Table of contents
4.1. Overview of network layer
To implement network layer tasks, the following main issues need to be solved:
Network layer addressing issues
4.2. Two services provided by the network layer
Connection-oriented virtual circuit service
connectionless datagram service
Comparison of virtual circuit services and datagram services
Special IP addresses not generally used
Some important characteristics of IP addresses
IPv4 address without class addressing
How to use classless addressing
Route aggregation (constructing supernet)
Application planning of IPv4 addresses
Fixed Length Subnet Mask FLSM (Fixed Length Subnet Mask)
Variable Length Subnet Mask VLSM (Variable Length Subnet Mask)
4.4. The sending and forwarding process of IP datagrams
4.5. Static routing configuration and possible routing loop problems
Examples of various situations
Static routing configuration errors lead to routing loops
Aggregating non-existent networks causing routing loops
Routing loop caused by network failure
Main features of routing protocols used by the Internet
The Internet uses hierarchical routing protocols
Routing Information Protocol RIP
The basic working process of RIP
RIP routing entry update rules
RIP has the problem of "bad news spreads slowly"
Open Shortest Path First OSPF (Open Shortest Path First)
Send Link State Advertisement LSA
Link state database synchronization
Use the SPF algorithm to calculate the shortest path from each router to other routers
The basic working process of OSPF
OSPF establishes router neighbor relationship in multi-point access network
Protocol that directly encapsulates RIP, OSPF and BGP messages
4.7. IPv4 datagram header format
4.8. Internet Control Message Protocol ICMP
The destination is unreachable
ICMP error report messages should not be sent
4.9. Virtual Private Network VPN and Network Address Translation NAT
Virtual Private Network VPN (Virtual Private Network)
Network Address Translation NAT (Network Address Translation)
4.1. Overview of network layer
Introduction
- The main task of the network layer is to realize network interconnection and then realize the transmission of data packets between various networks.
If these heterogeneous networks N1~N7 only need their own internal communication, they only need to implement their own physical layer and data link layer.
But if you want to interconnect these heterogeneous networks to form a larger Internet, you need to implement network layer device routers.
Sometimes for the sake of simplicity, you don’t need to draw these networks, N1~N7 in the figure, but regard them as a link
To implement network layer tasks, the following main issues need to be solved:
What services does the network layer provide to the transport layer ("reliable transmission" or "unreliable transmission")
Reliable transmission was discussed in the data link layer class. For details, please refer to the notes there: The network layer takes measures against the following transmission errors of packet loss , packet disorder , and packet duplication , so that the receiver can correctly accept the packets sent by the sender. Data means reliable transmission . On the contrary, if no measures are taken, it means unreliable transmission.
Network layer addressing issues
routing problem
After the router receives the data, what basis does it use to decide which interface to forward the data packet from?
Based on the destination address of the data packet and the routing table in the router
But in practice, how does the router know these routing records?
- Manual configuration is performed by users or network administrators. This method is only suitable for small-scale Internets where the network topology does not change.
- The other is to implement various routing protocols, and the router executes the routing algorithm specified in the routing protocol, and automatically obtains the route records in the routing table. This method is more suitable for larger scale and frequent changes in network topology. large internet
In addition to the IP protocol , the supplementary network layer (Internet layer) also includes the Address Resolution Protocol ARP introduced before , the Internet Control Message Protocol ICMP , and the Internet Group Management Protocol IGMP.
Summarize
4.2. Two services provided by the network layer
-
In the field of computer networks, there has been a long-standing debate over what services the network layer should provide to the transport layer (" connection-oriented " or " connectionless ").
-
The essence of the debate is: Who is responsible for reliable delivery in computer communications ? Is it the network or the end system ?
Connection-oriented virtual circuit service
One perspective: Putting the network in charge of reliable delivery
-
This view believes that the successful experience of telecommunications networks should be used to make the network responsible for reliable delivery. Computer networks should imitate telecommunications networks and use connection-oriented communication methods.
-
Before communication , a virtual circuit (Virtual Circuit) is established to ensure all network resources required for communication between the two parties.
