Title: 10 nero.eug.oregon-gigapop.net (198.32.163.151) 31.648 m
1CS335 Networking Network Administration
2ICMP
- Internet Control Message Protocol
- Error reporting protocol integrated with IP
- We have reviewed header checksum
- http//www.faqs.org/rfcs/rfc792.html
- Short for Internet Control Message Protocol, an
extension to the Internet Protocol (IP) defined
by RFC 792. ICMP supports packets containing
error, control, and informational messages. The
PING command, for example, uses ICMP to test an
Internet connection.
3ICMP
- ICMP Protocol Overview
- Internet Control Message Protocol (ICMP),
documented in RFC 792, is a required protocol
tightly integrated with IP. ICMP messages,
delivered in IP packets, are used for out-of-band
messages related to network operation or
misoperation. Of course, since ICMP uses IP, ICMP
packet delivery is unreliable, so hosts can't
count on receiving ICMP packets for any network
problem. Some of ICMP's functions are to - Announce network errors, such as a host or entire
portion of the network being unreachable, due to
some type of failure. A TCP or UDP packet
directed at a port number with no receiver
attached is also reported via ICMP. - Announce network congestion. When a router begins
buffering too many packets, due to an inability
to transmit them as fast as they are being
received, it will generate ICMP Source Quench
messages. Directed at the sender, these messages
should cause the rate of packet transmission to
be slowed. Of course, generating too many Source
Quench messages would cause even more network
congestion, so they are used sparingly. - Assist Troubleshooting. ICMP supports an Echo
function, which just sends a packet on a
round--trip between two hosts. Ping, a common
network management tool, is based on this
feature. Ping will transmit a series of packets,
measuring average round--trip times and computing
loss percentages. - Announce Timeouts. If an IP packet's TTL field
drops to zero, the router discarding the packet
will often generate an ICMP packet announcing
this fact. TraceRoute is a tool which maps
network routes by sending packets with small TTL
values and watching the ICMP timeout
announcements.
4ICMPmessages
http//www.iana.org/assignments/icmp-parameters ht
tp//www.networksorcery.com/enp/protocol/icmp.htm
5ICMP message transport
- ICMP uses IP to transport error messages
ICMP includes both messages about errors and
informational messages. ICMP is integrated with
IP ICMP encapsulates messages in IP for
transmission and IP uses ICMP to report problems.
6ICMP
- ICMP messages are created in response to a
datagram when the datagram has encountered a
problem ( ex. A router finds that the destination
is unreachable) - Sending data back to sender is easy because
datagram has source IP address - No special priority but if a datagram carrying
an ICMP error causes an error, no error message
is sent to keep from flooding the network with
error messages about error messages
7ICMP to test reachability
- Ping uses the ICMP echo request and echo reply
messages - Ping sends an IP datagram that contains an ICMP
echo message to the specified destination - If no reply arrives ping retransmits the request
- ICMP on remote machine replies to the echo request
8Traceroute
- ICMP is used in traceroute
- Traceroute sets the time to live of first packet
to 1 - The first router reponds and discards the packet
because of time to live 0 and sends back an
ICMP time exceeded message - Traceroute now knows the IP address of the first
router from the source address of the error it
sends - Then traceroute sends the second packet with time
to live of 2
9Traceroute
- Last address reply
- Two techniques
- Send an ICMP echo request message the
destination host will generate an ICMP echo reply - Send a datagram to a nonexistent application the
destination host will generate an ICMP
destination unreachable message - Microsoft uses the first
- Unix uses second approach
- The 2 approaches can produce different addresses
for the final destination - Echo request gives a source address equal to the
ip address to which the request was sent - When a datagram with no application arrives, ICMP
uses the address of the interface over which the
error message is sent
10Traceroute result
- traceroute from www.net.berkeley.edu to
www.lagrande.k12.or.us - 1 vlan206.inr-203-eva.Berkeley.EDU (128.32.206.1)
0.855 ms 0.627 ms 1.219 ms - 2 vlan209.inr-201-eva.Berkeley.EDU (128.32.255.1)
0.340 ms 0.306 ms 0.289 ms - 3 ge-1-2-0.inr-002-reccev.Berkeley.EDU
(128.32.0.36) 0.402 ms 0.401 ms 0.395 ms - 4 hpr-oak-hpr--ucb-ge.cenic.net (137.164.27.129)
0.637 ms 1.150 ms 0.617 ms - 5 sac-hpr--oak-hpr-10ge.cenic.net (137.164.25.17)
2.325 ms 2.239 ms 2.243 ms - 6 lax-hpr--sac-hpr-10ge.cenic.net (137.164.25.10)
11.893 ms 11.748 ms 11.723 ms - 7 abilene-LA--hpr-lax-gsr1-10ge.cenic.net
(137.164.25.3) 11.744 ms 13.390 ms 14.997 ms - 8 snvang-losang.abilene.ucaid.edu (198.32.8.95)
19.344 ms 19.163 ms 19.432 ms - 9 pos-1-0.core0.eug.oregon-gigapop.net
