SEEM4540 Open Systems For E-Commerce

Chapter 4 Network Layer (Data Plane)

Xunying Liu
xyliu@se.cuhk.edu.hk

The Chinese University Of Hong Kong

Chapter 4: outline
4.1 Overview of Network layer
• data plane
• control plane
4.2 What’s inside a router
4.3 IP: Internet Protocol
• datagram format
• fragmentation
• IPv4 addressing
• network address translation
• IPv6

Network Layer: Data Plane 4-2

Chapter 4: network layer
chapter goals:
 understand principles behind network
layer services, focusing on data plane:
• network layer service models
• forwarding versus routing
• how a router works
 instantiation, implementation in the
Internet

Network Layer: Data Plane 4-3

Network layer
 transport segment from
application
transport
network
sending to receiving data link
physical

host network
network
data link
network
data link

 on sending side
physical physical
data link
physical network network

encapsulates segments data link

physical
data link
physical

into datagrams
network
 on receiving side,
network
data link data link
physical physical

delivers segments to
network
data link
physical
transport layer network
application
transport
 network layer protocols network
data link
physical
network
data link
network
data link

in every host, router data link

physical
physical physical

 router examines header

fields in all IP
datagrams passing
through it
Network Layer: Data Plane 4-4
Two key network-layer
functions
network-layer functions: analogy: taking a trip
forwarding: move  forwarding: process
packets from router’s of getting through
input to appropriate single interchange
router output
routing: determine
route taken by packets
 routing: process of
from source to planning trip from
destination source to
• routing algorithms destination

Network Layer: Data Plane 4-5

 Network layer: data plane, control
plane
Data plane Control plane
local, per-router network-wide logic
function determines how datagram is
determines how routed among routers along
end-to-end path from source
datagram arriving on host to destination host
router input port is two control-plane approaches:
forwarded to router • traditional routing
output port algorithms: implemented
values in arriving
forwarding
packet header function in routers
• software-defined
1
0111
networking: control plane on
3
2 centralized servers, directly
programmable/configurable,
unified designs, e.g OpenFlow,
since 2010s used in cloud
computing and cellular WLAN, e.g.
Google Cloud and China Mobile

Network Layer: Data Plane 4-6

Per-router control plane
Individual routing algorithm components in each and every
router interact in the control plane

Routing
Algorithm
control
plane

data
plane

values in arriving
packet header
0111 1
2
3

Network Layer: Control Plane 5-7

Chapter 4: outline
4.1 Overview of Network layer
• data plane
• control plane
4.2 What’s inside a router
4.3 IP: Internet Protocol
• datagram format
• fragmentation
• IPv4 addressing
• network address translation
• IPv6

Network Layer: Data Plane 4-8

 Router architecture overview
 high-level view of generic router architecture:

routing, management
routing control plane (software)
processor operates in millisecond
time frame
forwarding data plane
(hardware) operates
in nanosecond
timeframe
high-seed
switching
fabric

router input ports router output ports

Network Layer: Data Plane 4-9

 Input port functions
lookup,
link forwarding
line layer switch
termination protocol fabric
(receive)
queueing

physical layer:
bit-level reception
data link layer: decentralized switching:
e.g., Ethernet  using header field values, lookup
see chapter 5 output port using forwarding table in
input port memory (“match plus
action”)
 goal: complete input port processing at
‘line speed’
 queuing: if datagrams arrive faster
than forwarding rate into switch fabric
Network Layer: Data Plane 4-10
 Input port functions
lookup,
link forwarding
line layer switch
termination protocol fabric
(receive)
queueing

physical layer:
bit-level reception decentralized switching:
data link layer:  using header field values, lookup output port
using forwarding table in input port memory
e.g., Ethernet
(“match plus action”)
see chapter 5  destination-based forwarding: forward based
only on destination IP address (traditional)
 generalized forwarding: forward based on any
set of header field values, e.g. for varying delay
and latency, quality of service, in software-
defined networking

Network Layer: Data Plane 4-11

 Destination-based
forwarding
forwarding table
Destination Address Range Link Interface

11001000 00010111 00010000 00000000

through 0
11001000 00010111 00010111 11111111

11001000 00010111 00011000 00000000

through 1
11001000 00010111 00011000 11111111

11001000 00010111 00011001 00000000

through 2
11001000 00010111 00011111 11111111

otherwise 3

: but what happens if ranges don’t divide up so nicely?