-
If a reliable transmission network protocol is used, the packets sent can reach the destination in order without errors, without loss or duplication.
All packets sent by the sender to the receiver are transmitted along the same virtual circuit
- A virtual circuit means that this is just a logical connection, and packets are transmitted along this logical connection in a store-and-forward manner, rather than actually establishing a physical connection.
- Please note that circuit-switched telephone communication first establishes a real connection.
- Therefore, packet-switched virtual connections are similar to circuit-switched connections, but not exactly the same.
connectionless datagram service
Another view: Networks provide datagram services
-
The pioneers of the Internet proposed a new way of designing networks.
-
The network layer upwards only provides simple, flexible, connectionless , best-effort datagram services .
-
The network does not need to establish a connection before sending packets. Each packet (i.e., IP datagram) is sent independently, regardless of the packets before and after it (not numbered).
-
The network layer does not provide quality of service commitments . That is to say, the transmitted packets may be wrong, lost, duplicated and out of sequence (arrive at the end point out of order), and of course the time limit for packet transmission is not guaranteed.
Packets sent by the sender to the receiver may be transmitted along different paths
Best effort delivery
- If communication between processes in the host (ie, the end system) needs to be reliable, then the transport layer in the host of the network is responsible for reliable delivery (including error handling, flow control, etc.) .
- The advantages of adopting this design idea are : the network cost is greatly reduced, the operation mode is flexible, and it can adapt to a variety of applications.
- The fact that the Internet can develop to today's scale fully proves the correctness of adopting this design idea.
Comparison of virtual circuit services and datagram services
| Aspects of contrast | virtual circuit service | datagram service |
|---|---|---|
| Ideas | Reliable communication should be guaranteed by the network | Reliable communication should be guaranteed by the user host |
| Establishment of connection | must have | unnecessary |
| End address | Only used during the connection establishment phase, each packet uses a short virtual circuit number | Each group has the complete address of the destination |
| packet forwarding | Packets belonging to the same virtual circuit are forwarded according to the same route. | Each packet independently selects a route for forwarding |
| When a node fails | All virtual circuits passing through the failed node are inoperable | Failed nodes may lose packets and some routes may change |
| grouping order | Always reach the destination in the order sent | Arriving at the end point is not necessarily in the order in which it was sent. |
| End-to-end error handling and flow control | It can be the responsibility of the network or the user host. | Responsible for user host |
4.3、IPv4
Overview
Classified IPv4 addresses
Introduction
-
Each type of address consists of two fixed-length fields. One field is the network number net-id , which identifies the network to which the host (or router) is connected, and the other field is the host number host-id , which Flag this host (or router).
-
The host number must be unique within the range of the network specified by the network number preceding it.
-
It can be seen that an IP address is unique within the entire Internet .
Class A address
Class B address
Class C address
practise
Summarize
IP address assignment range
Special IP addresses not generally used
Some important characteristics of IP addresses
(1) IP address is a hierarchical address structure . The advantages of having two levels are:
-
First , the IP address management agency only allocates network numbers when allocating IP addresses, and the remaining host numbers are allocated by the unit that obtains the network number. This facilitates IP address management.
-
Second , the router only forwards packets based on the network number to which the destination host is connected (without considering the destination host number). This can greatly reduce the number of items in the routing table, thus reducing the storage space occupied by the routing table. .
(2) In fact, the IP address is the interface that identifies a host (or router) and a link .
-
When a host is connected to two networks at the same time, the host must have two corresponding IP addresses at the same time, and its network number net-id must be different. This kind of host is called a multihomed host .
-
Since a router should be connected to at least two networks (so that it can forward IP datagrams from one network to another), a router should have at least two different IP addresses .
(3) Several LANs connected by repeaters or bridges are still one network , so these LANs all have the same network number net-id.
(4) All networks assigned a network number net-id, whether they are local area networks with a small range or wide area networks that may cover a large geographical range, are equal.
