CS1680 Lecture 8
CS 1680 Lecture 8 Date: February 24, 2022
Administrivia
- Bear with me as literally everything I touch today breaks
- IP: Out today
- You should have received an email with at team assignment
- Try out the dev environment, let us know if there are issues
- New textbook resource
Topics for today
- More on IP forwarding
- ARP, DHCP
- IP assignment demo
Last time
- IP addressing basics
- IP forwarding overview
Recall: IP Addressing
All hosts on the network have an IP address, which can be used to reach the host across the network.
Consider this address on the Brown network: 138.16.151.2
Each address has two parts:
- Network part: Identifies a network to the rest of the internet (Brown, Verizon, etc)
- Host part: identifies individual host
The size of the network part denotes how many addresses can be allocated in a given network:
138.16.x.x = ~65k possible IP addresses
We call this IP prefix 138.16.0.0/16
IP forwarding
The idea: Given a packet, decide where to send it
Router: device that’s connected to multiple IP networks, which forwards IP packets between networks
How a router forwards packets is defined by the router’s /forwarding table/.
Maps Network prefix -> Next hop (interface, a neighbor IP address)
For example, here’s the forwarding table on my computer:
deemer@ceres ~ % ip route
default via 10.3.128.1 dev wlp2s0 proto dhcp src 10.3.135.44 metric 3003
10.3.128.0/18 dev wlp2s0 proto dhcp scope link src 10.3.135.44 metric 3003
172.18.0.0/16 dev docker0 proto kernel scope link src 172.18.0.1
192.168.1.0/24 dev enp0s31f6 proto kernel scope link src 192.168.1.1
| Prefix | Next hop | Note |
|---|---|---|
| 10.3.128.0/18 | Interface wlp2s0 | My laptop’s wifi card |
| 192.168.1.0/24 | Interface enp0s31f6 | My laptop’s Ethernet port |
| 172.18.0.0/16 | Interface docker0 | Virtual interface for docker containers! |
| Default | 10.3.128.1 | Default route, denotes another host that should know how to reach other networks |
Steps to IP forwarding
- Given some packet, is it for a local network?
- Otherwise, find the next hop
Example: Packet with Src: 1.2.3.4, Dst: 10.3.128.5
To figure out how to forward this packet, we consider the destination address:
- Does it match any of the networks we know about?
- Yes! 10.3.128.5 is part of 10.3.128.0/18. Therefore, we send the packet on out on the wifi interface. To do this, we need to find the MAC address of 10.3.128.5, for which we use the ARP protocol (see below)
Example: Eg. Src: 1.2.3.4, Dst: 8.8.8.8
- Does it match any of the networks we know about?
- No. 8.8.8.8 only matches the default route, which means the next hop is 10.3.128.1
- To deliver the packet to 10.3.128.1, we need to look up 10.3.128.1 in the forwarding table. This address matches a local network, so we send the packet via the wifi interface to the MAC address of 10.3.128.1
Another example
iPad -------------- Laptop ------- Brown access point
^-- Ethernet ^--- Wifi link
IP forwarding steps
When a host/router receives a packet:
- Is it valid?
- How to check: validate checksum
- If checksum is valid => continue
- Is it for me? => Deliver to OS
- Check if destination address is an address for this host
- If so, handle the packet contents. For instance, if it’s a TCP or UDP packet and the port numbers correspond to an open socket, deliver the payload to that socket
- Is it for a LOCAL network?
- How to check: does the address match the network part of any local networks in the forwarding table
- => If match, send packet to MAC address on that network
- Can I find a next hop?
- How to check: does the address match the network part of any “next hop” entries in the forwarding table?
- “Next hop” entries are those that point to an IP address, such as the default route
- If match => Deliver packet to this IP address (look up in table again)
Special and Private networks
Some IP allocations are reserved for private allocations–these are not allocated by a global authority, but are instead used inside a network for various purposes. One such use case is a local network that doesn’t need to access the Internet, or an internal network used with Network Address Translation (NAT), which we’ll talk about soon.
The most important special network allocations are:
| Prefix | Note |
|---|---|
| 127.0.0.0/8 | The “Loopback” address–always points to the current host! |
| 10.0.0.0/8 | Used for private internal networks |
| 172.16.0.0/12 | Used for private internal networks |
| 192.168.0.0/16 | Used for private internal networks |
You may have seen that Brown uses 10.0.0.0/8 for its internal IP addresses. Home network routers typically use the address range 192.168.0.0/16.
These addresses are never supposed to be routed over the Internet–they are only used within an organization’s network, or within a single machine! Multiple organizations or machines can reuse the same address ranges, because these are disparate private networks that should never connect to each other directly. (If they did, there would be problems with forwarding.)
Notes on the forwarding process
Only the destination address is used for forwarding: - Forwarding table only needs to know about NETWORKS close to it, rather than keeping a table of, say, every IP address - Routers close to the “core” of the Internet have large forwarding tables of hundreds of thousands of entries, but this is still manageable, and much smaller than keeping track of every individual network or host - This is what allows IP to scale: we keep the network devices simple - “Stateless forwarding”: No per-packet state - Contrast to circuit switching, where each connection reserves capacity on a device - Can have multiple paths for redundancy, failover, etc.
What about the source address?
Routers only forward using the destination address. This can create security problems, as we could manufacture packets with any source address we want!
- What if my laptop (on the Brown Network) sends a packet (like a DNS
query) with Source IP: 8.8.8.8 (Google) and Destination IP:
1.1.1.1 (Cloudflare)
- When 1.1.1.1 receives the packet, it looks at the source IP to send a response. So it will send the packet to Google, rather than back to me
- This is called IP Spoofing, and it’s widely used to conduct (Distributed) Denial of Service ((D)DoS) attacks!
- How to defend against this?
- On a local network, if a router sees a packet with a source address that doesn’t belong to its own network, this is invalid, so it can drop the packet
- This works because an administrator for a certain network should know what addresses should be originating on that network, so they can configure routers to do this (called egress filtering)
- However, this is not part of the IP by default–routers
must be specifically configured this way (and not everyone does)
- Eg. on the Brown network (which owns 138.16.xxx.xxx, among
others), what if a router sees an outgoing packet with source
IP 8.8.8.8?
- Brown would drop the packet, because 8.8.8.8 isn’t part of its network
- (We confirmed that Brown’s network drops packets with unknown source addresses with a different example)
- Eg. on the Brown network (which owns 138.16.xxx.xxx, among
others), what if a router sees an outgoing packet with source
IP 8.8.8.8?
ARP: A companion protocol for IP
ARP: Address resolution protocol
- Given an IP address on a local network, how to find its MAC address?
- This a broadcast protocol
- If you want to know an IP address, send a request to
the broadcast Ethernet address: “Who has 1.2.3.4?”
- All hosts on your network receive the packet
- Host that has 1.2.3.4 responds: “1.2.3.4 is at aa:bb:cc:dd:ee:ff”
- Each host has a table of IP -> MAC address mappings
- Addresses time out after a certain period (<30 sec) and need to be refreshed
- ARP messages can be spoofed, too! What would happen?