CS 520: Network Architecture I Winter 2007 Lecture 12: The Internet Control Message Protocol and Layering. The previous lecture completed a discussion of the IP address space and the latest attempts to solve the addressing problem (CIDR, NAT s, IPv6). This lecture discusses principles of IP error reporting using the Internet Control Message Protocol (ICMP). It also provides a discussion of the approach and benefits of protocol layering. Chapter 8 - Internet Protocol: Error and Control Messages (ICMP) I. Internet Control Message Protocol (ICMP) Routers will notice network problems They can see the effects of problems Not the problems themselves Types of observations routers can make Cannot route a datagram Cannot deliver a datagram Sees conditions that effect its ability to forward datagrams - Network congestion, for example. Causes of problems Failures - Communication links - Processors - Router hardware Destination machines disconnected temporarily or permanently TTL counter expires Header checksum failure Congested intermediate routers Etc. Lecture 12, Page 1 of 15
Debugging of internet problems is difficult Many interconnected networks. Cannot just use specialized hardware to detect problems. It is hard to know if a delivery failure is caused by a local malfunction or a remote one. IP by itself contains nothing to help detect problems. Internet Control Message Protocol (ICMP) Must be included in every IP implementation. All IP-enabled machines will support ICMP. An arbitrary machine can send an ICMP message to any other machine. With some restrictions. Technically ICMP is only an error reporting mechanism Does not fully specify actions that should be taken in response to an ICMP message. Some suggestions are given, but response actions are not fully specified. - Cannot be fully specified because of the unique characteristics of certain problems. ICMP messages are sent in the data area of an IP datagram. The IP header indicates the presence of an ICMP message. How? The PROTOCOL field = 1. Lecture 12, Page 2 of 15
ICMP messages are routed the same as all other IP packets. No additional reliability or priority. Error messages themselves may be lost or discarded. May experience the same problems that caused the original datagram to have problems. - But it may help that the return route may be different than the sending route. ICMP messages will add more traffic to a network. If the network is congested, congestion will increase. Always a problem with any messaging and control protocol. - In an effort to fix problems by sending control messages, the control messages themselves may make the problem worse. - Or even make the network collapse. - Problems control messages control messages have problems more control messages etc. collapse to zero performance. What are ways to prevent this from happening? Do not send ICMP messages for failed datagrams carrying ICMP messages. Routers use separate queues, priorities, or processors to handle ICMP. Lecture 12, Page 3 of 15
For datagram errors Examples: TTL, delivery failure, etc. ICMP messages can only be sent two places, and only one destination is useful. ICMP Messages 1. Routers on the path back to the source. Packet may not have used that route ICMP not useful here. 2. Original source can take some actions. ICMP cannot send messages on the path from the source to the destination over which the datagram first traveled. ICMP relies upon the receiver of the ICMP message to respond with corrective action. Each message begins with three fields 8-bit integer message type 8-bit code field that provides further information about the message type 16-bit checksum field - Covers ICMP part only. - Same additive checksum algorithm as with IP. For datagram error messages, part of the affected datagram is also included. IP header Plus first 64 bits of datagram payload - This gives the header of any other protocol in the payload (for example, TCP or UDP). Lecture 12, Page 4 of 15
II. ICMP Message Types A little bit of discussion is provided here. Many other types are covered in the textbook. Ping English definition of "ping". A sharp, high-pitched sound, as that made by a bullet striking metal. In essence, ping lets a source try to "hit" a destination and sees if it hears a response. Lecture 12, Page 5 of 15
