content analysis
ITECH1102 Networking and Security
Topic 5 – The Internet (Network) layer
1
ITECH1102 Networking & Security
2
Last week
Last week we:
Investigated the Data Link layer
Data Link sends and receives data from network media
The Network Interface Card (NIC) is responsible for Media Access
NICs have a globally unique 48 bit MAC address
NICs filter traffic (only broadcast and station traffic are passed to the operating system)
Data Link frames encapsulate all upper layer protocols (ULP)
Broadcast addresses ( FF FF FF FF FF FF ) are processed by all computers.
Two media access methods are CSMA/CD & CSMA/CA
ARP (Address Resolution Protocol) is used to determine local MAC addresses (We will investigate this a bit more this week)
Frame headers change after crossing a router
2
ITECH1102 Networking & Security
3
More about ARP (Address Resolution Protocol)
Last week we introduced ARP.
ARP determines the MAC address of a machine on the local network with a specific IP address.
ARP sends a broadcast asking the question, Who has IP Address 192.168.12.123 (or other IP address)
If the targeted machine responds, the MAC address is known and is entered in the ARP cache.
ITECH1102 Networking & Security
4
ARP commands (in Windows)
To observe the ARP cache contents: arp –a
To delete an entry: arp –d < ip address > Eg. arp –d 141.132.196.22
To delete all arp entries: arp –d *
Note – some entries will remain (router, multicasts etc.)
Some of these functions require administrative privilege and so will not work on lab machines. You can try this on your home machine if you like.
Linux syntax is slightly different –a is not required to look at arp cache.
ITECH1102 Networking & Security
5
When are entries added and deleted.
A successful ARP command will result in a new entry being added to the arp cache.
This will be a new local MAC address/IP address pair.
New entries are only added as the result of local traffic, packets to remote locations exit via the local router and so will not result in a new entry in the arp cache.
ARP entries age out after a set period of time.
(The time varies depending on the Operating System)
ITECH1102 Networking & Security
6
Arp on Linux
This screenshot shows an ARP entry being added to the arp cache as a result of a local ping
One entry in the ARP cache prior to pinging a local machine
Ping 141.132.196.59
(which is a local machine)
New entry in the arp table results
ITECH1102 Networking & Security
7
What we can see in Wireshark
Notice that the
ARP request is a broadcast (FF:FF:FF:FF:FF:FF)
and
The target MAC address is blank (00:00:00:00:00:00)
Enough discussion of ARP.
Let’s have a review of the Data Link Layer
ITECH1102 Networking & Security
8
What did the Data Link ever do for us?
The Data Link implements communication between any two machines on the local network.
It uses the source and destination MAC addresses to address each device.
The Router is also on this network. Therefore it can also communicate with any device on the local network
So we can deliver data to any machine on the local network.
Yippee !!!!!!
The next problem to solve is how to communicate with a remote machine? (One that is on another network)
Solution!!!
Send the packet to the local router and let it handle the remote delivery of network traffic.
That is the function of Routers !!
ITECH1102 Networking & Security
9
How do we decide when to send to the Router?
Each network on the Internet has a network ID.
Each time your computer is about to send a network packet it first determines if the source and destination are on the same or different networks.
If the source and destination are on the same network.
Send directly to the destination’s MAC address.
If the destination and source networks are different (Remote transmission). Send the packet to the Router!!!
But How is this done?
It is done with the help of the Network (Internet) layer!!!
ITECH1102 Networking & Security
10
Role of the Network Layer
Client Application
Transport
Network
Data Link
Physical
The Network Layer’s role is to deliver network traffic from one Host to another. HOST to HOST
The two hosts are often separated by long distances. Eg. Your home and a eBay server in the USA.
The Network layer is all about IP addressing and associated Routing.
ITECH1102 Networking & Security
11
IP (Internet Protocol) addressing
Each device on an IP network requires an IP address.
There are two types of IP address:
IPv4 address
IPv6 address
For now we will just consider IPv4 addressing.
The IP address of a machine must uniquely identify that machine from all others on the Internet.
ITECH1102 Networking & Security
12
Structure of an IPv4 address
IPv4 addresses are 32 bits long.
Example:
10001101 10000100 11000100 00011010
To make it easy for us humans, we normally separate the 32 bits into 4 lots of 8 (called Octets) and express each octet as a decimal number (between 0 – 255)
The above IP address is expressed as follows:
141.132.196.26
ITECH1102 Networking & Security
13
How do computers get an IP address?
