask value Configuring a mask entails: Setting the NET part to 1 and the Host part to 0 It is therefore sufficient to know the class Eg. : for network 150.10, class B, the mask will be:
255.255.0.0
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000
TCP/IP
Page 23
IP ADDRESSES : MASK
00001010 10 11111111 .
00010100 20 00000000 .
00011110 30 00000000
255
10010110
255
00001010
00000000
00000000
150
10
TCP/IP
Page 24
IP ADDRESSES : FEATURES
IP network 192.1.1.0
192.1.1.1 192.1.1.2 192.1.1.3
Requirements Two stations separated by router: Different network Ns Two stations connected with no router: Same network Ns
128.15.1.13 128.15.187.1
IP network 128.15.0.0
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000
TCP/IP
Page 25
Logical network N1
Logical network N2
Packet ready to send C:\netstat -r network address 0.0.0.0 127.0.0.0 150.10.0.0 150.10.20.30 255.255.255.255 150.10.255.255 224.0.0.0 network mask 0.0.0.0 255.0.0.0 255.255.0.0 255.255.255.255 255.255.255.255 255.255.255.255 224.0.0.0 Gateway addr. 150.10.20.31 127.0.0.1 150.10.20.30 127.0.0.1 150.10.20.30 150.10.20.30 150.10.20.30
Routing table
metric 1 1 1 1 1 1 1
Page 26
Logical network N1
Logical network N2
Routing table
LAN
Interface
ARP cache
No Entry
ARP cache
08 20 02 12 63 48
150.10.20.30
TCP/IP
Page 27
ADDRESSING BY SUBNETWORK
Network 2 160.10.0.0 Network 3 170.10.0.0
Network 1
150.10.0.0
S/Network 3
S/Network 1
S/Network 2
TCP/IP
Page 28
ADDRESSING BY SUBNETWORK Example: Class B address 150.10.0.0 can be subnetted using one of the masks below, depending on the number of subnetworks required
N of bits 2 3 4 5 6 7 8 9 etc.
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000
ADDRESSING BY SUBNETWORK
Network 2
160.10.0.0
Network 1 150.10.0.0 Network 3 170.10.0.0
160.10.128.0
TCP/IP
Page 30
RFC 1918
The following network numbers are not routed on the Internet
Class A 10.0.0.0
Class B
172.16.0.0 to 172.31.0.0
Class C
192.168.0 to 192.168.255
Natural segregation of private traffic from Internet traffic Requires the presence of an address translator Network Address Translator (Router function) The NAT does not replace the FireWall and/or Proxy Server
TCP/IP
Page 31
ADDRESS TRANSLATION
Firewall
Internet
Translator
ISP
@priv1,150.10.20.30 @pubA,194.10.212.47
@priv2,150.10.20.31
@priv3,150.10.20.32
@pubA, 194.10.212.49
@pubA, 194.10.212.49
Translator location In the Firewall In the router Types of translation N private @ to 1 public @ N private @ to M public @ 1 private @ to 1 public @
Example : N to M
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000
TCP/IP
Page 32
Frame header
IP packet
Physical frame
CRC
TCP/IP
Page 33
ICMP packet
Network 1
Network 2
Network 3
IP packet
TCP/IP
Page 34
15
TYPE CHECKSUM
CODE
Frame header
IP header
DATA
ICMP packet
CRC
TCP/IP
Page 35
Ping 150.10.20.30
Network 1
Network 2
Network 3
IP
ICMP
ECHO REPLY
Note: a ping in itself checks IP layer activity only, and not the network board
TCP/IP
Page 36
ICMP REDIRECT
Network 3 Network 2
Server
2
R1 3
R2 5
Default gateway:
R1
Client
TCP/IP
Page 37
Traceroute is a software tool for identifying nodes crossed by an IP datagram sent to a remote machine. Traceroute is based on the use of "TTL exceeded" ICMP messages.
