Tech Notes

Networking Basics

We will go through the basic concepts in the networking in the blog. We will discuss about ARP, Proxy ARP, G ARP, NAT, NAT vs PAT, DHCP, ICMP, Traceroute, MTU, MTU vs MSS, PMTU etc.

We start with the IPv4(20 bytes) and IPv6 header(40 Bytes) to understand why we need ARP in IPv4 and not in IPv6.

IPv4 Header:

IPv6 Header:

Ethernet frame:

ARP:

ARP is used by the sender to get the MAC address of the destination, when IP of the Destination is known. Destination IP could have been learned via DNS etc.

To get the destination MAC, sender will send the ARP request as Layer 2 broadcast and receiver will respond with unicast.

ARP Request: ARP request is carried as payload in the Layer 2 frame.

The Ethernet header will include three fields: a Destination MAC address, a Source MAC address, and an EtherType.EtherType will be ARP.

ARP payload will have details of the IP type to MAC mapping and other details:

ARP response:

Ethernet frame:

ARP response payload:

PROXY ARP

Proxy ARP occurs when one node is responding to an ARP request on behalf of another node.

Proxy ARP request is same. The change is in the arp response. The response is from the router with its MAC address as as the sender MAC address but with sender IP as the host in another subnet.

Proxy ARP is used in static NAT too:

Gratuitous ARP

The Gratuitous ARP is sent as a broadcast, as a way for a node to announce or update its IP to MAC mapping to the entire network.a Gratuitous ARP is broadcast ARP Response, that was not prompted by an ARP Request.

Ethernet header:

ARP header: See opcode is 2. which means it’s a ARP response. But no request was made. Also, the destination MAC is a broadcast.

GARP is mainly used to announce change in MAC:IP address mapping, new device announcing itself to the network and for redundancy protocols like HSRP/VRRP.

NAT

NAT vs PAT: NAT modifies only the L3 header, and a PAT modifies both the L3 and L4 header. Or, said another way, a NAT modifies only the IP, and a PAT modifies both the IP and Port.

Static NAT:

The typical use case for a Static NAT is for a Server on a Private IPv4 network to be reached externally from the Internet. Its a bi-directional translation and has 1:1 mapping between private:public IP.

Static NAT works well for 1 server but for thousands of servers, you need thousands of public IPs.

Static PAT: One specific use case for Static PAT is to use a single Public IP address to host multiple services on different internal servers.

Dynamic PAT: . Dynamic PAT is used any time multiple internal hosts need to share a single public IP address.Dynamic PAT is uni-directional.

Unidirectional as a host in internet sends a request, router won’t know to which internal host it should forward the traffic to:

Dynamic NAT

single public IP address cannot be shared among multiple internal Hosts at the same time.

DHCPv4:

DHCP server uses UDP port 67 where client uses 68.

why DHCP uses UDP ?

Since TCP is connection oriented and doesn’t support broadcast, we have to use a protocol where we can broadcast the message. Also, TCP needs a IP for client but here client doesn’t have an IP itself.

DHCP 4 messages are often abbreviated as DORA for discovery, offer, request, and acknowledgement.

  1. Discover message: send from the client
    1. Layer 2 header:
      1. source Mac: client Mac.
      2. destination Mac: broadcast
    2. Layer 3 header:
      1. source IP: 0.0.0.0(as client doesn’t have the IP)
      2. destination IP: broadcast
    3. UDP header: client udp port 68, destination server port: 67
    4. UDP data with DHCP message:
      1. bootP flag(unicast or broadcast)
      2. client ip address: 0.0.0.0
      3. client Mac: mac
        1. DHCP options:
          1. DHCP message type: discover
  2. DHCP offer message: send from the server to client. message will send as unicast or broadcast based on the bootp option from the client discover message:
    1. Layer 2 header:
      1. source Mac: server Mac
      2. destination Mac: broadcast of bootp flag in discover is broadcast. unicast to client if bootp flag in discover message is unicast.
    2. Layer 3 header:
      1. source IP: server IP
      2. destination IP: IP address being offered to client(for unicast). broadcast IP for broadcast.
    3. UDP header: server : 67, client 68
    4. DHCP header:
      1. DHCP message type: offer
      2. DHCP message options:
        1. client IP
        2. subnet mask
        3. gateway
        4. dns server
        5. domain name etc
  3. DHCP request message: send from the client to the server saying that I want to accept your proposed IP and DHCP options.multiple DHCP server may be offering the client, so client will send to the DHCP server from whom it has accept the DHCP IPs and options:
    1. Layer 2:
      1. source Mac: Mac of the client
      2. destination Mac: broadcast
    2. Layer 3:
      1. source IP: 0.0.0.0
      2. destination IP: broadcast
    3. Layer 4: UDP
    4. DHCP header:
      1. message type: request
      2. DHCP options will have server IP address as the IP of the DHCP server client has selected
  4. Ack message: server to client to confirm that client can use the given IP etc.

DHCP relay:

used when we have couple of centralised DHCP servers. router forward the message to centralised DHCP servers as a unicast.DHCP Relay agent creates a new unicast DHCP packet and sets the giaddr field to the ‘primary’ IP address of the interface on which DHCP request packet is received. The modified request packet is then relayed to one or more configured DHCP servers. DHCP server assigns ip address to client from the pool corresponding to giaddr field.

ICMP

ICMP request: In layer 3 header, we will have the protocol as ICMP. ICMP header will have details like type(echo request, echo reply), code, checksum etc.

ICMP response will the response to the request

TRACEROUTE

https://www.hackingarticles.in/working-of-traceroute-using-wireshark/

TraceRoute with UDP: Packet capture

Summary of the flow:

  • a UDP packet is send from the source to the destination IP
  • On layer 3, TTL value is set as 1 and incremented further to 2,3,4,5..
  • On layer 4, UDP destination port is incremented for each of the packet.
  • Once the packet reaches 1st hop, 1st hop will see the TTL as 1, it will decrement the TTL to 0 and send an ICMP packet with TTL expired message.
  • The ICMP response will have the payload of the original Layer3 IP and layer4 UDP packet.
  • Once we reach the destination, destination will open the IP packet and realise it is the destination IP. Destination will open the UDP packet and if it is not listening on the UDP port(usually it won’t), destination will respond with ICMP “port unreachable” message.

Traceroute with ICMP:

  1. Layer 3 Protocol will be 1 for ICMP.
  2. ICMP echo will be send. layer 3 TTL will be 1
  3. 1st hop router will decrement the TTL to 0, drop it and respond with ICMP TTL expired.
  4. destination will open the packet, it will see packet is for itself. it will then open ICMP header, and respond to ICMP echo with ICMP reply.

Traceroute with TCP:

  1. Client will send Layer IP with protocol as TCP. TTL as 1. Layer 4 will be TCP with destination port as 80 and SYN flag as set.
  2. 1st hop will receive the packet, decrement TTL to 0, drop the packet and send ICMP TTL exceed response
  3. destination will open the packet. see its for itself in Layer 3. open layer 4 and see its for itself. it will respond with SYN/ACK flag set at layer 4.
  4. client now knows the destination path and it will send RESET flag to the destination to tell destination to close the connection.

Anycast in CLOS:

https://docs.nvidia.com/networking-ethernet-software/knowledge-base/Network-Solutions/Anycast-Design-Guide/#:~:text=Routing%20on%20the%20Host%20enables,extensions%20or%20load%20balancer%20appliances

Precision time protocol

https://www.youtube.com/watch?v=-8DQ6jqTiQM

Posted

in

,

by

manojkaushal

Tags: