IP Addressing NPA Newx

painveilΔίκτυα και Επικοινωνίες

24 Οκτ 2013 (πριν από 3 χρόνια και 9 μήνες)

66 εμφανίσεις

IP Addressing

Presented by

Krishna
Chaitanya.S

Background


The

goal

of

Universal

Service

is

such

that

all

computers

on

all

physically

different

networks

can

communicate
.


Physical

addresses

allow

communication

between

computers

on

one

network
.


A

new

level

of

abstraction

must

be

introduced

for

internet

communication
.

IP Addresses


An

IP

address

is

the

next

layer

of

abstraction
.


The

IP

address

provides

virtual

addressing
.

The

address

is

software

controlled,

whereas

the

address

for

the

network

card

is

hardware

based
.


The

IP

addressing

scheme

is

quite

complex,

and

there

have

been

many

revisions

to

the

IP

scheme
.

IP Addresses (cont.)


IP

addressing

allows

for

seamless

integration

amongst

heterogeneous

networks
.


To

send

a

packet,

the

destination

address

is

the

IP

address

of

the

computer,

not

the

hardware

address!

This

allows

for

communication

across

networks
.

IP Addresses (cont.)


32

bits

in

length

(IPv
4
)


64

bits

in

length

(IPv
6
)


Addresses

are

divided

into

a

prefix

and

suffix


The

suffix

is

the

host

address


The

prefix

is

the

network

number

Dotted Decimal


IP

addresses

are

generally

read

in

dotted

decimal

format
.



0
.
0
.
0
.
0

through

255
.
255
.
255
.
255



Much

better

than

reading
:


10000001

00110100

00000110

00000000

IP Network Addressing


INTERNET



world’s

largest

public

data

network,

doubling

in

size

every

nine

months


IPv
4
,

defines

a

32
-
bit

address

-

2
32

(
4
,
294
,
967
,
296
)


IPv
4

addresses

available


The

first

problem

is

concerned

with

the

eventual

depletion

of

the

IP

address

space
.



Traditional

model

of

classful

addressing

does

not

allow

the

address

space

to

be

used

to

its

maximum

potential
.


Classful Addressing


When

IP

was

first

standardized

in

Sep

1981
,

each

system

attached

to

the

IP

based

Internet

had

to

be

assigned

a

unique

32
-
bit

address


The

32
-
bit

IP

addressing

scheme

involves

a

two

level

addressing

hierarchy

Network Number/Prefix

Host Number

IP Classes


People

commonly

throw

around

terms

like

“Class

C”,

but

it

should

really

be

termed

“Class

C

address”

or

“Class

C

address

space
.



Class

A
:

16777216

hosts!


Class

B
:

65536


Class

C
:

256

IP Class Scheme

IP Class Scheme


From

the

previous

figure,

we

see

that

the

32
-
bit

address

is

split

into

4

octets
.


IP

addresses

are

self

identifying
.


If

the

first

4

bits

of

the

first

octet

are


0
xxx
:

Class

A

address


10
xx
:

Class

B

address


110
x
:

Class

C

address


1110
:

Class

D

address

(Multicast)


1111
:

Class

E

address

12

More About Class A Addresses


The

address

for

network

10

is

reserved

for

private

network

use


Also,

by

convention,

the

address

127
.
n
.
n
.
n

is

reserved

for

loopback

testing

(or

checking

the

integrity

and

usability

of

a

TCP/IP

protocol

stack

installed

on

any

computer

13

Class B Address Facts and Figures

14

More About Class C Addresses


Class

C

addresses

always

take

the

form
:

110
bbbbb
.
bbbbbbbb
.
bbbbbbbb
.
bbbbbbbb


The

leading

three

digits

are

110
,

and

the

remaining

digits

can

be

either

ones

or

zeroes


Note

that

this

scheme

reduces

the

total

number

of

networks

possible

by

the

most

significant

three

bits

Dotted Decimal with Classes


Class

A
:



1

prefix

octet

(
128

networks)


3

suffix

octets

(
16777216

hosts)


Class

B
:



2

prefix

octets

(
16384

networks)


2

suffix

octets

(
65536

hosts)


Class

C
:


3

prefix

octets

(
2097152

networks)


1

suffix

octet

(
256

hosts)

Address Space

Address Delegation (cont.)