B
TTL=1
R1
TTL=2
R2
TTL= 3
R3
...
Rn
TTL= n
TCP/IP
Page 38
DHCP client
DHCP client
DHCP client
DHCP server
TCP/IP
Page 39
INITIALIZATION
DHCP DISCOVER
Source Address: 0.0.0.0 Dest. Address: 255.255.255.255
DHCP client
DHCP server
TCP/IP
Page 40
SERVER SELECTION
DHCP OFFER
Source Address: 150.10.20.30 Dest. Address: 255.255.255.255 IP Address: 150.10.20.31 Subnet Mask: 255.255.0.0 Server Identifier: 150.10.20.30 Lease Length: 48 Hours
DHCP client
150.10.20.30
DHCP server
TCP/IP
Page 41
DHCP REQUEST
Source Address: 0.0.0.0 Dest. Address: 255.255.255.255 Req IP Address: 150.10.20.31 Server Identifier: 150.10.20.30 Requested Parameters........
150.10.20.30
DHCP client
DHCP server
TCP/IP
Page 42
ATTACHMENT
DHCP ACK
Source Address: 150.10.20.30 Dest. Address: 255.255.255.255 IP Address: 150.10.20.31 Subnet Mask: 255.255.0.0 Server Identifier: 150.10.20.30 Lease Length: 48 Hours Default Gateway: 150.10.20.35 Other Requested Parameters....
150.10.20.30
DHCP client
DHCP server
TCP/IP
Page 43
RENEWAL
DHCP REQUEST
Source Address: 150.10.20.31 Dest. Address: 150.10.20.30 Req IP Address: 150.10.20.31 Server Identifier: 150.10.20.30 Requested Parameters........
150.10.20.30
DHCP client
150.10.20.31
DHCP server
TCP/IP
Page 44
REATTACHMENT
DHCP REQUEST
Source Address: 150.10.20.31 Dest. Address: 255.255.255.255 Req IP Address: 150.10.20.31 Server Identifier: 150.10.20.30 Requested Parameters........
DHCP server
TCP/IP
Page 45
EXTENDED INTERSECTION
Extended
Extended
DHCP server 1
150.10.20.1 to 150.10.20.100
150.10.20.75 to 150.10.20.175
DHCP server 2
Page 46
True or False
IP is named this way because it can interconnect any type of networks. An IP characteristic is as follow : Best Effort Delivery ; So, it s a protocol ideal for voice transmission. A broadcast packet never goes through routers. The mask is used for IP packets routing. A router has several IP addresses, one per each connected network. ICMP goal is to allow IP packets to go correctly to the destination. An IP host can not work correctly if DHCP is not managed.
True False
TCP/IP
Page 47
TCP/IP
Page 48
IP
TCP/IP
Page 49
Source
48 bits
Type
16 bits
IP Header
Data
0x0800
IP datagram
Destination
48 bits
Source
48 bits
Data length
16 bits
DSAP
8 bits
SSAP
8 bits
Ctrl
8 bits
IP header
Data
IP datagram
TCP/IP
Page 50
A B
Router
ARP Request
Mac Broadcast
IP(A) = 150.10.20.30 IP(B) = 150.10.20.31 Eth(A) = 00 10 7B 38 52 EC Eth(B) = ?
TCP/IP
Page 51
A B
Router
ARP Request Mac Broadcast IP(A) = 150.10.20.30 IP(B) = 160.10.20.31 Eth(A) = 00 10 7B 38 52 EC Eth(B) = ?
