12: IP Multicast, VPN, IPV6, NAT, MobileIP

4: Network Layer 4a-1

12: IP Multicast, VPN, IPV6, NAT, MobileIP

Last Modified: 04/21/23 07:17 PM

Adapted from Gordon Chaffee’s slideshttp://bmrc.berkeley.edu/people/chaffee/advnet98/


What is multicast?

1 to N communication Bandwidth-conserving technology that

reduces traffic by simultaneously delivering a single stream of information to multiple recipients

Examples of Multicast Network hardware efficiently supports

multicast transport• Example: Ethernet allows one packet to be

received by many hosts Many different protocols and service models

• Examples: IETF IP Multicast, ATM Multipoint


Unicast

R

Sender Problem Sending same data

to many receivers via unicast is inefficient

Example Popular WWW sites

become serious bottlenecks

Especially bad for audio/video streams


Multicast

R

Sender Efficient one to many data distribution


IP Multicast Introduction

Efficient one to many data distribution Tree style data distribution Packets traverse network links only once

Location independent addressing IP address per multicast group

Receiver oriented service model Applications can join and leave multicast

groups Senders do not know who is listening Similar to television model Contrasts with telephone network, ATM


IP Multicast

Service All senders send at the same time to the

same group Receivers subscribe to any group Routers find receivers

Unreliable delivery Reserved IP addresses

224.0.0.0 to 239.255.255.255 reserved for multicast

Static addresses for popular services (e.g. Session Announcement Protocol)


Internet Group Management Protocol (IGMP)

Protocol for managing group membership IP hosts report multicast group memberships

to neighboring routers Messages in IGMPv2 (RFC 2236)

• Membership Query (from routers)• Membership Report (from hosts)• Leave Group (from hosts)

Announce-Listen protocol with Suppression Hosts respond only if no other hosts has

responded Soft State protocol


IGMP Example (1)

Network 1

Host 1 begins sending packets No IGMP messages sent Packets remain on Network 1

Router periodically sends IGMP Membership Query

Network 2Router

1

2 4

3


IGMP Example (2)

Network 1

Host 3 joins conference Sends IGMP Membership Report message

Router begins forwarding packets onto Network 2 Host 3 leaves conference

Sends IGMP Leave Group message Only sent if it was the last host to send an IGMP

Membership Report message

Network 2Router

1

2 4

33

Membership Report

33

Leave Group


Source Specific Filtering: IGMPv3

Adds Source Filtering to group selection Receive packets only from specific source

addresses Receive packets from all but specific

source addresses Benefits

Helps prevent denial of service attacks Better use of bandwidth

Status: Internet Draft?


Multicast Routing Discussion

What is the problem? Need to find all receivers in a multicast

group Need to create spanning tree of receivers

Design goals Minimize unwanted traffic Minimize router state Scalability Reliability


Data Flooding

Send data to all nodes in network Problem

Need to prevent cycles Need to send only once to all nodes in network Could keep track of every packet and check if it had

previously visited node, but means too much state

Sender

R3R1

R2


Reverse Path Forwarding (RPF) Simple technique for building trees Send out all interfaces except the one

with the shortest path to the sender In unicast routing, routers send to the

destination via the shortest path In multicast routing, routers send away

from the shortest path to the sender


Reverse Path Forwarding Example

R5 R6

R3R2

R1

R4 R7

Sender

2. Router R2 accepts packets sent from Router R1 because that is the shortest path to the Sender. The packet gets sent out all interfaces.

1. Router R1 checks: Did the data packet arrive on the interface with the shortest path to the Sender? Yes, so it accepts the packet, duplicates it, and forwards the packet out all other interfaces except the interface that is the shortest path to the sender (i.e the interface the packet arrived on).

Drop

Drop3. Router R2 drops packets that arrive from Router R3 because that is not the shortest path to the sender. Avoids cycles.


