Advanced Networking
Advanced Networking
Advanced Networking
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Advanced</strong> <strong>Networking</strong><br />
Laurent Toutain<br />
April 16, 2011
Hypertext Symbols<br />
<br />
Several symbols are used in this document:<br />
•<br />
All RFC and Internet Draft are hypertext links.<br />
− Check that there is no more recent version of the document.<br />
<br />
•<br />
is a link to a Techniques de l’Ingénieur article on the<br />
subject (in french).<br />
•<br />
is a link to the online edition of IPv6 Théorie et Pratique<br />
(in french)<br />
•<br />
is a link to other information on the web.<br />
Material concerning IPv6 are taken from the G6 tutorial and<br />
copyrighted from G6.<br />
Slide 2 Laurent Toutain Filière 2
Concepts<br />
Datagram
IP Layer<br />
Concepts ◮ Datagram<br />
<br />
<br />
<br />
<br />
IP is kept simple<br />
•<br />
Forwards packet towards destination<br />
IP on everything<br />
•<br />
Adapt IP protocol on every layer 2<br />
Everything on IP<br />
•<br />
write application to use IP layer<br />
(through L4: TCP, UDP)<br />
IP must facilitate network<br />
interconnection<br />
•<br />
Avoid ambiguities on addresses<br />
http://www.ietf.org/proceedings/01aug/slides/plenary-1/index.html Steve deering, Watching the Waist of the<br />
Protocol Hourglass, IETF 51, London<br />
Slide 4 Laurent Toutain Filière 2
Destination Address Processing<br />
Concepts ◮ Datagram<br />
IPv4 Header<br />
The destination address must be easily<br />
accessible:<br />
Source Address<br />
Destination Address<br />
<br />
<br />
<br />
Fixed location<br />
Fixed size<br />
Aligment in memory<br />
Data<br />
RFC 791 (Sept 1981)<br />
Addresses are fixed length of four<br />
octets (32 bits)<br />
Slide 5 Laurent Toutain Filière 2
Destination Address Processing<br />
Concepts ◮ Datagram<br />
IPv4 Header<br />
The destination address must be easily<br />
accessible:<br />
Source Address<br />
Destination Address<br />
<br />
<br />
<br />
Fixed location<br />
Fixed size<br />
Aligment in memory<br />
Data<br />
RFC 791 (Sept 1981)<br />
Addresses are fixed length of four<br />
octets (32 bits)<br />
Slide 5 Laurent Toutain Filière 2
Destination Address Processing<br />
Concepts ◮ Datagram<br />
IPv4 Header<br />
The destination address must be easily<br />
accessible:<br />
Source Address<br />
Destination Address<br />
<br />
<br />
<br />
Fixed location<br />
Fixed size<br />
Aligment in memory<br />
Data<br />
RFC 791 (Sept 1981)<br />
Addresses are fixed length of four<br />
octets (32 bits)<br />
Slide 5 Laurent Toutain Filière 2
Destination Address Processing<br />
Concepts ◮ Datagram<br />
IPv4 Header<br />
The destination address must be easily<br />
accessible:<br />
Source Address<br />
Destination Address<br />
<br />
<br />
<br />
Fixed location<br />
Fixed size<br />
Aligment in memory<br />
Data<br />
RFC 791 (Sept 1981)<br />
Addresses are fixed length of four<br />
octets (32 bits)<br />
Slide 5 Laurent Toutain Filière 2
Destination Address Processing<br />
Concepts ◮ Datagram<br />
IPv4 Header<br />
The destination address must be easily<br />
accessible:<br />
Source Address<br />
Destination Address<br />
<br />
<br />
<br />
Fixed location<br />
Fixed size<br />
Aligment in memory<br />
Data<br />
RFC 791 (Sept 1981)<br />
Addresses are fixed length of four<br />
octets (32 bits)<br />
Slide 5 Laurent Toutain Filière 2
Facts on Addresses<br />
Historical view
Historical facts<br />
Facts on Addresses ◮ Historical view<br />
<br />
<br />
<br />
1983 : Research network for about 100 computers<br />
1992 : Commercial activity<br />
•<br />
Exponential growth<br />
1993 : Exhaustion of the class B address space<br />
•<br />
Allocation in the class C space<br />
•<br />
Require more information in routers memory<br />
<br />
Forecast of network collapse for 1998!<br />
•<br />
1999 : Bob Metcalfe ate his Infoworld 1995 paper where he<br />
made this prediction<br />
Slide 7 Laurent Toutain Filière 2
Facts on Addresses<br />
Emergency Measures
Emergency Measures: Better Addresses<br />
Management<br />
Facts on Addresses ◮ Emergency Measures<br />
RFC 1517 - RFC 1520 (Sept 1993)<br />
<br />
<br />
<br />
Ask the internet community to give back allocated prefixes<br />
(RFC 1917)<br />
Re-use class C address space<br />
CIDR (Classless Internet Domain Routing)<br />
•<br />
network address = prefix/prefix length<br />
•<br />
less address waste<br />
•<br />
recommend aggregation (reduce routing table length)<br />
<br />
Introduce private prefixes (RFC 1918)<br />
Slide 9 Laurent Toutain Filière 2
Facts on Addresses<br />
NAT
Emergency Measures: Private Addresses<br />
(RFC 1918 BCP)<br />
Facts on Addresses ◮ NAT<br />
<br />
<br />
<br />
<br />
<br />
Allow private addressing plans<br />
Addresses are used internally<br />
Similar to security architecture with firewalls<br />
Use of proxies or NAT to go outside<br />
•<br />
RFC 1631, RFC 2663 and RFC 2993<br />
NAPT is the most commonly used of NAT variations<br />
Slide 11 Laurent Toutain Filière 2
How NAT with Port Translation Works<br />
Facts on Addresses ◮ NAT<br />
128.1.2.3<br />
10.0.0.1<br />
192.1.1.1<br />
NAT<br />
Slide 12 Laurent Toutain Filière 2
How NAT with Port Translation Works<br />
Facts on Addresses ◮ NAT<br />
128.1.2.3<br />
10.0.0.1-> 128.1.2.3 : 1234 -> 80<br />
10.0.0.1<br />
192.1.1.1<br />
NAT<br />
Slide 12 Laurent Toutain Filière 2
How NAT with Port Translation Works<br />
Facts on Addresses ◮ NAT<br />
128.1.2.3<br />
10.0.0.1-> 128.1.2.3 : 1234 -> 80<br />
10.0.0.1<br />
192.1.1.1<br />
NAT<br />
7890 : 10.0.0.1 & 1234<br />
Slide 12 Laurent Toutain Filière 2
How NAT with Port Translation Works<br />
Facts on Addresses ◮ NAT<br />
10.0.0.1-> 128.1.2.3 : 1234 -> 80<br />
128.1.2.3<br />
192.1.1.1 -> 128.1.2.3 : 7890 -> 80<br />
10.0.0.1<br />
192.1.1.1<br />
NAT<br />
7890 : 10.0.0.1 & 1234<br />
Slide 12 Laurent Toutain Filière 2
How NAT with Port Translation Works<br />
Facts on Addresses ◮ NAT<br />
10.0.0.1-> 128.1.2.3 : 1234 -> 80<br />
128.1.2.3<br />
192.1.1.1 -> 128.1.2.3 : 7890 -> 80<br />
10.0.0.1<br />
128.1.2.3 -> 192.1.1.1: 80-> 7890<br />
192.1.1.1<br />
NAT<br />
7890 : 10.0.0.1 & 1234<br />
Slide 12 Laurent Toutain Filière 2
How NAT with Port Translation Works<br />
Facts on Addresses ◮ NAT<br />
10.0.0.1-> 128.1.2.3 : 1234 -> 80<br />
128.1.2.3<br />
192.1.1.1 -> 128.1.2.3 : 7890 -> 80<br />
10.0.0.1<br />
128.1.2.3 -> 192.1.1.1: 80-> 7890<br />
192.1.1.1<br />
NAT<br />
128.1.2.3 -> 10.0.0.1 : 80 ->1234<br />
7890 : 10.0.0.1 & 1234<br />
Slide 12 Laurent Toutain Filière 2
NAT Impact<br />
Facts on Addresses ◮ NAT<br />
first consequence<br />
The application does not know its public name.<br />
second consequence<br />
It is difficult to contact a NATed equipment from outside<br />
<br />
<br />
Security feeling<br />
Solutions for NAT traversal exist<br />
third consequence<br />
There is no standardized behavior for NAT yet<br />
Slide 13 Laurent Toutain Filière 2
Conic NAT<br />
Facts on Addresses ◮ NAT<br />
128.1.2.3<br />
10.0.0.1<br />
192.1.1.1<br />
NAT<br />
7890 : 10.0.0.1 & 1234<br />
200.9.9.9<br />
200.9.9.9 -> 192.1.1.1: 123-> 7890<br />
Slide 14 Laurent Toutain Filière 2
Conic NAT<br />
Facts on Addresses ◮ NAT<br />
128.1.2.3<br />
200.9.9.9 -> 10.0.0.1 : 123 ->1234<br />
10.0.0.1<br />
192.1.1.1<br />
NAT<br />
7890 : 10.0.0.1 & 1234<br />
200.9.9.9<br />
200.9.9.9 -> 192.1.1.1: 123-> 7890<br />
Slide 14 Laurent Toutain Filière 2
Restricted NAT<br />
Facts on Addresses ◮ NAT<br />
128.1.2.3<br />
10.0.0.1<br />
192.1.1.1<br />
NAT<br />
123.1.2.3 & 7890 : 10.0.0.1 & 1234<br />
200.9.9.9<br />
200.9.9.9 -> 192.1.1.1: 123-> 7890<br />
Slide 15 Laurent Toutain Filière 2
Restricted NAT<br />
Facts on Addresses ◮ NAT<br />
128.1.2.3<br />
10.0.0.1<br />
192.1.1.1<br />
NAT<br />
123.1.2.3 & 7890 : 10.0.0.1 & 1234<br />
200.9.9.9<br />
200.9.9.9 -> 192.1.1.1: BLOCKED<br />
123-> 7890<br />
Slide 15 Laurent Toutain Filière 2
NAT Traversal and Peer To Peer<br />
Facts on Addresses ◮ NAT<br />
Bart Simpson : 128.1.2.3<br />
Slide 16 Laurent Toutain Filière 2
NAT Traversal and Peer To Peer<br />
Facts on Addresses ◮ NAT<br />
Super Nodes<br />
Bart Simpson : 128.1.2.3<br />
Slide 16 Laurent Toutain Filière 2
NAT Traversal and Peer To Peer<br />
Facts on Addresses ◮ NAT<br />
Super Nodes<br />
Register Register<br />
Register<br />
Bart Simpson : 128.1.2.3<br />
Slide 16 Laurent Toutain Filière 2
NAT Traversal and Peer To Peer<br />
Facts on Addresses ◮ NAT<br />
Super Nodes<br />
Where is Bart Simpson<br />
Don’t know<br />
Register Register<br />
Register<br />
Bart Simpson : 128.1.2.3<br />
Slide 16 Laurent Toutain Filière 2
NAT Traversal and Peer To Peer<br />
Facts on Addresses ◮ NAT<br />
Super Nodes<br />
Where is Bart Simpson<br />
128.1.2.3<br />
Register Register<br />
Register<br />
Bart Simpson : 128.1.2.3<br />
Slide 16 Laurent Toutain Filière 2
NAT Traversal and Peer To Peer<br />
Facts on Addresses ◮ NAT<br />
Where is Bart Simpson<br />
128.1.2.3<br />
Register Register<br />
Register<br />
Bart Simpson : 128.1.2.3<br />
Slide 16 Laurent Toutain Filière 2
NAT Traversal and Peer To Peer<br />
Facts on Addresses ◮ NAT<br />
192.1.1.1<br />
NAT<br />
Bart Simpson : 10.0.0.1<br />
Register<br />
Slide 17 Laurent Toutain Filière 2
NAT Traversal and Peer To Peer<br />
Facts on Addresses ◮ NAT<br />
Where is Bart Simpson<br />
192.1.1.1<br />
NAT<br />
Bart Simpson : 10.0.0.1<br />
10.0.0.1<br />
Register<br />
Slide 17 Laurent Toutain Filière 2
NAT Traversal and Peer To Peer<br />
Facts on Addresses ◮ NAT<br />
<br />
Where is Bart Simpson<br />
192.1.1.1<br />
NAT<br />
Bart Simpson : 10.0.0.1<br />
10.0.0.1<br />
Register<br />
Slide 17 Laurent Toutain Filière 2
NAT Traversal and Peer To Peer<br />
Facts on Addresses ◮ NAT<br />
<br />
Where is Bart Simpson<br />
192.1.1.1<br />
NAT<br />
Bart Simpson : 10.0.0.1<br />
10.0.0.1<br />
Register<br />
Take IP header address 192.1.1.1<br />
Slide 17 Laurent Toutain Filière 2
NAT Traversal and Peer To Peer<br />
Facts on Addresses ◮ NAT<br />
Where is Bart Simpson<br />
192.1.1.1<br />
NAT<br />
Bart Simpson : 10.0.0.1<br />
192.1.1.1<br />
Register<br />
Take IP header address 192.1.1.1<br />
Slide 17 Laurent Toutain Filière 2
NAT Traversal and Peer To Peer<br />
Facts on Addresses ◮ NAT<br />
Where is Bart Simpson<br />
192.1.1.1<br />
NAT<br />
Bart Simpson : 10.0.0.1<br />
192.1.1.1<br />
Register<br />
Take IP header address 192.1.1.1<br />
Slide 17 Laurent Toutain Filière 2
NAT Traversal and Peer To Peer<br />
Facts on Addresses ◮ NAT<br />
conic<br />
Where is Bart Simpson<br />
192.1.1.1<br />
NAT<br />
Bart Simpson : 10.0.0.1<br />
192.1.1.1<br />
Register<br />
Take IP header address 192.1.1.1<br />
Slide 17 Laurent Toutain Filière 2
NAT Traversal and Peer To Peer<br />
Facts on Addresses ◮ NAT<br />
Where is Bart Simpson<br />
192.1.1.1<br />
NAT<br />
Bart Simpson : 10.0.0.1<br />
192.1.1.1 (through proxy)<br />
Register<br />
Take IP header address 192.1.1.1<br />
Slide 17 Laurent Toutain Filière 2
NAT Traversal and Peer To Peer<br />
Facts on Addresses ◮ NAT<br />
Where is Bart Simpson<br />
192.1.1.1<br />
NAT<br />
Bart Simpson : 10.0.0.1<br />
192.1.1.1 (through proxy)<br />
Register<br />
restricted<br />
Take IP header address 192.1.1.1<br />
Slide 17 Laurent Toutain Filière 2
Facts on Addresses<br />
IPv4 routing table analysis
Core Network Routing Table<br />
Facts on Addresses ◮ IPv4 routing table analysis<br />
α/8<br />
α.15/16<br />
Regional Registry<br />
α.32/16<br />
IANA<br />
IPv4 address space<br />
Provider 1 Provider 2<br />
α.15.45/24 α.15.220/22<br />
α.32.123.192/26<br />
Customer 1 Customer 2 Customer 3<br />
Slide 19 Laurent Toutain Filière 2
Core Network Routing Table<br />
Facts on Addresses ◮ IPv4 routing table analysis<br />
Administrative part<br />
α/8<br />
α.15/16<br />
Regional Registry<br />
α.32/16<br />
IANA<br />
IPv4 address space<br />
Provider 1 Provider 2<br />
α.15.45/24 α.15.220/22<br />
α.32.123.192/26<br />
Customer 1 Customer 2 Customer 3<br />
Slide 19 Laurent Toutain Filière 2
Core Network Routing Table<br />
Facts on Addresses ◮ IPv4 routing table analysis<br />
Provider 1 Provider 2<br />
α.15.45/24 α.15.220/22<br />
α.32.123.192/26<br />
Customer 1 Customer 2 Customer 3<br />
Slide 19 Laurent Toutain Filière 2
Core Network Routing Table<br />
Facts on Addresses ◮ IPv4 routing table analysis<br />
Provider<br />
Provider<br />
Provider<br />
Provider<br />
Provider 1 Provider 2<br />
α.15.45/24 α.15.220/22<br />
α.32.123.192/26<br />
Customer 1 Customer 2 Customer 3<br />
Slide 19 Laurent Toutain Filière 2
Core Network Routing Table<br />
Facts on Addresses ◮ IPv4 routing table analysis<br />
Core Network (no default route)<br />
Provider<br />
Provider<br />
Provider<br />
Provider<br />
Provider 1 Provider 2<br />
α.15.45/24 α.15.220/22<br />
α.32.123.192/26<br />
Customer 1 Customer 2 Customer 3<br />
Slide 19 Laurent Toutain Filière 2
Core Network Routing Table<br />
Facts on Addresses ◮ IPv4 routing table analysis<br />
Provider<br />
BGP α.15/16<br />
BGP α.15/16<br />
Provider<br />
BGP α.15/16<br />
Provider<br />
BGP α.15/16<br />
Provider<br />
Provider 1 Provider 2<br />
α.15.45/24 α.15.220/22<br />
α.32.123.192/26<br />
Customer 1 Customer 2 Customer 3<br />
Slide 19 Laurent Toutain Filière 2
Access Provider Change: Difficult<br />
Facts on Addresses ◮ IPv4 routing table analysis<br />
α/8<br />
Regional Registry<br />
α.15/16<br />
α.32/16<br />
IANA<br />
IPv4 address space<br />
Provider 1 Provider 2<br />
α.15.45/24 α.15.220/22<br />
α.32.123.192/26<br />
Customer 1 Customer 2 Customer 3<br />
Slide 20 Laurent Toutain Filière 2
Access Provider Change: Difficult<br />
Facts on Addresses ◮ IPv4 routing table analysis<br />
α/8<br />
Regional Registry<br />
α.15/16<br />
α.32/16<br />
IANA<br />
IPv4 address space<br />
Provider 1 Provider 2<br />
α.15.45/24<br />
α.15.220/22<br />
α.32.123.192/26<br />
Customer 1 Customer 2 Customer 3<br />
Slide 20 Laurent Toutain Filière 2
Access Provider Change: Difficult<br />
Facts on Addresses ◮ IPv4 routing table analysis<br />
α/8<br />
Regional Registry<br />
α.15/16<br />
α.32/16<br />
IANA<br />
IPv4 address space<br />
Provider 1 Provider 2<br />
α.15.45/24<br />
α.15.220/22<br />
α.32.123.192/26<br />
Customer 1 Renumbering<br />
Customer 2 Customer 3<br />
Slide 20 Laurent Toutain Filière 2
Multi-homing: Difficult<br />
Facts on Addresses ◮ IPv4 routing table analysis<br />
α/8<br />
Regional Registry<br />
α.15/16<br />
α.32/16<br />
IANA<br />
IPv4 address space<br />
α.15.45/24<br />
Provider 1 Provider 2<br />
α.15.220/22<br />
α.32.123.192/26<br />
Customer 1 Customer 2 Customer 3<br />
Slide 21 Laurent Toutain Filière 2
Multi-homing: Difficult<br />
Facts on Addresses ◮ IPv4 routing table analysis<br />
α/8<br />
Regional Registry<br />
α.15/16<br />
α.32/16<br />
IANA<br />
IPv4 address space<br />
α.15.45/24<br />
Provider 1 Provider 2<br />
α.250.2/24<br />
α.32.123.192/26<br />
Customer 1 Customer 2 Customer 3<br />
Slide 21 Laurent Toutain Filière 2
Multi-homing: Difficult<br />
Facts on Addresses ◮ IPv4 routing table analysis<br />
α/8<br />
Regional Registry<br />
α.15/16<br />
α.32/16<br />
IANA<br />
IPv4 address space<br />
Provider 1 Provider 2<br />
agreement agreement<br />
α.15.45/24 α.250.2/24<br />
α.32.123.192/26<br />
Customer 1 Customer 2 Customer 3<br />
Slide 21 Laurent Toutain Filière 2
Prefix usage in Feb. 2010<br />
Facts on Addresses ◮ IPv4 routing table analysis<br />
http://www.cidr-report.org/as2.0<br />
Slide 22 Laurent Toutain Filière 2
Prefix usage in Feb. 2010<br />
Facts on Addresses ◮ IPv4 routing table analysis<br />
Linear Growth<br />
Internet Bubble<br />
http://www.cidr-report.org/as2.0<br />
Slide 22 Laurent Toutain Filière 2
Prefix<br />
Facts on Addresses ◮ IPv4 routing table analysis<br />
<br />
<br />
<br />
CIDR can be viewed as an extension of the netmask concept<br />
It is called classless since IP addresses are no longer<br />
interpreted as belonging to a given Class (A, B, C) based on<br />
the value of the 1-4 leading bits<br />
The prefix length must be added to the 32 bit word to<br />
indicate what is the network part.<br />
•<br />
Lookup complexity in the FIB (Forwarding Information Base)<br />
is increased:<br />
•<br />
Best prefix match rule<br />
Slide 23 Laurent Toutain Filière 2
Facts on Addresses<br />
Prefixes delegation
What Has Changed<br />
Facts on Addresses ◮ Prefixes delegation<br />
Classfull Addressing<br />
1. Ensure uniqueness<br />
2. Facilitate administrative allocation<br />
•<br />
One central entity<br />
Class-Less (CIDR)<br />
1. Facilitate administrative allocation (hierarchical)<br />
•<br />
Nowadays 5 regional entities<br />
2. Facilitate host location in the network<br />
3. Allocate the minimum pool of addresses<br />
Slide 25 Laurent Toutain Filière 2
What Has Changed<br />
Facts on Addresses ◮ Prefixes delegation<br />
Classfull Addressing<br />
1. Ensure uniqueness<br />
2. Facilitate administrative allocation<br />
•<br />
One central entity<br />
Class-Less (CIDR)<br />
1. Facilitate administrative allocation (hierarchical)<br />
•<br />
Nowadays 5 regional entities<br />
2. Facilitate host location in the network<br />
3. Allocate the minimum pool of addresses<br />
Slide 25 Laurent Toutain Filière 2
What Has Changed<br />
Facts on Addresses ◮ Prefixes delegation<br />
Classfull Addressing<br />
1. Ensure uniqueness<br />
2. Facilitate administrative allocation<br />
•<br />
One central entity<br />
Class-Less (CIDR)<br />
1. Facilitate administrative allocation (hierarchical)<br />
•<br />
Nowadays 5 regional entities<br />
2. Facilitate host location in the network<br />
3. Allocate the minimum pool of addresses<br />
Slide 25 Laurent Toutain Filière 2
What Has Changed<br />
Facts on Addresses ◮ Prefixes delegation<br />
Classfull Addressing<br />
1. Ensure uniqueness<br />
2. Facilitate administrative allocation<br />
•<br />
One central entity<br />
Class-Less (CIDR)<br />
1. Facilitate administrative allocation (hierarchical)<br />
•<br />
Nowadays 5 regional entities<br />
2. Facilitate host location in the network<br />
3. Allocate the minimum pool of addresses<br />
Slide 25 Laurent Toutain Filière 2
What Has Changed<br />
Facts on Addresses ◮ Prefixes delegation<br />
Classfull Addressing<br />
1. Ensure uniqueness<br />
2. Facilitate administrative allocation<br />
•<br />
One central entity<br />
Class-Less (CIDR)<br />
1. Facilitate administrative allocation (hierarchical)<br />
•<br />
Nowadays 5 regional entities<br />
2. Facilitate host location in the network<br />
3. Allocate the minimum pool of addresses<br />
Slide 25 Laurent Toutain Filière 2
Addresses versus Packet Format<br />
Facts on Addresses ◮ Prefixes delegation<br />
IPv4<br />
IPv6<br />
1980 1993 2013<br />
Classfull<br />
CIDR<br />
<br />
Slide 26 Laurent Toutain Filière 2
CIDR Administrative Point of View<br />
Facts on Addresses ◮ Prefixes delegation<br />
<br />
<br />
<br />
A hierarchy of administrative registries<br />
•<br />
IANA/ICANN at the top<br />
5 Regional Internet Registries (RIR)<br />
•<br />
APNIC (Asia Pacific Network Information Centre)<br />
•<br />
ARIN (American Registry for Internet Numbers)<br />
•<br />
LACNIC (Regional Latin-American and Caribbean IP Address<br />
Registry)<br />
•<br />
RIPE NCC (Reseaux IP Europeens - Network Coordination<br />
Center)<br />
− Europe, Middle east.<br />
•<br />
AfriNIC (Africa)<br />
Providers get prefixes allocation from RIR<br />
Slide 27 Laurent Toutain Filière 2
RIR Regions<br />
Facts on Addresses ◮ Prefixes delegation<br />
Slide 28 Laurent Toutain Filière 2
Prefixes delegation<br />
Facts on Addresses ◮ Prefixes delegation<br />
Regional Registry<br />
IANA<br />
IPv4 address space<br />
Provider 1 Provider 2<br />
Customer 1 Customer 2 Customer 3<br />
http://www.iana.org/assignments/ipv4-address-space for allocated blocks<br />
Slide 29 Laurent Toutain Filière 2
Prefixes delegation<br />
Facts on Addresses ◮ Prefixes delegation<br />
α/8<br />
Regional Registry<br />
IANA<br />
IPv4 address space<br />
Provider 1 Provider 2<br />
Customer 1 Customer 2 Customer 3<br />
http://www.iana.org/assignments/ipv4-address-space for allocated blocks<br />
Slide 29 Laurent Toutain Filière 2
Prefixes delegation<br />
Facts on Addresses ◮ Prefixes delegation<br />
α/8<br />
Regional Registry<br />
α.15/16<br />
α.32/16<br />
IANA<br />
IPv4 address space<br />
Provider 1 Provider 2<br />
Customer 1 Customer 2 Customer 3<br />
http://www.iana.org/assignments/ipv4-address-space for allocated blocks<br />
Slide 29 Laurent Toutain Filière 2
Prefixes delegation<br />
Facts on Addresses ◮ Prefixes delegation<br />
α/8<br />
Regional Registry<br />
α.15/16<br />
α.32/16<br />
IANA<br />
IPv4 address space<br />
α.15.45/24<br />
Provider 1 Provider 2<br />
α.15.220/22<br />
α.32.123.192/26<br />
Customer 1 Customer 2 Customer 3<br />
http://www.iana.org/assignments/ipv4-address-space for allocated blocks<br />
Slide 29 Laurent Toutain Filière 2
Prefix usage in May. 2010<br />
Facts on Addresses ◮ Prefixes delegation<br />
http://www.potaroo.net/tools/ipv4/<br />
Slide 30 Laurent Toutain Filière 2
Prefix usage in May. 2010<br />
Facts on Addresses ◮ Prefixes delegation<br />
Projected IANA Unallocated Address Pool Exhaustion:<br />
Projected RIR Unallocated Address Pool Exhaustion:<br />
09-Sep-2011<br />
07-Apr-2012<br />
http://www.potaroo.net/tools/ipv4/<br />
Slide 30 Laurent Toutain Filière 2
HD-Ratio<br />
Facts on Addresses ◮ Prefixes delegation<br />
<br />
How do define if a customer/provider needs more block <br />
<br />
<br />
In a hierarchical addressing plan every single prefix cannot be<br />
allocated<br />
High Density Ratio gives occupation of an addressing plan<br />
Definition [RFC 3194]<br />
log(number of allocated objects)<br />
HD =<br />
log (maximum number of allocatable objects)<br />
Current HD-Ratio is 0.95!<br />
Slide 31 Laurent Toutain Filière 2
Addresses<br />
Notation
IPv6 addresses<br />
Addresses ◮ Notation<br />
F2C:544:9E::2:EF8D:6B7 F692::<br />
A:1455::A:6E0 D:63:D::4:3A:55F B33:C::F2 7:5059:3D:C0::<br />
9D::9BAC:B8CA:893F:80 1E:DE2:4C83::4E:39:F35:C875 2:: A:FDE3:76:B4F:D9D:: D6::<br />
369F:9:F8:DBF::2 DD4:B45:1:C42F:BE6:75::<br />
9D7B:7184:EF::3FB:BF1A:D80 FE9::B:3<br />
EC:DB4:B:F:F11::E9:090 83:B9:08:B5:F:3F:AF:B84 E::35B:8572:7A3:FB2 99:F:9:8B76::BC9<br />
D64:07:F394::BDB:DF40:08EE:A79E AC:23:5D:78::233:84:8 F0D:F::F4EB:0F:5C7 E71:F577:ED:E:9DE8::<br />
B::3 1D3F:A0AA:: 70:8EA1::8:D5:81:2:F302 26::8880:7 93:: F::9:0 E:2:0:266B::<br />
763E:C:2E:1EB:F6:F4:14:16 E6:6:F4:B6:A888:979E:D78:09 9:754:5:90:0A78:A1A3:1:7 2:8::<br />
97B:C4::C36 A40:7:5:7E8F:0:32EC:9A:D0 8A52::575 D::4CB4:E:2BF:5485:8CE 07:5::41 6B::A9:C<br />
94FF:7B8::D9:51:26F 2::E:AE:ED:81 8241:: 5F97:: AD5B:259C:7DB8:24:58:552A:: 94:4:9FD:4:87E5::<br />
5A8:2FF:1::CC EA:8904:7C::<br />
7C::D6B7:A7:B0:8B DC:6C::34:89 6C:1::5 7B3:6780:4:B1::E586<br />
412:2:5E1:6DE5:5E3A:553:3:: 7F0:: B39::1:B77:DB 9D3:1F1:4B:3:B4E6:7681:09:D4A8 61:520::E0<br />
1:28E9:0:095:DF:F2:: 1B61:4::1DE:50A 34BC:99::E9:9EFB E:EF:: BDC:672A:F4C8:A1::4:7:9CB7<br />
C697:56AD:40:8:0::62<br />
Slide 33 Laurent Toutain Filière 2
Don’t Worry<br />
Addresses ◮ Notation<br />
Addresses are not random numbers, ... they are often easy to<br />
handle and even to remember<br />
Slide 34 Laurent Toutain Filière 2
Notation<br />
Addresses ◮ Notation<br />
<br />
<br />
Base format (a 16 byte Global IPv6 Address):<br />
•<br />
2001:0660:3003:0001:0000:0000:6543:210F<br />
Compact Format:<br />
2001:0660:3003:0001:0000:0000:6543:210F<br />
1. Remove 0 on the left of each word<br />
2. To avoid ambiguity, substitute ONLY one sequence of zeros<br />
by ::<br />
<br />
an IPv4 address may also appear : ::FFFF:123.12.34.56<br />
Warning:<br />
2001:660:3::/40 is in fact 2001:660:0003::/40 and not<br />
2001:660:0300::/40<br />
Slide 35 Laurent Toutain Filière 2
Notation<br />
Addresses ◮ Notation<br />
<br />
<br />
Base format (a 16 byte Global IPv6 Address):<br />
•<br />
2001:0660:3003:0001:0000:0000:6543:210F<br />
Compact Format:<br />
2001:0660:3003:0001:0000:0000:6543:210F<br />
1. Remove 0 on the left of each word<br />
2. To avoid ambiguity, substitute ONLY one sequence of zeros<br />
by ::<br />
<br />
an IPv4 address may also appear : ::FFFF:123.12.34.56<br />
Warning:<br />
2001:660:3::/40 is in fact 2001:660:0003::/40 and not<br />
2001:660:0300::/40<br />
Slide 35 Laurent Toutain Filière 2
Notation<br />
Addresses ◮ Notation<br />
<br />
<br />
Base format (a 16 byte Global IPv6 Address):<br />
•<br />
2001:0660:3003:0001:0000:0000:6543:210F<br />
Compact Format:<br />
2001:660:3003:1:0:0:6543:210F<br />
1. Remove 0 on the left of each word<br />
2. To avoid ambiguity, substitute ONLY one sequence of zeros<br />
by ::<br />
<br />
an IPv4 address may also appear : ::FFFF:123.12.34.56<br />
Warning:<br />
2001:660:3::/40 is in fact 2001:660:0003::/40 and not<br />
2001:660:0300::/40<br />
Slide 35 Laurent Toutain Filière 2
Notation<br />
Addresses ◮ Notation<br />
<br />
<br />
Base format (a 16 byte Global IPv6 Address):<br />
•<br />
2001:0660:3003:0001:0000:0000:6543:210F<br />
Compact Format:<br />
2001:660:3003:1:0:0:6543:210F<br />
1. Remove 0 on the left of each word<br />
2. To avoid ambiguity, substitute ONLY one sequence of zeros<br />
by ::<br />
<br />
an IPv4 address may also appear : ::FFFF:123.12.34.56<br />
Warning:<br />
2001:660:3::/40 is in fact 2001:660:0003::/40 and not<br />
2001:660:0300::/40<br />
Slide 35 Laurent Toutain Filière 2
Notation<br />
Addresses ◮ Notation<br />
<br />
<br />
Base format (a 16 byte Global IPv6 Address):<br />
•<br />
2001:0660:3003:0001:0000:0000:6543:210F<br />
Compact Format:<br />
2001:660:3003:1::6543:210F<br />
1. Remove 0 on the left of each word<br />
2. To avoid ambiguity, substitute ONLY one sequence of zeros<br />
by ::<br />
<br />
an IPv4 address may also appear : ::FFFF:123.12.34.56<br />
Warning:<br />
2001:660:3::/40 is in fact 2001:660:0003::/40 and not<br />
2001:660:0300::/40<br />
Slide 35 Laurent Toutain Filière 2
Notation<br />
Addresses ◮ Notation<br />
<br />
<br />
Base format (a 16 byte Global IPv6 Address):<br />
•<br />
2001:0660:3003:0001:0000:0000:6543:210F<br />
Compact Format:<br />
2001:660:3003:1::6543:210F<br />
1. Remove 0 on the left of each word<br />
2. To avoid ambiguity, substitute ONLY one sequence of zeros<br />
by ::<br />
<br />
an IPv4 address may also appear : ::FFFF:123.12.34.56<br />
Warning:<br />
2001:660:3::/40 is in fact 2001:660:0003::/40 and not<br />
2001:660:0300::/40<br />
Slide 35 Laurent Toutain Filière 2
Is it enough for the future <br />
Addresses ◮ Notation<br />
<br />
<br />
Address length<br />
•<br />
Between 1 564 and 3 911 873 538 269 506 102 addresses by m 2<br />
• 60 000 trillion trillion addresses per inhabitant of the earth<br />
• Addresses for every grain of sands in the world<br />
• IPv4: 6 addresses for US inhabitant, 1 for Europe, 0.01 for China,<br />
0.001 for India<br />
Justification of a fix address length<br />
Warning:<br />
<br />
<br />
An address for everything on the network and not an address<br />
for everything<br />
No addresses for whole life:<br />
•<br />
Depend of your position on the network<br />
•<br />
ISP Renumbering may be possible<br />
Slide 36 Laurent Toutain Filière 2
Is it enough for the future <br />
Addresses ◮ Notation<br />
<br />
<br />
Hop Limit:<br />
•<br />
Should not be a problem<br />
•<br />
Count the number of routers used to reach a destination.<br />
•<br />
Growth will be in-large more than in-depth<br />
Payload Length<br />
•<br />
64 KB is not a current hard limit<br />
•<br />
Ethernet is limited to 1.5 KB, evolution can use until 9KB.<br />
•<br />
Use Jumbogram for specific cases<br />
Slide 37 Laurent Toutain Filière 2
Addresses<br />
Addressing scheme
Addressing scheme<br />
Addresses ◮ Addressing scheme<br />
<br />
<br />
<br />
RFC 4291 defines current IPv6 addresses<br />
•<br />
loopback (::1)<br />
•<br />
link local (FE80::/10)<br />
•<br />
global unicast (2000::/3)<br />
•<br />
multicast (FF00::/8)<br />
Use CIDR principles:<br />
•<br />
Prefix / prefix length notation<br />
•<br />
2001:660:3003::/48<br />
•<br />
2001:660:3003:2:a00:20ff:fe18:964c/64<br />
Interfaces have several IPv6 addresses<br />
•<br />
at least a link local and a global unicast addresses<br />
Slide 39 Laurent Toutain Filière 2
Addresses<br />
Address Format
Addressing Space Utilization<br />
Addresses ◮ Address Format<br />
0000::/8 Reserved by IETF [RFC4291]<br />
0100::/8 Reserved by IETF [RFC4291]<br />
0200::/7 Reserved by IETF [RFC4048]<br />
0400::/6 Reserved by IETF [RFC4291]<br />
0800::/5 Reserved by IETF [RFC4291]<br />
1000::/4 Reserved by IETF [RFC4291]<br />
2000::/3 Global Unicast [RFC4291]<br />
4000::/3 Reserved by IETF [RFC4291]<br />
6000::/3 Reserved by IETF [RFC4291]<br />
8000::/3 Reserved by IETF [RFC4291]<br />
A000::/3 Reserved by IETF [RFC4291]<br />
C000::/3 Reserved by IETF [RFC4291]<br />
E000::/4 Reserved by IETF [RFC4291]<br />
F000::/5 Reserved by IETF [RFC4291]<br />
F800::/6 Reserved by IETF [RFC4291]<br />
FC00::/7 Unique Local Unicast [RFC4193]<br />
FE00::/9 Reserved by IETF [RFC4291]<br />
FE80::/10 Link Local Unicast [RFC4291]<br />
FEC0::/10 Reserved by IETF [RFC3879]<br />
FF00::/8 Multicast [RFC4291]<br />
http://www.iana.org/assignments/ipv6-address-space<br />
Slide 41 Laurent Toutain Filière 2
Addressing Space Utilization<br />
Addresses ◮ Address Format<br />
0000::/8 Reserved by IETF [RFC4291]<br />
0100::/8 Reserved by IETF [RFC4291]<br />
0200::/7 Reserved by IETF [RFC4048]<br />
0400::/6 Reserved by IETF [RFC4291]<br />
0800::/5 Reserved by IETF [RFC4291]<br />
1000::/4 Reserved by IETF [RFC4291]<br />
2000::/3 Global Unicast [RFC4291]<br />
4000::/3 Reserved by IETF [RFC4291]<br />
6000::/3 Reserved by IETF [RFC4291]<br />
8000::/3 Reserved by IETF [RFC4291]<br />
A000::/3 Reserved by IETF [RFC4291]<br />
C000::/3 Reserved by IETF [RFC4291]<br />
E000::/4 Reserved by IETF [RFC4291]<br />
F000::/5 Reserved by IETF [RFC4291]<br />
F800::/6 Reserved by IETF [RFC4291]<br />
FC00::/7 Unique Local Unicast [RFC4193]<br />
FE00::/9 Reserved by IETF [RFC4291]<br />
FE80::/10 Link Local Unicast [RFC4291]<br />
FEC0::/10 Reserved by IETF [RFC3879]<br />
FF00::/8 Multicast [RFC4291]<br />
http://www.iana.org/assignments/ipv6-address-space<br />
Slide 41 Laurent Toutain Filière 2
Addressing Space Utilization<br />
Addresses ◮ Address Format<br />
0000::/8 Reserved by IETF [RFC4291]<br />
0100::/8 Reserved by IETF [RFC4291]<br />
0200::/7 Reserved by IETF [RFC4048]<br />
0400::/6 Reserved by IETF [RFC4291]<br />
0800::/5 Reserved by IETF [RFC4291]<br />
1000::/4 Reserved by IETF [RFC4291]<br />
2000::/3 Global Unicast [RFC4291]<br />
4000::/3 Reserved by IETF [RFC4291]<br />
6000::/3 Reserved by IETF [RFC4291]<br />
8000::/3 Reserved by IETF [RFC4291]<br />
A000::/3 Reserved by IETF [RFC4291]<br />
C000::/3 Reserved by IETF [RFC4291]<br />
E000::/4 Reserved by IETF [RFC4291]<br />
F000::/5 Reserved by IETF [RFC4291]<br />
F800::/6 Reserved by IETF [RFC4291]<br />
FC00::/7 Unique Local Unicast [RFC4193]<br />
FE00::/9 Reserved by IETF [RFC4291]<br />
FE80::/10 Link Local Unicast [RFC4291]<br />
FEC0::/10 Reserved by IETF [RFC3879]<br />
FF00::/8 Multicast [RFC4291]<br />
http://www.iana.org/assignments/ipv6-address-space<br />
Slide 41 Laurent Toutain Filière 2
Addressing Space Utilization<br />
Addresses ◮ Address Format<br />
0000::/8 Reserved by IETF [RFC4291]<br />
0100::/8 Reserved by IETF [RFC4291]<br />
0200::/7 Reserved by IETF [RFC4048]<br />
0400::/6 Reserved by IETF [RFC4291]<br />
0800::/5 Reserved by IETF [RFC4291]<br />
1000::/4 Reserved by IETF [RFC4291]<br />
2000::/3 Global Unicast [RFC4291]<br />
4000::/3 Reserved by IETF [RFC4291]<br />
6000::/3 Reserved by IETF [RFC4291]<br />
8000::/3 Reserved by IETF [RFC4291]<br />
A000::/3 Reserved by IETF [RFC4291]<br />
C000::/3 Reserved by IETF [RFC4291]<br />
E000::/4 Reserved by IETF [RFC4291]<br />
F000::/5 Reserved by IETF [RFC4291]<br />
F800::/6 Reserved by IETF [RFC4291]<br />
FC00::/7 Unique Local Unicast [RFC4193]<br />
FE00::/9 Reserved by IETF [RFC4291]<br />
FE80::/10 Link Local Unicast [RFC4291]<br />
FEC0::/10 Reserved by IETF [RFC3879]<br />
FF00::/8 Multicast [RFC4291]<br />
http://www.iana.org/assignments/ipv6-address-space<br />
Slide 41 Laurent Toutain Filière 2
Addressing Space Utilization<br />
Addresses ◮ Address Format<br />
0000::/8 Reserved by IETF [RFC4291]<br />
0100::/8 Reserved by IETF [RFC4291]<br />
0200::/7 Reserved by IETF [RFC4048]<br />
0400::/6 Reserved by IETF [RFC4291]<br />
0800::/5 Reserved by IETF [RFC4291]<br />
1000::/4 Reserved by IETF [RFC4291]<br />
2000::/3 Global Unicast [RFC4291]<br />
4000::/3 Reserved by IETF [RFC4291]<br />
6000::/3 Reserved by IETF [RFC4291]<br />
8000::/3 Reserved by IETF [RFC4291]<br />
A000::/3 Reserved by IETF [RFC4291]<br />
C000::/3 Reserved by IETF [RFC4291]<br />
E000::/4 Reserved by IETF [RFC4291]<br />
F000::/5 Reserved by IETF [RFC4291]<br />
F800::/6 Reserved by IETF [RFC4291]<br />
FC00::/7 Unique Local Unicast [RFC4193]<br />
FE00::/9 Reserved by IETF [RFC4291]<br />
FE80::/10 Link Local Unicast [RFC4291]<br />
FEC0::/10 Reserved by IETF [RFC3879]<br />
FF00::/8 Multicast [RFC4291]<br />
http://www.iana.org/assignments/ipv6-address-space<br />
Slide 41 Laurent Toutain Filière 2
Addressing Space Utilization<br />
Addresses ◮ Address Format<br />
0000::/8 Reserved by IETF [RFC4291]<br />
0100::/8 Reserved by IETF [RFC4291]<br />
0200::/7 Reserved by IETF [RFC4048]<br />
0400::/6 Reserved by IETF [RFC4291]<br />
0800::/5 Reserved by IETF [RFC4291]<br />
1000::/4 Reserved by IETF [RFC4291]<br />
2000::/3 Global Unicast [RFC4291]<br />
4000::/3 Reserved by IETF [RFC4291]<br />
6000::/3 Reserved by IETF [RFC4291]<br />
8000::/3 Reserved by IETF [RFC4291]<br />
A000::/3 Reserved by IETF [RFC4291]<br />
C000::/3 Reserved by IETF [RFC4291]<br />
E000::/4 Reserved by IETF [RFC4291]<br />
F000::/5 Reserved by IETF [RFC4291]<br />
F800::/6 Reserved by IETF [RFC4291]<br />
FC00::/7 Unique Local Unicast [RFC4193]<br />
FE00::/9 Reserved by IETF [RFC4291]<br />
FE80::/10 Link Local Unicast [RFC4291]<br />
FEC0::/10 Reserved by IETF [RFC3879]<br />
FF00::/8 Multicast [RFC4291]<br />
http://www.iana.org/assignments/ipv6-address-space<br />
Slide 41 Laurent Toutain Filière 2
Address Format<br />
Addresses ◮ Address Format<br />
Global Unicast Address:<br />
3 45 16 64<br />
001 Global Prefix SID Interface ID<br />
public topology<br />
given by the provider<br />
Link-Local Address:<br />
local topology<br />
assigned by network engineer<br />
link address<br />
auto or manual configuration<br />
10 54 64<br />
FE80 0...0 Interface ID<br />
link address<br />
auto-configuration<br />
Slide 42 Laurent Toutain Filière 2
SID Values<br />
Addresses ◮ Address Format<br />
<br />
<br />
16 bit length up to 65 535 subnets<br />
•<br />
Large enough for most companies<br />
•<br />
Too large for home network <br />
•<br />
May be an /56 or /60 GP will be allocated<br />
There is no strict rules to structure SID:<br />
•<br />
sequencial : 1, 2, ...<br />
•<br />
use VLAN number<br />
•<br />
include usage to allow filtering, for instance, for a University:<br />
4bits : Community 8bits 4bits<br />
0 : Infrastructure Specific addresses<br />
1 : Tests Specific addresses<br />
6 : Point6 Managed by Point6<br />
8 : Wifi guests Specific addresses<br />
A : Employees Entity Sub-Network<br />
E : Students Entity Sub-Network<br />
F : Other (Start up, etc.) Specific addresses<br />
Slide 43 Laurent Toutain Filière 2
Interface Identifier<br />
Addresses ◮ Address Format<br />
Interface ID can be selected differently<br />
<br />
Derived from a Layer 2 ID (I.e. MAC address) :<br />
•<br />
for Link Local address<br />
•<br />
for Global Address : plug-and-play hosts<br />
<br />
Assigned manually :<br />
•<br />
to keep same address when Ethernet card or host is changed<br />
•<br />
to remember easily the address<br />
− 1, 2, 3, ...<br />
− last digit of the v4 address<br />
− the IPv4 address (for nostalgic system administrators)<br />
− ...<br />
Slide 44 Laurent Toutain Filière 2
Interface Identifier<br />
Addresses ◮ Address Format<br />
Interface ID can be selected differently<br />
<br />
