1.47k likes | 1.62k Views
INFO 330 Computer Networking Technology I. Chapter 4 The Network Layer Glenn Booker. The Network Layer. So, the transport layer provides process to process communication The network layer is expected to provide host to host communication Cool. Um, how?. The Network Layer.
E N D
INFO 330Computer Networking Technology I Chapter 4 The Network Layer Glenn Booker INFO 330 Chapter 4
The Network Layer So, the transport layer provides process to process communication The network layer is expected to provide host to host communication Cool. Um, how? INFO 330 Chapter 4
The Network Layer The Network Layer has to do two things: Forwarding is the process within a single router to determine which outgoing link a packet has to take Routing is the process (and algorithm) of choosing the best path (route) between source and destination Forwarding is like deciding which turn to make at one intersection Routing is deciding which roads to take INFO 330 Chapter 4
The Network Layer Recall the network layer is expected to Receive segments from the transport layer Encapsulate them into datagrams (how much does data weigh?) And pass them through the network The job of most routers is to look at the network header information, and determine which link to pass the datagram The application and transport layer information are invisible and irrelevant to routers INFO 330 Chapter 4
The Network Layer A router has a forwarding table which tells which link to take, based on the header’s destination address The forwarding table is written based on output from a routing algorithm Routing algorithms may be centrally controlled and then downloaded to each router; or each router may follow their own algorithm INFO 330 Chapter 4
The Network Layer A packet switch is a device that transfers a packet from an input link to an output link Some are link-layer switches, which use the link layer header info The rest we call routers, which use network layer header info Another function in the network layer can be connection setup Only for virtual circuit networks (ATM, X.25) INFO 330 Chapter 4
Network Service Model What services could we expect from a network layer? Guaranteed delivery of all packets Delivery within a specified time (bounded delay) Delivery of packets in order Guaranteed minimal bandwidth Guaranteed maximum jitter (delay variation) Security services Would be nice, huh? INFO 330 Chapter 4
Network Service Model What do we get from the Internet? Best-effort service Meaning, none of the above!! Some VC networks, such as ATM, can provide many of the ideal services (see p. 322) Constant Bit Rate (CBR) and Available Bit Rate (ABR) are types of ATM service INFO 330 Chapter 4
Network Service Model Refining our earlier definition, the network layer can provide connection-based or connection-less service A network that provides only a connection-based service at the network layer is a virtual circuit (VC) network A network that provides only connectionless service at the network layer is a datagram network INFO 330 Chapter 4
Virtual Circuit Networks A VC Network needs to have A path from source to destination VC numbers, one per link along the path Entries in the forwarding table in each router along the path Each packet carries a VC number which changes as it goes along each link in the VC This keeps from having to store and coordinate VC numbers across routers INFO 330 Chapter 4
Virtual Circuit Networks Each router has to know the VC numbers for incoming and outgoing linksIncoming Link #Incoming VC#andOutgoing Link #Outgoing VC # Each foursome of in/out link and VC numbers corresponds to how one VC is handled in that router; so each VC being created adds one line of data (which is later removed) INFO 330 Chapter 4
Virtual Circuit Networks So a simple VC might have VC# 12 on the first link, then get VC# 22 on the second link, and VC# 37 on the third So the life of a VC connection includes VC setup – the network layer defines the routers in the VC, sets VC numbers for each link, and creates new entries in the forwarding table of each router INFO 330 Chapter 4
Virtual Circuit Networks Data transfer is the intended purpose of the VC connection VC teardown is when sender or receiver tells the VC it wants to end the connection; then the forwarding tables are updated to remove the entries associated with this VC Notice that VC setup and teardown involve the hosts and all routers along the path, whereas TCP only involved the hosts INFO 330 Chapter 4
Virtual Circuit Networks The messages to set up and tear down a VC are signaling messages, which have their own protocols, e.g. ATM’s Q.2931 No, we’re not going to dissect them *yippee* INFO 330 Chapter 4
Datagram Networks Datagram networks stamp each packet with the address of the destination host, and send it into the network There is no state information about connections, because there aren’t any connections within the network! INFO 330 Chapter 4
Datagram Networks Each router between hosts uses the address to forward the packet using a forwarding table If our addresses had 32 bits, there could be 4,294,967,296 entries in that table! INFO 330 Chapter 4
Datagram Networks Fortunately, we don’t need to look at ALL of the address to determine its correct link (a key observation!) Instead, match the address’ prefix with forwarding table entries Use the longest prefix matching rule Match the longest prefix possible in the forwarding table For this to be practical, large ranges of addresses should go to each link, or the table will be huge! INFO 330 Chapter 4
