When an IPv6 host comes up for the fi rst time, the host advertises its MAC layer address and asks for neighbor and router information.. IPv6 directs messages that discover host addresse
Trang 1Router 1 Frame
Relay Network
Router 3
Router 2
DLCI 519
DLCI 518
InARP message 1:
“Which IP address is at
the end of DLCI 18?”
InARP message 2:
“Which IP address is at
the end of DLCI 19?”
Reply to InARP message 2:
“My IP address is in the ARP reply use this in the routing table.”
Reply to InARP message 1:
“My IP address is in the ARP reply use this in the routing table.”
of logical connection) at the frame (frame relay) or cell (ATM) level instead of MAC
addresses The issue in frame relay and ATM (both called non-broadcast multiaccess
[NBMA] link networks) is to fi nd the virtual circuit number, such as the Data Link Con-nection Identifi er (DLCI) in frame relay, associated with a particular IP address
InARP (Inverse ARP) was developed for use on frame relay networks Instead of using ARP to determine MAC-layer LAN addresses, TCP/IP networks linked by frame relay net-works use InARP to determine the IP address at the other end of a frame relay DLCI number to use when sending IP packets InARP is used as soon as frame relay DLCI are created The replies are used to build the routing table in the frame relay access device (router) The InARP process is shown in Figure 5.8 InARP is essentially an adaptation of the reverse ARP (RARP) process used on LANs
ATMARP is a similar method used to fi nd the ATM virtual path identifi er (VPI) and/
or virtual channel identifi er (VCI) over an ATM network
ARP AND IPv6
IPv6 really has no need for a separate ARP function Instead, the Neighbor Discovery protocol (ND, sometimes NDP) described in RFC 2461 performs the functions of the IPv4 ARP in IPv6
ND is really a superset of most of the functions of IPv4’s ARP, ICMP Redirect, and ICMP Router Discovery features This section will discuss some of the features of NDP, but most of this will be covered in the chapter on ICMP
FIGURE 5.8
Inverse ARP (InARP) exchange over a frame relay network In this case, the hardware address (DLCI) is known and the sender needs to determine the IP address.
Trang 2Neighbor Discovery Protocol
The Neighbor Discovery protocol is the way that IPv6 hosts and routers fi nd things out about their immediate neighborhood, typically the LAN segment A lot of effort was expended in IPv4 to fi nd out confi guration necessities such as default routers, any alternate routers, MAC addresses of adjacent hosts, and so on In some cases, these addresses could not be found automatically with IPv4 and had to be entered manually (the default router) IPv6 was designed to be almost automatic in this regard
When an IPv6 host comes up for the fi rst time, the host advertises its MAC layer address and asks for neighbor and router information Because these messages are in the form of ICMPv6 messages, only the basics will be presented here
Why Neighbor and Router Discovery?
Why does IPv6 have separate neighbor and router discovery messages? After all, IPv4 did fi ne using a single broadcast frame structure for host–host and router– host address discovery
IPv6 is more sophisticated than IPv4 when it comes to devices and networks
In IPv6, devices can be located on a local multiple access link (LAN), which are considered on link, or off link Generally, there are a lot more hosts on a network
than routers IPv6 directs messages that discover host addresses only to the local hosts, while messages to discover one or more default routers are processed only
by the routers
Instead of a single mass broadcast, neighbor discover in IPv6 is done with
multicast groups We’ll talk about multicast in more detail in a later chapter.
Many routers today forward packets in hardware, but broadcasts have to be processed by software IPv6 routers can ignore the numerous messages sent from host to host on a LAN This makes the use of the network resources with IPv6 more effi cient
The ARP function in IPv6 is performed by four messages in ND The Router Solicitation/Router Advertisement mechanism is noteworthy in that it provides the key for host IPv6 address confi guration, default route selection, and potentially even boot-strap confi guration information
Neighbor Solicitation—This message is sent by a host to find out the MAC layer address of another host It is also used for Duplicate Address detection (Does another host have the same IPv6 address?) and for Neighbor Unreachability Detection (Is the other host still there?) The receiving host must reply with a Neighbor Advertisement
160 PART II Core Protocols
Trang 3Neighbor Advertisement—This message contains the MAC layer address of the host and is sent in reply to a Neighbor Solicitation message Hosts also send unsolicited Neighbor Advertisement when they first start up or if any of the advertised information changes
Router Solicitation—This message is sent by a host to find routers The receiving router must reply with a Router Advertisement
Router Advertisement—This message contains the MAC layer address of the router and is sent in reply to a Router Solicitation message Routers also send
an unsolicited Router Advertisement when they first start up if any of the advertised information changes
ND Address Resolution
ND functions are performed only for local IPv6 addresses (the hop limit is set
to 1 for these messages) ND messages, unlike ARP, are not broadcast (“Everyone pay attention to this”) but rather multicast (“Only those interested pay attention
to this”)
When an IPv6 host or router starts up, it joins several multicast groups The IPv6
mode must join the all-nodes group It must also join a solicited-node group for each
interface running IPv6 or IPv6 address that the node has Joining these groups allows the device to receive packets without having all the details of its address established This is a much more sophisticated arrangement than the ARP method used in IPv4 The IPv6 device must keep these multicast groups active until all of its addressing details have been resolved
When an IPv6 device needs to resolve the MAC layer address of another host on the LAN, a Neighbor Solicitation message is sent to the solicited-node multicast address The IPv6 solicited-node multicast address is formed by taking the low-order 24 bits of the IPv6 address and adding the 104-bit prefi x FF02::1 to it Thus, for the link-local IPv6 address fe80::20e:cff:fe3b:883c, the IPv6 multicast group address used is fe02::1: fe3b:883c.
But what multicast address should the message use in the Ethernet frame? That multicast address is formed by prepending 33:33 to the lower 24 bits of the IPv6 address Each device with an IP address registers this form with the local NIC and expects to receive ND messages this way initially For the IPv6 multicast group address fe02::1:fe3b:883c, the multicast address used in the Ethernet destination fi eld is 33:33:fe:3b:88:3c.
An example of the address resolution pair capture earlier in this chapter is shown
in Figure 5.9 Note the use of multicast IPv6 and frame addresses in the Neighbor Solicitation request and the way the information is supplied in the unicast Neighbor Announcement reply
Trang 4wincli1 winsvr1
LAN1
IPv6 source address:
IPv6 destination address:
IPv6 source address:
For target address:
IPv6 destination address:
ND target address is:
fe80::20e:cff:fe3b:883c
fe80::20e:cff:fe3b:8736
fe80::20e:cff:fe3b:883c
ff80::20e:cff:fe3b:8736
MAC is: 00:0e:0c:3b:87:36
ff80::20e:cff:fe3b:8736
(find physical address)
ff02::1:fe3b:883c
10.10.11.51 00:0e:0c:3b:88:3c
fe80::20e:cff:fe3b:883c
10.10.11.111 00:0e:0c:3b:88:56
fe80::20e:cff:fe3b:8736
Neighbor Solicitiation (multicast request)
Neighbor Annoucement (unicast reply)
Source
Source Destination
0 ⴛ000E0C3B88736
0 ⫻000E0C3B883C
0 ⫻000E0C3B883C
Destination
Neighbor Announcement
FIGURE 5.9
IPv6 neighbor discovery and address resolution, showing how the request uses multicast frame and packet addresses.
If no response is received, the sender can generate the Neighbor Solicitation message several times When a Neighbor Advertisement message is received by the sender, the content is used to update the IPv6 Neighbor cache (the equivalent of the IPv4 ARP cache)
More details on ND message formats and operation are discussed in the ICMP chapter
162 PART II Core Protocols
Trang 5QUESTIONS FOR READERS
Figure 5.10 shows some of the concepts discussed in this chapter and can be used to help you answer the following questions
IP Layer
(32-bit address)
IP Layer (32-bit address) MAC Layer
(48-bit address)
MAC Layer (48-bit address)
Bridge
Ethernet LAN Ethernet LAN
To Another Broadcast Domain (Nontarget destinations parse, but ignore, broadcast ARP messages.)
