The IP Header - I4 * Lehrstuhl fuer Informatik * RWTH Aachen
Werbung
Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme On the Way to Today's Internet Goal: • Interconnection of computers and networks using uniform protocols • A particularly important initiative was initiated by the ARPA (Advanced Research Project Agency, with military interests) • The participation of the military was the only sensible way to implement such an ambitious and extremely expensive project • The OSI specification was still in developing phase Result: ARPANET (predecessor of today's Internet) Chapter 3.2: The Internet Protocol IP Page 1 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme ARPANET Design objective for ARPANET • The operability of the network should remain intact even after a largest disaster possible, e.g. a nuclear war, thus high connectivity and connectionless transmission • Network computer and host computer are separated ARPA Advanced Research Projects Agency ARPANET Subnet Chapter 3.2: The Internet Protocol IP 1969 Page 2 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme ARPANET A node consists of • an IMP • a host A subnet consists of: • Interface Message Processors (IMPs), which are connected by leased transmission circuits • High connectivity (in order to guarantee the demanded reliability) Host-host Protocol Host Host-IMP Protocol IMP Source IMP to destination IMP protocol MP I IMP tocol pro Subnet Several protocols for the communication between IMP-IMP, host-IMP,… Chapter 3.2: The Internet Protocol IP Page 3 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme The Beginning of ARPANET Stanford Research Institutes (SRI) XDS 940 IMP IMP IBM 360/75 DEK PDP-10 IMP University of California Santa Barbara (UCSB) University of Utah IMP XDS 1-7 California University of California Los Angeles (UCLA) Chapter 3.2: The Internet Protocol IP ARPANET (December 1969) Page 4 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Evolution by ARPANET Very fast evolution of ARPANET within shortest time: SRI SRI Utah Illinois WITH Utah Illinois USC Stanford Harvard Aberdeen WITH UCSB UCSB UCLA Harvard ARPANET in April 1972 Chapter 3.2: The Internet Protocol IP UCLA USC CMU ARPANET in September 1972 Page 5 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Interworking Problem: Interworking! Simultaneously to the ARPANET further (smaller) networks were developed. All the LANs, MANs, WANs • had different protocols, media,… • could not be interconnected at first and were not be able to communicate with each another. Therefore: Development of uniform protocols on the transport- and network level (without a too accurate definition of these levels, in particular without exact coordination with the respective OSI levels). Result: TCP/IP networks. Chapter 3.2: The Internet Protocol IP Page 6 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme TCP/IP Developed 1974: Transmission Control Protocol/Internet Protocol (TCP/IP) Requirements: • Fault tolerance • Maximal possible reliability and availability • Flexibility (i.e. suitability for applications with very different requirements) The result: • Network protocol IP; (Internet Protocol; connectionless) • End-to-end protocols TCP (Transmission Control Protocol; connection-oriented) and UDP (User Datagram Protocol; connectionless) Chapter 3.2: The Internet Protocol IP Page 7 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme TCP/IP and the OSI Reference Model Application Layer Application Layer Presentation Layer Session Layer Transport Layer Transport Layer (TCP/UDP) Network Layer Internet Layer (IP) Data Link Layer Host-to-Network Layer Physical Layer ISO/OSI Chapter 3.2: The Internet Protocol IP TCP/IP Page 8 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme From the ARPANET to the Internet • 1983 TCP/IP became the official protocol of ARPANET. ARPANET was connected with many other USA networks. • Intercontinental connecting with networks in Europe, Asia, Pacific. • The total network evolved this way to a world-wide available network (called “Internet”) and gradually lost its early militarily dominated character. • No central administrated network, but a world-wide union from many individual, different networks under local control (and financing). • 1990 the Internet consisted of 3,000 networks with 200,000 computers. That was however only the beginning of a rapid evolution. Chapter 3.2: The Internet Protocol IP Page 9 