TCP/IP
Page 52
POINT-TO-POINT PROTOCOL
PPP is a layer 2 protocol (HDLC type) Usable on transparent circuit with synchronous or asynchronous transmision Basic functionalities Link configuration and link option negotiation Protocol multiplexing by encapsulation and identification Link quality testing and error detection Authentication Header compression Choice of CRC Incorporates sub-protocols LCP (Link Control Protocol) IPCP (IP Control Protocol) NCP: Network Control Protocol
TCP/IP
Page 53
PPP AUTHENTICATION
PAP Password Authentication Protocol Plain text password CHAP Challenge Handshake Authentication Protocol
Challenge (random) Challenge (random) Secret password
Secret password
MD 5
MD 5
PPP client
Reply
rcvd
OK or OK
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000
= calc
TCP/IP
PPP server
Page 54
LAN 1
@X121 R1
@X121 R3
LAN 3
@X121 R2
802.3/5
TCP/IP
Page 55
LAN 1
DLCI R1
DLCI R3
LAN 3 FR network
DLCI R2
802.3/5
TCP/IP
Page 56
LAN 1
VPI/VCI R1
VPI/VCI R3
802.2 AAL/ATM
ARP table
@IP --> @MAC ...
802.3/5
Frame Relay
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000
TCP/IP
Page 57
True or False
IP packets are segmented into packets of 1500 bytes for delivery to the lower layer. ARP allows to find an IP host by knowing the MAC address. PPP is a protocol at the same layer as Ethernet
True True
Page 58
TCP/IP
Page 59
APPLICATION-ORIENTED ADDRESSING
Appli X Client
Appli Y Server
Appli Z Server
Appli X Server
Appli Y Client
Station A
Station B
TCP - UDP IP
TCP - UDP
IP
TCP/IP
Page 60
Protocol
File Transfer Protocol [Default Data] File Transfer Protocol [Control] Telnet Simple Mail Transfer Protocol Domain Name Server Bootstrap Protocol Server Bootstrap Protocol Client Trivial File Transfer Protocol Finger World Wide Web HTTP Kerberos Post Office Protocol - Version 2 Post Office Protocol - Version 3 SUN Remote Procedure Call SNMP SNMP TRAP Remote Process Execution Remote Login RIP
Keyword ftp-data ftp telnet smtp domain bootps bootpc tftp finger www-http kerberos pop2 pop3 sunrpc snmp snmptrap exec login router
TCP/IP
Page 61
Connection-oriented mode 3 Phases : Set-up - Transfer - Release Reliable transfer mode Fragmentation (octet stream) Guaranteed sequencing Error recovery (timer protection) Window flow control "Forced delivery" option PSH flag "Urgent data" option URG flag
TCP/IP
Page 62
TCP client A
<SYN> Snd SEQ N : 3256 <ACK> Snd SEQ N : 3257 Ack SEQ N : 2651
TCP server B
<ACK> <SYN> Snd SEQ N 2650 Ack SEQ N 3257
IP network
IP
TCP/IP
Page 63
Client Appli
TCP
SYN 3256
IP network
TCP
Server Appli
S e t u p T r a n s f e r
ACK 3257, SYN 2650 ACK 2651 PSH 3257, ACK 2651, lg=100
ACK 3357, PSH 2651, lg=500 ACK 3151 ACK 3357, PSH 3151, lg=200 ACK 3357, PSH 3351, lg=600
ACK 3951
TCP/IP
Page 64
TCP client A
<END> Snd SEQ N 3357 <ACK> Snd SEQ N 3258 Ack SEQ N 3952
TCP server B
IP network
IP
TCP/IP
Page 65
TCP : FORMAT
0 7 SOURCE PORT N DESTINATION PORT N SEND SEQUENCE NUMBER ACKNOWLEDGEMENT NUMBER OFFSET RESERVED WINDOW CHECKSUM URGENT POINTER OPTIONS + PADDING URG ACK PSH RST SYN FIN 15
TCP segment
crc
TCP/IP
Page 66
Connectionless mode transport protocol Transactional traffic oriented Also used by applications which have control over transmissions (eg.: tftp) In network terms, reduced overhead compared to TCP UDP packet checksums calculated in a pseudo-header (UDP header + source and destination IP addresses sent are replaced by IP source and IP local ports in receive mode) Used by NFS, BOOTP, TFTP, SNMP, RIP, ...
