Static Routing

• used for IPv4 in the past

• address space divided into different address classes

• -> each of them containing subnets of certain size

• Class A; leading 0; 8 bit for network number (8-1 -> 2^7 networks); 32-8 -> 2^24 addresses per network

• Cass B; leading 10; 16 bit for network number (16-2 -> 2^14 networks); 32-16 = 2^16 addresses per network

• Class C; leading 110; 24 bit for network number (-> 24-3 = 2^21 networks); 2^8 addresses per network

• Class D; leading 1110; 24 bit for network number (-> 24-4 = 2^20 networks) ; 2^8 addresses per network

• Class E reserved, but again 24 bit for network number

• A 0.0.0.0

• B 128.0.0.0

• C 192.0.0.0

• D 224.0.0.0

• E 240.0.0.0

• Multicast

• A net.host.host.host

• B net.net.host.host

• C net.net.net.host

• inflexibel and not scalable

• exhaustion of address space

• => e.g. imagine ARP in class A network with ~ 16 million nodes…

• classless interdomain routing

• -> introduces subnet mask do allow to dynamically partition to required network size…

• logical and of IP address and subnet mask

• subnetting -> break larger network down into smaller one

• supernetting -> aggregate networks to larger one

• instead of noting subnet mask -> not handy

• add number of leading 1 in the subnet mask with /x after IP address

• -> 192.168.1.0/26

• -> first 26 bit are network address

• no!

• first : network address

• last: broadcast address

• ff:ff:ff:ff:ff:ff

• -> all hosts in the subnet…

• compare IP addresses to see wether in same or different network (first x in /x networks…)

• look up in routing table where to sent the data to -> find suitable next hop (e.g. default gateway)

• assuming ARP cache is empty -> perform ARP request to resolve default gateway IP address to MAC address

• Encapsulate IP packet (fixed sender and receiver) in ethernet frame with receiver being the router MAC from the ARP response

• router receives frame and removes ethernet header

• router determines next hop and repackt ip packet in new ethernet frame with new MAC src and dst

• when router in Bs network receives it, it performs ARP to determine receivers MAC

• sends to receiver B

• NO!

• -> consider hub connected computers with IP belonging to different networks

• -> still in broadcast domain although in different subnets…

• routers mark border of broadcast domain

• all nodes reachable via ff:ff:ff:ff:ff:ff on layer 2

• set of nodes reachable with IP broadcast address in same subnet (as at the same time MAC broadcast address is required…)

• directed IP broadcast into other subnet usually not allowed -> security and violate broadcast domain

• collsion domain -> broken by router and switches

• broadcast -> broken by routers

• => is only hubs are used or single bus -> collision = broadcast domain

• in case e.g. hosts are not directly addressable via IP addresses (NAT)

• -> no need for globally unique addresses…

• 0.0.0.0/8

• 10.0.0.0/8

• 127.0.0.0/8

• 172.16.0.0/12

• 192.169.0.0/16

• 169.254.9.9/16

• classical private IP address ranges

• automatic private ip addressing

• -> if host supporting APIPA comes online and has no valid IP address

• -> try to contact DHCP

• -> no DHCP server found on local network

• -> randomly select address from APIPA range and try to ping it

• -> if no answer received assume IP address is available for use and use it…

• => host configures itself with this address to allow for local communicatoin with other APIPA nodes

• => nowadays supported with most OSes

• must not forward such packets

• -> private addresses not unique -> thus not valid identifiers for end-to-end communication across networks…

• 127.0.0.0/8 address range (usually 127.0.0.1)

• -> each host has loopback interface with this address

• -> packets returned before reaching layer 1

• -> but are seen as regular network interface thus require ip address…

• no never!!

• should never reach layer 1!!!

• more or less the default for things like routing tables…

• -> 0.0.0.0 -> catch all addresses not found in the table so far….

• yes

• get /32 from regional internet registry (RIR) and give /64 to customers

• 128 bit

• -> 8 x 4 hex…

• ::/128

  • unspecified address

• ::1/128

  • loopback address

• fe80::/10

  • link-local address

• fc00::/7

  • unique link local address

• ff00::/8

  • multicast address

• global unicast address

• 0:0:0:0:ffff::/96

  • IPv4 mapped addresses

• 2002::/4

  • NAT64

• 2001:db8::/32

  • documentation

• assign unicast addresses in local lan (similar to 10.0.0.0/8 in IPv4)

• to communicate with nodes on an attached link…

• send a message to group of network devices

• -> e.g. targeting all nodes ff02::1; targeting all routers ff02::2

• …

• no route rpresent

• neighbor discovery

• automatic address configuration

• FP

• not used in IPv6 -> proposed but obsoleted…

• used fo rIPv4 classful routing (format prefix class A e.g. 0000; class B 1000…)

1. check wether dest address is local (am i the recipient?)