Network Layer: Data Plane 4-12
 Longest prefix matching
longest prefix matching
when looking for forwarding table entry
for given destination address, use longest
address prefix that matches destination
address.
Destination Address Range Link interface
11001000 00010111 00010*** ********* 0
11001000 00010111 00011000 ********* 1
11001000 00010111 00011*** ********* 2
otherwise 3

examples:
DA: 11001000 00010111 00010110 10100001 which interface?
DA: 11001000 00010111 00011000 10101010 which interface?
Network Layer: Data Plane 4-13
 Longest prefix matching
longest prefix matching
when looking for forwarding table entry
for given destination address, use longest
address prefix that matches destination
address.
Destination Address Range Link interface
11001000 00010111 00010*** ********* 0
11001000 00010111 00011000 ********* 1
11001000 00010111 00011*** ********* 2
otherwise 3

examples:
DA: 11001000 00010111 00010110 10100001 Interface 0
DA: 11001000 00010111 00011000 10101010 which interface?
Network Layer: Data Plane 4-14
 Longest prefix matching
longest prefix matching
when looking for forwarding table entry
for given destination address, use longest
address prefix that matches destination
address.
Destination Address Range Link interface
11001000 00010111 00010*** ********* 0
11001000 00010111 00011000 ********* 1
11001000 00010111 00011*** ********* 2
otherwise 3

examples:
DA: 11001000 00010111 00010110 10100001 Interface 0
DA: 11001000 00010111 00011000 10101010 Interface 1
Network Layer: Data Plane 4-15
Longest prefix matching
 we’ll see why longest prefix matching is
used shortly, when we study addressing
and subnet

 longest prefix matching: often

performed using very high access speed
content addressable memories (CAMs)
• Allows fast address retrieval in one clock
cycle, regardless of table size
• Scale up well with large size address tables
• Cisco Catalyst: can store up to ~1M routing
table entries in ternary CAMs

Network Layer: Data Plane 4-16

Switching fabrics
 transfer packet from input buffer to
appropriate output buffer
 switching rate: rate at which packets
can be transfer from inputs to outputs
• often measured as multiple of input/output line rate
• N inputs: switching rate N times line rate desirable
 three types of switching fabrics

memory

memory bus crossbar

Network Layer: Data Plane 4-17

Switching via memory
first generation routers:
 traditional computers with switching under direct
control of CPU (routing processor), e.g. Cisco’s Catalyst
8500
 input and output ports function as traditional I/O
devices, packet copied to system’s memory
 speed limited by memory bandwidth B (#packets per
sec. from input written into mem. or read from mem. to
output), overall forwarding throughput is less than B/2
 only one memory read/write at a time over shared
system bus, only one packet can be forwarded
each time

input output
port memory port
(e.g., (e.g.,
Ethernet) Ethernet)

system bus
Network Layer: Data Plane 4-18
Switching via a bus
 datagram from input port to
output port via a shared bus
 bus contention: switching
speed limited by bus bandwidth
 If multiple packets of different
output ports arrive at the same
time, only one packet can
cross the bus at each time bus
forwarding
 Other packets must wait
 32 Gbps bus, Cisco 5600:
sufficient speed for enterprise
routers

Network Layer: Data Plane 4-19

Switching via crossbar
network
 crossbar (matrix) switch connect
multiple inputs to multiple outputs
 interconnection nets function as
“meshed parallel buses”
 overcome bus bandwidth crossbar
limitations
 multiple packets forwarded in
parallel to different output
ports
 Packets of same output ports
forwarded one by one still
 Cisco12000: switches 60 Gbps
through interconnection network