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Internet What does it mean: “a computer is connected to the Internet”? - Use of the TCP/IP protocol suite - Accessibility over an IP address - Ability to send IP packets In its early period, the Internet was limited to the following applications: E-mail electronic mail (partly because the US post was not very reliable and the different time zones made telephone accessibility of the telephone partner more difficult) Remote login running jobs on external computers File transfer exchange of data between computers Chapter 3.2: The Internet Protocol IP Page 10 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Evolution of the Internet • Until 1990: the Internet was comparatively small, only used by universities and research institutions. • 1990: The WWW (World Wide Web) - first developed by the CERN for the simplification of communication within the field of high-energy physics became, together with HTML and Netscape browsers, a from nobody foreseen “killer application”; this was the breakthrough for the acceptance of the Internet. • Emergence of so-called Internet Service Providers (ISP), i.e. companies, which make their computers available as access points to the Internet. • Millions of new (predominantly non-academic) users! • New applications, e.g. E-Commerce • 1995: Backbones, ten thousands LANs, millions attached computers, exponentially rising number of users • 1998: The number of attached computers is doubled approx. all 6 months • 1999: The transferred data volume is doubled in less than 4 months Chapter 3.2: The Internet Protocol IP Page 11 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Evolution of the Internet 1.01.1981 1.01.1982 1.01.1983 1.01.1984 1.01.1985 1.01.1986 1.01.1987 1.01.1988 1.01.1989 1.01.1990 1.01.1991 1.01.1992 1.01.1993 1.01.1994 1.01.1995 1.01.1996 1.01.1997 1.01.1998 1.01.1999 1.01.2000 1.01.2001 1.01.2002 1.01.2003 200.000.000 180.000.000 160.000.000 140.000.000 120.000.000 100.000.000 80.000.000 60.000.000 40.000.000 20.000.000 0 • At mid of 2005: (estimated) 350 million of hosts attached to the Internet Chapter 3.2: The Internet Protocol IP Page 12 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Evolution in Europe Date Chapter 3.2: The Internet Protocol IP Page 13 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Internet and Intranet Internet • Communication via the TCP/IP protocols • Local operators control and finance • Global coordination by some organizations • Internet Providers provide access points for private individuals Intranet • Enterprise-internal communication with the same protocols and applications as in the Internet. Computers are sealed off from the global Internet (data security) Heterogeneous network structures from different branches can be integrated with TCP/IP easily Use of applications like in the WWW for internal data exchange Chapter 3.2: The Internet Protocol IP Page 14 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme The TCP/IP Protocol Suite HTTP Protocols Telnet SMTP DNS Ethernet ICMP Token Ring Chapter 3.2: The Internet Protocol IP SNMP TFTP IP Token Bus ARP Application Layer Transport Layer UDP TCP IGMP Networks FTP RARP Wireless LAN Internet Layer Host-tonetwork Layer Page 15 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Sandglass Model E-Mail, File Transfer, Video Conferencing, … HTTP, SMTP, FTP, … Because of the small number of central protocols but the large number of applications and communication networks, the TCP/IP protocol stack (and applications/networks) can be represented like a sandglass. Twisted Pair, Optical Fiber, Radio, … Chapter 3.2: The Internet Protocol IP Page 16 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Internet Layer Raw division into three tasks: • Data transfer over a global network • Route decision at the sub-nodes • Control of the network or transmission status Routing Protocols Transfer Protocols: IPv4, IPv6 Routing Tables “Control” Protocols: ICMP, ARP, RARP, IGMP Chapter 3.2: The Internet Protocol IP Page 17 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme IP – Internet Protocol IP: connectionless, unreliable transmission of datagrams/packets (“Best Effort”) • Transparent end-to-end communication between the hosts • Routing, interoperability between different network types • IP addressing (IPv4): → → → → Uses logical 32-bit addresses Hierarchical addressing 3 network classes 4 address