RFC

1597



Private

networks


10
.
0
.
0
.
0



10
.
255
.
255
.
255

(Full

Class

A)


172
.
16
.
0
.
0



172
.
31
.
255
.
255

(
16

Class

B’s)


192
.
168
.
0
.
0



192
.
168
.
255
.
255

(Full

Class

B)

Special Addresses


Network

address


Host

0

address

for

specific

class

type


16
.
0
.
0
.
0

is

the

network

address

for

the

Class

A

prefix

of

16
.


130
.
111
.
0
.
0

is

the

network

address

for

the

Class

B

prefix

of

130
.
111
.


Special Addresses (cont.)


Limited

Broadcast

Address


All

1
’s

in

the

entire

address
.


Limited

broadcast

address

is

restricted

to

the

local

subnet
.


255
.
255
.
255
.
255

Special Addresses (cont.)


Loopback

addresses


Loopbacks

are

used

for

testing
.

An

IP

looback

is

application
-
level

testing
.


Any

information

sent

to

the

loopback

address

is

never

passed

to

the

network

segment
.

It

is

handled

internally

in

the

TCP/IP

stack
.


127
.
x
.
x
.
x

Special Addresses (cont.)


This

computer’s

address


If

a

computer

doesn’t

know

what

it’s

own

address

is,

but

needs

to

communicate

to

another

machine,

it

designates

the

address

of

0
.
0
.
0
.
0

for

itself
.


Applications

include

DHCP,

BOOTP

IP and Routers (cont.)


We’ve

seen

from

our

project

that

routers

do

not

necessarily

have

a

single

IP

address
.


Commonly

have

2

(or

more

addresses)


IP

address

for

the

LAN

interface


IP

address

for

the

WAN

interface

Techniques to reduce address shortage in
IPv4


Subnetting


DHCP


Classless

Inter

Domain


Routing

(CIDR)


Network

Address

Translation

(NAT)

Subnetting


Three
-
level

hierarchy
:

network,

subnet,

and

host
.


The

extended
-
network
-
prefix

is

composed

of

the

classful

network
-
prefix

and

the

subnet
-
number


The

extended
-
network
-
prefix

has

traditionally

been

identified

by

the

subnet

mask

Network
-
Prefix Subnet
-
Number Host
-
Number

Subnetting Example

Internet

G

H1

H2

H3

H4

Subnet mask 255.255.255.0

All traffic

to 128.10.0.0

128.10.1.1

128.10.1.2

128.10.2.1

128.10.2.2

Sub
-
network 128.10.1.0

Sub
-
network 128.10.2.0

Net mask 255.255.0.0

DHCP

(Dynamic Host Configuration Protocol)


The

Dynamic

Host

Configuration

Protocol

(DHCP)

is

a

network

protocol

that

is

used

to

configure

devices

which

are

connected

to

a

network

(known

as

hosts)

so

that

they

can

communicate

on

an

IP

network
.

Introducing DHCP


DHCP

is

a

service

that

permits

network

administrators

to

set

up

servers

to

allocate

and

manage

collections

of

IP

addresses

for

workstations,

desktop

computers,

and

other

client

machines

that

do

not

require

fixed

IP

addresses


DHCP

can

also

supply

important

IP

configuration

data

for

clients,

including

the

subnet

mask,

the

local

IP

gateway

(router)

address,

and

even

DNS

and

WINS

data,

where

needed

or

appropriate

DHCP Software Elements


Three

pieces

of

software

that

work

together

define

a

complete

DHCP

networking

environment
:


DHCP

client


DHCP

server


DHCP

relay

agent


Please

note

that

most

other

DHCP

requests

such

as

lease

renewals

or

surrenders

occur

as

unicast

messages

because

as

soon

as

a

machine

obtains

an

IP

address

and

a

default

IP

gateway

address,

it

is

able

to

communicate

directly

with

the

DHCP

server

and

no

longer

needs

an

intermediary

Understanding IP

Address Management with DHCP


When

a

DHCP

client

has

no

IP

address

(booting

for

the

first

time,

or

after

a

lease

expires),

it

must

broadcast

a

request

for

an

IP

address

to

obtain

one

this

process

is

called

DHCP

Discovery


DHCP

servers

that

can

hear

this

discovery

broadcast

offer

an

IP

address

to

a

client

for

a

specific

amount

of

time

(the

lease

time
)


The

default

DHCP

lease

time

varies

according

to

which

server

is

used

(eight

days

for

Windows

2000

and

36

hours

for

Windows

NT

4
.
0
,

for

example)

Understanding IP

Address Management with DHCP


In

the

middle

of

the

lease

time,

the

client

starts

a

renewal

process

to

determine

if

it

can

keep

the

address

past

the

lease

time


If

the

client

cannot

renew

the

address

from

that

DHCP

server

within

the

stipulated

lease

period,

that

client

must

begin

the

more

desperate

process

of

renewing

the

address

from

another

DHCP

server


This

is

called

the

rebinding

process


If

rebinding

fails,

a

client

must

completely

release

its

address

DHCP Process

Classless Inter
-
Domain Routing


Eliminates

traditional

classful

IP

routing
.


Supports

the

deployment

of

arbitrarily

sized

networks



Routing

information

is

advertised

with

a

bit

mask/prefix

length


specifies

the

number

of

leftmost

contiguous

bits

in

the

network

portion

of

each

routing

table

entry


Example
:

192
.
168
.
0
.
0
/
21


Network Address Translation


Network

Address

Translation

(NAT)

is

software

that

translates

addresses

in

incoming

and

outgoing

datagrams


P

=

private

address


G

=

globally
-
valid

IP

address

Organization A’s
private network

Internet

NAT box

G

P

NAT (cont)


The

NAT

box

acts

as

a

middleman

between

internal

and

external

hosts
:


Outgoing

datagrams
:


Source

IP

address

is

replaced

with

G


Incoming

datagrams
:


Destination

IP

address

is

replaced

with

the

private

IP

address

of

the

correct

host


How

does

the

NAT

box

know

which

is

the

“correct”

host

when

it

receives

a

reply

from

an

external

host?

NAT Translation Table


The

NAT

software

maintains

a

translation

table

that

tells

it

what

internal

hosts

are

communicating

with

what

external

hosts










When

a

datagram

arrives

from

134
.
126
.
14
.
32

the

destination

adress

should

be

translated

to

10
.
1
.
0
.
3

External IP Address

Internal IP Address

134.126.24.210

10.1.0.1

134.126.14.32

10.1.0.3

134.126.8.7

10.2.0.2

134.126.43.111

10.1.0.8

Translation Table Initialization


How

(and

when)

are

entries

placed

in

the

translation

table?


Manually


Good
:

permanent

mappings,

connections

can

originate

either

inside

or

outside


Bad
:

difficult

to

maintain

Translation Table Initialization
(cont)


How

(and

when)

are

entries

placed

in

the

translation

table?


During

translation

of

outgoing

datagrams


Good
:

automatic


Bad
:

external

hosts

cannot

initiate

connections

Translation Table Initialization
(cont)


How

(and

when)

are

entries

placed

in

the

translation

table?


In

response

to

an

incoming

name

lookup


Good
:


Automatic


External

hosts

can

initiate

connections


Bad


Requires

modification

to

DNS

server

software


External

hosts

must

perform

a

name

lookup

prior

to

sending

datagrams

to

internal

hosts

Shortcoming of NAT Translation
Table


What

if

two

different

internal

hosts

want

to

communicate

with

the

same

external

host

(
134
.
126
.
24
.
210
)?