(198.32.163.17) 31.597 ms 31.478 ms 31.469 ms - 10 nero.eug.oregon-gigapop.net (198.32.163.151)
31.648 ms 31.593 ms 31.585 ms - 11 ptck-core2-gw.nero.net (207.98.64.2) 33.928 ms
34.089 ms 33.988 ms - 12 eou-car1-gw.nero.net (207.98.64.22)46.885 ms
46.496 ms 46.667 ms
11More TraceRoute Info
- http//bs.mit.edu8001/cgi-bin/traceroute
- http//www.traceroute.org/USA
- http//visualroute.visualware.com/
12Visual Routehttp//visualroute.visualware.com/
- VisualRoute (R) 2005 Server Edition (v9.3a)
report on May 11, 2005 124644 PM
- Report for www.lagrande.k12.or.us 140.211.34.6
- Analysis 'www.lagrande.k12.or.us' was found in
13 hops (TTL243). - --------------------------------------------------
--------------------------------------------------
--------------------------------------------------
--------------------- - Hop Loss IP Address Node Name
Location Tzone
ms Graph Network
- --------------------------------------------------
--------------------------------------------------
--------------------------------------------------
--------------------- - 0 161.58.180.113
WIN10115.visualware.com
Verio, Inc.
VRIO-161-058 - 1 161.58.176.129 -
0 x Verio, Inc. VRIO-161-058
- 2 161.58.156.140 -
6 x- Verio, Inc. VRIO-161-058
- 3 129.250.28.206
xe-1-2-0-3.r20.asbnva01.us.bb.verio.net
Ashburn, VA, USA -0500 0 x
Verio, Inc. VRIO-129-250
- 4 129.250.2.35
p64-0-0-0.r21.asbnva01.us.bb.verio.net
Ashburn, VA, USA -0500 0 x
Verio, Inc. VRIO-129-250
- 5 129.250.9.162
p16-0.level3.asbnva01.us.bb.verio.net
Ashburn, VA, USA -0500 0 x
Verio, Inc. VRIO-129-250
- 6 209.244.11.13
so-2-1-0.bbr2.Washington1.Level3.net 38.55n,
77.13w 0 x Level 3
Communications, Inc. LEVEL3-CIDR - 7 209.247.10.133
so-1-0-0.mp2.Seattle1.Level3.net
Seattle, WA, USA -0800 74 x
Level 3 Communications, Inc. LEVEL3-CIDR
13ICMP for path MTU discovery
- Smallest MTU is the path MTU
- Fragmentation impacts performance so determining
path MTU can keep fragmentation from happening - Set header bit in Flags field to prevent
fragmentation - Probe with datagrams to find a datagram size that
passes the MTU of the route
14UDP User Datagram Protocol
- End-to-end protocols are in Layer 4
- End-to-end protocol or transport protocol
- UDP is less complex but does not provide the type
of service that a typical application expects
15UDP
- End-to-end can distinguish among multiple
applications on a computer - Connectionless the interface that UDP supplies
to apps follows a connectionless paradigm does
not need to preestablish communication before
sending data, nor terminate communication when
finished no control messages, arbitrary delay
times between messages - Message-oriented an app that uses UDP send and
receives individual messages - Best-effort UDP offers the same best effort
delivery as IP - Arbitrary interaction UDP allows an app to send
to many other apps, receive from many apps, or
communicate with exactly one app - OS independent provides a means of identifying
application programs that does not depend on
identifiers used by the local OS
16Message-oriented interface
- Does not divide messages into packets for
transmission - Does not combine messages for delivery
- IP datagram size forms a limit on the size of a
UDP message - Problems for programmers
- UDP message size
- Large messages will be fragmented if the network
MTU is exceeded - Small messages have large ratio of header octets
to data octets - inefficient
17UDP
- UDP uses IP for delivery so it uses best-effort
delivery semantics - UDP suffices for applications that can afford
lost or corrupted packets - Audio could afford a lost packet it would
produce annoying noise - On-line shopping cant tolerate duplication of
messages
18UDP
- 1-to-1 app to app
- 1-to-many app to multiple recipients
- Many-to-1 receive messages from multiple
- Many-to-many set of apps communicate together
- Applications using UDP can use unicast, multicast
and broadcast IP addresses
19UDP
- UDP defines an abstract set of identifiers for
the application programs called protocol port
numbers independent of the underlying OS - All OSs recognize the standard protocol port
numbers
20UDP Datagram
- UDP messages are called user datagrams
- Short header and a payload
- Protocol port numbers for sender and receiver
- Message length of total size measured in octets
21Encapsulation
- UDP is encapsulated in IP
22UDP summary
- Provides end-to-end message transport from an app
on one computer to an app on another - Encapsulated in IP
- Uses best delivery like IP
- Uses protocol port numbers to distinguish among
apps and independent of underlying OS
23TCP
- Transmission control protocol
- Provides reliable data delivery service to
applications - Reliability is the responsibility of the
transport protocol
24TCP services
- Connection orientation app first requests a
connection to a destination, then uses it to
transfer data - Point-to-point each TCP connection has exactly
two endpoints - Complete reliability TCP guarantees that the
data sent will be delivered exactly as sent - Full duplex communication data flows in either
direction either app can send data at any time.
