Leading in to Network Communication
We've talked a little bit about managing concurrent communication over shared channels. Today, we're going to back up a bit and discuss the whole of the process. We're going to begin our discussion with the case when all of the stations, senders and receivers, share the same channel. Then, we're going to talk about how we can connect these individual networks together to form an internetworks.
Generally speaking, we call the small, homeogeneous network a Local Area Network (LAN). When we connect these to form a super-network, we call it an inter-network. Colloquially, network usually refers to an inter-network, rather than LAN.
Limitations of LANs
Okay, we talk a bunch of stations and connect them together to from a LAN. Maybe they are all connected to the same wire. Or, maybe they are all connected to the same network switch. Or, maybe they are all within earshot of each other over the air. How do they talk?
Well, we've basically discussed that model. They broadcast. They yell. They shout. And, when any station does -- they all hear the broadcast. In the degenerate case of a point-to-point network, there are only two stations, so the only recipient is the intended recipient. But, in the more general case, every station hears the broadcast messages.
Each station has an station id or LAN address. When a message is sent, it includes both the source and destination addresses. Although all stations might well hear all messages -- they ignore all but those for which they are the intended recipient. Only those messages intended for a particular station get passed up by the network software to the application level. It is certainly possible to cheat and listen in to other stations messages, this is called promiscusous mode. But, this is usually only done for diagnostic (or malicious) purposes.
The Size of a LAN is Self-Limiting
The size of a LAN is self-limiting, both in terms of physical size and also in terms of the number of stations. The longer a wire, the more attenuation -- the signal is weaked as it travels farther and farther. The greater the distance through the air, the weaker the signal. In the end, measured in physical distance, there is only so far that a signal can travel.
And, beyond that, we've got other problems. The more stations we have sharing a broadcast channel, the less network time exists per station. With not-so-many stations, even those with just modest use, the network could become clogged with collision. Remember, broadcast protocols only work with low contention and bursty loads -- they rely on relatively large periods of quiet time in whcih to resolve collisions resulting from the relative short bursts. Broadcast networks can collapse with utilization as low as 30%.
Stretching LANs with Bridges
It is posisble to stretch the size of a LAN by using a bridge. The basic idea is that we can take a bunch of separate physical LANs and connect them together to form a larger logical LAN. The bridges receive and retransmit signals from one network to another, correcting the signal strnegh, noise, and timing, as they do.
And, modern, active bridges go farther than that. As stations transmit, they make note of the originating LAN. Then, if they later hear a message destined for that station, they send it only to that one LAN, not to all of the connected LANs.
Basically, they maintain a hash table of
pairs. When they hear a message, they update the hash table. Entries in the hash table age out or succumb to cache pressure to make room for new entries. It is only when the bridge does not have an entry for a particular destination station that it needs to broadcast the message onto all connected LANs. In short, the bridges listen carefully and, in so doing, they are able to cache the location of stations and send messages only to the physical segments on which they live.
By carving up a big LAN into multiple segments, or building one up from multiple segments, contention is reduced. A message can only collide on either the sender's segment or the receiver's segment, or, depending on the bridge's desing, within its own fabric. As long as the bridge knows where the receiver lives, the other segments of the network are unaffected and can support additional transmissions.
Inconveniences of Bridging
It is worth nothing that when using bridges, moving a station from one segment to another can be a minor inconvenience. Until the old location ages out of the bridge's hash table, it will send messages destined for the moved host onto its old segment. It is also possible to break a LAN by faking a station on the wrong segment -- and thereby stealing its traffic. To get around these problems, most modern bridges are managed. The system administrator is able to lock stations onto certain segments, disable discovery mode, and delete stale entries.
It is also the case that complex geometries can be challenging for bridged networks. For example, it is often desirable to create multiple paths from segment-to-segment. This allows paths to exist, even if a bridge failes. But, such paths can create cycles. Bridges will resent messages until they appear on both sides of the same bridge. Depending on the dynamic behavior, this can cause messages to be transmitted to a wrong or redundant segment -- or not all all. To solve this problem, most modern bridges include configuration protocols. When enabled by the system administrator, they go into a configuration mode, learn each other's location, elect a root node, and form a spanning tree. This tree breaks the cycles enabling good communication. In the event that a birdge fails, they can subsequently agree to forma different tree to get around the failure.
