Classless and Subnet Extensions (CIDR) Chapter 9 Review • Chapter 4 describes the original address scheme in IPv4 • Each physical network is assigned a unique network address • Each host has the network address as a prefix • Classful addressing Minimizing Network Numbers • The growth of the internet was unanticipated • We are running out of IP addresses – Especially class B addresses – China! • Three solutions First Solution: Proxy ARP • Also called promiscuous ARP and the ARP hack • Two networks share a single IP address • The router knows which hosts are on which physical network http://www.calvin.edu/~lave/figure-9.1.pdf • Takes advantage of an important feature of the ARP protocol, trust Proxy ARP (continued) • Some implementations of ARP – Alert managers to possible security violations if two IP addresses map to the same MAC address – Prevents spoofing – This only works without proxy ARP routers • Otherwise too many warnings are generated • Proxy ARP does not scale beyond two networks Solution 2: Subnet Addressing • Also called subnet forwarding or subnetting • Individual sites have the freedom to modify addresses and routers as long as the modifications remain invisible to other sites – All hosts and routers honor the addressing scheme – Other sites on the internet can treat addresses as a network prefix and a host suffix Subnet Addressing (continued) • Use an addressing hierarchy within your network: http://www.calvin.edu/~lave/figure- 9.2.pdf – Use part of your host id portion to specify a subnet – Example, divide 128.10 into 128.10.1 and 128.10.2 – To the outside world 184.108.40.206 is part of the 128.10 space, but routers within 128.10 must choose 128.10.2 as the network destination Variable-Length Subnets • Select a subnet portion and require that all hosts on that subnet honor it • Two notations – 220.127.116.11 netmask 255.255.255.192 – 18.104.22.168/26 (CIDR notation) • They both mean that the high order 26 bits are the network id and the low order 6 bits are the host id Forwarding in the Presence of Subnets • Page 137 of the text shows an illegal topology http://www.calvin.edu/~lave/figure-9.6.pdf • The problem is that H does not know where to send a datagram for a host on Net 3 • All subnets of a given IP address must be contiguous, the subnet masks must be uniform, and all machines should participate in subnet forwarding A Unified Forwarding Algorithm • Covers the standard IP forwarding and subnet forwarding • http://www.calvin.edu/~lave/figure-9.7.pdf Maintenance of Subnet Masks • How are they assigned? – By a network administrator – Eg, 153.106.128 is assigned to emulab.calvin.edu – No easy rules – Contiguity is obviously desirable • How are subnet masks propagated? – Later Broadcasting to Subnets • How do you broadcast to a network that is subnetted? – All routers must agree to forward to all subnets – Forwarding loops are possible • RPF (reverse path forwarding) – A router receives a broadcast – Consults its routing table – Discards unless it arrived on the interface used to forward to the source (ie, unless it arrived from the shortest path) Third Solution: Anonymous Point-to-Point Networks • IP views a point-to-point connection between a pair of machines as a network, the connection was assigned a network prefix and each computer a host suffix. This seems absurd in light of the shortage of IP addresses. • Anonymous networking. – Pair of routers connected by a leased circuit. Point-to-Point (continued) • Avoid numbering the leased line and do not assign a host address to the routers at each end. The interface software is configured to ignore the next-hop address. • Possible because there is only one possible destination. Classless Addressing and Supernetting • New Addressing Model • Accompanying forwarding and route propagation techniques • The entire technology is know as Classless Inter-Domain Routing, CIDR CIDR (continued) • The classful scheme did not divide network addresses into equal size classes – Fewer than 17,000 class B addresses – More than 2 million class C addresses • Demand for class C was less than for class B – Class C networks are small and are not amenable to subnetting • Class B prefixes became near exhaustion Supernetting • Supernet several class C addresses into one network • Estimate the number of networks needed, say 200 • Receive a block of 256 contiguous class C numbers CIDR Example • 22.214.171.124/21 – The high 21 bits represent the network – The low order 11 bits represent the host • The netmask consists of 21 1’s and 11 0’s, ie, 255.255.248.0 Data Structures and Algorithms for Classless Lookup • Addresses are no longer self-identifying – Hashing no longer works so well • Searching by mask length – LPM, longest prefix match. Given a destination address, D, find the entry in the routing table that has the longest prefix of bits of D. – A subscriber always has a longer address mask than the ISP. Classless Lookup (continued) • Iterate over all possible divisions between prefix and suffix • Slow! • Binary Trie Structures. – Remove redundant suffixes (remaining prefix identifies the network) Binary Trie Structures • http://www.calvin.edu/~lave/figure-9.12.pdf • http://www.calvin.edu/~lave/figure-9.13.pdf Longest-Match and Mixtures of Route Types • A trie only needs to store a unique prefix for each route in the table, but the prefix must cover the entire network portion of the route • To guarantee that a router does not forward datagrams unless the entire network prefix matches, each exterior node in the trie must contain a 32-bit address, A, and a 32-bit mask, M, that covers the entire network portion of A. Longest-Match (continued) • The algorithm computes the logical and of M with the destination address and compares with A • A trie is a mechanism that quickly identifies potential candidates, not a mechanism that finds an exact match Longest-Match (continued) • Assumption: each entry in a routing table has a unique binary prefix. In practice routing tables contain a mixture of general and specific routes for the same destination – A different route for a particular subnet – A special route for one host • http://www.calvin.edu/~lave/figure-9.14.pdf Longest-Match (continued) • The trie data structure must follow the longest- match paradigm when selecting a route • One possible implementation allows each interior node to contain an address/mask pair, and modifies the search algorithm to check for a match at each node. A match that occurs later in the search overrides an earlier match. PATRICIA and Level Compressed Tries • One optimization involves “skipping” levels in the trie that do not distinguish among routes. • In the previous example, each route begins with the same sixteen bits. A binary trie will have only one node at each of the first sixteen levels below the root. Two Modified Versions of Tries • A PATRICIA trie allows each node to specify a value to test along with a number of bits to skip. • A level compressed trie provides additional optimization by eliminating one or more levels in the trie that can be skipped along any path. CIDR Blocks Reserved For Private Networks • Private or nonroutable addresses • The set of IPv4 prefixes contains a CIDR block that spans multiple classes. • http://www.calvin.edu/~lave/figure-9.15.pdf • The last address block listed, 169.254.0.0/16, is unusual because it is used by systems that autoconfigure IP addresses.