Subnetting IPv4 addresses
Why subnet
In the early days of ARPANET, the design of IP addresses was indeed not reasonable enough:
-
IP address space utilization is sometimes very low.
-
Assigning a network number to each physical network can make routing tables too large and degrade network performance.
-
Two levels of IP addresses are not flexible enough.
If you want to divide the original network into three independent networks
So is it possible to borrow part of the host number as the subnet number?
But if the subnet number part is not marked in the figure, then how do we and the computer know how many bits of the host number in the classified address are used as the subnet number?
So there is a tool for dividing subnets: subnet mask
- Since 1985, a " subnet number field " has been added to the IP address , turning the two-level IP address into a three-level IP address .
- This practice is called subnetting .
- Subnetting has become an official standard protocol for the Internet.
How to subnet
The basic idea
-
Dividing subnets is purely an internal matter within an organization . The unit still appears to the outside world as a network without subnets.
-
A number of bits are borrowed from the host number as the subnet-id, and the host number host-id is correspondingly reduced by a number of bits.
-
Any IP datagram sent from other networks to a host in this unit still first finds the router connected to the unit's network based on the destination network number net-id of the IP datagram.
-
Then after receiving the IP datagram, the router finds the destination subnet based on the destination network number net-id and subnet number subnet-id.
-
Finally, the IP datagram is delivered directly to the destination host.
After being divided into three subnets, it is still one network to the outside world.
- advantage
1. 减少了 IP 地址的浪费 2. 使网络的组织更加灵活 3. 更便于维护和管理
- The division of subnets is purely an internal matter of an organization and is transparent to the external network . To the outside world, it still appears as a network without subnets.
subnet mask
(IP address) AND (subnet mask) = The network address is important, and many related knowledge will be used below.
Example
Example 1
Example 2
Default subnet mask
Summarize
- The subnet mask is an important attribute of a network or a subnet.
- When exchanging routing information with neighboring routers, a router must tell the neighboring routers the subnet mask of its own network (or subnet).
- For each item in the router's routing table, in addition to the destination network address, the subnet mask of the network must also be given.
- If a router is connected to two subnets, it has two network addresses and two subnet masks.
IPv4 address without class addressing
Why use classless addressing
Classless Inter-Domain Routing CIDR (Classless Inter-Domain Routing).
The main features of CIDR
- CIDR uses " network-prefix " (network-prefix) of various lengths to replace the network number and subnet number in the classified address.
- IP addresses have gone from three-level addressing (using subnet masks) back to two-level addressing .
How to use classless addressing
Route aggregation (constructing supernet)
Summarize
Application planning of IPv4 addresses
Given an IPv4 address, how to divide it into several smaller address blocks and assign these address blocks to different networks in the Internet, and then assign IPv4 addresses to hosts and router interfaces in each network
Fixed Length Subnet Mask FLSM (Fixed Length Subnet Mask)
IPv4 that divides subnets is a fixed-length subnet mask.
Through the analysis of the above steps, you can select any 5 from subnets 1 ~ 8 and assign them to N1 ~ N5 in the left picture.
Using fixed-length subnet mask division, only 2^n subnets can be divided, where n is the number of bits borrowed from the host number part as the subnet number, and each subnet is assigned the same number of IP addresses.
However, because the number of IP addresses allocated to each subnet is the same, it is not flexible enough and can easily lead to a waste of IP addresses.
Variable Length Subnet Mask VLSM (Variable Length Subnet Mask)
Uncategorized IPv4 is a variable-length subnet mask
4.4. The sending and forwarding process of IP datagrams
How does the source host know whether the destination host is in the same network as itself, and whether it is delivered directly or indirectly?
The destination network address can be obtained by performing a logical AND operation on the destination address IP and the subnet mask of the source address.
- If the destination network address and the source network address are the same , they are in the same network and belong to direct delivery .
- If the destination network address and the source network address are not the same , they are not in the same network , and it is an indirect delivery . It is transmitted to the default gateway (router - explained in the figure below) of the network where the host is located, and the default gateway helps forward it.
How does host C know about the existence of router R?
