Network layer of computer network (all)

Network layer functions

The design idea of ​​the Internet at the network layer is to provide simple, flexible, connectionless, and best-effort datagram services upwards only.

The router must receive the entire packet before it can start transmitting the first bit of the packet to the output link. This mechanism is called: store and forward mechanism. 

Heterogeneous network interconnection 

User needs are diverse, and no single network can meet the needs of all users. One of the tasks that the network layer has to accomplish is to interconnect these heterogeneous networks.​ 

When usingphysical layer or data link layer relay system, it only expands a network, but from the perspective of the network layer Look, it's still the same networkand is not generally called a network interconnection.

A router is aspecialized computer.

In the structure of multiple LANs interconnected by routers, each LAN is required to have different physical layer, data link layer, and network layer protocols, but the high-level protocols above the network layer must be the same.

Network interconnection refers to the use of some intermediate equipment (also known as ) through certain methods. a> are connected to each other to form a larger network system. Depending on the level at which it is located, relay systems are divided into the following four types:Relay system)

• 1) Physical layer relay system: transponder, hub.
• 2) Data link layer relay system: bridge or switch.
• 3) Network layer relay system: router.
• 4) Relay system above the network layer: gateway.​ 

A virtual interconnection network (logical interconnection network) using the IP protocol may be referred to asIP network.

The advantage of using an IP network is that when hosts on an IP network communicate, it isas if they were communicating on a single network. The specific heterogeneous details of interconnected networks (such as specific addressing schemes, routing protocols, etc.) are not visible.

Routing and forwarding

• 1) Routing selection (determine which path). It refers to dynamically changing the selected route according to the complex distributed algorithm and based on the changes in the entire network topology obtained from each adjacent router.
• 2) Packet forwarding (action taken when a packet arrives). Refers to the router forwarding the user's IP datagram out of the appropriate port according to the forwarding table.​ 

Don’t distinguish between routing tables and forwarding tables in the exam 

In the Internet, a router's routing table usually contains: the destination network and the IP address of the next router on the path to the destination network. Neither the source host nor the intermediate routers know the complete path that the IP packet needs to take to reach the destination host.

SDN (Software Defined Networking)

The main tasks of the network layer are forwarding and routing. The network layer can be abstractly divided into the data plane (also called the forwarding layer) and the control plane. Forwardingisdata planefunctions implemented, whileroutingis thecontrol planeFunction implemented.

In the traditional Internet, each router has both a forwarding table and routing software. In the SDN structure, routers have become simpler, and itsrouting software has No is needed, so routers no longer exchange routing information with each other.

Advantages of SDN:

• ①Global centralized control and distributed high-speed forwarding are conducive to global optimization of the control plane and high-performance network forwarding.
• ②FlexibleProgrammableWith performance balancing, control and forwarding functions separated, the network can be programmed by proprietary automation tools mode configuration.
• ③Reduce costs. After the control and data planes are separated, especially after using open interface protocols, network equipment can be integrated. Manufacturing is separated from the development of functional software, effectively reducing costs.

Problems with SDN:

• ① Security risks. Centralized management is vulnerable to attacks. If it crashes, the entire network will be affected.
• ② Bottleneck problem. After the originally distributed control plane is centralized, as the network scale expands, the controller may become the bottleneck of network performance.​ 

East-West, North-South interface: 

1. For upper-layer applicationdevelopers, the programming interface provided by SDN is callednorthbound interface a>, provides API.
2. SDNController and forwarding deviceThe interface for establishing a two-way session is calledsouthbound interface,< /span>Through different southbound interface protocols (such as Openflow), the SDN controller can be compatible with different hardware devices and can implement upper-layer application logic in the device.
3. The communication interface between SDN controller clusterbetween controllers is calledeast-west interface< /span>, used to enhance the reliability and scalability of the entire control plane. 

congestion control

• The phenomenon of network performance degradation caused by excessive packets is called congestion.​ 
• NetworkThe increase in load, the throughput of the networkis significantly less thannormal throughput, then the network may have entered the "Mild congestion" state;
• If the network'sthroughputdecreases as the network loadincreases , then the network may have entered thecongestion state;
• If the load on the network continues to increase and the throughput of the network drops to zero, the network may have entered a deadlock state.​ 

The difference between flow control and congestion control: Flow control often refers to the control of point-to-point traffic between the sending end and the receiving end. What flow control does is to suppress the rate at which the sending end sends data so that the receiving end has time to receive it. Congestion control must ensure that the communication subnet can transmit the data to be transmitted. It is a global problem involving all hosts, routers and causes in the network. All factors that reduce network transmission capacity.

There are two methods of congestion control:

1) Open-loop control. When designing the network, consider factors related to congestion in advance, and strive to avoid congestion when the network is working. This is a static prevention method that once the entire system is up and running, no modifications are needed midway.

2) Closed-loop control. Do not consider in advance various factors related to congestion, and use a monitoring network system to monitor, which is a dynamic method

routing algorithm

Static routing algorithm (also known as non-adaptive routing algorithm). Manually modify the relevant static routing information in the routing table. For simple, small networks, static routing can be used.

Dynamic routing algorithm (also known as adaptive routing algorithm). It means that the routing table entries on the router are optimized by exchanging information between interconnected routers and then according to a certain algorithm. This routing information will be continuously updated within a certain time gap to adapt to the changing network and be available at any time. Optimal pathfinding effect.

The static routing algorithm is characterized by simplicity and low overhead, and works well in small networks with little topological changes. Dynamic routing algorithms can improve network performance and help flow control; however, the algorithm is complex and will increase the burden on the network. Sometimes it responds too quickly to dynamic changes, causing oscillations, or responds too slowly, affecting the consistency of network routing. Therefore, dynamic routing algorithms must be carefully designed to take advantage of them.

Commonly used dynamic routing algorithms can be divided into two categories:

 The distance-vector routing algorithm (RIP) only knows the physical connection of adjacent neighbors and link costs. "Good news travels fast, but bad news travels slowly." When routing information changes, the change does not change. It can be known by all routers in time, but it is still possible to pass between routers. This is the phenomenon of "slow convergence". Slow convergence is the root cause of routing loops.

Link state routing algorithm (OSPF) has complete network topology information and uses Dijkstra's algorithm

hierarchical routing 

When the network scale expands, the routing table of the router increases proportionally. This not only consumes more and more router buffer space, but also requires more CPU time to scan routing tables and more bandwidth to exchange routing status information. Therefore routing must be done in a hierarchical manner.  Divided into many autonomous systems (may include multiple LANs)

1) The routing protocol used within an autonomous system is calledInterior Gateway Protocol (IGP), also called intra-domain routing, Specific protocols includeRIP and OSPF etc.

2) The routing protocol used between autonomous systems is calledExternal Gateway Protocol (EGP), also known as inter-domain routing , used to exchange routing information between routers in different autonomous systems, and is responsible for selecting the optimal path for packets between different autonomous systems. The specific protocols areBGP.

IPv4

IP is a connectionless service

IPv4 grouping

Format 

1) version. Refers to the version of the IP protocol. The currently widely used version number is 4.

2) Header length. Occupying 4 digits, the maximum decimal number that can be represented is 15. In 32-bit units (4B) , the maximum value is 60B (15×4B). The most commonly used header length is 20B, when no options (i.e. optional fields) are used. 

3) Total length. Occupies 16 positions. Refers to the length of the sum of the header and data, in bytes (1B), so the maximum length of the datagram is 216-1=65535B.

4) Logo. Occupies 16 positions.

5) Logo. Occupies 3 places.

• The lowest bit of the flag field isMF, MF=1 indicates that there are more fragments later, MF=0 indicates the last fragment< /span>
• The middle bit of the flag field isDF, and fragmentation is only allowed when DF=0

6) Slice offset. Occupying 13 positions. The slice offset is in 8-byte offset units. Except for the last fragment, the length of each fragment must be an integer multiple of 8B. 

7) Time to Live (TTL). Occupies 8 positions. Make sure packets don't loop around the network forever. The router decrements the TTL by 1 before forwarding the packet. If the TTL is reduced to 0, the packet must be discarded.

8) Agreement. Occupies 8 positions. Indicates which protocol is used for the data carried by this packet, where a value of 6 indicates TCP and a value of 17 indicates UDP.