Limitations of Bridges
Bridges extend the size of LANs by a bit -- but they surely aren't the global answer. Like anything else, they've got limits. In the case of bridges, memory and failure are the limiting factors. There are just far too many stations on the planet for any one bridge to remember them all. It simply ain't possible. No way, no how.
And, even if magic were to happen to make this possible, it would be challenging to build a spanning tree the size of the globe. There would always be failure. And, they'd always be trying to learn a new tree.
Building up the Protocol Stack
We often talk about the architecture of the network protocol stack in terms of layers:
- Physical layer -- The hardware specs: voltage levesl, light colors, the shape of connectors, frequencies and power levels, &c
- Link layer -- The layer that manages the communication within a LAN. Frame spec, collison managemnt, flow control, &c
- Network layer -- Manages the movement of messages across an internetwork, from lan-to-lan.
We're now about to enter the domain of the network layer. We're going to talk about how, instead of scaling up LANs, we can recognize them as separate networks and efficiently communicate messages from one to the next, until we get from the source network to the destination network.
Rethinking the Problem and Hierarchical addresses
So, it is pretty clear that we can't hope to keep track of every host on the Internet. We must, somehow, structure the problem and play with bigger blocks. The way people usually deal with large problems is to impose a hierarchy so that no single level is too large. Consider the organization of corporations, schools, books in a library, files on a computer, &c.
We're going to do the same thing with the Internet. Instead of viewing the entire Internet as one large, flat network, we are going to view it for what it is -- a collection of individual networks. Step one is going to be routing packets from one network to another network. Once there, we'll worry about getting them to the right machine.
To achive this, we are going to create a new network address -- one that is structured so that it contains both a network number and the host number, rather than the flat address, a.k.a station id, that we've discusses so far. The station id will still be used within a LAN -- but we'll use this new IP Address to get from one network to another.
IP Address Details
For our discussion, we are going to focus on IPv4, rather than its long-promising, eventual successor, IPv6. These addresses are 32-bits wide. The first left-most bits represent the network number. They are the only bits required to route from network-to-network. The next, right-most, bits represent the host number and are only used once the packet makes its way to the destination network.
In designing IP addresses, they could have decided that, in all cases, the left n-bits would be the network number. But, this would leave, in all cases, the right (32-n) bits to represent individual hosts. The problem is, of course, that not all networks are the same size. IBM's network is huge -- not so much for Greg's Garage. There aren't enough addresses if we give enough IP addresses to Greg's Garage as we do a multi-national technology conglomerate.
So, what the designers of IP did was to created a few different classes of network address: small networks, medium networks and large networks. You'll notice that the way they divided up the bits results in very few, very large networks, a lot of mid-sized networks, and a huge number of small networks. And, intuitively, this makes sense -- there are more small organizations than IBMs:
- Class A (huge): 8 bits(nework) + 24 bits (host)
- Class B (big): 16 bits(nework) + 16 bits (host)
- Class C (small): 24 bits(nework) + 8 bits (host)
But, given this organization, how can we look at an address to determine if it is class A, B, or C? We look at the first 1, two, or three bits of the IP address. Based on these bits, we know whether the address is Class A, Class B, or Class C, and can interpret it correctly.
- Class A addresses being with 0, e.g. 0-------------------------------
- Class B addresses being with 10, e.g. 10------------------------------
- Class C addresses being with 110, e.g. 110-----------------------------
Classless Inter-Domain Routing (CIDR)
Sadly, the routing scheme described above hit limits. In effect, all of the class A networks were assigned ages ago. And, probably a little more than 10 years ago, we nearly ran out of class B networks. Sadly, no one wanted class C addresses -- the networks were just too small to be managable.
IPv6, the next-generation of IP, solves this problem using 128-bit addresses. But, it is very difficult to instantly switch the operating protocol of the entire Internet. How do you do that? A big flag-day? Everyone switch Tuesday at noon? What about all of the mistakes? What about those who can't afford the interruption? What about those who can't afford the cost. What a mess!
One day, we might actually have IPv6. It is used internally at some major corporations. And, the government is ramping up the pressure. But, for today, we are still using last decade's band-aid: Classes Inter-Domain Routing.
The basic idea is this. Routers will still react to routing as described above. But, the backbone routers were upgraded to accept classless addresses. Instead of relying on the first few bits to describe the network/host division, CIDR communicates this directly. For example:
...describes an address with 15 network bits and 17 host bits.