All IP-enabled machines must support ICMP So one can generally expect a ping response from any router or host. But some routers will not respond to try to prevent DDOS attacks - DDOS Distributed Denial of Service - Many machines could all send messages to a router. - The flood is so large that service is overwhelmed and denies service to real traffic. - Distributed attacks (created by viruses that send messages from many machines) make filtering traffic by source address difficult. Ping can be used to test destination reachability and status. >ping Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [[-j host-list] [-k host-list]] [-w timeout] destination-list Options: -t Ping the specified host until stopped. To see statistics and continue - type Control-Break; To stop - type Control-C. -a Resolve addresses to hostnames. -n count Number of echo requests to send. -l size Send buffer size. -f Set Don't Fragment flag in packet. -i TTL Time To Live. -v TOS Type Of Service. -r count Record route for count hops. -s count Timestamp for count hops. -j host-list Loose source route along host-list. -k host-list Strict source route along host-list. -w timeout Timeout in milliseconds to wait for each reply. Now to ping one of the MORENET routers: >ping 150.199.89.237 Pinging 150.199.89.237 with 32 bytes of data: Reply from 150.199.89.237: bytes=32 time=142ms TTL=252 Reply from 150.199.89.237: bytes=32 time=129ms TTL=252 Reply from 150.199.89.237: bytes=32 time=115ms TTL=252 Reply from 150.199.89.237: bytes=32 time=132ms TTL=252 Lecture 12, Page 6 of 15
Ping statistics for 150.199.89.237: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 115ms, Maximum = 142ms, Average = 129ms And now with more options: >ping -a -n 10 -l 10000 150.199.89.237 Pinging kc-r10-01-atm2-0-0-7.mo.more.net [150.199.89.237] with 10000 bytes of data: Reply from 150.199.89.237: bytes=10000 time=93ms TTL=251 Reply from 150.199.89.237: bytes=10000 time=191ms TTL=251 Reply from 150.199.89.237: bytes=10000 time=95ms TTL=251 Reply from 150.199.89.237: bytes=10000 time=107ms TTL=251 Reply from 150.199.89.237: bytes=10000 time=122ms TTL=251 Reply from 150.199.89.237: bytes=10000 time=129ms TTL=251 Reply from 150.199.89.237: bytes=10000 time=132ms TTL=251 Reply from 150.199.89.237: bytes=10000 time=141ms TTL=251 Reply from 150.199.89.237: bytes=10000 time=197ms TTL=251 Reply from 150.199.89.237: bytes=10000 time=181ms TTL=251 Ping statistics for 150.199.89.237: Packets: Sent = 10, Received = 10, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 93ms, Maximum = 197ms, Average = 138ms What does a successful ping tell us is working properly? Source machine IP software. Intermediate routers. On forward path. On return path. Lecture 12, Page 7 of 15
Destination machine Technically that it at least responds to ping. Physical networks. Uses two ICMP messages. Source sends an echo request (code 8) Destination responds with an echo reply (code 0). Identifier and Sequence Number fields are used for senders to correlate replies to requests. Echo request can include optional data. - By varying the size of the optional data, one can test performance of the network and data rates of links. Pings can be used to track round-trip times. Can check the time it takes for a response to be received. Destination Unreachable IP drops packets If a destination is unreachable. If a datagram arrives at a wrong destination. Lecture 12, Page 8 of 15
Routers also send an ICMP Destination Unreachable message to the sender. Along with 13 possible codes A router cannot detect all errors. Example: Packets sent over an Ethernet to a failed host. Ethernet provides no way of knowing about unsuccessful delivery. Several other messages Source Quench tells a source to slow down its rate of transmission. Route change requests ICMP redirect message to tell a host to change its route. Circular routes (TTL=0) or fragmentation reassembly time is exceeded ICMP Time Exceeded message Clock synchronization ICMP Timestamp Request and Timestamp Reply Parameter Problem something is wrong in the datagram that is not covered by another ICMP message. Some others are now obsolete since their functions are not needed, even though they were needed in the original Internet. Lecture 12, Page 9 of 15
