26-07-2012, 10:41 AM
Internet Protocols
18-InternetProtocols.ppt (Size: 1.17 MB / Downloads: 36)
Internet Protocols
The map of the London Underground, which can be seen inside every train, has been called a model of its kind, a work of art. It presents the underground network as a geometric grid. The tube lines do not, of course, lie at right angles to one another like the streets of Manhattan. Nor do they branch off at acute angles or form perfect oblongs.
—King Solomon's Carpet. Barbara Vine (Ruth Rendell)
Architectural Approaches
connection oriented
virtual circuit
connectionless
datagram
PDU’s routed independently from source ES to dest ES through routers and networks
share common network layer protocol, e.g. IP
below have network access on each node
Common ICMP Messages
destination unreachable
time exceeded
parameter problem
source quench
redirect
echo & echo reply
timestamp & timestamp reply
address mask request & reply
Address Resolution Protocol (ARP)
need MAC address to send to LAN host
manual
included in network address
use central directory
use address resolution protocol
ARP (RFC 826) provides dynamic IP to ethernet address mapping
source broadcasts ARP request
destination replies with ARP response
IP v6 Flow Label
related sequence of packets
needing special handling
identified by src & dest addr + flow label
router treats flow as sharing attributes
e.g. path, resource allocation, discard requirements, accounting, security
may treat flows differently
buffer sizes, different forwarding precedence, different quality of service
alternative to including all info in every header
have requirements on flow label processing
Virtual Private Networks
set of computers interconnected using an insecure network
e.g. linking corporate LANs over Internet
using encryption & special protocols to provide security
to stop eavesdropping & unauthorized users
proprietary solutions are problematical
hence development of IPSec standard
IPSec
RFC 1636 (1994) identified security need
encryption & authentication to be IPv6
but designed also for use with current IPv4
applications needing security include:
branch office connectivity
remote access over Internet
extranet & intranet connectivity for partners
electronic commerce security
IPSec Benefits
provides strong security for external traffic
resistant to bypass
below transport layer hence transparent to applications
can be transparent to end users
can provide security for individual users if needed
IPSec Functions
Authentication Header
for authentication only
Encapsulating Security Payload (ESP)
for combined authentication/encryption
a key exchange function
manual or automated
VPNs usually need combined function
see chapter 21