TCP can buffer outgoing and incoming data, so an
app can continue computation while data is
transferred
25TCP services
- Stream interface app sends continuous sequence
of octets - Reliable connection startup both apps have to
agree to the connection duplicate packets used
in previous connections will not appear to be
valid responses - Graceful connection shutdown apps can open
connections, send arbitrary data, then request a
shutdown. TCP guarantees to deliver data reliably
before closing connection
26End-to-end service
- Virtual connections because achieved in software
- Encapsulated in IP
- IP passes to TCP
- TCP treats IP as a packet communication system
and IP treats each TCP message as data to be
transferred
27Reliability
- Cant accept duplicate messages from old
connections - Computer reboots can leave a a connection in place
28Packet Loss
- Retransmission
- TCP starts timer when it sends data
- If no ACK retransmits
29Adaptive retransmission
- TCP estimates round trip delays for each
connection to adapt to internet delay - Doesnt use a fixed timeout due to changes in
internet responses
30Comparison
31Buffers, flow control
- TCP uses a window mechanism
- Each side allocates a buffer and communicates it
to the other side - Amount of buffer at a time is the window
- When a sender gets a zero window it has to wait
to send more data - Receiver can control the rate at which sender
transmits data
32Three-way handshake
- Reliable connections established and terminated
- Synchronization segment (SYN) to create
connection - Finish segment (FIN) to terminate connection
- TCP retransmits lost SYN and FIN segments
33Congestion control
- Packet loss (or extremely long delay) is most
likely due to congestion - Congestion can be exacerbated by retransmission
- So TCP uses packet loss as a measure of
congestion and reduces the rate at which it
retransmits data - TCP knows receiver window size and retransmits at
lower rates
34Congestion
- TCP sends a single message containing data
- If an ACK arrives with no loss, TCP sends two
additional messages - If those ACKs arrive, sends 4
- When it reaches half of the receiving window
allotment it slows down the rate of increase - This scheme works well with increased traffic on
the internet - Senders back off when congestion occurs
35TCP segment format
- Segment refers to a message
- TCP uses this format for all messages data,
acknowledgements, and messages that are part of
the 3-way handshake
36TCP Summary
- Major transport protocol of the TCP/IP suite
- Provides apps with a reliable, flow-controlled,
full-duplex, stream transport service - Connection oriented with guaranteed delivery and
termination - TCP on one computer exchanges messages with TCP
on receiver - Travels in IP datagram
- Retransmits lost messages
- Retransmission time is adaptive
37TCP resources
- ftp//ftp.isi.edu/in-notes/rfc793.txt original
DARPA TCP protocol definition from 1981 - ftp//ftp.isi.edu/in-notes/rfc1122.txt later
refinements - http//www.faqs.org/rfcs/rfc793.html
- http//www.cisco.com/warp/public/535/4.html
- http//www.protocols.com/pbook/tcpip1.htm
38NAT
- Network address translation
- Share one single valid IP address for the
Internet with multiple computers - Computers on Internet never see private addresses
39Basic address translation
- Valid IP address for site of 128.210.24.6
- Source address 10.0.0.1
- Destination address 128.211.134.4
- NAT has to rewrite the source address to make it
128.210.24.6 - Also has to recompute the IP checksum because the
original checksum will fail
40Translation table
- NAT uses translation table to track the
destination of packets to the incoming network
41NAPT
- Network address and port translation
- If browser at 10.0.0.1 and 10.0.0.2 both form TCP
connection, NAPT table rewrites both IP address
and port number
42NAT at home
- DSL and cable modems use NAT to share address in
a residence
43NAT resources
- http//www.faqs.org/rfcs/rfc3022.html NAT
- http//www.faqs.org/rfcs/rfc2663.html NAT
- http//www.faqs.org/rfcs/rfc2766.html NAPT