TCP/IP
Page 67
UDP : FORMAT
15
DATA
UDP segment
CRC
TCP/IP
Page 68
SOCKET INTERFACE
TCP/IP
Page 69
True or False
All the applications must use TCP or UDP to access the IP network. If an application is associated to a port number, it means that this application is connected to the Internet at this moment. The checksum on the TCP/UDP header also allows to verify parts of the IP header. TCP is defined as reliable because it has 3 working steps : Establishment, Transfer, Release. A WEB server will always listen on its dedicated port (port 80). Either, this server will not work at all. All TCP messages must be acknowldeged. If UDP is used to send data, the transmission may become reliable by adding controls in the application layer part.
TCP/IP
False False
True False
False
True True
Page 70
Complete the following protocols stack : Applications Ping, traceroute, ... Applications protocols Sockets (Port + @IP)
TCP
(Reliability, Robust)
UDP
(Speed, Simple)
ICMP
IP
(Routage)
LAN
RTC
ATM
X25
TCP/IP
Page 71
TCP/IP
Page 72
NAME SERVICE
The user manipulates server names and the network manipulates a server IP address. Problems: Finding an IP address based on a host name
TCP/IP
Page 73
"Static" resolution Host (standard) or lmhosts (Netbios) file 150.10.20.30 Mon_Host 150.10.20.31 Ton_Host "Dynamic" resolution DNS Standard TCP/IP name resolution Replaces the hosts file WINS Netbios resolution Replaces broadcasts and lmhosts file
TCP/IP
Page 74
DNS RESOLUTION
History Impossible to load a hosts file into all Internet stations Domain Name Service standardized by RFC Principle Names organized hierarchically in a Domain Name Tree Simple request / response interchange protocol Uses UDP and TCP Cooperation between servers forming a network
TCP/IP
Page 75
.
ru com fr jp
alcatel
alcatel
alcatel
co
mow
www.mow.alcatel.ru
usa
www.usa.alcatel.com
europe
www.europe.alcatel.fr
alcatel
www.alcatel.co.jp
TCP/IP
Page 76
Open to all Com : Commercial (highest demand!) Edu : universities Net : network domain companies Org : miscellaneous organizations Int : international (little used) Reserved for United States Gov : American government And also Mil : American military Firm : Business (to alleviate .com) Shop : Trader Country (ISO naming) Web : Company working for the Web Fr : France Arts : Culture and events Rec : Recreation and leisure Uk : United Kingdom Info : Content editors, media Ru : Russia Nom : Personal home pages
TCP/IP
Page 77
RECURSIVE SEARCH
.
2 3
Root servers
com
4 5
fr alcatel europe
www.europe.alcatel.fr
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000
www : 198.64.191.11
TCP/IP
Page 78
4 3
A
Forwarder : B
www.europe.alcatel.fr ?
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000
TCP/IP
Page 79
FTP
ftp>
Client
x y
Server
20
21
TCP IP
Control connection, Port 21 File transfer initialization and parameters Activation of remote commands Data connection, Port 20 Information transfer (files, results, ...)
TCP/IP
Page 80
Server (150.10.20.31)
Connection
Transfer
QUIT
Disconnection
TCP/IP
Page 81
FTP user commands depend on implementations Commands are executed either locally or in the remote machine. Example: lcd : change local directory cd : change remote directory Some commands are redundant Example: bye and quit, get and recv, put and send, etc
append ascii bell binary bye cd close delete debug dir form get hash glob
help lcd ls mdelete mdir mget mkdir mls mode mput open prompt put pwd
quit quote recv remotehelp rename rmdir send sendport status struct tenex trace ? !