The beauty of this is that it allows the combination of adjoining class-C networks into larger networks -- networks large enough to be useful to reasonably sized organizations. Some people call these supernets. Regardless, this system made a whole bunch of new, useful, networks available -- in tunable sizes. It worked so well that we are still using it -- and mostly not IPv6.
Assigning IP Addresses
In the case of Ethernet LAN addresses, the station IDs are, at least in theory, built into the network interfaces and assigned by the vendor. The first bits of the address identify the vendor, the rest are uniquifiers.
But, IP addresses, by virtue of their hierarchical nature, can't work this way. Instead, they need to be assigned according to the network in which they live. In the olden days, this was handled by the sysadmin. You'd simply trade her/him your MAC address for an IP address.
While this works, it ran into two problems. The first is that it made work for sysadmins -- work that could easily be automated. Secondly, since it made work, the assignments were semi-permanant -- they took effort to reassign. And, back in thge day, this was okay. But, these days, we all have many devices that might, sometimes, be turned on and need an IP -- I've got 3 computers and a printer in my office, never mind my cellphone. But, typically, only one computer is in use and the printer uses BlueTooth.
It would be great if we had an automated way of getting IP addresses that could be used "for a while" on an as-needed basis. And, we do.
Dynamic Host Configuration Protocol (DHCP)
The Dynamic Host Configuration Protocol (DHCP) allows IP addresses to be assiged on a temporary or quasi-permant basis. The idea is that we give a pool of IP addresses to a DHCP server, which then leases them to machines. The machines can renew those leases, in effect, permanantly. But, if a lease isn't renewed, it will expire, and the IP address can be reclaimed into the assignable pool.
In the simplest configuartion, there is one DHCP server per network. When a host boots and wants an IP address, it uses a LAN-level broadcast message to request the IP address. The DHCP server grabs the MAC address, e.g. station ID, from this message and, as did the human sysadmin before, trades it for the IP address. It sends the IP address back via a LAN-level message going directly back to the requestor.
These addresses are leased. The initial request asks for a lease of a particular term. The reply grants the request for some length of time up to, but possibly shorter than, the requested amount. Before the lease expires, the client will automatically renew the request, so that it can keep the IP address.
The client can explicitly release an address, but this is not necessary. Unless the client renews the address, it will expire in a fixed amount of time. And, this is a very important aspect of reliable network and distributed systems: Never loan anything -- lease it. You can never count on a client to give something back. In this case, for example, the client might be turned off or leave the area, before releasing an address -- invariable, but for the time-limited nature of a lease, the addresses would just all end up lost by clients that failed to return them.
But, this system runs into one complication, and an interesting one. Broadcast messages are LAN-level messages -- they are not routed from network to network. Can you Imagine an Internet-wide broadcast? Slam! Bye-bye Internet. This means that, in a large enterprise, unless we develop another solution, we'll need to have one DHCP server per network segment -- not for the entire enterprise.
This isn't so much fun. It measn that we'll need to maintain a bunch of DHCP servers. And, more importantly, it measn that we'll need to partition our IP addresses statically among them. Sadly, some servers might run out of IP addresses, while others have plenty to spare. It would be much less work, and much more efficient, if we could have one server (ignoring redundancy) for the entire enterprise.
DHCP relays allow us to do exactly this. We put a DHCP relay onto each, individual LAN. We set up one DHCP server for the enterprise. When a relay hears a request, it sends it via IP to the enterprise level DHCP server, whcih sends the request back to the relay for delivery to the requestor. In this way, DHCP relays enable a DHCP server to serve multiple network segments, without an inter-network wide broadcast.
It is worth noting that DHCP is great for clients -- but not for servers. Servers need to have well-known addresses so that clients can find them. Clients, on the other hand, can have different addresses each session, because they communicate their current address with the request, as the sender's IP address.
How Internet Routing Works
At this point, we are viewing our internetwork as what it is -- a collection of networks tied together. Tying these networks together are routers. Ultimately, when a message is sent from one host to another, one of two things is true:
- It is destined for a host on the same network
- It is destined for a host on another network.
If it is destined for a host on the same network, there is no routing. The host, itself, looks at the destination IP address, notices that it is on the same network, and simply sends the message to the destination using the lower-level protocol. But, if it is destined for a different network, it sends it to the router instead.
