Senior Acquisitions Editor: Kenyon Brown Development Editor: Kim Wimpsett
Yüklə 22,5 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- FIGURE 3.15
- Total length
- Header checksum
- >Protocol >Protocol Number
- Internet Control Message Protocol (ICMP)
- Buffer full/source quench
- Address Resolution Protocol (ARP)
- Network address
- The Hierarchical IP Addressing Scheme
- Network Address Range: Class A
|
The Internet Layer Protocols In the DoD model, there are two main reasons for the Internet layer’s existence: routing and providing a single network interface to the upper layers.
None of the other upper- or lower-layer protocols have any functions relating to routing—that complex and important task belongs entirely to the Internet layer. The Internet layer’s second duty is to provide a single network interface to the upper-layer protocols. Without this layer, application programmers would need to write “hooks” into every one of their applications for each different Network Access protocol. This would not only be a pain in the neck, but it would lead to different versions of each application—one for Ethernet, another one for wireless, and so on. To prevent this, IP provides one single network interface for the upper- layer protocols. With that mission accomplished, it’s then the job of IP and the various Network Access protocols to get along and work together.
All network roads don’t lead to Rome—they lead to IP. And all the other protocols at this layer, as well as all those at the upper layers, use it. Never forget that. All paths through the DoD model go through IP. Here’s a list of the important protocols at the Internet layer that I’ll cover individually in detail coming up: Internet Protocol (IP) Internet Control Message Protocol (ICMP) Address Resolution Protocol (ARP) Internet Protocol (IP) Internet Protocol (IP) essentially is the Internet layer. The other protocols found here merely exist to support it. IP holds the big picture and could be said to “see all,” because it’s aware of all the interconnected networks. It can do this because all the machines on the network have a software, or logical, address called an IP address, which we’ll explore more thoroughly later in this chapter. For now, understand that IP looks at each packet’s address. Then, using a routing table, it decides where a packet is to be sent next, choosing the best path to send it upon. The protocols of the Network Access layer at the bottom of the DoD model don’t possess IP’s enlightened scope of the entire network; they deal only with physical links (local networks). Identifying devices on networks requires answering these two questions: Which network is it on? And what is its ID on that network? The first answer is the software address, or logical address. You can think of this as the part of the address that specifies the correct street. The second answer is the hardware address, which goes a step further to specify the correct mailbox. All hosts on a network have a logical ID called an IP address. This is the software, or logical, address and contains valuable encoded information, greatly simplifying the complex task of routing. (IP is discussed in RFC 791.) IP receives segments from the Host-to-Host layer and fragments them into datagrams (packets) if necessary. IP then reassembles datagrams back into segments on the receiving side. Each datagram is assigned the IP address of the sender and that of the recipient. Each router or switch (layer 3 device) that receives a datagram makes routing decisions based on the packet’s destination IP address. Figure 3.15 shows an IP header. This will give you a picture of what the IP protocol has to go through every time user data that is destined for a remote network is sent from the upper layers. FIGURE 3.15 IP header The following fields make up the IP header:
should be handled. The first 3 bits are the priority bits, now called the differentiated services bits.
packets from different datagrams. Flags Specifies whether fragmentation should occur. Fragment offset Provides fragmentation and reassembly if the packet is too large to put in a frame. It also allows different maximum transmission units (MTUs) on the Internet.