Chapter 10 - Protocol Layering III. Layering Principles Used in TCP/IP In general, layering provides a very powerful mechanism for data communications. We introduced the layering concept in the first lecture. Having a single protocol to handle all of communications would be difficult. To handle problems - Hardware failures - Network congestion - Packet delay or loss - Data corruption - Data duplication or inverted arrivals To interface with - All types of hardware - All types of applications We want to be able to use protocols at different layers that can be modified or changed without impacting other layers. Analogous to programming languages and computation. Layers in computation include - Hardware signals - Assembly language - Operating systems (kernel, system services) - Application programs (which themselves could be layered). For layering to work, and work well, the following must be true. Clear definitions of the format of the data passed between layers. Minimal duplication of functionality in different layers. Ability for a layer to perform well with minimal knowledge from other layers. Each layer checks the correctness of the message and chooses how to respond. Lecture 12, Page 10 of 15
ISO Open System Interconnection Model 7 Layers Application Presentation - Common data formats and translation. Session - Defined specifically for remote terminal access. Transport - End-to-end reliable delivery. Network - Routing Data Link - Bit framing, etc. Physical - Sending raw digital signals. Lecture 12, Page 11 of 15
TCP/IP Reference Model 5 Layers Similar Definitions with the OSI 7 layers With Presentation and Session omitted. Data Link layer is generally called the network interface OSI and TCP/IP are different in two important ways. 1. OSI and TCP/IP have a fundamental difference in how they handle reliability of packet delivery. Reliable packet delivery requires three mechanisms. - Checksums - Acknowledgements of receipt - Timeouts and retransmission when acknowledgements are not received. OSI assumes that these mechanisms are implemented at layers 2, 3, and 4. TCP/IP relies only on the Transport layer (layer 4) for reliability - Individual links or machines can lose data or corrupt it without trying to recover. - Error detection and recovery is only addressed end-to-end (between source and destination hosts). - Little or no reliability is provided by network layer and below. - IP does not acknowledge packets. - Ethernet does not acknowledge packets. Lecture 12, Page 12 of 15
This gives TCP/IP software freedom to implement other techniques as well. - Without initiating or controlling any recovery procedures. - To discard corrupted datagrams. - To discard datagrams that cannot be delivered. - To discard datagrams when there is congestion. - To reroute datagrams even though they might arrive out of order. - Transport layer will recover. In what type of environment might exclusively using end-to-end reliability not be so great of an idea and why? Wireless, since bit error rates are a lot higher than for fiber or copper which have low error rates (10-10 to 10-12 ). To wait for the other end to check for errors is a poor idea. 2. OSI and TCP/IP place complexity in different places. For OSI, the networks are complex, end hosts are not. For TCP/IP networks are simple, end hosts are complex. - In what ways are TCP/IP end hosts complex? Error detection and recovery Perform packet forwarding Handle ICMP messages. Lecture 12, Page 13 of 15
What SMILES reasons exist for choosing the TCP/IP approach? Scalable, manageable, Protocol Layering Principle simple networks Layered protocols are designed so that layer n at the destination receives exactly the same object sent by layer n at the source. Each layer can interact as if the other layers do not exist. This is true with IP with a couple of exceptions: With IP, what is not identical about sent and received datagrams? TTL and Checksum Lecture 12, Page 14 of 15
Two Important Boundaries in the TCP/IP Model Disadvantages of Layering Layering can be extremely inefficient Possible duplication of functionality. Inefficient packet sizing. - Transport layer may break a file into packets, but these packets may also have to be fragmented at the IP layer. - Transport layer does not know about MTU's at the network interface. An application might try to route packets on a wireless network without knowledge of the quality of particular wireless links. Usually actual implementations relax a little from a strict layering scheme. Allow sharing of information about routing, timestamps, packet sizing, etc. Can make dramatic improvements in efficiency. A large amount of research in wireless networking is seeking to violate layering principles to improve efficiency. Called cross-layer design. Examples: Routing with physical layer characteristics in mind, routing based on battery life and power usage, applications that adapt to error conditions, etc. The next lecture will briefly review the two main transport protocols, UDP and TCP, then we will look at how network routes are determined and coordinated. Lecture 12, Page 15 of 15