Distance Vector Multicast Routing (DVMRP)

Steve Deering, 1988 Source rooted spanning trees

Shortest path tree Minimal hops (latency) from source to receivers

Extends basic distance vector routing Flood and prune algorithm

Initial data sent to all nodes in network(!) using Reverse Path Forwarding

Prunes remove unwanted branches State in routers for all unwanted groups Periodic flooding since prune state times out (soft

state)


DVMRP Algorithm

Truncated Reverse Path Multicast Optimized version of Reverse Path Forwarding Truncating

• No packets sent onto leaf networks with no receivers Still how “truncated” is this?

Pruning Prune messages sent if no downstream receivers State maintained for each unwanted group

Grafting On join or graft, remove prune state and propagate

graft message


Protocol Independent Multicast (PIM) Uses unicast routing table for topology Dense mode (PIM-DM)

For groups with many receivers in local/global region

Like DVMRP, a flood and prune algorithm Sparse mode (PIM-SM)

For groups with few widely distributed receivers

Builds shared tree per group, but may construct source rooted tree for efficiency

Explicit join


IP Multicast in the Real World


Commercial Motivation

Problem Traffic on Internet is growing about 100% per year Router technology is getting better at 70% per year Routers that are fast enough are very expensive

ISPs need to find ways to reduce traffic Multicast could be used to…

WWW: Distribute data from popular sites to caches throughout Internet

Send video/audio streams multicast Software distribution


ISP Concerns

Multicast causes high network utilization One source can produce high total network load Experimental multicast applications are relatively

high bandwidth: audio and video Flow control non-existent in many multicast apps

Multicast breaks telco/ISP pricing model Currently, both sender and receiver pay for

bandwidth Multicast allows sender to buy less bandwidth while

reaching same number of receivers Load on ISP network not proportional to source data

rate


Economics of Multicast

One packet sent to multiple receivers Sender

+ Benefits by reducing network load compared to unicast

+ Lower cost of network connectivity Network service provider

- One packet sent can cause load greater than unicast packet load

+ Reduces overall traffic that flows over network

Receiver= Same number of packets received as unicast


Multicast Problems

Multicast is immature Immature protocols and applications Tools are poor, difficult to use, debugging is difficult Routing protocols leave many issues unresolved

• Interoperability of flood and prune/explicit join• Routing instability

Multicast development has focused on academic problems, not business concerns Multicast breaks telco/ISP traffic charging and

management models Routing did not address policy

• PIM, DVMRP, CBT do not address ISP policy concerns• BGMP addresses some ISP concerns, but it is still under

development


Current ISP Multicast Solution

Restrict senders of multicast data Charge senders to distribute multicast

traffic Static agreements

Do not forward multicast traffic Some ISP’s offer multicast service to

customers (e.g. UUNET UUCast) ISP beginning to discuss peer agreements


Multicast Tunneling

Problem Not all routers are multicast capable Want to connect domains with non-

multicast routers between them Solution

Encapsulate multicast packets in unicast packet

Tunnel multicast traffic across non-multicast routers

We will see more examples of tunneling later


Multicast Tunneling Example (1)

UR1 UR2

MulticastRouter 1

MulticastRouter 2

Sender 1

EncapsulatedData Packet

Unicast Routers

Multicast Router 1 encapsulates multicast packets for groups that have receivers outside of network 1. It encapsulates them as unicast IP-in-IP packets.

Network 1

Receiver

Network 2

Multicast Router 2 decapsulates IP-in-IP packets. It then forwards them using Reverse Path Multicast.


Multicast Tunneling Example (2)

MR1 MR2

VirtualInterfaces

Virtual Network Topology


MBone

MBONE Multicast capable virtual network, subset of Internet Native multicast regions connection with tunnels

In 1992, the MBone was created to further the development of IP multicast Experimental, global multicast network Served as a testbed for multicast applications

development• vat -- audio tool• vic -- video tool• wb -- shared whiteboard


Virtual Private Networks (VPN)


Virtual Private Networks

Definition A VPN is a private network constructed

within the public Internet Goals

Connect private networks using shared public infrastructure

Examples Connect two sites of a business Allow people working at home to have full

access to company network


How accomplished?