Derived from a Layer 2 ID (I.e. MAC address) :<br />
•<br />
for Link Local address<br />
•<br />
for Global Address : plug-and-play hosts<br />
<br />
Assigned manually :<br />
•<br />
to keep same address when Ethernet card or host is changed<br />
•<br />
to remember easily the address<br />
− 1, 2, 3, ...<br />
− last digit of the v4 address<br />
− the IPv4 address (for nostalgic system administrators)<br />
− ...<br />
Slide 44 Laurent Toutain Filière 2
Interface Identifier<br />
Addresses ◮ Address Format<br />
Interface ID can be selected differently<br />
<br />
Random value :<br />
•<br />
Changed frequently (e.g, every day, per session, at each<br />
reboot...) to guarantee anonymity<br />
<br />
Hash of other values (experimental) :<br />
•<br />
To link address to other properties<br />
•<br />
Public key<br />
•<br />
List of assigned prefixes<br />
•<br />
...<br />
Slide 45 Laurent Toutain Filière 2
Interface Identifier<br />
Addresses ◮ Address Format<br />
Interface ID can be selected differently<br />
<br />
Random value :<br />
•<br />
Changed frequently (e.g, every day, per session, at each<br />
reboot...) to guarantee anonymity<br />
<br />
Hash of other values (experimental) :<br />
•<br />
To link address to other properties<br />
•<br />
Public key<br />
•<br />
List of assigned prefixes<br />
•<br />
...<br />
Slide 45 Laurent Toutain Filière 2
How to Construct an IID from MAC Address<br />
Addresses ◮ Address Format<br />
64 bits is compatible with EUI-64 (i.e. IEEE 1394 FireWire, ...)<br />
<br />
<br />
IEEE propose a way to transform a MAC-48 to an EUI-64<br />
U/L changed for numbering purpose<br />
There is no conflicts if IID are manually numbered: 1, 2, 3, ...<br />
Slide 46 Laurent Toutain Filière 2
How to Construct an IID from MAC Address<br />
Addresses ◮ Address Format<br />
64 bits is compatible with EUI-64 (i.e. IEEE 1394 FireWire, ...)<br />
<br />
<br />
IEEE propose a way to transform a MAC-48 to an EUI-64<br />
U/L changed for numbering purpose<br />
MAC-48<br />
00 Vendor<br />
Serial Number<br />
EUI-64<br />
00 Vendor 0xFFFE<br />
Serial Number<br />
There is no conflicts if IID are manually numbered: 1, 2, 3, ...<br />
Slide 46 Laurent Toutain Filière 2
How to Construct an IID from MAC Address<br />
Addresses ◮ Address Format<br />
64 bits is compatible with EUI-64 (i.e. IEEE 1394 FireWire, ...)<br />
<br />
<br />
IEEE propose a way to transform a MAC-48 to an EUI-64<br />
U/L changed for numbering purpose<br />
MAC-48<br />
00 Vendor<br />
Serial Number<br />
EUI-64<br />
00 Vendor 0xFFFE<br />
Serial Number<br />
IID<br />
10 Vendor 0xFFFE<br />
Serial Number<br />
There is no conflicts if IID are manually numbered: 1, 2, 3, ...<br />
Slide 46 Laurent Toutain Filière 2
How to Construct an IID from MAC Address<br />
Addresses ◮ Address Format<br />
64 bits is compatible with EUI-64 (i.e. IEEE 1394 FireWire, ...)<br />
<br />
<br />
IEEE propose a way to transform a MAC-48 to an EUI-64<br />
U/L changed for numbering purpose<br />
MAC-48<br />
00 Vendor<br />
Serial Number<br />
EUI-64<br />
00 Vendor 0xFFFE<br />
Serial Number<br />
IID<br />
10 Vendor 0xFFFE<br />
Serial Number<br />
There is no conflicts if IID are manually numbered: 1, 2, 3, ...<br />
Slide 46 Laurent Toutain Filière 2
Example : Mac / Unix<br />
Addresses ◮ Address Format<br />
%ifconfig<br />
lo0: flags=8049 mtu 16384<br />
inet6 ::1 prefixlen 128<br />
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1<br />
inet 127.0.0.1 netmask 0xff000000<br />
en1: flags=8863 mtu 1500<br />
inet6 fe80::216:cbff:febe:16b3%en1 prefixlen 64 scopeid 0x5<br />
inet 192.168.2.5 netmask 0xffffff00 broadcast 192.168.2.255<br />
inet6 2001:660:7307:6031:216:cbff:febe:16b3 prefixlen 64<br />
autoconf<br />
ether 00:16:cb:be:16:b3<br />
media: autoselect status: active<br />
supported media: autoselect<br />
Slide 47 Laurent Toutain Filière 2
Windows 7<br />
Addresses ◮ Address Format<br />
Slide 48 Laurent Toutain Filière 2
Windows 7<br />
Addresses ◮ Address Format<br />
Same Prefix<br />
Slide 48 Laurent Toutain Filière 2
Windows 7<br />
Addresses ◮ Address Format<br />
Random IID (permanent)<br />
Same Prefix<br />
Random IID (changed every day)<br />
Slide 48 Laurent Toutain Filière 2
Address Lifetime<br />
Addresses ◮ Address Format<br />
allocation<br />
Tentative Preferred Deprecated Invalid<br />
DAD<br />
Valid<br />
Slide 49 Laurent Toutain Filière 2
Addresses<br />
Kind of addresses
Link Local Scoped Addresses<br />
Addresses ◮ Kind of addresses<br />
<br />
<br />
<br />
Global Address, the prefix designates the exit interface<br />
Link-Local address, the prefix is always fe80::/10<br />
• The exiting interface is not defined<br />
• A %iface, can be added at the end of the address to avoid ambiguity.<br />
Example:<br />
Routing tables<br />
Internet6:<br />
Destination Gateway Flags Netif Expire<br />
default fe80::213:c4ff:fe69:5f49%en0 UGSc en0<br />
Slide 51 Laurent Toutain Filière 2
Other kind of addresses : ULA (RFC 4193)<br />
Addresses ◮ Kind of addresses<br />
<br />
Equivalent to the private addresses in IPv4<br />
<br />
But try to avoid same prefixes on two different sites:<br />
•<br />
avoid renumbering if two company merge<br />
•<br />
avoid ambiguities when VPN are used<br />
<br />
These prefixes are not routable on the Internet<br />
Unique Local IPv6 Unicast Addresses:<br />
8 40 16 64<br />
FD Random Value SID Interface ID<br />
private topology<br />
Not Routable in the Internet<br />
local topology<br />
link address<br />
http://www.sixxs.net/tools/grh/ula/ to create your own ULA prefix.<br />
Slide 52 Laurent Toutain Filière 2
Multicast<br />
Addresses ◮ Kind of addresses<br />
Generic Format:<br />
8 4 4 112<br />
FF xRPT scope Group ID<br />
T (Transient) 0: well known address - 1: temporary address<br />
P (Prefix) 1 : assigned from a network prefix (T must be set to 1)<br />
R (Rendez Vous Point) 1: contains the RP address (P & T set to 1)<br />
Scope :<br />
• 1 - node-local<br />
• 2 - link-local<br />
• 3 - subnet-local<br />
• 4 - admin-local<br />
• 5 - site-local<br />
• 8 - organisation-local<br />
• E - global<br />
Slide 53 Laurent Toutain Filière 2
Some Well Known Multicast Addresses<br />
Addresses ◮ Kind of addresses<br />
8 4 4 112<br />
FF 0 scope Group ID<br />
FF02:0:0:0:0:0:0:1 All Nodes Address (link-local scope)<br />
FF02:0:0:0:0:0:0:2 All Routers Address<br />
FF02:0:0:0:0:0:0:5 OSPFIGP<br />
FF02:0:0:0:0:0:0:6 OSPFIGP Designated Routers<br />
FF02:0:0:0:0:0:0:9 RIP Routers<br />
FF02:0:0:0:0:0:0:FB mDNSv6<br />
FF02:0:0:0:0:0:1:2 All-dhcp-agents<br />
FF02:0:0:0:0:1:FFXX:XXXX Solicited-Node Address<br />
FF05:0:0:0:0:0:1:3 All-dhcp-servers (site-local scope)<br />
http://www.iana.org/assignments/ipv6-multicast-addresses<br />
Slide 54 Laurent Toutain Filière 2
Some Well Known Multicast Addresses<br />
Addresses ◮ Kind of addresses<br />
8 4 4 112<br />
FF 0 scope Group ID<br />
FF02:0:0:0:0:0:0:1 All Nodes Address (link-local scope)<br />
FF02:0:0:0:0:0:0:2 All Routers Address<br />
FF02:0:0:0:0:0:0:5 OSPFIGP<br />
FF02:0:0:0:0:0:0:6 OSPFIGP Designated Routers<br />
FF02:0:0:0:0:0:0:9 RIP Routers<br />
FF02:0:0:0:0:0:0:FB mDNSv6<br />
FF02:0:0:0:0:0:1:2 All-dhcp-agents<br />
FF02:0:0:0:0:1:FFXX:XXXX Solicited-Node Address<br />
FF05:0:0:0:0:0:1:3 All-dhcp-servers (site-local scope)<br />
http://www.iana.org/assignments/ipv6-multicast-addresses<br />
Slide 54 Laurent Toutain Filière 2
Solicited Multicast Addresses<br />
Addresses ◮ Kind of addresses<br />
<br />
Derive a Multicast Address from a Unicast Address<br />
•<br />
Widely used for stateless auto-configuration<br />
•<br />
Avoid the use of broadcast<br />
01-02-03-04-05-06<br />
Slide 55 Laurent Toutain Filière 2
Solicited Multicast Addresses<br />
Addresses ◮ Kind of addresses<br />
<br />
Derive a Multicast Address from a Unicast Address<br />
•<br />
Widely used for stateless auto-configuration<br />
•<br />
Avoid the use of broadcast<br />
01-02-03-04-05-06<br />
FE80::0102:03FF:FE04:0506<br />
GP:0102:03FF:FE04:0506<br />
Slide 55 Laurent Toutain Filière 2
Solicited Multicast Addresses<br />
Addresses ◮ Kind of addresses<br />
<br />
Derive a Multicast Address from a Unicast Address<br />
•<br />
Widely used for stateless auto-configuration<br />
•<br />
Avoid the use of broadcast<br />
01-02-03-04-05-06<br />
FE80::0102:03FF:FE04:0506 GP:0102:03FF:FE04:0506 GP::1<br />
Slide 55 Laurent Toutain Filière 2
Solicited Multicast Addresses<br />
Addresses ◮ Kind of addresses<br />
<br />
Derive a Multicast Address from a Unicast Address<br />
•<br />
Widely used for stateless auto-configuration<br />
•<br />
Avoid the use of broadcast<br />
01-02-03-04-05-06<br />
FE80::0102:03FF:FE04:0506 GP:0102:03FF:FE04:0506 GP::1<br />
FF02::1:FF04:0506<br />
FF02::1:FF00:0001<br />
Slide 55 Laurent Toutain Filière 2
Solicited Multicast Addresses<br />
Addresses ◮ Kind of addresses<br />
<br />
Derive a Multicast Address from a Unicast Address<br />
•<br />
Widely used for stateless auto-configuration<br />
•<br />
Avoid the use of broadcast<br />
01-02-03-04-05-06<br />
FE80::0102:03FF:FE04:0506 GP:0102:03FF:FE04:0506 GP::1<br />
FF02::1:FF04:0506<br />
FF02::1:FF00:0001<br />
33-33-FF-04-05-06<br />
33-33-FF-00-00-01<br />
Slide 55 Laurent Toutain Filière 2
Example<br />
Addresses ◮ Kind of addresses<br />
Vlan5 is up, line protocol is up<br />
IPv6 is enabled, link-local address is FE80::203:FDFF:FED6:D400<br />
Description: reseau C5<br />
Global unicast address(es):<br />
2001:660:7301:1:203:FDFF:FED6:D400, subnet is 2001:660:7301:1::/64<br />
Joined group address(es):<br />
FF02::1
Example<br />
Addresses ◮ Kind of addresses<br />
Vlan5 is up, line protocol is up<br />
IPv6 is enabled, link-local address is FE80::203:FDFF:FED6:D400<br />
Description: reseau C5<br />
Global unicast address(es):<br />
2001:660:7301:1:203:FDFF:FED6:D400, subnet is 2001:660:7301:1::/64<br />
Joined group address(es):<br />
FF02::1
Example<br />
Addresses ◮ Kind of addresses<br />
Vlan5 is up, line protocol is up<br />
IPv6 is enabled, link-local address is FE80::203:FDFF:FED6:D400<br />
Description: reseau C5<br />
Global unicast address(es):<br />
2001:660:7301:1:203:FDFF:FED6:D400, subnet is 2001:660:7301:1::/64<br />
Joined group address(es):<br />
FF02::1
Example<br />
Addresses ◮ Kind of addresses<br />
Vlan5 is up, line protocol is up<br />
IPv6 is enabled, link-local address is FE80::203:FDFF:FED6:D400<br />
Description: reseau C5<br />
Global unicast address(es):<br />
2001:660:7301:1:203:FDFF:FED6:D400, subnet is 2001:660:7301:1::/64<br />
Joined group address(es):<br />
FF02::1
Example<br />
Addresses ◮ Kind of addresses<br />
Vlan5 is up, line protocol is up<br />
IPv6 is enabled, link-local address is FE80::203:FDFF:FED6:D400<br />
Description: reseau C5<br />
Global unicast address(es):<br />
2001:660:7301:1:203:FDFF:FED6:D400, subnet is 2001:660:7301:1::/64<br />
Joined group address(es):<br />
FF02::1
Anycast<br />
Addresses ◮ Kind of addresses<br />
<br />
<br />
<br />
In the same addressing space as unicast<br />
No way to distiguish them<br />
Two anycast families:<br />
•<br />
Same prefix on Internet<br />
− same a IPv4 anycast for DNS or 6to4<br />
•<br />
Same address on the link<br />
− Must avoid DAD<br />
− Some IID values are reserved<br />
− All IID bits to 1 except last byte<br />
− Only 0x7E Mobile Home Agent<br />
•<br />
May more addresses with Wireless Sensor Network <br />
− Temperature, presence, . . .<br />
64 64<br />
Prefix<br />
Interface ID<br />
Slide 57 Laurent Toutain Filière 2
Anycast on prefix : Example from Renater<br />
Addresses ◮ Kind of addresses<br />
#traceroute6 2001:500:2f::f<br />
traceroute6 to 2001:500:2f::f (2001:500:2f::f) from 2001:660:7301:3103:223:6cff:<br />
30 hops max, 12 byte packets<br />
1 2001:660:7301:3103::1 4.774 ms 1.198 ms 2.764 ms<br />
2 2001:660:7301:3036::1 3.364 ms 2.215 ms 1.417 ms<br />
3 vl856-gi9-9-rennes-rtr-021.noc.renater.fr 2.892 ms 6.794 ms 2.195 ms<br />
4 te4-1-caen-rtr-021.noc.renater.fr 7.706 ms 5.1 ms 4.193 ms<br />
5 te4-1-rouen-rtr-021.noc.renater.fr 6.527 ms 6.296 ms 6.661 ms<br />
6 te0-0-0-1-paris1-rtr-001.noc.renater.fr 8.702 ms 10.26 ms 8.696 ms<br />
7 F-root-server.sfinx.tm.fr 8.495 ms 8.607 ms 8.664 ms<br />
8 f.root-servers.net 8.738 ms 9.171 ms 8.702 ms<br />
Slide 58 Laurent Toutain Filière 2
Anycast on prefix : Example from Hawaï<br />
Addresses ◮ Kind of addresses<br />
#traceroute6 2001:500:2f::f<br />
traceroute6 to 2001:500:2f::f (2001:500:2f::f) from 2001:1888:0:1:2d0:b7ff:fe7d:<br />
64 hops max, 12 byte packets<br />
1 apapane-fe0-0-1 1.169 ms 0.970 ms 0.947 ms<br />
2 r1.mdtnj.ipv6.att.net 121.159 ms 121.737 ms 121.378 ms<br />
3 bbr01-p1-0.nwrk01.occaid.net 130.468 ms 129.640 ms 130.845 ms<br />
4 bbr01-g1-0.asbn01.occaid.net 131.372 ms 131.596 ms 131.421 ms<br />
5 bbr01-g1-0.atln01.occaid.net 144.937 ms 144.550 ms 144.834 ms<br />
6 bbr01-p1-0.dlls01.occaid.net 166.709 ms 196.177 ms 165.983 ms<br />
7 dcr01-p1-5.lsan01.occaid.net 138.437 ms 138.690 ms 138.544 ms<br />
8 bbr01-g0-2.irvn01.occaid.net 138.552 ms 137.956 ms 137.649 ms<br />
9 dcr01-g1-2.psdn01.occaid.net 137.629 ms 138.030 ms 141.332 ms<br />
10 bbr01-f1-5.snfc02.occaid.net 138.501 ms 138.511 ms 137.483 ms<br />
11 exit.sf-guest.sfo2.isc.org 147.941 ms 144.929 ms 145.956 ms<br />
12 f.root-servers.net 139.063 ms 139.715 ms 142.571 ms<br />
Slide 59 Laurent Toutain Filière 2
OnLink Anycast: Example<br />
Addresses ◮ Kind of addresses<br />
α::1<br />
α::FFF1<br />
α::2<br />
α::FFF1<br />
α::3<br />
α::FFF1<br />
RFC 2526 Anycast values, all bit of IID set to 1 except last 8 bits:<br />
<br />
<br />
<br />
0x7F: reserved<br />
0x7E: Home Agent (Mobile IP)<br />
0x00 to 0x7D: reserved<br />
http://www.iana.org/assignments/ipv6-anycast-addresses<br />
Slide 60 Laurent Toutain Filière 2
OnLink Anycast: Example<br />
Addresses ◮ Kind of addresses<br />
α::1<br />
α::FFF1<br />
α::2<br />
α::FFF1<br />
α::3<br />
α::FFF1<br />
RFC 2526 Anycast values, all bit of IID set to 1 except last 8 bits:<br />
<br />
<br />
<br />
0x7F: reserved<br />
0x7E: Home Agent (Mobile IP)<br />
0x00 to 0x7D: reserved<br />
http://www.iana.org/assignments/ipv6-anycast-addresses<br />
Slide 60 Laurent Toutain Filière 2
OnLink Anycast: Example<br />
Addresses ◮ Kind of addresses<br />
α::1<br />
α::FFF1<br />
α::2<br />
α::FFF1<br />
α::3<br />
α::FFF1<br />
MAC1 MAC2 MAC3<br />
RFC 2526 Anycast values, all bit of IID set to 1 except last 8 bits:<br />
<br />
<br />
<br />
0x7F: reserved<br />
0x7E: Home Agent (Mobile IP)<br />
0x00 to 0x7D: reserved<br />
http://www.iana.org/assignments/ipv6-anycast-addresses<br />
Slide 60 Laurent Toutain Filière 2
OnLink Anycast: Example<br />
Addresses ◮ Kind of addresses<br />
α::1<br />
α::FFF1<br />
α::2<br />
α::FFF1<br />
α::3<br />
α::FFF1<br />
α::FFF1 → MAC2<br />
RFC 2526 Anycast values, all bit of IID set to 1 except last 8 bits:<br />
<br />
<br />
<br />
0x7F: reserved<br />
0x7E: Home Agent (Mobile IP)<br />
0x00 to 0x7D: reserved<br />
http://www.iana.org/assignments/ipv6-anycast-addresses<br />
Slide 60 Laurent Toutain Filière 2
OnLink Anycast: Example<br />
Addresses ◮ Kind of addresses<br />
α::1<br />
α::FFF1<br />
α::2<br />
α::FFF1<br />
α::3<br />
α::FFF1<br />
α::FFF1 → MAC2<br />
RFC 2526 Anycast values, all bit of IID set to 1 except last 8 bits:<br />
<br />
<br />
<br />
0x7F: reserved<br />
0x7E: Home Agent (Mobile IP)<br />
0x00 to 0x7D: reserved<br />
http://www.iana.org/assignments/ipv6-anycast-addresses<br />
Slide 60 Laurent Toutain Filière 2
Anycast on prefix : Example from Hawaï<br />
Addresses ◮ Kind of addresses<br />
# ifconfig en3<br />
en3: flags=8863 mtu 1500<br />
inet6 fe80::223:6cff:fe97:679c<br />
inet 192.168.103.177 netmask 0xffffff00 broadcast 192.168.103.255<br />
inet6 2001:660:7301:3103:223:65ff:fe97:679c prefixlen 64 autoconf<br />
ether 00:23:6c:97:67:9c<br />
media: autoselect status: active<br />
supported media: autoselect<br />
# ifconfig en3 inet6 2001:660:7301:3103:FF::FF anycast<br />
# ifconfig en3<br />
en3: flags=8863 mtu 1500<br />
inet6 fe80::223:6cff:fe97:679c<br />
inet 192.168.103.177 netmask 0xffffff00 broadcast 192.168.103.255<br />
inet6 2001:660:7301:3103:223:65ff:fe97:679c prefixlen 64 autoconf<br />
inet6 2001:660:7301:3103:ff::ff prefixlen 64 anycast<br />
ether 00:23:6c:97:67:9c<br />
media: autoselect status: active<br />
supported media: autoselect<br />
Slide 61 Laurent Toutain Filière 2
Protocol<br />
IPv6 Header
IPv6 Packet : Simpler<br />
Protocol ◮ IPv6 Header<br />
Definition<br />
<br />
<br />
<br />
Goal :<br />
<br />
<br />
<br />
IPv6 header follows the same IPv4 principle:<br />
•<br />
fixed address size ... but 4 times larger<br />
•<br />
alignment on 64 bit words (instead of 32)<br />
Functionalities never used in IPv4 are suppressed<br />
Minimum MTU 1280 Bytes<br />
•<br />
If L2 cannot carry 1280 Bytes, then add an adaptation layer<br />
such as AAL5 for ATM or 6LoWPAN (RFC 4944) for IEEE<br />
802.15.4.<br />
Forward packet as fast as possible<br />
Less processing in routers<br />
More features at both ends<br />
Slide 63 Laurent Toutain Filière 2
IPv4 Header<br />
Protocol ◮ IPv6 Header<br />
0..................7...................15...................23....................31<br />
Ver. IHL DiffServ Packet Length<br />
Identifier flag Offset<br />
TTL<br />
Protocol<br />
Checksum<br />
Source Address<br />
Destination Address<br />
Options<br />
Layer 4<br />
Slide 64 Laurent Toutain Filière 2
IPv4 Header<br />
Protocol ◮ IPv6 Header<br />
0..................7...................15...................23....................31<br />
Ver. IHL<br />
DiffServ Packet Length<br />
Identifier flag Offset<br />
TTL<br />
Protocol<br />
Checksum<br />
Source Address<br />
Destination Address<br />
Options<br />
Layer 4<br />
Slide 64 Laurent Toutain Filière 2
IPv4 Header<br />
Protocol ◮ IPv6 Header<br />
0..................7...................15...................23....................31<br />
Ver. DiffServ Packet Length<br />
Identifier flag Offset<br />
TTL<br />
Protocol<br />
Checksum<br />
Source Address<br />
Destination Address<br />
Layer 4<br />
Slide 64 Laurent Toutain Filière 2
IPv4 Header<br />
Protocol ◮ IPv6 Header<br />
0..................7...................15...................23....................31<br />
Ver. DiffServ Packet Length<br />
TTL<br />
Protocol<br />
Checksum<br />
Source Address<br />
Destination Address<br />
Layer 4<br />
Slide 64 Laurent Toutain Filière 2
IPv4 Header<br />
Protocol ◮ IPv6 Header<br />
0..................7...................15...................23....................31<br />
Ver. DiffServ Packet Length<br />
TTL<br />
Protocol<br />
Source Address<br />
Destination Address<br />
Layer 4<br />
Slide 64 Laurent Toutain Filière 2
IPv4 Header<br />
Protocol ◮ IPv6 Header<br />
0..................7...................15...................23....................31<br />
6<br />
DiffServ<br />
Packet Length<br />
TTL<br />
Protocol<br />
Source Address<br />
Destination Address<br />
Layer 4<br />
Slide 64 Laurent Toutain Filière 2
IPv4 Header<br />
Protocol ◮ IPv6 Header<br />
0..................7...................15...................23....................31<br />
6 DiffServ<br />
Packet Length<br />
TTL<br />
Protocol<br />
Source Address<br />
Destination Address<br />
Layer 4<br />
Slide 64 Laurent Toutain Filière 2
IPv4 Header<br />
Protocol ◮ IPv6 Header<br />
0..................7...................15...................23....................31<br />
6 DiffServ<br />
Payload Length<br />
TTL<br />
Protocol<br />
Source Address<br />
Destination Address<br />
Layer 4<br />
Slide 64 Laurent Toutain Filière 2
IPv4 Header<br />
Protocol ◮ IPv6 Header<br />
0..................7...................15...................23....................31<br />
6 DiffServ<br />
Payload Length<br />
Next header<br />
TTL<br />
Source Address<br />
Destination Address<br />
Layer 4Layer or extensions 4<br />
Slide 64 Laurent Toutain Filière 2
IPv4 Header<br />
Protocol ◮ IPv6 Header<br />
0..................7...................15...................23....................31<br />
6 DiffServ<br />
Payload Length<br />
Next header<br />
Hop Limit<br />
Source Address<br />
Destination Address<br />
Layer 4Layer or extensions 4<br />
Slide 64 Laurent Toutain Filière 2
IPv4 Header<br />
Protocol ◮ IPv6 Header<br />
0..................7...................15...................23....................31<br />
6 DiffServ<br />
Payload Length<br />
Next header<br />
Hop Limit<br />
Source Address<br />
Destination Address<br />
Layer 4Layer or extensions 4<br />
Slide 64 Laurent Toutain Filière 2
IPv6 Header<br />
Protocol ◮ IPv6 Header<br />
0..................7...................15...................23....................31<br />
6 DiffServ<br />
Payload Length<br />
Next header<br />
Flow Label<br />
Hop Limit<br />
Source Address<br />
Destination Address<br />
Layer 4 or extensions<br />
Slide 64 Laurent Toutain Filière 2
Protocol<br />
IPv6 Extensions
Extensions<br />
Protocol ◮ IPv6 Extensions<br />
<br />
<br />
<br />
<br />
<br />
Seen as a L4 protocol<br />
Processed only by destination<br />
•<br />
Except Hop-by-Hop processed by every router<br />
•<br />
Equivalent of option field in IPv4<br />
No size limitation<br />
Several extensions can be linked to reach L4 protocol<br />
Processed only by destination<br />
•<br />
Destination (mobility)<br />
•<br />
Routing (loose source routing, mobility)<br />
•<br />
Fragmentation<br />
•<br />
Authentication (AH)<br />
•<br />
Security (ESP)<br />
Slide 66 Laurent Toutain Filière 2
Extensions in packets<br />
Protocol ◮ IPv6 Extensions<br />
IPv6 Hdr<br />
NH=TCP<br />
TCP Hdr<br />
DATA<br />
Slide 67 Laurent Toutain Filière 2
Extensions in packets<br />
Protocol ◮ IPv6 Extensions<br />
IPv6 Hdr<br />
NH=TCP<br />
TCP Hdr<br />
DATA<br />
IPv6 Hdr<br />
NH=Routing<br />
Routing<br />
NH=TCP<br />
TCP Hdr<br />
DATA<br />
Slide 67 Laurent Toutain Filière 2
Extensions in packets<br />
Protocol ◮ IPv6 Extensions<br />
IPv6 Hdr<br />
NH=TCP<br />
TCP Hdr<br />
DATA<br />
IPv6 Hdr<br />
NH=Routing<br />
Routing<br />
NH=TCP<br />
TCP Hdr<br />
DATA<br />
IPv6 Hdr<br />
NH=Routing<br />
Routing<br />
NH=Fragment<br />
Fragment<br />
NH=TCP<br />
TCP Hdr<br />
DATA<br />
Slide 67 Laurent Toutain Filière 2
Extension Superiority<br />
Protocol ◮ IPv6 Extensions<br />
A<br />
R1<br />
IPv4:<br />
A -> R1<br />
option:<br />
-> B<br />
B<br />
Slide 68 Laurent Toutain Filière 2
Extension Superiority<br />
Protocol ◮ IPv6 Extensions<br />
special treatment special treatment special treatment<br />
A<br />
R1<br />
IPv4:<br />
A -> R1<br />
option:<br />
-> B<br />
B<br />
Slide 68 Laurent Toutain Filière 2
Extension Superiority<br />
Protocol ◮ IPv6 Extensions<br />
A<br />
R1<br />
IPv4:<br />
A -> B<br />
option: R1 -><br />
B<br />
Slide 68 Laurent Toutain Filière 2
Extension Superiority<br />
Protocol ◮ IPv6 Extensions<br />
A<br />
R1<br />
IPv4:<br />
A -> B<br />
option: R1 -><br />
B<br />
Slide 68 Laurent Toutain Filière 2
Extension Superiority<br />
Protocol ◮ IPv6 Extensions<br />
A<br />
R1<br />
IPv6:<br />
A -> R1<br />
Extension:<br />
-> B<br />
B<br />
Slide 68 Laurent Toutain Filière 2
Extension Superiority<br />
Protocol ◮ IPv6 Extensions<br />
A<br />
R1<br />
IPv6:<br />
A -> R1<br />
Extension:<br />
-> B<br />
B<br />
Slide 68 Laurent Toutain Filière 2
Extension Superiority<br />
Protocol ◮ IPv6 Extensions<br />
A<br />
R1<br />
R1 is the destination, packet is<br />
sent to Routing Extension layer<br />
which swaps the addresses and<br />
forwards the packet.<br />
B<br />
Slide 68 Laurent Toutain Filière 2
Extension Superiority<br />
Protocol ◮ IPv6 Extensions<br />
A<br />
R1<br />
IPv6:<br />
A -> B<br />
Extension: R1 -><br />
B<br />
Slide 68 Laurent Toutain Filière 2
Extension Superiority<br />
Protocol ◮ IPv6 Extensions<br />
A<br />
R1<br />
B is the destination, packet is<br />
sent to Routing Extension layer<br />
which send it to upper layer protocol.<br />
ULP will see a packet<br />
from A to B.<br />
IPv6:<br />
A -> B<br />
Extension: R1 -><br />
B<br />
Slide 68 Laurent Toutain Filière 2
Extension Order is Important<br />
Protocol ◮ IPv6 Extensions<br />
0<br />
60<br />
43<br />
44<br />
51<br />
50<br />
60<br />
IPv6<br />
Hop by Hop<br />
Destination<br />
Routing<br />
Fragmentation<br />
Authentication<br />
Security<br />
Destination<br />
Processed by every router<br />
Processed by routers listed in Routing extension<br />
Processed by routers listed in Routing extension<br />
Processed by the destination<br />
Processed by the destination<br />
Processed by the destination<br />
Processed by the destination<br />
6, 11, ...<br />
ULP<br />
Processed by the destination<br />
Slide 69 Laurent Toutain Filière 2
Extension Order is Important<br />
Protocol ◮ IPv6 Extensions<br />
0<br />
60<br />
43<br />
44<br />
51<br />
50<br />
60<br />
IPv6<br />
Hop by Hop<br />
Destination<br />
Routing<br />
Fragmentation<br />
Authentication<br />
Security<br />
Destination<br />
Processed by every router<br />
Processed by routers listed in Routing extension<br />
Processed by routers listed in Routing extension<br />
Costly to reassemble in each router listed<br />
Authentication can only be made on full packet<br />
Processed by the destination<br />
Destination information will be protected<br />
6, 11, ...<br />
ULP<br />
Processed by the destination<br />
Slide 69 Laurent Toutain Filière 2
Extensions Generic Format<br />
Protocol ◮ IPv6 Extensions<br />
0..................7...................15...................23....................31<br />
Next Header<br />
Ext. Length<br />
Extension Data (options)<br />
<br />
<br />
<br />
Next Header: Save values as in IPv6 packets<br />
Length: numbers 64 bit long words for variable length<br />
extensions (0 for fixed length fragmentation extension)<br />
Data: options (Hop by hop, Destination) or specific format<br />
Slide 70 Laurent Toutain Filière 2
Hop by Hop (NH=0)<br />
Protocol ◮ IPv6 Extensions<br />
<br />
<br />
Always first position<br />
Composed of options:<br />
Pad1<br />
Padn<br />
Router Alert<br />
CALIPSO<br />
Quick Start<br />
Jumbogram<br />
0<br />
1 lgth. 0 · · · 0<br />
5 2 Value<br />
7 lgth. See RFC 5570<br />
38 lgth. See RFC 4782<br />
194 4 Datagram Length<br />
Slide 71 Laurent Toutain Filière 2
Hop by Hop (NH=0)<br />
Protocol ◮ IPv6 Extensions<br />
<br />
<br />
Always first position<br />
Composed of options:<br />
Pad1<br />
Padn<br />
Router Alert<br />
0<br />
1 lgth. 0 · · · 0<br />
5 2 Value<br />
CALIPSO<br />
Quick Start<br />
Jumbogram<br />
7 lgth. See RFC 5570<br />
When value unknown:<br />
00: skip,<br />
01: discard,<br />
10: discard + ICMP,<br />
11: Discard + ICMP (if not multicast)<br />
38 lgth. See RFC 4782<br />
194 4 Datagram Length<br />
UU C VVVVV<br />
Slide 71 Laurent Toutain Filière 2
Hop by Hop (NH=0)<br />
Protocol ◮ IPv6 Extensions<br />
<br />
<br />
Always first position<br />
Composed of options:<br />
Pad1<br />
Padn<br />
Router Alert<br />
CALIPSO<br />
Quick Start<br />
Jumbogram<br />
0<br />
1 lgth. 0 · · · 0<br />
5 2 Value<br />
7 lgth. See RFC 5570<br />
Option data may<br />
be changed:<br />
0: no,<br />
38 lgth. See RFC 4782<br />
1: yes<br />
194 4 Datagram Length<br />
UU C VVVVV<br />
Slide 71 Laurent Toutain Filière 2
Hop by Hop (NH=0)<br />
Protocol ◮ IPv6 Extensions<br />
<br />
<br />
Always first position<br />
Composed of options:<br />
Pad1<br />
0<br />
Length in Bytes<br />
Padn<br />
Router Alert<br />
CALIPSO<br />
Quick Start<br />
Jumbogram<br />
1 lgth. 0 · · · 0<br />
5 2 Value<br />
7 lgth. See RFC 5570<br />
38 lgth. See RFC 4782<br />
194 4 Datagram Length<br />
UU C VVVVV<br />
Slide 71 Laurent Toutain Filière 2
Hop by Hop (NH=0)<br />
Protocol ◮ IPv6 Extensions<br />
<br />
<br />
Always first position<br />
Composed of options:<br />
Pad1<br />
Padn<br />
Router Alert<br />
CALIPSO<br />
0<br />
1 lgth. 0 · · · 0<br />
5 2 Value<br />
7 lgth. See RFC 5570<br />
Quick Start<br />
Jumbogram<br />
38 lgth. See RFC 4782<br />
Possible options:<br />
- 0: Multicast 194 Listener Discovery 4 (RFC 2710) Datagram Length<br />
- 1: RSVP (RFC 2711)<br />
- 2: Active Networks (RFC 2711)<br />
- 4 to UU 35: CAggregated VVVVVReservation Nesting Level (RFC 3175)<br />
- 36 to 67: QoS NSLP Aggregation Levels 0-31 (draft-ietf-nsis-qos-nslp-18.txt)<br />
Slide 71 Laurent Toutain Filière 2
Destination (NH=60)<br />
Protocol ◮ IPv6 Extensions<br />
Tun. Encap. Limit<br />
Home Address (MIP)<br />
4 1 Limit<br />
201 16<br />
Home Address<br />
<br />
<br />
Tunnel Encapsultation Limit (RFC 2473): contains the<br />
maximum of tunnels a packet can be encapsulated. When<br />
reach 0, packet is discard and ICMPv6 message is sent.<br />
Home Address (RFC 3775): Contains the Home Address of<br />
the sender (IPv6 header contains the Care-of Address).<br />
Slide 72 Laurent Toutain Filière 2
Routing (NH=43)<br />
Protocol ◮ IPv6 Extensions<br />
0..................7...................15...................23....................31<br />
Next Header Ext. Length=2 Routing Type=2 Seg. Left=1<br />
Reserved<br />
Home Address<br />
Slide 73 Laurent Toutain Filière 2
Fragmentation (NH=44)<br />
Protocol ◮ IPv6 Extensions<br />
0..................7...................15...................23....................31<br />
Next Header Ext. Length=2 Offset 0 0 M<br />
Identification<br />
<br />
<br />
<br />
<br />
Compare to IPv4, equivalent to DF=1<br />
Router never fragment packets but,<br />
send ICMPv6 message with the expected size<br />
Sender either use the fragmentation extension or adapt TCP<br />
segments.<br />
Slide 74 Laurent Toutain Filière 2
Protocol<br />
ICMPv6
ICMPv6<br />
Protocol ◮ ICMPv6<br />
<br />
ICMPv6 is different from ICMP for IPv4 (RFC 4443)<br />
•<br />
IPv6 (or extension): 58<br />
<br />
<br />
Functionalities are extended and organized better<br />
Never filter ICMPv6 messages<br />
Format :<br />
0..................7...................15...................23....................31<br />
Type Code Checksum<br />
Options<br />
Precision<br />
type code nature of the message ICMPv6<br />
code specifies the cause of the message ICMPv6<br />
mandatory checksum used to verify the integrity of ICMP packet<br />
Slide 76 Laurent Toutain Filière 2
ICMPv6 : Two Functions<br />
Protocol ◮ ICMPv6<br />
<br />
Error occurs during forwarding (value < 128)<br />
1 Destination Unreachable<br />
2 Packet Too Big<br />
3 Time Exceeded<br />
4 Parameter Problem<br />
<br />
Management Applications (value > 128)<br />
128 Echo Request<br />
129 Echo Reply<br />
130 Group Membership Query<br />
131 Group Membership Report<br />
132 Group Membership Reduction<br />
133 Router Solicitation<br />
134 Router Advertissement<br />
135 Neighbor Solicitation<br />
136 Neighbor Advertissement<br />
137 Redirect<br />
Slide 77 Laurent Toutain Filière 2
Protocol<br />
Path MTU discovery
Path MTU discovery<br />
Protocol ◮ Path MTU discovery<br />
B<br />
MTU=1280<br />
R<br />
A<br />
PMTU(*)=1500<br />
MTU=1500<br />
Slide 79 Laurent Toutain Filière 2
Path MTU discovery<br />
Protocol ◮ Path MTU discovery<br />
B<br />
MTU=1280<br />
R<br />
A<br />
PMTU(*)=1500<br />
A-> B Size=1500<br />
MTU=1500<br />
Slide 79 Laurent Toutain Filière 2
Path MTU discovery<br />
Protocol ◮ Path MTU discovery<br />
B<br />
MTU=1280<br />
R<br />
A<br />
PMTU(*)=1500<br />
R-> A ICMP6 Error: Packet too big<br />
MTU=1280<br />
MTU=1500<br />
Slide 79 Laurent Toutain Filière 2
Path MTU discovery<br />
Protocol ◮ Path MTU discovery<br />
B<br />
MTU=1280<br />
R<br />
R-> A ICMP6 Error: Packet too big<br />
MTU=1280<br />
A<br />
PMTU(*)=1500<br />
PMTU(B)=1280<br />
MTU=1500<br />
Slide 79 Laurent Toutain Filière 2
Path MTU discovery<br />
Protocol ◮ Path MTU discovery<br />
B<br />
MTU=1280<br />
R<br />
A-> B Size=1280<br />
A<br />
PMTU(*)=1500<br />
PMTU(B)=1280<br />
MTU=1500<br />
Slide 79 Laurent Toutain Filière 2
Mechanisms<br />
Neighbor Discovery
Neighbor Discovery RFC 4861<br />
Mechanisms ◮ Neighbor Discovery<br />
<br />
IPv6 nodes sharing the same physical medium (link) use<br />
Neighbor Discovery (ND) to:<br />
•<br />
determine link-layer addresses of their neighbors<br />
− IPv4 : ARP<br />
•<br />
Address auto-configuration<br />
− Layer 3 parameters: IPv6 address, default route, MTU and<br />
Hop Limit<br />
− Only for hosts !<br />
− IPv4 : impossible, mandate a centralized DHCP server<br />
•<br />
Duplicate Address Detection (DAD)<br />
−<br />
IPv4 : gratuitous ARP<br />
•<br />
maintain neighbors reachability information (NUD)<br />
<br />
uses mainly multicast addresses but take into account NBMA<br />
Networks<br />
<br />
and ICMPv6 messages :<br />
•<br />
133: Router Solicitation, 134: Router Advertisement, 135:<br />
Neighbor Solicitation, 136: Neighbor Advertisement, 137:<br />
Redirect Message.<br />
Slide 81 Laurent Toutain Filière 2
Neighbor Discovery RFC 4861<br />
Mechanisms ◮ Neighbor Discovery<br />
<br />
IPv6 nodes sharing the same physical medium (link) use<br />
Neighbor Discovery (ND) to:<br />
•<br />
determine link-layer addresses of their neighbors<br />
− IPv4 : ARP<br />
•<br />
Address auto-configuration<br />
− Layer 3 parameters: IPv6 address, default route, MTU and<br />
Hop Limit<br />
− Only for hosts !<br />
− IPv4 : impossible, mandate a centralized DHCP server<br />
•<br />
Duplicate Address Detection (DAD)<br />
−<br />
IPv4 : gratuitous ARP<br />
•<br />
maintain neighbors reachability information (NUD)<br />
<br />
uses mainly multicast addresses but take into account NBMA<br />
Networks<br />
<br />
and ICMPv6 messages :<br />
•<br />
133: Router Solicitation, 134: Router Advertisement, 135:<br />
Neighbor Solicitation, 136: Neighbor Advertisement, 137:<br />
Redirect Message.<br />
Slide 81 Laurent Toutain Filière 2
Neighbor Discovery RFC 4861<br />
Mechanisms ◮ Neighbor Discovery<br />
<br />
IPv6 nodes sharing the same physical medium (link) use<br />
Neighbor Discovery (ND) to:<br />
•<br />
determine link-layer addresses of their neighbors<br />
− IPv4 : ARP<br />
•<br />
Address auto-configuration<br />
− Layer 3 parameters: IPv6 address, default route, MTU and<br />
Hop Limit<br />
− Only for hosts !<br />
− IPv4 : impossible, mandate a centralized DHCP server<br />
•<br />
Duplicate Address Detection (DAD)<br />
−<br />
IPv4 : gratuitous ARP<br />
•<br />
maintain neighbors reachability information (NUD)<br />
<br />
uses mainly multicast addresses but take into account NBMA<br />
Networks<br />
<br />
and ICMPv6 messages :<br />
•<br />
133: Router Solicitation, 134: Router Advertisement, 135:<br />
Neighbor Solicitation, 136: Neighbor Advertisement, 137:<br />
Redirect Message.<br />
Slide 81 Laurent Toutain Filière 2
Neighbor Discovery RFC 4861<br />
Mechanisms ◮ Neighbor Discovery<br />
<br />
IPv6 nodes sharing the same physical medium (link) use<br />
Neighbor Discovery (ND) to:<br />
•<br />
determine link-layer addresses of their neighbors<br />
− IPv4 : ARP<br />
•<br />
Address auto-configuration<br />
− Layer 3 parameters: IPv6 address, default route, MTU and<br />
Hop Limit<br />
− Only for hosts !<br />
− IPv4 : impossible, mandate a centralized DHCP server<br />
•<br />
Duplicate Address Detection (DAD)<br />
−<br />
IPv4 : gratuitous ARP<br />
•<br />
maintain neighbors reachability information (NUD)<br />
<br />
uses mainly multicast addresses but take into account NBMA<br />
Networks<br />
<br />
and ICMPv6 messages :<br />
•<br />
133: Router Solicitation, 134: Router Advertisement, 135:<br />
Neighbor Solicitation, 136: Neighbor Advertisement, 137:<br />
Redirect Message.<br />
Slide 81 Laurent Toutain Filière 2
Neighbor Discovery RFC 4861<br />
Mechanisms ◮ Neighbor Discovery<br />
<br />
IPv6 nodes sharing the same physical medium (link) use<br />
Neighbor Discovery (ND) to:<br />
•<br />
determine link-layer addresses of their neighbors<br />
− IPv4 : ARP<br />
•<br />
Address auto-configuration<br />
− Layer 3 parameters: IPv6 address, default route, MTU and<br />
Hop Limit<br />
− Only for hosts !<br />
− IPv4 : impossible, mandate a centralized DHCP server<br />
•<br />
Duplicate Address Detection (DAD)<br />
−<br />
IPv4 : gratuitous ARP<br />
•<br />
maintain neighbors reachability information (NUD)<br />
<br />
uses mainly multicast addresses but take into account NBMA<br />
Networks<br />
<br />
and ICMPv6 messages :<br />
•<br />
133: Router Solicitation, 134: Router Advertisement, 135:<br />
Neighbor Solicitation, 136: Neighbor Advertisement, 137:<br />
Redirect Message.<br />
Slide 81 Laurent Toutain Filière 2
Neighbor Discovery RFC 4861<br />
Mechanisms ◮ Neighbor Discovery<br />
<br />
IPv6 nodes sharing the same physical medium (link) use<br />
Neighbor Discovery (ND) to:<br />
•<br />
determine link-layer addresses of their neighbors<br />
− IPv4 : ARP<br />
•<br />
Address auto-configuration<br />
− Layer 3 parameters: IPv6 address, default route, MTU and<br />
Hop Limit<br />
− Only for hosts !<br />
− IPv4 : impossible, mandate a centralized DHCP server<br />
•<br />
Duplicate Address Detection (DAD)<br />
−<br />
IPv4 : gratuitous ARP<br />
•<br />
maintain neighbors reachability information (NUD)<br />
<br />
uses mainly multicast addresses but take into account NBMA<br />
Networks<br />
<br />
and ICMPv6 messages :<br />
•<br />
133: Router Solicitation, 134: Router Advertisement, 135:<br />
Neighbor Solicitation, 136: Neighbor Advertisement, 137:<br />
Redirect Message.<br />
Slide 81 Laurent Toutain Filière 2
Stateless Auto-configuration: Basic Principles<br />
Mechanisms ◮ Neighbor Discovery<br />
Slide 82 Laurent Toutain Filière 2
Stateless Auto-configuration: Basic Principles<br />
Mechanisms ◮ Neighbor Discovery<br />
t=0<br />
FE80::IID1<br />
α::IID1/64<br />
Time t=0: Router is configured with a link-local address and<br />
manually configured with a global address (α::/64 is given by<br />
the network manager)<br />
Slide 82 Laurent Toutain Filière 2
Stateless Auto-configuration: Basic Principles<br />
Mechanisms ◮ Neighbor Discovery<br />
t=1 : Node Attachment<br />
FE80::IID1<br />
α::IID1/64<br />
FE80::IID2<br />
Host constructs its link-local address based on the interface<br />
MAC address<br />
Slide 82 Laurent Toutain Filière 2
Stateless Auto-configuration: Basic Principles<br />
Mechanisms ◮ Neighbor Discovery<br />
t=2<br />
FE80::IID1<br />
α::IID1/64<br />
FE80::IID2<br />
::/0 -> solicited (FE80:IID2) : NS (who has FE80::IID2)<br />
Host does a DAD (i.e. sends a Neighbor Solicitation to query<br />
resolution of its own address: no answers means no other<br />
host as this value).<br />
Slide 82 Laurent Toutain Filière 2
Stateless Auto-configuration: Basic Principles<br />
Mechanisms ◮ Neighbor Discovery<br />
t=3<br />
FE80::IID1<br />
α::IID1/64<br />
FE80::IID2<br />
FE80::IID2 -> FF02::2 : RS<br />
Host sends a Router Solicitation to the All Router Multicast<br />
group using the newly link-local configured address.<br />
Slide 82 Laurent Toutain Filière 2
Stateless Auto-configuration: Basic Principles<br />
Mechanisms ◮ Neighbor Discovery<br />
t=4<br />
FE80::IID1<br />
α::IID1/64<br />
FE80::IID1 -> FE80::IID2<br />
RA (α::/64, DHCPv6, MTU=1500, HL=64, bit M=1)<br />
FE80::IID2<br />
Router answer directly to the host using Link-local addresses.<br />
The answer may contain a/several prefix(es). Router can<br />
also mandate hosts to use DHCPv6 to obtain prefixes (state<br />
full auto-configuration) and/or other parameters (DNS<br />
servers,...): Bit M = 1.<br />
Slide 82 Laurent Toutain Filière 2
Stateless Auto-configuration: Basic Principles<br />
Mechanisms ◮ Neighbor Discovery<br />
t=5<br />
FE80::IID1<br />
α::IID1/64<br />
FE80::IID2<br />
::/0 -> solicited (α:IID2) : NS (who has α::IID2)<br />
Host does a DAD (i.e. sends a Neighbor Solicitation to query<br />
resolution of its own global address: no answers means no<br />
other host as this value).<br />
Slide 82 Laurent Toutain Filière 2
Stateless Auto-configuration: Basic Principles<br />
Mechanisms ◮ Neighbor Discovery<br />
t=6<br />
FE80::IID1<br />
α::IID1/64<br />
FE80::IID2<br />
α::IID2/64<br />
Host set the global address and takes answering router as the<br />
default router.<br />
Slide 82 Laurent Toutain Filière 2
Optimistic DAD RFC 4429<br />
Mechanisms ◮ Neighbor Discovery<br />
<br />
<br />
<br />
<br />
<br />
DAD is a long process:<br />
•<br />
Send NS<br />
•<br />
Timeout<br />
•<br />
May be repeated<br />
for Link-Local and Global addresses<br />
Mobile node are penalized<br />
•<br />
Discover Network<br />
•<br />
Authentication<br />
•<br />
DAD, RS/RA, DAD<br />
oDAD allows to use the address before DAD<br />
if no answer to DAD then address becomes legal.<br />
Slide 83 Laurent Toutain Filière 2
Mechanisms<br />
Examples
Router Configuration Example<br />
Mechanisms ◮ Examples<br />
interface Vlan5<br />
description reseau C5<br />
ip address 192.108.119.190 255.255.255.128<br />
...<br />
ipv6 address 2001:660:7301:1::/64 eui-64<br />
ipv6 enable<br />
ipv6 nd ra-interval 10<br />
ipv6 nd prefix-advertisement 2001:660:7301:1::/64 2592000<br />
604800 onlink autoconfig<br />
Slide 85 Laurent Toutain Filière 2
Router Configuration Example<br />
Mechanisms ◮ Examples<br />
interface Vlan5<br />
description reseau C5<br />
ip address 192.108.119.190 255.255.255.128<br />
...<br />
ipv6 address 2001:660:7301:1::/64 eui-64<br />
ipv6 enable<br />
ipv6 nd ra-interval 10<br />
ipv6 nd prefix-advertisement 2001:660:7301:1::/64 2592000<br />
604800 onlink autoconfig<br />
Slide 85 Laurent Toutain Filière 2
Router Configuration Example<br />
Mechanisms ◮ Examples<br />
interface Vlan5<br />
description reseau C5<br />
ip address 192.108.119.190 255.255.255.128<br />
...<br />
ipv6 address 2001:660:7301:1::/64 eui-64<br />
ipv6 enable<br />
ipv6 nd ra-interval 10<br />
ipv6 nd prefix-advertisement 2001:660:7301:1::/64 2592000<br />
604800 onlink autoconfig<br />
Slide 85 Laurent Toutain Filière 2
Router Configuration Example<br />
Mechanisms ◮ Examples<br />
interface Vlan5<br />
description reseau C5<br />
ip address 192.108.119.190 255.255.255.128<br />
...<br />
ipv6 address 2001:660:7301:1::/64 eui-64<br />
ipv6 enable<br />
ipv6 nd ra-interval 10<br />
ipv6 nd prefix-advertisement 2001:660:7301:1::/64 2592000<br />
604800 onlink autoconfig<br />
Slide 85 Laurent Toutain Filière 2
Stateless DHCPv6 : with static parameters<br />
Mechanisms ◮ Examples<br />
FE80::IID1<br />
α::IID1/64<br />
FE80::IID2 -> FF02::1:2<br />
Information-Request<br />
FE80::IID2<br />
α::IID2/64<br />
Host needs only static parameters (DNS, NTP,...). It sends a<br />
Information-Request message to All DHCP Agents group.<br />
The scope of this address is link-local.<br />
Slide 86 Laurent Toutain Filière 2
Stateless DHCPv6 : with static parameters<br />
Mechanisms ◮ Examples<br />
γ :: IID− > FF 05 :: 1 : 3 : relay-frw[Information-request]<br />
FE80::IID1<br />
α::IID1/64<br />
FE80::IID2<br />
α::IID2/64<br />
A relay (generally the router) encapsulate the request into a<br />
forward message and send it either to the All DHCP Servers<br />
site local multicast group or to a list of pre-defined unicast<br />
addresses.<br />
Slide 86 Laurent Toutain Filière 2
Stateless DHCPv6 : with static parameters<br />
Mechanisms ◮ Examples<br />
ɛ :: IID− > γ :: IID : relay-reply[parameters, DNS,...]<br />
FE80::IID1<br />
α::IID1/64<br />
FE80::IID2<br />
α::IID2/64<br />
Server answers to the relay<br />
Slide 86 Laurent Toutain Filière 2
Stateless DHCPv6 : with static parameters<br />
Mechanisms ◮ Examples<br />
FE80::IID1<br />
α::IID1/64<br />
FE80::IID1 -> FE80::IID2<br />
parameters: DNS,...<br />
FE80::IID2<br />
α::IID2/64<br />
Router extracts information from the message to create<br />
answer and send information to the host<br />
Slide 86 Laurent Toutain Filière 2
Stateless DHCPv6 : with static parameters<br />
Mechanisms ◮ Examples<br />
DNS<br />
FE80::IID1<br />
α::IID1/64<br />
FE80::IID2<br />
α::IID2/64<br />
Host is now configured to solve name through DNS<br />
Slide 86 Laurent Toutain Filière 2
Mechanisms<br />
Neighbor Discovery Security
Security issues with Neighbor Discovery<br />
Mechanisms ◮ Neighbor Discovery Security<br />
From an attacker point of view, IPv6 attacks are:<br />
<br />
Difficult from remote network:<br />
•<br />
Scanning IPv6 network is hard (2 64 addresses)<br />
− use random IID instead of MAC-based IID<br />
•<br />
No broadcast address<br />
•<br />
Remote attacks will target hosts exposed in DNS<br />
<br />
Easy from local network:<br />
•<br />
Neighbor Discovery is not (yet) secured<br />
•<br />
Attacks inspired by ARP flaws + new attacks<br />
•<br />
Implementations not (yet) heavily tested<br />
Attacker toolkits already available !<br />
See http://www.thc.org/thc-ipv6/<br />
Slide 88 Laurent Toutain Filière 2
Examples of attacks using ND<br />
Mechanisms ◮ Neighbor Discovery Security<br />
Neighbor Discovery Snooping<br />
NS (who has FE80::IID)<br />
Host use Neighbor discovery for two cases :<br />
<br />
<br />
To get MAC address of another host (ARP-like)<br />
To verify address uniqueness (DAD)<br />
Slide 89 Laurent Toutain Filière 2
Examples of attacks using ND<br />
Mechanisms ◮ Neighbor Discovery Security<br />
Neighbor Discovery Snooping<br />
NA<br />
NA<br />
An attacker on the LAN can perfom attack by responding to ND messages<br />
<br />
<br />
ARP-like: Pretend to be any host on the LAN => Man in the Middle<br />
DAD: Pretend to have any address on the LAN => Deny of Service<br />
Slide 89 Laurent Toutain Filière 2
Examples of attacks using ND<br />
Mechanisms ◮ Neighbor Discovery Security<br />
Rogue router<br />
RS<br />
Host use Router Sollicitation to get address of the exit router and prefix<br />
used on the LAN.<br />
Slide 90 Laurent Toutain Filière 2
Examples of attacks using ND<br />
Mechanisms ◮ Neighbor Discovery Security<br />
Rogue router<br />
RA<br />
RA<br />
An attacker on the LAN can perfom attack by responding to RS messages<br />
<br />
<br />
Pretend to be the exit router => Man in the Middle<br />
Pretend to route another prefix on the LAN => Deny of Service<br />
Slide 90 Laurent Toutain Filière 2
Solutions to reduce or prevent attacks <br />
Mechanisms ◮ Neighbor Discovery Security<br />
Prevention of attacks:<br />
<br />
SEND (Secure Neighbor Discovery)<br />
•<br />
IETF solution (Work in Progress)<br />
•<br />
Use signed ND messages, with a trust relationship<br />
<br />
Level-2 Filtering<br />
•<br />
Filter ND on switch port (ex. only one port allowed to send<br />
RA)<br />
•<br />
A few switch still implements it ... (Cisco )<br />
Detection of attacks: ndpmon<br />
<br />
<br />
<br />
Similar to ARP-watch<br />
Detect Snooping and Denial of Services<br />
http://ndpmon.sf.net<br />
Slide 91 Laurent Toutain Filière 2
Example: Interface during an IETF meeting<br />
Mechanisms ◮ Neighbor Discovery Security<br />
Slide 92 Laurent Toutain Filière 2
Mechanisms<br />
DHCPv6
DHCPv6 : Stateful Auto-Configuration<br />
Mechanisms ◮ DHCPv6<br />
FE80::IID1<br />
α::IID1/64<br />
FE80::IID1 -> FE80::IID2<br />
RA (bit O=1)<br />
FE80::IID2<br />
α::IID2/64<br />
Router answers to RS with a RA message with bit O set to 1.<br />
Host should request its IPv6 address to a DHCP server.<br />
Slide 94 Laurent Toutain Filière 2
DHCPv6 : Prefix Delegation<br />
Mechanisms ◮ DHCPv6<br />
<br />
<br />
Dynamic configuration for routers<br />
ISP solution to delegate prefixes over the network<br />
α1::/48<br />
α2::/48<br />
...<br />
Slide 95 Laurent Toutain Filière 2
DHCPv6 : Prefix Delegation<br />
Mechanisms ◮ DHCPv6<br />
<br />
<br />
Dynamic configuration for routers<br />
ISP solution to delegate prefixes over the network<br />
α1::/48<br />
α1::/48<br />
α1::/48<br />
α2::/48<br />
...<br />
Slide 95 Laurent Toutain Filière 2
DHCPv6 : Prefix Delegation<br />
Mechanisms ◮ DHCPv6<br />
<br />
<br />
Dynamic configuration for routers<br />
ISP solution to delegate prefixes over the network<br />
α1:β::IID/64<br />
RA α1:β:/64<br />
α1::/48<br />
α1::/48<br />
α1::/48<br />
α2::/48<br />
...<br />
Slide 95 Laurent Toutain Filière 2
DHCPv6 Full Features<br />
Mechanisms ◮ DHCPv6<br />
<br />
<br />
For address or prefix allocation information form only one DHCPv6<br />
must be taken into account. Four message exchange :<br />
•<br />
Solicit : send by clients to locate servers<br />
•<br />
Advertise : send by servers to indicate services available<br />
•<br />
Request : send by client to a specific server (could be through<br />
relays)<br />
• Reply : send by server with parameters requested<br />
Addresses or Prefixes are allocated for certain period of time<br />
•<br />
Renew : Send by the client tells the server to extend lifetime<br />
• Rebind : If no answer from renew, the client use rebind to extend<br />
lifetime of addresses and update other configuration parameters<br />
• Reconfigure : Server informs availability of new or update<br />
information. Clients can send renew or Information-request<br />
• Release : Send by the client tells the server the client does not need<br />
any longer addresses or prefixes.<br />
• Decline : to inform server that allocated addresses are already in<br />
use on the link<br />
Slide 96 Laurent Toutain Filière 2
DHCPv6 Scenarii<br />
Mechanisms ◮ DHCPv6<br />
S2 S1 R C<br />
Slide 97 Laurent Toutain Filière 2
DHCPv6 Scenarii<br />
Mechanisms ◮ DHCPv6<br />
S2 S1 R C<br />
Relay-Forward {Solicit}<br />
Solicit<br />
Slide 97 Laurent Toutain Filière 2
DHCPv6 Scenarii<br />
Mechanisms ◮ DHCPv6<br />
S2 S1 R C<br />
Relay-Reply {Advertise}<br />
Advertise<br />
Slide 97 Laurent Toutain Filière 2
DHCPv6 Scenarii<br />
Mechanisms ◮ DHCPv6<br />
S2 S1 R C<br />
Relay-forward{Request}<br />
Request S1<br />
Slide 97 Laurent Toutain Filière 2
DHCPv6 Scenarii<br />
Mechanisms ◮ DHCPv6<br />
S2 S1 R C<br />
Relay-Reply {Reply}<br />
Reply<br />
Slide 97 Laurent Toutain Filière 2
DHCPv6 Scenarii<br />
Mechanisms ◮ DHCPv6<br />
S2 S1 R C<br />
Relay-forward{Renew}<br />
Renew S1<br />
Relay-Reply {Reply}<br />
Reply<br />
Slide 97 Laurent Toutain Filière 2
DHCPv6 Scenarii<br />
Mechanisms ◮ DHCPv6<br />
S2 S1 R C<br />
Relay-forward{Renew}<br />
Renew S1<br />
Relay-Reply {Reply}<br />
Relay-forward{Release}<br />
Reply<br />
Release S1<br />
Relay-Reply {Reply}<br />
Reply<br />
Slide 97 Laurent Toutain Filière 2
DHCPv6 Identifiers<br />
Mechanisms ◮ DHCPv6<br />
<br />
DHCPv6 defines several stable identifiers<br />
<br />
After a reboot, the host can get the same information.<br />
<br />
DUID (DHCPv6 Unique IDentifier) :<br />
•<br />
Identify the client<br />
•<br />
Variable length:<br />
− Link-layer address plus time<br />
− Vendor-assigned unique ID based on Enterprise Number<br />
− Link-layer address<br />
<br />
For instance:<br />
>od -x /var/db/dhcp6c duid<br />
0000000 000e 0100 0100 5d0a 5233 0400 9e76 0467<br />
Slide 98 Laurent Toutain Filière 2
DHCPv6 Identifier : IA and IA PD<br />
Mechanisms ◮ DHCPv6<br />
<br />
<br />
IA and IA PD are used to link Request and Reply<br />
•<br />
IA is used for Address Allocation and is linked to an Interface<br />
•<br />
IA PD is used for Prefix Delegation and can be shared among<br />
interfaces<br />
They must be stable (e.g. defined in the configuration file)<br />
Slide 99 Laurent Toutain Filière 2
Mechanisms<br />
Stateless vs Statefull
Auto-configuration: Stateless vs. Statefull<br />
Mechanisms ◮ Stateless vs Statefull<br />
Stateless<br />
Pro:<br />
<br />
<br />
Cons:<br />
<br />
<br />
Reduce manual configuration<br />
No server, no state (the router<br />
provides all information)<br />
Non-obvious addresses<br />
No control on addresses on the<br />
LAN<br />
Statefull (DHCPv6)<br />
Pro:<br />
<br />
<br />
Cons:<br />
<br />
<br />
<br />
Control of addresses on the<br />
LAN<br />
Control of address format<br />
Require an extra server<br />
Still need RA mechanism<br />
Clients to be deployed<br />
<br />
<br />
Stateless: For Plug-and-Play networks (Home Network)<br />
Statefull: For administrated networks (enterprise, institution)<br />
Slide 101 Laurent Toutain Filière 2
Forwarding Tables<br />
F.I.B
Router configuration<br />
Forwarding Tables ◮ F.I.B<br />
<br />
Router’s interface must be manually configured<br />
•<br />
assign an address + a prefix length<br />
•<br />
routers install automatically in the FIB the prefix assigned to<br />
the interface<br />
δ.1<br />
eth3<br />
γ.1<br />
eth2<br />
eth0 α.1<br />
eth1<br />
α eth0<br />
β<br />
Router<br />
eth1<br />
γ eth2<br />
δ eth3<br />
β.1<br />
Slide 103 Laurent Toutain Filière 2
Example : Cisco router<br />
Forwarding Tables ◮ F.I.B<br />
RouterB25#sh ip ro<br />
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2<br />
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2<br />
ia - IS-IS inter area, * - candidate default, U - per-user static route<br />
o - ODR, P - periodic downloaded static route<br />
Gateway of last resort is 193.50.69.73 to network 0.0.0.0<br />
B 193.52.74.0/24 [200/0] via 193.50.69.74, 1d05h<br />
192.44.77.0/24 is variably subnetted, 2 subnets, 2 masks<br />
B 192.44.77.0/24 [200/0] via 193.50.69.74, 1d05h<br />
C 192.44.77.96/28 is directly connected, GigabitEthernet0/1.16<br />
10.0.0.0/24 is subnetted, 6 subnets<br />
S 10.1.1.0 [1/0] via 192.108.119.196<br />
S 10.35.1.0 [1/0] via 192.108.119.205<br />
S 10.35.4.0 [1/0] via 192.108.119.162<br />
S 10.35.30.0 [1/0] via 192.108.119.160<br />
C 10.51.0.0 is directly connected, GigabitEthernet0/1.51<br />
C 10.49.0.0 is directly connected, GigabitEthernet0/1.49<br />
192.108.119.0/24 is variably subnetted, 6 subnets, 4 masks<br />
C 192.108.119.128/25 is directly connected, GigabitEthernet0/1.5<br />
....<br />
Slide 104 Laurent Toutain Filière 2
Example : Cisco router<br />
Forwarding Tables ◮ F.I.B<br />
RouterB25#sh ip ro<br />
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2<br />
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2<br />
ia - IS-IS inter area, * - candidate default, U - per-user static route<br />
o - ODR, P - periodic downloaded static route<br />
Gateway of last resort is 193.50.69.73 to network 0.0.0.0<br />
B 193.52.74.0/24 [200/0] via 193.50.69.74, 1d05h<br />
192.44.77.0/24 is variably subnetted, 2 subnets, 2 masks<br />
B 192.44.77.0/24 [200/0] via 193.50.69.74, 1d05h<br />
C 192.44.77.96/28 is directly connected, GigabitEthernet0/1.16<br />
10.0.0.0/24 is subnetted, 6 subnets<br />
S 10.1.1.0 [1/0] via 192.108.119.196<br />
S 10.35.1.0 [1/0] via 192.108.119.205<br />
S 10.35.4.0 [1/0] via 192.108.119.162<br />
S 10.35.30.0 [1/0] via 192.108.119.160<br />
C 10.51.0.0 is directly connected, GigabitEthernet0/1.51<br />
C 10.49.0.0 is directly connected, GigabitEthernet0/1.49<br />
192.108.119.0/24 is variably subnetted, 6 subnets, 4 masks<br />
C 192.108.119.128/25 is directly connected, GigabitEthernet0/1.5<br />
....<br />
Slide 104 Laurent Toutain Filière 2
Example : Unix<br />
Forwarding Tables ◮ F.I.B<br />
% ifconfig en1 192.168.2.100/24<br />
% netstat -rnf inet<br />
Routing tables<br />
Internet:<br />
Destination Gateway Flags Refs Use Netif Expire<br />
default 192.168.2.1 UGSc 30 16 en1<br />
10.37.129/24 link#8 UCS 1 0 en2<br />
10.37.129.2 127.0.0.1 UHS 0 160 lo0<br />
10.37.129.255 link#8 UHLWb 2 131 en2<br />
10.211.55/24 link#9 UCS 2 0 en3<br />
10.211.55.2 127.0.0.1 UHS 0 39 lo0<br />
10.211.55.255 link#9 UHLWb 1 76 en3<br />
127 127.0.0.1 UCS 0 0 lo0<br />
127.0.0.1 127.0.0.1 UH 9 252039 lo0<br />
169.254 link#5 UCS 0 0 en1<br />
192.168.2 link#5 UC 1 0 en1<br />
192.168.2.1 0:13:10:83:d5:3c UHLW 3 54 en1 1194<br />
192.168.2.100 127.0.0.1 UHS 0 3 lo0<br />
Slide 105 Laurent Toutain Filière 2
Example : Unix<br />
Forwarding Tables ◮ F.I.B<br />
% ifconfig en1 192.168.2.100/24<br />
% netstat -rnf inet<br />
Routing tables<br />
Internet:<br />
Destination Gateway Flags Refs Use Netif Expire<br />
default 192.168.2.1 UGSc 30 16 en1<br />
10.37.129/24 link#8 UCS 1 0 en2<br />
10.37.129.2 127.0.0.1 UHS 0 160 lo0<br />
10.37.129.255 link#8 UHLWb 2 131 en2<br />
10.211.55/24 link#9 UCS 2 0 en3<br />
10.211.55.2 127.0.0.1 UHS 0 39 lo0<br />
10.211.55.255 link#9 UHLWb 1 76 en3<br />
127 127.0.0.1 UCS 0 0 lo0<br />
127.0.0.1 127.0.0.1 UH 9 252039 lo0<br />
169.254 link#5 UCS 0 0 en1<br />
192.168.2 link#5 UC 1 0 en1<br />
192.168.2.1 0:13:10:83:d5:3c UHLW 3 54 en1 1194<br />
192.168.2.100 127.0.0.1 UHS 0 3 lo0<br />
Slide 105 Laurent Toutain Filière 2
Static route<br />
Forwarding Tables ◮ F.I.B<br />
<br />
Manually configured routes<br />
δ.1<br />
e3<br />
α<br />
α.2 e0 R2<br />
e0<br />
ɛ e1<br />
e1 ɛ.1<br />
γ.1<br />
e2 R1<br />
α<br />
β<br />
γ<br />
δ<br />
e0<br />
e1<br />
e2<br />
e3<br />
e0 α.1<br />
e1<br />
β.1<br />
<br />
<br />
simple to configure, but subject to errors (loops)<br />
cannot find another path if router fails<br />
Slide 106 Laurent Toutain Filière 2
Static route<br />
Forwarding Tables ◮ F.I.B<br />
<br />
Manually configured routes<br />
δ.1<br />
e3<br />
α<br />
α.2 e0 R2<br />
e0<br />
ɛ e1<br />
e1 ɛ.1<br />
γ.1<br />
e2 R1<br />
α e0<br />
β<br />
γ<br />
e1<br />
e2<br />
δ<br />
ɛ<br />
e3<br />
α.2<br />
e0 α.1<br />
e1<br />
β.1<br />
<br />
<br />
simple to configure, but subject to errors (loops)<br />
cannot find another path if router fails<br />
Slide 106 Laurent Toutain Filière 2
Static route<br />
Forwarding Tables ◮ F.I.B<br />
<br />
Manually configured routes<br />
γ.1<br />
e2 R1<br />
δ.1<br />
e3<br />
α e0<br />
β<br />
γ<br />
e1<br />
e2<br />
δ<br />
ɛ<br />
e3<br />
α.2<br />
α e0<br />
ɛ e1<br />
α.2 e0 R2 β α.1 e1<br />
γ<br />
ɛ.1<br />
α.1<br />
δ α.1<br />
e0 α.1<br />
e1<br />
β.1<br />
<br />
<br />
simple to configure, but subject to errors (loops)<br />
cannot find another path if router fails<br />
Slide 106 Laurent Toutain Filière 2
Static route<br />
Forwarding Tables ◮ F.I.B<br />
<br />
Manually configured routes<br />
Internet<br />
γ.1<br />
γ.2<br />
e2 R1<br />
δ.1<br />
e3<br />
α e0<br />
β e1<br />
γ e2<br />
δ e3<br />
ɛ α.2<br />
e1<br />
β.1<br />
α e0<br />
ɛ e1<br />
α.2 e0 R2 β α.1 e1<br />
γ<br />
ɛ.1<br />
α.1<br />
δ α.1<br />
e0 α.1<br />
<br />
<br />
simple to configure, but subject to errors (loops)<br />
cannot find another path if router fails<br />
Slide 106 Laurent Toutain Filière 2
Static route<br />
Forwarding Tables ◮ F.I.B<br />
<br />
Manually configured routes<br />
Internet<br />
γ.1<br />
γ.2<br />
e2 R1<br />
δ.1<br />
e3<br />
α e0<br />
β e1<br />
γ e2<br />
δ e3<br />
ɛ α.2<br />
0/0 γ.2<br />
e1<br />
β.1<br />
α.2<br />
α e0<br />
ɛ e1<br />
β<br />
e0 R2<br />
α.1<br />
γ α.1<br />
e1 ɛ.1<br />
δ α.1<br />
0/0 α.1<br />
e0 α.1<br />
<br />
<br />
simple to configure, but subject to errors (loops)<br />
cannot find another path if router fails<br />
Slide 106 Laurent Toutain Filière 2
Static route<br />
Forwarding Tables ◮ F.I.B<br />
<br />
Manually configured routes<br />
Internet<br />
γ.1<br />
γ.2<br />
e2 R1<br />
δ.1<br />
e3<br />
α e0<br />
β e1<br />
γ e2<br />
δ e3<br />
ɛ α.2<br />
0/0 γ.2<br />
e1<br />
β.1<br />
α.2<br />
α e0<br />
ɛ e1<br />
β<br />
e0 R2<br />
α.1<br />
γ α.1<br />
e1 ɛ.1<br />
δ α.1<br />
0/0 α.1<br />
e0 α.1<br />
<br />
<br />
simple to configure, but subject to errors (loops)<br />
cannot find another path if router fails<br />
Slide 106 Laurent Toutain Filière 2
Static route<br />
Forwarding Tables ◮ F.I.B<br />
<br />
Manually configured routes<br />
Internet<br />
γ.1<br />
γ.2<br />
e2 R1<br />
δ.1<br />
e3<br />
α e0<br />
β e1<br />
γ e2<br />
δ e3<br />
ɛ α.2<br />
0/0 γ.2<br />
e1<br />
β.1<br />
α.2<br />
α e0<br />
ɛ e1<br />
β<br />
e0 R2<br />
α.1<br />
Broken γ α.1<br />
e1 ɛ.1<br />
δ α.1<br />
0/0 α.1<br />
e0 α.1<br />
α.3<br />
α e0<br />
ɛ e1<br />
β<br />
e0 R3<br />
α.1<br />
γ α.1<br />
e1 ɛ.2<br />
δ α.1<br />
0/0 α.1<br />
<br />
<br />
simple to configure, but subject to errors (loops)<br />
cannot find another path if router fails<br />
Slide 106 Laurent Toutain Filière 2
Example : commands<br />
Forwarding Tables ◮ F.I.B<br />
<br />
<br />
<br />
BSD:<br />
•<br />
route add 10.1.2.0/24 10.0.0.1<br />
•<br />
route add default 10.0.0.1<br />
Linux:<br />
•<br />
route add 10.1.2.0/24 gw 10.0.0.1<br />
•<br />
route add default gw 10.0.0.1<br />
Cisco:<br />
•<br />
ip route 10.1.2.0 255.255.255.0 10.0.0.1<br />
•<br />
ip route 0.0.0.0 0.0.0.0 10.0.0.1<br />
Slide 107 Laurent Toutain Filière 2
Example : Cisco router<br />
Forwarding Tables ◮ F.I.B<br />
RouterB25#sh ip ro<br />
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP<br />
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area<br />
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2<br />
E1 - OSPF external type 1, E2 - OSPF external type 2<br />
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2<br />
ia - IS-IS inter area, * - candidate default, U - per-user static route<br />
o - ODR, P - periodic downloaded static route<br />
Gateway of last resort is 193.50.69.73 to network 0.0.0.0<br />
B 193.52.74.0/24 [200/0] via 193.50.69.74, 1d05h<br />
192.44.77.0/24 is variably subnetted, 2 subnets, 2 masks<br />
B 192.44.77.0/24 [200/0] via 193.50.69.74, 1d05h<br />
C 192.44.77.96/28 is directly connected, GigabitEthernet0/1.16<br />
10.0.0.0/24 is subnetted, 6 subnets<br />
S 10.1.1.0 [1/0] via 192.108.119.196<br />
S 10.35.1.0 [1/0] via 192.108.119.205<br />
S 10.35.4.0 [1/0] via 192.108.119.162<br />
S 10.35.30.0 [1/0] via 192.108.119.160<br />
C 10.51.0.0 is directly connected, GigabitEthernet0/1.51<br />
C 10.49.0.0 is directly connected, GigabitEthernet0/1.49<br />
192.108.119.0/24 is variably subnetted, 6 subnets, 4 masks<br />
C 192.108.119.128/25 is directly connected, GigabitEthernet0/1.5<br />
....<br />
Slide 108 Laurent Toutain Filière 2
Forwarding Tables<br />
Routing Protocols
Routing Protocol<br />
Forwarding Tables ◮ Routing Protocols<br />
Definition<br />
A routing protocol is an application sharing knowledge among<br />
routers to construct FIB<br />
<br />
<br />
The application may have its own database different from the<br />
FIB<br />
Two families of routing protocol are defined:<br />
•<br />
Interior Gateway Protocol<br />
−<br />
Simple configuration (even if protocol can be complex)<br />
− Discover other routers, and exchange information<br />
− Ex: RIPv2 (Distant Vector), OSPF or IS-IS (Link State)<br />
•<br />
Exterior GAteway Protocol<br />
− A lot of controls, nothing is automatically learnt<br />
− Complex configuration to hide or show prefixes<br />
− Used mainly between providers<br />
− Only one protocol used : Border Gateway Protocol<br />
Slide 110 Laurent Toutain Filière 2
outer’s behavior<br />
Forwarding Tables ◮ Routing Protocols<br />
<br />
<br />
<br />
<br />
All router have a manual configuration of their interfaces<br />
Prefixes learnt from this configuration are spread among other<br />
routers<br />
Routers select announcement and add these prefixes in their<br />
FIB<br />
Routing announcement and traffic (forwarding) go the<br />
opposite direction<br />
R1<br />
R2<br />
R3<br />
R.P.<br />
R.P.<br />
R.P.<br />
FIB<br />
FIB<br />
FIB<br />
Slide 111 Laurent Toutain Filière 2
outer’s behavior<br />
Forwarding Tables ◮ Routing Protocols<br />
<br />
<br />
<br />
<br />
All router have a manual configuration of their interfaces<br />
Prefixes learnt from this configuration are spread among other<br />
routers<br />
Routers select announcement and add these prefixes in their<br />
FIB<br />
Routing announcement and traffic (forwarding) go the<br />
opposite direction<br />
R1<br />
R2<br />
R3<br />
R.P.<br />
R.P.<br />
R.P.<br />
α, FIB β γ, FIB δ ɛ, FIB ζ<br />
Slide 111 Laurent Toutain Filière 2
outer’s behavior<br />
Forwarding Tables ◮ Routing Protocols<br />
<br />
<br />
<br />
<br />
All router have a manual configuration of their interfaces<br />
Prefixes learnt from this configuration are spread among other<br />
routers<br />
Routers select announcement and add these prefixes in their<br />
FIB<br />
Routing announcement and traffic (forwarding) go the<br />
opposite direction<br />
R1<br />
R2<br />
R3<br />
α, R.P. β γ, R.P. δ ɛ, R.P. ζ<br />
α, FIB β γ, FIB δ ɛ, FIB ζ<br />
Slide 111 Laurent Toutain Filière 2
outer’s behavior<br />
Forwarding Tables ◮ Routing Protocols<br />
<br />
<br />
<br />
<br />
All router have a manual configuration of their interfaces<br />
Prefixes learnt from this configuration are spread among other<br />
routers<br />
Routers select announcement and add these prefixes in their<br />
FIB<br />
Routing announcement and traffic (forwarding) go the<br />
opposite direction<br />
R1<br />
R2<br />
R3<br />
Routing Protocol<br />
Routing Protocol<br />
α, R.P. β γ, R.P. δ ɛ, R.P. ζ<br />
α, FIB β γ, FIB δ ɛ, FIB ζ<br />
Slide 111 Laurent Toutain Filière 2
outer’s behavior<br />
Forwarding Tables ◮ Routing Protocols<br />
<br />
<br />
<br />
<br />
All router have a manual configuration of their interfaces<br />
Prefixes learnt from this configuration are spread among other<br />
routers<br />
Routers select announcement and add these prefixes in their<br />
FIB<br />
Routing announcement and traffic (forwarding) go the<br />
opposite direction<br />
R1<br />
R2<br />
R3<br />
Routing Protocol<br />
Routing Protocol<br />
α, β, R.P. γ, δ, ɛ, ζ α, β, R.P. γ, δ, ɛ, ζ α, β, R.P. γ, δ, ɛ, ζ<br />
α, FIB β γ, FIB δ ɛ, FIB ζ<br />
Slide 111 Laurent Toutain Filière 2
outer’s behavior<br />
Forwarding Tables ◮ Routing Protocols<br />
<br />
<br />
<br />
<br />
All router have a manual configuration of their interfaces<br />
Prefixes learnt from this configuration are spread among other<br />
routers<br />
Routers select announcement and add these prefixes in their<br />
FIB<br />
Routing announcement and traffic (forwarding) go the<br />
opposite direction<br />
R1<br />
R2<br />
R3<br />
Routing Protocol<br />
Routing Protocol<br />
α, β, R.P. γ, δ, ɛ, ζ α, β, R.P. γ, δ, ɛ, ζ α, β, R.P. γ, δ, ɛ, ζ<br />
α, FIB β γ, FIB δ ɛ, FIB ζ<br />
Slide 111 Laurent Toutain Filière 2
outer’s behavior<br />
Forwarding Tables ◮ Routing Protocols<br />
<br />
<br />
<br />
<br />
All router have a manual configuration of their interfaces<br />
Prefixes learnt from this configuration are spread among other<br />
routers<br />
Routers select announcement and add these prefixes in their<br />
FIB<br />
Routing announcement and traffic (forwarding) go the<br />
opposite direction<br />
R1<br />
R2<br />
R3<br />
Routing Protocol<br />
Routing Protocol<br />
α, β, R.P. γ, δ, ɛ, ζ α, β, R.P. γ, δ, ɛ, ζ α, β, R.P. γ, δ, ɛ, ζ<br />
α, β, FIB γ, δ, ɛ, ζ α, β, FIB γ, δ, ɛ, ζ α, β, FIB γ, δ, ɛ, ζ<br />
Slide 111 Laurent Toutain Filière 2
outer’s behavior<br />
Forwarding Tables ◮ Routing Protocols<br />
<br />
<br />
<br />
<br />
All router have a manual configuration of their interfaces<br />
Prefixes learnt from this configuration are spread among other<br />
routers<br />
Routers select announcement and add these prefixes in their<br />
FIB<br />
Routing announcement and traffic (forwarding) go the<br />
opposite direction<br />
R1<br />
R2<br />
R3<br />
α<br />
α<br />
α, β, R.P. γ, δ, ɛ, ζ α, β, R.P. γ, δ, ɛ, ζ α, β, R.P. γ, δ, ɛ, ζ<br />
ɛ− > α<br />
α, β, FIB γ, δ, ɛ, ζ α, β, FIB γ, δ, ɛ, ζ α, β, FIB γ, δ, ɛ, ζ<br />
Slide 111 Laurent Toutain Filière 2
Distant Vector<br />
Distant Vector Algorithm<br />
<br />
Very simple algorithm<br />
<br />
Routing Protocol database and FIB are common<br />
•<br />
A cost (usually the number of router to cross) is just added to<br />
each prefix<br />
<br />
Router periodically broadcast their FIB on each link they are<br />
connected<br />
<br />
If a router find a new prefix in broadcasted information, ...<br />
<br />
or if an broadcasted prefix as a lower cost than the one<br />
already stored<br />
•<br />
This entry is added/changed in the FIB<br />
•<br />
Next Hop is set to the IP address of the broadcasting router<br />
•<br />
Cost is increased by one<br />
<br />
Otherwise the information is ignored<br />
<br />
Current implementation:<br />
•<br />
IPv4: RIPv2 (RFC 1723)<br />
•<br />
IPv6: RIPng (RFC 2080)<br />
Slide 112 Laurent Toutain Filière 2
Distant Vector<br />
Distant Vector Example (Add Route)<br />
δ.1<br />
e3<br />
α e0 (0)<br />
α.2 e0 R2 ɛ e1 (0) e1 ɛ.1<br />
γ.1<br />
e2 R1<br />
α e0 (0)<br />
β<br />
γ<br />
e1 (0)<br />
e2 (0)<br />
δ e3 (0)<br />
e0 α.1<br />
e1<br />
β.1<br />
α e0 (0)<br />
α.3 e0 R3 ɛ e1 (0) e1 ɛ.2<br />
Slide 113 Laurent Toutain Filière 2
Distant Vector<br />
Distant Vector Example (Add Route)<br />
R1<br />
α 1<br />
β<br />
γ<br />
1<br />
1<br />
δ 1<br />
δ.1<br />
e3<br />
α e0 (0)<br />
α.2 e0 R2 ɛ e1 (0) e1 ɛ.1<br />
γ.1<br />
e2 R1<br />
α e0 (0)<br />
β<br />
γ<br />
e1 (0)<br />
e2 (0)<br />
δ e3 (0)<br />
e0 α.1<br />
e1<br />
β.1<br />
α e0 (0)<br />
α.3 e0 R3 ɛ e1 (0) e1 ɛ.2<br />
Slide 113 Laurent Toutain Filière 2
Distant Vector<br />
Distant Vector Example (Add Route)<br />
R1<br />
α 1<br />
β<br />
γ<br />
1<br />
1<br />
δ 1<br />
γ.1<br />
e2 R1<br />
δ.1<br />
e3<br />
α e0 (0)<br />
β<br />
γ<br />
e1 (0)<br />
e2 (0)<br />
δ e3 (0)<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.2 e0 R2 β α.1 (1) e1<br />
γ<br />
ɛ.1<br />
α.1 (1)<br />
δ α.1 (1)<br />
e0 α.1<br />
e1<br />
β.1<br />
α e0 (0)<br />
α.3 e0 R3 ɛ e1 (0) e1 ɛ.2<br />
Slide 113 Laurent Toutain Filière 2
Distant Vector<br />
Distant Vector Example (Add Route)<br />
R2<br />
α<br />
ɛ<br />
1<br />
1<br />
β<br />
γ<br />
2<br />
2<br />
δ 2<br />
γ.1<br />
e2 R1<br />
δ.1<br />
e3<br />
α e0 (0)<br />
β<br />
γ<br />
e1 (0)<br />
e2 (0)<br />
δ e3 (0)<br />
ɛ α.2 (1)<br />
e1<br />
β.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.2 e0 R2 β α.1 (1) e1<br />
γ<br />
ɛ.1<br />
α.1 (1)<br />
δ α.1 (1)<br />
e0 α.1<br />
α e0 (0)<br />
α.3 e0 R3 ɛ e1 (0) e1 ɛ.2<br />
Slide 113 Laurent Toutain Filière 2
Distant Vector<br />
Distant Vector Example (Add Route)<br />
γ.1<br />
e2 R1<br />
δ.1<br />
e3<br />
α e0 (0)<br />
β<br />
γ<br />
e1 (0)<br />
e2 (0)<br />
δ e3 (0)<br />
ɛ α.2 (1)<br />
e1<br />
β.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.2 e0 R2 β α.1 (1) e1<br />
γ<br />
ɛ.1<br />
α.1 (1)<br />
δ α.1 (1)<br />
e0 α.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.3 e0 R3 β ɛ.1 (2) e1<br />
γ<br />
ɛ.2<br />
ɛ.1 (2)<br />
δ ɛ.1 (2)<br />
Slide 113 Laurent Toutain Filière 2
Distant Vector<br />
Distant Vector Example (Add Route)<br />
γ.1<br />
e2 R1<br />
δ.1<br />
e3<br />
α e0 (0)<br />
β<br />
γ<br />
e1 (0)<br />
e2 (0)<br />
δ e3 (0)<br />
ɛ α.2 (1)<br />
e1<br />
β.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.2 e0 R2 β α.1 (1) e1<br />
γ<br />
ɛ.1<br />
α.1 (1)<br />
δ α.1 (1)<br />
e0 α.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.3 e0 R3 β ɛ.1 (2) e1<br />
γ<br />
ɛ.2<br />
ɛ.1 (2)<br />
δ ɛ.1 (2)<br />
Slide 113 Laurent Toutain Filière 2
Distant Vector<br />
Distant Vector Example (Add Route)<br />
γ.1<br />
e2 R1<br />
δ.1<br />
e3<br />
α e0 (0)<br />
β<br />
γ<br />
e1 (0)<br />
e2 (0)<br />
δ e3 (0)<br />
ɛ α.2 (1)<br />
e1<br />
β.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.2 e0 R2 β α.1 (1) e1<br />
γ<br />
ɛ.1<br />
α.1 (1)<br />
δ α.1 (1)<br />
e0 α.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.3 e0 R3 β ɛ.1 (2) e1<br />
γ<br />
ɛ.2<br />
ɛ.1 (2)<br />
δ ɛ.1 (2)<br />
Slide 113 Laurent Toutain Filière 2
Distant Vector<br />
Distant Vector Example (Add Route)<br />
γ.1<br />
e2 R1<br />
δ.1<br />
e3<br />
α e0 (0)<br />
β<br />
γ<br />
e1 (0)<br />
e2 (0)<br />
δ e3 (0)<br />
ɛ α.2 (1)<br />
e1<br />
β.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.2 e0 R2 β α.1 (1) e1<br />
γ<br />
ɛ.1<br />
α.1 (1)<br />
δ α.1 (1)<br />
e0 α.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.3 e0 R3 β α.1 (1) e1<br />
γ<br />
ɛ.2<br />
α.1 (1)<br />
δ α.1 (1)<br />
Slide 113 Laurent Toutain Filière 2
Distant Vector<br />
<br />
<br />
<br />
<br />
<br />
<br />
Distance Vector convergence<br />
Distant Vector (DV) implies periodic refreshing<br />
•<br />
To discover best path<br />
•<br />
To discover dead routers<br />
In RIP Routing Table are flooded every 30 seconds<br />
No specific message to remove an entry<br />
•<br />
If an entry is not seen during X flooding, this entry is removed<br />
− In RIP X = 3 (90 s)<br />
•<br />
Remove is similar to set cost to ∞<br />
DV cannot be used if Routing Table contains a lot of entries<br />
•<br />
For instance core network routers may contain 220 000 entries<br />
DV can only be used in very small networks<br />
DV have also bad convergence performances...<br />
Slide 114 Laurent Toutain Filière 2
Distant Vector<br />
Distant Vector Example (Change Route)<br />
γ.1<br />
e2 R1<br />
δ.1<br />
e3<br />
α e0 (0)<br />
β<br />
γ<br />
e1 (0)<br />
e2 (0)<br />
δ e3 (0)<br />
ɛ α.2 (1)<br />
e1<br />