Network Layer: Data Plane 4-20

Input port queuing
 fabric slower than input ports combined ->
queueing may occur at input queues
• queueing delay and loss due to input buffer
overflow!
 Head-of-the-Line (HOL) blocking: queued
datagram at front of queue prevents others in
queue from moving forward

switch switch
fabric fabric

output port contention: one packet time

only one red datagram can later: green packet
be transferred. experiences HOL
lower red packet is blocked input queue
blocking
Network Layer: Data Plane 4-21
Output ports This slide in HUGELY important!

datagram
switch buffer link
fabric layer line
protocol termination
queueing (send)

 buffering required when datagrams arrive from fabric faster than the
transmission rate Datagram (packets) can be
 scheduling discipline chooses among queued datagrams for transmission
lost due to congestion, lack of
buffers
Priority scheduling – who gets best
performance, network neutrality
Network Layer: Data Plane 4-22
Output port queueing

switch
switch
fabric
fabric

at t, packets more one packet time later

from input to output

 buffering when arrival rate via switch exceeds output

line speed
 queueing (delay) and loss due to output port buffer
overflow!

Network Layer: Data Plane 4-23

How much buffering?
(Optional)
 RFC 3439 rule of thumb: average
buffering equal to “typical” RTT (say
250 msec) times link capacity C (how
many bits can be all in transmission on
the link)
• e.g., C = 10 Gpbs link: 2.5 Gbit buffer
RTT . C with N flows,
 recent recommendation:
buffering equal to N

Network Layer: Data Plane 4-24

Scheduling mechanisms
 scheduling: choose next packet to send on
link
 FIFO (first in first out) scheduling: send in
order of arrival to queue
 discard policy: if packet arrives to full
queue: who to discard?
• tail drop: drop arriving packet
• priority: drop/remove on priority basis
• random: drop/remove randomly

packet packet
arrivals queue link departures
(waiting area) (server)

Network Layer: Data Plane 4-25

Scheduling policies:
priority
high priority queue
priority scheduling: (waiting area)
send highest priority
queued packet arrivals departures

 multiple classes,
with different classify link
(server)
priorities low priority queue
(waiting area)
• class may depend on
2
marking or other
1 3 4 5
header info, e.g. IP
arrivals
source/dest, port
numbers, etc. packet
• real world example? in 1 3 2 4 5
service
• Real-time voice-over-
departures
IP higher priority over
SMTP/IMAP packets 1 3 2 4 5

Network Layer: Data Plane 4-26

Scheduling policies: still
more
Round Robin (RR) scheduling:
 multiple classes
 cyclically scan class queues, sending one complete packet from each class (if available)
 real world example? Multiple HTTP TCP-IP sessions

2
1 3 4 5
arrivals

packet
in 1 3 2 4 5
service

departures
1 3 3 4 5

Network Layer: Data Plane 4-27

Scheduling policies: still
more
Weighted Fair Queuing (WFQ):
 generalized Round Robin
 each class gets weighted amount of
service in each cycle
 real-world example? Voice-of-IP vs.
IMAP/SMTP

Network Layer: Data Plane 4-28

Chapter 4: outline
4.1 Overview of Network layer
• data plane
• control plane
4.2 What’s inside a router
4.3 IP: Internet Protocol
• datagram format
• fragmentation
• IPv4 addressing
• network address translation
• IPv6

Network Layer: Data Plane 4-29

The Internet network layer
host, router network layer functions:

transport layer: TCP, UDP

routing protocols IP protocol

• path selection • addressing conventions
• OSPF, RIP, BGP • datagram format
network • packet handling conventions
layer forwarding
table
ICMP
protocol
• error reporting
• router “signaling”
link layer

physical layer

Network Layer: Data Plane 4-30

 IP datagram format
IP protocol version
number 32 bits total datagram
header length length (bytes)
type of
(bytes) ver head. length
len service for
Data “Type” (e.g. real time, fragment
16-bit identifier flgs fragmentation/
streaming data, Voice offset
time to upper reassembly
over IP use this) header
live layer checksum
max number remaining
hops (decremented at 32 bit source IP address
each router)
32 bit destination IP address
upper layer protocol
to deliver payload to options (if any) e.g. timestamp,
record route
how much overhead? data taken, specify
 20 bytes of TCP (variable length, list of routers
 20 bytes of IP
typically a TCP to visit.
 = 40 bytes + app
or UDP segment)
layer overhead