IP encapsulation and tunneling Same as we saw for Multicast Router at one end of tunnel places

private IP packets into the data field of new IP packets (could be encrypted first for security) which are unicast to the other end of the tunnel


Motivations

Economic Using shared infrastructure lowers cost of networking Less of a need for leased line connections

Communications privacy Communications can be encrypted if required Ensure that third parties cannot use virtual network

Virtualized equipment locations Hosts on same network do not need to be co-located Make one logical network out of separate physical

networks

Support for private network features Multicast, protocols like IPX or Appletalk, etc


Examples

Logical Network Creation Virtual Dial-Up


Logical Network Creation Example

Remote networks 1 and 2 create a logical network

Secure communication at lowest level

Internet

TunnelGatewayGateway

Network 1

Network 2


Virtual Dial-up Example

Worker dials ISP to get basic IP service Worker creates tunnel to Home Network

Internet

TunnelGateway Gateway

Internet Service ProviderPublic Switched

Telephone Network (PSTN)

Worker

Machine

Home Network


IPv6


History of IPv6

IETF began thinking about the problem of running out of IP addresses in 1991

Requires changing IP packet format - HUGE deal!

While we’re at it, lets change X too “NGTrans” (IPv6 Transition) Working

Group of IETF - June 1996


IPv6 Wish List

From “The Case for IPv6” Scalable Addressing and Routing Support for Real Time Services Support of Autoconfiguration (get your

own IP address and domain name to minimize administration

Security Support Enhanced support for routing to mobile

hosts


IPv4 Datagram

Version HLen TOS Length

Ident Flags Offset

TTL Protocol Checksum

SourceAddr

DestinationAddr

Options (variable) Pad(variable)

0 4 8 16 19 31

Data


IPv6 Datagram

Version TrafficClass FlowLabel

PayloadLen NextHeader HopLimit

SourceAddress

DestinationAddress

0 4 12 16 24 31

Next header/data


IPv6 Base Header Format

VERS = IPv6 TRAFFICE CLASS: specifies the routing priority or

QoS requests FLOW LABEL: to be used by applications

requesting performance guarantees PAYLOAD LENGTH: like IPv4’s datagram length,

but doesn’t include the header length like IPv4 NEXT HEADER: indicates the type of the next

object in the datagram either type of extension header or type of data

HOP LIMIT: like IPv4’s TimeToLive field but named correctly

NO CHECKSUM (processing efficiency)


Address Space

32 bits versus 128 bits - implications? 4 billiion vesus 3.4 X1038

1500 addresses per square foot of the earth surface


Addresses

Still divide address into prefix that designates network and suffix that designates host

But no set classes, boundary between suffix and prefix can fall anywhere (CIDR only)

Prefix length associated with each address


Addresses Types

Unicast: delivered to a single computer Multicast: delivered to each of a set of

computers (can be anywhere) Conferencing, subscribing to a broadcast

Anycast: delivered to one of a set of computers that share a common prefix Deliver to one of a set of machines

providing a common servicer


Address Notation

Dotted sixteen? 105.67.45.56.23.6.133.211.45.8.0.7.56.45.3

.189.56 Colon hexadecimal notation (8 groups)

69DC:8768:9A56:FFFF:0:5634:343 Or even better with zero compression

(replace run of all 0s with double ::) Makes host names look even more

attractive huh?


Special addresses

Ipv4 addresses all reserved for compatibility 96 zeros + IPv4 address = valid IPv6

address

Local Use Addresses Special prefix which means “this needn’t be

globally unique” Allow just to be used locally Aids in autoconfiguration


Datagram Format

Base Header + 0 to N Extension Headers + Data Area


Extensible Headers

Why? Saves Space and Processing Time

Only have to allocate space for and spend time processing headers implementing features you need

Extensibility When add new feature just add an

extension header type - no change to existing headers

For experimental features, only sender and receiver need to understand new header


Flow Label

Virtual circuit like behaviour over a datagram network A sender can request the underlying network to

establish a path with certain requirements• Traffic class specifies the general requirements

(ex. Delay < 100 msec.) If the path can be established, the network returns an

identifier that the sender places along with the traffic class in the flow label

Routers use this identifier to route the datagram along the prearranged path


ICMPv6

New version of ICMP Additional message types, like “Packet

Too Big” Multicast group management functions


Summary like IPv6

Connectionless (each datagram contains destination address and is routed seperately)