TCP/IP
Page 82
Web Server
URL : Uniform Ressource Locator Protocol://Server-Name:Port/Resource http://www.estnet.ee/mart/rfc/index.html HTML page interpreted by a Browser, containing:
ASCII text describing the page display (tags, text) Pictures in gif or jpeg format Hypertext links to other pages or URLs Javascript or VB scripts run on the client Java Applets or Active X controls run by the client
TCP/IP
Page 83
1 Client Hello
4 Data Exchange
1: 2: 3: 4:
4 Data Exchange
Client sends a "hello" message to the target server Server returns a digital certificate containing the server's public key Client generates a random session key and returns the key encrypted using the server's public key Once secured protocol has been established, all documents are sent encrypted symmetrically in both directions (RC4)
TCP/IP
Page 84
ELECTRONIC MESSAGING : E-MAIL POP SMTP A.Dupont's POP server in domain aile.com Message sent by albert.dupont@aile.com to jacques.dupond@alcatel.fr SMTP
IMAP
TCP/IP
Page 85
SMTP Client
TCP connection set-up to server port 25 220 Server ready
SMTP Server
Connection Synchronization
HELLO SMTP client
250 Sender Ok
RCPT TO username1 250 Recipient Ok RCPT TO username2 550 User unknown DATA
Message transfer
Disconnection
TCP/IP
Page 86
TELNET
Client
Server
23
TCP
TCP
IP
IP
Characters typed on the keyboard are sent to the telnet server All characters received from the server are displayed
TCP/IP
Page 87
TELNET
Client Telnet : PC
TCP connection
IAC DO ECHO
OK to negotiate
Page 88
TFTP
Trivial File Transfer Protocol - RFC 1350 TFTP is a file transfer protocol based on connectionless mode transport (UDP port 69). TFTP is used to transfer files in ASCII and BINARY mode.
TFTP provides limited security (no user identification) and for this reason its use must be limited.
TFTP protocol is based on five packet types. Each packet sent from client to server must be acknowledged. TFTP is sometimes used for downloading configurations over the network (terminal server, X terminals, router, etc).
TCP/IP
Page 89
NFS
Network File System - RFC 1094 (specified by SUN Microsystems) NFS is used for file sharing in heterogenous environment NFS protocol is based on RPCs (Remote Procedure Call) NFS is hardware and system-independent. It is based on a presentation layer: XDR (eXternal Data Representation)
NFS XDR
RPC
UDP
IP
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000
TCP/IP
Page 90
RPC protocol allows a program running on machine A to call a routine on machine B and remotely execute some of its operations.
CLIENT Request
SERVER 4
Service user
Service provider
1
Response 3
Port Mapper
TCP/IP
Page 91
X-Window Clients
X11 protocol
X-Window server
TCP/IP
Page 92
True or False
Any IP host must know a DNS server to work correctly An URL is a server address. A host being FTP server, it can connect as a client to a WEB server.
FTP is the only way to get back a file from a remote Internet site.
TELNET is an application from Internet world, but only used by UNIX systems. The following URL is valid : http://155.132.10.53:2080/coucou.html SMTP is a protocol using the connected mode. To send and receive e-mails, we must configure a POP server !
False False
True True False
TCP/IP
Page 93
Section 6 -
IP NETWORK INTERCONNECTIONS
TCP/IP
Page 94
GATEWAY
Definition The concept of gateway is used in the application layer Eg. : SNA gateway on Digital machine By extension, this concept is applied to all layers and especially the lower layers "Network" gateways are then seen as level N interconnection equipment Terminology Repeater : level 1 gateway Bridge : level 2 gateway Router : level 3 gateway Special case IP gateway = IP router = Level 3 gateway Switch = level 2 switch (Ethernet, ATM, etc) = level 2 gateway
TCP/IP
Page 95
REPEATER
205m
Example: 100BaseT
5m 100m
100m
Page 96
BRIDGE
Bridging
LAN 2
Filtering
D
TCP/IP
Page 97
BRIDGE : LIMITATIONS
LAN 1
Dest@ Mac C Src@ Mac A ...
Port 2
Dest@ Mac B Src@ Mac A ...