β.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.2 e0 R2 β α.1 (1) e1<br />
γ<br />
ɛ.1<br />
α.1 (1)<br />
δ α.1 (1)<br />
e0 α.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.3 e0 R3 β α.1 (1) e1<br />
γ<br />
ɛ.2<br />
α.1 (1)<br />
δ α.1 (1)<br />
Slide 115 Laurent Toutain Filière 2
Distant Vector<br />
Distant Vector Example (Change Route)<br />
γ.1<br />
e2 R1<br />
δ.1<br />
e3<br />
α e0 (0)<br />
β<br />
γ<br />
e1 (0)<br />
e2 (0)<br />
δ e3 (0)<br />
ɛ α.2 (1)<br />
e1<br />
β.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.2 e0 R2 β α.1 (1) e1<br />
γ<br />
ɛ.1<br />
α.1 (1)<br />
δ α.1 (1)<br />
e0 α.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.3 e0 R3 β α.1 (1) e1<br />
γ<br />
ɛ.2<br />
α.1 (1)<br />
δ α.1 (1)<br />
Slide 115 Laurent Toutain Filière 2
Distant Vector<br />
Distant Vector Example (Change Route)<br />
γ.1<br />
e2 R1<br />
δ.1<br />
e3<br />
α e0 (0)<br />
β<br />
γ<br />
e1 (0)<br />
e2 (0)<br />
δ e3 (0)<br />
ɛ – (∞)<br />
e1<br />
β.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.2 e0 R2 β α.1 (1) e1<br />
γ<br />
ɛ.1<br />
α.1 (1)<br />
δ α.1 (1)<br />
e0 α.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.3 e0 R3 β α.1 (1) e1<br />
γ<br />
ɛ.2<br />
α.1 (1)<br />
δ α.1 (1)<br />
Slide 115 Laurent Toutain Filière 2
Distant Vector<br />
Distant Vector Example (Change Route)<br />
γ.1<br />
e2 R1<br />
δ.1<br />
e3<br />
α e0 (0)<br />
β<br />
γ<br />
e1 (0)<br />
e2 (0)<br />
δ e3 (0)<br />
ɛ – (∞)<br />
e1<br />
β.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.2 e0 R2 β α.1 (1) e1<br />
γ<br />
ɛ.1<br />
α.1 (1)<br />
δ α.1 (1)<br />
e0 α.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.3 e0 R3 β α.1 (1) e1<br />
γ<br />
ɛ.2<br />
α.1 (1)<br />
δ α.1 (1)<br />
Slide 115 Laurent Toutain Filière 2
Distant Vector<br />
Distant Vector Example (Change Route)<br />
γ.1<br />
e2 R1<br />
δ.1<br />
e3<br />
α e0 (0)<br />
β<br />
γ<br />
e1 (0)<br />
e2 (0)<br />
δ e3 (0)<br />
ɛ α.3 (1)<br />
e1<br />
β.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.2 e0 R2 β ɛ.2 (2) e1<br />
γ<br />
ɛ.1<br />
ɛ.2 (2)<br />
δ ɛ.2 (2)<br />
e0 α.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.3 e0 R3 β α.1 (1) e1<br />
γ<br />
ɛ.2<br />
α.1 (1)<br />
δ α.1 (1)<br />
Slide 115 Laurent Toutain Filière 2
Distant Vector<br />
Distant Vector Example (Bad Convergence)<br />
γ.1<br />
e2 R1<br />
δ.1<br />
e3<br />
α e0 (0)<br />
β<br />
γ<br />
e1 (0)<br />
e2 (0)<br />
δ e3 (0)<br />
ɛ α.2 (1)<br />
e1<br />
β.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.2 e0 R2 β α.1 (1) e1<br />
γ<br />
ɛ.1<br />
α.1 (1)<br />
δ α.1 (1)<br />
e0 α.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.3 e0 R3 β α.1 (1) e1<br />
γ<br />
ɛ.2<br />
α.1 (1)<br />
δ α.1 (1)<br />
Slide 116 Laurent Toutain Filière 2
Distant Vector<br />
Distant Vector Example (Bad Convergence)<br />
γ.1<br />
e2 R1<br />
δ.1<br />
e3<br />
α e0 (0)<br />
β<br />
γ<br />
e1 (0)<br />
e2 (∞)<br />
δ e3 (0)<br />
ɛ α.2 (1)<br />
e1<br />
β.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.2 e0 R2 β α.1 (1) e1<br />
γ<br />
ɛ.1<br />
α.1 (1)<br />
δ α.1 (1)<br />
e0 α.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.3 e0 R3 β α.1 (1) e1<br />
γ<br />
ɛ.2<br />
α.1 (1)<br />
δ α.1 (1)<br />
Slide 116 Laurent Toutain Filière 2
Distant Vector<br />
Distant Vector Example (Bad Convergence)<br />
γ.1<br />
e2 R1<br />
δ.1<br />
e3<br />
α e0 (0)<br />
β<br />
γ<br />
e1 (0)<br />
e2 (∞)<br />
δ e3 (0)<br />
ɛ α.2 (1)<br />
e1<br />
β.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.2 e0 R2 β α.1 (1) e1<br />
γ<br />
ɛ.1<br />
– (∞)<br />
δ α.1 (1)<br />
e0 α.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.3 e0 R3 β α.1 (1) e1<br />
γ<br />
ɛ.2<br />
α.1 (1)<br />
δ α.1 (1)<br />
Slide 116 Laurent Toutain Filière 2
Distant Vector<br />
Distant Vector Example (Bad Convergence)<br />
γ.1<br />
e2 R1<br />
δ.1<br />
e3<br />
α e0 (0)<br />
β<br />
γ<br />
e1 (0)<br />
α.2 (2)<br />
δ e3 (0)<br />
ɛ α.2 (1)<br />
e1<br />
β.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.2 e0 R2 β α.1 (1) e1<br />
γ<br />
ɛ.1<br />
α.3 (2)<br />
δ α.1 (1)<br />
e0 α.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.3 e0 R3 β α.1 (1) e1<br />
γ<br />
ɛ.2<br />
α.1 (1)<br />
δ α.1 (1)<br />
Slide 116 Laurent Toutain Filière 2
Distant Vector<br />
Distant Vector Example (Bad Convergence)<br />
γ.1<br />
e2 R1<br />
δ.1<br />
e3<br />
α e0 (0)<br />
β<br />
γ<br />
e1 (0)<br />
α.2 (2)<br />
δ e3 (0)<br />
ɛ α.2 (1)<br />
e1<br />
β.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.2 e0 R2 β α.1 (1) e1<br />
γ<br />
ɛ.1<br />
α.3 (2)<br />
δ α.1 (1)<br />
e0 α.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.3 e0 R3 β α.1 (1) e1<br />
γ<br />
ɛ.2<br />
α.1 (1)<br />
δ α.1 (1)<br />
Slide 116 Laurent Toutain Filière 2
Distant Vector<br />
Distant Vector Example (Bad Convergence)<br />
γ.1<br />
e2 R1<br />
δ.1<br />
e3<br />
α e0 (0)<br />
β<br />
γ<br />
e1 (0)<br />
α.2 (2)<br />
δ e3 (0)<br />
ɛ α.2 (1)<br />
e1<br />
β.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.2 e0 R2 β α.1 (1) e1<br />
γ<br />
ɛ.1<br />
α.3 (2)<br />
δ α.1 (1)<br />
e0 α.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.3 e0 R3 β α.1 (1) e1<br />
γ<br />
ɛ.2<br />
α.1 (3)<br />
δ α.1 (1)<br />
Slide 116 Laurent Toutain Filière 2
Distant Vector<br />
Distant Vector Example (Bad Convergence)<br />
γ.1<br />
e2 R1<br />
δ.1<br />
e3<br />
α e0 (0)<br />
β<br />
γ<br />
e1 (0)<br />
α.2 (2)<br />
δ e3 (0)<br />
ɛ α.2 (1)<br />
e1<br />
β.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.2 e0 R2 β α.1 (1) e1<br />
γ<br />
ɛ.1<br />
α.3 (2)<br />
δ α.1 (1)<br />
e0 α.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.3 e0 R3 β α.1 (1) e1<br />
γ<br />
ɛ.2<br />
α.1 (3)<br />
δ α.1 (1)<br />
Slide 116 Laurent Toutain Filière 2
Distant Vector<br />
Distant Vector Example (Bad Convergence)<br />
γ.1<br />
e2 R1<br />
δ.1<br />
e3<br />
α e0 (0)<br />
β<br />
γ<br />
e1 (0)<br />
α.2 (4)<br />
δ e3 (0)<br />
ɛ α.2 (1)<br />
e1<br />
β.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.2 e0 R2 β α.1 (1) e1<br />
γ<br />
ɛ.1<br />
α.3 (4)<br />
δ α.1 (1)<br />
e0 α.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.3 e0 R3 β α.1 (1) e1<br />
γ<br />
ɛ.2<br />
α.1 (3)<br />
δ α.1 (1)<br />
Slide 116 Laurent Toutain Filière 2
Distant Vector<br />
Conter Measures<br />
<br />
3 ways to reduce this impact :<br />
•<br />
16 = ∞:<br />
− Not only 15 routers in the network but :<br />
− 15 routers between two links<br />
•<br />
Poisoning reverse:<br />
− When receiving a route marked ∞, mark it immediately ∞<br />
− Propagate rapidly route withdraw to avoid wrong routing<br />
messages<br />
•<br />
Split Horizon:<br />
−<br />
Do not announce through an interface, routes that use this<br />
interface.<br />
Slide 117 Laurent Toutain Filière 2
Distant Vector<br />
Distant Vector Example (Split Horizon)<br />
R2/R3 ɛ 1 R2/R3<br />
α 1<br />
β<br />
γ<br />
2<br />
1<br />
δ 2<br />
γ.1<br />
e2 R1<br />
δ.1<br />
e3<br />
α e0 (0)<br />
β<br />
γ<br />
e1 (0)<br />
e2 (∞)<br />
δ e3 (0)<br />
ɛ α.2 (1)<br />
e1<br />
β.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.2 e0 R2 β α.1 (1) e1<br />
γ<br />
ɛ.1<br />
α.1 (1)<br />
δ α.1 (1)<br />
e0 α.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.3 e0 R3 β α.1 (1) e1<br />
γ<br />
ɛ.2<br />
α.1 (1)<br />
δ α.1 (1)<br />
Slide 118 Laurent Toutain Filière 2
Distant Vector<br />
Distant Vector Example (Split Horizon)<br />
Split Horizon does not work here!<br />
γ.1<br />
e2 R1<br />
δ.1<br />
e3<br />
α e0 (0)<br />
β<br />
γ<br />
e1 (0)<br />
e2 (∞)<br />
δ e3 (0)<br />
ɛ α.2 (1)<br />
e1<br />
β.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.2 e0 R2 β α.1 (1) e1<br />
γ<br />
ɛ.1<br />
α.1 (1)<br />
δ α.1 (1)<br />
e0 α.1<br />
α e0 (0)<br />
ɛ e1 (0)<br />
α.3 e0 R3 β α.1 (1) e1<br />
γ<br />
ɛ.2<br />
α.1 (1)<br />
δ α.1 (1)<br />
Slide 118 Laurent Toutain Filière 2
Distant Vector<br />
<br />
<br />
<br />
<br />
Distant Vector : Summary<br />
Distant Vector is very simple to understand, manage,<br />
implement.<br />
Performances are weak:<br />
•<br />
Shortsighted network vision: based on summary made by other<br />
routers<br />
− Like concierges exchanging gossips<br />
•<br />
Can lead to routing loops or long delays to reconnect parts of<br />
the network.<br />
•<br />
Periodically all routing table must be sent on the network:<br />
− to detect dead routers<br />
− to detect better paths<br />
•<br />
Generates network and processing load<br />
Distant Vector must be limited to small network<br />
auto-configuration<br />
RIPv2 implement this algorithm<br />
Slide 119 Laurent Toutain Filière 2
Distant Vector<br />
RIP
RIP v2<br />
Distant Vector ◮ RIP<br />
0..................7...................15...................23....................31<br />
Command Version=2 Unused<br />
Address Family=0x0800<br />
Route Tag<br />
IPv4 Prefix<br />
Netmask<br />
Next Hop<br />
Cost<br />
<br />
Multicast address : 224.0.0.9, UDP Port Number 520<br />
<br />
<br />
Next Hop : instead of the source address in the IP header<br />
Route Tag : Differentiate internal and external routes<br />
Slide 121 Laurent Toutain Filière 2
RIPng<br />
Distant Vector ◮ RIP<br />
0..................7...................15...................23....................31<br />
Command Version=1 Unused<br />
IPv6 Prefix<br />
Route Tag Pref len Cost<br />
<br />
Multicast address : ff02:2::9, UDP Port Number 521<br />
<br />
<br />
Next Hop : instead of the source address in the IP header<br />
Route Tag : Differentiate internal and external routes<br />
Slide 122 Laurent Toutain Filière 2
Securing Routing Protocols<br />
Distant Vector ◮ RIP<br />
<br />
Routing messages can be viewed as configuration messages:<br />
•<br />
Forging wrong routing messages can highjack some traffics<br />
•<br />
announcing default route may block communications<br />
Internet<br />
Slide 123 Laurent Toutain Filière 2
Securing Routing Protocols<br />
Distant Vector ◮ RIP<br />
<br />
Routing messages can be viewed as configuration messages:<br />
•<br />
Forging wrong routing messages can highjack some traffics<br />
•<br />
announcing default route may block communications<br />
default<br />
Black Hole<br />
Internet<br />
Slide 123 Laurent Toutain Filière 2
Securing Routing Protocols<br />
Distant Vector ◮ RIP<br />
<br />
Routing messages can be viewed as configuration messages:<br />
•<br />
Forging wrong routing messages can highjack some traffics<br />
•<br />
announcing default route may block communications<br />
Tunnel<br />
Internet<br />
Slide 123 Laurent Toutain Filière 2
Securing Routing Protocol<br />
Distant Vector ◮ RIP<br />
<br />
<br />
include a secret password on each message<br />
•<br />
protect from configuration mistakes<br />
•<br />
weak security, since packets can be eavesdropped and secret<br />
learnt<br />
use cryptographic<br />
•<br />
RIPng uses built-in IPsec extentions<br />
•<br />
RIPv2 uses its own mechanisms<br />
− Originally based on MD5 algorithm (RFC 2082)<br />
− Obsoleted by RFC 4822, recommending SHA1 algorithm.<br />
Slide 124 Laurent Toutain Filière 2
RIP v2<br />
Distant Vector ◮ RIP<br />
0.........7........15..........23..........31<br />
Command Version=2 Unused<br />
A.F.=0xFFFF authentification =0003<br />
RIPv2 packet len Key ID Auth len<br />
Sequence Number (non-decreasing)<br />
Must Be Zero<br />
Must Be Zero<br />
RIPv2 routes<br />
Authentication Tag: 2: clear passwd<br />
(deprecated), 3: cryptographic<br />
Key ID: describes security association<br />
(MD5 or HMAC-SHA1)<br />
Sequence: avoid replay (router must<br />
keep it in non-volatile memory)<br />
Auth. Data: result of the Hash<br />
0xFFFF<br />
0x0001<br />
algorithm<br />
Authentication Data (variable)<br />
Slide 125 Laurent Toutain Filière 2
Link States<br />
Algorithms
Link State Algorithm<br />
Link States ◮ Algorithms<br />
<br />
<br />
<br />
Distant Vector leads to a shortsighted view of network<br />
topology<br />
•<br />
each router processes routing messages<br />
•<br />
split horizon help for the first next hop<br />
•<br />
periodically flush all routing information<br />
•<br />
can be compared to caretaker exchanging gossip!<br />
Link State Protocols are divided in several states<br />
•<br />
learn network topology<br />
•<br />
exchange/flood local configuration<br />
•<br />
compute shortest path to a destination prefix<br />
•<br />
fill the FIB with Next Hop<br />
•<br />
less traffic, incremental updates<br />
•<br />
More a database synchronization algorithm than a routing<br />
protocol<br />
Two implementations<br />
•<br />
OSPF : v2 for IPv4 and v3 for IPv6<br />
•<br />
IS-IS : IP agnostic<br />
Slide 127 Laurent Toutain Filière 2
Example: Database initialization<br />
Link States ◮ Algorithms<br />
η ζ<br />
D E F<br />
β γ ɛ<br />
δ<br />
α<br />
A B C<br />
Slide 128 Laurent Toutain Filière 2
Example: Database initialization<br />
Link States ◮ Algorithms<br />
η ζ<br />
η e0<br />
D β ppp0<br />
ζ e0<br />
γ<br />
E F<br />
ppp1<br />
δ ppp0<br />
β γ ɛ<br />
δ<br />
ζ<br />
ɛ<br />
e0<br />
e1<br />
α<br />
α e0<br />
γ<br />
A β ppp0 B<br />
ppp0<br />
C<br />
α<br />
δ<br />
e0<br />
ppp1<br />
α<br />
ɛ<br />
e0<br />
e1<br />
Slide 128 Laurent Toutain Filière 2
Example: Database initialization<br />
Link States ◮ Algorithms<br />
η ζ<br />
D E F<br />
β γ ɛ<br />
δ<br />
α<br />
A B η ζ C<br />
η e0<br />
D β ppp0<br />
ζ e0<br />
γ<br />
E F<br />
ppp1<br />
δ ppp0<br />
β γ ɛ<br />
δ<br />
ζ<br />
ɛ<br />
e0<br />
e1<br />
α<br />
α e0<br />
γ<br />
A β ppp0 B<br />
ppp0<br />
C<br />
α<br />
δ<br />
e0<br />
ppp1<br />
α<br />
ɛ<br />
e0<br />
e1<br />
Slide 128 Laurent Toutain Filière 2
Example: Database initialization<br />
Link States ◮ Algorithms<br />
A cost is associated to each interface (for example related to the speed)<br />
α<br />
η ζ<br />
η 10<br />
D β<br />
ζ<br />
100<br />
10<br />
γ<br />
E F<br />
100<br />
δ 100<br />
β γ ɛ<br />
δ<br />
α<br />
α<br />
10<br />
10<br />
γ η<br />
α<br />
A β 100 B 100<br />
10<br />
ζ C ɛ<br />
η e0<br />
δ 100<br />
10<br />
D β ppp0<br />
ζ e0<br />
γ<br />
E F<br />
ppp1<br />
δ ppp0<br />
β γ ɛ<br />
δ<br />
ζ 10<br />
ɛ 10<br />
ζ<br />
ɛ<br />
e0<br />
e1<br />
α<br />
α e0<br />
γ<br />
A β ppp0 B<br />
ppp0<br />
C<br />
α<br />
δ<br />
e0<br />
ppp1<br />
α<br />
ɛ<br />
e0<br />
e1<br />
Slide 128 Laurent Toutain Filière 2
Example: Database state after<br />
synchronization<br />
Link States ◮ Algorithms<br />
<br />
<br />
After a flooding period (explained latter) all routers have<br />
exchanged their information<br />
Each router has all entries in its database<br />
A<br />
α 10<br />
β 100<br />
B<br />
α 10<br />
γ 100<br />
δ 100<br />
C<br />
α 10<br />
ɛ 10<br />
D<br />
η 10<br />
β<br />
γ<br />
100<br />
100<br />
E<br />
ζ 10<br />
δ 100<br />
F<br />
ζ 10<br />
ɛ 10<br />
<br />
<br />
<br />
<br />
Entries are called Link State<br />
These entries gives a full knowledge of the network topology<br />
can be viewed as a graph with nodes (router) and vertex<br />
(prefixes)<br />
find the shortest paths from the root (router doing<br />
computation) to prefixes<br />
•<br />
based on Dijkstra’s algorithm<br />
•<br />
explore the graph always using the shortest path<br />
•<br />
complexity is O(N 2 )<br />
Slide 129 Laurent Toutain Filière 2
Example: Shortest Path First Algorithm<br />
Link States ◮ Algorithms<br />
A<br />
Slide 130 Laurent Toutain Filière 2
Example: Shortest Path First Algorithm<br />
Link States ◮ Algorithms<br />
B<br />
10<br />
α<br />
10<br />
10<br />
C<br />
A<br />
100<br />
100<br />
β<br />
D<br />
Slide 130 Laurent Toutain Filière 2
Example: Shortest Path First Algorithm<br />
Link States ◮ Algorithms<br />
B<br />
α 20 110 110<br />
γ<br />
10<br />
δ<br />
α<br />
10<br />
10<br />
C<br />
A<br />
100<br />
100<br />
β<br />
D<br />
Slide 130 Laurent Toutain Filière 2
Example: Shortest Path First Algorithm<br />
Link States ◮ Algorithms<br />
110<br />
γ<br />
B<br />
110<br />
10<br />
δ<br />
α<br />
10<br />
10<br />
C<br />
A<br />
100<br />
100<br />
β<br />
D<br />
Shortest cost<br />
Slide 130 Laurent Toutain Filière 2
Example: Shortest Path First Algorithm<br />
Link States ◮ Algorithms<br />
110<br />
γ<br />
B<br />
110<br />
10<br />
δ<br />
α<br />
10<br />
10<br />
α 20<br />
C<br />
20<br />
A<br />
ɛ<br />
100<br />
100<br />
β<br />
D<br />
Slide 130 Laurent Toutain Filière 2
Example: Shortest Path First Algorithm<br />
Link States ◮ Algorithms<br />
110<br />
γ<br />
B<br />
110<br />
10<br />
δ<br />
α<br />
10<br />
10<br />
20<br />
20<br />
C<br />
ɛ<br />
F<br />
A<br />
100<br />
100<br />
β<br />
D<br />
Slide 130 Laurent Toutain Filière 2
Example: Shortest Path First Algorithm<br />
Link States ◮ Algorithms<br />
110<br />
γ<br />
B<br />
110<br />
10<br />
δ<br />
α<br />
10<br />
10<br />
20<br />
20<br />
30<br />
C<br />
ɛ<br />
F<br />
ζ<br />
30<br />
E<br />
A<br />
100<br />
100<br />
β<br />
D<br />
Slide 130 Laurent Toutain Filière 2
Example: Shortest Path First Algorithm<br />
Link States ◮ Algorithms<br />
110<br />
γ<br />
B<br />
110<br />
10<br />
δ<br />
α<br />
10<br />
10<br />
20<br />
20<br />
30<br />
30<br />
130<br />
C<br />
ɛ<br />
F<br />
ζ<br />
E<br />
δ<br />
A<br />
100<br />
100<br />
β<br />
D<br />
Slide 130 Laurent Toutain Filière 2
Example: Shortest Path First Algorithm<br />
Link States ◮ Algorithms<br />
110<br />
γ<br />
B<br />
110<br />
10<br />
δ<br />
α<br />
10<br />
10<br />
20<br />
20<br />
30<br />
C<br />
ɛ<br />
F<br />
ζ<br />
30<br />
E<br />
A<br />
100<br />
110<br />
200<br />
δ<br />
β<br />
D<br />
110<br />
η<br />
Slide 130 Laurent Toutain Filière 2
Example: Shortest Path First Algorithm<br />
Link States ◮ Algorithms<br />
B<br />
110 110<br />
γ<br />
110<br />
D<br />
110<br />
10<br />
δ<br />
E<br />
α<br />
10<br />
10<br />
20<br />
20<br />
30<br />
C<br />
ɛ<br />
F<br />
ζ<br />
30<br />
E<br />
A<br />
100<br />
100<br />
β<br />
D<br />
η 110<br />
Slide 130 Laurent Toutain Filière 2
Example: Shortest Path First Algorithm<br />
Link States ◮ Algorithms<br />
110<br />
γ<br />
B<br />
110<br />
10<br />
δ<br />
α<br />
10<br />
10<br />
20<br />
20<br />
30<br />
C<br />
ɛ<br />
F<br />
ζ<br />
30<br />
E<br />
A<br />
100<br />
100<br />
β<br />
D<br />
η 110<br />
Slide 130 Laurent Toutain Filière 2
Example: Shortest Path First Algorithm<br />
Link States ◮ Algorithms<br />
Neighbors<br />
110<br />
γ<br />
B<br />
110<br />
10<br />
δ<br />
α<br />
10<br />
10<br />
20<br />
20<br />
30<br />
C<br />
ɛ<br />
F<br />
ζ<br />
30<br />
E<br />
A<br />
100<br />
100<br />
β<br />
D<br />
η 110<br />
Slide 130 Laurent Toutain Filière 2
Example: Shortest Path First Algorithm<br />
Link States ◮ Algorithms<br />
FIB<br />
Neighbors<br />
α<br />
β<br />
γ<br />
δ<br />
ɛ<br />
ζ<br />
η<br />
110<br />
γ<br />
B<br />
110<br />
10<br />
δ<br />
α<br />
10<br />
Ethernet<br />
Point-to-Point<br />
B<br />
B<br />
C<br />
C<br />
D<br />
10<br />
20<br />
20<br />
30<br />
C<br />
ɛ<br />
F<br />
ζ<br />
30<br />
E<br />
A<br />
100<br />
100<br />
β<br />
D<br />
η 110<br />
Slide 130 Laurent Toutain Filière 2
Example: FIB entries<br />
Link States ◮ Algorithms<br />
α<br />
η ζ<br />
η 10<br />
D β<br />
ζ<br />
100<br />
10<br />
γ<br />
E F<br />
100<br />
δ 100<br />
β γ ɛ<br />
δ<br />
α<br />
α<br />
10<br />
10<br />
γ η<br />
α<br />
A β 100 B 100<br />
10<br />
ζ C ɛ<br />
η e0<br />
δ 100<br />
10<br />
D β ppp0<br />
ζ e0<br />
γ<br />
E F<br />
ppp1<br />
δ ppp0<br />
β γ ɛ<br />
δ<br />
ζ 10<br />
ɛ 10<br />
ζ<br />
ɛ<br />
e0<br />
e1<br />
α<br />
α e0<br />
γ<br />
A β ppp0 B<br />
ppp0<br />
C<br />
α<br />
δ<br />
e0<br />
ppp1<br />
α<br />
ɛ<br />
e0<br />
e1<br />
Slide 131 Laurent Toutain Filière 2
Example: FIB entries<br />
Link States ◮ Algorithms<br />
α<br />
η ζ<br />
η e0<br />
D β ppp0<br />
ζ e0<br />
γ<br />
E F<br />
ppp1<br />
δ ppp0<br />
β γ ɛ<br />
δ<br />
α e0 (10)<br />
βppp0 (100)<br />
γ B<br />
A δ B<br />
γ<br />
B<br />
ppp0<br />
C<br />
ɛ<br />
ζ<br />
η<br />
C<br />
C<br />
D<br />
α<br />
δ<br />
e0<br />
ppp1<br />
α e0<br />
ɛ e1<br />
ζ<br />
ɛ<br />
e0<br />
e1<br />
Slide 131 Laurent Toutain Filière 2
Warning: SPT is not forwarding path<br />
Link States ◮ Algorithms<br />
α<br />
α<br />
η ζ<br />
η 10<br />
D β<br />
ζ<br />
100<br />
10<br />
γ<br />
E F<br />
100<br />
δ 100<br />
β γ ɛ<br />
δ<br />
α<br />
α<br />
10<br />
10<br />
γ η<br />
α<br />
A β 100 B 100<br />
10<br />
ζ C ɛ<br />
η e0<br />
δ 100<br />
10<br />
D β ppp0<br />
ζ e0<br />
γ<br />
E F<br />
ppp1<br />
δ ppp0<br />
β γ ɛ<br />
δ<br />
α e0 (10)<br />
βppp0 (100)<br />
γ B<br />
A δ B<br />
γ<br />
B<br />
ppp0<br />
C<br />
ɛ<br />
ζ<br />
η<br />
C<br />
C<br />
D<br />
α<br />
δ<br />
e0<br />
ppp1<br />
α<br />
ɛ<br />
e0<br />
e1<br />
ζ 10<br />
ɛ 10<br />
ζ<br />
ɛ<br />
e0<br />
e1<br />
Slide 132 Laurent Toutain Filière 2
Warning: SPT is not forwarding path<br />
Link States ◮ Algorithms<br />
α<br />
η ζ<br />
η e0<br />
D β ppp0<br />
ζ e0<br />
γ<br />
E F<br />
ppp1<br />
δ ppp0<br />
β γ ɛ<br />
δ<br />
α e0 (10)<br />
βppp0 (100)<br />
γ B<br />
A δ B<br />
γ<br />
B<br />
ppp0<br />
C<br />
ɛ<br />
ζ<br />
η<br />
C<br />
C<br />
D<br />
α<br />
δ<br />
e0<br />
ppp1<br />
α e0<br />
ɛ e1<br />
ζ<br />
ɛ<br />
e0<br />
e1<br />
Slide 132 Laurent Toutain Filière 2
Warning: SPT is not forwarding path<br />
Link States ◮ Algorithms<br />
α<br />
α<br />
η ζ<br />
η 10<br />
D β<br />
ζ<br />
100<br />
10<br />
γ<br />
E F<br />
100<br />
δ 100<br />
β γ ɛ<br />
δ<br />
α<br />
α<br />
10<br />
10<br />
γ η<br />
α<br />
A β 100 B 100<br />
10<br />
ζ C ɛ<br />
η e0<br />
δ 100<br />
10<br />
D β ppp0<br />
ζ e0<br />
γ<br />
E F<br />
ppp1<br />
δ ppp0<br />
β γ ɛ<br />
δ<br />
α e0 (10)<br />
βppp0 (100)<br />
γ B<br />
A δ B<br />
γ<br />
B<br />
ppp0<br />
C<br />
ɛ<br />
ζ<br />
η<br />
C<br />
C<br />
D<br />
α<br />
δ<br />
e0<br />
ppp1<br />
α<br />
ɛ<br />
e0<br />
e1<br />
ζ 10<br />
ɛ 10<br />
ζ<br />
ɛ<br />
e0<br />
e1<br />
Slide 132 Laurent Toutain Filière 2
Warning: SPT is not forwarding path<br />
Link States ◮ Algorithms<br />
α<br />
η ζ<br />
η e0<br />
D β ppp0<br />
ζ e0<br />
γ<br />
E F<br />
ppp1<br />
δ ppp0<br />
β γ ɛ<br />
δ<br />
α e0 (10)<br />
βppp0 (100)<br />
γ B<br />
A δ B<br />
γ<br />
B<br />
ppp0<br />
C<br />
ɛ<br />
ζ<br />
η<br />
C<br />
C<br />
D<br />
α<br />
δ<br />
e0<br />
ppp1<br />
α e0<br />
ɛ e1<br />
ζ<br />
ɛ<br />
e0<br />
e1<br />
Slide 132 Laurent Toutain Filière 2
Warning: SPT is not forwarding path<br />
Link States ◮ Algorithms<br />
Path is different, but cost is the same<br />
α<br />
α<br />
η ζ<br />
η 10<br />
D β<br />
ζ<br />
100<br />
10<br />
γ<br />
E F<br />
100<br />
δ 100<br />
β γ ɛ<br />
δ<br />
α<br />
α<br />
10<br />
10<br />
γ η<br />
α<br />
A β 100 B 100<br />
10<br />
ζ C ɛ<br />
η e0<br />
δ 100<br />
10<br />
D β ppp0<br />
ζ e0<br />
γ<br />
E F<br />
ppp1<br />
δ ppp0<br />
β γ ɛ<br />
δ<br />
α e0 (10)<br />
βppp0 (100)<br />
γ B<br />
A δ B<br />
γ<br />
B<br />
ppp0<br />
C<br />
ɛ<br />
ζ<br />
η<br />
C<br />
C<br />
D<br />
α<br />
δ<br />
e0<br />
ppp1<br />
α<br />
ɛ<br />
e0<br />
e1<br />
ζ 10<br />
ɛ 10<br />
ζ<br />
ɛ<br />
e0<br />
e1<br />
Slide 132 Laurent Toutain Filière 2
Link States<br />
Areas
educing SPF computation<br />
Link States ◮ Areas<br />
<br />
SPF algorithm is complex (O(N 2 ))<br />
<br />
every-time a router detect a topology change:<br />
•<br />
change is flooded to all routers<br />
•<br />
All router must rerun SPF algorithm<br />
Definition<br />
A network can be divided into several areas. All OSPF network<br />
contains<br />
<br />
A mandatory connexe backbone (Area 0)<br />
<br />
<br />
<br />
Optional areas, directly connected to the backbone through<br />
ABR (Area Border Router)<br />
ABR belongs to backbone and one (several) area(s)<br />
ABR sends summary (prefix+cost) of each area to the other<br />
ones.<br />
Slide 134 Laurent Toutain Filière 2
Division into Areas<br />
Link States ◮ Areas<br />
Backbone (area 0)<br />
R1 R2 R3<br />
Area 1 Area 2<br />
Slide 135 Laurent Toutain Filière 2
Division into Areas<br />
Link States ◮ Areas<br />
Backbone (area 0)<br />
R1 R2 R3<br />
Topological databases<br />
α<br />
Area 1 Area 2<br />
Slide 135 Laurent Toutain Filière 2
Division into Areas<br />
Link States ◮ Areas<br />
Backbone (area 0)<br />
R1 R2 R3<br />
α<br />
α<br />
α<br />
α<br />
α<br />
Area 1 Area 2<br />
α<br />
α<br />
Slide 135 Laurent Toutain Filière 2
Division into Areas<br />
Link States ◮ Areas<br />
Backbone (area 0)<br />
R1 R2 R3<br />
α, cost=30<br />
α, cost=60<br />
α<br />
α<br />
α<br />
30<br />
α<br />
60<br />
α<br />
Area 1 Area 2<br />
α<br />
α<br />
Slide 135 Laurent Toutain Filière 2
Division into Areas<br />
Link States ◮ Areas<br />
50<br />
R1:α, cost=30<br />
R2:α, cost=60<br />
R1:α, cost=30<br />
R2:α, cost=60<br />
Backbone (area 0)<br />
R1 R2<br />
5<br />
R3<br />
α, cost=30<br />
α, cost=60<br />
α<br />
α<br />
α<br />
30<br />
α<br />
60<br />
α<br />
Area 1 Area 2<br />
α<br />
α<br />
Slide 135 Laurent Toutain Filière 2
Division into Areas<br />
Link States ◮ Areas<br />
Backbone (area 0)<br />
R1 R2<br />
5<br />
R3<br />
α<br />
α, cost=30<br />
α<br />
30<br />
50<br />
α<br />
α<br />
Area 1 SPT to R1 is 50 Area : total 2 cost is 80<br />
SPT to R2 is 5 : total cost is 65<br />
α<br />
α<br />
α, cost=60<br />
α<br />
R1:α, cost=30<br />
R2:α, cost=60<br />
60<br />
R1:α, cost=30<br />
R2:α, cost=60<br />
R1 announce α with a cost of 30<br />
R2 announce α with a cost of 60<br />
R2 is prefered : FIB will contain for α<br />
NH toward R2 (from SPT)<br />
Slide 135 Laurent Toutain Filière 2
Division into Areas<br />
Link States ◮ Areas<br />
Area 1 prefix sum.<br />
Area 2 prefixes sum.<br />
Area 1 prefix sum<br />
Backbone (area 0)<br />
R1 R2 R3<br />
Area prefixes can be aggregated to reduce announcements<br />
α<br />
α<br />
α<br />
α Area 1 Area 2<br />
Area 0+2 prefix sum.<br />
Area 0+2 prefix sum<br />
α<br />
α<br />
α<br />
β<br />
Slide 135 Laurent Toutain Filière 2
Division into Areas<br />
Link States ◮ Areas<br />
Area 1 prefix sum.<br />
Area 2 prefixes sum.<br />
Area 1 prefix sum<br />
Transit Backbone (area 0)<br />
R1 R2 R3<br />
Area prefixes can be aggregated to reduce announcements<br />
α<br />
α<br />
α<br />
α Area 1 Area 2<br />
Area 0+2 prefix sum.<br />
Area Transit 0+2 prefix sum<br />
Stub<br />
α<br />
α<br />
α<br />
Default<br />
β<br />
Slide 135 Laurent Toutain Filière 2
Division into Areas<br />
Link States ◮ Areas<br />
Backbone (area 0)<br />
R1 R2 R3<br />
α<br />
α<br />
α<br />
α<br />
α<br />
Area 1 Area 2<br />
β<br />
α<br />
α<br />
ASBR<br />
BGP<br />
Slide 135 Laurent Toutain Filière 2
Division into Areas<br />
Link States ◮ Areas<br />
Backbone (area 0)<br />
R1 R2 R3<br />
α<br />
α<br />
α<br />
α<br />
α<br />
Area 1 Area 2<br />
β<br />
α<br />
α<br />
ASBR<br />
BGP<br />
Slide 135 Laurent Toutain Filière 2
Division into Areas<br />
Link States ◮ Areas<br />
Backbone (area 0)<br />
R1 R2 R3<br />
α<br />
α<br />
α<br />
α<br />
α<br />
Area 1 Area 2<br />
β<br />
α<br />
α<br />
ASBR<br />
BGP<br />
Slide 135 Laurent Toutain Filière 2
Division into Areas<br />
Link States ◮ Areas<br />
Backbone (area 0)<br />
R1 R2 R3<br />
α<br />
α<br />
α<br />
α<br />
α<br />
Area 1 Area 2<br />
β<br />
α<br />
α<br />
ASBR<br />
BGP<br />
Slide 135 Laurent Toutain Filière 2
Division into Areas<br />
Link States ◮ Areas<br />
Backbone (area 0)<br />
R1 R2 R3<br />
α<br />
α<br />
Type 1: cost to ASBR + external co<br />
Type 2: cost to ASBR<br />
α<br />
α<br />
α<br />
Find ABR to ASBR with smallest co<br />
Area 1 Select ASBR with Areathe 2 smallest cost<br />
α α<br />
Use SPT to find NH ASBR<br />
Install in FIB, NH to external prefix<br />
BGP<br />
β<br />
Slide 135 Laurent Toutain Filière 2
Division into Areas<br />
Link States ◮ Areas<br />
Transit Backbone (area 0)<br />
R1 R2 R3<br />
α<br />
α<br />
α<br />
α<br />
α<br />
Area 1 Area 2<br />
β<br />
Transit<br />
α<br />
α<br />
Transit<br />
ASBR<br />
BGP<br />
Slide 135 Laurent Toutain Filière 2
Database synchronization<br />
Link States ◮ Areas<br />
<br />
<br />
<br />
<br />
<br />
OSPF maintain several kind of record (topological, summary,<br />
external prefixes, ASBR,...);<br />
All routers must share the same information<br />
Incremental update to reduce the bandwidth<br />
•<br />
compare to RIP, dumping database every 30 seconds<br />
exchange must be reliable in OSPF<br />
done is several steps and several protocols:<br />
•<br />
HELLO protocol: discover peers, elect a Designated Router<br />
•<br />
Database description: Describe information contained in each<br />
router’s database<br />
•<br />
Database exchange: request and transfer information missing<br />
or more recent<br />
Slide 136 Laurent Toutain Filière 2
Example: Flooding<br />
Link States ◮ Areas<br />
β.1<br />
η.1 ζ.1<br />
D E F<br />
β.2 γ.2<br />
δ.2<br />
ɛ.2<br />
γ.1 δ.1<br />
ɛ.1<br />
A B C<br />
α.1<br />
α.2<br />
α.3<br />
ζ.2<br />
Slide 137 Laurent Toutain Filière 2
Example: Flooding<br />
Link States ◮ Areas<br />
η.1 ζ.1<br />
β.2 ζ.1 ζ.2<br />
ζ.2<br />
β.2 γ.2<br />
δ.2<br />
ɛ.2<br />
β.1<br />
γ.1 δ.1<br />
ɛ.1<br />
α.1 δ.1<br />
α.3<br />
α.1<br />
α.2<br />
α.3<br />
Router ID: Generally one of the IP address<br />
IP address unique => RID unique => order relation<br />
Slide 137 Laurent Toutain Filière 2
Example: Flooding<br />
Link States ◮ Areas<br />
η.1 ζ.1<br />
β.2 ζ.1 ζ.2<br />
β.2 γ.2<br />
δ.2<br />
ɛ.2<br />
ζ.2<br />
β.1<br />
γ.1 δ.1<br />
ɛ.1<br />
α.1 δ.1<br />
α.3<br />
α.1<br />
α.2<br />
α.3<br />
HELLO : DR = δ.1 Nbrs {}<br />
HELLO : DR = δ.1 Nbrs {}<br />
HELLO : DR = δ.1 Nbrs {}<br />
Every 10 seconds<br />
Slide 137 Laurent Toutain Filière 2
Example: Flooding<br />
Link States ◮ Areas<br />
η.1 ζ.1<br />
β.2 ζ.1 ζ.2<br />
β.2 γ.2<br />
δ.2<br />
ɛ.2<br />
ζ.2<br />
β.1<br />
α.1<br />
α.1<br />
γ.1 δ.1<br />
δ.1<br />
+<br />
α.2<br />
ɛ.1<br />
α.3<br />
α.3<br />
HELLO : DR = δ.1 Nbrs {δ.1}<br />
δ.1 receives a Hello from α.1 with δ.1 as neighbor<br />
link between δ.1 and α.1 is bi directional (no risk for black hole)<br />
Slide 137 Laurent Toutain Filière 2
Example: Flooding<br />
Link States ◮ Areas<br />
η.1 ζ.1<br />
β.2 ζ.1 ζ.2<br />
β.2 γ.2<br />
δ.2<br />
ɛ.2<br />
ζ.2<br />
β.1<br />
α.1<br />
α.1<br />
γ.1 δ.1<br />
δ.1<br />
+<br />
α.2<br />
ɛ.1<br />
α.3<br />
α.3<br />
Database Description<br />
Slide 137 Laurent Toutain Filière 2
Example: Flooding<br />
Link States ◮ Areas<br />
η.1 ζ.1<br />
β.2 ζ.1 ζ.2<br />
β.2 γ.2<br />
δ.2<br />
ɛ.2<br />
ζ.2<br />
β.1<br />
α.1<br />
α.1<br />
γ.1 δ.1<br />
δ.1<br />
+<br />
α.2<br />
ɛ.1<br />
α.3<br />
α.3<br />
Database Exchange<br />
Slide 137 Laurent Toutain Filière 2
Example: Flooding<br />
Link States ◮ Areas<br />
η.1 ζ.1<br />
β.2 ζ.1 ζ.2<br />
β.2 γ.2<br />
δ.2<br />
ɛ.2<br />
ζ.2<br />
β.1<br />
α.1<br />
α.1<br />
ack<br />
γ.1 δ.1<br />
δ.1<br />
+<br />
α.2<br />
ɛ.1<br />
α.3<br />
α.3<br />
Database Exchange<br />
Slide 137 Laurent Toutain Filière 2
Example: Flooding<br />
Link States ◮ Areas<br />
η.1 ζ.1<br />
β.2 ζ.1 ζ.2<br />
β.2 γ.2<br />
δ.2<br />
ɛ.2<br />
ζ.2<br />
β.1<br />
α.1<br />
α.1<br />
γ.1 δ.1<br />
δ.1<br />
+<br />
α.2<br />
ɛ.1<br />
α.3<br />
α.3<br />
Hello<br />
Hello {δ.1, α.3}<br />
Hello {α.1, α.3}<br />
Slide 137 Laurent Toutain Filière 2
Example: Flooding<br />
Link States ◮ Areas<br />
η.1 ζ.1<br />
β.2 ζ.1 ζ.2<br />
β.2 γ.2<br />
δ.2<br />
ɛ.2<br />
ζ.2<br />
β.1<br />
α.1<br />
α.1<br />
γ.1 δ.1<br />
Database Description<br />
δ.1<br />
+<br />
α.2<br />
ɛ.1<br />
α.3<br />
α.3<br />
Database Exchange<br />
Slide 137 Laurent Toutain Filière 2
Example: Flooding<br />
Link States ◮ Areas<br />
η.1 ζ.1<br />
β.2 ζ.1 ζ.2<br />
β.2 γ.2<br />
δ.2<br />
ɛ.2<br />
ζ.2<br />
β.1<br />
α.1<br />
α.1<br />
γ.1 δ.1<br />
δ.1<br />
+<br />
α.2<br />
ɛ.1<br />
α.3<br />
α.3<br />
ack<br />
Database Exchange<br />
Slide 137 Laurent Toutain Filière 2
Example: Flooding<br />
Link States ◮ Areas<br />
η.1 ζ.1<br />
β.2 ζ.1 ζ.2<br />
β.2 γ.2<br />
δ.2<br />
ɛ.2<br />
ζ.2<br />
β.1<br />
α.1<br />
α.1<br />
γ.1 δ.1<br />
δ.1<br />
+<br />
α.2<br />
ɛ.1<br />
α.3<br />
α.3<br />
ack<br />
ACK<br />
Database Exchange<br />
Slide 137 Laurent Toutain Filière 2
Example: Flooding<br />
Link States ◮ Areas<br />
η.1 ζ.1<br />
+<br />
β.2 +<br />
ζ.1<br />
β.2 γ.2<br />
+<br />
δ.2<br />
ζ.2<br />
ζ.2<br />
ɛ.2<br />
β.1<br />
+<br />
α.1<br />
α.1<br />
γ.1 δ.1<br />
δ.1<br />
+<br />
α.2<br />
ɛ.1 +<br />
α.3<br />
α.3<br />
Slide 137 Laurent Toutain Filière 2
Example: Flooding<br />
Link States ◮ Areas<br />
η.1 ζ.1<br />
+<br />
β.2 +<br />
ζ.1<br />
β.2 γ.2<br />
+<br />
δ.2<br />
ζ.2<br />
ζ.2<br />
ɛ.2<br />
β.1<br />
+<br />
α.1<br />
α.1<br />
γ.1 δ.1<br />
δ.1<br />
+<br />
α.2<br />
ɛ.1 +<br />
α.3<br />
α.3<br />
Database Exchange<br />
Slide 137 Laurent Toutain Filière 2
Example: Flooding<br />
Link States ◮ Areas<br />
η.1 ζ.1<br />
+<br />
β.2 +<br />
ζ.1<br />
β.2 γ.2<br />
+<br />
δ.2<br />
ζ.2<br />
ζ.2<br />
ɛ.2<br />
β.1<br />
+<br />
α.1<br />
α.1<br />
γ.1 δ.1<br />
δ.1<br />
+<br />
α.2<br />
ɛ.1 +<br />
α.3<br />
α.3<br />
Database Exchange<br />
Slide 137 Laurent Toutain Filière 2
Example: Flooding<br />
Link States ◮ Areas<br />
η.1 ζ.1<br />
+<br />
β.2 +<br />
ζ.1<br />
β.2 γ.2<br />
+<br />
δ.2<br />
ζ.2<br />
ζ.2<br />
ɛ.2<br />
β.1<br />
+<br />
α.1<br />
α.1<br />
γ.1 δ.1<br />
δ.1<br />
+<br />
α.2<br />
ɛ.1 +<br />
α.3<br />
α.3<br />
Database Exchange<br />
Not retransmitted since already stored in database<br />
Slide 137 Laurent Toutain Filière 2
Link State Announcement Format<br />
Link States ◮ Areas<br />
0.........7........15..........23..........31<br />
LS Age Option LS Type<br />
LS Id<br />
Advertising Router<br />
LS sequence number<br />
LS checksum<br />
Length<br />
<br />
<br />
Age: after 40 min a new LS<br />
must be generated even if<br />
there is no change<br />
LS Type: 1 router, 2 NBMA<br />
link,3 and 4 : summary, 5:<br />
external routes,...<br />
<br />
LS Id: type 1 and 4: router<br />
ID, type 2, 3, 5: network<br />
<br />
<br />
Adv. router: type 1 = LS id<br />
others originating router<br />
Sequence number: form<br />
0x80000001 to 0x7fffffff<br />
Slide 138 Laurent Toutain Filière 2
Link State Announcement Format<br />
Link States ◮ Areas<br />
0.........7........15..........23..........31<br />
LS Age Option 1<br />
192.108.119.134<br />
192.108.119.134<br />
LS sequence number<br />
LS checksum<br />
Length<br />
Flags<br />
# link<br />
Link ID<br />
Netmask<br />
Type 0 metric<br />
Link ID<br />
Netmask<br />
...<br />
Type= 1 point-to-point, 2: transit, 3: stub, 4: virtual<br />
<br />
<br />
<br />
<br />
<br />
Age: after 40 min a new LS<br />
must be generated even if<br />
there is no change<br />
LS Type: 1 router, 2 NBMA<br />
link,3 and 4 : summary, 5:<br />
external routes,...<br />
LS Id: type 1 and 4: router<br />
ID, type 2, 3, 5: network<br />
Adv. router: type 1 = LS id<br />
others originating router<br />
Sequence number: form<br />
0x80000001 to 0x7fffffff<br />
Slide 138 Laurent Toutain Filière 2
Link State Announcement Format<br />
Link States ◮ Areas<br />
0.........7........15..........23..........31<br />
LS Age Option 3<br />
128.1.2.0<br />
192.108.119.190<br />
LS sequence number<br />
LS checksum<br />
Length<br />
Netmask<br />
0 metric<br />
Link ID + Netmask gives prefix<br />
<br />
<br />
Age: after 40 min a new LS<br />
must be generated even if<br />
there is no change<br />
LS Type: 1 router, 2 NBMA<br />
link,3 and 4 : summary, 5:<br />
external routes,...<br />
<br />
LS Id: type 1 and 4: router<br />
ID, type 2, 3, 5: network<br />
<br />
<br />
Adv. router: type 1 = LS id<br />
others originating router<br />
Sequence number: form<br />
0x80000001 to 0x7fffffff<br />
Slide 138 Laurent Toutain Filière 2
Example<br />
Link States ◮ Areas<br />
<br />
Slide 139 Laurent Toutain Filière 2
Example<br />
Link States ◮ Areas<br />
10.1.1.1<br />
10.1.1.1 > 224.0.0.5: OSPFv2-hello 44:<br />
area 0.0.0.1 E mask 255.255.255.0 int 10 pri 5 dead 40 dr 10.1.1.1<br />
nbrs ;<br />
<br />
One router (IP address: 10.1.1.1) on 10.1.1.0/24 link<br />
<br />