Best Effort (possibility for virtual circuit behaviour)

Maximum hops field so can avoid datagrams circulating indefinitely


Summary New Features

Bigger Address Space (128 bits/address) CIDR only Any cast addresses

New Header Format to help speed processing and forwarding Checksum: removed entirely to reduce processing

time at each hop No fragmentation

Simple Base Header + Extension Headers Options: allowed, but outside of header, indicated by

“Next Header” field Ability to influence the path a datagram will

take through the network (Quality of service)


Transition From IPv4 To IPv6

Not all routers can be upgraded simultaneous no “flag days” How will the network operate with mixed

IPv4 and IPv6 routers? Two proposed approaches:

Dual Stack: some routers with dual stack (v6, v4) can “translate” between formats

Tunneling: IPv6 carried as payload n IPv4 datagram among IPv4 routers


Dual Stack Approach


Tunneling

IPv6 inside IPv4 where needed


6Bone

The 6Bone: an IPv6 testbed Started as a virtual network using IPv6

over IPv4 tunneling/encapsulation Slowly migrated to native links fo IPv6

transport RFC 2471


Recent History

First blocks of IPv6 addresses delegated to regional registries - July 1999

10 websites in the .com domain that can be reached via an IPv6 enhanced client via an IPv6 TCP connection (http://www.ipv6.org/v6-www.html) - it was 5 a year ago (not a good sign?)

http://www.ipv6.org/v6-www.html


IPv5?

New version of IP temporarily named “IP - The Next Generation” or IPng

Many competing proposals; name Ipng became ambiguous

Once specific protocol designed needed a name to distinguish it from other proposals

IPv5 has been assigned to an experimental protocol ST


Network Address Translation (NAT)


Background

IP defines private intranet address ranges 10.0.0.0 - 10.255.255.255 (Class A) 172.16.0.0 - 172.31.255.255 (Class B) 192.168.0.0 - 192.168.255.255 (Class C)

Addresses reused by many organizations

Addresses cannot be used for communication on Internet


Problem Discussion

Hosts on private IP networks need to access public Internet

All traffic travels through a gateway to/from public Internet

Traffic needs to use IP address of gateway

Conserves IPv4 address space Private IP addresses mapped into fewer

public IP addresses Will this beat Ipv6?


Scenario

Gateway

10.0.0.1

10.0.0.2 10.0.0.3 10.0.0.4

Host A

BMRCServer

24.1.70.210

128.32.32.68

All Private Network hosts must use the gateway IP address

Private Network

Public Internet

Public network IP address, globally unique

Same private network IP addresses may be used by many organizations


Network Address Translation Solution Special function on gateway

IP source and destination addresses are translated

Internal hosts need no changes No changes required to applications TCP based protocols work well Non-TCP based protocols more difficult Provides some security

Hosts behind gateway difficult to reach Possibly vulnerable to IP level attacks


NAT Example

NAT Gateway

ServerAddress

Translator 128.32.32.68

bmrc.berkeley.edu

TCP Connection 1TCP Connection 1


TCP Protocol Diagram

Client Server

SYN, ACK

Packet 0:50

ACK 0:50

FIN

FIN, ACK

Source IP Address

Destination IP Address

Checksum

Sequence Number

Dest Port NumberSource Port Number

TCP Header

. . . . .

. . . . .

IP Header

. . . . .

ACK

SYN

SYN flag indicates a new TCP connection


TCP NAT Example

ServerInternet

10.0.0.3 24.1.70.210128.32.32.68

NATGateway

PROTOSADDRDADDRSPORTDPORTFLAGSCKSUM

TCP24.1.70.210128.32.32.684096080SYN0x2436

2

2. NAT gateway sees SYN flag set, adds new entry to its translation table. It then rewrites the packet using gateway’s external IP address, 24.1.70.210. Updates the packet checksum.

10.0.0.1


TCP128.32.32.68 24.1.70.2108040960SYN, ACK0x8041

3

3. Server responds to SYN packet with a SYN,ACK packet. The packet is sent to the NAT gateway’s IP address.

Client Server IPAddr Port IPAddr Port NATPort 10.0.0.3 1049 128.32.32.68 80 40960 . . . .. . . . .. . .