Network Layer: Data Plane 4-31

 IP fragmentation,
reassembly
 network links have MTU
(max. transfer unit size)
- largest possible link-
level frame, e.g. fragmentation:

…
Ethernet frame in: one large datagram
out: 3 smaller datagrams
• different link types,
different MTUs
 large IP datagram
divided (“fragmented”)
reassembly
within net
• one datagram
becomes several
datagrams …
• “reassembled” only at
final destination
• IP header bits used to
identify, order related
fragments Network Layer: Data Plane 4-32
 IP fragmentation,
reassembly
example:
 4000 byte datagram
 MTU = 1500 bytes length ID fragflag offset
 20 bytes IP header + 3980 bytes =4000 =x
data fragmented to (20+1480) *
=0 =0
2 + (20+1020) bytes 3 smaller
datagrams one large datagram becomes
several smaller datagrams

1500 - 20 = 1480 bytes in length ID fragflag offset

data field =1500 =x =1 =0
3980 - 2*1480 = 1020
Offset = 185 bytes length ID fragflag offset
1480/8 =1500 =x =1 =185

length ID fragflag offset

=1040 =x =0 =370

Network Layer: Data Plane 4-33

Chapter 4: outline
4.1 Overview of
Network layer
• data plane
• control plane
4.2 What’s inside a
router
4.3 IP: Internet Protocol
• datagram format
• fragmentation
• IPv4 addressing
• network address
translation
• IPv6
Network Layer: Data Plane 4-34
IP addressing: introduction
223.1.1.1
 IP address: 32-bit
identifier for host, 223.1.2.1

router interface 223.1.1.2

 interface: 223.1.1.4 223.1.2.9

connection between
host/router and 223.1.1.3
223.1.3.27

physical link 223.1.2.2

• router’s typically have

multiple interfaces
• host typically has one 223.1.3.1 223.1.3.2
or two interfaces (e.g.,
wired Ethernet,
wireless 802.11)
 IP addresses 223.1.1.1 = 11011111 00000001 00000001 00000001
associated with
each interface 223 1 1 1

Network Layer: Data Plane 4-35

 IP addressing: introduction
223.1.1.1
Q: how are interfaces
actually connected? 223.1.2.1

A: we’ll learn about 223.1.1.2 223.1.1.4 223.1.2.9

that in chapter 5, 6.
223.1.3.27
223.1.1.3
223.1.2.2

A: wired Ethernet interfaces

connected by Ethernet switches
223.1.3.1 223.1.3.2

For now: don’t need to worry

about how one interface is
connected to another (with no
A: wireless WiFi interfaces
intervening router)
connected by WiFi base station
Network Layer: Data Plane 4-36
Subnets
 IP address: 223.1.1.1
• subnet part - high
order bits 223.1.1.2 223.1.2.1
• host part - low 223.1.1.4 223.1.2.9

order bits 223.1.2.2

 what’s a subnet ? 223.1.1.3 223.1.3.27

• device interfaces subnet

with same subnet
part of IP address 223.1.3.1 223.1.3.2
• can physically
reach each other
without network consisting of 3 subnets
intervening
router

