10 nero.eug.oregon-gigapop.net (198.32.163.151) 31.648 m

1
CS335 Networking Network Administration

• Wednesday, May 12, 2010

2
ICMP

• Internet Control Message Protocol
• Error reporting protocol integrated with IP
• We have reviewed header checksum
• http//www.faqs.org/rfcs/rfc792.html
• Short for Internet Control Message Protocol, an
  extension to the Internet Protocol (IP) defined
  by RFC 792. ICMP supports packets containing
  error, control, and informational messages. The
  PING command, for example, uses ICMP to test an
  Internet connection.

3
ICMP

• ICMP Protocol Overview
• Internet Control Message Protocol (ICMP),
  documented in RFC 792, is a required protocol
  tightly integrated with IP. ICMP messages,
  delivered in IP packets, are used for out-of-band
  messages related to network operation or
  misoperation. Of course, since ICMP uses IP, ICMP
  packet delivery is unreliable, so hosts can't
  count on receiving ICMP packets for any network
  problem. Some of ICMP's functions are to
• Announce network errors, such as a host or entire
  portion of the network being unreachable, due to
  some type of failure. A TCP or UDP packet
  directed at a port number with no receiver
  attached is also reported via ICMP.
• Announce network congestion. When a router begins
  buffering too many packets, due to an inability
  to transmit them as fast as they are being
  received, it will generate ICMP Source Quench
  messages. Directed at the sender, these messages
  should cause the rate of packet transmission to
  be slowed. Of course, generating too many Source
  Quench messages would cause even more network
  congestion, so they are used sparingly.
• Assist Troubleshooting. ICMP supports an Echo
  function, which just sends a packet on a
  round--trip between two hosts. Ping, a common
  network management tool, is based on this
  feature. Ping will transmit a series of packets,
  measuring average round--trip times and computing
  loss percentages.
• Announce Timeouts. If an IP packet's TTL field
  drops to zero, the router discarding the packet
  will often generate an ICMP packet announcing
  this fact. TraceRoute is a tool which maps
  network routes by sending packets with small TTL
  values and watching the ICMP timeout
  announcements.

4
ICMPmessages
http//www.iana.org/assignments/icmp-parameters ht
tp//www.networksorcery.com/enp/protocol/icmp.htm

5
ICMP message transport

• ICMP uses IP to transport error messages

ICMP includes both messages about errors and
informational messages. ICMP is integrated with
IP ICMP encapsulates messages in IP for
transmission and IP uses ICMP to report problems.
6
ICMP

• ICMP messages are created in response to a
  datagram when the datagram has encountered a
  problem ( ex. A router finds that the destination
  is unreachable)
• Sending data back to sender is easy because
  datagram has source IP address
• No special priority but if a datagram carrying
  an ICMP error causes an error, no error message
  is sent to keep from flooding the network with
  error messages about error messages

7
ICMP to test reachability

• Ping uses the ICMP echo request and echo reply
  messages
• Ping sends an IP datagram that contains an ICMP
  echo message to the specified destination
• If no reply arrives ping retransmits the request
• ICMP on remote machine replies to the echo request

8
Traceroute

• ICMP is used in traceroute
• Traceroute sets the time to live of first packet
  to 1
• The first router reponds and discards the packet
  because of time to live 0 and sends back an
  ICMP time exceeded message
• Traceroute now knows the IP address of the first
  router from the source address of the error it
  sends
• Then traceroute sends the second packet with time
  to live of 2

9
Traceroute

• Last address reply
• Two techniques
• Send an ICMP echo request message the
  destination host will generate an ICMP echo reply
• Send a datagram to a nonexistent application the
  destination host will generate an ICMP
  destination unreachable message
• Microsoft uses the first
• Unix uses second approach
• The 2 approaches can produce different addresses
  for the final destination
• Echo request gives a source address equal to the
  ip address to which the request was sent
• When a datagram with no application arrives, ICMP
  uses the address of the interface over which the
  error message is sent

10
Traceroute result

• traceroute from www.net.berkeley.edu to
  www.lagrande.k12.or.us
• 1 vlan206.inr-203-eva.Berkeley.EDU (128.32.206.1)
  0.855 ms 0.627 ms 1.219 ms
• 2 vlan209.inr-201-eva.Berkeley.EDU (128.32.255.1)
  0.340 ms 0.306 ms 0.289 ms
• 3 ge-1-2-0.inr-002-reccev.Berkeley.EDU
  (128.32.0.36) 0.402 ms 0.401 ms 0.395 ms
• 4 hpr-oak-hpr--ucb-ge.cenic.net (137.164.27.129)
  0.637 ms 1.150 ms 0.617 ms
• 5 sac-hpr--oak-hpr-10ge.cenic.net (137.164.25.17)
  2.325 ms 2.239 ms 2.243 ms
• 6 lax-hpr--sac-hpr-10ge.cenic.net (137.164.25.10)
  11.893 ms 11.748 ms 11.723 ms
• 7 abilene-LA--hpr-lax-gsr1-10ge.cenic.net
  (137.164.25.3) 11.744 ms 13.390 ms 14.997 ms
• 8 snvang-losang.abilene.ucaid.edu (198.32.8.95)
  19.344 ms 19.163 ms 19.432 ms
• 9 pos-1-0.core0.eug.oregon-gigapop.net
  (198.32.163.17) 31.597 ms 31.478 ms 31.469 ms
• 10 nero.eug.oregon-gigapop.net (198.32.163.151)
  31.648 ms 31.593 ms 31.585 ms
• 11 ptck-core2-gw.nero.net (207.98.64.2) 33.928 ms
  34.089 ms 33.988 ms
• 12 eou-car1-gw.nero.net (207.98.64.22)46.885 ms
  46.496 ms 46.667 ms

