Supporting Protocols and

Technologies in TCP/IP Suites

Asst. Prof. Chaiporn Jaikaeo, Ph.D.
chaiporn.j@ku.ac.th
http://www.cpe.ku.ac.th/~cpj
Computer Engineering Department
Kasetsart University, Bangkok, Thailand

Adapted from the notes by Lami Kaya and lecture slides from Anan Phonphoem
© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.
© The McGraw-Hill Companies, Inc.
 Outline
 Address Resolution Protocol (ARP)
 Internet Control Message Protocol (ICMP)
 Dynamic Host Configuration Protocol (DHCP)
 Network Address Translation (NAT)

2
Address Resolution Protocol
(ARP)
 Address Resolution
 Recall the forwarding process
 Forwarding uses IP addresses
 A MAC address is needed to communicate with
the next hop
 IP must translate the next-hop IP address to
a MAC address
 The translation process is known as address
resolution
 Address resolution is local to a network
4
 Address Resolution
 One computer can resolve the address of
another computer only if both computers
attach to the same physical network
Resolve

Resolve

5
 ARP
 RFC 826 - Address Resolution Protocol
 ARP maps any network level address (such
as IP) to its corresponding data link address
(such as Ethernet)
 Supporting protocol in data link layers
 Not data link layer protocol itself

6
 ARP Protocol

Station 1 is looking for MAC add of IP 158.109.33.200

3 4
I’m looking for IP
158.109.33.200 ARP request ARP request

ARP request ARP request

1 2 7
 ARP Protocol

Station 3 (IP 158.109.33.200) responses

3 4

ARP response

I’m IP 158.109.33.200
ARP response My physical address is
01-12-33-3A-C2-23

1 2 8
Conceptual Address Boundary

9
 ARP Cache
 Sending an ARP request for each datagram is
inefficient
 Three frames traverse the network for each datagram
 ARP request, ARP response, and the data datagram itself
 ARP cache is used to reduce network traffic
 ARP saves the information from a response
 so it can be used for subsequent packets
 The software does not keep the information indefinitely
 Instead, ARP maintains a small table of bindings in memory

10
 ARP from Command Prompt
entry in ARP table

C:\> arp -a
www.cpe.ku.ac.th (158.108.33.5) at 0:0:e8:15:cc:c
$ ping garnet.cpe.ku.ac.th
:
C:\> arp -a
router.cpe.ku.ac.th (158.108.33.1) at 0:0:c:6:13:4a
cc.cpe.ku.ac.th (158.108.33.2) at 2:60:8c:2e:b5:8b
www.cpe.ku.ac.th (158.108.33.5) at 0:0:e8:15:cc:c

11
Error Reporting Mechanisms
 Error Reporting Mechanisms
 IP problems
 Best effort
 Data can be
 lost, duplicate, delay, out-of-order
 Error detection of IP
 checksum
 if error, discard frame (cannot send back error
message – no trust in the header)
 IP requires additional helpers
 Internet Control Message Protocol (ICMP)

13
 ICMP
 RFC 792
 IP supporter
 For error generating
 Transmission problem
 Time to live (TTL) exceed
 Destination unreachable
 etc.
 Serve as useful diagnostic tools
 ping, traceroute

14
 ICMP
 ICMP error messages never generates due to:
 ICMP error messages themselves
 Broadcast/Multicast (prevent broadcast Storms)
 What are Broadcast Storms ?
 A large number of broadcast frames transmitted nearly
simultaneous
 LAN may freeze!

15
 ICMP encapsulation

frame hdr Frame data

e.g. Ethernet

IP hdr IP data

contain type code ……...

protocol 0x01
(ICMP)
indicate error type

16
 Ethernet Frame Containing
ICMP packet

IP
DA SA T Type Code Other info.
header
Frame (Ethernet) Header IP Header ICMP

Type Code Description

8 0 Echo request
0 0 Echo reply
11 0 Time exceed
3 3 Port unreachable
17
 ICMP header
 type - relevant ICMP message
 code - more detail information
 checksum - covers ICMP header/data (not
IP header)

0 15 16 31
type:8 code:8 checksum:16

Content specific

18
ICMP Messages

19
 Diagnostic Tools: ping

ping request

ping reply
 Generate an ICMP echo request
 Receive the ICMP echo reply
 All TCP/IP node is supposed to implement
ICMP and respond to ICMP echo

20
 ping command (#1)
 Send a single echo request / wait for a reply
 Resend another request if no reply (1 sec.)
 Repeat until receive at least one reply or stop after
time out