9) Header checksum. Occupies 16 positions. The header checksum only checks the header of the packet, not the data part.

10) Source address field. Occupies 4B and identifies the IP address of the sender.

11) Destination address field. Occupies 4B and identifies the IP address of the recipient.

Why only the packet header is checked and not the data part?

1. The part outside the IP packet header belongs to high-level data and has corresponding check fields.

2. Every time it passes through a router, the IP packet header changes, but the data part does not change. It is reasonable to set the header checksum to only verify the changed part, which can reduce the router's processing time for each received packet and improve the router's operating efficiency.

IP datagram fragmentation 

[2021 Unified Examination Real Questions] If the router forwards an IP datagram with a total length of 1580B (header length is 20B) to a link with MTU=800B, it is fragmented, and each fragment is as large as possible, then the second The values ​​of the total length field and MF flag of the fragment are (B) respectively.

D. 800,1    C.800,0    B.796,1    A.796.0 

Note: Each fragment has a header20B, plus the data part, it cannot exceed 800B. Each fragment Thedata part must be an integer multiple of8

Shard 1: 20+776 =796<800

Shard 2: 20+776

Shard three: 20+8B

IPV4 and NAT 

IPv4 address 

Pictures in the Book of Kings

Remember a few special IPs

• The host number is all 0 to represent the network itself, such as 202.98.174.0.
• The host number is all 1, indicating the broadcast address of this network, also known as the direct broadcast address, such as 202.98.174.255.
• 127.×.×.× is reserved as the loopback self-test (Loopback Test) address. This address represents any host itself. IP datagrams whose destination address is the loopback address will never appear on any network.
• The 32 bits are all 0, that is, 0.0.0.0 represents this host on this network. Can be used as the source address, but not the destination address[2017 real question]
• All 32 bits are 1, that is, 255.255.255.255 represents the broadcast address of the entire TCP/IP network, also known as the restricted broadcast address. In actual use, due to the isolation of the broadcast domain by the router, 255.255.255.255 is equivalent to the broadcast address of this network.

Network Address Translation (NAT)

Convert private network address to public address

For network security, a private IP address is provided (can only be used for LAN, not WAN)

This effectively solves the problem of insufficient IP addresses. (But it’s still basically IPV6)

The private IP address network segment is as follows:

• Class A: 1 Class A network segment, that is, 10.0.0.0~10.255.255.255.
• Class B: 16 Class B network segments, namely 172.16.0.0~172.31.255.255.
• Class C: 256 Class C network segments, namely 192.168.0.0~192.168.255.255.

The source IP and source interface do not correspond, select C.

Subnetting, subnet mask, CIDR

Subnetting

• Subnetting is purely an internal matter within an organization. The unit still appears to the outside world as a network without subnets.
• IP address={<Network ID>,<Subnet ID>, <Host ID>}.
• Any IP datagram sent from other networks to a host in this unit still first finds the router connected to the unit's network based on the destination network number of the IP datagram. Then after receiving the IP datagram, the router finds the destination subnet based on the destination network number and subnet number. Finally, the IP datagram is delivered directly to the destination host.

subnet mask

When the subnet mask is converted into binary, "1" is the network number and "0" is the host number. For example, the last nine digits of 255.255.254.0 are the host number.

When using subnet mask:

• 1) When setting the IP address information of a host, it must also set the subnet mask.
• 2) The corresponding ports of all hosts and routers belonging to the same subnet must be set to the same subnet mask.
• 3) In the routing table of the router, the main information contained is the destination network address, subnet mask, and next hop address.

CIDR (Classificationless Addressing)

like:

128.14.32.5/20 means taking the first twenty digits as the network number and the last twelve digits as the host number.