network is in area 1<br />
<br />
router knows no neighbor<br />
Slide 139 Laurent Toutain Filière 2
Example<br />
Link States ◮ Areas<br />
10.1.1.1<br />
10.1.1.1 > 224.0.0.5: OSPFv2-hello 44:<br />
area 0.0.0.1 E mask 255.255.255.0 int 10 pri 5 dead 40 dr 10.1.1.1<br />
nbrs ;<br />
<br />
<br />
<br />
Hello period is 10s<br />
After 40s a router is supposed dead<br />
priority 5 is used when electing DR<br />
Slide 139 Laurent Toutain Filière 2
Example<br />
Link States ◮ Areas<br />
10.1.1.1<br />
10.1.1.1 > 224.0.0.5: OSPFv2-hello 44:<br />
area 0.0.0.1 E mask 255.255.255.0 int 10 pri 5 dead 40 dr 10.1.1.1<br />
nbrs ;<br />
10.1.1.1 > 224.0.0.5: OSPFv2-hello 44:<br />
area 0.0.0.1 E mask 255.255.255.0 int 10 pri 5 dead 40 dr 10.1.1.1<br />
nbrs ;<br />
10.1.1.1 > 224.0.0.5: OSPFv2-hello 44:<br />
Slide 139<br />
area 0.0.0.1 E mask 255.255.255.0 int 10 pri 5 dead 40 dr 10.1.1.1<br />
Laurent Toutain<br />
nbrs ;<br />
Filière 2
Example<br />
Link States ◮ Areas<br />
10.1.1.2<br />
10.1.1.1<br />
10.1.1.2 > 224.0.0.5: OSPFv2-hello 44:<br />
area 0.0.0.1 E mask 255.255.255.0 int 10 pri 27 dead 40 nbrs ;<br />
<br />
<br />
<br />
Second router is started on the link<br />
Ignore router 10.1.1.1 (not in neighbors)<br />
Same area (0.0.0.1), same netmask (255.255.255.0), same periods<br />
Slide 139 Laurent Toutain Filière 2
Example<br />
Link States ◮ Areas<br />
10.1.1.2<br />
10.1.1.1<br />
10.1.1.1 > 224.0.0.5: OSPFv2-hello 48:<br />
area 0.0.0.1 E mask 255.255.255.0 int 10 pri 5 dead 40 dr 10.1.1.1 nbrs 10.1.1.2<br />
<br />
<br />
<br />
10.1.1.1 is elected as designated router<br />
10.1.1.2 appears in 10.1.1.1 neighbors: connection is bidirectional<br />
databases synchronization can start<br />
Slide 139 Laurent Toutain Filière 2
Example<br />
Link States ◮ Areas<br />
10.1.1.2<br />
10.1.1.1<br />
10.1.1.2 > 10.1.1.1: OSPFv2-dd 32: area 0.0.0.1 E I/M/MS S B<br />
10.1.1.1 > 10.1.1.2: OSPFv2-dd 32: area 0.0.0.1 E I/M/MS S 1973<br />
<br />
10.1.1.2 sequence number B - 10.1.1.1 sequence number 1973<br />
<br />
<br />
10.1.1.2 is master (smallest sequence number)<br />
I: Initial packet, M: More packets, MS: Master<br />
Slide 139 Laurent Toutain Filière 2
Example<br />
Link States ◮ Areas<br />
10.1.1.2<br />
10.1.1.1<br />
10.1.1.1 > 10.1.1.2: OSPFv2-dd 112: area 0.0.0.1 E M S B<br />
{ E S 80000002 age 3:09 rtr 10.1.1.1 } TYPE 1<br />
{ E S 80000001 age 2:49 sum 10.1.2.0 abr 10.1.1.1 } TYPE 3<br />
{ E S 80000003 age 2:44 sum 10.1.100.0 abr 10.1.1.1 } TYPE 3<br />
{ E S 80000001 age 2:59 abr 10.1.1.1 rtr 10.1.1.1 } TYPE 4<br />
<br />
10.1.1.1 describes its database : TYPE 1 (one link), TYPE 3 (2<br />
networks outside area 1), TYPE4 (one area border router)<br />
Slide 139 Laurent Toutain Filière 2
Example<br />
Link States ◮ Areas<br />
10.1.1.2<br />
10.1.1.1<br />
10.1.1.2 > 10.1.1.1: OSPFv2-dd 52: area 0.0.0.1 E MS S C { S 80000002 age 5 rtr<br />
10.1.1.2 } TYPE 1<br />
<br />
<br />
10.1.1.2 ack. previous message by incrementing Seq Number and<br />
give its database description : attached to one link.<br />
no more information (bit M not set)<br />
Slide 139 Laurent Toutain Filière 2
Example<br />
Link States ◮ Areas<br />
{ S 80000002 age 5 rtr 10.1.1.2 }<br />
{ E S 80000002 age 3:09 rtr 10.1.1.1 }<br />
{ E S 80000001 age 2:49 sum 10.1.2.0 abr 10.1.1.1 }<br />
{ E S 80000003 age 2:44 sum 10.1.100.0 abr 10.1.1.1 }<br />
{ E S 80000001 age 2:59 abr 10.1.1.1 rtr 10.1.1.1 }<br />
10.1.1.2<br />
10.1.1.1<br />
10.1.1.1 > 10.1.1.2: OSPFv2-dd 32: area 0.0.0.1 E S C<br />
<br />
<br />
10.1.1.1 has described all its database<br />
This empty packet ack previous msg and close connection.<br />
Slide 139 Laurent Toutain Filière 2
Example<br />
Link States ◮ Areas<br />
{ S 80000002 age 5 rtr 10.1.1.2 }<br />
{ E S 80000002 age 3:09 rtr 10.1.1.1 }<br />
{ E S 80000001 age 2:49 sum 10.1.2.0 abr 10.1.1.1 }<br />
{ E S 80000003 age 2:44 sum 10.1.100.0 abr 10.1.1.1 }<br />
{ E S 80000001 age 2:59 abr 10.1.1.1 rtr 10.1.1.1 }<br />
10.1.1.2<br />
10.1.1.1<br />
10.1.1.2 > 10.1.1.1: OSPFv2-ls req 72: area 0.0.0.1<br />
{ rtr 10.1.1.1 } { sum 10.1.2.0 abr 10.1.1.1 } { sum 10.1.100.0 abr 10.1.1.1 }<br />
{ abr 10.1.1.1 rtr 10.1.1.1 }<br />
10.1.1.1 > 10.1.1.2: OSPFv2-ls req 36: area 0.0.0.1<br />
{ rtr 10.1.1.2 }<br />
<br />
Routers request missing or newest information<br />
Slide 139 Laurent Toutain Filière 2
Example<br />
Link States ◮ Areas<br />
{ S 80000002 age 5 rtr 10.1.1.2 }<br />
{ E S 80000002 age 3:09 rtr 10.1.1.1 }<br />
{ E S 80000001 age 2:49 sum 10.1.2.0 abr 10.1.1.1 }<br />
{ E S 80000003 age 2:44 sum 10.1.100.0 abr 10.1.1.1 }<br />
{ E S 80000001 age 2:59 abr 10.1.1.1 rtr 10.1.1.1 }<br />
{ S 80000002 age 5 rtr 10.1.1.2 }<br />
10.2.1.0/24<br />
10.1.1.2<br />
10.1.1.1<br />
10.1.1.2 > 10.1.1.1: OSPFv2-ls upd 76: area 0.0.0.1<br />
{ S 80000002 age 6 rtr 10.1.1.2<br />
{ net 10.1.1.0 mask 255.255.255.0 tos 0 metric 1 }<br />
{ net 10.2.1.0 mask 255.255.255.0 tos 0 metric 1 } }<br />
<br />
Router 10.1.1.2 is connected to two links<br />
Slide 139 Laurent Toutain Filière 2
Example<br />
Link States ◮ Areas<br />
{ S 80000002 age 5 rtr 10.1.1.2 }<br />
{ E S 80000002 age 3:09 rtr 10.1.1.1 }<br />
{ E S 80000001 age 2:49 sum ... }<br />
{ E S 80000003 age 2:44 sum ... }<br />
{ E S 80000001 age 2:59 abr... }<br />
{ E S 80000002 age 3:09 rtr 10.1.1.1 }<br />
{ E S 80000001 age 2:49 sum 10.1.2.0 abr 10.1.1.1 }<br />
{ E S 80000003 age 2:44 sum 10.1.100.0 abr 10.1.1.1 }<br />
{ E S 80000001 age 2:59 abr 10.1.1.1 rtr 10.1.1.1 }<br />
{ S 80000002 age 5 rtr 10.1.1.2 }<br />
10.2.1.0/24<br />
10.1.1.2<br />
10.1.1.1<br />
10.1.1.1 > 10.1.1.2: OSPFv2-ls upd 148: area 0.0.0.1<br />
{ E S 80000002 age 3:10 rtr 10.1.1.1 B<br />
{ net 10.1.1.0 mask 255.255.255.0 tos 0 metric 10 } }<br />
{ E S 80000001 age 2:50 sum 10.1.2.0 abr 10.1.1.1 mask 255.255.255.0 tos 0 metric 20<br />
}<br />
{ E S 80000003 age 2:45 sum 10.1.100.0 abr 10.1.1.1 mask 255.255.255.0 tos 0 metric<br />
10 }<br />
{ E S 80000001 age 3:01 abr 10.1.1.1 rtr 10.1.1.1 tos 0 metric 16777215 }<br />
Only one link in area 1 and two external prefixes<br />
<br />
Slide 139 Laurent Toutain Filière 2
Case study: RIP to OSPF<br />
Link States ◮ Areas<br />
130.10.9.0/24<br />
130.10.8.0/24<br />
A<br />
130.10.62.0/24<br />
130.10.63.0/24<br />
B<br />
C<br />
interface serial 0<br />
ip address 130.10.62.1 255.255.255.0<br />
interface serial 1<br />
ip address 130.10.63.1 255.255.255.0<br />
interface ethernet 0<br />
ip address 130.10.8.1 255.255.255.0<br />
interface ethernet 1<br />
ip address 130.10.9.1 255.255.255.0<br />
router rip<br />
network 130.10.0.0<br />
Slide 140 Laurent Toutain Filière 2
Case study: RIP to OSPF<br />
Link States ◮ Areas<br />
130.10.9.0/24<br />
130.10.8.0/24<br />
A<br />
130.10.62.0/24<br />
130.10.63.0/24<br />
B<br />
C<br />
Area0<br />
! same interface definition<br />
router rip<br />
default-metric 10<br />
network 130.10.0.0<br />
passive-interface serial 0<br />
passive-interface serial 1<br />
redistribute ospf 109 match internal external 1<br />
external 2<br />
router ospf 109<br />
network 130.10.62.0 0.0.0.255 area 0<br />
network 130.10.63.0 0.0.0.255 area 0<br />
redistribute rip subnets<br />
distribute-list 11 out rip<br />
!<br />
access-list 11 permit 130.10.8.0 0.0.7.255<br />
access-list 11 deny 0.0.0.0 255.255.255.255<br />
Slide 140 Laurent Toutain Filière 2
Case study: RIP to OSPF<br />
Link States ◮ Areas<br />
130.10.9.0/24<br />
130.10.8.0/24<br />
Area1<br />
A<br />
130.10.62.0/24<br />
130.10.63.0/24<br />
C<br />
Area0<br />
B<br />
Area2<br />
Area3<br />
interface serial 0<br />
ip address 130.10.62.1 255.255.255.248<br />
interface serial 1<br />
ip address 130.10.63.1 255.255.255.248<br />
interface ethernet 0<br />
ip address 130.10.8.1 255.255.255.0<br />
ip irdp<br />
interface ethernet 1<br />
ip address 130.10.9.1 255.255.255.0<br />
ip irdp<br />
router ospf 109<br />
network 130.10.62.0 0.0.0.255 area 0<br />
network 130.10.63.0 0.0.0.255 area 0<br />
network 130.10.8.0 0.0.7.255 area 1<br />
area 1 range 130.10.8.0 255.255.248.0<br />
Slide 140 Laurent Toutain Filière 2
Link States<br />
IS-IS
Intermediate System to Intermediate System<br />
Link States ◮ IS-IS<br />
<br />
<br />
<br />
<br />
<br />
<br />
Originally designed to route OSI Datagram protocol CLNP<br />
(Connection Less Network Protocol)<br />
Adapted to route both CLNP and IPv6 protocol.<br />
IS-IS don’t use IP to carry routing messages<br />
Based on Shortest Path First algorithm to compute routes<br />
•<br />
OSPF derived from IS-IS, but was claim to be Open.<br />
•<br />
now-days IS-IS is also a IETF working group<br />
IS-IS is still widely used in provider backbones<br />
CLNP uses NSAP (Network Service Access Point) to identify<br />
SAP between Layer 3 and Layer 4<br />
Slide 142 Laurent Toutain Filière 2
Areas versus Levels<br />
Link States ◮ IS-IS<br />
area assigned to interfaces<br />
Slide 143 Laurent Toutain Filière 2
Areas versus Levels<br />
Link States ◮ IS-IS<br />
area assigned to interfaces<br />
Slide 143 Laurent Toutain Filière 2
Areas versus Levels<br />
Link States ◮ IS-IS<br />
area assigned to interfaces<br />
area value included into address<br />
Slide 143 Laurent Toutain Filière 2
Areas versus Levels<br />
Link States ◮ IS-IS<br />
L1<br />
L1<br />
L1<br />
area assigned to interfaces<br />
area value included into address<br />
Slide 143 Laurent Toutain Filière 2
Areas versus Levels<br />
Link States ◮ IS-IS<br />
L2<br />
L1<br />
L2 L2<br />
L2<br />
L2<br />
L1<br />
L1<br />
area assigned to interfaces<br />
area value included into address<br />
Slide 143 Laurent Toutain Filière 2
Areas versus Levels<br />
Link States ◮ IS-IS<br />
L2<br />
L1<br />
L2 L2<br />
L2<br />
L2<br />
L1<br />
L1<br />
area assigned to interfaces<br />
area value included into address<br />
Slide 143 Laurent Toutain Filière 2
Areas versus Levels<br />
Link States ◮ IS-IS<br />
Continuous<br />
L2<br />
L1<br />
L2 L2<br />
L2<br />
L2<br />
L1<br />
L1<br />
area assigned to interfaces<br />
area value included into address<br />
Slide 143 Laurent Toutain Filière 2
ISO addresses<br />
Link States ◮ IS-IS<br />
AFI IDI DSP<br />
Slide 144 Laurent Toutain Filière 2
ISO addresses<br />
Link States ◮ IS-IS<br />
AFI IDI DSP<br />
Domain Specific Part<br />
Initial Domain Identifier<br />
Address Family Identifier<br />
Slide 144 Laurent Toutain Filière 2
ISO addresses<br />
Link States ◮ IS-IS<br />
AFI IDI Area ID Sel<br />
Defined by the administrator<br />
0<br />
Use IP or MAC address<br />
192.108.119.134 − > 1921.0811.9134<br />
Slide 144 Laurent Toutain Filière 2
ISO addresses<br />
Link States ◮ IS-IS<br />
49<br />
Area ID Sel<br />
Private AFI, no IDI<br />
Slide 144 Laurent Toutain Filière 2
ISO addresses<br />
Link States ◮ IS-IS<br />
49<br />
Area ID Sel<br />
Private AFI, no IDI<br />
interface Vlan1<br />
description switched default VLAN<br />
ip address 192.108.119.190 255.255.255.192<br />
ip router isis<br />
router isis<br />
net 49.0001.1921.0811.9190.00<br />
Slide 144 Laurent Toutain Filière 2
Packet types<br />
Link States ◮ IS-IS<br />
<br />
<br />
<br />
<br />
Hello: used to discover other routers and keep alive.<br />
•<br />
type for multicast and point-to-point (no NBMA support).<br />
Link State Protocol data unit:<br />
•<br />
contains information exchanged between routers<br />
•<br />
LS are defined as TLV (Type Length Value)<br />
− more flexibility: TLV for NSAP, IPv4, IPv6,...<br />
•<br />
equivalent to Link State Update in OSPF<br />
Complete Sequence Number Protocol data unit:<br />
•<br />
gives the list of LSP in the router database<br />
•<br />
equivalent to database description in OSPF<br />
Partial Sequence Number Protocol data unit:<br />
•<br />
contains the description of one LSP<br />
•<br />
equivalent to link state request or link state ack in OSPF<br />
Slide 145 Laurent Toutain Filière 2
Multi Protocol Label Switching<br />
Link States ◮ IS-IS<br />
IGP has some drawbacks:<br />
<br />
Does not isolate AS form outside:<br />
•<br />
Lack of scalability<br />
•<br />
Same protocol inside and outside the AS<br />
<br />
<br />
<br />
Few control on routing decision<br />
No global vision on end-to end path inside the AS:<br />
•<br />
Next Hop dictatorship<br />
No traffic engineering : path selection, resource reservation,<br />
backup routes,...<br />
Slide 146 Laurent Toutain Filière 2
Example<br />
Link States ◮ IS-IS<br />
Provider<br />
PE<br />
Provider<br />
PE<br />
P<br />
PE<br />
Provider<br />
Customer<br />
PE<br />
P<br />
P<br />
P<br />
PE<br />
Customer<br />
PE<br />
Customer<br />
PE<br />
Customer<br />
Slide 147 Laurent Toutain Filière 2
Example<br />
Link States ◮ IS-IS<br />
Provider<br />
R5<br />
Provider<br />
R6<br />
R9<br />
R4<br />
Provider<br />
Customer<br />
R7<br />
R8<br />
R11<br />
R10<br />
R3<br />
Customer<br />
R1<br />
Customer<br />
R2<br />
Customer<br />
Slide 147 Laurent Toutain Filière 2
Example: Only IGP<br />
Link States ◮ IS-IS<br />
Provider<br />
R5<br />
Provider<br />
300 000 300 000<br />
R9<br />
R6<br />
R4<br />
Provider<br />
300 000<br />
Customer<br />
R7<br />
R8<br />
R11<br />
R10<br />
R3<br />
Customer<br />
R1<br />
Customer<br />
R2<br />
Customer<br />
Slide 147 Laurent Toutain Filière 2
Example: Only IGP<br />
Link States ◮ IS-IS<br />
Provider<br />
R5<br />
Provider<br />
300 000 300 000<br />
300 000<br />
R9<br />
R6<br />
R4<br />
Provider<br />
300 000<br />
Customer<br />
R7<br />
R8<br />
300 000<br />
R11<br />
300 000<br />
R10<br />
300 000<br />
R3<br />
Customer<br />
R1<br />
R2<br />
Customer<br />
Customer<br />
Slide 147 Laurent Toutain Filière 2
Example: Only IGP<br />
Link States ◮ IS-IS<br />
Provider<br />
R5<br />
Provider<br />
300 000 300 000<br />
300 000<br />
R9<br />
R6<br />
R4<br />
Provider<br />
300 000<br />
Customer<br />
R7<br />
300 000<br />
P routers are aware of Internet complexity<br />
R8<br />
300 000<br />
Lot of traffic, lot of memory 300 000<br />
R10<br />
R11<br />
R3<br />
Customer<br />
R1<br />
Customer<br />
R2<br />
Customer<br />
Slide 147 Laurent Toutain Filière 2
Example: Layer 2 network (eg: ATM)<br />
Link States ◮ IS-IS<br />
Provider<br />
R5<br />
Provider<br />
300 000 300 000<br />
S9<br />
R6<br />
R4<br />
Provider<br />
300 000<br />
Customer<br />
R7<br />
S8<br />
S11<br />
S10<br />
R3<br />
Customer<br />
R1<br />
Customer<br />
R2<br />
Customer<br />
Slide 147 Laurent Toutain Filière 2
Example: Layer 2 network (eg: ATM)<br />
Link States ◮ IS-IS<br />
Provider<br />
R5<br />
Provider<br />
300 000 300 000<br />
R6<br />
< 6 ∗ 7 = 42<br />
S9<br />
R4<br />
Provider<br />
300 000<br />
Customer<br />
R7<br />
S8<br />
< 6 ∗ 7 = 42<br />
S11<br />
< 6 ∗ 7 = 42<br />
S10<br />
< 6 ∗ 7 = 42<br />
R3<br />
Customer<br />
R1<br />
R2<br />
Customer<br />
Customer<br />
Slide 147 Laurent Toutain Filière 2
Example: Layer 2 network (eg: ATM)<br />
Link States ◮ IS-IS<br />
Provider<br />
R5<br />
Provider<br />
300 000 300 000<br />
R6<br />
< 6 ∗ 7 = 42<br />
S9<br />
R4<br />
Provider<br />
300 000<br />
Customer<br />
R7<br />
S8<br />
< 6 ∗ 7 = 42<br />
S11<br />
< 6 ∗ 7 = 42<br />
S10<br />
< 6 ∗ 7 = 42<br />
R3<br />
Customer<br />
R1<br />
R2<br />
Customer<br />
Customer<br />
Slide 147 Laurent Toutain Filière 2
Example: Layer 2 network (eg: ATM)<br />
Link States ◮ IS-IS<br />
Provider<br />
R5<br />
Provider<br />
300 000 300 000<br />
R6<br />
< 6 ∗ 7 = 42<br />
S9<br />
R4<br />
Provider<br />
300 000<br />
Customer<br />
R7<br />
S8<br />
< 6 ∗ 7 = 42<br />
S11<br />
< 6 ∗ 7 = 42<br />
S10<br />
< 6 ∗ 7 = 42<br />
R3<br />
Customer<br />
R1<br />
R2<br />
Customer<br />
Customer<br />
Slide 147 Laurent Toutain Filière 2
Example: Layer 2 network (eg: ATM)<br />
Link States ◮ IS-IS<br />
Provider<br />
R5<br />
Provider<br />
300 000 300 000<br />
R6<br />
< 6 ∗ 7 = 42<br />
S9<br />
R4<br />
Provider<br />
300 000<br />
Customer<br />
R7<br />
Announcement < 6 ∗ 7 = 42 are copied n times<br />
S8<br />
No topology knowledge < 6 ∗ 7 = 42 S10<br />
S11<br />
< 6 ∗ 7 = 42<br />
R3<br />
Customer<br />
R1<br />
Customer<br />
R2<br />
Customer<br />
Slide 147 Laurent Toutain Filière 2
L2 switching<br />
Link States ◮ IS-IS<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Each PE router open a VP with other PE router<br />
VPs are viewed as direct links<br />
Switches do not seen routing tables<br />
Only PE has to memorize all DFZ (Default-Free Zone) routes<br />
VP can be set manually<br />
•<br />
better use or resources (load balancing)<br />
BGP and IGP exchanges between routers inside the domain<br />
•<br />
same information is transfered several times on the same<br />
physical link<br />
Routers are not aware of physical topology<br />
Slide 148 Laurent Toutain Filière 2
MPLS: Multi Protocol Label Switching<br />
Link States ◮ IS-IS<br />
<br />
<br />
Goal:<br />
•<br />
Use routing protocols as a signaling plane<br />
•<br />
Switch the data plane<br />
− Use of virtual path called Label Switched Path<br />
− A switching table: Next Hop Label Forwarding Element<br />
•<br />
Offer more flexibility for traffc engineering<br />
•<br />
Routers are called Label Switch Routers<br />
LDP Label Distribution Protocol convert IGP routing into LSP<br />
<br />
RSVP-TE can be used to by-pass IGP routing and assign<br />
bandwidth<br />
Slide 149 Laurent Toutain Filière 2
Simplified architecture of a LSR<br />
Link States ◮ IS-IS<br />
Application<br />
IGP & RIB<br />
IP<br />
MPLS<br />
Layer 2 Layer 2<br />
Slide 150 Laurent Toutain Filière 2
Simplified architecture of a LSR<br />
Link States ◮ IS-IS<br />
Application<br />
IGP & RIB<br />
LDP<br />
IP<br />
MPLS<br />
Layer 2 Layer 2<br />
Slide 150 Laurent Toutain Filière 2
Simplified architecture of a LSR<br />
Link States ◮ IS-IS<br />
Application<br />
IGP & RIB<br />
LDP<br />
IP<br />
MPLS<br />
LIB (NHLFE)<br />
Layer 2 Layer 2<br />
Slide 150 Laurent Toutain Filière 2
Simplified architecture of a LSR<br />
Link States ◮ IS-IS<br />
Application<br />
IGP & RIB<br />
LDP<br />
RSVP-TE<br />
IP<br />
MPLS<br />
LIB (NHLFE)<br />
Layer 2 Layer 2<br />
Slide 150 Laurent Toutain Filière 2
Simplified architecture of a LSR<br />
Link States ◮ IS-IS<br />
Application<br />
IGP & RIB<br />
LDP<br />
RSVP-TE<br />
IP<br />
MPLS<br />
LIB (NHLFE)<br />
Layer 2 Layer 2<br />
Slide 150 Laurent Toutain Filière 2
Simplified architecture of a LSR<br />
Link States ◮ IS-IS<br />
Application<br />
IGP & RIB<br />
LDP<br />
RSVP-TE<br />
IP<br />
MPLS<br />
LIB (NHLFE)<br />
Layer 2 Layer 2<br />
Slide 150 Laurent Toutain Filière 2
Simplified architecture of a LSR<br />
Link States ◮ IS-IS<br />
Application<br />
IP<br />
MPLS<br />
IGP & RIB<br />
LDP<br />
LIB (NHLFE)<br />
RSVP-TE<br />
Layer 2 Layer 2<br />
Control Switching<br />
Slide 150 Laurent Toutain Filière 2
Simplified architecture of a LSR<br />
Link States ◮ IS-IS<br />
Application<br />
IP<br />
MPLS<br />
IGP & RIB<br />
LDP<br />
LIB (NHLFE)<br />
RSVP-TE<br />
Multi Protocol Layer 2 Layer 2<br />
Control Switching<br />
Slide 150 Laurent Toutain Filière 2
Simplified architecture of a LSR<br />
Link States ◮ IS-IS<br />
Application IGP & RIB<br />
LDP RSVP-TE<br />
IP<br />
Multi Protocol<br />
MPLS<br />
LIB (NHLFE)<br />
Multi Protocol Layer 2 Layer 2<br />
Control Switching<br />
Slide 150 Laurent Toutain Filière 2
MPLS: Multi Protocol...<br />
Link States ◮ IS-IS<br />
<br />
Layer 2<br />
•<br />
Any layer 2 with VPs like ATM, Frame Relay<br />
•<br />
Point-to-Point Networks<br />
•<br />
Ethernet<br />
•<br />
Extension for Optical Networks (GMPLS)<br />
<br />
Layer 3<br />
<br />
•<br />
Forwarding is under Layer 3<br />
•<br />
IPv4 (with public or private addresses), IPv6<br />
•<br />
Ethernet / Bridging<br />
Done by hardware: more efficient than an IP tunnel.<br />
Slide 151 Laurent Toutain Filière 2
MPLS: ...Label...<br />
Link States ◮ IS-IS<br />
S=1<br />
L2<br />
Label<br />
TC<br />
S<br />
TTL<br />
Label<br />
TC<br />
S<br />
TTL<br />
L3<br />
20 bits<br />
3 bits 1 b<br />
8 bit<br />
20 bits<br />
3 bits 1 b<br />
8 bit<br />
<br />
ATM and Frame relay: Label in copied in the VPI/VCI or<br />
DLCI<br />
<br />
Ethernet: Ethertype 8847 (Unicast), 8848 (Multicast)<br />
<br />
PPP: protocol : 281 (Unicast), 282 (Multicast)<br />
<br />
Label can be :<br />
•<br />
per platform: unique for each LSR<br />
•<br />
per interface: unique for one interface (may be reused<br />
elsewhere) :<br />
−<br />
Default behavior<br />
Slide 152 Laurent Toutain Filière 2
MPLS: ...Label...<br />
Link States ◮ IS-IS<br />
S=1<br />
L2<br />
Label<br />
TC<br />
S<br />
TTL<br />
Label<br />
TC<br />
S<br />
TTL<br />
L3<br />
20 bits<br />
3 bits 1 b<br />
8 bit<br />
20 bits<br />
3 bits 1 b<br />
8 bit<br />
<br />
Label can be :<br />
•<br />
per platform: unique for each LSR<br />
− Not necessary to remember interface<br />
•<br />
per interface: unique for one interface<br />
− must associate value and interface in the LIB<br />
•<br />
Special labels:<br />
−<br />
0: IPv4 Explicit NULL = POP and forwarding<br />
−<br />
1: Router Alert<br />
− 2: IPv6 Explicit NULL = POP and forwarding<br />
− 3: Implicit NULL = POP<br />
− 14: OAM Alert [RFC3429]<br />
Slide 152 Laurent Toutain Filière 2
MPLS: ...Label...<br />
Link States ◮ IS-IS<br />
S=1<br />
L2<br />
Label<br />
TC<br />
S<br />
TTL<br />
Label<br />
TC<br />
S<br />
TTL<br />
L3<br />
20 bits<br />
3 bits 1 b<br />
8 bit<br />
20 bits<br />
3 bits 1 b<br />
8 bit<br />
<br />
Payload type is lost<br />
•<br />
Label can be used to recover it<br />
•<br />
Depend of the context<br />
Slide 152 Laurent Toutain Filière 2
MPLS: ...Label...<br />
Link States ◮ IS-IS<br />
S=1<br />
L2<br />
Label<br />
TC<br />
S<br />
TTL<br />
Label<br />
TC<br />
S<br />
TTL<br />
L3<br />
20 bits<br />
3 bits 1 b<br />
8 bit<br />
20 bits<br />
3 bits 1 b<br />
8 bit<br />
<br />
TC : Traffic Class (RFC 5462)<br />
•<br />
initially experimental (RFC 3032), but RFC 3270 defines class<br />
of services<br />
•<br />
map DiffServ bits, IEEE 802.1Q classes, ...<br />
•<br />
For instance, three first bits of DiffServ Classes :<br />
•<br />
ECN can also be used (RFC 5129)<br />
Slide 152 Laurent Toutain Filière 2
MPLS: ...Label...<br />
Link States ◮ IS-IS<br />
S=1<br />
L2<br />
Label<br />
TC<br />
S<br />
TTL<br />
Label<br />
TC<br />
S<br />
TTL<br />
L3<br />
20 bits<br />
3 bits 1 b<br />
8 bit<br />
20 bits<br />
3 bits 1 b<br />
8 bit<br />
<br />
<br />
S=1 : Another label is stacked<br />
TTL : decreased by one by each LSR<br />
•<br />
Avoid loops based on routing protocol<br />
•<br />
Initial value copied from IP field (TTL or HL)<br />
− traceroute works.<br />
− ICMP extension for MPLS (RFC 4950)<br />
Slide 152 Laurent Toutain Filière 2
MPLS: ...Switching<br />
Link States ◮ IS-IS<br />
R5<br />
R6<br />
a<br />
c b<br />
R9<br />
d a<br />
a<br />
a<br />
R4<br />
α<br />
R7<br />
a<br />
c<br />
d R8<br />
a<br />
b<br />
c R11 b<br />
a<br />
c<br />
b<br />
R10 a<br />
d<br />
a<br />
R3<br />
a<br />
a<br />
R1<br />
R2<br />
Slide 153 Laurent Toutain Filière 2
MPLS: ...Switching<br />
Link States ◮ IS-IS<br />
R5<br />
R6<br />
α a/10<br />
a<br />
c b<br />
R9<br />
d a<br />
a<br />
a<br />
R4<br />
α<br />
R7<br />
a<br />
c<br />
d R8<br />
a<br />
b<br />
c R11 b<br />
a<br />
c<br />
b<br />
R10 a<br />
d<br />
a<br />
R3<br />
a<br />
a<br />
R1<br />
R2<br />
Slide 153 Laurent Toutain Filière 2
MPLS: ...Switching<br />
Link States ◮ IS-IS<br />
R5<br />
R6<br />
R7<br />
a<br />
α a/10<br />
d/10 b/20<br />
a<br />
c<br />
d R8<br />
a<br />
b<br />
c b<br />
R9<br />
d a<br />
c R11 b<br />
a<br />
a<br />
c<br />
b<br />
R10 a<br />
d<br />
a<br />
a<br />
R4<br />
R3<br />
α<br />
a<br />
a<br />
R1<br />
R2<br />
Slide 153 Laurent Toutain Filière 2
MPLS: ...Switching<br />
Link States ◮ IS-IS<br />
R5<br />
R6<br />
R7<br />
a<br />
α a/10<br />
d/10 b/20<br />
a<br />
c<br />
d R8<br />
a<br />
b<br />
a<br />
c b<br />
R9<br />
d a<br />
Penultimate<br />
d/10 pop<br />
c/20 b/10 c<br />
b<br />
R10 a<br />
d<br />
c R11 b<br />
a<br />
a<br />
a<br />
R4<br />
R3<br />
α<br />
a<br />
a<br />
R1<br />
R2<br />
Slide 153 Laurent Toutain Filière 2
MPLS: ...Switching VC merging<br />
Link States ◮ IS-IS<br />
R5<br />
R6<br />
R7<br />
a<br />
α a/10<br />
d/10 b/20<br />
a<br />
c<br />
d R8<br />
a<br />
b α a/25<br />
a<br />
a<br />
c b<br />
R9<br />
d a<br />
Penultimate<br />
d/10 pop<br />
c/20 b/10 c<br />
b<br />
R10 a<br />
d<br />
c R11 b<br />
a<br />
a<br />
a<br />
a<br />
R4<br />
R3<br />
α<br />
R1<br />
R2<br />
Slide 153 Laurent Toutain Filière 2
MPLS: ...Switching VC merging<br />
Link States ◮ IS-IS<br />
R5<br />
R6<br />
R7<br />
α a/10<br />
d/10 b/20<br />
a/25 b/20<br />
a<br />
c<br />
d R8<br />
a<br />
b<br />
a<br />
a<br />
α a/25<br />
a<br />
c b<br />
R9<br />
d a<br />
Penultimate<br />
d/10 pop<br />
c/20 b/10 c<br />
b<br />
R10 a<br />
d<br />
c R11 b<br />
a<br />
a<br />
a<br />
a<br />
R4<br />
R3<br />
α<br />
R1<br />
R2<br />
Slide 153 Laurent Toutain Filière 2
How to build FEC and LIB <br />
Link States ◮ IS-IS<br />
<br />
<br />
<br />
<br />
Manually<br />
Using Label Distribution Protocol<br />
•<br />
works with an IGP (prefix discovery and route selection)<br />
•<br />
two label distribution modes :<br />
− independent : each LSR works independently on FEC<br />
− ordered : downstream LSR has to establish the FEC first<br />
•<br />
two label retention modes :<br />
− conservative : keep in memory just useful labels<br />
− liberal : memorize label not useful for the LSP (faster reroute)<br />
RSVP-TE<br />
•<br />
independent of IGP: allow the provider to force paths and<br />
reserve resources<br />
•<br />
allow rerouting in case of link failure<br />
MP-BGP<br />
•<br />
Dissociate internal routing and external routing<br />
•<br />
VPN, IPv6 over IPv4, IPv4 over IPv6<br />
Slide 154 Laurent Toutain Filière 2
Principle: Overview<br />
Link States ◮ IS-IS<br />
<br />
<br />
<br />
<br />
<br />
An IGP is running on all LSR<br />
LSR know site prefixes<br />
LSR issue a label for each prefix and interface<br />
LSR use LDP to send the binding between label and prefix<br />
When receiving a label, if the sender is the next hop in the<br />
IGP’s Shortest Path Tree, the label is pushed to the LIB.<br />
Slide 155 Laurent Toutain Filière 2
Label distribution example<br />
Link States ◮ IS-IS<br />
R7<br />
γ<br />
β<br />
R8<br />
R5<br />
δ<br />
ɛ<br />
ι<br />
R9<br />
θ<br />
c R11 b<br />
a<br />
µ<br />
ζ<br />
R6<br />
η<br />
R10<br />
κ<br />
λ<br />
R4<br />
R3<br />
α<br />
R1<br />
R2<br />
Slide 156 Laurent Toutain Filière 2
Label distribution example: Discover prefixes<br />
Link States ◮ IS-IS<br />
R7<br />
γ<br />
β<br />
R8<br />
R5<br />
ι<br />
LSA<br />
δ<br />
LSA<br />
LSA<br />
ɛ<br />
θ<br />
LSA<br />
R9<br />
LSA<br />
β, γ, ..., λ, µ<br />
c R11 b<br />
a<br />
LSA<br />
µ<br />
ζ<br />
R6<br />
LSA<br />
η<br />
LSA<br />
LSA<br />
LSAR10<br />
κ<br />
λ<br />
R4<br />
R3<br />
α<br />
R1<br />
R2<br />
Slide 156 Laurent Toutain Filière 2
Label distribution example: SPT computation<br />
Link States ◮ IS-IS<br />
R7<br />
γ<br />
R8<br />
β<br />
R5<br />
ι<br />
δ<br />
ɛ<br />
R9<br />
θ<br />
β, γ, ..., λ, µ<br />
c R11 b<br />
a<br />
µ<br />
R6<br />
ζ<br />
η<br />
R10<br />
κ<br />
λ<br />
R4<br />
R3<br />
α<br />
R1<br />
R2<br />
Slide 156 Laurent Toutain Filière 2
Label distribution example: Sending Labels<br />
Link States ◮ IS-IS<br />
R7<br />
γ<br />
β<br />
R1<br />
R8<br />
R5<br />
ι<br />
ι<br />
δ<br />
ɛ<br />
ι : L100<br />
a<br />
b<br />
c<br />
R9<br />
R6<br />
θ<br />
ζ<br />
β, γ, ..., λ, µ<br />
ι : L100<br />
L100<br />
L100<br />
L100<br />
c R11 b<br />
ι : L100<br />
a<br />
µ<br />
R2<br />
η<br />
R10<br />
κ<br />
λ<br />
R4<br />
R3<br />
α<br />
Slide 156 Laurent Toutain Filière 2
Label distribution example: Receiving Labels<br />
Link States ◮ IS-IS<br />
R7<br />
γ<br />
R8<br />
β<br />
R1<br />
R5<br />
ι<br />
δ<br />
ɛ<br />
ι<br />
θ<br />
ι : L200<br />
R9<br />
a L100<br />
b<br />
c<br />
L100<br />
L100<br />
β, γ, ..., λ, µ<br />
c R11 b<br />
a<br />
ι : L987<br />
µ<br />
R2<br />
R6<br />
ζ<br />
η<br />
ι : L234<br />
R10<br />
κ<br />
λ<br />
R4<br />
R3<br />
α<br />
Slide 156 Laurent Toutain Filière 2
Label distribution example: Receiving Labels<br />
Link States ◮ IS-IS<br />
R7<br />
γ<br />
R8<br />
β<br />
R1<br />
R5<br />
ι<br />
δ<br />
ɛ<br />
ι<br />
θ<br />
ι : L200<br />
R9<br />
a L100<br />
b<br />
c<br />
L100<br />
L100<br />
β, γ, ..., λ, µ<br />
c R11 b<br />
a<br />
ι : L987<br />
µ<br />
R2<br />
R6<br />
ζ<br />
η<br />
ι : L234<br />
LIB<br />
R10<br />
κ<br />
λ<br />
a : 100 b:234 c:200<br />
b : 100 b:234 c:200<br />
c : 100 b:234 c:200<br />
R4<br />
R3<br />
α<br />
Slide 156 Laurent Toutain Filière 2
Label distribution example: Rerouting<br />
Link States ◮ IS-IS<br />
R7<br />
γ<br />
R8<br />
β<br />
R1<br />
R5<br />
ι<br />
ι<br />
δ<br />
ɛ<br />
a<br />
b<br />
c<br />
R9<br />
θ<br />
β, γ, ..., λ, µ<br />
L100<br />
L100<br />
L100<br />
c R11 b<br />
a<br />
µ<br />
R2<br />
R6<br />
ζ<br />
η<br />
LIB<br />
R10<br />
κ<br />
λ<br />
a : 100 b:234<br />
b : 100 b:234 c:200<br />
c : 100 b:234 c:200<br />
R4<br />
R3<br />
α<br />
Slide 156 Laurent Toutain Filière 2
Label distribution example: Rerouting<br />
Link States ◮ IS-IS<br />
R7<br />
γ<br />
R8<br />
β<br />
R1<br />
R5<br />
ι<br />
ι<br />
δ<br />
ɛ<br />
a<br />
b<br />
c<br />
R9<br />
β, γ, ..., λ, µ<br />
L100<br />
L100<br />
L100<br />
c R11 b<br />
a<br />
R6<br />
θ<br />
ζ<br />
κ<br />
µ<br />
R2<br />
η<br />
Label ι requested<br />
ι : L234<br />
R10<br />
λ<br />
a : 100 b:234<br />
LIB b : 100 b:234<br />
c : 100 b:234<br />
R4<br />
R3<br />
α<br />
Slide 156 Laurent Toutain Filière 2
POP<br />
Link States ◮ IS-IS<br />
<br />
Pop can be :<br />
•<br />
implicit (value 3): the LSR remove the label and send it to the<br />
forwarding engine.<br />
− the LSR must know which forwarding engine from the context.<br />
− NEVER sent on the link.<br />
− On the last link, packet is sent normally avoiding MPLS pop<br />
on the last router.<br />
•<br />
explicit (value 0 for IPv4, 2 for IPv6):<br />
−<br />
−<br />
−<br />
when receiving this label, the LSR must send the MPLS<br />
payload to the corresponding forwarding engine.<br />
Sent on the link<br />
Initially last on the label stack, RFC 4182 removes this<br />
constraint<br />
Slide 157 Laurent Toutain Filière 2
Label distribution example<br />
Link States ◮ IS-IS<br />
R7<br />
γ<br />
β<br />
R1<br />
R8<br />
R5<br />
δ<br />
ɛ<br />
ι<br />
R9<br />
c R11 b<br />
a<br />
R6<br />
θ<br />
ζ<br />
η<br />
µ<br />
R2<br />
L2|0|IP|...<br />
λ<br />
IP<br />
MPLS<br />
R10<br />
κ<br />
λ<br />
a : 115 b:0<br />
b : 115 b:0<br />
c : 115 b:0<br />
R4<br />
R3<br />
α<br />
Slide 158 Laurent Toutain Filière 2
Label distribution example<br />
Link States ◮ IS-IS<br />
R7<br />
γ<br />
β<br />
R1<br />
R8<br />
R5<br />
δ<br />
ɛ<br />
ι<br />
R9<br />
c R11 b<br />
a<br />
R6<br />
θ<br />
ζ<br />
η<br />
µ<br />
R2<br />
L2|IP|...<br />
λ<br />
IP<br />
R10<br />
κ<br />
λ<br />
a : 115 b:3<br />
b : 115 b:3<br />
c : 115 b:3<br />
R4<br />
R3<br />
α<br />
Slide 158 Laurent Toutain Filière 2
BGP<br />
External Gateway Protocol
Definition<br />
BGP ◮ External Gateway Protocol<br />
<br />
<br />
IGP simplifies network management<br />
•<br />
Neighbor discovery<br />
•<br />
Shortest path criteria (technical)<br />
EGP defines the interface between providers<br />
•<br />
Hide internal topology to the other peer<br />
•<br />
Select traffic to send/receive (political)<br />
•<br />
Control information received or send<br />
•<br />
Full configuration<br />
•<br />
Internal topology is not important =⇒ graph of ISP<br />
Slide 160 Laurent Toutain Filière 2
Routing policies<br />
BGP ◮ External Gateway Protocol<br />
ISP1<br />
C<br />
D<br />
ISP2<br />
BR1<br />
BR2<br />
{prefix list}<br />
A<br />
IGP<br />
{prefix list}<br />
B<br />
Slide 161 Laurent Toutain Filière 2
Routing policies<br />
BGP ◮ External Gateway Protocol<br />
ISP1<br />
C<br />
D<br />
ISP2<br />
{prefix list}<br />
{prefix list}<br />
BR1<br />
BR2<br />
{prefix list}<br />
A<br />
IGP<br />
{prefix list}<br />
B<br />
Slide 161 Laurent Toutain Filière 2
Routing policies<br />
BGP ◮ External Gateway Protocol<br />
ISP1<br />
C<br />
D<br />
ISP2<br />
{prefix list}<br />
{prefix list}<br />
BR1<br />
BR2<br />
{prefix list}<br />
A<br />
IGP<br />
{prefix list}<br />
B<br />
Slide 161 Laurent Toutain Filière 2
Routing policies<br />
BGP ◮ External Gateway Protocol<br />
ISP1 blocks ISP2 prefixes<br />
ISP2 blocks ISP1 prefixes<br />
ISP1<br />
C<br />
D<br />
ISP2<br />
{prefix list}<br />
{prefix list}<br />
BR1<br />
Use site resources<br />
BR2<br />
{prefix list}<br />
A<br />
IGP<br />
{prefix list}<br />
B<br />
Slide 161 Laurent Toutain Filière 2
Routing policies<br />
BGP ◮ External Gateway Protocol<br />
ISP1<br />
C<br />
D<br />
ISP2<br />
{left prefix list}<br />
{right prefix list}<br />
BR1<br />
BR2<br />
{prefix list}<br />
A<br />
IGP<br />
{prefix list}<br />
B<br />
Slide 161 Laurent Toutain Filière 2
Routing policies<br />
BGP ◮ External Gateway Protocol<br />
ISP1<br />
C<br />
D<br />
ISP2<br />
{left prefix list}<br />
{right prefix list}<br />
BR1<br />
BR2<br />
{prefix list}<br />
A<br />
IGP<br />
{prefix list}<br />
B<br />
Slide 161 Laurent Toutain Filière 2
Routing policies<br />
BGP ◮ External Gateway Protocol<br />
ISP1<br />
C<br />
D<br />
ISP2<br />
BR1<br />
BR2<br />
{prefix list}<br />
Default<br />
A<br />
IGP<br />
{prefix list}<br />
Default<br />
B<br />
Slide 161 Laurent Toutain Filière 2
Routing policies<br />
BGP ◮ External Gateway Protocol<br />
ISP1<br />
C<br />
D<br />
ISP2<br />
BR1<br />
BR2<br />
{prefix list}<br />
Default<br />
A<br />
IGP<br />
{prefix list}<br />
Default<br />
B<br />
Slide 161 Laurent Toutain Filière 2
Routing policies<br />
BGP ◮ External Gateway Protocol<br />
ISP1<br />
C<br />
D<br />
ISP2<br />
BR1<br />
{prefix list}<br />
Default<br />
Difficult to inject the<br />
300 000 routes of the<br />
Internet core<br />
A<br />
IGP<br />
B<br />
BR2<br />
{prefix list}<br />
Default<br />
Slide 161 Laurent Toutain Filière 2
Routing policies<br />
BGP ◮ External Gateway Protocol<br />
ISP1<br />
C<br />
D<br />
ISP2<br />
{prefix list}<br />
{prefix list}<br />
BR1<br />
BR2<br />
{prefix list}<br />
Default<br />
A<br />
IGP<br />
{prefix list}<br />
Default<br />
B<br />
Simpliest configuration<br />
Slide 161 Laurent Toutain Filière 2
Routing policies<br />
BGP ◮ External Gateway Protocol<br />
ISP1<br />
C<br />
D<br />
ISP2<br />
{prefix list}<br />
{prefix list}<br />
BR1<br />
{prefix list}<br />
Default<br />
A<br />
Asymetric<br />
IGP<br />
B<br />
BR2<br />
{prefix list}<br />
Default<br />
Slide 161 Laurent Toutain Filière 2
Routing policies<br />
BGP ◮ External Gateway Protocol<br />
ISP1<br />
C<br />
D<br />
ISP2<br />
{All}<br />
{All}<br />
BR1<br />
BR2<br />
{prefix list}<br />
All<br />
A<br />
IGP<br />
{prefix list}<br />
All<br />
B<br />
Slide 161 Laurent Toutain Filière 2
Routing policies<br />
BGP ◮ External Gateway Protocol<br />
ISP1<br />
C<br />
D<br />
ISP2<br />
{All}<br />
{All}<br />
BR1<br />
BR2<br />
{prefix list}<br />
All<br />
A<br />
IGP<br />
{prefix list}<br />
All<br />
B<br />
Slide 161 Laurent Toutain Filière 2
Routing policies<br />
BGP ◮ External Gateway Protocol<br />
ISP1<br />
C<br />
D<br />
ISP2<br />
{All}<br />
{All}<br />
BR1<br />
Transit Network<br />
BR2<br />
{prefix list}<br />
All<br />
A<br />
IGP<br />
{prefix list}<br />
All<br />
B<br />
Slide 161 Laurent Toutain Filière 2
Routing policies<br />
BGP ◮ External Gateway Protocol<br />
{All}<br />
ISP1<br />
BR1<br />
{prefix list}<br />
All<br />
A<br />
Never inject IGP external<br />
routes back<br />
into C BGP D<br />
IGP<br />
B<br />
ISP2<br />
BR2<br />
{All}<br />
{prefix list}<br />
All<br />
Slide 161 Laurent Toutain Filière 2
BGP<br />
AS Peering
Autonomous System<br />
BGP ◮ AS Peering<br />
<br />
<br />
<br />
<br />
Autonomous System (AS): Network managed by an authority<br />
•<br />
Internet is a graph of AS<br />
Prefixes cannot be used to identify an AS<br />
ASN: Autonoumous System Number is used<br />