> ping iwing.cpe.ku.ac.th

iwing.cpe.ku.ac.th is alive
> ping happy.cpe.ku.ac.th
no answer from happy.cpe.ku.ac.th

21
 ping command (#2)
 Send an echo request message every
seconds
 Records the time it takes for each reply
 Every echo request contains a unique
sequence number to match replies and
request
 Record round-trip timing
 Perform packet lost statistics

22
 ping example

$ ping iwing.cpe.ku.ac.th
PING iwing.cpe.ku.ac.th (158.108.32.199) from 158.108.32.31 : 56(84) bytes of data.
Warning: time of day goes back, taking countermeasures.
64 bytes from iwing.cpe.ku.ac.th (158.108.32.199): icmp_seq=0 ttl=252 time=1.187 msec
64 bytes from iwing.cpe.ku.ac.th (158.108.32.199): icmp_seq=1 ttl=252 time=601 usec
64 bytes from iwing.cpe.ku.ac.th (158.108.32.199): icmp_seq=2 ttl=252 time=594 usec
64 bytes from iwing.cpe.ku.ac.th (158.108.32.199): icmp_seq=3 ttl=252 time=594 usec
64 bytes from iwing.cpe.ku.ac.th (158.108.32.199): icmp_seq=4 ttl=252 time=585 usec
64 bytes from iwing.cpe.ku.ac.th (158.108.32.199): icmp_seq=5 ttl=252 time=590 usec
64 bytes from iwing.cpe.ku.ac.th (158.108.32.199): icmp_seq=6 ttl=252 time=584 usec
64 bytes from iwing.cpe.ku.ac.th (158.108.32.199): icmp_seq=7 ttl=252 time=587 usec

--- iwing.cpe.ku.ac.th ping statistics ---

8 packets transmitted, 8 packets received, 0% packet loss
round-trip min/avg/max/mdev = 0.584/0.665/1.187/0.198 ms

23
 ping as debugging tools
 What we get from ping?
 Timing information
 Connection reliability
 Destination is reachable (routable)
 IP layer is functional, but no guarantee for other
higher layer protocols

24
 ping results
 No response
 Target host inactive or no connection
 Lost packet (significant when >2-3%)
 Transmission error on WAN/LAN
 Overloading bridges/routers
 Varying round-trip time
 host/network overloading
 No lost and round-trip time is reasonably constant
 Congratulations! That’s all we want.

25
 Diagnostic Tools: traceroute
 Command to determine the active route to a destination
address
 How does it work?
 send a UDP messages to an unused port on the target host with
ttl=1
 router decrease ttl to 0, it has to return an ICMP time exceed
message
 traceroute sets ttl =2 and retransmits, this time go one more hop
 ttl++ until UDP messages reach the destination.
 the target returns an ICMP service unavailable because there is no
UDP port service.

26
How traceroute works?

UDP(TTL =1)
Destination unused port #
27
How traceroute works?

UDP(TTL
TTL = 0=1)

ICMP(time exceed)
UDP(TTL =1)

28
How traceroute works?

UDP(TTL
ICMP(time
TTL = 0=1)
exceed)

UDP(TTL
ICMP(time=2)
=1)
exceed)

UDP(TTL
ICMP(time=2)
exceed)

29
How traceroute works?

UDP(TTL =8)

UDP(TTL =9)

ICMP(port
UDP(TTL =10)
unreachable) ICMP(port UDP(TTL
unreachable)
=0)

30
 Traceroute example

$ traceroute iwing.cpe.ku.ac.th
traceroute to iwing.cpe.ku.ac.th (158.108.32.199), 30 hops max, 38 byte
packets
1 fe-cpegw2-server (158.108.32.1) 0.851 ms 0.782 ms 0.683 ms
2 gb-cpegwbb-cpegw (158.108.35.10) 0.387 ms 0.368 ms 0.337 ms
3 gb-cpec4k6-cpec6k (158.108.35.114) 0.685 ms 0.654 ms 0.613 ms
4 iwing (158.108.32.199) 0.506 ms 0.439 ms 0.418 ms