In order for a host in this network to communicate with hosts in other networks, the user must assign it an interface of a router on this network, and the router will help with forwarding. The designated router is also called the default gateway .
For example. The IP address of interface 0 of the router 192.168.0.128 is used as the default gateway of the network on the left
Host A will transmit the IP datagram to its default gateway, which is router interface 0 as shown in the figure.
How does the router forward the IP datagram after receiving it?
-
Check whether there are errors in the IP datagram header:
-
If an error occurs, the IP datagram is directly discarded and the source host is notified.
-
If there is no error, forward it
-
-
Find a matching entry in the routing table based on the destination address of the IP datagram:
-
If a matching entry is found, forward it to the user indicated in the entry.
-
If it cannot be found, the datagram is discarded and the source host is notified.
-
Assuming there is no error in the IP datagram header, the router takes out the values of each address field in the IP datagram header.
Next, the router looks up the table and forwards the IP datagram.
Check the routing entries one by one, perform a logical AND operation on the destination address and the address mask in the routing entry to obtain the destination network address, and then compare it with the destination network in the routing entry. If they are the same, then this routing entry is the matching routing entry. According to its next instruction, interface 1 is shown in the figure to forward the IP datagram.
Routers isolate broadcast domains
4.5. Static routing configuration and possible routing loop problems
concept
Examples of various situations
Static route configuration
Default route
The default route can be matched by all networks, but route matching has priority, and the default route is the lowest priority.
Host-specific routing
Sometimes, we can add a specific host routing entry to the router for a certain host
Generally used for network management and testing by network managers
Multiple routes are optional, match the most specific route
Static routing configuration errors lead to routing loops
Assume that the third directory in R2's routing table is configured with the wrong next hop.
This results in a routing loop between R2 and R3
Aggregating non-existent networks causing routing loops
normal circumstances
error condition
Solution
The next hop of the black hole route is null0, which is a virtual interface inside the router. IP datagrams are discarded after entering it.
Routing loop caused by network failure
Solution
Add failed networks as blackhole routes
Assumption. The faulty network recovered after some time
R1 automatically derives the routing entry for the directly connected network of its interface 0.
The black hole network targeting this network will automatically fail
If it fails again
Then the black hole network of the network takes effect.
Summarize
4.6. Routing protocol
Overview
Main features of routing protocols used by the Internet
The Internet uses hierarchical routing protocols
- Autonomous system AS : A group of routers under a single technical management that uses an intra-AS routing protocol and common metrics to determine the routing of packets within the AS, and also uses an inter-AS routing protocol. Routing protocols are used to determine the routing of packets between ASs.
Routing between autonomous systems is referred to as inter-domain routing, and routing within autonomous systems is referred to as intra-domain routing.
Inter-domain routing uses a routing protocol of this type, the Exterior Gateway Protocol (EGP).
Intra-domain routing uses a routing protocol of the Interior Gateway Protocol (IGP) type.
The name of the gateway protocol may be called routing protocol
Common routing protocols
Basic structure of router
A router is a specialized computer with multiple input ports and output ports, and its task is to forward packets
The router structure can be divided into two parts:
1. Group forwarding part
Consists of three parts
-
switching fabric
-
A set of input ports:
The signal enters the router from an input port
The physical layer converts the signal into a bit stream and sends it to the data link layer for processing
Data link layer identification identifies frames from the bit stream, removes the frame header and frame trailer, and then sends them to the network layer for processing.
If the packet sent to the network layer is an ordinary data packet to be forwarded
Then perform table lookup and forwarding based on the destination address in the packet header.
-
If no matching forwarding entry is found, the packet is discarded; otherwise, the packet is forwarded according to the port indicated in the matching entry.
-
a set of output ports
The network layer updates the values of certain fields in the header of the data packet, such as decrementing the lifetime of the data packet by 1, and then sends it to the data link layer for encapsulation.
The data link layer encapsulates data packets into frames and passes them to the physical layer for processing.
-
The physical layer treats frames as bit streams and converts them into corresponding electrical signals for transmission.