NAT Translation Table


TCP10.0.0.3128.32.32.68104980SYN0x1636

1

1. Host tries to connect to web server at 128.32.32.68. It sends out a SYN packet using its internal IP address, 10.0.0.3.


TCP128.32.32.68 10.0.0.3801049SYN, ACK0x7841

4

4. NAT gateway looks in its translation table, finds a match for the source and destination addresses and ports, and rewrites the packet using the internal IP address.


Load Balancing Servers with NAT

Single IP address for web server Redirects workload to multiple internal

servers

Server

Server

Server

Server

NAT

Gateway

(Virtual

Server)

Private

Intranet

Public

Internet


Load Balancing Networks with NAT

NATGateway

Connections from Private Intranet split across Service Providers 1 and 2

Load balances at connection level Load balancing at IP level can cause low TCP

throughput

Private

Intranet

Service Provider 1

Service Provider 2

Network X


NAT Discussion

NAT works best with TCP connections NAT breaks End-to-End Principle by

modifying packets Problems

Connectionless UDP (Real Audio) ICMP (Ping) Multicast Applications use IP addresses within data

stream (FTP) Need to watch/modify data packets


MobileIP


MobileIP

Goal: Allow machines to roam around and maintain IP connectivity

Problem: IP addresses => location This is important for efficient routing

Solutions? DHCP?

• ok for relocation but not for ongoing connections Dynamic DNS (mobile nodes update name

to IP address mapping as they move around)?

• ok for relocation but not for ongoing connections


Mobile IP

Allows computer to roam and be reachable

Basic architecture Home agent (HA) on home network Foreign agent (FA) at remote network

location Home and foreign agents tunnel traffic Non-optimal data flow


MobileIP

Mobile nodes have a permanent home address and a default local router called the “home agent”

The router nearest a nodes current location is called the “foreign agent” Register with foreign agent when connect to

network Located much like the DHCP server


Forwarding Packets

Home agent impersonates the mobile host by changing the mapping from IP address to hardware address (“proxy ARP”)

Sends any packets destined for mobile host on to the foreign agent with IP encapsulation

Foreign agent strips off and does a special translation of the mobile nodes IP address to its current hardware address


Mobile IP Example

HomeAgent

ForeignAgent

Internet

Foreign Subnet

Home Subnet

Mobile Node

169.229.2.98

169.229.2.97

18.86.0.253

128.95.4.112

Fixed Node

Register

1. The Mobile Node registers itself with the Foreign Agent on the Foreign Subnet. The Foreign Agent opens an IP-IP tunnel to the Home Agent. The Home Agent begins listening for packets sent to 169.229.2.98.

2. The Fixed Node initiates a connection to the Mobile Node. It sends packets to the Mobile Node’s home IP address, 169.229.2.98. The packets are routed to the Home Subnet.

4. The Foreign Agent decapsulates the IP-IP packets, and it sends them out on the Foreign Subnet. These packets will be addressed to 169.229.2.98.5. The Mobile Node receives the packets, and it sends responses directly to the Fixed Node at 128.95.4.112.

3. The Home Agent receives them, encapsulates them in IP-IP packets, and it sends them to the Foreign Agent. Encapsulated packets are addressed to 18.86.0.253.


Avoiding the Foreign Agent

Mobile host can also obtain a new IP address on the remote network and inform the home agent

The home agent can then resend the packet to the new IP address


Optimizations

What if two remote hosts are temporarily close together

If they want to send traffic to each other, why should it have to go all the way to their home agents and back again

Optimizations exist to allow the sending node to learn and cache the current location of a recipient to avoid this problem


Roadmap

Finished with the network layer and IP specifics

Next on to the link layer If two hosts are on the same network

how do they send data directly to one another

12: IP Multicast, VPN, IPV6, NAT, MobileIP

Documents

multicast transportexample

multicast groupneed

multicast groupssenders

ietf ip multicast

telephone network

hostsleave group

group messageonly

group selectionreceive