Académique Documents
Professionnel Documents
Culture Documents
3 1
H7 R3 H8
Concatenation of Networks Outline
H1 H2 H3
Network 4
Network 2 (Ethernet) (point-to-point)
R1 Lesson 1: Internet Protocol
R2
H4 Lesson 2: IP Addressing
Network 3 (FDDI)
TCP R1 R2 R3 TCP
Lesson 5: End-to-End protocols
IP IP IP IP IP
Network Security Internet Architecture and Protocols 7 Network Security Internet Architecture and Protocols 5
Network Security Internet Architecture and Protocols 11 Network Security Internet Architecture and Protocols 9
128.96.34.15 128.96.34.1
oGlobally unique (with some exceptions)
H1
R1
oHierarchical: network + host
7 24
Subnet mask: 255.255.255.128 A: 0 Network Host
128.96.34.130 Subnet number: 128.96.34.128
Network Security Internet Architecture and Protocols 16 Network Security Internet Architecture and Protocols 14
Dynamic Host Configuration Protocol ARP Packet Format
(DHCP)
IP addresses of interfaces cannot be configured at
manufacturing phase (like for Ethernet) because they are
location dependent
Configuration is an error-prone process
Solution: centralize the configuration information in a
DHCP server:
o DHCP server discovery: broadcast a DHCPDISCOVER request
o Request are relayed (unicast) to the server by DHCP relays
o DHCP server broadcast replies with <HWADDR, IPADDR,
lease-info>
Runs on top of UDP
Network Security Internet Architecture and Protocols 23 Network Security Internet Architecture and Protocols 21
Network Security Internet Architecture and Protocols 24 Network Security Internet Architecture and Protocols 22
Exterior Gateway Protocols Open Shortest Path First
BGP-4: Border Gateway Protocol
The Internet is composed of Autonomous Systems (AS)
Stub AS: has a single connection to another AS IP protocol (not over UDP), reliable (sequence numbers,
Multihomed AS: has connections to more than one AS acks)
o Does not carry transit traffic for other AS
Transit AS: has connections to more than one AS Protocol overview: link state protocol
o Carries both transit and local traffic
o http://maps.level3.com/default/#.VfGp_5NVikp o The link status (cost) is sent/forwarded to all routers (LSP)
o http://as-rank.caida.org/?mode0=as-info&mode1=as- o Each router knows the exact topology of the network
table&as=7018
o http://bgp.he.net/AS7018#_graph4 o Each router can compute a route to any address
o simple authentication scheme
Each AS has:
One or more border routers Advantages over RIP
At least one BGP speaker that advertises: o Faster to converge
o Local networks, and other reachable networks (transit AS only)
o Advertises complete path of AS to reach destination o The router can compute multiple routes (e.g., depending on the
o Possibility to withdraw path type of services, load balancing)
In the backbone BGP speakers inject learned information using iBGP +
intradomain routing protocol to reach border routers o Use of multicasting instead of broadcasting (concentrate on OSPF
routers)
BGP-4 is vulnerable to attacks e.g., IP addr hijacking and misconfigs
Network Security Internet Architecture and Protocols 25
Network Security Internet Architecture and Protocols 27
o EIGRP (Cisco)
Optional checksum o IS-IS (Intermediate System to Intermediate System)
o Pseudo header + UDP header + data
o Pseudo header = protocol number, source IP addr, dest IP addr, UDP
length
Network Security Internet Architecture and Protocols 28 Network Security Internet Architecture and Protocols 26
Lesson 6: Naming: Domain Name End-to-End Protocols
Transport Control Protocol (TCP)
System (DNS) Reliable ! Key%mechanisms%
! Connec/on%establishment%using%a%
Naming is a general paradigm for mapping abstract names to Connection-oriented
handshake%protocol:%SYN,%ACK/SYN,%
physical resources (e.g., name to IP address or name to email Byte-stream ACK,%FIN%
address) Application writes bytes ! Flow%control%prevents%the%sender%
TCP sends segments from%overrunning%the%receiver%
DNS is a fundamental application layer protocol, not visible but
Application reads bytes
invoked every time a remote site is accessed ! Conges/on%control%prevents%the%
madrid.ccs.neu.edu -> 129.10.112.229 sender%from%overrunning%network%
The domain names are organized as hierarchical zones starting at Application process
Application process
the Top Level Domains (TLD) (.net, .com, .edu, etc.)
o Each zone has at least two dns servers Write Read
bytes bytes
DNS runs on top of UDP port 53 (and also in a limited way on top of
TCP port 53) TCP TCP
The DNS resolver hierarchically queries DNS servers until it obtains Send buffer Receive buffer
the mapping between a name/resource and an IP address
Segment Segment Segment
Transmit segments
Network Security Internet Architecture and Protocols 32 Network Security Internet Architecture and Protocols 30
Important Protocols DNS Typical Query
cosmicboard:~ noubir$ dig @129.10.116.61 ccs.neu.edu -t any
ARP:Address Resolution Protocol ; <<>> DiG 9.7.3-P3 <<>> @129.10.116.61 ccs.neu.edu -t any
;; QUESTION SECTION:
BGP:Border Gateway Protocol ;ccs.neu.edu. IN ANY
;; ANSWER SECTION:
CIDR: Classless Inter Domain Routing ccs.neu.edu. 300 IN SOA amber.ccs.neu.edu. hostmaster.ccs.neu.edu.
2012092400 10800 1800 604800 300
DHCP: Dynamic Host Configuration Protocol ccs.neu.edu. 300 IN NS amber.ccs.neu.edu.
ccs.neu.edu. 300 IN NS asgard.ccs.neu.edu.
DNS:Domain Name System ccs.neu.edu. 300 IN NS tigana.ccs.neu.edu.
ccs.neu.edu. 300 IN NS alderaan.ccs.neu.edu.
ICMP: Internet Control Message Protocol ccs.neu.edu. 300 IN NS rivendell.ccs.neu.edu.
ccs.neu.edu. 300 IN NS mcs.anl.gov.
ccs.neu.edu. 300 IN NS joppa.ccs.neu.edu.
IP: Internet Protocol ccs.neu.edu. 300 IN A 129.10.116.51
ccs.neu.edu. 300 IN MX 50 atlantis.ccs.neu.edu.
LAN:Local Area Network ccs.neu.edu. 300 IN MX 10 amber.ccs.neu.edu.
Summary
Multi-layer stack of protocols:
o Link Layer: ethernet (IEEE802.3), FDDI, ATM, wlan (IEEE802.11)
Demonstration
o Network Layer:
Internet Protocol (IP) is a focal point
Routing protocols: RIP, OSPF, BGP-4
o Transport Layer: UDP, TCP
o Naming: DNS
How do these protocols fit with each other?
What is the syntax and semantic of typical packets (e.g.,
TCP, IP, UDP)
What are the important mechanisms (e.g., TCP handshake,
DNS resolution)
Network Security Internet Architecture and Protocols 36 Network Security Internet Architecture and Protocols 34