Each port of the router also has an input buffer and an output buffer.
- The input buffer is used to temporarily store packets that have newly entered the router but have not yet had time to process.
- The output buffer is used to temporarily store packets that have been processed but have not yet been sent.
Router ports generally have input and output functions . These examples separate input ports and output ports to better demonstrate the basic working process of routing.
2. Routing selection part
-
The core component of the routing part is the routing handler, whose task is based on the routing protocol used. Periodically exchange routing information with other routers to update the routing table
If the packet sent to the network layer of the input port is a routing message for exchanging routing information between routers, then this packet is sent to the routing processor
The routing processor updates its routing table based on the contents of the packet
The routing processor also periodically sends the routing information it knows to other routers.
Routing Information Protocol RIP
The basic working process of RIP
RIP routing entry update rules
The next entry in Router C's table reaching each destination network is marked as a question mark. It can be understood that Router D does not need to care about these contents of Router C.
Assume that Router C's RIP update message sending period has arrived, then Router C encapsulates the relevant routing information in its routing table into a RIP update message and sends it to Router D
Router C can reach these networks, which means that the adjacent routers of router C can also be reached, but the distance is 1 greater than that of router C. Therefore, based on the distance comparison, router D updates its routing table.
RIP has the problem of "bad news spreads slowly"
Solution
However, these methods cannot completely solve the problem of "bad news spreads slowly", which is the essential decision of distance vectors.
Summarize
Advantages and Disadvantages of RIP Protocol
advantage:
- The implementation is simple and the overhead is small.
shortcoming:
- RIP limits the size of the network, and the maximum distance it can use is 15 (16 means unreachable).
- The routing information exchanged between routers is the complete routing table in the router, so as the network scale expands, the overhead also increases.
- "Bad news travels slowly", making the update process take too long to converge.
Open Shortest Path First OSPF
Open Shortest Path First OSPF (Open Shortest Path First)
Note : OSPF is just the name of a protocol, it does not mean that other routing protocols are not "shortest path first".
concept
Hello grouping
The value of the protocol number field in the IP datagram header should be 89 to indicate that the data payload of the IP datagram is an OSPF packet.
Send Link State Advertisement LSA
The flooding method is somewhat similar to broadcasting, that is, it comes in through one interface and goes out through all other remaining interfaces.
Link state database synchronization
Use the SPF algorithm to calculate the shortest path from each router to other routers
OSPF five grouping types
The basic working process of OSPF
OSPF establishes router neighbor relationship in multi-point access network
If no other mechanism is used, a large number of multicast packets will be generated
If there is a problem with the DR, the BDR will replace the DR.
In order to enable OSPF to be used on large-scale networks, OSPF divides an autonomous system into several smaller areas, called areas.
-
Within this autonomous system, all routers use the OSPF protocol. OSPF divides the autonomous system into four smaller areas.
-
Each zone has a 32-bit zone identifier
-
The area identifier of the backbone area must be 0. The backbone area is used to connect other areas.
-
The zone identifier of other zones cannot be 0 and different
-
Each area should generally not contain more than 200 routers
-
The advantage of dividing the area is that the use of flooding method to exchange link status information is limited to each area rather than the autonomous system, thus reducing the communication volume on the entire network
Summarize
Border Gateway Protocol BGP
BGP (Border Gateway Protocol) is a protocol for exchanging routing information between routers in different autonomous systems.
Summarize
Protocol that directly encapsulates RIP, OSPF and BGP messages
4.7. IPv4 datagram header format
The role of each field
-
An IP datagram consists of header and data parts.
-
The first part of the header is of fixed length, totaling 20 bytes, and is required by all IP datagrams.
-
Following the fixed part of the header are optional fields whose length is variable.
Each row in the figure is composed of 32 bits (that is, 4 bytes). Each small grid is called a field or domain. Each field or a combination of certain fields is used to express the related functions of the IP protocol.