11
More TraceRoute Info

• http//bs.mit.edu8001/cgi-bin/traceroute
• http//www.traceroute.org/USA
• http//visualroute.visualware.com/

12
Visual Routehttp//visualroute.visualware.com/

• 
  
• VisualRoute (R) 2005 Server Edition (v9.3a)
  report on May 11, 2005 124644 PM
• 
  
• Report for www.lagrande.k12.or.us 140.211.34.6
• Analysis 'www.lagrande.k12.or.us' was found in
  13 hops (TTL243).
• --------------------------------------------------
  --------------------------------------------------
  --------------------------------------------------
  ---------------------
• Hop Loss IP Address Node Name
  Location Tzone
  ms Graph Network
  
• --------------------------------------------------
  --------------------------------------------------
  --------------------------------------------------
  ---------------------
• 0 161.58.180.113
  WIN10115.visualware.com
  Verio, Inc.
  VRIO-161-058
• 1 161.58.176.129 -
  
  0 x Verio, Inc. VRIO-161-058
  
• 2 161.58.156.140 -
  
  6 x- Verio, Inc. VRIO-161-058
  
• 3 129.250.28.206
  xe-1-2-0-3.r20.asbnva01.us.bb.verio.net
  Ashburn, VA, USA -0500 0 x
  Verio, Inc. VRIO-129-250
  
• 4 129.250.2.35
  p64-0-0-0.r21.asbnva01.us.bb.verio.net
  Ashburn, VA, USA -0500 0 x
  Verio, Inc. VRIO-129-250
  
• 5 129.250.9.162
  p16-0.level3.asbnva01.us.bb.verio.net
  Ashburn, VA, USA -0500 0 x
  Verio, Inc. VRIO-129-250
  
• 6 209.244.11.13
  so-2-1-0.bbr2.Washington1.Level3.net 38.55n,
  77.13w 0 x Level 3
  Communications, Inc. LEVEL3-CIDR
• 7 209.247.10.133
  so-1-0-0.mp2.Seattle1.Level3.net
  Seattle, WA, USA -0800 74 x
  Level 3 Communications, Inc. LEVEL3-CIDR
  

13
ICMP for path MTU discovery

• Smallest MTU is the path MTU
• Fragmentation impacts performance so determining
  path MTU can keep fragmentation from happening
• Set header bit in Flags field to prevent
  fragmentation
• Probe with datagrams to find a datagram size that
  passes the MTU of the route

14
UDP User Datagram Protocol

• End-to-end protocols are in Layer 4
• End-to-end protocol or transport protocol
• UDP is less complex but does not provide the type
  of service that a typical application expects

15
UDP

• End-to-end can distinguish among multiple
  applications on a computer
• Connectionless the interface that UDP supplies
  to apps follows a connectionless paradigm does
  not need to preestablish communication before
  sending data, nor terminate communication when
  finished no control messages, arbitrary delay
  times between messages
• Message-oriented an app that uses UDP send and
  receives individual messages
• Best-effort UDP offers the same best effort
  delivery as IP
• Arbitrary interaction UDP allows an app to send
  to many other apps, receive from many apps, or
  communicate with exactly one app
• OS independent provides a means of identifying
  application programs that does not depend on
  identifiers used by the local OS

16
Message-oriented interface

• Does not divide messages into packets for
  transmission
• Does not combine messages for delivery
• IP datagram size forms a limit on the size of a
  UDP message
• Problems for programmers
• UDP message size
• Large messages will be fragmented if the network
  MTU is exceeded
• Small messages have large ratio of header octets
  to data octets - inefficient

17
UDP

• UDP uses IP for delivery so it uses best-effort
  delivery semantics
• UDP suffices for applications that can afford
  lost or corrupted packets
• Audio could afford a lost packet it would
  produce annoying noise
• On-line shopping cant tolerate duplication of
  messages

18
UDP

• 1-to-1 app to app
• 1-to-many app to multiple recipients
• Many-to-1 receive messages from multiple
• Many-to-many set of apps communicate together
• Applications using UDP can use unicast, multicast
  and broadcast IP addresses

19
UDP

• UDP defines an abstract set of identifiers for
  the application programs called protocol port
  numbers independent of the underlying OS
• All OSs recognize the standard protocol port
  numbers