Network Layer: Data Plane 4-37

Subnets
223.1.1.0/24
223.1.2.0/24
recipe 223.1.1.1

 to determine the 223.1.1.2 223.1.2.1

subnets, detach 223.1.1.4 223.1.2.9

each interface 223.1.2.2

from its host or 223.1.1.3 223.1.3.27

router, creating subnet

islands of isolated
networks 223.1.3.1 223.1.3.2

 each isolated
network is called 223.1.3.0/24
a subnet
subnet mask: /24
Network Layer: Data Plane 4-38
Subnets 223.1.1.2

how many? 223.1.1.1 223.1.1.4

223.1.1.3

223.1.9.2 223.1.7.0

223.1.9.1 223.1.7.1
223.1.8.1 223.1.8.0

223.1.2.6 223.1.3.27

223.1.2.1 223.1.2.2 223.1.3.1 223.1.3.2

Network Layer: Data Plane 4-39

IP addressing: CIDR
CIDR: Classless InterDomain Routing
• subnet portion of address of arbitrary
length
• address format: a.b.c.d/x, where x is #
bits in subnet portion of address
• Replacing IPv4 classful networks
assigning first
subnet
8 bits as domain/subnet
host
addresses (only
part 256!!) part
11001000 00010111 00010000 00000000

200.23.16.0/23
Total of 2^(32-23) = 2^9 = 512 addresses

Network Layer: Data Plane 4-40

IP addresses: how to get
one?
Q: How does a host get IP address?

 hard-coded by system admin in a file

• Windows: control-panel->network->configuration-
>tcp/ip->properties
• UNIX: /etc/rc.config
 DHCP: Dynamic Host Configuration Protocol:
dynamically get address from as server
• “plug-and-play”

Network Layer: Data Plane 4-41

DHCP: Dynamic Host Configuration
Protocol
goal: allow host to dynamically obtain its IP address from network
server when it joins network
• can renew its lease on address in use
• allows reuse of addresses (only hold address while
connected/“on”)
• support for mobile users who want to join network (more shortly)
DHCP overview:
• host broadcasts “DHCP discover” msg [optional]
• DHCP server responds with “DHCP offer” msg [optional]
• host requests IP address: “DHCP request” msg
• DHCP server sends address: “DHCP ack” msg

Network Layer: Data Plane 4-42

DHCP client-server
scenario
DHCP
223.1.1.0/24
server
223.1.1.1 223.1.2.1

223.1.1.2 arriving DHCP

223.1.1.4 223.1.2.9
client needs
address in this
223.1.3.27
223.1.2.2 network
223.1.1.3

223.1.2.0/24

223.1.3.1 223.1.3.2

223.1.3.0/24
Network Layer: Data Plane 4-43
DHCP client-server
scenario
DHCP server: 223.1.2.5 DHCP discover arriving
client
src : 0.0.0.0, 68
Broadcast: is there a
dest.: 255.255.255.255,67
DHCP server
yiaddr: 0.0.0.0out
transaction
there?ID: 654

DHCP offer
src: 223.1.2.5, 67
Broadcast: I’m a DHCP
dest: 255.255.255.255, 68
server! Here’s an IP
yiaddrr: 223.1.2.4
transaction ID: 654
address you can use
lifetime: 3600 secs
DHCP request
src: 0.0.0.0, 68
dest:: 255.255.255.255, 67
Broadcast: OK. I’ll
yiaddrr: 223.1.2.4
take that IPID:address!
transaction 655
lifetime: 3600 secs

DHCP ACK
src: 223.1.2.5, 67
dest: 255.255.255.255,
Broadcast: 68
OK. You’ve
yiaddrr: 223.1.2.4
gottransaction
that IPID:address!
655
lifetime: 3600 secs
Network Layer: Data Plane 4-44
DHCP: more than IP
addresses
DHCP can return more than just allocated
IP address on subnet:
• address of first-hop router for client
• name and IP address of DNS sever
• network mask (indicating network versus
host portion of address)

Network Layer: Data Plane 4-45

DHCP: example
DHCP DHCP  connecting laptop needs
DHCP UDP its IP address, addr of
DHCP IP first-hop router, addr of
DHCP Eth DNS server: use DHCP
Phy
DHCP
 DHCP request encapsulated
in UDP, encapsulated in IP,
DHCP
encapsulated in 802.1
DHCP 168.1.1.1
DHCP UDP Ethernet
DHCP IP  Ethernet frame
DHCP Eth router with DHCP
Phy server built into broadcast (dest:
router FFFFFFFFFFFF MAC adr.)
on
LAN, received at router
running DHCP
 Ethernet server
demuxed to IP
demuxed, UDP
demuxed to DHCP