formats (including multicast) • Fragmenting and reassembling of packets • Maximum packet size: 64 kByte (in practice: 1500 byte) • At present commonly used: Version 4 of IP protocol: IPv4 Chapter 3.2: The Internet Protocol IP Page 18 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme IP Packet 32 Bits (4 Bytes) Version IHL Type of Service Identification Time to Live Protocol Total Length DM FF Fragment Offset Header Checksum IP Header, usually 20 Bytes Source Address Destination Address Options (variable, 0-40 Byte) DATA (variable) Chapter 3.2: The Internet Protocol IP Padding Header Data Page 19 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme The IP Header (1) • Version: IP version number (for simultaneous use of several IP versions) • IHL: IP Header Length (in words of 32 bit; between 5 and 15, depending upon options) • Type of Service: Indication of the desired service: Combination of reliability (e.g. file transfer) and speed (e.g. audio) 3 bit priority (0 = normal data, 7 = control packet) Precedence D T R unused Delay Reliability Throughput • Total Length: Length of the entire packet (in byte, ≤ 216-1 = 65535 bytes) • Identification: definite marking of a packet • Time to Live (TTL): Lifetime of packets is limited to maximal 255 Hops (endless circling of packets in the network is prevented). In principle, also the processing time in routers is to be considered, which does not happen in practice. The counter is reduced with each hop, with 0 the packet is discarded. Chapter 3.2: The Internet Protocol IP Page 20 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme The IP Header (2) • DF: Don't Fragment. All routers must forward packets up to a size of 576 byte, everything beyond that is optional. Larger packets with set DF-bit therefore cannot take each possible way in the network. • MF: More Fragments. “1” - further fragments follow. “0” - last fragment of a datagram) • Fragment Offset: Sequence number of the fragments of a packet (213 = 8192 possible fragments). The offset states, at which place of a packet (counted in multiples of 8 byte) a fragment belongs. From this a maximum length of 8192 * 8 byte = 65536 byte results for a packet. • Protocol: Which transport protocol is used in the data part (UDP, TCP,…)? To which transport process the packet is to be passed on? • Header Checksum: 1’s complement of the sum of the 16-bit half words of the header. Must be computed with each hop (since TTL changes) • Source Address/Destination address: Network and host numbers of sending and receiving computer. This information is used by routers for the routing decision. Chapter 3.2: The Internet Protocol IP Page 21 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Fragmentation • A too large or too small packet length prevents a good performance. Additionally there are often size restrictions (buffer, protocols with length specifications, standards, allowed access time to a channel,…) • The data length must be a multiple of 8 byte. Exception: the last fragment, there only the remaining data are packed, padding to 8 byte units does not take place. • If the “DF”-bit is set, the fragmentation is prevented. Ident. Flags Offset 777 x00 Data 0 0 1200 bytes IP header 777 x01 0 0 777 x01 64 511 512 777 x00 128 Chapter 3.2: The Internet Protocol IP 1023 1024 1200 Page 22 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme The IP Header (3) Options: Prepare for future protocol extensions. Coverage: Multiple of 4 byte, therefore possibly padding is necessary. At present, 5 options are defined, however none is supported by common routers: • Security: How secret is the transported information? (Application e.g. in military: Avoidance of crossing of certain countries/networks.) • Strict Source Routing: Complete path defined from the source to the destination host by providing the IP addresses of all routers which are crossed. (Use by system managers e.g. in case of damaged routing tables or for time measurements) • Loose Source Routing: The carried list of routers must be passed in indicated order. Additional routers are permitted. • Record Route: Recording of the IP addresses of the routers passed. (Maximally 9 IP addresses possible, nowadays too few.) • Time Stamp: Records router addresses (32 bits) as well as a time stamp for each router (32 bits). Application e.g. in fault management. Chapter 3.2: The Internet Protocol IP Page 23 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme IP Addressing • Unique IP address for each host and router. • IP addresses are 32 bits long and are used in the Source Address as well as in Destination Address field of IP packets. • The IP address is structured hierarchical and refers to a certain network, i.e. machines with connection to several networks have several IP addresses. • Structure of the address: Network address for physical network (e.g. 137.226.0.0) and host address for a machine in the addressed network (e.g. 137.226.12.221) 32 bits 126 networks with 224 host each (starting from 1.0.0.0) Class A 0 B 10 C 110 D 1110 Multicast address E 1111 Reserved for future use Network 16383 networks with 216 hosts each (starting from 128.0.0.0) Host Network Host Network Chapter 3.2: The Internet Protocol IP Host 2097151 networks (LANs) with 256 hosts each (starting from 192.0.0.0) Page 24 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme IP Addresses 137.226.12.0 137.226.112.0 137.226.12.1 137.226.112.1 Router 137.226.12.21 137.226.112.78 Binary format 10001001 11100010 00001100 00010101 Dotted Decimal Notation 137.226.12.21 • Each node has (at least) one world-wide unique IP address • Router or gateways, which link several networks with one another, have for each network an assigned IP address Chapter 3.2: The Internet Protocol IP Page 25 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme IP Addresses and Routing a Ziel-IP Anschluss Netzwerkinterface 12.x.x.x 194.52.124.x b 137.226.x.x 142.117.x.x a 142.117.x.x direkt a 194.52.124.x direkt b x.x.x.x default a b 142.117.0.0 194.52.124.0 137.226.0.0 Chapter 3.2: The Internet Protocol IP 12.0.0.0 Page 26 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme IP Addressing - Examples The representation of the 32-bit addresses is divided into 4 sections of each 8 bits: 137.226.12.174 10001001 11100010 Class B address of RWTH Aachen Class B address 00001100 Subnet (Computer science 4) 10101110 Terminal “Shadow” Special addresses: 0 0 0 .............................................................. 0 0 0 This host 0 0 ................. 0 0 Host in this network Host 1 1 1 .............................................................. 1 1 1 Network 127 1 1 1 ................................. 1 1 1 arbitrary Chapter 3.2: The Internet Protocol IP Broadcast in own local area network Broadcast in the remote network Loop, no sending to the network Page 27 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Address Space 6,25% 6,25% 12,50% 50,00% Klasse Class A Klasse Class B Class C Klasse Class D Klasse Class E Klasse 25,00% Chapter 3.2: The Internet Protocol IP Page 28 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme IP Addresses are scarce… Problems • Nobody had thought about such a strong growth of the Internet (otherwise one would have defined longer addresses from the beginning). • Too many Class A address blocks were assigned in the first Internet years. • Inefficient use of the address space. Example: if 500 devices in an enterprise are to be attached, a Class B address block is needed, but by this unnecessarily more than 65.000 host addresses are blocked. Solution approach Extension of the address space within IPv6 against the actual version IPv4 ⇒ IP version 6 has 128 bit for addresses ⇒ 7 x 1023 IP addresses per square meter of the earth's surface (including the oceans!) ⇒ one address per molecule on earth's surface! But: The success of IPv6 is not by any means safe! (The introduction of IPv6 is tremendously difficult: Interoperability, costs, migration strategies,….) Chapter 3.2: The Internet Protocol IP Page 29 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme IP Subnets Problem: Class C-networks are very small, Class B-networks often already too large. Therefore exists the possibility of dividing an through the IP-address identified network into so-called subnets. Examples for subnets: subnet mask 255.255.255.0 Ethernet A 128.10.1.0 All traffic for 128.10.0.0 Rest of the Internet 128.10.1.3 Router 128.10.1.8 Ethernet A Host Ethernet A Host Ethernet A Host 128.10.2.1 Ethernet B 128.10.2.0 128.10.2.3 Ethernet B Host Chapter 3.2: The Internet Protocol IP 128.10.1.70 128.10.1.26 128.10.2.133 128.10.2.18 Ethernet B Host Ethernet B Host Page 30 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme IP Subnets • Within an IP network address block, several physical networks can be addressed • Some bits of the host address part are used as network ID • A Subnet mask identifies the „abused” bits Class B address Subnet Mask Network Host 11111111111111111111110000000000 10 Network Subnet Host • All hosts of a network should use the same subnet mask • Routers can determine through combination of an IP address and a subnet mask, into which subnet a packet must be sent. Chapter 3.2: The Internet Protocol IP Page 31 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme IP Subnets - Computation of the Destination The entrance router of the RWTH, which receives the IP packet, does not know, where host “12.21” is located. . 