16. IP Addressing
Assigning host addresses to networks and the computers connected to
them had to satisfy the following requirements:
• It must be universal – any host must be able to send packets to any
other host in the Internet.
• It must be efficient in its use of the address space – it is impossible to
predict the ultimate size of the Internet and the number of network and
host addresses likely to be required.
TCP/IP provision for 232 or approximately 4 billion addressable hosts.
Short-sighted, for two reasons:
– The rate of growth of the Internet has far outstripped all predictions.
– The address space has been allocated and used much less efficiently
than expected.
16
20. Unregistered addresses and Network Address Translation (NAT)
Not all of the computers and devices that access the
Internet need to be assigned globally unique IP
addresses.
Computers that are attached to a local network and
access to the Internet through a NAT-enabled router
can rely upon the router to redirect incoming UDP
and TCP packets for them.
The network includes Internet-enabled computers
that are connected to the router by a wired Ethernet
connection as well as others that are connected
through a WiFi access point.
20
25. Firewall
IP packet filtering: This is a filter process examining
individual IP packets. It may make decisions based
on the destination and source addresses.
It may also examine the service type field of IP packets
and interpret the contents of the packets based on
the type.
For example, it may filter TCP packets based on the
port number to which they are addressed, and since
services are generally located at well-known ports,
this enables packets to be filtered based on the
service requested. For example, many sites prohibit
the use of NFS servers by external clients.
25
26. Firewall
TCP gateway: A TCP gateway process checks all TCP
connection requests and segment transmissions.
When a TCP gateway process is installed, the setting
up of TCP connections can be controlled and TCP
segments can be checked for correctness (some
denial of service attacks use malformed TCP
segments to disrupt client operating systems). When
desired, they can be routed through an application-
level gateway for content checking.
26
27. Firewall
Application-level gateway: An application-level gateway
process acts as a proxy for an application process.
For example, a policy may be desired that allows certain
internal users to make Telnet connections to certain external
hosts.
When a user runs a Telnet program on their local computer, it
attempts to establish a TCP connection with a remote host.
The request is intercepted by the TCP gateway. The TCP
gateway starts a Telnet proxy process and the original TCP
connection is routed to it. If the proxy approves the Telnet
operation (i.e., if the user is authorized to use the requested
host) it establishes another connection to the requested host
and relays all of the TCP packets in both directions.
A similar proxy process would run on behalf of each Telnet
client, and similar proxies might be employed for FTP and
other services.
27
31. Issues
Hidden stations: Carrier sensing may fail to detect that another
station on the network is transmitting.
If tablet D is transmitting to the base station E, laptop A may not
be able to sense D’s signal because of the radio obstruction
shown. A might then start transmitting, causing a collision at E
unless steps are taken to prevent this.
Fading: Due to the inverse square law of electromagnetic wave
propagation, the strength of radio signals diminishes rapidly
with the distance from the transmitter. Stations within a wireless
LAN may be out of range of other stations in the same LAN.
Thus laptop A may not be able to detect a transmission by C,
although each of them can transmit successfully to B or E.
Fading defeats both carrier sensing and collision detection.
31
32. Issues
Collision masking: The ‘listening’ technique used in the Ethernet
to detect collisions is not very effective in radio networks.
Because of the inverse square law the locally generated signal
will always be much stronger than any signal originating
elsewhere, effectively drowning out the remote transmission.
So, laptops A and C might both transmit simultaneously to E
and neither would detect that collision, but E would receive
only a garbled transmission.
32
33. Carrier Sensing, Multiple Access with Collision Avoidance (CSMA/CA).
When a station is ready to transmit, it senses the medium. If
it detects no carrier signal it may assume that one of the
following conditions is true:
1. The medium is available.
2. An out-of-range station is in the process of requesting a
slot.
3. An out-of-range station is using a slot that it had previously
reserved.
33