CIS511 Notes

March 16, 2006

Naeem Ahmed

Internet Protocol Interoperability

Discussed last time: link layer protocols: Ethernet (802.x)

Others: ATM, FDDI

IP runs on top of link layer, i.e. Ethernet, ATM, FDDI.

HTTP, FTP, are application layer protocols that run on top of TCP which runs on top of IP.

Today: IP

IP and TCP were not designed with security in mind (that's where dos attacks come from).

IP: solves problem of how to connect different physical networks (via routers). Just like with ethernet, we need to be able to address different hosts. This is done via IP addresses.

Issues: how to assign IP addresses consistently, and how to find a particular machine on the network?

Internet is different because you need a hierarchy (can't just broadcast like on ethernet).

IP encapsulates frames from different networks (ethernet, ATM, etc) by being wrapped into frames of underlying network (see slide 6).

IP model:

Needs to be minimalistic so it can deal with very different underlying protocols, and makes very little guarantees to the layers above, e.g. Best-effort datagram delivery.

IPV4 packet format (slides 8-9):

Stacks of 32 bit headers.

For routing: IP addresses of sender and destination.

To deal with different size frames, IP protocol supports fragmentation and reassembly.

Largest source of security problems: no authenticity in source address, so any machine can lie about the source.

IPV6: next version which supports authenticated source addresses and larger addresses (also backward compatible to Ipv6).

Checksum: attempts to detect errors in the header, but not a security feature.

IP Datagram Delivery

IP addresses: Hierarchical, not flat as in Ethernet. Class A (for a few large networks, 128), B, C (2^21 networks with 255 hosts). (slide 12)

Router: if on same network as IP packet destination, then deliver locally; otherwise use routing table on how to get to destination network in smallest number of hops.

Administrative protocols: Help assign IP addresses to hosts (hard to guarantee uniqueness otherwise), like DHCP.

IPv4 only allows up to ~2 million networks, which is not enough today. So IPv4 was retrofitted using things such as NAT (Network Address Translation) and Subnetting (using subnet masks).

E.g. If we have 300 machines, then Class C is too small, and Class B would waste too many IP addresses.

Solution: subnetting

Idea: One IP network number allocated to several physical networks.

How? All nodes are given a subnet mask, and this allows definition of a subnet number. All hosts on a physical subnetwork share the same subnet number.

Example of subnetting (slide 17)

Routers contain information on subnets. Subnet forwarding algorithm (slide 19).

ARP (Address Resolution Protocol)

Problem: Need mapping between IP and Link Layer Addresses.

Solution: ARP (mapping table b/w IP addresses and link layer addresses).

ARP builds mapping table by broadcasting queries to hosts on network.

ICMP (Internet Control Message Protocol)

Error and Control Messages, feedback.

Examples of errors: host unreachable, reassembly, checksum failure, etc.

Also help routers learn about better alternate routes.

Exploit: maliciously abuse control messages and mess up routing tables.

DNS (Domain Name System)

Mapping for mnemonic names for computer into IP addresses.

Domain Hierarchy.

Name Servers.

Name Resolution.

Allows aliasing, i.e. different names can map to same IP address.

Types: A, NS, CNAME, MX.

Class IN for IP addresses.

Example of name resolution (slide 26). When name resolution does not exist in local name server, then root name server is queried, which returns the IP address of the name server of the next name in the hierarchy, and so on. Caching takes place at every level. So it's very very rare that the worst case occurs.