Network Layer: Data Plane 4-46

DHCP: example
 DHCP server forms
DHCP DHCP
DHCP UDP DHCP ACK containing
DHCP IP client’s IP address, IP
DHCP Eth address of first-hop
Phy router for client, name &
IP address of DNS server

 encapsulation of DHCP
DHCP DHCP server, frame
DHCP UDP forwarded to client,
DHCP IP demuxing up to DHCP
DHCP Eth router with DHCP at client
DHCP
Phy server built into  client now knows its
router IP address, name
and IP address of
DSN server, IP
address of its first-
hop router

Network Layer: Data Plane 4-47

 DHCP:
Wireshark Message type: Boot Reply (2)
reply
output (home
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
LAN) Transaction ID: 0x6b3a11b7
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
Message type: Boot Request (1)
Hardware type: Ethernet Client IP address: 192.168.1.101 (192.168.1.101)
Hardware address length: 6 Your (client) IP address: 0.0.0.0 (0.0.0.0)
Hops: 0
Transaction ID: 0x6b3a11b7
request Next server IP address: 192.168.1.1 (192.168.1.1)
Relay agent IP address: 0.0.0.0 (0.0.0.0)
Seconds elapsed: 0 Client MAC address: Wistron_23:68:8a (00:16:d3:23:68:8a)
Bootp flags: 0x0000 (Unicast) Server host name not given
Client IP address: 0.0.0.0 (0.0.0.0) Boot file name not given
Your (client) IP address: 0.0.0.0 (0.0.0.0) Magic cookie: (OK)
Next server IP address: 0.0.0.0 (0.0.0.0) Option: (t=53,l=1) DHCP Message Type = DHCP ACK
Relay agent IP address: 0.0.0.0 (0.0.0.0) Option: (t=54,l=4) Server Identifier = 192.168.1.1
Client MAC address: Wistron_23:68:8a (00:16:d3:23:68:8a) Option: (t=1,l=4) Subnet Mask = 255.255.255.0
Server host name not given Option: (t=3,l=4) Router = 192.168.1.1
Boot file name not given Option: (6) Domain Name Server
Magic cookie: (OK) Length: 12; Value: 445747E2445749F244574092;
Option: (t=53,l=1) DHCP Message Type = DHCP Request IP Address: 68.87.71.226;
Option: (61) Client identifier IP Address: 68.87.73.242;
Length: 7; Value: 010016D323688A; IP Address: 68.87.64.146
Hardware type: Ethernet Option: (t=15,l=20) Domain Name = "hsd1.ma.comcast.net."
Client MAC address: Wistron_23:68:8a (00:16:d3:23:68:8a)
Option: (t=50,l=4) Requested IP Address = 192.168.1.101
Option: (t=12,l=5) Host Name = "nomad"
Option: (55) Parameter Request List
Length: 11; Value: 010F03062C2E2F1F21F92B
1 = Subnet Mask; 15 = Domain Name
3 = Router; 6 = Domain Name Server
44 = NetBIOS over TCP/IP Name Server
……

Network Layer: Data Plane 4-48

IP addresses: how to get
one?
Q: how does network get a subnet part of IP addresses?
A: gets allocated a portion of its provider ISP’s address
space (think about this like a vector subspace of host
IP addresses with a longer subnet mask …)

ISP's block 11001000 00010111 00010000 00000000 200.23.16.0/20

(2^12 = 4096 addr. in ISP block)
Organization 0 11001000 00010111 00010000 00000000 200.23.16.0/23
Organization 1 11001000 00010111 00010010 00000000 200.23.18.0/23
Organization 2 11001000 00010111 00010100 00000000 200.23.20.0/23
... ….. …. ….
Organization 7 11001000 00010111 00011110 00000000 200.23.30.0/23
(2^9 = 512 addr. for each organization)

[NOTE: linear independence between subnet

masks to ensure no overlap between IP
address ranges ]
Network Layer: Data Plane 4-49
 Hierarchical addressing: route
aggregation
erarchical addressing allows efficient advertisement of routin
formation:

Organization 0: 512 IP addr.