Router
One Broadcast Domain
FIGURE 5.10
ARP messages are used to coordinate IP addresses with lower layer addressing.
1 Why can’t the same address structure and value be used for network layer and hardware addresses?
2 Why do ARPs have to pass through bridges, but should not pass through routers?
3 Why does a receiver place the sender’s MAC address in its own ARP cache?
4 What is Proxy ARP used for?
5 What is the advantage of using multicast groups instead of broadcasts for address resolution?
Trang 7What You Will Learn
In this chapter, you will learn about the IP layer We’ll start with the fi elds in the IPv4 and IPv6 packet headers We’ll discuss most of the fi elds in detail and show how many of them relate to each other
You will learn about fragmentation, and how large content is broken up, spread across a sequence of many packets, and reassembled at the destination We’ll also talk about some of the perceived hazards of this fragmentation process
IPv4 and IPv6 Headers
6
Thus far, we’ve created a network of hosts and routers, linked them with a variety of architectures and link types (LANs and WANs), and discussed the frame formats and methods used to distribute packets among the nodes We’ve considered the IPv4 and IPv6 address formats, and the ways that they map to lower, link layer addresses Now it’s time to concentrate on the IP layer itself
Even casual users of the TCP/IP protocol suite are familiar with the basic IP packet,
or, as it was initially called (and still often is) the datagram An IP datagram or packet
is the connectionless IP network-layer protocol data unit (PDU) When TCP/IP came along, packets were often associated with connection-oriented data networks such
as X.25, the international packet data network standard To emphasize the connec-tionless nature of IP, then a radical approach to network layer operation, the TCP/IP developers decided to invent a new term for the IP packet Through analogy with the telegram (a terse message sent hop by hop through a network of point-to-point links), they came up with the term “datagram.”
The IP layer of the whole TCP/IP protocol stack is the very heart of TCP/IP The frames that are sent and delivered across the network from host to router and router
to host contain IP packets However, like almost all statements about nearly any net-work protocol, there are exceptions to the general “frames contain IP packets” rule As shown in the last chapter, an important class of IP layer protocols known as the Address Resolution Protocols (ARPs) does not technically use IP packets, but ARP messages are very close in structure to IP packets Also, the Internet Control Message Protocol (ICMP) uses IP packets and is included in the IP layer We’ll look at ICMP in the next chapter
Trang 8lo0: 192.168.0.1
fe-1/3/0: 10.10.11.1 MAC: 00:05:85:88:cc:db (Juniper_88:cc:db) IPv6: fe80:205:85ff:fe88:ccdb
P9
lo0: 192.168.9.1
PE5
lo0: 192.168.5.1
P4
lo0: 192.168.4.1
so-0/0/1 79.2
so-0/0/1 24.2
so-0/0/0 47.1
so-0/0 /2 29.2
so-0/0/3 49.2
so-0/0/3 49.1
so-0/0/059.2
so-0/0/2 45.1
so-0/0/2 45.2 so-0/0/059.1
ge-0/0/350.2
ge-0/0/350.1
Ethernet LAN Switch with Twisted-Pair Wiring
em0: 10.10.11.177
MAC: 00:0e:0c:3b:8f:94
(Intel_3b:8f:94)
IPv6: fe80::20e:
cff:fe3b:8f94
eth0: 10.10.11.66 MAC: 00:d0:b7:1f:fe:e6 (Intel_1f:fe:e6) IPv6: fe80::2d0:
b7ff:fe1f:fee6
LAN2: 10.10.11.51 MAC: 00:0e:0c:3b:88:3c (Intel_3b:88:3c) IPv6: fe80::20e:
cff:fe3b:883c
LAN2: 10.10.11.111 MAC: 00:0e:0c:3b:87:36 (Intel_3b:87:36) IPv6: fe80::20e:
cff:fe3b:8736
winsvr1
LAN1
Los Angeles
Office
Ace ISP
AS 65459
DSL Link
Wireless
in Home
Solid rules ⫽ SONET/SDH
Dashed rules ⫽ Gig Ethernet
Note: All links use 10.0.x.y
addressing only the last
two octets are shown.
