IP Layer Michael Tsai 2015/04/13.

Presentation on theme: "IP Layer Michael Tsai 2015/04/13."— Presentation transcript:

1 IP Layer Michael Tsai 2015/04/13

2 Logistics 機房參觀: 4/30(四) 9-12 當作正式上課—> 不能出席請寄信給vegetable@csie說明原因
詳細資訊會再寄給大家 期中考考試方式說明 期末project說明

3

4 IP (Network layer) 的主要功能
Forwarding: Router通常有多個interface (網卡)。把packet 從來源的interface移到目的地方向的interface並發送出去 叫做forwarding。 一般client並不會開啟此一功能! Routing: 找出往目的地方向的一條路徑。通常由routing algorithms/protocol決定。 因為系上通常到特定的目的地都只有一條路徑，我們網管 的工作通常只會接觸到第一部分。

5 IP封包的格式(v4) 表示是否需要特殊處理(如即時的影像或聲音) v4 or v6 用來處理 fragmentation (想想MTU)
最多可以經過 幾台機器(router) Transport layer使用的協定 (通常為TCP or UDP)

6 Where is IP packet? Ethernet Frame IP Packet is in Ethernet’s payload!
Preamble Start of frame delimiter MAC destination MAC source Length (IEEE 802.3) 802.1Q tag (optional) Payload Frame check sequence(32‑bit CRC) 7 octets 1 octet 6 octets 2 octets (4 octets) 42–1500 octets 4 octets IP Packet is in Ethernet’s payload!

7 Typical Internet Packet

8 IP Address (v4) Historical Internet Classes (no mask)
AAA.BBB.CCC.DDD (4 bytes) = ? # total hosts Network + host address —> same network address == same network (subnet) Historical Internet Classes (no mask) Class 1st byte Format Comments A 1-127 N.H.H.H Very early networks B N.N.H.H Large sites 
(hard to get) C N.N.N.H Easy to get
(often obtained in sets) D - Multicast addresses E Experimental addresses

9 But this is inefficient
Most networks only have ~100 hosts Class A & B addresses are wasted Thus we need to find a way to further split the networks! (subnetting)

10 Netmask Netmask == 32-bit number with leading 1’s + trailing 0’s
Digits mapped to 1’s —> network address Digits mapped to 0’s —> host address Expressed as (a) 0xffffffc0 or (b) Practice: counting the number of hosts with a netmask Example:

11 Two Special Addresses Network address = “network address” + “host address = 0” Broadcast address = “network address” + “host address = all 1’s”

12 Setting Interface Address
ifconfig -a —> display all interfaces ifconfig eth netmask —> set the IP and netmask of an interface ifconfig eth0 up —> enable the interface ifconfig eth0 media auto —> set the media type to auto-sense

13 Why do we need to know the “network address”?
Answer: we need to know if the destination host can be reached directly (in the same network). How? Q: is the network address the same? Question: what if it is not on the same newtwork? Answer: we ask a host to relay for us. Question: but, which host? (it has to be on the same network as us)

14 系上防火牆的Routing table (部分)
/ / Routing Table: x.x /

15 How to represent a group of destination hosts?
CIDR == Classless Inter-Domain Routing Borrowing the netmask idea: IPs from to , we can say /21 (21== ) Any IP address falls in that “network” (though might not be a real network), can be represented by that CIDR

16 Private IP Private IP ==IPs that are not globally allocated to anyone
IP Class From To CIDR range Class A /8 Class B /12 Class C /16

17 NAT (Network Address Translation)
只有一塊門牌發給我們，怎麼辦呢? 對照表: 菜瓜布有連到 要找助教請轉到 內部用: 菜瓜布 Src: Dest: 門牌: Src: Dest: Src: Dest: 馬撒起 內部用: Src: Dest: 凱莉 內部用: 內部用門牌: 小小郭 內部用:

18 Routing Table netstat -nr (不看hostname) or netstat -r (看hostname)
route add default gw —> all traffic not to local subnets goes to the gw route add -net netmask —> all traffic that has destination address with the described network address goes to

19 ICMP (Internet Control Message Protocol)
一些管理用的訊息，用來通知client關於網路的狀況。 常用的用途: 通知client此路不通。(Destination network/host/protocol/port unreachable or unknown) Ping使用的echo request & reply TTL expire (用來偵測或預防路徑中的loop或是traceroute使用)

20 Firewall 菜瓜布 Bit Torrent 封包 馬撒起 Firewall 規則表: 如果是小小郭的封包，直接丟掉
如果是去以下IP address的封包(x.x.x.x, y.y.y.y, z.z.z.z)直接丟掉 剩下的可以過 凱莉 小小郭

21 DNS (Domain Name Service)
一言以蔽之: 將名稱轉為IP的服務 常見的轉換種類: Domain name -> IP (type A): ntucsv.csie.ntu.edu.tw -> @domainname的mail server (type MX): csie.ntu.edu.tw -> ms.csie.ntu.edu.tw Domain name -> domain name (type CNAME): -> ntucsv.csie.ntu.edu.tw IP -> domain name (type PTR) > csman.csie.ntu.edu.tw 可以多重宣告: 增加可靠度或分散性. 例如

22 分散式的架構: 分層負責 (recursive query)
我不負責主管ntu.edu.tw 請問負責.tw的機器 Root DNS csman.csie.ntu.edu.tw (Local DNS的角色) .tw NS (Top-level Domain DNS server) .edu.tw (Authoritative DNS Server) IP of .ntu.edu.tw (Authoritative DNS) Your Machine 我負責主管ntu.edu.tw

23 DNS的細節 如果local DNS本身主管被查詢的domain，則可以直接回 覆。 Local DNS可以暫存之前查詢過的結果。
例如 如果被查詢 Local DNS可以暫存之前查詢過的結果。 主要用來減輕主管DNS server及網路的負擔。 每筆在主管DNS server上的紀錄都有對應的TTL值，規範可以 被占存多久。

24 /etc/resolv.conf nameserver 140.112.30.21 nameserver 140.112.254.4
search csie.ntu.edu.tw search —> resolve incomplete names (linux1 —> linux1.csie.ntu.edu.tw) nameserver —> specify the address of the DNS server Mention /etc/hosts

25 常用DNS指令 Examples: dig @8.8.8.8 -t MX csie.ntu.edu.tw

26 課堂作業 找出linux1到 (domain name可) keyword: mtr , traceroute 找出csie.ntu.edu.tw和ntu.edu.tw的mail server們 (SMTP)的IP是什麼

27 延伸閱讀 去年講師(小小郭)的線上投影片: roduction-to-network-tools