E
Port 0 BRIDGE Port 1 Bridging
Filtering
C
D LAN 2
TCP/IP
Page 98
ROUTER
A Network 1
Dest@ IP C Src@ IP A ...
Network 3
Port 2
Dest@ IP B Src@ IP A ...
Port 0
Routing
Port 1
Routing Table - Network 1 Connected to port 0 - Network 2 Connected to port 1 - Network 3 Connected to port 2 D
C Network 2
TCP/IP
Page 99
ROUTER
Network interconnection
network 3 170.10.0.0 network 1 LL, ISDN network 2 160.10.0.0
R1
150.10.0.0
R2
A
@MAC R1 @IP B
@IP B DATA
DATA
Network 1
DATA
R1
@MAC R2 @IP B
@IP B DATA
@IP B @MAC B @IP B DATA @IP B
Network 3
DATA
R2 B
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000
Network 2
DATA
TCP/IP
Page 100
ROUTING
STATIC a route corresponds to a given address Eg. : Network 150.10.0.0 accessible via R1 in one hop DYNAMIC Routers interchange routing information for choosing the best route based on different criteria Questions: What information is interchanged? When is the information interchanged? What entity is information interchanged with? Choice criteria : metric simple : number of hops multiple : bit rate, load, reliability, etc.
TCP/IP
Page 101
ROUTING
Convergence time length of the routing update delay Volume of information to be interchanged low to very high Routing table size Impossible to control without an address hierarchy Impossible to control without a network hierarchy CIDR : Classless Inter Domain Routing Associates the concept of geographic prefix with class C IP addresses Eg. : 194.150.160.170 -- > 194 represents France Autonomous System Combines a significant number of networks in a single entity
TCP/IP
Page 102
Routing architecture Division of the Internet into Autonomous Systems Protocol types "Internal" (IGP) : RIP, OSPF, IS-IS, EIGRP "External" (EGP) : BGP-4
Net 1 Net 1 RIP Net 2 AS 3 Net 2
AS 1
BGP4
Net 3 OSPF
Net 1 Net 2 AS 2
E.G.P. I.G.P.
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000
Net 3 EIGRP
Net 4
TCP/IP
Page 103
ROUTING : CATEGORIES
Distance Vector
The best route has the least routers to be crossed Convergence time is lengthy Volume is significant There is a risk of looping Few processor resources are required
RIP, Routing Information Protocol (IETF) IGRP, Inter Gateway Routing Protocol (Cisco) EIGRP Enhanced Inter Gateway Routing Protocol (Cisco)
TCP/IP
Page 104
ROUTING : CATEGORIES
LINK STATE
Each router builds a network map Routers interchange link states on an event basis The best route incurs the lowest cost Convergence time is low Volume is low No risk of looping The process is bulky
OSPF, Open Shortest Path First (IETF) IS-IS , Intermediate System to Intermediate System (ISO)
TCP/IP
Page 105
ROUTING : CATEGORIES
PATH VECTOR
Changes in the Link State Routes are described using the path taken Each router builds a network map Routers interchange path attributes on an event basis The best path incurs the least cost (including financial) Convergence time is fast Volume is low No risk of looping
TCP/IP
Page 106
True or False
Internet is made of plenty of networks connected by routers. An IP network can contain several LANs Intelligents bridges can analyse the IP header to route packets better.
False
TCP/IP
Page 107
TCP/IP
Page 108
ADMINISTRATION
MANAGING CONFIGURATIONS
Mechanisms to manage and set up resources
Norms / Standards
CMIS / CMIP
Common Management Information Service / Protocol
MANAGING EVENTS
Detection, location, restart on incident, alarms
CMOT
CMIS/CMIP Over TCP/IP
MANAGING COSTS
Allocating and distributing loads
SNMP
Simple Network Management Protocol
TCP/IP
Page 109
MANAGER
Graphics tool providing the man/machine interface The Manager sends requests and receives responses to
administration commands HP Openview and SunNet Manager are SNMP Managers
AGENT The agent is the Server for Client Manager requests Manager and Agent dialogue via SNMP An agent can extend SNMP requests in proprietary format (agent proxy) SNMP Agents manipulate objects MIB Management Information Base MIB I and II describe more than 200 standardized objects
TCP/IP
Page 110
SNMP ADMINISTRATION
Manager
Server Agent
MIB
MIB
Router
snmp
Agent
MIB
Bridge
MIB
MIB
proprietary
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000
TCP/IP
Page 111
MANAGER
Get_request (object,object,...) Get_response (value,value,...) Get_Next_request (object,object,...)