The Operating System holds a machine’s IP address. It can be configured manually or automatically.
Manual administration (static addressing)
A user enters the IP settings into the machine’s OS.
Automatic administration (dynamic addressing)
A DHCP (Dynamic Host Configuration Protocol) server allocates IP settings to the machine.
When the machine boots it sends a broadcast requesting IP settings. The networks local DHCP server responds with associated IP address, subnet mask and other settings.
ITECH1102 Networking & Security
14
Other important IP settings
To communicate on an IP network a machine requires:
An IP address
Local router’s address - Called Default Gateway on Windows - Called Default Router on Linux
Subnet mask
The 4th setting which is not essential but particularly useful is the DNS (Domain Name System Server) IP address.
DNS servers are responsible for converting IP addresses to names.
(Example 172.217.26.4 < --- > www.google.com)
ITECH1102 Networking & Security
15
Network / Node components of an IP address
An IP address consists of two parts:
High order bits specify the IP network of the IP address.
Low order bits specify the unique part of the IP address.
The network bits are common to all hosts on an IP network.
The node bits specify a particular host on that network.
ITECH1102 Networking & Security
16
Subnet mask
A subnet mask applies to all machines (hosts) on an IP network.
The format of a subnet masks is:
A series of binary 1 bits (indicating the network portion) followed by
A series of binary 0 bits (indicating the node portion)
Hence a subnet mask tells us how many bits of an IP address is devoted to the network portion and how many to the node portion.
ITECH1102 Networking & Security
17
Determining the network address of an IP address.
Two ways:
If we replace all node bits of an IP address with zeros we get that IP addresses network address.
If we do a bitwise AND of the IP address with the subnet mask we also get the IP addresses network address.
ITECH1102 Networking & Security
18
CIDR – Classless inter-Domain routing
Another way to express the number of network bits of an IP address is to use CIDR notation.
Example:
192.168.22.56 /24
The number following the / is the number of network bits.
The IP address above therefore has 24 bits devoted to its network address.
It is equivalent to a subnet mask of 255.255.255.0
ITECH1102 Networking & Security
19
How this all helps
Your computer wants to communicate with another machine.
It knows its own IP address and that of the destination.
It can determine (with the help of the subnet mask) the network address of the source and the destination.
If they are equal -----> Local communication
(So send directly to the destination machine)
If they are different -----> Remote communication.
(So send the packet to the network’s router)
ITECH1102 Networking & Security
20
Types of IP addresses
Public
Public IP addresses can communicate on the Internet.
Private
Private IP addresses are discarded by routers. They cannot travel on the Internet.
Private ranges are: 10.0.0.0/8 – 10.255.255.255
172.16.0.0/12 – 172.31.255.255
192.168.0.0/16 – 192.168.255.255
ITECH1102 Networking & Security
21
Network Address Translation (NAT)
The computers (hosts) on most home networks use private IP addresses (allocated by the DHCP server in the router).
Home network routers use NAT to provide Internet access to those hosts.
This is achieved by changing the IP address of requests to that of the IP address on the ISP side of the router. IP ports (discussed in Topic 6) are used by the NAT router to distinguish the traffic from different hosts on the home network.
ITECH1102 Networking & Security
22
The role of routers!!!
The path between your computer and a distance web or other server could be many router hops away.
For example. Traffic from my office PC to www.google.com traverses 13 routers.
The role of a router is to:
Move a network packet forward 1 step towards its destination.
Analogy
Like a game of netball. The GD (goal defence) makes a decision as to the best player to pass the ball to and then does it. That player decides the next player to pass the ball to and does it. Etc. etc.
Routers work in a similar fashion, moving packets forward 1 step at a time. The route can change from packet to packet.
ITECH1102 Networking & Security
23
How do Routers decide which route to use?
Routers require a MAP of the internetwork.
The map is called a routing table.
When a packet arrives, the router determines the destination and source of the frame and sends the packet on its way.
The routing table specifies the interface on which packets should exit and also the address of the next router’s address.
| Network address | Interface | Next Hop |
| 141.132.64.0 | 141.132.64.1 | 141.132.64.1 |
| 141.132.192.0 | 141.132.64.1 | 141.132.64.3 |
| 141.132.128 | 141.132.64.2 | 141.132.64.2 |
| 141.132.192 | 141.132.64.1 | 141.132.64.3 |
ITECH1102 Networking & Security
24
What if the network configuration changes?