originally generated. If it doesn’t get to where it’s supposed to go before the TTL expires, boom—it’s gone. This stops IP packets from continuously circling the network looking for a home. UDP is port 17. Also supports Network layer protocols, like ARP and ICMP, and can be referred to as the Type field in some analyzers. We’ll talk about this field more in a minute. Header checksum Cyclic redundancy check (CRC) on header only. Source IP address 32-bit IP address of sending station. Destination IP address 32-bit IP address of the station this packet is destined for. Options Used for network testing, debugging, security, and more. Data After the IP option field, will be the upper-layer data. Here’s a snapshot of an IP packet caught on a network analyzer. Notice that all the header information discussed previously appears here: IP Header - Internet Protocol Datagram Version: 4 Header Length: 5 Precedence: 0 Type of Service: %000 Unused: %00 Total Length: 187 Identifier: 22486 Fragmentation Flags: %010 Do Not Fragment Fragment Offset: 0 Time To Live: 60 IP Type: 0x06 TCP Header Checksum: 0xd031 Source IP Address: 10.7.1.30 Dest. IP Address: 10.7.1.10 No Internet Datagram Options The Type field is typically a Protocol field, but this analyzer sees it as an IP Type field. This is important. If the header didn’t carry the protocol information for the next layer, IP wouldn’t know what to do with the data carried in the packet. The preceding example clearly tells IP to hand the segment to TCP. Figure 3.16 demonstrates how the Network layer sees the protocols at the Transport layer when it needs to hand a packet up to the upper-layer protocols. Figure 3.16 The Protocol field in an IP header FIGURE 3.16 The Protocol field in an IP header In this example, the Protocol field tells IP to send the data to either TCP port 6 or UDP port 17. But it will be UDP or TCP only if the data is part of a data stream headed for an upper-layer service or application. It could just as easily be destined for Internet Control Message Protocol (ICMP), Address Resolution Protocol (ARP), or some other type of Network layer protocol. Table 3.3 is a list of some other popular protocols that can be specified in the Protocol field. Table 3.3 Possible protocols found in the Protocol field of an IP header
ICMP
1 IP in IP (tunneling) 4 TCP
6 UDP
17 EIGRP
88 OSPF
89 IPv6
41 GRE
47 Layer 2 tunnel (L2TP) 115 You can find a complete list of Protocol field numbers at
www.iana.org/assignments/protocol-numbers .
Internet Control Message Protocol (ICMP) works at the Network layer and is used by IP for many different services. ICMP is basically a management protocol and messaging service provider for IP. Its messages are carried as IP datagrams. RFC 1256 is an annex to ICMP, which gives hosts extended capability in discovering routes to gateways. ICMP packets have the following characteristics: They can provide hosts with information about network problems. They are encapsulated within IP datagrams. The following are some common events and messages that ICMP relates to:
Destination unreachable If a router can’t send an IP datagram any further, it uses ICMP to send a message back to the sender, advising it of the situation. For example, take a look at Figure 3.17 , which shows that interface e0 of the Lab_B router is down. FIGURE 3.17 ICMP error message is sent to the sending host from the remote router. When Host A sends a packet destined for Host B, the Lab_B router will send an ICMP destination unreachable message back to the sending device, which is Host A in this example. Buffer full/source quench If a router’s memory buffer for receiving incoming datagrams is full, it will use ICMP to send out this message alert until the congestion abates.
routers, called hops, to pass through. If it reaches its limit of hops before arriving at its destination, the last router to receive that datagram deletes it. The executioner router then uses ICMP to send an obituary message, informing the sending machine of the demise of its datagram.
messages to check the physical and logical connectivity of machines on an internetwork.
path a packet takes as it traverses an internetwork. Traceroute is usually just called trace. Microsoft Windows uses tracert to allow you to verify address configurations in your internetwork. The following data is from a network analyzer catching an ICMP echo request: Flags: 0x00 Status: 0x00 Packet Length: 78 Timestamp: 14:04:25.967000 12/20/03 Ethernet Header Destination: 00:a0:24:6e:0f:a8 Source: 00:80:c7:a8:f0:3d Ether-Type: 08-00 IP IP Header - Internet Protocol Datagram Version: 4 Header Length: 5 Precedence: 0
Type of Service: %000 Unused: %00 Total Length: 60 Identifier: 56325 Fragmentation Flags: %000 Fragment Offset: 0 Time To Live: 32
Header Checksum: 0x2df0 Source IP Address: 100.100.100.2 Dest. IP Address: 100.100.100.1 No Internet Datagram Options ICMP - Internet Control Messages Protocol ICMP Type: 8 Echo Request Code: 0