12 . 21 137. 226 0111 1000 10001001 11100010 00001100 IP address AND 255. 255. 00010101 255. 0 1111 1111 1111 1111 1111 1111 0000 0000 Subnet mask 137. 226. 12. 0 1000 1001 1110 0010 0000 1100 0000 0000 Network of the addressed host The router computes the subnet “137.226.12” and sends the packet to the router, which links this subnet. Chapter 3.2: The Internet Protocol IP Page 32 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Example of a Subnet Assigned network address for the RWTH: 137.226.0.0 137.226.12.0 Info IV 137.226.8.0 137.226.112.0 254 hosts per subnet: • Hosts have the addresses 1 – 254 • 0 is reserved for the subnet • 255 is reserved for broadcast in the subnet 137.227.10.0 Subnet mask for each subnet = 255.255.255.0 Other format for writing of addresses in subnets: 137.226.12.221/24 Number of bits for “(sub)network address” Chapter 3.2: The Internet Protocol IP Page 33 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme More flexible Addressing Problem: static categorization of IP addresses - how to use the very small class C networks efficiently? Remedy: Classless Inter-Domain Routing (CIDR) Weakening of the rigid categorization by replacing the static classes by network prefixes of variable length • Example: 137.250.3/17: The first 17 bits of the IP address are used for the network identification • Used together with routing: Backbone router, e.g. on transatlantic links only considers the first 13 bits; thus small routing tables, little cost of routing decision • Routers of an ISP considers e.g. only the first 15 bits • Routers in company networks consider e.g. the first 25 bits Chapter 3.2: The Internet Protocol IP Page 34 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme NAT – Network Address Translation • Each internal computer in the Intranet needs an own IP address to communicate with the others. For this purpose, “private” address blocks are reserved, which everyone may use within its own networks and which are never routed in the Internet: • 10.0.0.0 - 10.255.255.255 • 172.16.0.0 - 172.31.255.255 • 192.168.0.0 – 192.168.255.255 • When using addresses of those range, the internal computers can communicate with each other • But: packets with those addresses are not forwarded by a router. Thus: routers, which are attached to the “external world” need a global address • Assign a few IP addresses to a company which are known by a “NAT box” which usually is installed with the router • When data are leaving the own network, an address translation takes place: the NAT box exchanges the private address with a globally valid one • Side effect: hiding of the internal network structure (security) Chapter 3.2: The Internet Protocol IP Page 35 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme NAT Variants NAT is available in several “variants”, known under different names: Basic NAT (also: Static NAT) • Each private IP address is translated into one certain external IP • Either, you need as much external addresses as private ones, otherwise no retranslation is possible when a reply arrives • Or, you manage a pool of external IP addresses and assign one dynamically when a request is sent out 192.168.0.2 Private IP Currently mapped: 137.226.12.32 192.168.0.2 137.226.12.32 192.168.0.3 137.226.12.33 192.168.0.5 137.226.12.33 192.168.0.4 137.226.12.34 --- 137.226.12.34 192.168.0.5 137.226.12.35 --- 137.226.12.35 Private IP Map to 192.168.0.2 192.168.0.3 192.168.0.2 192.168.0.3 Internet Internet router with NAT box 192.168.0.4 192.168.0.5 Chapter 3.2: The Internet Protocol IP router with NAT box 192.168.0.4 192.168.0.5 Page 36 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme NAT Variants Disadvantages of static NAT: • With static mapping, you need as much official IP addresses as you have computers • With dynamic mapping, you need less official IP addresses, but for