1 2 3
Multiple
MIB modification
MIB
Get_response (value,value,...)
Set_request ((object,value),...)
MIB
Get_response (value,value,...)
Agent Alert
MIB
Trap (infos)
TCP/IP
Page 112
OSI tree
ISOITU 3
ITU 2
Internet Branches
Directory ( 1.3.6.1.1 ) OSI directory in TCP/IP Mgmt ( 1.3.6.1.2 ) Standard MIB (MIB I and II) Experimental ( 1.3.6.1.3 ) IAB trials Private ( 1.3.6.1.4 ) Manufacturer private MIBs
TCP/IP
Internet 1
Directory 1
Mgmt 2
Experimental 3
Private 4
Page 113
Directory 1
Mgmt 2
Experimental 3
Private 4
MIB-2 1
At System 3 1 Interface 2
ICMP 5 IP 4 TCP 6
UDP 7
EGP 8
CMOT 9 Trans. 10
TCP/IP
SNMP 11
Page 114
Examples of variables
SysUpTime : Time elapsed since last startup (System) IfNumber : Number of network interfaces (Interface) ATTable : MAC-IP address translation table (Addr. Trans.) IPdefaultTTL : Time to live value for IP packets (Interface) IPInReceives : Number of datagrams received (IP) IPForwDatagrams : Number of datagrams forwarded (IP) IPOutNoRoutes : Number of packets routed in error (IP) IPReasmOKs : Number of packets reassembled correctly (IP) IPFragOKs : Number of packets fragmented (IP) IPRoutingTable : Routing table (IP) ICMPInEchos : Number of "Echo Request" PDUs received (IP) TCPMaxConn : Maximum number of TCP connections allowed (TCP) TCPInSegs : Number of TCP segments received (TCP) UDPInDatagrams : Number of UDP datagrams received (UDP)
Alcatel University - 8AS 90145 0007 VT ZZA Ed.02 - June 2000
TCP/IP
Page 115
ANALYSIS OF IP NETWORKS
Solution 1:
Analyzer
"conventional" analyzer
Analyzer
Analyzer
R2
R1
Local area network 1 Local area network 2
Solution 2:
Probe
Administration station
Page 116
True or False
The MIB content is sent from the manager to the agent using the SNMP protocol. Some objects are defined in MIB I and II for standard equipments, but each firm may create his own objects hierarchy. SNMP is a pragmatical protocol like any other protocol from IP world. SNMP is simple and not reliable (over UDP), so a few constructors use it. Other network management architectures exist : Q3 (with CMIP) and CORBA Without network management, an equipment can not be set up. Analysing the IP branch of the MIB II, all the characteristics of this protocol can be retrieved (like those described in this document about IP introduction)
False True
True
TCP/IP
Page 117
Section 8 SECURITY
TCP/IP
Page 118
SECURITY
System security Password verification Minimum privileges assigned to server processes Filtering on protocols Filtering router Firewall Proxy Server Information encryption SSL S/MIME User authentication Kerberos SecurID Radius
TCP/IP
Page 119
INTRANET
ISP
Filtering router
I N T E R N E T
TCP/IP
Page 120
ISP
Firewall
I N T E R N E T
TCP/IP
Page 121
ISP
Proxy Server
I N T E R N E T
TCP/IP
Page 122
INFORMATION SECURITY
OBJECTIVES
Integrity Data must not be altered Authentication The recipient must be sure of the sender's identity Confidentiality Data must not circulate unencrypted Non-Repudiation The recipient must hold a proof of sending
TCP/IP
Page 123
Mr X
Mrs Y
Mr X creates the message and encrypts it using the key known to himself and Mrs Y He sends the encrypted message over the network Mrs Y receives the encrypted message and decodes it using the key
TCP/IP
Page 124
Mr X
Mrs Y's public key
Mrs Y