Checksum: 0x395c Identifier: 0x0300 Sequence Number: 4352 ICMP Data Area: abcdefghijklmnop 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 qrstuvwabcdefghi 71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 Frame Check Sequence: 0x00000000 Notice anything unusual? Did you catch the fact that even though ICMP works at the Internet (Network) layer, it still uses IP to do the Ping request? The Type field in the IP header is 0x01 , which specifies that the data we’re carrying is owned by the ICMP protocol. Remember, just as all roads lead to Rome, all segments or data must go through IP! The Ping program uses the alphabet in the data portion of the packet as a payload, typically around 100 bytes by default, unless, of course, you are pinging from a Windows device, which thinks the alphabet stops at the letter W (and doesn’t include X, Y, or Z) and then starts at A again. Go figure! If you remember reading about the Data Link layer and the different frame types in Chapter 2, “Ethernet Networking and Data Encapsulation,” you should be able to look at the preceding trace and tell what type of Ethernet frame this is. The only fields are destination hardware address, source hardware address, and Ether-Type. The only frame that uses an Ether-Type field exclusively is an Ethernet_II frame. We’ll move on soon, but before we get into the ARP protocol, let’s take another look at ICMP in action. Figure 3.18 shows an internetwork—it has a router, so it’s an internetwork, right? FIGURE 3.18 ICMP in action Server 1 (10.1.2.2) telnets to 10.1.1.5 from a DOS prompt. What do you think Server 1 will receive as a response? Server 1 will send the Telnet data to the default gateway, which is the router, and the router will drop the packet because there isn’t a network 10.1.1.0 in the routing table. Because of this, Server 1 will receive an ICMP destination unreachable back from the router. Address Resolution Protocol (ARP) Address Resolution Protocol (ARP) finds the hardware address of a host from a known IP address. Here’s how it works: When IP has a datagram to send, it must inform a Network Access protocol, such as Ethernet or wireless, of the destination’s hardware address on the local network. Remember that it has already been informed by upper-layer protocols of the destination’s IP address. If IP doesn’t find the destination host’s hardware address in the ARP cache, it uses ARP to find this information.
As IP’s detective, ARP interrogates the local network by sending out a broadcast asking the machine with the specified IP address to reply with its hardware address. So basically, ARP translates the software (IP) address into a hardware address—for example, the destination machine’s Ethernet adapter address—and from it, deduces its whereabouts on the LAN by broadcasting for this address. Figure 3.19 shows how an ARP broadcast looks to a local network.
Local ARP broadcast ARP resolves IP addresses to Ethernet (MAC) addresses. The following trace shows an ARP broadcast—notice that the destination hardware address is unknown and is all Fs in hex (all 1s in binary)—and is a hardware address broadcast: Flags: 0x00 Status: 0x00 Packet Length: 64 Timestamp: 09:17:29.574000 12/06/03 Ethernet Header Destination: FF:FF:FF:FF:FF:FF Ethernet Broadcast Source: 00:A0:24:48:60:A5 Protocol Type: 0x0806 IP ARP ARP - Address Resolution Protocol Hardware: 1 Ethernet (10Mb) Protocol: 0x0800 IP Hardware Address Length: 6 Protocol Address Length: 4 Operation: 1 ARP Request Sender Hardware Address: 00:A0:24:48:60:A5 Sender Internet Address: 172.16.10.3 Target Hardware Address: 00:00:00:00:00:00 (ignored) Target Internet Address: 172.16.10.10 Extra bytes (Padding): ................ 0A 0A 0A 0A 0A 0A 0A 0A 0A 0A 0A 0A 0A 0A 0A 0A 0A 0A Frame Check Sequence: 0x00000000 IP Addressing One of the most important topics in any discussion of TCP/IP is IP addressing. An IP address is a numeric identifier assigned to each machine on an IP network. It designates the specific location of a device on the network. An IP address is a software address, not a hardware address—the latter is hard-coded on a network interface card (NIC) and used for finding hosts on a local network. IP addressing was designed to allow hosts on one network to communicate with a host on a different network regardless of the type of LANs the hosts are participating in. Before we get into the more complicated aspects of IP addressing, you need to understand some of the basics. First I’m going to explain some of the fundamentals of IP addressing and its terminology. Then you’ll learn about the hierarchical IP addressing scheme and private IP addresses. IP Terminology Throughout this chapter you’re being introduced to several important terms that are vital to understanding the Internet Protocol. Here are a few to get you started: Bit A bit is one digit, either a 1 or a 0. Byte A byte is 7 or 8 bits, depending on whether parity is used. For the rest of this chapter, always assume a byte is 8 bits. Octet An octet, made up of 8 bits, is just an ordinary 8-bit binary number. In this chapter, the terms byte and octet are completely interchangeable.