His mask is 20 "0" + 12 "1"

• The advantage of CIDR is the flexibility of network prefix length.
• Longest Prefix Match (Best Match): When using CIDR, each entry in the routing table consists of a "network prefix" and a "next hop address". You may get more than one match when looking up the routing table. In this case, the route with the longest network prefix should be selected from the matching results, because the longer the network prefix, the smaller the address block and therefore the more specific the route.
• CIDR routing table search method: In order to find the longest prefix match more efficiently, the routing table with unclassified addressing is usually stored in a hierarchical data structure, and then automaticallySearch from top to bottomby level. The most commonly used data structure here isbinary clue.
• Aggregation of small networks into large networks is calledroute aggregation or supernet
   

Among the following addresses, the address belonging to subnet 86.32.0.0/12 is (A).
A.86.33.224.123

B.86.79.65.126
C.86.79.65.216
D.86.68.206.154

86.32 dual system:86.00100000

86.33 dual system:86.00100001

The calculation time is mainly in the second block. Don't bother to change the first block to binary.

ARP, DHCP and ICMP

ARP:

Complete IP address to MAC address mapping (Address Resolution Protocol)

The host sends an IP datagram to host B, passing through 5 routers on the way. A total of (6) ARPs were used during this process.
 

The host first uses ARP to query the address of the router on this network, and then each router uses ARP to find the address of the next hop route
. A total of 4 ARPs are used from host A. Network's router reaches the router of Host B's network. Then, the router on the host B
network uses ARP to find host B, so a total of 1+4+1=6 ARPs are used.

Summary: Check your own network, check the target network, and count each intermediate route hop.

Dynamic Host Configuration Protocol (DHCP)

Dynamic Host Configuration Protocol (DHCP) is often used to dynamically assign IP addresses to hosts. It provides a plug-and-play networking mechanism that allows a computer to join new networks and Get an IP address without manual intervention. DHCP is an application layer protocol, which is based on UDP.
 

Internet Control Message Protocol (ICMP)

In order to increase the chance of successful delivery of IP datagrams, the Internet Control Message Protocol (ICMP) is used at the network layer to allow hosts or routers to report errors and exceptions. The ICMP message is the data of the IP layer datagram, and the header of the datagram is added to form an IP datagram and sent out. ICMP is a network layer protocol. There are two types of ICMP messages, namely ICMP error report message and ICMP query message. ICMP error report messages are used by the target host or the router on the path to the target host to report errors and exceptions to the source host. There are five commonly used types:

• The destination is unreachable
• source suppression
• time exceeded.
• Parameter problem.
• Change routing (redirect).
   

Several situations in which ICMP error report messages should not be sent are as follows:

• 1) No longer send ICMP error report messages for ICMP error report messages.
• 2) Do not send ICMP error report messages to all subsequent datagram fragments of the first fragmented datagram fragment (that is, only to the first one).
• 3) ICMP error report messages are not sent for datagrams with multicast (multicast, class D address) addresses.
• 4) ICMP error report messages are not sent for datagrams with special addresses (such as 127.0.0.0 or 0.0.0.0).

 There are 4 types of ICMP query messages:

• Return request and reply messages
• Timestamp request and reply messages
• Address mask request and reply messages
• Router query and advertisement messages

PING uses the echo request and reply messages in the ICMP query message.

IPv6 

The main features of IPv6 are as follows:

1) Larger address space. IPv6 increases the address size from IPv4's 32 bits to 128 bits (16B). The number of bytes in IPv6 (16B) is the square of the number of bytes in IPv4 (4B).

2) Extended address hierarchy.

3) Flexible header format.

4) Improved options.

5) Allow the protocol to continue to expand.

6)  Support plug-and-play (i.e. automatic configuration). No DHCP

7) Support pre-allocation of resources.

8) IPv6 can only be fragmented at the source node of the packet. It is end-to-end. Routers in the transmission path cannot fragment, so in a general sense, IPv6 Fragmentation is not allowed (route fragmentation like IPv4 is not allowed).

9)The IPv6 header length must be an integer multiple of 8B, while the IPv4 header length must be an integer multiple of 4B.

10) Increased security. Authentication and confidentiality functions are key features of IPv6.

Destination address of IP datagram:

1) Unicast. Unicast is traditional point-to-point communication.

2) Multicast. Multicast is point-to-multipoint communication in which packets are delivered to each computer in a group of computers.

3) Anycast. This is a type added by IPv6. The destination of anycast is a group of computers, but the datagram is delivered to only one of the computers, usually the closest computer.