   -> yes then layer 3 stripped and sent upwards to layer 4

   -> if it is fragment, assemble before sending upwards

2. if not destined for this node -> check wether IP forwarding is enabled

   -> if not, discard packet

3. if enabled -> determine next hop by longest prefix matching in routing table

   -> if not succesful, ICMP type 3 (target unreachable) is sent

4. if determine next hop is succesful

   1. reduce TTL by one

      -> if zero, discard and ICMP type 11 code 0 (time exceeded) is returned to sender

5. encasulate in L2 frame specifying next hop MAC

6. IP remains unchanged

   
   

• layer 3

• TTL reaches 0

• sender is informed with ICMP type 11 code 0 (time exceeded)

• packet is discarded

• best routes available to all destinations

• information about directly attached networks

• locally available information (link status)

• information obtained by static entries (static routing)

• information obtained by routing protocols (dynamic routing)

• yes -> required to determine its MAC address (neigbor discovery / ARP)

• no, if same subnet -> only best route…

• consider situation -> router has best route to subnet in general

• but more specific, best route to subset of individual of subnet

• => to find best route, an order on the lookup is required

• -> from more specific (longer prefix) to less specific (smaller prefix)

when anding with subnet mask -> subnet mask is 0.0.0.0

-> returns 0.0.0.0 -> fits -> is chosen…

• by anding with the subnet mask

• and checkng, wether the result fits the specified network address…

• router solicitation

• -> sent to fc02::2 (all router multicast)

• unicast to querying host

• ff02::1 all hosts

• same as IPv4 -> longest prefix matchign…

• yes -> ff02::1

• ICMP type 5 (redirects)

• DHCP

• no

• tell default gateway that whished route is reachable via IP address xy

• -> enable ICMP redirects

• => router send packet to default gateway

• => router returns ICMP redirect in response to the first packet to this destination

• => redirect message contains info, that network is reachable via IP adress xy

• => if host accepts redirect -> installs corresponding additional route in routing table and bypasses default gateway for further packets to that network

• would be wasteful, as for each forward, the step over the router is actualy unneccesarry as the hosts themselves can directly reach it…

• IOS

• -> dedicated OS for network hardware

• common among most of todays cisco routers and switches

• yes depending on hardware (router/switches)

• and on given feature set

• => differ in size, system requirement (e.g. RAM) and supportet router models

• common syntax

• user exec mode

• privilege exec mode (sometimes called enable exec mode)

• => former (user) allows only very basic access to router and config

• Router>enable

• Router#

• => sudo equivalent

• show ip interface brief

• show ip route

• show ip protocols

• show running-config

• show startup-config

• have to enter specific modes to make changes in the config…

• configure terminal

• => indicated by (config) in terminal

• e.g.

• Router#configure terminal

• Router (config)#

• exec mode

• current config mode

• already configuration of common things e.g. access control list, users, passwords

• -> also : enter specific config mode

• interface [iface]

  • enter interface config mode

• router [routing-protocol]

  • activates specific routing protocol and enters corresponding config mode

• routing -> algorithm to choose (best path) do forward the packet to

• forwarding -> distribution (acual sending…) of packet

• otherwise (compared to 0.0.0.0/0 in IPv4)

1. SLAAC

2. DHCP

3. By hand

• everything you can reach via L2/L3 broadcast

  
  

• collision domain always subset of broadcast domain

• if only hubs are used -> same…

• yes, it is needed to resolve the MAC address via ARP/NDP

• no

• carrier-grade NAT

• destination

• gateway

• metric

• interface

• use link local address (fe80 + modified EUI-64

• duplicate address detection with neighbour solicitation to solicited nodes (ff02::1 (all nodes…))

• router solicitation to all nodes (ff02::2)

• router advertisement incoming

  • managed address

  • ohter configs

  • prefix info

    • lifetime

    • autonomous flag

    • prefix

• generate global IP

• DAD (duplicate address detection…)

  
  

• sent ICMP echo requests with incraesing TTL

• -> at each node in between src and dst is an ICMP Time exceeded sent…

• -> if destination host is reached, ICMP echo reply arrives…

• IPv6-Multicast to all nodes on the link

• -> or as answer to a request-> unicast…

• Multicast less communicatoin and computational overhead

• -> only chose gorup you actually want to sent messages to while broadcast still possible…

• info about DNS config -> DNS resolver address

• router lifetime -> lifetime as default router

• advertise current hop limit -> what hop count to choose for outgoing packets

• -M flag -> alow address configuration via DHCPv6

• global

• get SLAAC info (prefix) by router (solicitation upon configuration -> contained in advertisement)

  
  

• autonomous flag not set

• provided prefix is link local address

• preferred lifetime of router larger than valid one, if yes, prefix ignored

• has it already a SLAAC addres with same prefix? -> if lifetime != 0 -> do not do SLAAC

• minimum header length

  • IPv4 20 Byte

  • IPv6 40 bytes

• IPv6 has no dont fragment flag as routers do not fragment Ipv6…

• Node sets up interface, assigns link local and does DAD -> neighbor solicitation…

• malicious node sends neigbor advertisement responding to it -> indicating that this address is already in use (to ff02::1)

• victim node receives neigbor advertisement for each link local DAD, failing to assign itself a link local address -> will never have an IPv6 address…

• in case of SLAAC, the host does not yet have an IPv6 address

• -> use multicast to all nodes to reach it anyway…

• link local not routed -> only works for addressing on attached link…

• ULA is like private IP address to address others in local network (can be routed in local network…)

• 169.254.0.1 to 169.254.255.254

• divide MAC into first 24 bit and second 24 bit

• add FF FF FF FE to the middle

• => EUI 64….

• use solicited node multicast address

• -> ff02::1:ff00:0 / 104

• -> fill network part with IPv6 address to solicitate