The header length of the IP datagram must be an integer multiple of 4 bytes
Because the length of the optional fields in the header ranges from 1 byte to 40 bytes, then when the 20-byte fixed part is added to the variable part with a length ranging from 1 to 40 bytes, the header When the length is not an integer multiple of 4 bytes, fill the corresponding bytes with a padding field whose value is all 0 to ensure that the header length of the IP datagram is an integer multiple of 4 bytes.
Fragment IPv4 datagrams
Now assume that the IP datagram of fragment 2 needs to be fragmented when passing through a certain network.
Summarize
4.8. Internet Control Message Protocol ICMP
concept
Two points need to be paid special attention to when building an IP network:
- Confirm that the network is working properly
- Diagnose problems when encountering exceptions
ICMP is the protocol that implements these issues
The main functions of ICMP include:
- Confirm whether the IP packet is successfully delivered to the target address
- Notify the specific reason why the IP packet was discarded during the sending process
- Improve network settings, etc.
With these functions, you can obtain information such as whether the network is normal, whether the settings are incorrect, and whether there are any abnormalities in the device, etc., thus facilitating the diagnosis of network problems.
ICMP is not a high-level protocol (it looks like a high-level protocol, because ICMP messages are installed in IP datagrams as the data part), but an IP layer protocol
ICMP message format
ICMP error report message
The destination is unreachable
source suppression
time exceeds
Parameter problem
Change routing (redirect)
ICMP error report messages should not be sent
ICMP application examples
PING (Packet InterNet Groper)
traceroute
Implementation principle of tracert command
Summarize
4.9. Virtual Private Network VPN and Network Address Translation NAT
Virtual Private Network VPN (Virtual Private Network)
-
Due to the shortage of IP addresses , the number of IP addresses an organization can apply for is often far less than the number of hosts owned by the organization.
-
Considering that the Internet is not very secure , there is no need to connect all hosts in an organization to the external Internet.
-
Assuming that computer communication within an organization also uses the TCP/IP protocol, then in principle, these computers that are only used within the organization can be assigned their own IP addresses by the organization .
The picture above shows the allocation scheme of special addresses in the IPv4 address space on the official website of the Internet Numbers Assigned Authority IANA.
The addresses marked in pink are private addresses that do not need to be applied for and can be freely allocated, or private addresses.
Private addresses can only be used for internal communications within an organization and cannot be used to communicate with hosts on the Internet.
Private addresses can only be used as local addresses and not as global addresses
All routers on the Internet will not forward IP datagrams whose destination address is a private address.
Local address vs. global address
- Local address - an IP address used only within the organization and can be allocated by the organization itself without the need to apply to the Internet management agency.
- Global Address - A globally unique IP address that must be applied for from the governing body of the Internet.
- Problem : The local address used internally may overlap with an IP address on the Internet, which will cause address ambiguity.
Therefore, Department A and Department B need at least one router with a legal global IP address so that their respective private networks can communicate using the public Internet.
Department A sends data process to Department B
Datagrams sent between hosts in two private networks pass through the public Internet, but in effect they appear to be transmitted on the organization's private network.
Datagrams may pass through multiple networks and routers on the Internet, but logically, there seems to be a direct point-to-point link between R1 and R2
Therefore, it is also called IP tunnel technology
Network Address Translation NAT (Network Address Translation)
Example
How can a host using a private address communicate with a host on the Internet using a global IP address?
This requires NAT software to be installed on the router connecting the private network to the Internet
Routers with proprietary NAT software are called NAT routers
It has at least one valid external global IP address
In this way, all hosts using private addresses must convert their private addresses to global IP addresses on the NAT router when communicating with the outside world.
Suppose that a host using a private address wants to send an IP datagram to another host on the Internet using a global IP address.
This host on the Internet sends a datagram back to the source host
When two hosts using private addresses in the private network send datagrams to another host using a global address on the Internet, two records will be generated in the NAT translation table of the NAT router, recording two private addresses respectively. Correspondence to global addresses
There is a problem with this basic conversion
Solution
Many of the home routers we use now are NART routers.
Can the communication between the internal network host and the external network host be initiated first by the external network host?
denial
Summarize