200.23.16.0/23
“Send me anything
Organization 1: 512 IP addr. with addresses
200.23.18.0/23 beginning
Organization 2: 512 IP addr. 200.23.16.0/20”
4096 IP addr.
200.23.20.0/23 . Fly-By-Night-ISP
.
. . Internet
.
. IP addr.
Organization 7: 512
200.23.30.0/23
“Send me anything
ISPs-R-Us
with addresses
beginning
199.31.0.0/16”
64k IP addr.

Network Layer: Data Plane 4-50

IP addressing: ISP block address

Q: how does an ISP get block of

addresses?

A: ICANN: Internet Corporation for

Assigned
Names and Numbers
http://www.icann.org/
• allocates addresses
• manages DNS
• assigns domain names, resolves
disputes
Network Layer: Data Plane 4-51
IP addressing: the 32bit issue ...

32-bit address space soon to be completely

allocated.
Possible solutions:
1.cluster hosts into local networks and
assign IP addresses internally, externally
share the same IP address via Network
Translation Table (NAT)

2.Moving on to 64bit IP addresses in IPv6

Network Layer: Data Plane 4-52

NAT: network address
translation
rest of local network
Internet (e.g., home network)
10.0.0/24 10.0.0.1

10.0.0.4
10.0.0.2
138.76.29.7

10.0.0.3

all datagrams leaving datagrams with source or

local destination in this network
network have same have 10.0.0/24 address for
single source NAT IP source, destination (as usual)
address:
138.76.29.7,different Network Layer: Data Plane 4-53
NAT: network address
translation
motivation: local network uses just one IP
address as far as outside world is
concerned:
 range of addresses not needed from ISP:
just one IP address for all devices
 can change addresses of devices in local
network without notifying outside world
 can change ISP without changing
addresses of devices in local network
 devices inside local net not explicitly
addressable, visible by outside world (a
security plus)
Network Layer: Data Plane 4-54
NAT: network address
translation
implementation: NAT router must:

 outgoing datagrams: replace local (LAN) (source IP

address, port #) of outgoing datagram to global
(WAN) (IP address, new port #)
. . . remote clients/servers will respond using global
(IP address, new port #) as destination address
 remember (in NAT translation table) local (source IP
address, port #) to global (IP address, new port #)
translation

 incoming datagrams: replace global (IP address, new

port #) in dest. fields of every incoming datagram with
corresponding local (source IP address, port #) stored
in NAT table
Network Layer: Data Plane 4-55
 NAT: network address
translation
NAT translation table 1: host 10.0.0.1
2: NAT router WAN side addr LAN side addr
changes datagram sends datagram to
source addr from 138.76.29.7, 5001 10.0.0.1, 3345 128.119.40.186, 80
10.0.0.1, 3345 to …… ……
138.76.29.7, 5001,
updates table S: 10.0.0.1, 3345
D: 128.119.40.186, 80
10.0.0.1
1
S: 138.76.29.7, 5001
2 D: 128.119.40.186, 80 10.0.0.4
10.0.0.2
138.76.29.7 S: 128.119.40.186, 80
D: 10.0.0.1, 3345
4
S: 128.119.40.186, 80
D: 138.76.29.7, 5001 3 10.0.0.3
4: NAT router
3: reply arrives changes datagram
dest. address: dest addr from
138.76.29.7, 5001 138.76.29.7, 5001 to 10.0.0.1, 3345