IPv6 addresses can often be abbreviated to a more compact form. For example, you can put

4BF5:0000:0000:0000:BA5F:039A:000A:2176

Abbreviated

4BF5:0:0:0:BA5F:39A:A:2176

can be further abbreviated when there are consecutive 0 value ranges. These fields can be abbreviated with a double colon (::),The double colon notation can only appear once in an address, and finally ->4BF5:0:0:0:BA5F:39A :A:2176.

Transition from IPv4 to IPv6:

• Dual protocol stack
• Tunnel technology 

Dual protocol stack means that both IPv4 and IPv6 protocol stacks are installed on one device. Then this device can communicate with both IPv4 and IPv6 networks.

The key point of tunnel technology is to encapsulate the entire IPv6 datagram into the data part of the IPv4 datagram when the IPv6 datagram enters the IPv4 network, so that the IPv6 datagram appears to be transmitted in the tunnel of the IPv4 network.

The header length of IPv6 is fixed, so the header length field is not required. IPv6 cancels the checksum field, which speeds up the router's processing of datagrams.

Routing Protocol 

Interior gateway protocol: IGP (such as: RIP, OSPF)

External Gateway Protocol: EGP 

Transmitting by UDP means to use the information as the data part of the UDP message, and directly using IP datagram to transmit means to use the information directly as the data part of the IP datagram.​ 

Functions of routing protocols:

• Obtain network topology information (exchange network status/path information)
• Choose the optimal path (Dijkstra's single-source shortest path algorithm...)
• Maintain routing tables (build, update, delete...)

RIP

Routing Information Protocol (RIP) is the first widely used protocol among Interior Gateway Protocols (IGP). RIP is a distributed distance vector-based routing protocol, and its greatest advantage is simplicity.​ 

Features of RIP:

1. Distance-vector based interior gateway protocol
2. Distance: number of hops (up to 15 hops, a distance of 16 means unreachable)
3. RIP broadcasts all the information it knows every 30 seconds
4. Keep up with neighboring routers to exchange information 
5. Only suitable for small networks
6. The maximum distance is 15, 16 means unreachable
7. Slow convergence phenomenon, commonly known as bad news travels slowly
8. Application layer protocol, using UDP to transmit data

OSPF

Open Shortest Path First protocol osPF (Open Shortest Path First) is an interior gateway protocol based on link status. When the link status of adjacent routes changes, it uses the flooding method to send the information to all routers in the AS (autonomous system).

OSPF five grouping types:

Hello grouping is used to discover and maintain the reachability of neighboring stations.

The Database Description group provides summary information of all link status items in its own link status database to neighboring stations.

Link State Request group, requesting the other party to send detailed information of certain link state items.

Link State Update (Link State Update) group uses the flooding method to update the link status of the entire network. This grouping is the most complex and the core part of the OSPF protocol. Routers use this packet to notify neighboring stations of their link status.

Link State Acknowledgment packet, acknowledgment of link update packet.​ 

Features of ospf: 

1. Network layer protocol, directly transmitted using IP datagrams
2. flood method
3. The information sent is the link status of all routers adjacent to this router.
4. Convergence is fast and very flexible
5. Use Dijkstra's shortest path algorithm to calculate the optimal path from yourself to each destination network to construct your own routing table
6. Capable of being used on large-scale networks

OSPF subdivides an autonomous system into several smaller ranges, called areas. The advantage of dividing areas is that the scope of exchanging link status information using the flooding method is limited to each area instead of the entire autonomous system, which reduces the communication volume on the entire network. The upper-layer domain is called the backbone area and is responsible for connecting other lower-layer areas and other autonomous domains.

Border Gateway Protocol BGP

Features of BGP: 

1) The number of nodes that BGP exchanges routing information is the order of magnitude of autonomous systems, is much smaller than the number of networks in these autonomous systems.

2) The number of BGP speakers (or border routers) in each autonomous system is very small. This prevents routing between autonomous systems from being overly complex.

3) BGP supports CIDR, so the BGP routing table should include the destination network prefix, next-hop router, and the sequence of autonomous systems to reach the destination network.

4) When BGP first runs, BGP neighbors exchange the entire BGP routing table, but in the future, only the changed parts need to be updated when changes occur. Doing so is beneficial tosaving network bandwidth and reducing router processing overhead.