31
 Traceroute example
$ traceroute www.umass.edu
traceroute to www.umass.edu (128.119.101.5), 30 hops max, 38 byte packets
1 fe-cpegw2-server (158.108.32.1) 0.855 ms 0.737 ms 0.700 ms
2 gb-cpegwbb-cpegw (158.108.35.10) 0.430 ms 0.409 ms 0.359 ms
3 158.108.254.37 (158.108.254.37) 0.488 ms 0.469 ms 0.401 ms
4 158.108.251.54 (158.108.251.54) 0.558 ms 0.617 ms 0.733 ms
5 158.108.251.57 (158.108.251.57) 1.121 ms 0.919 ms 1.046 ms
6 202.28.213.1 (202.28.213.1) 1.311 ms 1.758 ms 1.154 ms
7 202.28.212.29 (202.28.212.29) 1.531 ms 1.445 ms 1.189 ms
8 202.28.212.2 (202.28.212.2) 1.456 ms 1.532 ms 1.151 ms
9 S1-1.R00.LA-POP.uni.net.th (202.28.28.162) 226.026 ms 226.043 ms 225.962 ms
10 63.216.18.53 (63.216.18.53) 253.741 ms 239.317 ms 249.022 ms
11 snvang-losang.abilene.ucaid.edu (198.32.8.95) 233.765 ms 239.165 ms 240.522 ms
12 dnvrng-snvang.abilene.ucaid.edu (198.32.8.2) 258.216 ms 258.599 ms *
13 kscyng-dnvrng.abilene.ucaid.edu (198.32.8.14) 269.012 ms 268.717 ms 318.331 ms
…
19 nox300gw1-PEER-NoX-UMASS-192-5-89-102.nox.org (192.5.89.102) 310.155 ms 310.240 ms
344.973 ms
20 lgrc-rt-106-8.gw.umass.edu (128.119.2.193) 323.127 ms 325.108 ms 313.802 ms
21 lgrc-rt-106-6.gw.umass.edu (128.119.2.185) 310.291 ms 321.111 ms 309.874 ms
22 * * *
23 * * *

32
Dynamic Host Configuration
Protocol (DHCP)
 DHCP
 Allows a computer to join a new network and
obtain networking parameters automatically
 IP address
 Subnet mask
 Default router (gateway) address
 DNS server's address
 etc.
 The concept has been termed plug-and-play
networking

34
DHCP Message Format

35
 DHCP Operation
Client DHCP Server

Boot DHCP DISCOVER

(Broadcast)

DHCP OFFER

DHCP REQUEST

DHCP ACK

36
 DHCP Discover Message
 Broadcast by clients

37
 DHCP Offer Message
 Sent directly to client

38
 Assigned Address Types
 We can configure a DHCP server to supply
two types of addresses:
 Permanently assigned addresses
 Typically assigned to servers
 A pool of dynamic addresses to be allocated on
demand
 Typically assigned to arbitrary hosts

39
 Address Leasing
 DHCP issues a lease on the address for a
finite period
 Thus allows a DHCP server to reclaim addresses
 When a lease expires, a host can choose to
relinquish the address or renegotiate with
DHCP to extend the lease
 If approved, a computer continues to operate
without any interruption
 If a server denies an extension request, the host
must stop using the address

40
 DHCP Relay Agents
 DHCP discover messages are broadcast locally
 These messages are not forwarded by routers
DHCP Server

10.1.4.2
10.1.2.11
10.1.1.10

10.1.4.1
10.1.1.11 DHCP
DISCOVER
10.1.1.1 10.1.2.1
New client
Router
10.1.1.12
10.1.2.12

Assuming all networks are /24

41
 Example: DHCP Relay Agents
 Each network may be equipped with a DHCP relay
 Typically built into a router
DHCP Server

10.1.4.2
10.1.2.11
2
10.1.1.10
DHCP DISCOVER
(Unicast)
10.1.4.1 1
10.1.1.11 DHCP
10.1.1.1 10.1.2.1 DISCOVER
New client
Router &
10.1.1.12
DHCP Relay 10.1.2.12

Assuming all networks are /24 42

 Example: DHCP Relay Agents
 Each network may be equipped with a DHCP relay
 Typically built into a router
DHCP Server

10.1.4.2 3
10.1.2.11
DHCP OFFER
10.1.1.10
5
4
10.1.4.1 DHCP Client
10.1.1.11 OFFER accepts IP
10.1.1.1 10.1.2.1
New client
Router &
10.1.1.12
DHCP Relay 10.1.2.12

Assuming all networks are /24 43

 Example: DHCP Relay Agents
 Each network may be equipped with a DHCP relay
 Typically built into a router
DHCP Server
8
10.1.4.2
DHCP ACK 10.1.2.11
7
10.1.1.10
DHCP
REQUEST
10.1.4.1 6
10.1.1.11 DHCP
10.1.1.1 10.1.2.1 REQUEST
DHCP New client
Router & ACK
10.1.1.12
DHCP Relay 9 10.1.2.12

