Network Layer: COMPSCI 453 Computer Networks

Professor Jim Kurose

Data Plane College of Information and Computer Sciences
University of Massachusetts

 Overview of Network Layer

 What’s Inside a Router? Class textbook:
 The Internet Protocol: IPv4, Addressing, NAT Computer Networking: A Top-
Down Approach (8th ed.)
IPv6 J.F. Kurose, K.W. Ross
Pearson, 2020

 Generalized Forwarding and SDN

http://gaia.cs.umass.edu/kurose_ross

• match+action
• OpenFlow: match+action in action
 Middleboxes
 Summary
Generalized forwarding: match plus action
Review: each router contains a forwarding table (aka: flow table)
 “match plus action” abstraction: match bits in arriving packet, take action
• destination-based
values in arriving
packet header
forwarding: forward based on dest. IP address
• generalized forwarding:
0111 1
2
3
• many header fields can determine action
• many action possible: drop/copy/modify/log packet

forwarding table
(aka: flow table)
Flow table abstraction
 flow: defined by header field values (in link-, network-, transport-layer fields)
 generalized forwarding: simple packet-handling rules
• match: pattern values in packet header fields
• actions: for matched packet: drop, forward, modify, matched packet or send
matched packet to controller
• priority: disambiguate overlapping patterns
• counters: #bytes and #packets

Flow table Router’s flow table define

match action router’s match+action rules
Flow table abstraction
 flow: defined by header fields
 generalized forwarding: simple packet-handling rules
• match: pattern values in packet header fields
• actions: for matched packet: drop, forward, modify, matched packet or send
matched packet to controller
• priority: disambiguate overlapping patterns
• counters: #bytes and #packets

Flow table src = *.*.*.*, dest=3.4.*.* forward(2)

match action src=1.2.*.*, dest=*.*.*.* drop
src=10.1.2.3, dest=*.*.*.* send to controller
* : wildcard
1 4
3
2
OpenFlow: flow table entries
Match Action Stats

Packet + byte counters

1. Forward packet to port(s)
2. Drop packet
3. Modify fields in header(s)
4. Encapsulate and forward to controller

Header fields to match:

Ingress Src Dst Eth VLAN VLAN IP IP TCP/UDP TCP/UDP
IP Src IP Dst Src Port Dst Port
Port MAC MAC Type ID Pri Proto ToS

Link layer Network layer Transport layer

 OpenFlow: examples
Destination-based forwarding:
Switch MAC MAC Eth VLAN VLAN IP IP IP IP TCP TCP
Port src dst type ID Pri Src Dst Prot ToS s-port d-port Action
* * * * * * * 51.6.0.8 * * * * port6
IP datagrams destined to IP address 51.6.0.8 should be forwarded to router output port 6

Firewall:
Switch MAC MAC Eth VLAN VLAN IP IP IP IP TCP TCP
Port src dst type ID Pri Src Dst Prot ToS s-port d-port Action
* * * * * * * * * * * 22 drop
Block (do not forward) all datagrams destined to TCP port 22 (ssh port #)

Switch MAC MAC Eth VLAN VLAN IP IP IP IP TCP TCP

Port src dst type ID Pri Src Dst Prot ToS s-port d-port Action
* * * * * * 128.119.1.1 * * * * * drop
Block (do not forward) all datagrams sent by host 128.119.1.1
OpenFlow: examples
Layer 2 destination-based forwarding:
Switch MAC MAC Eth VLAN VLAN IP IP IP IP TCP TCP
Port src dst type ID Pri Src Dst Prot ToS s-port d-port Action
22:A7:23:
* * 11:E1:02 * * * * * * * * * port3
layer 2 frames with destination MAC address 22:A7:23:11:E1:02 should be forwarded to
output port 3
OpenFlow abstraction
 match+action: abstraction unifies different kinds of devices

Router Firewall
• match: longest • match: IP addresses and
destination IP prefix TCP/UDP port numbers
• action: forward out a link • action: permit or deny
Switch
• match: destination MAC NAT
address • match: IP address and port
• action: forward or flood • action: rewrite address and
port
OpenFlow example
Host h6 Orchestrated tables can create
10.3.0.6
1 s3 controller
network-wide behavior, e.g.,:
2
4
 datagrams from hosts h5 and
Host h5
3
h6 should be sent to h3 or h4,
10.3.0.5 via s1 and from there to s2

1 s1 1 s2
Host h1 2 Host h4
10.1.0.1 4 2 4
10.2.0.4
3 3

Host h3
Host h2
10.2.0.3
10.1.0.2
OpenFlow example
match action
IP Src = 10.3.*.*
forward(3)
Host h6 Orchestrated tables can create
10.3.0.6
IP Dst = 10.2.*.*
1 s3 controller
network-wide behavior, e.g.,:
2
4
 datagrams from hosts h5 and
Host h5
3
h6 should be sent to h3 or h4,
10.3.0.5 via s1 and from there to s2

1 s1 1 s2
Host h1 2 Host h4
10.1.0.1 4 2 4
10.2.0.4
3 3

match match action

action Host h3
Host h2 ingress port = 2
ingress port = 1 10.1.0.2
10.2.0.3 forward(3)
IP Src = 10.3.*.* forward(4) IP Dst = 10.2.0.3
IP Dst = 10.2.*.* ingress port = 2
forward(4)
IP Dst = 10.2.0.4
Generalized forwarding: summary
 “match plus action” abstraction: match bits in arriving packet header(s) in
any layers, take action
• matching over many fields (link-, network-, transport-layer)
• local actions: drop, forward, modify, or send matched packet to
controller
• “program” network-wide behaviors
 simple form of “network programmability”
• programmable, per-packet “processing”
• historical roots: active networking
• today: more generalized programming:
P4 (see p4.org).
Network Layer: COMPSCI 453 Computer Networks
Professor Jim Kurose
Data Plane College of Information and Computer Sciences
University of Massachusetts

 Overview of Network Layer

 What’s Inside a Router? Class textbook:
 The Internet Protocol: IPv4, Addressing, NAT Computer Networking: A Top-
Down Approach (8th ed.)
IPv6 J.F. Kurose, K.W. Ross
Pearson, 2020

 Generalized Forwarding and SDN

http://gaia.cs.umass.edu/kurose_ross

• match+action
• OpenFlow: match+action in action
 Middleboxes
 Summary