•<br />
on 16 bits, but transition to 32 bits is intiated<br />
•<br />
assigned by RIR<br />
•<br />
values higher than 65 000 are private<br />
whois databases store information related to ASes<br />
•<br />
Can be used to make a link between a prefix and an ASN<br />
•<br />
Each RIR maintains AS database ⇒ whois.ripe.net<br />
•<br />
whois.ra.net regroups all registries information<br />
Slide 163 Laurent Toutain Filière 2
Example: whois -h whois.ripe.net AS2200<br />
BGP ◮ AS Peering<br />
aut-num: AS2200<br />
as-name: FR-RENATER<br />
descr: Reseau National de telecommunications pour la Technologie<br />
descr: l’Enseignement et la Recherche<br />
descr: FR<br />
import: from AS-RENATER accept <br />
import: from AS-SFINX-PEERS action pref=190; accept <br />
import: from AS20965 action pref=300; accept ANY<br />
import: from AS7500 action pref=190; accept AS7500<br />
import: from AS1273 action pref=300; accept ANY<br />
import: from AS3356 action pref=300; accept ANY<br />
export: to AS-RENATER announce ANY<br />
export: to AS-SFINX-PEERS announce AS-RENATER<br />
export: to AS20965 announce AS-RENATER AS7500<br />
export: to AS12654 announce AS-RENATER<br />
export: to AS21357 announce AS-RENATER<br />
export: to AS1273 announce AS-RENATER<br />
export: to AS3356 announce AS-RENATER<br />
admin-c: GR1378-RIPE<br />
tech-c: GR1378-RIPE<br />
mnt-by: RENATER-MNT<br />
source: RIPE # Filtered<br />
RPSL: Routing Policy Specification Language (RFC 4012)<br />
<br />
describes routing policies between provider in whois database<br />
Slide 164 Laurent Toutain Filière 2
Example: whois -h whois.ripe.net AS2200<br />
BGP ◮ AS Peering<br />
aut-num: AS2200<br />
as-name: FR-RENATER<br />
descr: Reseau National de telecommunications pour la Technologie<br />
descr: l’Enseignement et la Recherche<br />
descr: FR<br />
import: from AS-RENATER accept <br />
import: from AS-SFINX-PEERS action pref=190; accept <br />
import: from AS20965 action pref=300; accept ANY<br />
import: from AS7500 action pref=190; accept AS7500<br />
import: from AS1273 action pref=300; accept ANY<br />
import: from AS3356 action pref=300; accept ANY<br />
export: to AS-RENATER announce ANY<br />
export: to AS-SFINX-PEERS announce AS-RENATER<br />
export: to AS20965 announce AS-RENATER AS7500<br />
export: to AS12654 announce AS-RENATER<br />
export: to AS21357 announce AS-RENATER<br />
export: to AS1273 announce AS-RENATER<br />
export: to AS3356 announce AS-RENATER<br />
admin-c: GR1378-RIPE<br />
tech-c: GR1378-RIPE<br />
mnt-by: RENATER-MNT<br />
source: RIPE # Filtered<br />
RPSL: Routing Policy Specification Language (RFC 4012)<br />
<br />
describes routing policies between provider in whois database<br />
Slide 164 Laurent Toutain Filière 2
Example: whois -h whois.ripe.net AS2200<br />
BGP ◮ AS Peering<br />
aut-num: AS2200<br />
as-name: FR-RENATER<br />
descr: Reseau National de telecommunications pour la Technologie<br />
descr: l’Enseignement et la Recherche<br />
descr: FR<br />
import: from AS-RENATER accept <br />
import: from AS-SFINX-PEERS action pref=190; accept <br />
import: from AS20965 action pref=300; accept ANY<br />
import: from AS7500 action pref=190; accept AS7500<br />
import: from AS1273 action pref=300; accept ANY<br />
import: from AS3356 action pref=300; accept ANY<br />
export: to AS-RENATER announce ANY<br />
export: to AS-SFINX-PEERS announce AS-RENATER<br />
export: to AS20965 announce AS-RENATER AS7500<br />
export: to AS12654 announce AS-RENATER<br />
export: to AS21357 announce AS-RENATER<br />
export: to AS1273 announce AS-RENATER<br />
export: to AS3356 announce AS-RENATER<br />
admin-c: GR1378-RIPE<br />
tech-c: GR1378-RIPE<br />
mnt-by: RENATER-MNT<br />
source: RIPE # Filtered<br />
RPSL: Routing Policy Specification Language (RFC 4012)<br />
<br />
describes routing policies between provider in whois database<br />
Slide 164 Laurent Toutain Filière 2
Example: whois -h whois.ripe.net AS2200<br />
BGP ◮ AS Peering<br />
aut-num: AS2200<br />
as-name: FR-RENATER<br />
descr: Reseau National de telecommunications pour la Technologie<br />
descr: l’Enseignement et la Recherche<br />
descr: FR<br />
import: from AS-RENATER accept <br />
import: from AS-SFINX-PEERS action pref=190; accept <br />
import: from AS20965 action pref=300; accept ANY<br />
import: from AS7500 action pref=190; accept AS7500<br />
import: from AS1273 action pref=300; accept ANY<br />
import: from AS3356 action pref=300; accept ANY<br />
export: to AS-RENATER announce ANY<br />
export: to AS-SFINX-PEERS announce AS-RENATER<br />
export: to AS20965 announce AS-RENATER AS7500<br />
export: to AS12654 announce AS-RENATER<br />
export: to AS21357 announce AS-RENATER<br />
export: to AS1273 announce AS-RENATER<br />
export: to AS3356 announce AS-RENATER<br />
admin-c: GR1378-RIPE<br />
tech-c: GR1378-RIPE<br />
mnt-by: RENATER-MNT<br />
source: RIPE # Filtered<br />
RPSL: Routing Policy Specification Language (RFC 4012)<br />
<br />
describes routing policies between provider in whois database<br />
Slide 164 Laurent Toutain Filière 2
Network topology from AS2200<br />
BGP ◮ AS Peering<br />
from AS-RENATER accept <br />
AS12654<br />
RIPE RIS<br />
AS20965<br />
AS21357<br />
GEANT<br />
AKAMAI<br />
AS1273<br />
Cable &<br />
AS2200<br />
RENATER<br />
AS7500<br />
DNS root<br />
Wireless<br />
List of<br />
ASes<br />
Sfinx<br />
AS3356<br />
Level 3<br />
Slide 165 Laurent Toutain Filière 2
Network topology from AS2200<br />
BGP ◮ AS Peering<br />
from AS-SFINX-PEERS action pref=190; accept<br />
><br />
AS12654<br />
RIPE RIS<br />
AS20965<br />
AS21357<br />
AKAMAI<br />
AS1273<br />
Cable &<br />
Wireless<br />
AS2200<br />
RENATER<br />
List of<br />
ASes<br />
GEANT<br />
AS3356<br />
Level 3<br />
members:<br />
AS174, AS702,<br />
AS1136, AS1257,<br />
AS2486, AS2686,<br />
AS3209, AS3291,<br />
AS3303, AS4513,<br />
AS4589....<br />
AS7500<br />
DNS root<br />
Sfinx<br />
Slide 165 Laurent Toutain Filière 2
Network topology from AS2200<br />
BGP ◮ AS Peering<br />
from AS20965 action pref=300; accept ANY<br />
AS12654<br />
RIPE RIS<br />
AS20965<br />
AS21357<br />
GEANT<br />
AKAMAI<br />
AS1273<br />
Cable &<br />
AS2200<br />
RENATER<br />
AS7500<br />
DNS root<br />
Wireless<br />
List of<br />
ASes<br />
Sfinx<br />
AS3356<br />
Level 3<br />
Slide 165 Laurent Toutain Filière 2
Network topology from AS2200<br />
BGP ◮ AS Peering<br />
...<br />
AS12654<br />
RIPE RIS<br />
AS20965<br />
AS21357<br />
GEANT<br />
AKAMAI<br />
AS1273<br />
Cable &<br />
AS2200<br />
RENATER<br />
AS7500<br />
DNS root<br />
Wireless<br />
List of<br />
ASes<br />
Sfinx<br />
AS3356<br />
Level 3<br />
Slide 165 Laurent Toutain Filière 2
Network topology from AS2200<br />
BGP ◮ AS Peering<br />
to AS-RENATER announce ANY<br />
AS12654<br />
RIPE RIS<br />
AS20965<br />
AS21357<br />
GEANT<br />
AKAMAI<br />
AS1273<br />
Cable &<br />
AS2200<br />
RENATER<br />
AS7500<br />
DNS root<br />
Wireless<br />
List of<br />
ASes<br />
Sfinx<br />
AS3356<br />
Level 3<br />
Slide 165 Laurent Toutain Filière 2
Network topology from AS2200<br />
BGP ◮ AS Peering<br />
to AS-SFINX-PEERS announce AS-RENATER<br />
AS12654<br />
RIPE RIS<br />
AS20965<br />
AS21357<br />
GEANT<br />
AKAMAI<br />
AS1273<br />
Cable &<br />
AS2200<br />
RENATER<br />
AS7500<br />
DNS root<br />
Wireless<br />
List of<br />
ASes<br />
Sfinx<br />
AS3356<br />
Level 3<br />
Slide 165 Laurent Toutain Filière 2
Network topology from AS2200<br />
BGP ◮ AS Peering<br />
to AS20965 announce AS-RENATER AS7500<br />
AS12654<br />
RIPE RIS<br />
AS20965<br />
AS21357<br />
GEANT<br />
AKAMAI<br />
AS1273<br />
Cable &<br />
AS2200<br />
RENATER<br />
AS7500<br />
DNS root<br />
Wireless<br />
List of<br />
ASes<br />
Sfinx<br />
AS3356<br />
Level 3<br />
Slide 165 Laurent Toutain Filière 2
Network topology from AS2200<br />
BGP ◮ AS Peering<br />
...<br />
AS12654<br />
RIPE RIS<br />
AS20965<br />
AS21357<br />
GEANT<br />
AKAMAI<br />
AS1273<br />
Cable &<br />
AS2200<br />
RENATER<br />
AS7500<br />
DNS root<br />
Wireless<br />
List of<br />
ASes<br />
Sfinx<br />
AS3356<br />
Level 3<br />
Slide 165 Laurent Toutain Filière 2
Traceroute<br />
BGP ◮ AS Peering<br />
<br />
<br />
<br />
<br />
<br />
<br />
Traceroute sends a packet with TTL/HL=1<br />
First router discards packet and sends an ICMP message<br />
DNS reverse query allows to know router’s name<br />
whois dabase query allows to know ASN<br />
Also called NANOG traceroute<br />
•<br />
see ftp://ftp.login.com/pub/software/traceroute/<br />
•<br />
apt-get install traceoute-nanog<br />
-A allows to display ASN<br />
Slide 166 Laurent Toutain Filière 2
Traceroute<br />
BGP ◮ AS Peering<br />
# traceroute -A www.icu.ac.kr<br />
traceroute to www.icu.ac.kr (143.248.116.26), 64 hops max, 40 byte packets<br />
1 mgs-c5.ipv6.rennes.enst-bretagne.fr (192.108.119.190) [AS2200] 0 ms 0 ms 0 ms<br />
2 * * *<br />
3 te4-1-caen-rtr-021.noc.renater.fr (193.51.189.54) [AS2200] [MPLS: Label 227 Exp 0] 7 ms 7 ms 7 ms<br />
4 te4-1-rouen-rtr-021.noc.renater.fr (193.51.189.46) [AS2200] [MPLS: Label 348 Exp 0] 7 ms 7 ms 7 ms<br />
5 te0-0-0-1-paris1-rtr-001.noc.renater.fr (193.51.189.49) [AS2200] 42 ms 7 ms 7 ms<br />
6 renater.rt1.par.fr.geant2.net (62.40.124.69) [AS20965] 7 ms 7 ms 7 ms<br />
7 so-3-0-0.rt1.lon.uk.geant2.net (62.40.112.106) [AS20965] 14 ms 14 ms 14 ms<br />
8 so-2-0-0.rt1.ams.nl.geant2.net (62.40.112.137) [AS20965] 22 ms 22 ms 25 ms<br />
9 xe-2-3-0.102.rtr.newy32aoa.net.internet2.edu (198.32.11.50) [] 106 ms 106 ms 106 ms<br />
10 ge-0-0-0.0.rtr.chic.net.internet2.edu (64.57.28.72) [] 133 ms 144 ms 133 ms<br />
11 kreonet2-abilene.kreonet.net (134.75.108.45) [AS1237] 188 ms 188 ms 188 ms<br />
12 134.75.108.209 (134.75.108.209) [AS1237] 303 ms 302 ms 302 ms<br />
13 supersiren.kreonet.net (134.75.20.20) [AS1237/AS9318] 302 ms 302 ms 302 ms<br />
14 kaist-gw.kaist.ac.kr (143.248.119.1) [AS1781/AS9318] 295 ms 295 ms 295 ms<br />
15 143.248.119.85 (143.248.119.85) [AS1781/AS9318] 295 ms 295 ms 295 ms<br />
16 143.248.116.253 (143.248.116.253) [AS1781/AS9318] 295 ms 296 ms 296 ms<br />
17 143.248.116.218 (143.248.116.218) [AS1781/AS9318] 296 ms 297 ms 296 ms<br />
18 iccweb.kaist.ac.kr (143.248.116.26) [AS1781/AS9318] 296 ms 296 ms 296 ms<br />
Slide 167 Laurent Toutain Filière 2
Traceroute<br />
BGP ◮ AS Peering<br />
# traceroute -A www.icu.ac.kr<br />
traceroute to www.icu.ac.kr (143.248.116.26), 64 hops max, 40 byte packets<br />
1 mgs-c5.ipv6.rennes.enst-bretagne.fr (192.108.119.190) [AS2200] 0 ms 0 ms 0 ms<br />
2 * * *<br />
3RENATER<br />
te4-1-caen-rtr-021.noc.renater.fr (193.51.189.54) [AS2200] [MPLS: Label 227 Exp 0] 7 ms 7 ms 7 ms<br />
4 te4-1-rouen-rtr-021.noc.renater.fr (193.51.189.46) [AS2200] [MPLS: Label 348 Exp 0] 7 ms 7 ms 7 ms<br />
5 te0-0-0-1-paris1-rtr-001.noc.renater.fr (193.51.189.49) [AS2200] 42 ms 7 ms 7 ms<br />
6 renater.rt1.par.fr.geant2.net (62.40.124.69) [AS20965] 7 ms 7 ms 7 ms<br />
7 so-3-0-0.rt1.lon.uk.geant2.net (62.40.112.106) [AS20965] 14 ms 14 ms 14 ms<br />
8 so-2-0-0.rt1.ams.nl.geant2.net (62.40.112.137) [AS20965] 22 ms 22 ms 25 ms<br />
9 xe-2-3-0.102.rtr.newy32aoa.net.internet2.edu (198.32.11.50) [] 106 ms 106 ms 106 ms<br />
10 ge-0-0-0.0.rtr.chic.net.internet2.edu (64.57.28.72) [] 133 ms 144 ms 133 ms<br />
11 kreonet2-abilene.kreonet.net (134.75.108.45) [AS1237] 188 ms 188 ms 188 ms<br />
12 134.75.108.209 (134.75.108.209) [AS1237] 303 ms 302 ms 302 ms<br />
13 supersiren.kreonet.net (134.75.20.20) [AS1237/AS9318] 302 ms 302 ms 302 ms<br />
14 kaist-gw.kaist.ac.kr (143.248.119.1) [AS1781/AS9318] 295 ms 295 ms 295 ms<br />
15 143.248.119.85 (143.248.119.85) [AS1781/AS9318] 295 ms 295 ms 295 ms<br />
16 143.248.116.253 (143.248.116.253) [AS1781/AS9318] 295 ms 296 ms 296 ms<br />
17 143.248.116.218 (143.248.116.218) [AS1781/AS9318] 296 ms 297 ms 296 ms<br />
18 iccweb.kaist.ac.kr (143.248.116.26) [AS1781/AS9318] 296 ms 296 ms 296 ms<br />
Slide 167 Laurent Toutain Filière 2
Traceroute<br />
BGP ◮ AS Peering<br />
# traceroute -A www.icu.ac.kr<br />
traceroute to www.icu.ac.kr (143.248.116.26), 64 hops max, 40 byte packets<br />
1 mgs-c5.ipv6.rennes.enst-bretagne.fr (192.108.119.190) [AS2200] 0 ms 0 ms 0 ms<br />
2 * * *<br />
3 te4-1-caen-rtr-021.noc.renater.fr (193.51.189.54) [AS2200] [MPLS: Label 227 Exp 0] 7 ms 7 ms 7 ms<br />
4 te4-1-rouen-rtr-021.noc.renater.fr (193.51.189.46) [AS2200] [MPLS: Label 348 Exp 0] 7 ms 7 ms 7 ms<br />
5 te0-0-0-1-paris1-rtr-001.noc.renater.fr (193.51.189.49) [AS2200] 42 ms 7 ms 7 ms<br />
6 renater.rt1.par.fr.geant2.net (62.40.124.69) [AS20965] 7 ms 7 ms 7 ms<br />
7GEANT<br />
so-3-0-0.rt1.lon.uk.geant2.net (62.40.112.106) [AS20965] 14 ms 14 ms 14 ms<br />
8 so-2-0-0.rt1.ams.nl.geant2.net (62.40.112.137) [AS20965] 22 ms 22 ms 25 ms<br />
9 xe-2-3-0.102.rtr.newy32aoa.net.internet2.edu (198.32.11.50) [] 106 ms 106 ms 106 ms<br />
10 ge-0-0-0.0.rtr.chic.net.internet2.edu (64.57.28.72) [] 133 ms 144 ms 133 ms<br />
11 kreonet2-abilene.kreonet.net (134.75.108.45) [AS1237] 188 ms 188 ms 188 ms<br />
12 134.75.108.209 (134.75.108.209) [AS1237] 303 ms 302 ms 302 ms<br />
13 supersiren.kreonet.net (134.75.20.20) [AS1237/AS9318] 302 ms 302 ms 302 ms<br />
14 kaist-gw.kaist.ac.kr (143.248.119.1) [AS1781/AS9318] 295 ms 295 ms 295 ms<br />
15 143.248.119.85 (143.248.119.85) [AS1781/AS9318] 295 ms 295 ms 295 ms<br />
16 143.248.116.253 (143.248.116.253) [AS1781/AS9318] 295 ms 296 ms 296 ms<br />
17 143.248.116.218 (143.248.116.218) [AS1781/AS9318] 296 ms 297 ms 296 ms<br />
18 iccweb.kaist.ac.kr (143.248.116.26) [AS1781/AS9318] 296 ms 296 ms 296 ms<br />
Slide 167 Laurent Toutain Filière 2
Traceroute<br />
BGP ◮ AS Peering<br />
# traceroute -A www.icu.ac.kr<br />
traceroute to www.icu.ac.kr (143.248.116.26), 64 hops max, 40 byte packets<br />
1 mgs-c5.ipv6.rennes.enst-bretagne.fr (192.108.119.190) [AS2200] 0 ms 0 ms 0 ms<br />
2 * * *<br />
3 te4-1-caen-rtr-021.noc.renater.fr (193.51.189.54) [AS2200] [MPLS: Label 227 Exp 0] 7 ms 7 ms 7 ms<br />
4 te4-1-rouen-rtr-021.noc.renater.fr (193.51.189.46) [AS2200] [MPLS: Label 348 Exp 0] 7 ms 7 ms 7 ms<br />
5 te0-0-0-1-paris1-rtr-001.noc.renater.fr (193.51.189.49) [AS2200] 42 ms 7 ms 7 ms<br />
6 renater.rt1.par.fr.geant2.net (62.40.124.69) [AS20965] 7 ms 7 ms 7 ms<br />
7 so-3-0-0.rt1.lon.uk.geant2.net (62.40.112.106) [AS20965] 14 ms 14 ms 14 ms<br />
8 so-2-0-0.rt1.ams.nl.geant2.net (62.40.112.137) [AS20965] 22 ms 22 ms 25 ms<br />
9 xe-2-3-0.102.rtr.newy32aoa.net.internet2.edu (198.32.11.50) [] 106 ms 106 ms 106 ms<br />
10USA<br />
ge-0-0-0.0.rtr.chic.net.internet2.edu (64.57.28.72) [] 133 ms 144 ms 133 ms<br />
11 kreonet2-abilene.kreonet.net (134.75.108.45) [AS1237] 188 ms 188 ms 188 ms<br />
12 134.75.108.209 (134.75.108.209) [AS1237] 303 ms 302 ms 302 ms<br />
13 supersiren.kreonet.net (134.75.20.20) [AS1237/AS9318] 302 ms 302 ms 302 ms<br />
14 kaist-gw.kaist.ac.kr (143.248.119.1) [AS1781/AS9318] 295 ms 295 ms 295 ms<br />
15 143.248.119.85 (143.248.119.85) [AS1781/AS9318] 295 ms 295 ms 295 ms<br />
16 143.248.116.253 (143.248.116.253) [AS1781/AS9318] 295 ms 296 ms 296 ms<br />
17 143.248.116.218 (143.248.116.218) [AS1781/AS9318] 296 ms 297 ms 296 ms<br />
18 iccweb.kaist.ac.kr (143.248.116.26) [AS1781/AS9318] 296 ms 296 ms 296 ms<br />
Slide 167 Laurent Toutain Filière 2
Traceroute<br />
BGP ◮ AS Peering<br />
# traceroute -A www.icu.ac.kr<br />
traceroute to www.icu.ac.kr (143.248.116.26), 64 hops max, 40 byte packets<br />
1 mgs-c5.ipv6.rennes.enst-bretagne.fr (192.108.119.190) [AS2200] 0 ms 0 ms 0 ms<br />
2 * * *<br />
3 te4-1-caen-rtr-021.noc.renater.fr (193.51.189.54) [AS2200] [MPLS: Label 227 Exp 0] 7 ms 7 ms 7 ms<br />
4 te4-1-rouen-rtr-021.noc.renater.fr (193.51.189.46) [AS2200] [MPLS: Label 348 Exp 0] 7 ms 7 ms 7 ms<br />
5 te0-0-0-1-paris1-rtr-001.noc.renater.fr (193.51.189.49) [AS2200] 42 ms 7 ms 7 ms<br />
6 renater.rt1.par.fr.geant2.net (62.40.124.69) [AS20965] 7 ms 7 ms 7 ms<br />
7 so-3-0-0.rt1.lon.uk.geant2.net (62.40.112.106) [AS20965] 14 ms 14 ms 14 ms<br />
8 so-2-0-0.rt1.ams.nl.geant2.net (62.40.112.137) [AS20965] 22 ms 22 ms 25 ms<br />
9 xe-2-3-0.102.rtr.newy32aoa.net.internet2.edu (198.32.11.50) [] 106 ms 106 ms 106 ms<br />
10 ge-0-0-0.0.rtr.chic.net.internet2.edu (64.57.28.72) [] 133 ms 144 ms 133 ms<br />
11 kreonet2-abilene.kreonet.net (134.75.108.45) [AS1237] 188 ms 188 ms 188 ms<br />
12KOREA<br />
134.75.108.209 (134.75.108.209) [AS1237] 303 ms 302 ms 302 ms<br />
13 supersiren.kreonet.net (134.75.20.20) [AS1237/AS9318] 302 ms 302 ms 302 ms<br />
14 kaist-gw.kaist.ac.kr (143.248.119.1) [AS1781/AS9318] 295 ms 295 ms 295 ms<br />
15 143.248.119.85 (143.248.119.85) [AS1781/AS9318] 295 ms 295 ms 295 ms<br />
16 143.248.116.253 (143.248.116.253) [AS1781/AS9318] 295 ms 296 ms 296 ms<br />
17 143.248.116.218 (143.248.116.218) [AS1781/AS9318] 296 ms 297 ms 296 ms<br />
18 iccweb.kaist.ac.kr (143.248.116.26) [AS1781/AS9318] 296 ms 296 ms 296 ms<br />
Slide 167 Laurent Toutain Filière 2
Traceroute<br />
BGP ◮ AS Peering<br />
# traceroute -A www.icu.ac.kr<br />
traceroute to www.icu.ac.kr (143.248.116.26), 64 hops max, 40 byte packets<br />
1 mgs-c5.ipv6.rennes.enst-bretagne.fr (192.108.119.190) [AS2200] 0 ms 0 ms 0 ms<br />
2 * * *<br />
3 te4-1-caen-rtr-021.noc.renater.fr (193.51.189.54) [AS2200] [MPLS: Label 227 Exp 0] 7 ms 7 ms 7 ms<br />
4 te4-1-rouen-rtr-021.noc.renater.fr (193.51.189.46) [AS2200] [MPLS: Label 348 Exp 0] 7 ms 7 ms 7 ms<br />
5 te0-0-0-1-paris1-rtr-001.noc.renater.fr (193.51.189.49) [AS2200] 42 ms 7 ms 7 ms<br />
6 renater.rt1.par.fr.geant2.net (62.40.124.69) [AS20965] 7 ms 7 ms 7 ms<br />
7 so-3-0-0.rt1.lon.uk.geant2.net (62.40.112.106) [AS20965] 14 ms 14 ms 14 ms<br />
8 so-2-0-0.rt1.ams.nl.geant2.net (62.40.112.137) [AS20965] 22 ms 22 ms 25 ms<br />
9 xe-2-3-0.102.rtr.newy32aoa.net.internet2.edu (198.32.11.50) [] 106 ms 106 ms 106 ms<br />
10 ge-0-0-0.0.rtr.chic.net.internet2.edu (64.57.28.72) [] 133 ms 144 ms 133 ms<br />
11 kreonet2-abilene.kreonet.net (134.75.108.45) [AS1237] 188 ms 188 ms 188 ms<br />
12 134.75.108.209 (134.75.108.209) [AS1237] 303 ms 302 ms 302 ms<br />
13 supersiren.kreonet.net (134.75.20.20) [AS1237/AS9318] 302 ms 302 ms 302 ms<br />
14 kaist-gw.kaist.ac.kr (143.248.119.1) [AS1781/AS9318] 295 ms 295 ms 295 ms<br />
15 143.248.119.85 (143.248.119.85) [AS1781/AS9318] 295 ms 295 ms 295 ms<br />
16KAIST/ICU<br />
143.248.116.253 (143.248.116.253) [AS1781/AS9318] 295 ms 296 ms 296 ms<br />
17 143.248.116.218 (143.248.116.218) [AS1781/AS9318] 296 ms 297 ms 296 ms<br />
18 iccweb.kaist.ac.kr (143.248.116.26) [AS1781/AS9318] 296 ms 296 ms 296 ms<br />
Slide 167 Laurent Toutain Filière 2
Traceroute<br />
BGP ◮ AS Peering<br />
# traceroute -A www.icu.ac.kr<br />
traceroute to www.icu.ac.kr (143.248.116.26), 64 hops max, 40 byte packets<br />
1 mgs-c5.ipv6.rennes.enst-bretagne.fr (192.108.119.190) [AS2200] 0 ms 0 ms 0 ms<br />
2 * * *<br />
3 te4-1-caen-rtr-021.noc.renater.fr (193.51.189.54) [AS2200] [MPLS: Label 227 Exp 0] 7 ms 7 ms 7 ms<br />
4 te4-1-rouen-rtr-021.noc.renater.fr (193.51.189.46) [AS2200] [MPLS: Label 348 Exp 0] 7 ms 7 ms 7 ms<br />
5 te0-0-0-1-paris1-rtr-001.noc.renater.fr (193.51.189.49) [AS2200] 42 ms 7 ms 7 ms<br />
6 renater.rt1.par.fr.geant2.net (62.40.124.69) [AS20965] 7 ms 7 ms 7 ms<br />
7 so-3-0-0.rt1.lon.uk.geant2.net (62.40.112.106) [AS20965] 14 ms 14 ms 14 ms<br />
8 so-2-0-0.rt1.ams.nl.geant2.net (62.40.112.137) [AS20965] 22 ms 22 ms 25 ms<br />
9 xe-2-3-0.102.rtr.newy32aoa.net.internet2.edu (198.32.11.50) [] 106 ms 106 ms 106 ms<br />
10 ge-0-0-0.0.rtr.chic.net.internet2.edu (64.57.28.72) [] 133 ms 144 ms 133 ms<br />
11 kreonet2-abilene.kreonet.net (134.75.108.45) [AS1237] 188 ms 188 ms 188 ms<br />
12 134.75.108.209 (134.75.108.209) [AS1237] 303 ms 302 ms 302 ms<br />
13 supersiren.kreonet.net (134.75.20.20) [AS1237/AS9318] 302 ms 302 ms 302 ms<br />
14 kaist-gw.kaist.ac.kr (143.248.119.1) [AS1781/AS9318] 295 ms 295 ms 295 ms<br />
15 143.248.119.85 (143.248.119.85) [AS1781/AS9318] 295 ms 295 ms 295 ms<br />
16 143.248.116.253 (143.248.116.253) [AS1781/AS9318] 295 ms 296 ms 296 ms<br />
17 143.248.116.218 (143.248.116.218) [AS1781/AS9318] 296 ms 297 ms 296 ms<br />
18 iccweb.kaist.ac.kr (143.248.116.26) [AS1781/AS9318] 296 ms 296 ms 296 ms<br />
Europe USA Korea<br />
Slide 167 Laurent Toutain Filière 2
BGP<br />
Border Gateway Protocol
MP-BGP<br />
BGP ◮ Border Gateway Protocol<br />
<br />
BGP: Border Gateway Protocol (RFC 4271)<br />
•<br />
Version 4 supports CIDR<br />
•<br />
MP-BGP (RFC 4760) is a smooth evolution to support IPv6,<br />
MPLS, Multicast, VPN, ...<br />
<br />
Based on TCP (port 179) to exchange information<br />
•<br />
point-to-point<br />
•<br />
reliable exchange<br />
<br />
Four types of messages<br />
•<br />
OPEN<br />
− Agree on values such as ASN<br />
− MP-BGP defines capabilites<br />
•<br />
UPDATE: Prefix add or withdraw<br />
•<br />
NOTIFICATION: Error messages<br />
•<br />
KEEPALIVE: Periodically sent<br />
Slide 169 Laurent Toutain Filière 2
Principles<br />
BGP ◮ Border Gateway Protocol<br />
BGP<br />
BGP<br />
BGP<br />
BGP<br />
BGP<br />
Slide 170 Laurent Toutain Filière 2
Principles<br />
BGP ◮ Border Gateway Protocol<br />
BGP<br />
BGP<br />
PE<br />
PE<br />
BGP<br />
P<br />
P<br />
PE<br />
PE<br />
BGP<br />
BGP<br />
Slide 170 Laurent Toutain Filière 2
Principles<br />
BGP ◮ Border Gateway Protocol<br />
eBGP<br />
eBGP<br />
PE<br />
PE<br />
BGP<br />
iBGP<br />
P<br />
P<br />
PE<br />
PE<br />
eBGP<br />
eBGP<br />
Slide 170 Laurent Toutain Filière 2
Principles<br />
BGP ◮ Border Gateway Protocol<br />
eBGP<br />
eBGP<br />
PE<br />
External BGP:<br />
Same link (prefix)<br />
different ASN<br />
PE<br />
BGP<br />
iBGP<br />
P<br />
Internal BGP: different<br />
links (prefixes)<br />
same ASN<br />
P<br />
PE<br />
PE<br />
eBGP<br />
eBGP<br />
Internal routers<br />
just forward iBGP<br />
packets, does not<br />
analyze content<br />
Full mesh; TCP connection with other border<br />
routerst<br />
Slide 170 Laurent Toutain Filière 2
Principles<br />
BGP ◮ Border Gateway Protocol<br />
eBGP<br />
eBGP<br />
PE<br />
PE<br />
BGP<br />
iBGP<br />
P<br />
P<br />
PE<br />
PE<br />
eBGP<br />
eBGP<br />
RIB<br />
FIB<br />
Slide 170 Laurent Toutain Filière 2
Principles<br />
BGP ◮ Border Gateway Protocol<br />
α eBGP<br />
eBGP<br />
BGP<br />
iBGP<br />
eBGP<br />
eBGP<br />
RIB<br />
FIB<br />
Slide 170 Laurent Toutain Filière 2
Principles<br />
BGP ◮ Border Gateway Protocol<br />
α eBGP<br />
eBGP<br />
α<br />
BGP<br />
iBGP<br />
eBGP<br />
eBGP<br />
α<br />
RIB<br />
α<br />
FIB<br />
Slide 170 Laurent Toutain Filière 2
Principles<br />
BGP ◮ Border Gateway Protocol<br />
α eBGP<br />
eBGP<br />
α<br />
α<br />
BGP<br />
iBGP<br />
α<br />
α<br />
eBGP<br />
eBGP<br />
α<br />
α<br />
α<br />
α<br />
RIB<br />
α<br />
α<br />
α<br />
FIB<br />
Slide 170 Laurent Toutain Filière 2
Principles<br />
BGP ◮ Border Gateway Protocol<br />
α eBGP<br />
eBGP<br />
α<br />
α<br />
BGP<br />
iBGP<br />
α<br />
α<br />
eBGP<br />
eBGP<br />
α<br />
α<br />
α<br />
α<br />
RIB<br />
α<br />
α<br />
α<br />
α<br />
α<br />
α<br />
FIB<br />
α<br />
α<br />
Slide 170 Laurent Toutain Filière 2
Principles<br />
BGP ◮ Border Gateway Protocol<br />
α eBGP<br />
eBGP<br />
α<br />
α<br />
BGP<br />
iBGP<br />
α<br />
α<br />
eBGP<br />
eBGP<br />
α<br />
α<br />
α<br />
α<br />
RIB<br />
α<br />
α<br />
α<br />
α<br />
α<br />
α<br />
FIB<br />
α<br />
α<br />
Slide 170 Laurent Toutain Filière 2
Principles<br />
BGP ◮ Border Gateway Protocol<br />
α eBGP<br />
eBGP<br />
α<br />
α<br />
BGP<br />
iBGP<br />
α<br />
α<br />
eBGP<br />
eBGP<br />
External routes<br />
α<br />
cannot be injected RIB<br />
from IGP to BGP<br />
since BGP at-tributes<br />
are lost.<br />
α<br />
α<br />
FIB<br />
α<br />
α<br />
α<br />
α<br />
α<br />
α<br />
α<br />
α<br />
Slide 170 Laurent Toutain Filière 2
BGP configuration example<br />
BGP ◮ Border Gateway Protocol<br />
router bgp 65102<br />
neighbor 205.27.12.254 remote-as 2200<br />
Slide 171 Laurent Toutain Filière 2
BGP configuration example<br />
BGP ◮ Border Gateway Protocol<br />
router bgp 65102<br />
neighbor 205.27.12.254 remote-as 2200<br />
Local ASN<br />
(private)<br />
Remote IP<br />
address<br />
Remote ASN<br />
(public)<br />
Slide 171 Laurent Toutain Filière 2
BGP configuration example<br />
BGP ◮ Border Gateway Protocol<br />
router bgp 65102<br />
neighbor 205.27.12.254 remote-as 2200<br />
Local ASN<br />
(private)<br />
Remote IP<br />
address<br />
Remote ASN<br />
(public)<br />
Local ASN ≠ Remote ASN ⇒ eBGP<br />
Slide 171 Laurent Toutain Filière 2
Loopback address<br />
BGP ◮ Border Gateway Protocol<br />
<br />
<br />
<br />
<br />
<br />
<br />
BGP uses TCP<br />
Both peers need to configure other end address<br />
A router may have several interfaces<br />
if one interface is down, some iBGP peers may have to be<br />
configured again<br />
loopback address is used to give an address to the router (not<br />
to the interface).<br />
loopback addresses are announced on IGP<br />
Slide 172 Laurent Toutain Filière 2
Loopback address<br />
BGP ◮ Border Gateway Protocol<br />
δ.1<br />
γ.1<br />
AS<br />
β.1<br />
α.1<br />
Slide 173 Laurent Toutain Filière 2
Loopback address<br />
BGP ◮ Border Gateway Protocol<br />
δ.1<br />
γ.1<br />
AS<br />
β.1<br />
α.1<br />
router bgp 1234<br />
neighbor δ.1 remote-as 1234<br />
Slide 173 Laurent Toutain Filière 2
Loopback address<br />
BGP ◮ Border Gateway Protocol<br />
γ.1<br />
AS<br />
δ.1<br />
β.1<br />
ɛ.2<br />
ɛ.1<br />
α.1<br />
router bgp 1234<br />
neighbor ɛ.1 remote-as 1234<br />
Slide 173 Laurent Toutain Filière 2
Loopback address<br />
BGP ◮ Border Gateway Protocol<br />
γ.1<br />
AS<br />
δ.1<br />
β.1<br />
ɛ.2<br />
ɛ.1<br />
α.1<br />
router bgp 1234<br />
neighbor ɛ.1 remote-as 1234<br />
Slide 173 Laurent Toutain Filière 2
BGP<br />
BGP Attributes
BGP attributes<br />
BGP ◮ BGP Attributes<br />
1 ORIGIN m.w. RFC 4271<br />
2 AS PATH m.w. RFC 4271<br />
3 NEXT HOP m.w. RFC 4271<br />
4 MULTI EXIT DISC o.t. RFC 4271<br />
5 LOCAL PREF w.o. RFC 4271<br />
6 ATOMIC AGGREGATE w.o. RFC 4271<br />
7 AGGREGATOR w.t. RFC 4271<br />
8 COMMUNITY o.t. RFC 1997<br />
9 ORIGINATOR ID o.t. RFC 4456<br />
10 CLUSTER LIST o.t. RFC 4456<br />
14 MP REACH NLRI o.t. RFC 4760<br />
15 MP UNREACH NLRI o.t. RFC 4760<br />
17 AS4 PATH o.t. RFC 4893<br />
18 AS4 AGGREGATOR o.t. RFC 4893<br />
Slide 175 Laurent Toutain Filière 2
BGP attributes<br />
BGP ◮ BGP Attributes<br />
1 ORIGIN m.w. RFC 4271<br />
2 AS PATH m.w. RFC 4271<br />
3 NEXT HOP m.w. RFC 4271<br />
4 MULTI EXIT DISC o.t. RFC 4271<br />
5 LOCAL PREF w.o. RFC 4271<br />
6 ATOMIC AGGREGATE w.o. RFC 4271<br />
7 AGGREGATOR w.t. RFC 4271<br />
8 COMMUNITY o.t. RFC 1997<br />
9 ORIGINATOR ID o.t. RFC 4456<br />
10 CLUSTER LIST o.t. RFC 4456<br />
14 MP REACH NLRI o.t. RFC 4760<br />
15 MP UNREACH NLRI o.t. RFC 4760<br />
17 AS4 PATH o.t. RFC 4893<br />
18 AS4 AGGREGATOR o.t. RFC 4893<br />
Slide 175 Laurent Toutain Filière 2
BGPv4 versus MP-BGP<br />
BGP ◮ BGP Attributes<br />
SYN<br />
ACK<br />
SYN ACK<br />
SYN<br />
ACK<br />
SYN ACK<br />
Slide 176 Laurent Toutain Filière 2
BGPv4 versus MP-BGP<br />
BGP ◮ BGP Attributes<br />
SYN<br />
ACK<br />
OPEN<br />
SYN ACK<br />
SYN<br />
ACK<br />
OPEN<br />
SYN ACK<br />
Slide 176 Laurent Toutain Filière 2
BGPv4 versus MP-BGP<br />
BGP ◮ BGP Attributes<br />
SYN<br />
ACK<br />
OPEN<br />
SYN ACK<br />
SYN<br />
ACK<br />
OPEN<br />
SYN ACK<br />
Check remote<br />
ASN value<br />
Check remote<br />
ASN value<br />
and negociate<br />
capabilities<br />
Slide 176 Laurent Toutain Filière 2
MP-BGP capabilities<br />
BGP ◮ BGP Attributes<br />
<br />
AFI : Address Family Identifier 1<br />
•<br />
1: IPv4<br />
•<br />
2: IPv6<br />
<br />
SAFI: Subsequent Address Family Identifiers 2<br />
•<br />
1: unicast<br />
•<br />
2: multicast<br />
•<br />
4: MPLS<br />
•<br />
65: Support for 4-octet ASN<br />
•<br />
67: BGP 4over6<br />
•<br />
68: BGP 6over4<br />
1 http://www.iana.org/assignments/address-family-numbers/address-family-numbers.xhtml<br />
2 http://www.iana.org/assignments/safi-namespace<br />
Slide 177 Laurent Toutain Filière 2
BGPv4 versus MP-BGP<br />
BGP ◮ BGP Attributes<br />
SYN<br />
ACK<br />
OPEN<br />
SYN ACK<br />
SYN<br />
ACK<br />
OPEN<br />
SYN ACK<br />
Slide 178 Laurent Toutain Filière 2
BGPv4 versus MP-BGP<br />
BGP ◮ BGP Attributes<br />
SYN<br />
ACK<br />
OPEN<br />
SYN ACK<br />
SYN<br />
ACK<br />
OPEN<br />
SYN ACK<br />
UPDATE<br />
Prefix Withdraw<br />
Path Attributes<br />
NLRI Added<br />
Slide 178 Laurent Toutain Filière 2
BGPv4 versus MP-BGP<br />
BGP ◮ BGP Attributes<br />
SYN<br />
ACK<br />
OPEN<br />
SYN ACK<br />
SYN<br />
ACK<br />
OPEN<br />
SYN ACK<br />
UPDATE<br />
IPv4<br />
Prefix Withdraw<br />
Path Attributes<br />
IPv4<br />
NLRI Added<br />
Slide 178 Laurent Toutain Filière 2
BGPv4 versus MP-BGP<br />
BGP ◮ BGP Attributes<br />
SYN<br />
ACK<br />
OPEN<br />
SYN ACK<br />
SYN<br />
ACK<br />
OPEN<br />
SYN ACK<br />
UPDATE<br />
UPDATE<br />
IPv4<br />
Prefix Withdraw<br />
Path Attributes<br />
IPv4<br />
NLRI Added<br />
MP UNREACH NLR<br />
AFI<br />
SAFI<br />
Withdraw routes<br />
MP REACH NLR<br />
AFI<br />
SAFI<br />
Next Hop<br />
NLRI<br />
∅<br />
Path Attributes<br />
∅<br />
Slide 178 Laurent Toutain Filière 2
BGP attributes<br />
BGP ◮ BGP Attributes<br />
1 ORIGIN m.w. RFC 4271<br />
2 AS PATH m.w. RFC 4271<br />
3 NEXT HOP m.w. RFC 4271<br />
4 MULTI EXIT DISC o.t. RFC 4271<br />
5 LOCAL PREF w.o. RFC 4271<br />
6 ATOMIC AGGREGATE w.o. RFC 4271<br />
7 AGGREGATOR w.t. RFC 4271<br />
8 COMMUNITY o.t. RFC 1997<br />
9 ORIGINATOR ID o.t. RFC 4456<br />
10 CLUSTER LIST o.t. RFC 4456<br />
14 MP REACH NLRI o.t. RFC 4760<br />
15 MP UNREACH NLRI o.t. RFC 4760<br />
17 AS4 PATH o.t. RFC 4893<br />
18 AS4 AGGREGATOR o.t. RFC 4893<br />
Slide 179 Laurent Toutain Filière 2
AS PATH and ORIGIN<br />
BGP ◮ BGP Attributes<br />
<br />
<br />
<br />
<br />
Every AS add its ASN in the AS PATH<br />
Used to detect loops<br />
•<br />
can not work for iBGP since the ASN remains the same<br />
AS PATH length is also used to select best annoucement<br />
•<br />
the shorter, the best<br />
•<br />
this metric does not take into account either the number of<br />
routers nor the links quality (bandwidth, ...)<br />
•<br />
An AS may add several time its ASN to tell that the route<br />
should not be selected (backup)<br />
•<br />
Other policies may be used to select appropriate route<br />
ORIGIN tells how the route was injected into BGP<br />
•<br />
IGP=BGP, EGP (obsolete), unknown<br />
•<br />
Mainly used during EGP/BGP transition.<br />
Slide 180 Laurent Toutain Filière 2
AS PATH<br />
BGP ◮ BGP Attributes<br />
AS A<br />
AS X AS Y AS Z<br />
AS B<br />
Slide 181 Laurent Toutain Filière 2
AS PATH<br />
BGP ◮ BGP Attributes<br />
AS<br />
α<br />
A<br />
α : {A}<br />
AS X AS Y AS Z<br />
AS B<br />
Slide 181 Laurent Toutain Filière 2
AS PATH<br />
BGP ◮ BGP Attributes<br />
α : {A}<br />
AS<br />
α<br />
A<br />
α : {A, X}<br />
α : {A, X}<br />
AS X AS Y AS Z<br />
AS B<br />
Slide 181 Laurent Toutain Filière 2
AS PATH<br />
BGP ◮ BGP Attributes<br />
α : {A}<br />
AS<br />
α<br />
A<br />
α : {A, X}<br />
α : {A, X}<br />
α : {A, X, Y}<br />
AS X AS Y AS Z<br />
α : {A, X, Z}<br />
α : {A, X, Y}<br />
α : {A, X, Z}<br />
AS B<br />
Slide 181 Laurent Toutain Filière 2
AS PATH<br />
BGP ◮ BGP Attributes<br />
α : {A}<br />
AS<br />
α<br />
A<br />
α : {A, X, Y, Z}<br />
α : {A, X}<br />
α : {A, X}<br />
α : {A, X, Y}<br />
AS X AS Y AS Z<br />
α : {A, X, Z, Y}<br />
α : {A, X, Z}<br />
α : {A, X, Y}<br />
α : {A, X, Z, Y}<br />
α : {A, X, Z}<br />
α : {A, X, Y, Z}<br />
AS B<br />
Slide 181 Laurent Toutain Filière 2
Example from Canada (edited)<br />
BGP ◮ BGP Attributes<br />
route-views.optus.net.au>sh ip bgp 192.108.119.0<br />
BGP routing table entry for 192.108.119.0/24, version 25940801<br />
Paths: (3 available, best #2, table Default-IP-Routing-Table)<br />
Not advertised to any peer<br />
7474 7473 1273 2200<br />
203.13.132.53 from 203.13.132.53 (172.26.32.13)<br />
Origin IGP, localpref 100, valid, external<br />
7473 1273 2200<br />
202.160.242.71 from 202.160.242.71 (202.160.242.71)<br />
Origin IGP, localpref 100, valid, external, best<br />
7474 7473 1273 2200<br />
203.13.132.35 from 203.13.132.35 (172.26.32.42)<br />
Origin IGP, localpref 100, valid, external<br />
Slide 182 Laurent Toutain Filière 2
Example from Canada (edited)<br />
BGP ◮ BGP Attributes<br />
AS PATH NEXT HOP ORIGIN<br />
route-views.optus.net.au>sh ip bgp 192.108.119.0<br />
BGP routing table entry for 192.108.119.0/24, version 25940801<br />
Paths: (3 available, best #2, table Default-IP-Routing-Table)<br />
Not advertised to any peer<br />
7474 7473 1273 2200<br />
203.13.132.53 from 203.13.132.53 (172.26.32.13)<br />
Origin IGP, localpref 100, valid, external<br />
7473 1273 2200<br />
202.160.242.71 from 202.160.242.71 (202.160.242.71)<br />
Origin IGP, localpref 100, valid, external, best<br />
7474 7473 1273 2200<br />
203.13.132.35 from 203.13.132.35 (172.26.32.42)<br />
Origin IGP, localpref 100, valid, external<br />
Slide 182 Laurent Toutain Filière 2
Example from Canada (edited)<br />
BGP ◮ BGP Attributes<br />
AS PATH NEXT HOP ORIGIN<br />
route-views.optus.net.au>sh ip bgp 192.108.119.0<br />
BGP routing table entry for 192.108.119.0/24, version 25940801<br />
Paths: (3 available, best #2, table Default-IP-Routing-Table)<br />
Not advertised to any peer<br />
7474 7473 1273 2200<br />
203.13.132.53 from 203.13.132.53 (172.26.32.13)<br />
Origin IGP, localpref 100, valid, external<br />
7473 1273 2200 Cable & Wireless RENATER<br />
202.160.242.71 from 202.160.242.71 (202.160.242.71)<br />
Origin IGP, localpref 100, valid, external, best<br />
7474 7473 1273 2200<br />
203.13.132.35 from 203.13.132.35 (172.26.32.42)<br />
Origin IGP, localpref 100, valid, external<br />
Optus Communications Singapore Telecommunications<br />
Slide 182 Laurent Toutain Filière 2
Example from Canada (edited)<br />
BGP ◮ BGP Attributes<br />
Shortest AS PATH selected<br />
route-views.optus.net.au>sh ip bgp 192.108.119.0<br />
BGP routing table entry for 192.108.119.0/24, version 25940801<br />
Paths: (3 available, best #2, table Default-IP-Routing-Table)<br />
Not advertised to any peer<br />
7474 7473 1273 2200 Shortest AS PATH selected<br />
203.13.132.53 from 203.13.132.53 (172.26.32.13)<br />
Origin IGP, localpref 100, valid, external<br />
7473 1273 2200<br />
202.160.242.71 from 202.160.242.71 (202.160.242.71)<br />
Origin IGP, localpref 100, valid, external, best<br />
7474 7473 1273 2200<br />
203.13.132.35 from 203.13.132.35 (172.26.32.42)<br />
Origin IGP, localpref 100, valid, external<br />
Slide 182 Laurent Toutain Filière 2
BGP attributes<br />
BGP ◮ BGP Attributes<br />
1 ORIGIN m.w. RFC 4271<br />
2 AS PATH m.w. RFC 4271<br />
3 NEXT HOP m.w. RFC 4271<br />
4 MULTI EXIT DISC o.t. RFC 4271<br />
5 LOCAL PREF w.o. RFC 4271<br />
6 ATOMIC AGGREGATE w.o. RFC 4271<br />
7 AGGREGATOR w.t. RFC 4271<br />
8 COMMUNITY o.t. RFC 1997<br />
9 ORIGINATOR ID o.t. RFC 4456<br />
10 CLUSTER LIST o.t. RFC 4456<br />
14 MP REACH NLRI o.t. RFC 4760<br />
15 MP UNREACH NLRI o.t. RFC 4760<br />
17 AS4 PATH o.t. RFC 4893<br />
18 AS4 AGGREGATOR o.t. RFC 4893<br />
Slide 183 Laurent Toutain Filière 2
MULTI EXIT DISC and LOCAL PREF<br />
BGP ◮ BGP Attributes<br />
<br />
<br />
<br />
MULTI EXIT DISC is used to signal another as which BGP<br />
peering is the best<br />
•<br />
used between two ASes<br />
•<br />
the smaller, the better<br />
LOCAL PREF is used inside an AS to assign a cost to a NRLI<br />
•<br />
used internally<br />
•<br />
the higher, the better<br />
Duplication of ASN in AS PATH can also be used to make<br />
alternative path less attractive.<br />
•<br />
preferences can be propagated on all ASes in the AS PATH.<br />
Slide 184 Laurent Toutain Filière 2
MULTI EXIT DISC<br />
BGP ◮ BGP Attributes<br />
AS A<br />
AS X AS Y AS Z<br />
AS B<br />
Slide 185 Laurent Toutain Filière 2
MULTI EXIT DISC<br />
BGP ◮ BGP Attributes<br />
AS A<br />
AS X AS Y AS Z<br />
MED=10<br />
MED=20<br />
AS B<br />
Slide 185 Laurent Toutain Filière 2
MULTI EXIT DISC<br />
BGP ◮ BGP Attributes<br />
AS A<br />
AS X AS Y AS Z<br />
MED=10<br />
MED=20<br />
AS B<br />
Slide 185 Laurent Toutain Filière 2
MULTI EXIT DISC<br />
BGP ◮ BGP Attributes<br />
AS A<br />
MED=5<br />
AS X AS Y AS Z<br />