Not

clear

which

one

to

send

replies

to
:

External IP Address

Internal IP Address

134.126.24.210

10.1.0.1

134.126.14.32

10.1.0.3

134.126.24.210

10.2.0.2

134.126.43.111

10.1.0.8

Network Address Port Translation


Network

Address

Port

Translation

(NAPT)

expands

the

table

to

include

additional

fields
:








Note
:

two

internal

hosts

(
10
.
0
.
0
.
5

and

10
.
0
.
0
.
1
)

are

both

accessing

port

80

on

128
.
10
.
19
.
20


NAPT

translates

both

addresses

and

ports

to

avoid

ambiguity

Network Address Port Translation
(cont)


Note
:

both

the

IP

address

and

the

port

number

are

translated
:


Datagrams

from

port

21023

on

10
.
0
.
0
.
5

are

sent

to

128
.
10
.
19
.
20

as

if

they

came

from

port

14003

on

the

NAT

box


Replies

from

128
.
10
.
19
.
20

to

port

14003

on

the

NAT

box

are

forwarded

to

10
.
0
.
0
.
5


Datagrams

from

port

386

on

10
.
0
.
0
.
1

are

sent

to

128
.
10
.
19
.
20

as

if

they

came

from

port

14010

on

the

NAT

box


Replies

from

128
.
10
.
19
.
20

to

port

14010

on

the

NAT

box

are

forwarded

to

10
.
0
.
0
.
1


NAT (cont)


Advantages
:


General
:

internal

hosts

can

access

an

arbitrary

service

on

an

external

host


Transparent

to

internal

and

external

hosts


Helps

conserve

IP

addresses


Shields

internal

host

IP

addresses


Disadvantage
:


Interaction

with

higher
-
layer

protocols


ICMP


FTP

Features of IPv6


Larger

Address

Space


Aggregation
-
based

address

hierarchy





Efficient

backbone

routing


Efficient

and

Extensible

IP

datagram


Stateless

Address

Autoconfiguration


Security

(
IPsec

mandatory)


Mobility

128
-
bit IPv6 Address

3FFE:085B:1F1F:0000:0000:0000:
00A9:1234

8 groups of 16
-
bit hexadecimal numbers separated by

:


3FFE:85B:1F1F::A9:1234

::

= all zeros in one or more group of 16
-
bit hexadecimal numbers

Leading zeros can be removed


Address Allocation


The

allocation

process

was

recently

updated

by

the

registries
:



IANA

allocates

from

2001
::
/
16

to

regional

registries


Each

regional

registry

allocation

is

a

::
/
23


ISP

allocations

from

the

regional

registry

is

a

::
/
3
6

(immediate

allocation)

or

::
/
32

(initial

allocation)

or

shorter

with

justification


Policy

expectation

that

an

ISP

allocates

a

::
/
48

prefix

to

each

customer

2001

0410

ISP prefix

Site prefix

Subnet prefix

/32

/48

/64

Registry

/23

Interface ID

Security in IPv6


Based

on

two

mechanisms
:


Authentication

Header

(AH)


Proof

of

the

sender’s

identity


Protection

of

the

integrity

of

the

data


Encapsulating

Security

Payload

(ESP)


Protection

of

the

confidentiality

of

the

data

Authentication Header


Security

parameters

index

field



specifies

which

specific

authentication

scheme

is

being

used


Authentication

data

field



contains

data

that

can

be

used

to

establish

the

datagrams
:


Authenticity


Integrity

Encapsulating Security Payload


Encryption

of

the

datagram

or

part

of

the

datagram


2

modes
:


Transport

mode



encryption

of

datagram

payload


Tunneling

mode


Encryption

of

entire

datagram


Encapsulation

of

datagram

IP Service

IPv4 Solution

IPv6 Solution


Mobile IP

with Direct
Routing


DHCP

Mobile IP

IGMP/
PIM/Multicast BGP

IP Multicast

MLD/
PIM/Multicast

BGP,
Scope Identifier

Mobility

Autoconfiguration

Serverless
,

Reconfiguration
, DHCP

IPv6 Technology Scope

32
-
bit, Network

Address Translation

128
-
bit
, Multiple

Scopes

Addressing Range

Quality
-
of
-
Service

Differentiated Service,
Integrated Service

Differentiated Service,
Integrated Service

Security

IPSec Mandated,

works
End
-
to
-
End

IPSec

Questions?

Thank you