Network Layer: Data Plane 4-56

NAT: network address
translation
 16-bit port-number field:
• 60,000 simultaneous connections with a
single LAN-side address!
 NAT is controversial:
• routers should only process up to layer 3
• address shortage should be solved by
IPv6
• violates end-to-end argument
• NAT possibility must be taken into account
by app designers, e.g., P2P applications
• NAT traversal: what if client wants to
connect to server behind NAT?
Network Layer: Data Plane 4-57
Chapter 4: outline
4.1 Overview of Network layer
• data plane
• control plane
4.2 What’s inside a router
4.3 IP: Internet Protocol
• datagram format
• fragmentation
• IPv4 addressing
• network address translation
• IPv6

Network Layer: Data Plane 4-58

 IPv6: motivation
 initial motivation: 32-bit address space
soon to be completely allocated.
 additional motivation:
• header format helps speed
processing/forwarding
• header changes to improve quality of service

IPv6 datagram format:

• fixed-length 40 byte header
• no fragmentation allowed

Network Layer: Data Plane 4-59

IPv6 datagram format
priority: identify priority among datagrams in
flow
flow Label: identify datagrams in same “flow”,
e.g. real time audio/video data, or priority users
paying for better service for their traffic
(concept of “flow” not well defined).
ver pri flow label
next header: identify
payload len
upper
next hdr
layer protocol for
hop limit
data source address
(128 bits)
destination address
(128 bits)

data

32 bits
Network Layer: Data Plane 4-60
Other changes from IPv4
 checksum: removed entirely to reduce
processing time at each hop
 options: allowed, but outside of header,
indicated by “Next Header” field
 Path MTU Discovery: RFC1191 & 8201
determine maximum transmission unit (MTU)
size on network path between two Internet
Protocol (IP) hosts, to avoid IPv4
fragmentation at routers; end-to-end
fragmentation, e.g. for packets larger than
1500 bytes
 ICMPv6: new version of ICMP
• additional message types, e.g. “Packet Too Big”
• multicast group management functions

Network Layer: Data Plane 4-61

Transition from IPv4 to
IPv6
 not all routers can be upgraded
simultaneously
• no “flag days”
• how will network operate with mixed IPv4
and IPv6 routers?
 tunneling: IPv6 datagram carried as payload
in IPv4 datagram among IPv4 routers
IPv4 header fields IPv6 header fields
IPv4 payload
IPv4 source, dest addr IPv6 source dest addr
UDP/TCP payload

IPv6 datagram
IPv4 datagram
Network Layer: Data Plane 4-62
Tunneling
A B IPv4 tunnel E F
connecting IPv6 routers
logical view:
IPv6 IPv6 IPv6 IPv6

A B C D E F
physical view:
IPv6 IPv6 IPv4 IPv4 IPv6 IPv6

Network Layer: Data Plane 4-63

Tunneling
A B IPv4 tunnel E F
connecting IPv6 routers
logical view:
IPv6 IPv6 IPv6 IPv6

A B C D E F
physical view:
IPv6 IPv6 IPv4 IPv4 IPv6 IPv6

flow: X src:B src:B flow: X

src: A dest: E src: A
dest: F
dest: E
dest: F
Flow: X Flow: X
Src: A Src: A
data Dest: F Dest: F data

data data

A-to-B: E-to-F:
IPv6 B-to-C: C-to-D: IPv6
IPv6 inside IPv6 inside
IPv4 IPv4 Network Layer: Data Plane 4-64
IPv6:
adoption
 Google: 8% of clients access services via
IPv6
 NIST: 1/3 of all US government domains
are IPv6 capable

 Long (long!) time for deployment, use

• 20 years and counting!
• think of application-level changes in last 20
years: WWW, Facebook, streaming media,
Skype, …
• Why?

Network Layer: Data Plane 4-65

Chapter 4: done!
4.1 Overview of
Network layer: data
plane and control
plane
4.2 What’s inside a
router
4.3 IP: Internet Protocol
Question: how do forwarding tables
• datagram format (destination-based forwarding) or
• fragmentation flow tables (generalized forwarding)
computed?
• IPv4 addressing Answer: by the control plane (next
• NAT chapter)
• IPv6

Network Layer: Data Plane 4-66