FIGURE 6.1
The LANs on the Illustrated Network use both IPv4 and IPv6 packets We’ll be looking at the
headers generated by the hosts on the LANs.
166 PART II Core Protocols
Trang 9lo0: 192.168.6.1
fe-1/3/0: 10.10.12.1 MAC: 0:05:85:8b:bc:db (Juniper_8b:bc:db) IPv6: fe80:205:85ff:fe8b:bcdb Ethernet LAN Switch with Twisted-Pair Wiring
eth0: 10.10.12.77
MAC: 00:0e:0c:3b:87:32
(Intel_3b:87:32)
IPv6: fe80::20e:
cff:fe3b:8732
eth0: 10.10.12.166 MAC: 00:b0:d0:45:34:64 (Dell_45:34:64) IPv6: fe80::2b0:
d0ff:fe45:3464
LAN2: 10.10.12.52 MAC: 00:0e:0c:3b:88:56 (Intel_3b:88:56) IPv6: fe80::20e:
cff:fe3b:8856
LAN2: 10.10.12.222 MAC: 00:02:b3:27:fa:8c
IPv6: fe80::202: b3ff:fe27:fa8c
LAN2
New York
Office
P7
lo0: 192.168.7.1
PE1
lo0: 192.168.1.1
P2
lo0: 192.168.2.1
so-0/0/1
79.1
so-0/0/1
24.1
so-0/0/0
47.2
so-0/0/2
29.1
so-0/0/3 27.2
so-0/0/3 27.1
so-0/0/2 17.2
so-0/0/2 17.1
so-0/0/0 12.2
so-0/0/0 12.1
ge-0/0/3 16.2
ge-0/0/3 16.1
Best ISP
AS 65127
Global Public Internet
Trang 10Both IPv4 and IPv6 packet structures will be detailed in this chapter However, for the sake of simplicity, whenever the term “IP” is used without qualifi cation, “IPv4” is implied
PACKET HEADERS AND ADDRESSES
Let’s take a close look at the packets used on the Illustrated Network We’ll look at the IPv4 header and addresses fi rst We worked with the Windows clients and servers a lot in the last few chapters, and we’ll work with them again in this chapter But we’ll also work with the Unix devices and tethereal captures in this chapter, especially for fragmentation and IPv6 And, as we’ll soon see, one of the biggest differences between IPv4 and IPv6 is how fragmentation is handled
Fragmentation
People talk loosely about the pros and cons of “IP packet fragmentation,” but this terminology is not correct It is not the IP packet itself that is fragmented, but
the packet content If the payload is too large to fi t inside a single IP packet (as
determined by the IP layer implementation), the content is spread across several packets, each with its own IP header
In some cases, as we will see in this chapter, the content of an IP packet must
be further broken up to traverse the next link on the network However, it’s not really the IP packet that is fragmented The original packet is discarded, and a string of IP packets is created that preserves the packet content and overall header
fi elds, but changes specifi cs When we say that “the packet is the data unit that
fl ows end-to-end through the network,” it is not the packet that is unchanged, but the content
Naturally, if packet content is kept small enough, no fragmentation is necessary
Figure 6.1 shows the parts of the Illustrated Network that we’ll be using for our investigation of IP headers and fragmentation The LAN clients and servers are high-lighted, as are the local customer-edge routers
Let’s start with IPv4 We can just start a fl ow of IPv4 packets between a client and server and capture them Then we can parse the packets until we fi nd something of interest
Let’s take a good look at all the fi elds in an IPv4 packet header We’ve already captured plenty of them This example is from the FTP transfer from host (wincli2, with address 10.10.12.222) to router (CE6, with address 10.10.12.1) that we fi rst saw in Chapter 2 Figure 6.2 shows a frame from the actual data transfer itself, frame 35, in fact
The Ethernet frame is of type 0x0800 to show it carries an IPv4 packet All of the lines from “Internet Protocol” to the line before “Transmission Control Protocol” interpret
168 PART II Core Protocols