The router is a device that ties together several networks. It gets a message becasue the lower-level MAC address indicates it as the destination. But, it knows that it isn't the real destination, because the higher-level IP address indicates another recipient.
It masks off the host bits of the IP address, so it sees only the network number. Recall that it knows how many bits to mask because it is either A CIDR address, including the number of bits, or a classed address, in which case the first few bits indicate the class of the address and the corresponding division between host and network fields.
Based on this, it looks in a table and forwards the message onto one of the connected networks. If the destination lives on that connected network, it get sent directly there using the lower-level protocol. Otherwise, the lower level protocol is still used -- but to send it to another router, as described above.
It is important to note that these routers might be connected to many networks. It is even more important to note that these networks might form a graph, with mutliple paths between destinations. And, yet more important to reaize that there might be many, many hops from source to destination.
Given this, how do the routers know which way to send a packet so that it doesn't get lost or go around in circles? The answer is that the routers talk, and, based on that conversation, they build up two tables: one that describes the network, as a whole, known as the routing table and one that describes exactly what the router should do, known as the forwarding table.
We're going to leave the details of how these tables get built to 15-441. Especially since there are different protocols that get the job done and different strategies -- and there are tons of interesting and subtle things about them.
Back in the day, large organizations used to carve up their networks into subnets. The basic idea is that, to get a packet form one network to another network, only the network portion of the address is needed. Once there, the destination network can really do whatever it would like with the host bits. It is, in fact, the case that they were originally intended to be used in a flat way to represent hosts. But, look, within an idnividual network, the administrators can do whatever they'd like and not break anyone else. So, they can actually take the left side of the -host- bits and interprete it as a subnetwork number and use only the right portion as a network number. By doing this, one can carve a very large network, into small managable pieces, reduce collision domains, etc.
But, we've got the same problem we had before -- how many bits are for the subnet number and how many are for the host id? They didn't create subnet classes, but weren't quite as clean as they were many years later with CIDR. Instead of a simple number, they use a subnet mask. they put 1s into the bits that represent the subnet number and 0s into the bits that represent the host number. When this mask is logically ANDed with the IP address, it leaves only the subnet number. Technically speaking the mask need not be dense (e.g. 11111111000 vs 1010101), but, in practice, it needs to be dense. Plenty of routers would break if presented a sparse mask.
Let's make sure we see how this works. Here's an example from Wikipedia
IP address 192.168.5.10 11000000.10101000.00000101.00001010 Subnet Mask 255.255.255.0 11111111.11111111.11111111.00000000 Network Portion 192.168.5.0 11000000.10101000.00000101.00000000 Host Portion 0.0.0.10 00000000.00000000.00000000.00001010
So, routers -within- a particular network are configured to know the network number -and- network mask associated with it. When presented with an address, they perform a logical AND with the network mask to find the subnet number. Routers know which mask to use, because they know the subnet number and mask associated with each of their directly connected legs.
Because the trade-offs and scale of inter-network (Internet-wide) routing and intranetwork (within an organization) routing are different, the routers use different protocols to exchange routing information and develop the forwarding tables.
Fragmentation and Subnets
Back in the day, organizations loved subnets. Everyone got one: departments large and small. By breaking things into small subnets, which confined traffic to tightly-knit groups, networks became very efficient. Traffic was mostly confined to the segment that contained the sender and the receiver -- and way from unrelated users. This dramatically reduced contention and collision.
But, by breaking a large network into subnets, we have the same problem we had on an Internet-wide scale: fragmentation of the address space. As organizations grew, some subnets ran out of IP addresses,w hile others had extras. Organizations were forced to reallocate subnets, and reassign IP addresses to machines. This was inconvenient and time consuming.
Eventually, this was releived by better network switches and bridges. Quite simply, they got better at remembering more addresses and better at talking to each other. And, they became much more managed -- system adminsitrators were able to remotely program and configure them to describe which MAC addresses belonged where.
The bottom line is that better bridges were abel to confine traffic much better, reducing the marginal benefit of subnets -- while, at the same time, the cost of subnets went up as fragmentation became an increasing issue.
Organizations began tearing out subnets and buying better and better switches, flatening out subnets. Maybe it can't be done on a global scale -- but it can be done on, oh, a university-wide scale. And, it works especially well, since organizations, internally, can make coordinated purchasing decision to ensure hardware compatibility -- something that can't happen on a global scale.