Longest prefix matching rule The router just finds the longest prefix and uses that entry in the routing table to forward the packet PrefixLink 11001000 00010111 00010 0 11001000 00010111 00011000 1 11001000 00010111 00011 2 Otherwise 3 INFO 330 Chapter 4
Datagram Networks So even though there is no connection data, routers in datagram networks need to maintain the forwarding tables The routing algorithm typically updates them every 1-5 minutes Hence it’s quite possible for the later part of a long session to follow a different path than the first part! INFO 330 Chapter 4
More History The VC network came about because of its similarity to telephone networks But the Internet was connecting complex computers, so the datagram network was created because the computers could handle more complex operations than the routers(recall our IMP friends from Chapter 1) This also makes it easier to connect dissimilar networks, and create many new applications INFO 330 Chapter 4
Router Innards Now look at forwarding in more detail A router has four kinds of parts Input ports Output ports Switch fabric between the inputs and outputs And a routing processor to control the switch fabric, using the routing protocols INFO 330 Chapter 4
Router Innards INFO 330 Chapter 4
Router Innards The input and output ports include The physical connection to the network, and Take the signal through the data link layer The input ports also look up the destination address, decides how to forward the packet, and creates control packets to send to the routing processor The three boxes represent the physical layer, data link layer, and lookup/forward module INFO 330 Chapter 4
Input Ports The routing processor determines the forwarding table contents, and shadow copies it to each input port This avoids a processing bottleneck Looking up where to forward packets is simple in concept – the challenge is maintaining line speed Want to process each packet in less time than it takes to receive the next one INFO 330 Chapter 4
Tree Lookup One way to look up the correct output port is through a binary tree data structure Look at the first bit in the address – if it’s a zero, follow the left branch of the tree; otherwise follow the right branch Repeat as many times as needed to resolve the address Sadly, this is still too slow Content addressable memories (CAMs), caching, and better data structure are possible solutions INFO 330 Chapter 4
Tree Lookup For a 3-bit address INFO 330 Chapter 4
Switching Fabric The input ports determine the output port needed; switching fabric makes it happen Many approaches for switching fabric have been used Switching via memory uses the CPU directly Switching via bus makes every packet go over a bus before getting off at the correct output; very slow INFO 330 Chapter 4
Switching Fabric Switching via interconnect network uses 2*n horizontal and vertical buses to connect n inputs to n outputs; but this can produce blockages Lots of other approaches have been used Switches handle staggering data rates (400 million packets/sec as of 11/09), so their technology is constantly being pushed INFO 330 Chapter 4
Switching Fabric Approaches INFO 330 Chapter 4
Output Ports The output ports take packets from the output port memory (queue) and transmit them over the outgoing link Hence the three functions of output ports are Queuing Data link processing Physical line termination INFO 330 Chapter 4
Queuing We’ve discussed buffers in connection with output ports, but they also exist with input ports Packet loss can occur at input or output queues, depending on Input traffic load Switching fabric speed Line speed INFO 330 Chapter 4
Switching Fabric Speed For a router with n input and n output ports If the switching fabric has a speed n times as fast as the input line speed, no queuing can occur at the inputs But the output ports can easily become overloaded if many inputs all feed the same output port A packet scheduler at the output port decides which packet is next for transmission INFO 330 Chapter 4
Packet Scheduler The packet scheduler needs rules Could use first come, first served (FCFS) approach Could use weighted fair queuing (WFQ) The packet scheduler affects the quality of service of the connection More details on this in Chapter 7, which we aren’t covering this term INFO 330 Chapter 4
Incoming Buffer If there’s not enough room in the buffer for a new incoming packet, have to decide: Drop the new packet (called drop tail), or Drop an existing packet to make room Can also mark packets for congestion control when buffer is getting full Dropping and marking strategies are Active Queue Management (AQM) algorithms INFO 330 Chapter 4
Incoming Buffer Examples of AQM algorithms include Random Early Detection (RED), which uses random variables to decide when to drop or mark a packet when buffer approaches full If the switch fabric is too slow, packets have to wait in the input queue before moving to an output queue Head-of-the-line (HOL) blocking is when a packet waits for a packet to cross, even though its output port is open INFO 330 Chapter 4