packets to a remote network—for example, 10.0.0.0, 172.16.0.0, and 192.168.10.0.
information to all nodes on a network is called the broadcast address. Examples of layer 3 broadcasts include 255.255.255.255, which is any network, all nodes; 172.16.255.255, which is all subnets and hosts on network 172.16.0.0; and 10.255.255.255, which broadcasts to all subnets and hosts on network 10.0.0.0. The Hierarchical IP Addressing Scheme An IP address consists of 32 bits of information. These bits are divided into four sections, referred to as octets or bytes, with each containing 1 byte (8 bits). You can depict an IP address using one of three methods: Dotted-decimal, as in 172.16.30.56 Binary, as in 10101100.00010000.00011110.00111000 Hexadecimal, as in AC.10.1E.38 All these examples represent the same IP address. Pertaining to IP addressing, hexadecimal isn’t used as often as dotted-decimal or binary, but you still might find an IP address stored in hexadecimal in some programs. The 32-bit IP address is a structured or hierarchical address, as opposed to a flat or nonhierarchical address. Although either type of addressing scheme could have been used, hierarchical addressing was chosen for a good reason. The advantage of this scheme is that it can handle a large number of addresses, namely 4.3 billion (a 32-bit address space with two possible values for each position—either 0 or 1—gives you 2 32 , or 4,294,967,296). The disadvantage of the flat addressing scheme, and the reason it’s not used for IP addressing, relates to routing. If every address were unique, all routers on the Internet would need to store the address of each and every machine on the Internet. This would make efficient routing impossible, even if only a fraction of the possible addresses were used! The solution to this problem is to use a two- or three-level hierarchical addressing scheme that is structured by network and host or by network, subnet, and host. This two- or three-level scheme can also be compared to a telephone number. The first section, the area code, designates a very large area. The second section, the prefix, narrows the scope to a local calling area. The final segment, the customer number, zooms in on the specific connection. IP addresses use the same type of layered structure. Rather than all 32 bits being treated as a unique identifier, as in flat addressing, a part of the address is designated as the network address and the other part is designated as either the subnet and host or just the node address. Next, we’ll cover IP network addressing and the different classes of address we can use to address our networks. Network Addressing The network address (which can also be called the network number) uniquely identifies each network. Every machine on the same network shares that network address as part of its IP address. For example, in the IP address 172.16.30.56, 172.16 is the network address. The node address is assigned to, and uniquely identifies, each machine on a network. This part of the address must be unique because it identifies a particular machine—an individual— as opposed to a network, which is a group. This number can also be referred to as a host address. In the sample IP address 172.16.30.56, the 30.56 specifies the node address. The designers of the Internet decided to create classes of networks based on network size. For the small number of networks possessing a very large number of nodes, they created the rank Class A network. At the other extreme is the Class C network, which is reserved for the numerous networks with a small number of nodes. The class distinction for networks between very large and very small is predictably called the Class
B network. Subdividing an IP address into a network and node address is determined by the class designation of one’s network. Figure 3.20 summarizes the three classes of networks used to address hosts—a subject I’ll explain in much greater detail throughout this chapter.
Summary of the three classes of networks To ensure efficient routing, Internet designers defined a mandate for the leading-bits section of the address for each different network class. For example, since a router knows that a Class A network address always starts with a 0, the router might be able to speed a packet on its way after reading only the first bit of its address. This is where the address schemes define the difference between a Class A, a Class B, and a Class C address. Coming up, I’ll discuss the differences between these three classes, followed by a discussion of the Class D and Class E addresses. Classes A, B, and C are the only ranges that are used to address hosts in our networks. Network Address Range: Class A The designers of the IP address scheme decided that the first bit of the first byte in a Class A network address must always be off, or 0. This
means a Class A address must be between 0 and 127 in the first byte, inclusive. Consider the following network address:
Yüklə 22,5 Mb. Dostları ilə paylaş:
|