MED=10<br />
AS B<br />
MED=20<br />
MED=5<br />
Slide 185 Laurent Toutain Filière 2
MULTI EXIT DISC<br />
BGP ◮ BGP Attributes<br />
AS A<br />
MED=5<br />
AS X AS Y AS Z<br />
MED=10<br />
AS B<br />
MED=20<br />
MED=5<br />
Slide 185 Laurent Toutain Filière 2
MULTI EXIT DISC<br />
BGP ◮ BGP Attributes<br />
AS A<br />
AS PATH is longer {Z, B }. MED is<br />
used only with the same AS PATH.<br />
MED=5<br />
AS X AS Y AS Z<br />
MED=10<br />
AS B<br />
MED=20<br />
MED=5<br />
Slide 185 Laurent Toutain Filière 2
LOCAL PREF<br />
BGP ◮ BGP Attributes<br />
α : . . . LOCAL PREF=10<br />
α : . . . LOCAL PREF=20<br />
AS A<br />
AS B<br />
AS X AS Y AS Z<br />
α : . . . LOCAL PREF=30<br />
AS B<br />
Slide 185 Laurent Toutain Filière 2
LOCAL PREF<br />
BGP ◮ BGP Attributes<br />
α : . . . LOCAL PREF=10<br />
α : . . . LOCAL PREF=20<br />
AS A<br />
AS B<br />
IGP<br />
AS X AS Y AS Z<br />
α : . . . LOCAL PREF=30<br />
AS B<br />
Slide 185 Laurent Toutain Filière 2
LOCAL PREF<br />
BGP ◮ BGP Attributes<br />
α : . . . LOCAL PREF=10<br />
α : . . . LOCAL PREF=20<br />
AS A<br />
AS B<br />
IGP<br />
AS X AS Y AS Z<br />
α : . . . LOCAL PREF=30<br />
α : . . . AS PATH={B, Z, ...}<br />
AS B<br />
Slide 185 Laurent Toutain Filière 2
AS PATH<br />
BGP ◮ BGP Attributes<br />
AS A<br />
AS X AS Y AS Z<br />
AS B wants traffic going through AS Z<br />
AS B<br />
β<br />
Slide 185 Laurent Toutain Filière 2
AS PATH<br />
BGP ◮ BGP Attributes<br />
AS A<br />
AS X AS Y AS Z<br />
β : B, B, B<br />
β : B<br />
AS B<br />
β<br />
Slide 185 Laurent Toutain Filière 2
AS PATH<br />
BGP ◮ BGP Attributes<br />
AS A<br />
β : Z, B<br />
AS X AS Y AS Z<br />
β : B, B, B<br />
β : B<br />
AS B<br />
β<br />
Slide 185 Laurent Toutain Filière 2
AS PATH<br />
BGP ◮ BGP Attributes<br />
AS A<br />
β : X, Y, Z, B<br />
β : Y, Z, B<br />
β : Y, Z, B<br />
β : Z, B<br />
AS X AS Y AS Z<br />
β : B, B, B<br />
β : B<br />
AS B<br />
β<br />
Slide 185 Laurent Toutain Filière 2
BGP attributes<br />
BGP ◮ BGP Attributes<br />
1 ORIGIN m.w. RFC 4271<br />
2 AS PATH m.w. RFC 4271<br />
3 NEXT HOP m.w. RFC 4271<br />
4 MULTI EXIT DISC o.t. RFC 4271<br />
5 LOCAL PREF w.o. RFC 4271<br />
6 ATOMIC AGGREGATE w.o. RFC 4271<br />
7 AGGREGATOR w.t. RFC 4271<br />
8 COMMUNITY o.t. RFC 1997<br />
9 ORIGINATOR ID o.t. RFC 4456<br />
10 CLUSTER LIST o.t. RFC 4456<br />
14 MP REACH NLRI o.t. RFC 4760<br />
15 MP UNREACH NLRI o.t. RFC 4760<br />
17 AS4 PATH o.t. RFC 4893<br />
18 AS4 AGGREGATOR o.t. RFC 4893<br />
Slide 186 Laurent Toutain Filière 2
Community<br />
BGP ◮ BGP Attributes<br />
<br />
<br />
<br />
Initially developed to facilitate identification of a group of<br />
prefixes<br />
•<br />
the same Community attribute is used to identify this group<br />
•<br />
peer just has to look for this attribute to select processing<br />
Some behaviors have been standardized<br />
•<br />
NO EXPORT (0xFFFFFF01)<br />
•<br />
NO ADVERTISE (0xFFFFFF02)<br />
•<br />
NO EXPORT SUBCONFED (0xFFFFFF03)<br />
Providers can develop their own community attribute<br />
•<br />
ASN:xxxx where xxxx is defined by provider<br />
•<br />
For 32 byte ASN, see RFC 4360.<br />
•<br />
can be used either to<br />
− add information about the processing (ISP → site) or<br />
− to control how announcement is processed (ISP ← site)<br />
Slide 187 Laurent Toutain Filière 2
Example from Level3<br />
BGP ◮ BGP Attributes<br />
smalBGP routing table entry for 192.108.119.0/24, version 58656980<br />
Paths: (3 available, best #1, table Default-IP-Routing-Table)<br />
Advertised to peer-groups:<br />
INTERNAL<br />
1273 2200<br />
195.66.224.182 from 195.66.224.182 (195.2.1.105)<br />
Origin IGP, metric 0, localpref 100, valid, external, best<br />
Community: 1273:12250 2200:1000 2200:2200 5459:1 5459:60<br />
1273 2200, (received-only)<br />
195.66.224.182 from 195.66.224.182 (195.2.1.105)<br />
Origin IGP, metric 0, localpref 100, valid, external<br />
Community: 1273:12250 2200:1000 2200:2200<br />
1273 2200<br />
195.66.226.182 (metric 2) from 195.66.232.239 (195.66.232.239)<br />
Origin IGP, metric 0, localpref 100, valid, internal<br />
Community: 1273:12250 2200:1000 2200:2200 5459:3 5459:60<br />
Slide 188 Laurent Toutain Filière 2
Example from Level3<br />
BGP ◮ BGP Attributes<br />
smalBGP routing table entry for 192.108.119.0/24, version 58656980<br />
Paths: (3 available, best #1, table Default-IP-Routing-Table)<br />
Advertised to peer-groups:<br />
INTERNAL<br />
1273 2200<br />
195.66.224.182 from 195.66.224.182 (195.2.1.105)<br />
Origin IGP, metric 0, localpref 100, valid, external, best<br />
Community: 1273:12250 2200:1000 2200:2200 5459:1 5459:60<br />
1273 2200, (received-only)<br />
195.66.224.182 See http://www.cw.net/<br />
from 195.66.224.182 (195.2.1.105)<br />
Origin IGP, outcommunities.shtml:<br />
metric 0, localpref 100, valid, external<br />
Community: This format 1273:12250 is 1273:SRCCC 2200:1000 2200:2200<br />
1273 2200 S=1 customer route R=2 Europe<br />
250=France (metric 2) from 195.66.232.239 (195.66.232.239)<br />
195.66.226.182<br />
Origin IGP, metric 0, localpref 100, valid, internal<br />
Community: 1273:12250 2200:1000 2200:2200 5459:3 5459:60<br />
Slide 188 Laurent Toutain Filière 2
Example: Community Attribute<br />
BGP ◮ BGP Attributes<br />
AS A<br />
β : X, Y, Z, B<br />
β : Y, Z, B<br />
β : Y, Z, B<br />
2<br />
β : Z, B<br />
AS X 1 AS Y 3 AS Z<br />
4<br />
β : B, B, B<br />
β : B<br />
AS B<br />
β<br />
Slide 189 Laurent Toutain Filière 2
Example: Community Attribute<br />
BGP ◮ BGP Attributes<br />
AS A<br />
AS B does not want this link<br />
β : X, Y, Z, B<br />
β : Y, Z, B<br />
β : Y, Z, B<br />
2<br />
β : Z, B<br />
AS X 1 AS Y 3 AS Z<br />
4<br />
β : B, B, B<br />
β : B<br />
AS B<br />
β<br />
AS Y defines community Y:1<br />
to expand Y on path 1 and<br />
Y:2 to expand on path 2,...<br />
Slide 189 Laurent Toutain Filière 2
Example: Community Attribute<br />
BGP ◮ BGP Attributes<br />
AS A<br />
2<br />
β : Z, B<br />
AS X 1 AS Y 3 AS Z<br />
4<br />
C(Y:2)<br />
β : B, B, B<br />
C(Y:2)<br />
AS B<br />
β<br />
β : B<br />
C(Y:2)<br />
Slide 189 Laurent Toutain Filière 2
Example: Community Attribute<br />
BGP ◮ BGP Attributes<br />
AS A<br />
β : X, Y, Z, B<br />
β : Y, Y, Y, Z, B<br />
β : Y, Z, B<br />
2<br />
β : Z, B<br />
AS X 1 AS Y 3 AS Z<br />
4<br />
C(Y:2)<br />
β : B, B, B<br />
C(Y:2)<br />
AS B<br />
β<br />
β : B<br />
C(Y:2)<br />
Slide 189 Laurent Toutain Filière 2
BGP attributes<br />
BGP ◮ BGP Attributes<br />
1 ORIGIN m.w. RFC 4271<br />
2 AS PATH m.w. RFC 4271<br />
3 NEXT HOP m.w. RFC 4271<br />
4 MULTI EXIT DISC o.t. RFC 4271<br />
5 LOCAL PREF w.o. RFC 4271<br />
6 ATOMIC AGGREGATE w.o. RFC 4271<br />
7 AGGREGATOR w.t. RFC 4271<br />
8 COMMUNITY o.t. RFC 1997<br />
9 ORIGINATOR ID o.t. RFC 4456<br />
10 CLUSTER LIST o.t. RFC 4456<br />
14 MP REACH NLRI o.t. RFC 4760<br />
15 MP UNREACH NLRI o.t. RFC 4760<br />
17 AS4 PATH o.t. RFC 4893<br />
18 AS4 AGGREGATOR o.t. RFC 4893<br />
Slide 190 Laurent Toutain Filière 2
TELECOM Bretagne’s prefixes<br />
BGP ◮ BGP Attributes<br />
route-server-east.gt.ca>sh ip bgp 192.108.119.0<br />
BGP routing table entry for 192.108.119.0/24, version 171516980<br />
Paths: (2 available, best #1, table Default-IP-Routing-Table)<br />
Not advertised to any peer<br />
1273 2200<br />
66.59.190.227 from 66.59.190.227 (66.59.190.227)<br />
Origin IGP, metric 0, localpref 110, valid, internal, best<br />
Community: 6539:3 6539:305 6539:520 6539:1400<br />
route-server-east.gt.ca>sh ip bgp 193.52.74.0<br />
BGP routing table entry for 193.52.0.0/16, version 171516968<br />
Paths: (2 available, best #1, table Default-IP-Routing-Table)<br />
Not advertised to any peer<br />
1273 2200, (aggregated by 2200 193.51.178.10)<br />
66.59.190.227 from 66.59.190.227 (66.59.190.227)<br />
Origin IGP, metric 0, localpref 110, valid, internal, atomic-aggregate, best<br />
Community: 6539:3 6539:305 6539:520 6539:1400<br />
...<br />
...<br />
Slide 191 Laurent Toutain Filière 2
TELECOM Bretagne’s prefixes<br />
BGP ◮ BGP Attributes<br />
route-server-east.gt.ca>sh ip bgp 192.108.119.0<br />
BGP routing table entry for 192.108.119.0/24, version 171516980<br />
Paths: (2 available, best #1, table Default-IP-Routing-Table)<br />
Not advertised to any peer<br />
1273 2200<br />
66.59.190.227 from 66.59.190.227 (66.59.190.227)<br />
Origin IGP, metric 0, localpref 110, valid, internal, best<br />
Community: 6539:3 6539:305 6539:520 6539:1400<br />
Prefix allocated before<br />
1994, belongs to TELE-<br />
COM Bretagne<br />
As is in routing table<br />
route-server-east.gt.ca>sh ip bgp 193.52.74.0<br />
BGP routing table entry for 193.52.0.0/16, version 171516968<br />
Paths: (2 available, best #1, table Default-IP-Routing-Table)<br />
Not advertised to any peer<br />
1273 2200, (aggregated by 2200 193.51.178.10)<br />
66.59.190.227 from 66.59.190.227 (66.59.190.227)<br />
Origin IGP, metric 0, localpref 110, valid, internal, atomic-aggregate, best<br />
Community: 6539:3 6539:305 6539:520 6539:1400<br />
...<br />
...<br />
Slide 191 Laurent Toutain Filière 2
TELECOM Bretagne’s prefixes<br />
BGP ◮ BGP Attributes<br />
route-server-east.gt.ca>sh ip bgp 192.108.119.0<br />
BGP routing table entry for 192.108.119.0/24, version 171516980<br />
Paths: (2 available, best #1, table Default-IP-Routing-Table)<br />
Not advertised to any peer<br />
1273 2200<br />
66.59.190.227 from 66.59.190.227 (66.59.190.227)<br />
Origin IGP, metric 0, localpref 110, valid, internal, best<br />
Community: 6539:3 6539:305 6539:520 6539:1400<br />
route-server-east.gt.ca>sh ip bgp 193.52.74.0<br />
BGP routing table entry for 193.52.0.0/16, version 171516968<br />
Paths: (2 available, best #1, table Default-IP-Routing-Table)<br />
Not advertised to any peer<br />
1273 2200, (aggregated by 2200 193.51.178.10)<br />
66.59.190.227 from 66.59.190.227 (66.59.190.227)<br />
Origin IGP, metric 0, localpref 110, valid, internal, atomic-aggregate, best<br />
Community: 6539:3 6539:305 6539:520 6539:1400<br />
...<br />
...<br />
CIDR prefix allocated after<br />
1994 by Renater<br />
Agregated in routing table<br />
Slide 191 Laurent Toutain Filière 2
BGP attributes<br />
BGP ◮ BGP Attributes<br />
1 ORIGIN m.w. RFC 4271<br />
2 AS PATH m.w. RFC 4271<br />
3 NEXT HOP m.w. RFC 4271<br />
4 MULTI EXIT DISC o.t. RFC 4271<br />
5 LOCAL PREF w.o. RFC 4271<br />
6 ATOMIC AGGREGATE w.o. RFC 4271<br />
7 AGGREGATOR w.t. RFC 4271<br />
8 COMMUNITY o.t. RFC 1997<br />
9 ORIGINATOR ID o.t. RFC 4456<br />
10 CLUSTER LIST o.t. RFC 4456<br />
14 MP REACH NLRI o.t. RFC 4760<br />
15 MP UNREACH NLRI o.t. RFC 4760<br />
17 AS4 PATH o.t. RFC 4893<br />
18 AS4 AGGREGATOR o.t. RFC 4893<br />
Slide 192 Laurent Toutain Filière 2
Next Hop Attribute<br />
BGP ◮ BGP Attributes<br />
<br />
<br />
<br />
<br />
Used to populate FIBs NH value is not always pushed in the<br />
FIB<br />
NH contains the IP address of the router (or interface) of the<br />
sending router<br />
For eBGP value is directly pushed since eBGP is a connection<br />
on a prefix shared by both ends<br />
•<br />
A router may not change NH value if the sender shares the<br />
same prefix.<br />
with iBGP, BGP NH and IGP NH are different. For iBGP,<br />
since some IGP routers may be between both ends,<br />
interactions with IGP SPT is needed do find FIB Next Hop.<br />
Slide 193 Laurent Toutain Filière 2
Next Hop different behaviors<br />
BGP ◮ BGP Attributes<br />
R1<br />
R2<br />
AS A<br />
AS B<br />
ɛ<br />
R3<br />
φ<br />
R5<br />
AS C<br />
R4<br />
Slide 194 Laurent Toutain Filière 2
Next Hop different behaviors<br />
BGP ◮ BGP Attributes<br />
R1<br />
α.1 α.2<br />
ɛ: NH=α.1<br />
R2<br />
FIB ɛ α.1<br />
AS A<br />
AS B<br />
ɛ<br />
R3<br />
φ<br />
R5<br />
AS C<br />
R4<br />
Slide 194 Laurent Toutain Filière 2
Next Hop different behaviors<br />
BGP ◮ BGP Attributes<br />
R1<br />
α.1 α.2<br />
ɛ: NH=α.1<br />
R2<br />
FIB ɛ α.1<br />
β.1<br />
AS A<br />
ɛ<br />
AS B<br />
ɛ: NH=β.1<br />
FIB ɛ δ.1<br />
δ.2<br />
R3<br />
φ<br />
R5<br />
AS C<br />
R4<br />
Slide 194 Laurent Toutain Filière 2
Next Hop different behaviors<br />
BGP ◮ BGP Attributes<br />
R1<br />
α.1 α.2<br />
ɛ: NH=α.1<br />
R2<br />
FIB ɛ α.1<br />
β.1<br />
AS A<br />
ɛ<br />
AS B<br />
ɛ: NH=β.1<br />
FIB ɛ δ.1<br />
δ.2<br />
R3<br />
φ: NH=γ.1<br />
φ<br />
γ.1 γ.2<br />
R5<br />
AS C<br />
R4<br />
Slide 194 Laurent Toutain Filière 2
Next Hop different behaviors<br />
BGP ◮ BGP Attributes<br />
R1<br />
α.1 α.2<br />
ɛ: NH=α.1<br />
R2<br />
FIB ɛ α.1<br />
β.1<br />
AS A<br />
ɛ<br />
AS B<br />
ɛ: NH=β.1<br />
FIB ɛ δ.1<br />
δ.2<br />
R3<br />
φ: NH=γ.1<br />
φ: NH=γ.1<br />
φ<br />
γ.1 γ.2<br />
R5<br />
AS C<br />
R4<br />
Slide 194 Laurent Toutain Filière 2
Next Hop different behaviors<br />
BGP ◮ BGP Attributes<br />
R1<br />
α.1 α.2<br />
ɛ: NH=α.1<br />
R2<br />
FIB ɛ α.1<br />
β.1<br />
AS A<br />
AS B<br />
FIB<br />
ɛ δ.1<br />
φ γ.1<br />
ɛ<br />
ɛ: NH=β.1<br />
δ.2<br />
R3<br />
φ: NH=γ.1<br />
φ: NH=γ.1<br />
φ<br />
γ.1 γ.2<br />
R5<br />
AS C<br />
R4<br />
Slide 194 Laurent Toutain Filière 2
Next Hop different behaviors<br />
BGP ◮ BGP Attributes<br />
R1<br />
α.1 α.2<br />
ɛ: NH=α.1<br />
R2<br />
FIB ɛ α.1<br />
β.1<br />
AS A<br />
ɛ Packets does not go<br />
through R4. Signalization<br />
(i.e. BGP follows a<br />
different path compared to<br />
data packets.)<br />
AS B<br />
ɛ: NH=β.1<br />
φ: NH=γ.1<br />
δ.2<br />
R3<br />
φ: NH=γ.1<br />
φ<br />
γ.1 γ.2<br />
R5<br />
AS C<br />
R4<br />
Slide 194 Laurent Toutain Filière 2
Synchronization<br />
BGP ◮ BGP Attributes<br />
R1<br />
R2<br />
AS A<br />
AS B<br />
ɛ<br />
R3<br />
φ<br />
R5<br />
AS C<br />
R4<br />
Slide 195 Laurent Toutain Filière 2
Synchronization<br />
BGP ◮ BGP Attributes<br />
R1<br />
α.1 α.2<br />
ɛ: NH=α.1<br />
R2<br />
FIB ɛ α.1<br />
AS A<br />
AS B<br />
ɛ<br />
R3<br />
φ<br />
R5<br />
AS C<br />
R4<br />
Slide 195 Laurent Toutain Filière 2
Synchronization<br />
BGP ◮ BGP Attributes<br />
R1<br />
α.1 α.2<br />
ɛ: NH=α.1<br />
R2<br />
FIB ɛ α.1<br />
β.1<br />
AS A<br />
AS B<br />
FIB ɛ δ.1<br />
ɛ<br />
ɛ: NH=β1<br />
δ.1<br />
δ.2<br />
R3<br />
φ<br />
R5<br />
AS C<br />
R4<br />
Slide 195 Laurent Toutain Filière 2
Synchronization<br />
BGP ◮ BGP Attributes<br />
R1<br />
α.1 α.2<br />
ɛ: NH=α.1<br />
R2<br />
FIB ɛ α.1<br />
β.1<br />
AS A<br />
AS B<br />
FIB ɛ δ.1<br />
ɛ<br />
ɛ: NH=β1<br />
δ.1<br />
δ.2<br />
R3<br />
ɛ: NH=γ.1<br />
φ<br />
R5<br />
AS C<br />
R4<br />
Slide 195 Laurent Toutain Filière 2
Synchronization<br />
BGP ◮ BGP Attributes<br />
R1<br />
α.1 α.2<br />
ɛ: NH=α.1<br />
R2<br />
FIB ɛ α.1<br />
β.1<br />
AS A<br />
AS B<br />
FIB ɛ δ.1<br />
ɛ<br />
ɛ: NH=β1<br />
δ.1<br />
δ.2<br />
R3<br />
ɛ: NH=γ.1<br />
φ<br />
R5<br />
AS C<br />
R4<br />
Slide 195 Laurent Toutain Filière 2
Synchronization<br />
BGP ◮ BGP Attributes<br />
R1<br />
α.1 α.2<br />
ɛ: NH=α.1<br />
R2<br />
β.1<br />
IGP<br />
FIB ɛ α.1<br />
AS A<br />
AS B<br />
FIB ɛ δ.1<br />
ɛ<br />
ɛ: NH=β1<br />
δ.1<br />
δ.2<br />
R3<br />
φ<br />
R5<br />
AS C<br />
R4<br />
Slide 195 Laurent Toutain Filière 2
Synchronization<br />
BGP ◮ BGP Attributes<br />
R1<br />
α.1 α.2<br />
ɛ: NH=α.1<br />
R2<br />
β.1<br />
IGP<br />
FIB ɛ α.1<br />
AS A<br />
IGP<br />
ɛ<br />
AS B<br />
ɛ: NH=β1<br />
δ.1<br />
FIB ɛ δ.1<br />
δ.2<br />
R3<br />
φ<br />
R5<br />
AS C<br />
R4<br />
Slide 195 Laurent Toutain Filière 2
Synchronization<br />
BGP ◮ BGP Attributes<br />
R1<br />
α.1 α.2<br />
ɛ: NH=α.1<br />
R2<br />
β.1<br />
IGP<br />
FIB ɛ α.1<br />
AS A<br />
IGP<br />
ɛ<br />
AS B<br />
ɛ: NH=β1<br />
δ.1<br />
IGP<br />
FIB ɛ δ.1<br />
δ.2<br />
R3<br />
φ<br />
R5<br />
AS C<br />
R4<br />
Slide 195 Laurent Toutain Filière 2
Synchronization<br />
BGP ◮ BGP Attributes<br />
R1<br />
α.1 α.2<br />
ɛ: NH=α.1<br />
R2<br />
β.1<br />
IGP<br />
FIB ɛ α.1<br />
AS A<br />
IGP<br />
ɛ<br />
AS B<br />
ɛ: NH=β1<br />
δ.1<br />
IGP<br />
FIB ɛ δ.1<br />
δ.2<br />
R3<br />
ɛ: NH=φ.1<br />
φ<br />
R5<br />
AS C<br />
R4<br />
Slide 195 Laurent Toutain Filière 2
Synchronization<br />
BGP ◮ BGP Attributes<br />
R1<br />
α.1 α.2<br />
ɛ: NH=α.1<br />
R2<br />
β.1<br />
IGP<br />
FIB ɛ α.1<br />
AS A<br />
IGP<br />
ɛ<br />
AS B<br />
ɛ: NH=β1<br />
δ.1<br />
IGP<br />
FIB ɛ δ.1<br />
δ.2<br />
R3<br />
ɛ: NH=φ.1<br />
φ<br />
R5<br />
AS C<br />
R4<br />
Slide 195 Laurent Toutain Filière 2
Route Selection<br />
BGP ◮ BGP Attributes<br />
1. Reject bad announcements:<br />
1.1 ASN is in Path<br />
1.2 NEXT HOP inaccessible<br />
1.3 filtering based on prefix or AS PATH<br />
2. Select:<br />
2.1 highest local weight (local cost of BGP peering) otherwise<br />
2.2 highest LOCAL PREF otherwise<br />
2.3 shortest AS PATH otherwise<br />
2.4 prefix originated by the router (cisco’s aggregate or network<br />
BGP) otherwise<br />
2.5 lowest origin type (IGP < EGP < ) otherwise<br />
2.6 lowest multi-exit discriminator otherwise<br />
2.7 eBGP over iBGP paths otherwise<br />
2.8 closest IGP neighbor otherwise<br />
2.9 lowest IP address, in BGP router ID or ORIGINATOR ID<br />
otherwise<br />
2.10 shortest route reflection cluster list<br />
2.11 lowest neighbor address<br />
Slide 196 Laurent Toutain Filière 2
BGP<br />
BGP for Large Networks
Confederation and Route Reflectors<br />
BGP ◮ BGP for Large Networks<br />
<br />
<br />
<br />
AS PATH allows to detect loops between ASes.<br />
Inside an AS this is not possible since ASN is the same<br />
Original specifications impose a mesh network:<br />
•<br />
each BGP router must peer with all others<br />
•<br />
information learned through iBGP cannot be send to other<br />
peers inside the AS.<br />
<br />
The number of TCP connection is O(n 2 )<br />
<br />
<br />
Confederation breaks the AS into small private ASes<br />
Router Reflectors (RR) modify iBGP behavior to reduce the<br />
number of peering (RFC 4456)<br />
Slide 198 Laurent Toutain Filière 2
Example<br />
BGP ◮ BGP for Large Networks<br />
AS Y<br />
Slide 199 Laurent Toutain Filière 2
Confederation<br />
BGP ◮ BGP for Large Networks<br />
OSPF IS-IS OSPF<br />
AS Y<br />
AS 65001 AS 65002 AS 65003<br />
Slide 199 Laurent Toutain Filière 2
Confederation<br />
BGP ◮ BGP for Large Networks<br />
OSPF IS-IS OSPF<br />
eBGP<br />
eBGP<br />
eBGP<br />
AS Y<br />
eBGP<br />
AS 65001 AS 65002 AS 65003<br />
Slide 199 Laurent Toutain Filière 2
Confederation<br />
BGP ◮ BGP for Large Networks<br />
OSPF IS-IS OSPF<br />
eBGP<br />
eBGP<br />
eBGP<br />
AS Y<br />
eBGP<br />
AS 65001 AS 65002 AS 65003<br />
Slide 199 Laurent Toutain Filière 2
Confederation<br />
BGP ◮ BGP for Large Networks<br />
OSPF IS-IS OSPF<br />
eBGP<br />
eBGP<br />
eBGP<br />
AS Y<br />
α: AS PATH= .....<br />
eBGP<br />
AS 65001 AS 65002 AS 65003<br />
Slide 199 Laurent Toutain Filière 2
Confederation<br />
BGP ◮ BGP for Large Networks<br />
OSPF IS-IS OSPF<br />
eBGP<br />
eBGP<br />
α: AS PATH= 65002, 65003.....<br />
eBGP<br />
AS Y<br />
α: AS PATH= 65003.....<br />
α: AS PATH= .....<br />
eBGP<br />
AS 65001 AS 65002 AS 65003<br />
Slide 199 Laurent Toutain Filière 2
Confederation<br />
BGP ◮ BGP for Large Networks<br />
OSPF IS-IS OSPF<br />
eBGP<br />
eBGP<br />
α: AS PATH= 65002, 65003.....<br />
eBGP<br />
AS Y<br />
α: AS PATH= 65003.....<br />
α: AS PATH= .....<br />
eBGP<br />
AS 65001 AS 65002 AS 65003<br />
Slide 199 Laurent Toutain Filière 2
Confederation<br />
BGP ◮ BGP for Large Networks<br />
OSPF IS-IS OSPF<br />
eBGP<br />
eBGP<br />
α: AS PATH= 65002, 65003.....<br />
eBGP<br />
AS Y<br />
α: AS PATH= Y .....<br />
α: AS PATH= 65003.....<br />
α: AS PATH= .....<br />
eBGP<br />
AS 65001 AS 65002 AS 65003<br />
Slide 199 Laurent Toutain Filière 2
BGP attributes<br />
BGP ◮ BGP for Large Networks<br />
1 ORIGIN m.w. RFC 4271<br />
2 AS PATH m.w. RFC 4271<br />
3 NEXT HOP m.w. RFC 4271<br />
4 MULTI EXIT DISC o.t. RFC 4271<br />
5 LOCAL PREF w.o. RFC 4271<br />
6 ATOMIC AGGREGATE w.o. RFC 4271<br />
7 AGGREGATOR w.t. RFC 4271<br />
8 COMMUNITY o.t. RFC 1997<br />
9 ORIGINATOR ID o.t. RFC 4456<br />
10 CLUSTER LIST o.t. RFC 4456<br />
14 MP REACH NLRI o.t. RFC 4760<br />
15 MP UNREACH NLRI o.t. RFC 4760<br />
17 AS4 PATH o.t. RFC 4893<br />
18 AS4 AGGREGATOR o.t. RFC 4893<br />
Slide 200 Laurent Toutain Filière 2
Route Reflector RFC 4456<br />
BGP ◮ BGP for Large Networks<br />
<br />
<br />
<br />
<br />
With RR, iBGP becomes transitive:<br />
•<br />
iBGP announcements received are sent to other peers, ...<br />
•<br />
... if the announcement is better<br />
Several RR can be deployed in an AS.<br />
To avoid loops, two new attributes are defined:<br />
•<br />
ORIGINATOR ID: Orign of the route in the local AS<br />
•<br />
CLUSTER LIST: List of RR ID (used as AS PATH to avoid<br />
loops)<br />
RR may modify BGP, especially if IGP metric is taken into<br />
account to select routes<br />
Slide 201 Laurent Toutain Filière 2
Route Reflectors<br />
BGP ◮ BGP for Large Networks<br />
R4<br />
R3<br />
R2<br />
RR<br />
R1<br />
R5<br />
AS Y<br />
R0<br />
RR<br />
R10<br />
R6<br />
R9<br />
R7<br />
R8<br />
Slide 202 Laurent Toutain Filière 2
Route Reflectors<br />
BGP ◮ BGP for Large Networks<br />
R4<br />
R3<br />
R2<br />
RR<br />
R1<br />
R5<br />
AS Y<br />
R0<br />
RR<br />
R10<br />
R6<br />
R9<br />
α: AS PATH= .....<br />
R7<br />
R8<br />
Slide 202 Laurent Toutain Filière 2
Route Reflectors<br />
BGP ◮ BGP for Large Networks<br />
R4<br />
R3<br />
R2<br />
RR<br />
R1<br />
R5<br />
AS Y<br />
R0<br />
RR<br />
R10<br />
R6<br />
R9<br />
α: AS PATH= .....<br />
R7<br />
R8<br />
Slide 202 Laurent Toutain Filière 2
Route Reflectors<br />
BGP ◮ BGP for Large Networks<br />
R4<br />
R3<br />
R2<br />
RR<br />
R1<br />
α: ORIG: R9, CLUSTER: R2.....<br />
R5<br />
AS Y<br />
R0<br />
RR<br />
R10<br />
R6<br />
R9<br />
α: AS PATH= .....<br />
R7<br />
R8<br />
Slide 202 Laurent Toutain Filière 2
Route Reflectors<br />
BGP ◮ BGP for Large Networks<br />
R4<br />
R3<br />
R2<br />
RR<br />
R1<br />
α: ORIG: R9, CLUSTER: R2.....<br />
R5<br />
α: ORIG: R9, CLUSTER: R10.....<br />
AS Y<br />
R0<br />
RR<br />
R10<br />
R6<br />
R9<br />
α: AS PATH= .....<br />
R7<br />
R8<br />
Slide 202 Laurent Toutain Filière 2
BGP<br />
Network Architecture
Network Architecture<br />
BGP ◮ Network Architecture<br />
PE PE PE<br />
GIX<br />
PE PE PE<br />
POP<br />
POP<br />
POP<br />
ISP1 ISP2 ISP3<br />
Slide 204 Laurent Toutain Filière 2
Global Inter eXchange<br />
BGP ◮ Network Architecture<br />
ISP 1 ISP 2 ISP 3<br />
eBGP<br />
ISP 4 ISP 5 ISP 6<br />
Slide 205 Laurent Toutain Filière 2
Global Inter eXchange<br />
BGP ◮ Network Architecture<br />
ISP 1 ISP 2 ISP 3<br />
eBGP<br />
eBGP<br />
ISP 4 ISP 5 ISP 6<br />
Slide 205 Laurent Toutain Filière 2
Global Inter eXchange<br />
BGP ◮ Network Architecture<br />
ISP 1 ISP 2 ISP 3<br />
eBGP<br />
eBGP<br />
ISP 4 ISP 5 ISP 6<br />
Slide 205 Laurent Toutain Filière 2
Global Inter eXchange<br />
BGP ◮ Network Architecture<br />
ISP 1 ISP 2 ISP 3<br />
eBGP<br />
eBGP<br />
ISP 4 ISP 5 ISP 6<br />
Slide 205 Laurent Toutain Filière 2
Global Inter eXchange<br />
BGP ◮ Network Architecture<br />
ISP 1 ISP 2 ISP 3<br />
ISP 4 ISP 5 ISP 6<br />
Route<br />
Server<br />
Slide 205 Laurent Toutain Filière 2
Global Inter eXchange<br />
BGP ◮ Network Architecture<br />
ISP 1 ISP 2 ISP 3<br />
ISP 4 ISP 5 ISP 6<br />
Route<br />
Server<br />
Slide 205 Laurent Toutain Filière 2
Global Inter eXchange<br />
BGP ◮ Network Architecture<br />
ISP 1 ISP 2 ISP 3<br />
Whois<br />
ISP 4 ISP 5 ISP 6<br />
Route<br />
Server<br />
Slide 205 Laurent Toutain Filière 2
Global Inter eXchange<br />
BGP ◮ Network Architecture<br />
Looking Glass<br />
Web<br />
Server<br />
commands<br />
ISP 1 ISP 2 ISP 3<br />
Whois<br />
ISP 4 ISP 5 ISP 6<br />
Route<br />
Server<br />
See: www.bgp4.as<br />
Slide 205 Laurent Toutain Filière 2
BGP Limits: Flapping<br />
BGP ◮ Network Architecture<br />
<br />
in the 90s, some bogus implementation causes a lot of route<br />
withdraw and announcement.<br />
•<br />
called Flapping<br />
•<br />
this was propagated to all ASes, using router CPU<br />
<br />
Damping has been proposed (see RFC 2439)<br />
•<br />
When the route oscillate too much, the information is not<br />
propagated<br />
•<br />
Network is stabilized but,<br />
•<br />
network becomes unreachable<br />
<br />
Currently, it is not a good solution (see RIPE 378)<br />
•<br />
Some normal events can be amplified and lead to a route<br />
withdraw<br />
Slide 206 Laurent Toutain Filière 2
BGP Limits: Flapping<br />
BGP ◮ Network Architecture<br />
suppress<br />
reuse<br />
Slide 207 Laurent Toutain Filière 2
BGP Limits: Flapping<br />
BGP ◮ Network Architecture<br />
suppress<br />
reuse<br />
blocked<br />
Slide 207 Laurent Toutain Filière 2
BGP Limits: Flapping<br />
BGP ◮ Network Architecture<br />
P(t ′ ) = P(t)e −λ(t′ −t)<br />
suppress<br />
reuse<br />
blocked<br />
Slide 207 Laurent Toutain Filière 2
BGP Limits: Security<br />
BGP ◮ Network Architecture<br />
<br />
<br />
<br />
<br />
<br />
Provider exchange BGP announces<br />
It is impossible to control all announced prefixes<br />
•<br />
bogon/martian can be announced by some servers<br />
but a bad provider may inject a legal prefix<br />
see youtube attack:<br />
• http://www.ripe.net/news/study-youtube-hijacking.html<br />
IETF working group sidr studies the possibility to use PKI to<br />
authenticate NLRI origin.<br />
Slide 208 Laurent Toutain Filière 2
BGP<br />
VPN
BGP ◮ VPN<br />
<br />
<br />
<br />
<br />
VPN<br />
BGP can isolate routing inside and outside an AS<br />
•<br />
only PE have to know both world prefixes<br />
•<br />
P know only inside route<br />
use to limit the number of entries in routing table<br />
Protocol family inside and outside can be different<br />
•<br />
private IPv4 — IPv4<br />
•<br />
IPv6 — IPv4<br />
•<br />
IPv4 — IPv6<br />
MPLS is used:<br />
•<br />
L3 VPN: used to route packets other a provider infrastructure<br />
•<br />
L2 VPN: used to bridge frames other a provider infrastructure<br />
•<br />
L1 VPN : use GMPLS to activate optical circuit on provider<br />
infrastructure<br />
Slide 210 Laurent Toutain Filière 2
BGP ◮ VPN<br />
6PE<br />
α 6<br />
R1<br />
BGP<br />
R4<br />
RIB<br />
FIB<br />
2 customers want<br />
IPv6 → Upgrade<br />
CPE<br />
MPLS<br />
Slide 211 Laurent Toutain Filière 2
BGP ◮ VPN<br />
6PE<br />
α 6 ⇒ NH = R1<br />
α 6<br />
R1<br />
R2<br />
BGP<br />
R3<br />
R4<br />
RIB<br />
FIB<br />
MPLS<br />
Slide 211 Laurent Toutain Filière 2
BGP ◮ VPN<br />
6PE<br />
α 6 ⇒ NH = R1 α 6 L 60 ⇒ NH =:: FFFF : R2 4 α 6 ⇒ NH = R3 6<br />
α 6<br />
R1<br />
R2<br />
BGP<br />
R3<br />
R4<br />
RIB<br />
FIB<br />
MPLS<br />
Slide 211 Laurent Toutain Filière 2
BGP ◮ VPN<br />
6PE<br />
α 6 ⇒ NH = R1 α 6 L 60 ⇒ NH =:: FFFF : R2 4 α 6 ⇒ NH = R3 6<br />
α 6<br />
R1<br />
R2<br />
BGP<br />
R3<br />
R4<br />
α 6 : NH = R2 4 L 60<br />
Pref (R2 4 ) : L 123<br />
RIB<br />
FIB<br />
MPLS<br />
Slide 211 Laurent Toutain Filière 2
BGP ◮ VPN<br />
6PE<br />
α 6 ⇒ NH = R1 α 6 L 60 ⇒ NH =:: FFFF : R2 4 α 6 ⇒ NH = R3 6<br />
α 6<br />
R1<br />
R2<br />
BGP<br />
R3<br />
R4<br />
α 6 : NH = R2 4 L 60<br />
Pref (R2 4 ) : L 123<br />
RIB<br />
FIB<br />
ϕ|L 456 |L 60 |IPv6<br />
MPLS<br />
ϕ|L 123 |L 60 |IPv6<br />
Slide 211 Laurent Toutain Filière 2
BGP ◮ VPN<br />
6PE<br />
α 6 ⇒ NH = R1 α 6 L 60 ⇒ NH =:: FFFF : R2 4 α 6 ⇒ NH = R3 6<br />
α 6<br />
R1<br />
R2<br />
BGP<br />
R3<br />
R4<br />
α 6 : NH = R2 4 L 60<br />
Pref (R2 4 ) : L 123<br />
RIB<br />
FIB<br />
ϕ|L 60 |IPv6<br />
MPLS<br />
ϕ|L 456 |L 60 |IPv6<br />
pop<br />
ϕ|L 123 |L 60 |IPv6<br />
Slide 211 Laurent Toutain Filière 2
BGP ◮ VPN<br />
6PE<br />
α 6 ⇒ NH = R1 α 6 L 60 ⇒ NH =:: FFFF : R2 4 α 6 ⇒ NH = R3 6<br />
α 6<br />
R1<br />
R2<br />
BGP<br />
R3<br />
R4<br />
α 6 : NH = R2 4 L 60<br />
Pref (R2 4 ) : L 123<br />
RIB<br />
FIB<br />
ϕ|L 60 |IPv6<br />
MPLS<br />
ϕ|L 456 |L 60 |IPv6<br />
pop<br />
ϕ|L 123 |L 60 |IPv6<br />
Slide 211 Laurent Toutain Filière 2
BGP ◮ VPN<br />
Softwires Mesh<br />
α 4 ⇒ NH = R1 α 4 L 60 ⇒ NH = R2 6 α 4 ⇒ NH = R3 4<br />
α 4<br />
R1<br />
R2<br />
BGP<br />
R3<br />
R4<br />
α 4 : NH = R2 6 L 60<br />
Pref (R2 6 ) : L 123<br />
RIB<br />
FIB<br />
ϕ|L 60 |IPv4<br />
MPLS<br />
ϕ|L 456 |L 60 |IPv4<br />
pop<br />
ϕ|L 123 |L 60 |IPv4<br />
Slide 212 Laurent Toutain Filière 2
BGP ◮ VPN<br />
6PE versus Softwires Mesh<br />
<br />
MP-BGP: (RFC 4760)<br />
<br />
The Network Layer protocol associated with the Network<br />
Address of the Next Hop is identified by a combination<br />
of carried in the attribute.<br />
no AFI/SAFI defined for 6PE and Softwires<br />
•<br />
6PE:<br />
− NLRI is IPv6<br />
− NH is IPv4<br />
− use IPv4 mapped addresses<br />
•<br />
Softwires Mesh:<br />
− NLRI is IPv4<br />
− NH is IPv6<br />
− Change the MP-BGP RFC (RFC 5549)<br />
Slide 213 Laurent Toutain Filière 2
BGP ◮ VPN<br />
References<br />
<br />
BGP Tutorial: http://www.cl.cam.ac.uk/~tgg22/talks/<br />
BGP_TUTORIAL_ICNP_2002.ppt<br />
Slide 214 Laurent Toutain Filière 2
IPv6 Integration<br />
Introduction
IPv6 Integration: Why<br />
IPv6 Integration ◮ Introduction<br />
IPv4 address space depletion<br />
<br />
Within 1-2 years, all reports converge:<br />
•<br />
http://www.potaroo.net/tools/ipv4/index.html,<br />
http://www.tndh.net/ tony/ietf/IPv4-pool-combined-view.pdf, . . .<br />
<br />
IANA pool, then RIR pool, then<br />
<br />
One day new companies will not be able to get IPv4 address<br />
space<br />
<br />
And existing companies will not be able to extend theirs<br />
Complexity increase<br />
<br />
<br />
<br />
<br />
<br />
Deployment of IPv4 networks/services will get more and more<br />
complex<br />
Lack of routable IPv4 addresses<br />
NAT violates the ”end-to-end” principle<br />
Even private space (RFC 1918) is not enough for some<br />
networks (example: Comcast needs 100 M+ @ to address<br />
their subscribers’ set-top boxes)<br />
NAT Traversal development cost is getting unbearable<br />
Slide 216 Laurent Toutain Filière 2
Communications Model<br />
IPv6 Integration ◮ Introduction<br />
Who initiates communication towards whom (6 possibilities)<br />
1. An IPv4 system connects to an IPv4 system through an IPv4<br />
network<br />
2. An IPv6 system connects to an IPv6 system through an IPv6<br />
network<br />
3. An IPv4 system connects to an IPv4 system through an IPv6<br />
network<br />
4. An IPv6 system connects to an IPv6 system through an IPv4<br />
network<br />
5. An IPv4 system connects to an IPv6 system<br />
6. An IPv6 system connects to an IPv4 system<br />
Complexity<br />
<br />
<br />
<br />
1) & 2) : Quite obvious<br />
3) & 4) : Less easy but no real problem<br />
5) & 6) : Quite complex. There is no global solution today<br />
(different partial solutions following different approaches)<br />
Slide 217 Laurent Toutain Filière 2
Communications Model<br />
IPv6 Integration ◮ Introduction<br />
Who initiates communication towards whom (6 possibilities)<br />
1. An IPv4 system connects to an IPv4 system through an IPv4<br />
network<br />
2. An IPv6 system connects to an IPv6 system through an IPv6<br />
network<br />
3. An IPv4 system connects to an IPv4 system through an IPv6<br />
network<br />
4. An IPv6 system connects to an IPv6 system through an IPv4<br />
network<br />
5. An IPv4 system connects to an IPv6 system<br />
6. An IPv6 system connects to an IPv4 system<br />
Complexity<br />
<br />
<br />
<br />
1) & 2) : Quite obvious<br />
3) & 4) : Less easy but no real problem<br />
5) & 6) : Quite complex. There is no global solution today<br />
(different partial solutions following different approaches)<br />
Slide 217 Laurent Toutain Filière 2
Communications Model<br />
IPv6 Integration ◮ Introduction<br />
Who initiates communication towards whom (6 possibilities)<br />
1. An IPv4 system connects to an IPv4 system through an IPv4<br />
network<br />
2. An IPv6 system connects to an IPv6 system through an IPv6<br />
network<br />
3. An IPv4 system connects to an IPv4 system through an IPv6<br />
network<br />
4. An IPv6 system connects to an IPv6 system through an IPv4<br />
network<br />
5. An IPv4 system connects to an IPv6 system<br />
6. An IPv6 system connects to an IPv4 system<br />
Complexity<br />
<br />
<br />
<br />
1) & 2) : Quite obvious<br />
3) & 4) : Less easy but no real problem<br />
5) & 6) : Quite complex. There is no global solution today<br />
(different partial solutions following different approaches)<br />
Slide 217 Laurent Toutain Filière 2
Rough Classification of Transition/Integration<br />
Mechanisms<br />
IPv6 Integration ◮ Introduction<br />
<br />
<br />
<br />
v6-v6 or v4-v4 Communication<br />
•<br />
Dual-Stack: v4 and v6 are fully available end-to-end<br />
Tunneling<br />
•<br />
v4 communication through a v6 network or vice versa<br />
•<br />
automatic vs configured (manual) tunnels<br />
v4-v6 co-existence/cross-communication<br />
•<br />
Translation<br />
−<br />
Header / protocol / port (v6→v4 and v4→v6)<br />
−<br />
Stateless vs Stateful<br />
•<br />
Relays / Application Level Gateways (ALG)<br />
Slide 218 Laurent Toutain Filière 2
Dual-Stack Approach (RFC 4213)<br />
IPv6 Integration ◮ Introduction<br />
<br />
<br />
IPv4 and IPv6 running on the same box<br />
Especially useful for ”Legacy” (existing) networks<br />
•<br />
V6-fied (legacy) IPv4 servers can provide the same service over<br />
IPv6 transport for new IPv6-only clients (web, mail, ftp,<br />
ssh. . . )<br />
•<br />
V6-fied (legacy) IPv4 clients can query new IPv6-only servers<br />
Application<br />
IPv4/IPv6 Net<br />
IPv4/IPv6<br />
IPv4/IPv6 Net<br />
TCP/UDP<br />
IPv4 IPv6<br />
Driver<br />
<br />
But. . .<br />
•<br />
At least one IPv4 address is required for every node<br />
•<br />
⇒ Alone, this approach does not fix the issue of IPv4 space<br />
exhaustion!<br />
Slide 219 Laurent Toutain Filière 2
Generic Approach for ”Tunneling”<br />
IPv6 Integration ◮ Introduction<br />
2 types of tunnels:<br />
<br />
Automatic Tunnels<br />
<br />
•<br />
Examples : 6to4, Teredo, ISATAP, 6PE/MPLS. . .<br />
Configured Tunnels<br />
•<br />
Manual, ”Tunnel Broker”<br />
IPv6 Net<br />
IPv4 Net<br />
IPv4 Tunnel<br />
IPv6 Net<br />
IPv6<br />
Packets<br />
IPv4 Encapsulation<br />
IPv6<br />
Packets<br />
IPv6<br />
Packets<br />
Slide 220 Laurent Toutain Filière 2
Generic Approach for ”Translation”<br />
IPv6 Integration ◮ Introduction<br />
A<br />
PA: Ax → f (Cy ), params(A)<br />
B<br />
PB: By [port(B)] → Cy , params(B)<br />
C<br />
<br />
(x, y) ∈ {(6, 4), (4, 6)}<br />
<br />
A is IPv x -only, C is IPv y -only<br />
<br />
A sends a packet PA to C<br />
<br />
<br />
•<br />
Source address: A x<br />
•<br />
Destination address: C x = f (C y ) (an IPv x mapped to C y )<br />
Packet PA is intercepted by B, the translation box supporting<br />
both IPv x and IPv y<br />
Packet PA is translated into packet PB, later sent to C<br />
•<br />
Source address: B y from the ”shared pool”, potentially with a<br />
new port(B)<br />
•<br />
Destination address: C y<br />
Slide 221 Laurent Toutain Filière 2
Generic Approach for ALGs (”proxy”)<br />
IPv6 Integration ◮ Introduction<br />
A<br />
PA: A x → B x PB: B y → C y<br />
B C<br />
<br />
(x, y) ∈ {(6, 4), (4, 6)}<br />
<br />
A is an IPv x -only client; C is IPv y -only server<br />
<br />
A sends to B a packet PA containing a request targeting C<br />
•<br />
Source address: A x<br />
•<br />
Destination address: B x<br />
<br />
<br />
B is a proxy supporting both IPv x and IPv y<br />
B sends to C a new packet PB, proxying As request<br />
•<br />
Source address: B y<br />
•<br />
Destination address: C y<br />
<br />
Examples: proxy web/ftp/DNS/mail. . .<br />
Slide 222 Laurent Toutain Filière 2
Where to act, what to do exactly<br />
IPv6 Integration ◮ Introduction<br />
<br />
All the following communication components have to support<br />
IPv6 in a timely manner:<br />
•<br />
For everybody:<br />
− OS (local and distant)<br />
− Network applications or applications invoking the network<br />
even transiently<br />
•<br />
For users (individuals, enterprise, campus. . . ):<br />
− LAN (routers if any)<br />
− Connectivity (CPE, PE)<br />
− Getting through their v4 ISP or bypassing it<br />
•<br />
For ISPs/Operators<br />
−<br />
Backbone routers, Border routers (peering, transit)<br />
−<br />
Access equipment (wired or wireless)<br />