Routers communicate with one another to ensue all routers know about network changes, for instance:
A router is offline
A particular route is overloaded
New routes added or removed
Common Routing Protocols include:
OSPF (Open shortest Path First) [used on the Mt Helen campus network]
RIP (Routing Information Protocol) [older protocol mostly replaced by OSPF]
BGP (Border Gateway Protocol) [used on the Internet]
Routing protocols update routing table entries as required.
ITECH1102 Networking & Security
25
Format of IPv4 header
The information in the source IP header provides information to routers and the destination host about the network packet.
Important fields include:
Source Address
Destination address
IHL (header size) [ 20-60bytes]
Time to Live
Header checksum
Source IP address and Destination IP addresses are there for obvious reasons.
The IHL field specifies the header size in multiples of 32 bits (4 bytes).
Header sizes can be between 20–60 bytes.
Time to Live stops packets circulating around the Internet forever. The source sets the value (often to 128 or 64). At each router the value is decremented. When the TTL value reaches zero the packet is discarded by the router.
The options field is seldom used, so most IP headers are 20 bytes in length.
ITECH1102 Networking & Security
26
Naming of Internet hosts
Companies and organisations require a block of Public IP addresses to name their servers on the Internet.
The block of addresses are associated with the organisations Domain Name.
For example:
Federation University’s Domain (federation.edu.au) has the IP range 141.132.x.x allocated to it. (65536 IP addresses)
The University’s address range was purchased many years ago.
ITECH1102 Networking & Security
27
Internet Assigned Numbers Authority (IANA)
IANA is the overseeing body for the naming of Internet domains.
IANA delegates naming for different geographical regions of the world to other naming authorities. For instance APNIC (Asia Pacific Network Information Centre) for the Asia Pacific region.
ISP’s hold blocks of IP addresses and can allocate small IP ranges to their customers.
Once an organisation has their domain name and associated IP addresses their server/s can be found on the Internet.
ITECH1102 Networking & Security
28
DNS (Domain Name System)
Name resolution of Internet names is handled by DNS.
Name resolution is the process of looking up the IP address of an Internet name, or for reverse lookups, determining the host name of a particular IP address.
Resolution of names is handled by your local DNS server or that of your ISP’s DNS server.
If the local DNS server cannot resolve a name, it requests the help of DNS servers that form part of the worldwide DNS server hierarchy.
Name resolution is required each time you enter Internet names (eg. www.apple.com) into web browsers because IP addresses are required for network communication to take place.
ITECH1102 Networking & Security
29
IPv6 (IP version 6)
IPv6 is the most recent version of the Internet Protocol.
It was developed by the Internet Engineering Task Force (IETF) to deal with IPv4 address exhaustion. In time IPv6 is meant to replace IPv4.
Each IPv6 address is 128 bits in length which gives IPv6 an enormous addressing range.
2128 possible different addresses
3.402 * 1038
4.5X1015 addresses for every observable start in the universe.
ITECH1102 Networking & Security
30
We use Hexadecimal to express IPv6 addresses
Because IPv6 addresses are so large we use hexadecimal to express them in 8 lots of 4.
Example:
FE80:0000:0000:0000:ACC1:44F9:91B5:AC1B
Most of the Internet only supports IPv4 and so transitions mechanisms are required.
The most important is tunnelling.
ITECH1102 Networking & Security
31
Tool Talk
A closer look at IP settings on Windows and Linux
Windows
Linux
Linux command line:
cd
ls
. .. ~ notations
Wireshark:
ARP (Local address resolution)
DHCP
DNS (name resolution)
Capture filters
Display filters
------- Demonstration -------
ITECH1102 Networking & Security
32
Next Week
The Transport layer:
TCP
Virtual Circuits
3 way handshake
Sequence numbers and acknowledgements
UDP
32
Commonwealth of Australia Copyright Act 1968
Notice for paragraph 135ZXA (a) of the Copyright Act 1968
Warning
This material has been reproduced and communicated to you by or on behalf of Federation University Australia under Part VB of the Copyright Act 1968 (the Act).
The material in this communication may be subject to copyright under the Act. Any further reproduction or communication of this material by you may be the subject of copyright protection under the Act.
Do not remove this notice.
33