times of high traffic you nevertheless need nearly as much addresses as local computers • Those approaches help to hide the network structure, but not to save addresses Hiding NAT (also: NAPT: Network Address Port Translation, Masquerading) • Translate several local addresses into the same external address • Now: some more details are necessary to deliver a response router with NAT box 192.168.0.2 192.168.0.3 destination? to: 137.226.12.32 Internet 192.168.0.4 192.168.0.5 Private IP Map to 192.168.0.2 137.226.12.32 192.168.0.3 137.226.12.32 192.168.0.4 137.226.12.32 192.168.0.5 137.226.12.32 Chapter 3.2: The Internet Protocol IP Page 37 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme NAPT – Network Address Port Translation Protocol Port (local) IP (local) Port (global) IP (global) IP (destination) Port (destination) TCP 1066 10.0.0.1 1066 198.60.42.12 137.226.12.221 21 TCP 1500 10.0.0.7 1500 198.60.42.12 207.17.4.21 80 Chapter 3.2: The Internet Protocol IP Page 38 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Problems with NAPT NAPT works well with communication initiated from the Intranet. But: how could someone from outside give a request to the Intranet (e.g. to the webserver)? • NAPT box needs to be a bit more “intelligent” • Some static information has to be stored, e.g. “each incoming request with port 80 has to be mapped to the private address of the webserver” • Still problems with applications like e.g. ICQ • Thus, only more IP addresses really help to solve the problem Chapter 3.2: The Internet Protocol IP Page 39 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme The new IP - IPv6 IPv6 (December 1995, RFC 1883) Publication of the standard (January 1995, RFC 1752) Specification for IPng (December 1994, RFC 1726) First requirements for IPng (December 1993, RFC 1550) . Simpler structure of the headers More automatism Simpler configuration Performance improvements Migration strategies More security Larger address space IPv4 (September 1981, RFC 791) Chapter 3.2: The Internet Protocol IP Page 40 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme IPv6 Why changing the protocol, when IPv4 works well? • Dramatically increasing need for new IP addresses • Improved support of real time applications • Security mechanisms (Authentication and data protection) • Differentiation of types of service, in particular for real time applications • Support of mobility (hosts can go on journeys without address change) • Simplification of the protocol in order to ensure a faster processing • Reduction of the extent of the routing tables • Option for further development of the protocol Chapter 3.2: The Internet Protocol IP Page 41 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme IPv6 - Characteristics • Address size – 128-bit addresses (8 groups of each 4 hexadecimal numbers) • Improved option mechanism – Simplifies and accelerates the processing of IPv6 packets in routers • Auto-configuration of addresses – Dynamic allocation of IPv6-addresses • Improvement of the address flexibility – Anycast address: Reach any one out of several • Support of the reservation of resources – Marking of packets for special traffic • Security mechanisms – Authentication and Privacy • Simpler header structure: – IHL: redundant, no variable length of header by new option mechanism – Protocol, fragmentation fields: redundant, moved into the options – Checksum: Already done by layer 2 and 4 Chapter 3.2: The Internet Protocol IP Page 42 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme IPv6 Main Header • Version: IP version number • Priority: 4 bits for priority. 1 - News, 4 ftp, 6 - telnet, 8 to 15 - real time traffic • Flow label: virtual connection with certain characteristics/requirements • PayloadLen: packet length after the 40byte header • Next Header: 8-bit selector. Indicates the type of the following extension header (or the transport header) • HopLimit: At each node decremented by one. At zero the packet is discarded • Source Address: The address of the original sender of the packet • Destination Address: The address of the receiver (not necessarily the final destination, if there is an optional routing header) • Next Header/Data: if an extension header is specified, it follows after the main header. Otherwise, the data are following Chapter 3.2: The Internet Protocol IP 1 4 Version (4) 16 8 Priority (4) 24 32 Flow label (24) PayloadLen (16) Next Header (8) HopLimit (8) Source Address (128) Destination Address (128) Next Header/Data The prefix of an address characterizes geographical areas, providers, local internal areas,… Page 43 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme IPv6 Extension Headers Optional data follows in extension headers. There are 6 headers defined: • Hop by Hop (information for single links) All routers have to examine this field. Momentarily only the support of Jumbograms (packets exceeding the normal IP packet length) is defined (length specification). • Routing (definition of a full or partly specified route) • Fragmentation (administration of fragments) Difference to IPv4: Only the source can do fragmentation. Routers for which a packet is too large, only send an error message back to the source. • Authentication (of the sender) • Ciphered data • Destination options (additional information for the destination) Chapter 3.2: The Internet Protocol IP Page 44 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme IPv4 vs. IPv6: Header 4 VerEn sion 8 IHL 16 Type TypeOF of Service service Identification Time to Live 32 Totally Total Length length Fragment offset Protocol Header Checksum 4 8 16 VerEn PrioPrio sion rity 32 Flow Flow Label label PayloadLen Next NEXT Header headers Hop Hop Limit limit SOURCE Source ADDRESS Address SOURCE Source ADDRESS Address SOURCE Source ADDRESS Address Destination DestinationADDRESS Address SOURCE Source ADDRESS Address Options Option (variable)/Padding (variable)/Padding SOURCE Source ADDRESS Address DATA Data Destination DestinationADDRESS Address Destination DestinationADDRESS Address The IPv6 header is longer, but this is only caused by the longer addresses. Otherwise it is “better sorted” and thus faster to process by routers. Chapter 3.2: The Internet Protocol IP Destination DestinationADDRESS Address Destination DestinationADDRESS Address NEXT Next Header header/DATA / Data Page 45 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Coexistence of IPv4 and IPv6 IPv6 cannot be introduced “over night”… for some time both IP variants will be used in parallel. • New network interface card drivers support both versions of IP, thus they are able to communicate with the newer version • But: how to enable two modern IPv6-based hosts to communicate if only an IPv4based network is in between? 1. Header Conversion Router translates an incoming IPv6 packet into a IPv4 packet, receiving router retranslates payload IPv6 header payload IPv4 header But: reconstruction of e.g. flow label??? payload IPv6 header Internet mostly IPv4 IPv6 network Routers which “speak” IPv4 and IPv6 in parallel Chapter 3.2: The Internet Protocol IP IPv6 network Page 46 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Coexistence of IPv4 and IPv6 2. Tunneling Router at the entry to the IPv4-based network encapsulate an incoming IPv6 packet into a new IPv4 packet with destination address of the next router also supporting IPv6 payload IPv6 header payload IPv6 header IPv4 header payload IPv6 header Internet mostly IPv4 IPv6 network IPv6 “tunnel” through IPv4 IPv6 network • More overhead because of two headers for one packet, but no information loss due to header conversion Tunneling is a general concept also used for multicast, VPN, etc: it simply means “pack a whole packet as it is into a new packet of different protocol” Chapter 3.2: The Internet Protocol IP Page 47 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Virtual Private Network (VPN) • • • • By a Virtual Private Network (VPN) a network infrastructure is understood, in which distributed components belonging to one logical private network communicate with one another over a public network (e.g. Internet) VPNs are used frequently for the connection of geographically distributed organizations (Intranet in the Internet) VPNs ensure authenticated access and permit the protection of sensitive data in distributed networks by encryption of data The logical connection between private components over a public network is achieved again by tunneling an IPv4 connection with e.g. IPsecure VPN Chapter 3.2: The Internet Protocol IP Page 48 Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Tunneling Mechanism Tunneling here: Encapsulate packets into encrypted IP packets, e.g. by using IPsecure. Packets directed to the remote network part by this remain unchanged, but are the payload of an encrypted packet. Chapter 3.2: The Internet Protocol IP Page 49