Four types of BGP messages:

1.Open open the message

3.Keepalive message

2.Update message

4.Notification notification message 

IP multicast

Unicast: point-to-point

Multicast: point-to-many (multicast must be applied to UDP)

IP multicast address

IP multicast uses Class D addresses. The first four digits of Class D are: 1110, so the range is 224.0.0.0~239.255.255.255

The difference between multicast datagrams and general IP datagrams is that the former uses a Class D IP address as the destination address, and the protocol field value in the header is 2, indicating the use of IGMP. It should be noted that: 1) Multicast datagrams are also "best effort delivery" and do not provide reliable delivery. 2) The multicast address can only be used for the destination address, not the source address. 3) No ICMP error messages are generated for multicast datagrams. Therefore, if you type the multicast address after the PING command, you will never receive a response. 4)Not all Class D addresses can be used as multicast addresses.

Mapping relationship between Class D IP address and Ethernet multicast address:

IGMP

To make the router know the information of multicast group members, you need to use Internet Group Management Protocol (Internet Group Management Protocol, IGMP).

IGMP should be regarded as an integral part of the Internet Protocol IP, and its work can be divided into two stages.

Phase 1: When a host joins a new multicast group, the host should send an IGMP message to the multicast group's multicast address to declare that it wants to become a member of the group. After receiving the IGMP message, the local multicast router forwards the group membership to other multicast routers on the Internet.

Phase 2: Because group membership is dynamic, the local multicast router periodically polls the hosts on the local LAN to know whether these hosts continue to be members of the group. As long as one host responds to a group, the multicast router considers the group to be active. However, if a group still does not receive a response from a host after several inquiries, the membership of the group will no longer be forwarded to other multicast routers.

Multicast routing algorithm 

Multicast routing selection is actually to find the multicast forwarding tree with the source host as the root node, in which each group Transmitted only once on each link (i.e. routers on the multicast forwarding tree will not receive duplicate multicast datagrams). Different multicast groups correspond to different multicast forwarding trees; the same multicast group will also have different multicast forwarding trees for different source points.

Three routing algorithms: the first is link state-based routing; the second is distance-vector based routing; the third can be built on top of any router protocol, so it is called protocol-independent multicast ( PIM).​ 

When designing multicast routing, in order to avoid routing loops, a multicast forwarding tree is constructed.  

Mobile IP

Mobile IP technology enables mobile nodes (computers/servers, etc.) to use fixed network IP addresses to implement roaming functions across different network segments, and ensures that network permissions based on network IP do not change in any way during the roaming process.

Mobile node A mobile device with a permanent IP address.

Home Agent (Local Agent) The permanent "residence" of a mobile node is called the home network. The entity that performs mobility management functions on behalf of the mobile node in the home network is called the home agent.

Permanent address (home address/primary address) The original address of the mobile site in the home network.

External agent (foreign agent) The entity that helps the mobile node complete the mobility management function in the external network is called an external agent.

The care-of address (secondary address) can be the address of an external agent or a dynamically configured address.

Network layer equipment 

Repeater~hub: cannot isolate broadcast domain, nor can it isolate collision domain

Switch~Bridge: Can isolate conflict domains, but cannot isolate broadcast domains

Router: can isolate conflict domains and broadcast domains

routing structure

Speed ​​comparison of switches, bridges and routers: 

Each port of the hub has a transceiver function. When a port receives a signal, it immediately forwards it to all other ports, so its transmission delay is minimal. In terms of order of magnitude, the LAN switch is tens of us, the bridge is hundreds of us, and the router is thousands of us. 

To set a default route in the routing table, its destination address and subnet mask should be set to (C) respectively.

A. 192.168.1.1、255.255.255.0

B. 127.0.0.0、255.0.0.0

C. 0.0.0.0、0.0.0.0

D. 0.0.0.0、 255.255.255.255

Regarding direct delivery and indirect delivery:

 Routing is divided into direct delivery and indirect delivery

Indirect delivery involves direct delivery

Direct delivery, no router involved

When delivered directly, the two machines are on the same physical network segment

A, B delivered directly

C is delivered indirectly to A and B

Those two things in the middle are routers