Slide 223 Laurent Toutain Filière 2
Where to act, what to do exactly (2)<br />
IPv6 Integration ◮ Introduction<br />
<br />
<br />
All the following communication components have to support<br />
IPv6 in a timely manner:<br />
•<br />
Hosting service providers:<br />
− Hosted hardware & software (dedicated or mutualized)<br />
Unless you are an administrator of a large network<br />
•<br />
You don’t have to manage/care about all those aspects at a<br />
time<br />
•<br />
You should first look after the components you are responsible<br />
for, then ask others to do the same (if not done yet)<br />
Slide 224 Laurent Toutain Filière 2
Overview IPv6 Transition/Integration<br />
Approaches in the IETF (historical)<br />
IPv6 Integration ◮ Introduction<br />
<br />
<br />
6bone wg approach:<br />
•<br />
IPv6 just born: basic experimentations<br />
•<br />
Basic tunneling software<br />
ngtrans wg (next generation transition) approach<br />
•<br />
The very first steps of IPv6: start provisioning for ”transition”<br />
tools<br />
•<br />
A ”toolbox” fed by volunteers dealing with specific issues<br />
•<br />
The toolbox was not so practical<br />
− Redundant and overlapping tools: lack of readability<br />
− Lack/absence of documentation/implementations<br />
− Little knowledge/consideration of the real operational<br />
aspects/needs and security issues related to/implied by those<br />
tools (example: NAT- PT)<br />
Slide 225 Laurent Toutain Filière 2
Overview IPv6 Migration Approaches in the<br />
IETF (active)<br />
IPv6 Integration ◮ Introduction<br />
<br />
<br />
v6ops wg (IPv6 Operations)<br />
•<br />
IPv6 getting mature: let’s get into serious deployment<br />
(operational aspects)!<br />
•<br />
Enough tools in the toolbox<br />
− Moratorium on new tool development<br />
− Dropped almost all ngtrans I-Ds which hadn’t had a chance to<br />
get published as RFCs (example: dstm :-( )<br />
•<br />
Define deployment scenarios and map them with appropriate<br />
existing tools<br />
•<br />
Identify/analyze gaps and trigger further development of<br />
needed mechanisms/tools<br />
softwire wg<br />
•<br />
Be prepared for a long co-existence period<br />
•<br />
Existing solutions are neither sufficient nor completely<br />
satisfactory<br />
•<br />
Need to automatically connect millions of users<br />
− v4-v4 communications through and IPv6-only network and<br />
vice versa<br />
•<br />
The wg works in parallel and in a complementary fashion with<br />
v6ops<br />
Slide 226 Laurent Toutain Filière 2
Overview IPv6 Migration Approaches in the<br />
IETF (active)<br />
IPv6 Integration ◮ Introduction<br />
<br />
behave wg (Behavior Engineering for Hindrance Avoidance)<br />
•<br />
Initially formed to engineer a much cleaner and acceptable<br />
NAT<br />
− Hot topic: v4-v6 translation mechanisms and tools (NAT64)<br />
•<br />
Later added in behave’s charter<br />
− Stateless vs Stateful<br />
− v4 → v6 and v6 → v4<br />
−<br />
With DNS64 ALG considerations<br />
−<br />
The wg works in parallel and in a complementary fashion with<br />
v6ops & softwires<br />
Slide 227 Laurent Toutain Filière 2
Transition/Integration scenarios (v6ops)<br />
IPv6 Integration ◮ Introduction<br />
<br />
<br />
<br />
<br />
ISP/Operators Networks<br />
•<br />
Backbone/Core (configuration & management)<br />
•<br />
Transit / Peering (interconnection with other’s ISP/operators<br />
networks )<br />
•<br />
Access (connectivity & services for customers)<br />
Enterprise networks (managed)<br />
•<br />
Setup, configuration and management of the network and<br />
service infrastructure for internal communication<br />
•<br />
Access to the Internet v6<br />
Unmanaged networks (Small office/Home office, SoHo)<br />
•<br />
Access to the Internet v6<br />
•<br />
Services Auto-configuration<br />
Cellular networks (3GPP): Backbone, Transit & Access (same<br />
as ISP/Operator)<br />
With possible v4-v6 co-existence in all scenarios<br />
Slide 228 Laurent Toutain Filière 2
Transition/Integration scenarios (v6ops)<br />
IPv6 Integration ◮ Introduction<br />
<br />
<br />
<br />
<br />
ISP/Operators Networks<br />
•<br />
Backbone/Core (configuration & management)<br />
•<br />
Transit / Peering (interconnection with other’s ISP/operators<br />
networks )<br />
•<br />
Access (connectivity & services for customers)<br />
Enterprise networks (managed)<br />
•<br />
Setup, configuration and management of the network and<br />
service infrastructure for internal communication<br />
•<br />
Access to the Internet v6<br />
Unmanaged networks (Small office/Home office, SoHo)<br />
•<br />
Access to the Internet v6<br />
•<br />
Services Auto-configuration<br />
Cellular networks (3GPP): Backbone, Transit & Access (same<br />
as ISP/Operator)<br />
With possible v4-v6 co-existence in all scenarios<br />
Slide 228 Laurent Toutain Filière 2
Transition/Integration scenarios (v6ops)<br />
IPv6 Integration ◮ Introduction<br />
<br />
<br />
<br />
<br />
ISP/Operators Networks<br />
•<br />
Backbone/Core (configuration & management)<br />
•<br />
Transit / Peering (interconnection with other’s ISP/operators<br />
networks )<br />
•<br />
Access (connectivity & services for customers)<br />
Enterprise networks (managed)<br />
•<br />
Setup, configuration and management of the network and<br />
service infrastructure for internal communication<br />
•<br />
Access to the Internet v6<br />
Unmanaged networks (Small office/Home office, SoHo)<br />
•<br />
Access to the Internet v6<br />
•<br />
Services Auto-configuration<br />
Cellular networks (3GPP): Backbone, Transit & Access (same<br />
as ISP/Operator)<br />
With possible v4-v6 co-existence in all scenarios<br />
Slide 228 Laurent Toutain Filière 2
Transition/Integration scenarios (v6ops)<br />
IPv6 Integration ◮ Introduction<br />
<br />
<br />
<br />
<br />
ISP/Operators Networks<br />
•<br />
Backbone/Core (configuration & management)<br />
•<br />
Transit / Peering (interconnection with other’s ISP/operators<br />
networks )<br />
•<br />
Access (connectivity & services for customers)<br />
Enterprise networks (managed)<br />
•<br />
Setup, configuration and management of the network and<br />
service infrastructure for internal communication<br />
•<br />
Access to the Internet v6<br />
Unmanaged networks (Small office/Home office, SoHo)<br />
•<br />
Access to the Internet v6<br />
•<br />
Services Auto-configuration<br />
Cellular networks (3GPP): Backbone, Transit & Access (same<br />
as ISP/Operator)<br />
With possible v4-v6 co-existence in all scenarios<br />
Slide 228 Laurent Toutain Filière 2
IPv6 Integration<br />
Core Network
IPv6 in the Backbone / Core Network<br />
IPv6 Integration ◮ Core Network<br />
IPv6 traffic forwarding within the ISP’s core network<br />
<br />
Native transport<br />
•<br />
Need to upgrade features of all routers!<br />
<br />
Tunnels (6over4, 6PE)<br />
•<br />
Temporary solutions ⇒ Need a transition plan from tunnel to<br />
native<br />
Slide 230 Laurent Toutain Filière 2
Routing Protocols for IPv6<br />
IPv6 Integration ◮ Core Network<br />
<br />
<br />
Interior Routing<br />
•<br />
RIPng: RFC 2080, RFC 2081 (Extension of RIPv2 for IPv6<br />
(exclusive))<br />
•<br />
OSPFv3: RFC 5340 (OSPF for IPv6 (exclusive))<br />
− See also RFC 5185 (OSPF Multi-Area Adjacency) and RFC<br />
5838 (Support of address families in OSPFv3)<br />
•<br />
ISIS: RFC 5308 (Routing IPv6 with IS-ISC an manage both<br />
routing plans)<br />
Exterior Routing<br />
•<br />
MP-BGP (BGP4+): RFC 2545 (Multi-protocol extensions<br />
for IPv6 Inter-Domain Routing)<br />
Conclusion<br />
No major differences with IPv4<br />
Slide 231 Laurent Toutain Filière 2
6over4<br />
IPv6 Integration ◮ Core Network<br />
Point-to-point tunnel: encapsulate IPv6 packets in IPv4 packets.<br />
IPv4 Hdr<br />
IPv6 Hdr<br />
Payload<br />
Proto=41 (IPv6)<br />
Use case: Connecting 2 IPv6 islands separated by an IPv4-only network<br />
<br />
<br />
Require IPv6-capable routers at both ends<br />
MTU may be reduced, Performance of encapsulation<br />
Don’t be over-used ... Remember the 6BONE !<br />
Slide 232 Laurent Toutain Filière 2
6BONE<br />
IPv6 Integration ◮ Core Network<br />
Lessons learned from 6BONE<br />
<br />
<br />
Too much distributed tunnels are very hard to maintain<br />
Tunnels should follow network topology<br />
Slide 233 Laurent Toutain Filière 2
6PE : Provider Edge<br />
IPv6 Integration ◮ Core Network<br />
6PE = MPLS Tunnel (LSP) + MP-BGP<br />
<br />
Connect IPv6 islands across IPv4 network<br />
<br />
Automatic LSP tunneling between border routers (Layer 2.5)<br />
<br />
<br />
Initiation using MP-BGP announces<br />
LSP encapsulation to transport IPv6 packets on IPv4 network<br />
Benefits of 6PE<br />
<br />
<br />
<br />
Specific configuration only on border routers<br />
Dynamic label allocation with BGP<br />
No major impact on performance<br />
Slide 234 Laurent Toutain Filière 2
6PE : Provider Edge<br />
IPv6 Integration ◮ Core Network<br />
IPv4<br />
B<br />
β::<br />
α::<br />
A<br />
Slide 235 Laurent Toutain Filière 2
6PE : Provider Edge<br />
IPv6 Integration ◮ Core Network<br />
IPv4<br />
B<br />
β::<br />
BGP: α → A<br />
α::<br />
A<br />
BGP: β → B<br />
Slide 235 Laurent Toutain Filière 2
6PE : Provider Edge<br />
IPv6 Integration ◮ Core Network<br />
IPv4<br />
B<br />
β::<br />
BGP: α → A<br />
α → β<br />
α::<br />
A<br />
BGP: β → B<br />
Slide 235 Laurent Toutain Filière 2
6PE : Provider Edge<br />
IPv6 Integration ◮ Core Network<br />
IPv4<br />
B<br />
β::<br />
BGP: α → A<br />
α → β<br />
MPLS: l1<br />
α::<br />
A<br />
BGP: β → B<br />
Slide 235 Laurent Toutain Filière 2
6PE : Provider Edge<br />
IPv6 Integration ◮ Core Network<br />
IPv4<br />
B<br />
β::<br />
BGP: α → A<br />
α → β<br />
MPLS: l1<br />
MPLS: l2<br />
α::<br />
A<br />
BGP: β → B<br />
Slide 235 Laurent Toutain Filière 2
6PE : Provider Edge<br />
IPv6 Integration ◮ Core Network<br />
IPv4<br />
B<br />
β::<br />
BGP: α → A<br />
α → β<br />
α::<br />
MPLS: l1<br />
MPLS: l2<br />
A<br />
BGP: β → B<br />
α → β<br />
MPLS: l1<br />
MPLS: l3<br />
Slide 235 Laurent Toutain Filière 2
6PE : Provider Edge<br />
IPv6 Integration ◮ Core Network<br />
IPv4<br />
α → β<br />
MPLS: l1<br />
B<br />
β::<br />
BGP: α → A<br />
α → β<br />
α::<br />
MPLS: l1<br />
MPLS: l2<br />
A<br />
BGP: β → B<br />
α → β<br />
MPLS: l1<br />
MPLS: l3<br />
Slide 235 Laurent Toutain Filière 2
6PE : Provider Edge<br />
IPv6 Integration ◮ Core Network<br />
IPv4<br />
α → β<br />
MPLS: l1<br />
B<br />
β::<br />
BGP: α → A<br />
α → β<br />
α::<br />
MPLS: l1<br />
MPLS: l2<br />
A<br />
BGP: β → B<br />
α → β<br />
MPLS: l1<br />
MPLS: l3<br />
Slide 235 Laurent Toutain Filière 2
Transition/Integration scenarios (v6ops)<br />
IPv6 Integration ◮ Core Network<br />
<br />
<br />
<br />
<br />
ISP/Operators Networks<br />
•<br />
Backbone/Core (configuration & management)<br />
•<br />
Transit / Peering (interconnection with other’s ISP/operators<br />
networks )<br />
•<br />
Access (connectivity & services for customers)<br />
Enterprise networks (managed)<br />
•<br />
Setup, configuration and management of the network and<br />
service infrastructure for internal communication<br />
•<br />
Access to the Internet v6<br />
Unmanaged networks (Small office/Home office, SoHo)<br />
•<br />
Access to the Internet v6<br />
•<br />
Services Auto-configuration<br />
Cellular networks (3GPP): Backbone, Transit & Access (same<br />
as ISP/Operator)<br />
With possible v4-v6 co-existence in all scenarios<br />
Slide 236 Laurent Toutain Filière 2
IPv6 Integration<br />
Transit / Peering
Transit / Peering<br />
IPv6 Integration ◮ Transit / Peering<br />
IPv6 Peering / Transit for Inter-domain routing<br />
<br />
Global : GEANT, Opentransit, Level3, Sprint. . .<br />
<br />
IXPs in France : SFINX, PARIX, France-IX, Free-IX. . .<br />
Slide 238 Laurent Toutain Filière 2
Transition/Integration scenarios (v6ops)<br />
IPv6 Integration ◮ Transit / Peering<br />
<br />
<br />
<br />
<br />
ISP/Operators Networks<br />
•<br />
Backbone/Core (configuration & management)<br />
•<br />
Transit / Peering (interconnection with other’s ISP/operators<br />
networks )<br />
•<br />
Access (connectivity & services for customers)<br />
Enterprise networks (managed)<br />
•<br />
Setup, configuration and management of the network and<br />
service infrastructure for internal communication<br />
•<br />
Access to the Internet v6<br />
Unmanaged networks (Small office/Home office, SoHo)<br />
•<br />
Access to the Internet v6<br />
•<br />
Services Auto-configuration<br />
Cellular networks (3GPP): Backbone, Transit & Access (same<br />
as ISP/Operator)<br />
With possible v4-v6 co-existence in all scenarios<br />
Slide 239 Laurent Toutain Filière 2
IPv6 Integration<br />
ISP’s Access Network
IPv6 integration for ISP<br />
IPv6 Integration ◮ ISP’s Access Network<br />
IPv6 Transport: many solutions ...<br />
<br />
<br />
<br />
Native<br />
Automatic tunnels (6to4)<br />
Configured tunnels (Tunnel Broker, Softwire)<br />
Manage IPv6 addresses<br />
<br />
<br />
Delegate IPv6 prefix to clients<br />
ISP will evolve from Address management to Prefix<br />
management<br />
Slide 241 Laurent Toutain Filière 2
Softwires<br />
IPv6 Integration ◮ ISP’s Access Network<br />
IETF solution to transport and manage IPvX over IPvY.<br />
Two scenarios discussed in the problem statement :<br />
<br />
Mesh problem : IPv4 over IPv6 in core network<br />
•<br />
Problem raised by chinese research network CERNET2<br />
•<br />
Connect IPv4 island across an IPv6 only backbone<br />
•<br />
Solution: MPLS tunnels<br />
<br />
Hub-and-spoke problem : IPv6 over IPv4 for Home Network<br />
•<br />
Problem raised by NTT, Comcast and Point6<br />
•<br />
Connect IPv6 Home network over IPv4 only DSL connection<br />
•<br />
Solution: L2TP tunnels<br />
Currently deployed by RENATER and Point6<br />
http://point6.net/box/<br />
Slide 242 Laurent Toutain Filière 2
Softwires: H&S Architecture<br />
IPv6 Integration ◮ ISP’s Access Network<br />
192.168.1.Y<br />
CPE<br />
IPv4<br />
192.168.1.X<br />
Current DSL ISPs connect Home Network with 1 IPv4 address:<br />
<br />
<br />
Clients are behind a NAT Box<br />
Services hard to deploy at home<br />
Slide 243 Laurent Toutain Filière 2
Softwires: H&S Architecture<br />
IPv6 Integration ◮ ISP’s Access Network<br />
192.168.1.Y<br />
CPE<br />
IPv4<br />
ISP<br />
Gateway<br />
IPv6<br />
192.168.1.X<br />
Idea: Build a virtual ISP for IPv6 :<br />
<br />
<br />
Provide clients with a non-intrusive CPE box for IPv6<br />
Deploy a Gateway to connect with IPv6 network<br />
Slide 243 Laurent Toutain Filière 2
Softwires: H&S Architecture<br />
IPv6 Integration ◮ ISP’s Access Network<br />
192.168.1.Y<br />
CPE<br />
L2TP Tunnel<br />
IPv4<br />
ISP<br />
Gateway<br />
IPv6<br />
AAA<br />
192.168.1.X<br />
Tunneling with L2TP protocol :<br />
<br />
<br />
UDP encapsulation for NAT-traversal<br />
PPP connection for user authentication using AAA<br />
Slide 243 Laurent Toutain Filière 2
Softwires: H&S Architecture<br />
IPv6 Integration ◮ ISP’s Access Network<br />
192.168.1.Y<br />
CPE<br />
L2TP Tunnel<br />
IPv4<br />
ISP<br />
Gateway<br />
IPv6<br />
DHCPv6-PD<br />
AAA<br />
DHCPv6<br />
192.168.1.X<br />
IPv6 prefix for Home Network provided by DHCPv6<br />
<br />
<br />
Standard prefix delegation<br />
Link with AAA for prefix management<br />
Slide 243 Laurent Toutain Filière 2
Softwires: H&S Architecture<br />
IPv6 Integration ◮ ISP’s Access Network<br />
RA<br />
192.168.1.Y<br />
2001::<br />
CPE<br />
L2TP Tunnel<br />
IPv4<br />
ISP<br />
Gateway<br />
IPv6<br />
DHCPv6-PD<br />
AAA<br />
DHCPv6<br />
192.168.1.X<br />
2001::<br />
IPv6 addresses distributed with auto-configuration<br />
<br />
<br />
Softwire box is the IPv6 default router for the Home Network<br />
Non-intrusive router<br />
Slide 243 Laurent Toutain Filière 2
Softwires: H&S Architecture<br />
IPv6 Integration ◮ ISP’s Access Network<br />
RA<br />
192.168.1.Y<br />
2001::<br />
CPE<br />
L2TP Tunnel<br />
IPv4<br />
ISP<br />
Gateway<br />
IPv6<br />
DHCPv6-PD<br />
AAA<br />
DHCPv6<br />
192.168.1.X<br />
2001::<br />
Transition Plan<br />
<br />
Softwire box features to be merged with IPv4 CPE<br />
<br />
Virtual ISP features to be moved into official ISP<br />
<br />
Tunnel to be replaced by native connection<br />
Slide 243 Laurent Toutain Filière 2
Transition/Integration scenarios (v6ops)<br />
IPv6 Integration ◮ ISP’s Access Network<br />
<br />
<br />
<br />
<br />
ISP/Operators Networks<br />
•<br />
Backbone/Core (configuration & management)<br />
•<br />
Transit / Peering (interconnection with other’s ISP/operators<br />
networks )<br />
•<br />
Access (connectivity & services for customers)<br />
Enterprise networks (managed)<br />
•<br />
Setup, configuration and management of the network and<br />
service infrastructure for internal communication<br />
•<br />
Access to the Internet v6<br />
Unmanaged networks (Small office/Home office, SoHo)<br />
•<br />
Access to the Internet v6<br />
•<br />
Services Auto-configuration<br />
Cellular networks (3GPP): Backbone, Transit & Access (same<br />
as ISP/Operator)<br />
With possible v4-v6 co-existence in all scenarios<br />
Slide 244 Laurent Toutain Filière 2
IPv6 Integration<br />
Administrated Networks
IPv6 for administrated networks<br />
IPv6 Integration ◮ Administrated Networks<br />
Motivations<br />
<br />
<br />
<br />
Goal<br />
<br />
<br />
Not necessary shortage of addresses<br />
Gain experience on new technology<br />
IPv6 integration can be part of a network re-structuration<br />
Dual-Stack deployment<br />
Same Quality of Service in IPv6 as in IPv4<br />
Problem may come from<br />
<br />
Time and money: resources available <br />
<br />
People: System administrators job is focused on IPv4. IPv6 is<br />
big changes for them ...<br />
Slide 246 Laurent Toutain Filière 2
Agenda for IPv6 integration in administrated<br />
networks<br />
IPv6 Integration ◮ Administrated Networks<br />
<br />
<br />
<br />
<br />
<br />
<br />
Get IPv6 connectivity and prefix<br />
Elaborate an address plan<br />
Deploy IPv6 to servers and users<br />
Set up IPv6 filtering<br />
Integrate IPv6 to services<br />
Monitor IPv6 usage<br />
Slide 247 Laurent Toutain Filière 2
Agenda for IPv6 integration in administrated<br />
networks<br />
IPv6 Integration ◮ Administrated Networks<br />
<br />
<br />
<br />
<br />
<br />
<br />
Get IPv6 connectivity and prefix<br />
Elaborate an address plan<br />
Deploy IPv6 to servers and users<br />
Set up IPv6 filtering<br />
Integrate IPv6 to services<br />
Monitor IPv6 usage<br />
Slide 247 Laurent Toutain Filière 2
Agenda for IPv6 integration in administrated<br />
networks<br />
IPv6 Integration ◮ Administrated Networks<br />
<br />
<br />
<br />
<br />
<br />
<br />
Get IPv6 connectivity and prefix<br />
Elaborate an address plan<br />
Deploy IPv6 to servers and users<br />
Set up IPv6 filtering<br />
Integrate IPv6 to services<br />
Monitor IPv6 usage<br />
Slide 247 Laurent Toutain Filière 2
Agenda for IPv6 integration in administrated<br />
networks<br />
IPv6 Integration ◮ Administrated Networks<br />
<br />
<br />
<br />
<br />
<br />
<br />
Get IPv6 connectivity and prefix<br />
Elaborate an address plan<br />
Deploy IPv6 to servers and users<br />
Set up IPv6 filtering<br />
Integrate IPv6 to services<br />
Monitor IPv6 usage<br />
Slide 247 Laurent Toutain Filière 2
Agenda for IPv6 integration in administrated<br />
networks<br />
IPv6 Integration ◮ Administrated Networks<br />
<br />
<br />
<br />
<br />
<br />
<br />
Get IPv6 connectivity and prefix<br />
Elaborate an address plan<br />
Deploy IPv6 to servers and users<br />
Set up IPv6 filtering<br />
Integrate IPv6 to services<br />
Monitor IPv6 usage<br />
Slide 247 Laurent Toutain Filière 2
Agenda for IPv6 integration in administrated<br />
networks<br />
IPv6 Integration ◮ Administrated Networks<br />
<br />
<br />
<br />
<br />
<br />
<br />
Get IPv6 connectivity and prefix<br />
Elaborate an address plan<br />
Deploy IPv6 to servers and users<br />
Set up IPv6 filtering<br />
Integrate IPv6 to services<br />
Monitor IPv6 usage<br />
Slide 247 Laurent Toutain Filière 2
Agenda for IPv6 integration in administrated<br />
networks<br />
IPv6 Integration ◮ Administrated Networks<br />
<br />
<br />
<br />
<br />
<br />
<br />
Get IPv6 connectivity and prefix<br />
Elaborate an address plan<br />
Deploy IPv6 to servers and users<br />
Set up IPv6 filtering<br />
Integrate IPv6 to services<br />
Monitor IPv6 usage<br />
Slide 247 Laurent Toutain Filière 2
Get IPv6 connectivity<br />
IPv6 Integration ◮ Administrated Networks<br />
Native IPv6 provided by ISP<br />
<br />
In France, ask France Telecom, Nerim or RENATER<br />
Tunneled IPv6 provided by ISP<br />
<br />
<br />
Does IPv4 ISP deploy 6to4 (In France, none)<br />
Configured tunnels (Tunnel Broker, Softwires)<br />
Slide 248 Laurent Toutain Filière 2
Transition/Integration scenarios (v6ops)<br />
IPv6 Integration ◮ Administrated Networks<br />
<br />
<br />
<br />
<br />
ISP/Operators Networks<br />
•<br />
Backbone/Core (configuration & management)<br />
•<br />
Transit / Peering (interconnection with other’s ISP/operators<br />
networks )<br />
•<br />
Access (connectivity & services for customers)<br />
Enterprise networks (managed)<br />
•<br />
Setup, configuration and management of the network and<br />
service infrastructure for internal communication<br />
•<br />
Access to the Internet v6<br />
Unmanaged networks (Small office/Home office, SoHo)<br />
•<br />
Access to the Internet v6<br />
•<br />
Services Auto-configuration<br />
Cellular networks (3GPP): Backbone, Transit & Access (same<br />
as ISP/Operator)<br />
With possible v4-v6 co-existence in all scenarios<br />
Slide 249 Laurent Toutain Filière 2
6to4 (RFC 3056)<br />
IPv6 Integration ◮ Administrated Networks<br />
Automatic IPv6 tunnels over IPv4<br />
<br />
<br />
<br />
Allow sites interconnection through an IPv4-only ISP<br />
Automatic => less management overhead compared to configure<br />
tunnels<br />
Transport using 6over4 technique<br />
Special Address plan :<br />
<br />
<br />
Global IPv6 prefix build from IPv4 public address => No IPv6<br />
provisionning for ISP<br />
Clients get a /48 prefix to address subnets<br />
0....16............48.....64.......................128<br />
2002 IPv4 Address SID Interface ID<br />
Slide 250 Laurent Toutain Filière 2
6to4 Architecture between 2 sites<br />
IPv6 Integration ◮ Administrated Networks<br />
IPv4<br />
2002:0203:0405::/48<br />
2.3.4.5<br />
B<br />
A<br />
1.2.3.4<br />
2002:0102:0304::/48<br />
Slide 251 Laurent Toutain Filière 2
6to4 Architecture between 2 sites<br />
IPv6 Integration ◮ Administrated Networks<br />
IPv4<br />
2002:0203:0405::/48<br />
2.3.4.5<br />
B<br />
A<br />
1.2.3.4<br />
2002:0102:0304::/48<br />
When A sends a packet<br />
to B, 6to4 router knows<br />
from address where to<br />
build a tunnel<br />
Slide 251 Laurent Toutain Filière 2
6to4 to connect with native IPv6<br />
IPv6 Integration ◮ Administrated Networks<br />
IPv4<br />
IPv6<br />
2001:α<br />
B<br />
A<br />
1.2.3.4<br />
2002:0102:0304::/48<br />
Slide 252 Laurent Toutain Filière 2
6to4 to connect with native IPv6<br />
IPv6 Integration ◮ Administrated Networks<br />
IPv4<br />
IPv6<br />
2001:α<br />
B<br />
A<br />
1.2.3.4<br />
2002:0102:0304::/48<br />
When A sends a packet<br />
to B, 6to4 router build<br />
a tunnel to a relay to<br />
native IPv6<br />
Slide 252 Laurent Toutain Filière 2
6to4 relays<br />
IPv6 Integration ◮ Administrated Networks<br />
Relays to be reach with anycast addresses<br />
<br />
On IPv4 side: 192.88.99.1<br />
<br />
On IPv6 side: 2002:c058:6301::/48<br />
Packets are routed to the closest 6to4 relays<br />
Slide 253 Laurent Toutain Filière 2
6to4 Issues and limitations<br />
IPv6 Integration ◮ Administrated Networks<br />
Security issues<br />
<br />
ISP operating the relay should accept all clients ...<br />
<br />
<br />
Risk of spoofing<br />
6to4 relays can be targeted by DoS attacks<br />
Performance issues<br />
<br />
Long path to reach a relay (17 hops from french ISPs ...)<br />
<br />
6to4 may lead to assymetrical routing<br />
6to4 is not considered as a global solution.<br />
Slide 254 Laurent Toutain Filière 2
Tunnel Broker<br />
IPv6 Integration ◮ Administrated Networks<br />
Tunnel Broker = 6over4 with client authentication<br />
<br />
<br />
<br />
<br />
TSP (Tunnel Setup Protocol) : XMLRPC-like protocol to set<br />
up tunnel parameters (authentication, delegated prefix, etc.)<br />
can delegate arbitrary prefixes<br />
use IPv6/IPv4 when public addresses available,<br />
IPv6/UDP/IPv4 for NAT-traversal<br />
IETF draft, commercial implementation by Hexago (free client<br />
and account)<br />
Currently deployed by RENATER<br />
http://tunnel-broker.renater.fr/<br />
Slide 255 Laurent Toutain Filière 2
Tunnel Broker Architecture<br />
IPv6 Integration ◮ Administrated Networks<br />
IPv4<br />
Gateway<br />
IPv6<br />
Client<br />
Broker<br />
Slide 256 Laurent Toutain Filière 2
Tunnel Broker Architecture<br />
IPv6 Integration ◮ Administrated Networks<br />
IPv4<br />
Gateway<br />
IPv6<br />
Authentication<br />
Client<br />
Broker<br />
Client authenticates to Broker and get Gateway parameters<br />
Slide 256 Laurent Toutain Filière 2
Tunnel Broker Architecture<br />
IPv6 Integration ◮ Administrated Networks<br />
IPv4<br />
Gateway<br />
IPv6<br />
Client<br />
Broker<br />
Client initiates IPv6 tunnel over IPv4 or UDP to Gateway<br />
Slide 256 Laurent Toutain Filière 2
ISATAP scenario<br />
IPv6 Integration ◮ Administrated Networks<br />
DNS<br />
10.1.2.3<br />
00-00-5E-FE-0A-01-02-03<br />
IPv6<br />
10.0.1.2<br />
00-00-5E-FE-0A-00-01-02<br />
Hosts and router constructs IID from IPv4 address:<br />
00-00-5E-FE-(IPv4 Address)<br />
Slide 257 Laurent Toutain Filière 2
ISATAP scenario<br />
IPv6 Integration ◮ Administrated Networks<br />
isatap.point6.net. A 10.0.1.2<br />
DNS<br />
10.1.2.3<br />
00-00-5E-FE-0A-01-02-03<br />
IPv6<br />
10.0.1.2<br />
00-00-5E-FE-0A-00-01-02<br />
2001:660:7301:9876::/64<br />
Router get prefix allocated for ISATAP<br />
Standard name is registered to DNS.<br />
Slide 257 Laurent Toutain Filière 2
ISATAP scenario<br />
IPv6 Integration ◮ Administrated Networks<br />
isatap.point6.net. A 10.0.1.2<br />
DNS<br />
10.1.2.3<br />
00-00-5E-FE-0A-01-02-03<br />
IPv6<br />
10.0.1.2<br />
00-00-5E-FE-0A-00-01-02<br />
2001:660:7301:9876::/64<br />
Host discover ISATAP router and automatically build 6over4 tunnel<br />
Slide 257 Laurent Toutain Filière 2
ISATAP scenario<br />
IPv6 Integration ◮ Administrated Networks<br />
isatap.point6.net. A 10.0.1.2<br />
DNS<br />
RS<br />
RA<br />
10.1.2.3<br />
2001:660:7301:9876:0000:5EFE:0A01:0203<br />
00-00-5E-FE-0A-01-02-03<br />
IPv6<br />
10.0.1.2<br />
00-00-5E-FE-0A-00-01-02<br />
2001:660:7301:9876::/64<br />
RA mechanism is then used to get prefix<br />
Slide 257 Laurent Toutain Filière 2
Address Plan<br />
IPv6 Integration ◮ Administrated Networks<br />
Sites usually get a /48 prefix from ISP.<br />
How to allocate the 16bit of SID Many solutions ...<br />
<br />
Priority to routing<br />
•<br />
Aggregate prefixes by geographic site<br />
•<br />
Aggregation used in routing table<br />
<br />
<br />
Priority to filtering<br />
•<br />
Aggregate prefixes by users community<br />
•<br />
Aggregation used in filtering rules<br />
Mixed solutions<br />
•<br />
Test deployment: Use VLAN number as SID<br />
•<br />
More stable plan: See example from Univ. Rennes 1<br />
Do not fear re-numbering !<br />
Slide 258 Laurent Toutain Filière 2
Example of University Address Plan<br />
IPv6 Integration ◮ Administrated Networks<br />
<br />
<br />
<br />
4bits : Community 8bits 4bits<br />
0 : Infrastructure Specific addresses<br />
1 : Tests Specific addresses<br />
6 : Point6 Managed by Point6<br />
8 : Wifi guests Specific addresses<br />
A : Employees Geographic Entity Sub-Network<br />
E : Students Geographic Entity Sub-Network<br />
F : Other (Start up, etc.) Specific addresses<br />
Filtering rules are based on the 4 first bits<br />
Routing tables are based on geographic prefixes<br />
Compromise: One filtering rule for all community BUT several<br />
routing rules for one geographic entity (one per community)<br />
Slide 259 Laurent Toutain Filière 2
Deploy IPv6 on access network<br />
IPv6 Integration ◮ Administrated Networks<br />
<br />
<br />
Wired networks<br />
•<br />
Ethernet, VLANs : no problem<br />
− Switch should all accept 0x86DD ethernet protocol<br />
− Some old switches may have problems with multicast ethernet<br />
addresses<br />
•<br />
ATM : Use LLC/SNAP encapsulation<br />
Wireless networks<br />
•<br />
802.11: no problem<br />
•<br />
UMTS: 3GPP considering transition plan, No commercial offer<br />
yet<br />
Slide 260 Laurent Toutain Filière 2
Auto-configuration: Stateless vs Statefull<br />
IPv6 Integration ◮ Administrated Networks<br />
Stateless<br />
Pro:<br />
<br />
Reduce manual<br />
configuration<br />
<br />
Cons:<br />
<br />
<br />
<br />
One server (the router)<br />
Non-obvious addresses<br />
No control on addresses<br />
on the LAN<br />
Security flaws<br />
Statefull (DHCPv6)<br />
Pro:<br />
<br />
<br />
Cons:<br />
<br />
Stateless: For guest and client VLANs <br />
<br />
Statefull: For server VLAN <br />
<br />
<br />
<br />
Control of addresses on<br />
the LAN<br />
Control of address format<br />
Require an extra server<br />
Still need RA mechanism<br />
(still vulnerable)<br />
Clients to be deployed<br />
Slide 261 Laurent Toutain Filière 2
Access control to network<br />
IPv6 Integration ◮ Administrated Networks<br />
Many sites use IP address allocation as access control to network<br />
(static DHCP)<br />
Wrong design !<br />
<br />
Using IP address as User identifier<br />
<br />
Layer 2 access controlled by Layer 3<br />
<br />
Inherant security flaws !<br />
Layer 2 access control should be done at layer 2 !<br />
<br />
<br />
802.1x for Ethernet networks<br />
802.11i for 802.11 networks<br />
Slide 262 Laurent Toutain Filière 2
IPv6 in DNS<br />
IPv6 Integration ◮ Administrated Networks<br />
IPv6 entries in DNS<br />
DNS entry for a dual-stack host<br />
rhadamante A 192.108.119.134<br />
AAAA 2001:660:7301:1::1<br />
Reverse DNS entry<br />
$ORIGIN 1.0.0.0.1.0.3.7.0.6.6.0.1.0.0.2.ip6.int.<br />
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR rhadamanthe.<br />
Bind compatible since version 9.0<br />
Slide 263 Laurent Toutain Filière 2
IPv6 in DNS<br />
IPv6 Integration ◮ Administrated Networks<br />
IPv6 Transport for DNS queries: Not mandatory for AAAA queries<br />
!<br />
Make Bind listen on IPv6 :<br />
listen-on-v6 { any; };<br />
Client support:<br />
<br />
<br />
*BSD, MacOSX: OK<br />
Linux: OK<br />
<br />
Windows: Problem with SP1 (and SP2 )<br />
Slide 264 Laurent Toutain Filière 2
IPv6 in DNS<br />
IPv6 Integration ◮ Administrated Networks<br />
Do not forget to restrict recursion !<br />
allow-recursion {<br />
192.108.119.0/24;<br />
2001:660:7301::/48;<br />
fe80::/10;<br />
};<br />
Link-local may be usefull !<br />
Slide 265 Laurent Toutain Filière 2
Set up IPv6 filtering<br />
IPv6 Integration ◮ Administrated Networks<br />
What do NOT change from IPv4<br />
<br />
Stateless firewall<br />
<br />
Statefull firewall: Possible to set up same security as NAT !<br />
What do change from IPv4<br />
<br />
<br />
ICMP filtering: required for MTU discovery, errors, etc.<br />
Extensions: be carefull when deploying mobility<br />
IPv6 support for firewall plateforms<br />
<br />
<br />
Cisco: PIX OS7, IOS 12.4 <strong>Advanced</strong>IP (extended ACL)<br />
BSD Packet Filter<br />
<br />
Linux Netfilter (>2.6.20)<br />
Slide 266 Laurent Toutain Filière 2
IPv6 support for services<br />
IPv6 Integration ◮ Administrated Networks<br />
To be fully functionnal in IPv6, a service need support in:<br />
<br />
<br />
<br />
Access Network<br />
Operating System<br />
Service application (Server and Client side)<br />
Applications need explicit support for IPv6<br />
<br />
<br />
Network features to be extended/rewritten to support dual<br />
stack<br />
Dual stack may impact on identifier representations, etc...<br />
IPv6 support is coming slowly, but steadily<br />
Slide 267 Laurent Toutain Filière 2
IPv6 support on Operating Systems<br />
IPv6 Integration ◮ Administrated Networks<br />
Microsoft Windows:<br />
<br />
< XP: Forget it ...<br />
<br />
<br />
Unixes:<br />
<br />
<br />
XP: SP1 or SP2 OK<br />
Vista: OK<br />
*BSD, MacOSX: OK<br />
Linux: OK (2.6 kernel recommended)<br />
<br />
Solaris: OK (9 or 10)<br />
Mainframe OSes: HPUX, AIX OK<br />
Embedded OSes : WindRiver, Symbian OK<br />
Slide 268 Laurent Toutain Filière 2
Overview of applications with IPv6 support<br />
IPv6 Integration ◮ Administrated Networks<br />
Web<br />
<br />
Server: Apache<br />
<br />
Client: Firefox, IE, Safari<br />
Mail<br />
<br />
Server: Sendmail, Postfix, Exim<br />
<br />
Client: Thunderbird, Mail.app<br />
Databases<br />
<br />
MySQL, PostgreSQL<br />
Voice-Over-IP<br />
<br />
Asterisk<br />
Application Inventory (in progress)<br />
http://www.ipv6-to-standard.org/<br />
Slide 269 Laurent Toutain Filière 2
Migrate Application to IPv6 support<br />
IPv6 Integration ◮ Administrated Networks<br />
Some services are critical for sites (Mail, Web, ...)<br />
IPv6 access to services may impact clients behavior<br />
What to do if upgrade of application is not possible <br />
Solutions for incremental deployment exist !<br />
<br />
<br />
Application Level Gateway<br />
SSL Tunnel<br />
Slide 270 Laurent Toutain Filière 2
Application Level Gateway<br />
IPv6 Integration ◮ Administrated Networks<br />
How to enable IPv6 access to a production Web site<br />
DNS Server<br />
www A 1.2.3.4<br />
IPv4 Client<br />
www A = 1.2.3.4<br />
HTTP Server<br />
1.2.3.4<br />
Slide 271 Laurent Toutain Filière 2
Application Level Gateway<br />
IPv6 Integration ◮ Administrated Networks<br />
How to enable IPv6 access to a production Web site<br />
DNS Server<br />
www A 1.2.3.4<br />
AAAA 2001:1:2:3::4<br />
IPv4 Client<br />
www A = 1.2.3.4<br />
HTTP Server<br />
1.2.3.4<br />
HTTP Proxy (Apache)<br />
2001:1:2:3::4<br />
1.2.3.8<br />
Slide 271 Laurent Toutain Filière 2
Application Level Gateway<br />
IPv6 Integration ◮ Administrated Networks<br />
How to enable IPv6 access to a production Web site<br />
DNS Server<br />
www A 1.2.3.4<br />
AAAA 2001:1:2:3::4<br />
IPv4 Client<br />
www A = 1.2.3.4<br />
HTTP Server<br />
1.2.3.4<br />
HTTP Proxy (Apache)<br />
2001:1:2:3::4<br />
1.2.3.8<br />
IPv6 Client<br />
www AAAA = 2001:1:2:3::4<br />
Slide 271 Laurent Toutain Filière 2
SSL Tunnel<br />
IPv6 Integration ◮ Administrated Networks<br />
How to enable IPv6 access to a production Mail server<br />
DNS Server<br />
imap A 1.2.3.4<br />
IMAP<br />
IPv4 Client<br />
imap A = 1.2.3.4<br />
IMAP Server<br />
1.2.3.4<br />
Slide 272 Laurent Toutain Filière 2
SSL Tunnel<br />
IPv6 Integration ◮ Administrated Networks<br />
How to enable IPv6 access to a production Mail server<br />
DNS Server<br />
imap A 1.2.3.4<br />
imaps A 1.2.3.8<br />
AAAA 2001:1:2:3::4<br />
IMAP<br />
IPv4 Client<br />
imap A = 1.2.3.4<br />
IMAP Server<br />
1.2.3.4<br />
SSL Tunnel (stunnel)<br />
2001:1:2:3::4<br />
1.2.3.8<br />
Slide 272 Laurent Toutain Filière 2
SSL Tunnel<br />
IPv6 Integration ◮ Administrated Networks<br />
How to enable IPv6 access to a production Mail server<br />
DNS Server<br />
imap A 1.2.3.4<br />
imaps A 1.2.3.8<br />
AAAA 2001:1:2:3::4<br />
IMAP<br />
IPv4 Client<br />
imap A = 1.2.3.4<br />
imaps A = 1.2.3.8<br />
IMAPS<br />
IMAP<br />
IMAP Server<br />
1.2.3.4<br />
IMAPS<br />
IPv6 Client<br />
SSL Tunnel (stunnel)<br />
2001:1:2:3::4<br />
1.2.3.8<br />
imaps AAAA = 2001:1:2:3::4<br />
Slide 272 Laurent Toutain Filière 2
Monitor IPv6 usage<br />
IPv6 Integration ◮ Administrated Networks<br />
Monitoring IPv6 is important for<br />
<br />
<br />
Tools<br />
<br />
<br />
See impact of IPv6 deployement<br />
Ensure same Quality of Service in IPv4 an IPv6<br />
Traffic: MRTG/Cacti, Netflow v9<br />
Services: Nagios<br />
Dual Stack requires dual check !<br />
Need to check service reachability in IPv4 AND in IPv6<br />
Slide 273 Laurent Toutain Filière 2