Mrs Y creates two keys, one private and known to no-one else, and one public which is circulated over the network Mr X creates the message and encrypts it using Mrs Y's public key He sends the encrypted message over the network Mrs Y receives the encrypted message and decodes it using a private key (only she can decode the message, guaranteeing that no-one other than Mr X and Mrs Y can read the message) If Mrs Y wants to reply, she uses Mr X's public key
TCP/IP
Page 125
Information confidentiality
xxxxxxxxx xxxxxx xxxxxxx Session key
Mr X
Mrs Y
Mr X encrypts the message using a symmetric key created specifically for this purpose. Mr X then encrypts the session key using Mrs Y's public key and sends all this information to Mrs Y. Mrs Y decodes the session key using her private key, then decodes the message using the session key.
TCP/IP
Page 126
Section 9 IP VERSION 6
TCP/IP
Page 127
IP VERSION 6
Addressing space running out 128-bit addresses Routing table size 128-bit addresses organized hierarchically Lack of security Authentication mechanism Incorporation of new services Machine mobility Simplicity of configuration New applications (multimedia, VoD, remote control, ...) New version of IP protocol extends the addressing and routing function broadcasts superseded by anycasts introduces quality of service information (real time applications, multipoint, security, etc)
TCP/IP
Page 128
IP V6 : HEADER
32 bits 4 bits Vers Pri. Payload Length 16 bits Flow Label Next Header 8 bits Hop Limit
40 octets
TCP/IP
Page 129
IP V6 ADDRESSING
Unicast address general format 3 5 16
Provider identifier
16
32
Subnetwork identifier
32
Not used
@ MAC interface
TCP/IP
Page 130
True or False
To entirely secure a private network, we just have to install a firewall in order to connect to the Internet. A proxy server is a singular router; so, it s also an IP host. IP v6 evolution is necessary, because of a penury of addresses.
False
True True
Exercice
From home, you want to connect to a commercial Internet site in order to buy a CD on-line. Please complete the schema of the following page by drawing and naming the networks transitted to reach the Internet site, as well as their equipments Show and name the protocols used to make this connection work.
TCP/IP
Page 131
SHTTP/SSL/TCP/IP/...
Your PC
LAN
Server Y
Modem
AS
IP/PPP
ISP
Proxy
TCP/IP
SNMP Manager
Page 132
Glossary : A - I
ARP BOOTP DHCP DNS FTP HTML HTTP IAB IETF IP IRTF ITU-T
Address Resolution Protocol Boot Protocol Dynamic Host Configuration Protocol Domain Name Service File Transfer Hyper Text Markup Language Hyper Text Transfer Protocol Internet Activities Board Internet Ingineering Task Force Internet Protocol Internet Research Task Force International Telecommunications Union - Telecom
TCP/IP
Page 133
Glossary : L - R
LAN MAN MIB NIC OSI OSPF PDU POP PPP RFC RPC
Local Access Network Metropolitan Access Network Model Information Base Network Information Center Open System Interconnexion Open Shortest Path First Packet Data Unit Post Office Protocol Point to Point Protocol Request For Comment Remote Procedure Call
TCP/IP
Page 134
Glossary : S - Z
Service Data Unit Secured HTTP Serial Link Internet Protocol Simple Mail Transfer Protocol Simple Network Management Protocol Secured Socket Layer Transmission Control Protocol User Datagram Protocol World Wide Web
TCP/IP
Page 135