The Internet Protocol (IP) Now see how all this applies to the Internet We’ll cover both the existing IPv4 and the emerging IPv6 (versions 4 and 6) The network layer has three major parts Internet Protocol, which handles addressing Routing protocols (e.g. RIP, OSPF, BGP), which choose the best path for packets Internet Control Message Protocol (ICMP), which handles error reporting and signaling INFO 330 Chapter 4
Datagram Format A segment in the transport layer becomes one or more datagrams in the network layer First discuss IPv4, with hints how IPv6 is different INFO 330 Chapter 4
Datagram Format The IPv4 datagram header has at least five 4-byte (32-bit) fields, like TCP Version number, header length, type of service, and datagram length in bytes Identifier, some flags, and fragmentation offset Time-to-live, upper layer protocol, and header checksum Source IP address (32 bits) Destination IP address (32 bits) Then options, followed by the segment data INFO 330 Chapter 4
Datagram Format Version number is 4 bits for the IP version Header length is 4 bits for the number of bytes in the IP header (usually 20 B) Type of service (TOS) is 8 bits which allow one to specify different levels of service (real time or not) Datagram length in bytes is the total of the header plus the actual data segment Is a 16 bit field, but typical length is under 1500 B INFO 330 Chapter 4
Datagram Format The Identifier, flags, and fragmentation offset all relate to IP fragmentation (breaking a segment into multiple datagrams) Time-to-live (TTL) is a countdown integer, to prevent packets from wandering in the network for 40 years It increments down one with each router, and kills the datagram when it gets to zero INFO 330 Chapter 4
Datagram Format Protocol is the transport layer protocol Only used when get to the destination host E.g. 6=TCP, 17=UDP; see RFC 3232 for others Header checksum – hey, didn’t we have a transport checksum? Yes, but this only covers the IP header, not the segment data And TCP might be run over other network protocols, e.g. our VC buddy, ATM INFO 330 Chapter 4
Datagram Format Source and destination IP addresses we’ll discuss in more detail soon Option fields allow for rarely used functions, but slow IP processing Hence these are not allowed in IPv6 The Data in the datagram can be the TCP or UDP segment, or contain other message formats such as ICMP INFO 330 Chapter 4
Fragmentation A frame can hold up to the Maximum Transmission Unit (MTU) bytes of data But not all link-layer protocols can handle the same size packets Ethernet handles up to 1500 B frames Some WAN protocols only handle 500 B frames Since datagrams get passed from one router to the next, and don’t know the path ahead, some routers have to break up a datagram INFO 330 Chapter 4
Fragmentation An IP datagram can be broken into two or more fragments Expect the fragments to be reassembled by the destination host’s network layer Recurring theme: minimize work done by routers Each initial datagram has an identification number, in addition to the source and destination addresses INFO 330 Chapter 4
Fragmentation This is the Identification field in the header The identification number is incremented for each new segment Each fragment keeps the original identification number The last fragment has Flag=0 set, all other frags with that ID number have Flag=1 The offset field identifies where the frag fits in the original datagram – the number of 8-byte chunks from the start INFO 330 Chapter 4
Fragmentation Example, p. 347 Suppose we have a 4000 B datagram (20 B of header, plus 3980 B of segment), but the MTU only allows 1500 B per frame Make three fragments (4000/1500 round up) All frags have the same identifier (e.g. 777) The first two frags will have 1480 B of data, plus 20 B of IP header; the last frag will have the remaining data (1020 B) plus 20 B header The first two frags have Flag=1; the last Flag=0 INFO 330 Chapter 4
Fragmentation Example, p. 347 The offset value is weird – counts 8-byte chunks Offset is 0 for the first frag (it’s the first frag), 185 8-byte chunks (1480 B) for the second frag, and 370 8-byte chunks (2980 B) for the third frag Why 8-byte chunks? Offset is a 13 bit field, but the offset in bytes could be 16 bits long, hence use 8 (23) byte chunks to describe offset Forces fragments to be a multiple of 8 bytes in size Fortunately, IPv6 gets rid of router fragmentation INFO 330 Chapter 4
Evil Fragmentation Fragmentation can be used for attacks Jolt2 attack: Send a lot of incomplete fragments to a server (e.g. none have zero offset); it’ll eventually run out of storage and crash Send overlapping frags to a server; some get confused and crash INFO 330 Chapter 4
IPv4 Addressing Recall that hosts have to have interfaces to the network, over which to send datagrams Routers need many interfaces, since they are connected to multiple links Therefore every IP address is associated with an interface, not a host or router IPv4 addresses are 32 bits (4 bytes), written in dotted decimal notation (byte.byte.byte.byte) INFO 330 Chapter 4
IPv4 Addressing Every Internet address visible to the must have a unique IP address Local networks can hide many systems behind one IP using network address translation (NAT) IP addresses are given out as hierarchically as possible, so many local addresses have the same prefix or subnet (leftmost bits in the IP address) Subnet = IP network = network in much literature INFO 330 Chapter 4