Assuming all networks are /24 44

Network Address Translation
(NAT)
 Network Address Translation
NAT – Network Address Translation
 A function that translates the address of
datagrams into a new address
 Typically, original address is private (unroutable)
 New address is public and routable

46
 Private Addresses
 Internet routers will not route packets whose
destination addresses fall within these ranges

47
Basic NAT Operation
Address Translation Table:

Inside Outside
10.0.0.3 158.108.3.4

NAT Router

SA = 10.0.0.3 SA = 158.108.3.4
DA = 128.23.2.2 DA = 128.23.2.2

SA = 128.23.2.2 SA = 128.23.2.2
DA = 10.0.0.3 DA = 158.108.3.4

48
Address Pooling

SA = 10.0.0.2 SA = 158.108.3.5
NAT Router
DA = 130.2.1.5 DA = 130.2.1.5

SA = 10.0.0.3 SA = 158.108.3.4
DA = 128.23.2.2 DA = 128.23.2.2

Address Translation Table:

Inside Outside
10.0.0.3 158.108.3.4
10.0.0.2 158.108.3.5
158.108.3.6
:

49
 Advantages of Using NAT
 Eliminates need to reassign addresses when
changing to a new ISP
 Protects network security
 Balances load

SA = 202.1.3.8
DA = 158.108.1.6
10.1.1.1
Internet

SA = 128.23.2.2
DA = 158.108.1.6
10.1.1.2

 Preserves IP addresses

50
 Port Translation
 Single public IP address is mapped to
multiple hosts in a private network
 In this case, NAT router modifies the port
numbers for outgoing traffic
 Known as NAPT or PAT

51
NAPT Operation
Address Translation Table:

Inside Outside
10.0.0.3:2322 158.108.3.4:4511

NAT Router

SA = 10.0.0.3:2322 SA = 158.108.3.4:4511
DA = 128.23.2.2:80 DA = 128.23.2.2:80

SA = 128.23.2.2:80 SA = 128.23.2.2:80
DA = 10.0.0.3:2322 DA = 158.108.3.4:4511

52
 NAT/NAPT for Home Users
 Wireless router has NAT/NAPT functionality
built in
 Along with DHCP and switch functionalities

Map all IP
addresses to single
192.168.1.11 routable address
Wireless Router

Internet
DSL/Cable Modem
192.168.1.9

192.168.1.5 192.168.1.6

53
 NAT Performance
 How much work does NAT do?
IP Header TCP Header
vsn len tos total length source port destination port
identification flgs fragment offset sequence number
TTL protocol header checksum acknowledgment number
source IP address hlen rsv flags window size
destination IP address TCP checksum urgent pointer
IP option TCP option

DATA DATA

 Some apps include IP information in the

data. E.g., FTP, DNS, SNMP
 NAT and ICMP
 Unlike TCP and UDP, ICMP has no port
 So how do things like ping work?
 For ICMP query (i.e., ping)
 Use Query ID in the echo-request and echo-reply
Type Code Checksum
ID Sequence

 For ICMP error (e.g., used by traceroute)

 Use embedded IP header information
Type Code Checksum
Empty Next-Hop MTU
IP Header + First 8 bytes of original data
 Application Layer Gateways
 Or ALG for short
 Run on top of NAT
 Allow NAT to support certain application
layer protocols
 E.g., FTP, SIP, BitTorrent, IM
 One ALG per application
 FTP ALG
 Normal operation (no NAT/ALG)

Client 15.2.10.12 22.4.2.5 Server

PORT 15,2,10,12,7,208

200 PORT command successful

RETR myfile.zip

150 Opening data connection

Establish data connection; send file

 FTP ALG
 Operation with NAT/ALG
Client Server
10.0.2.5 128.4.1.8
(private) (public) 22.4.2.5

PORT 10,0,2,5,7,208 PORT 128,4,1,8,11,184

200 PORT command successful 200 PORT command successful

RETR myfile.zip RETR myfile.zip

150 Opening data connection 150 Opening data connection

Establish data connection; send file Establish data connection; send file
 Issues with NAT
 Increases resource and performance
requirements for routers
 Not just address/port substitution
 Checksum, L4 header, ALG
 Break end-to-end transparency paradigm
 NAT modifies packets in route
 Cripples certain applications/protocols
 More Information
 RFC 3022 – Traditional IP Network Address
Translator