20
UDP Datagram

• UDP messages are called user datagrams
• Short header and a payload
• Protocol port numbers for sender and receiver
• Message length of total size measured in octets

21
Encapsulation

• UDP is encapsulated in IP

22
UDP summary

• Provides end-to-end message transport from an app
  on one computer to an app on another
• Encapsulated in IP
• Uses best delivery like IP
• Uses protocol port numbers to distinguish among
  apps and independent of underlying OS

23
TCP

• Transmission control protocol
• Provides reliable data delivery service to
  applications
• Reliability is the responsibility of the
  transport protocol

24
TCP services

• Connection orientation app first requests a
  connection to a destination, then uses it to
  transfer data
• Point-to-point each TCP connection has exactly
  two endpoints
• Complete reliability TCP guarantees that the
  data sent will be delivered exactly as sent
• Full duplex communication data flows in either
  direction either app can send data at any time.
  TCP can buffer outgoing and incoming data, so an
  app can continue computation while data is
  transferred

25
TCP services

• Stream interface app sends continuous sequence
  of octets
• Reliable connection startup both apps have to
  agree to the connection duplicate packets used
  in previous connections will not appear to be
  valid responses
• Graceful connection shutdown apps can open
  connections, send arbitrary data, then request a
  shutdown. TCP guarantees to deliver data reliably
  before closing connection

26
End-to-end service

• Virtual connections because achieved in software
• Encapsulated in IP
• IP passes to TCP
• TCP treats IP as a packet communication system
  and IP treats each TCP message as data to be
  transferred

27
Reliability

• Cant accept duplicate messages from old
  connections
• Computer reboots can leave a a connection in place

28
Packet Loss

• Retransmission
• TCP starts timer when it sends data
• If no ACK retransmits

29
Adaptive retransmission

• TCP estimates round trip delays for each
  connection to adapt to internet delay
• Doesnt use a fixed timeout due to changes in
  internet responses

30
Comparison

• Adaptive retransmission

31
Buffers, flow control

• TCP uses a window mechanism
• Each side allocates a buffer and communicates it
  to the other side
• Amount of buffer at a time is the window
• When a sender gets a zero window it has to wait
  to send more data
• Receiver can control the rate at which sender
  transmits data

32
Three-way handshake

• Reliable connections established and terminated
• Synchronization segment (SYN) to create
  connection
• Finish segment (FIN) to terminate connection
• TCP retransmits lost SYN and FIN segments

33
Congestion control

• Packet loss (or extremely long delay) is most
  likely due to congestion
• Congestion can be exacerbated by retransmission
• So TCP uses packet loss as a measure of
  congestion and reduces the rate at which it
  retransmits data
• TCP knows receiver window size and retransmits at
  lower rates

34
Congestion

• TCP sends a single message containing data
• If an ACK arrives with no loss, TCP sends two
  additional messages
• If those ACKs arrive, sends 4
• When it reaches half of the receiving window
  allotment it slows down the rate of increase
• This scheme works well with increased traffic on
  the internet
• Senders back off when congestion occurs

35
TCP segment format

• Segment refers to a message
• TCP uses this format for all messages data,
  acknowledgements, and messages that are part of
  the 3-way handshake

36
TCP Summary

• Major transport protocol of the TCP/IP suite
• Provides apps with a reliable, flow-controlled,
  full-duplex, stream transport service
• Connection oriented with guaranteed delivery and
  termination
• TCP on one computer exchanges messages with TCP
  on receiver
• Travels in IP datagram
• Retransmits lost messages
• Retransmission time is adaptive

37
TCP resources

• ftp//ftp.isi.edu/in-notes/rfc793.txt original
  DARPA TCP protocol definition from 1981
• ftp//ftp.isi.edu/in-notes/rfc1122.txt later
  refinements
• http//www.faqs.org/rfcs/rfc793.html
• http//www.cisco.com/warp/public/535/4.html
• http//www.protocols.com/pbook/tcpip1.htm

38
NAT

• Network address translation
• Share one single valid IP address for the
  Internet with multiple computers
• Computers on Internet never see private addresses

39
Basic address translation

• Valid IP address for site of 128.210.24.6
• Source address 10.0.0.1
• Destination address 128.211.134.4
• NAT has to rewrite the source address to make it
  128.210.24.6
• Also has to recompute the IP checksum because the
  original checksum will fail

40
Translation table

• NAT uses translation table to track the
  destination of packets to the incoming network

41
NAPT

• Network address and port translation
• If browser at 10.0.0.1 and 10.0.0.2 both form TCP
  connection, NAPT table rewrites both IP address
  and port number

42
NAT at home

• DSL and cable modems use NAT to share address in
  a residence

43
NAT resources

• http//www.faqs.org/rfcs/rfc3022.html NAT
• http//www.faqs.org/rfcs/rfc2663.html NAT
• http//www.faqs.org/rfcs/rfc2766.html NAPT