VII SEM

COMPUTER NETWORKS and SECURITY (21AM734)

MODULE - 1
 IP addresses
• Public IP addresses are unique addresses that are assigned to devices connected to the
internet. They are visible to the public and are used to identify devices on the internet.

• Private IP addresses are used within a local network and are not visible to the public internet.
They are used to identify devices within a network and are assigned by the network
administrator.

• Static IP addresses are fixed addresses that do not change over time. They are usually assigned
to servers, routers, and other network devices that require a permanent IP address.

• Dynamic IP addresses are temporary addresses that are assigned to devices for a limited time.
They are usually assigned by the ISP and change every time the device connects to the
internet
 IPV4 Address
• The identifier used in the IP layer of the TCP/IP protocol suite to identify the connection of
each device to the Internet is called the Internet address or IP address.
• An IPv4 address is a 32-bit address that uniquely and universally defines the connection of a
host or a router to the Internet.
• The IP address is the address of the connection, not the host or the router.
• An address space is the total number of addresses used by the protocol.
• If a protocol uses b bits to define an address, the address space is 2 raised to power b
because each bit can have two different values (0 or 1).
• IPv4 uses 32-bit addresses, which means that the address space is 2 raised to 32 or
4,294,967,296 (more than four billion). If there were no restrictions, more than 4 billion
devices could be connected to the Internet.
• dotted-decimal notation (base 256), and hexadecimal notation (base 16). In binary notation,
an IPv4 address is displayed as 32 bits.
• To make the address more readable, one or more spaces are usually inserted between each
octet (8 bits). Each octet is often referred to as a byte.
 Address Hierarchy
A 32-bit IPv4 address is also hierarchical, but divided only into two parts.
The first part of the address, called the prefix, defines the network;
the second part of the address, called the suffix, defines the node (connection of a device to the
Internet).
 Classful Adressing
In classful addressing, the address space is divided into five classes:
A, B, C, D, and E.
Number of blocks and block size in classful IPv4 addressing
Find the error, if any, in the following IPv4 addresses.
Find the class of each address.
a. 00000001 00001011 00001011 11101111
b. 11000001 10000011 00011011 11111111
c. 14.23.120.8
d. 252.5.15.111
 Subnetting and Supernetting
• To alleviate address depletion, two strategies were proposed
• subnetting and supernetting.
• In subnetting, a class A or class B block is divided into several subnets.
• Each subnet has a larger prefix length than the original network.
Ex: if a network in class A is divided into four subnets, each subnet has a prefix of nsub = 10.
• If all of the addresses in a network are not used, subnetting allows the addresses to be
divided among several organizations.
• While subnetting was devised to divide a large block into smaller ones.
• supernetting was devised to combine several class C blocks into a larger block to be attractive
to organizations that need more than the 256 addresses available in a class C block.
• This idea did not work either because it makes the routing of packets more difficult.
 Advantage of Classful Addressing
• We can easily find the class of the address and, since the prefix length
for each class is fixed.
• no extra information is needed to extract the prefix and the suffix.
• Simplicity and clarity—addresses and their setup are very easy to
understand
• Flexibility to accommodate different sizes of networks
• Ease of separating host address for routing
• Allows for reservation of some addresses for special purposes
 Classless Addressing
• The larger address space, requires that the length of IP addresses also
be increased, which means the format of the IP packets needs to be
changed.
• long-range solution called IPv6, a short-term solution was also devised
to
• use the same address space but to change the distribution of
addresses to provide a fair share to each organization.
• The short-term solution still uses IPv4 addresses, called classless
addressing.
• the class privilege was removed from the distribution to compensate
for the address depletion.
 Classless Addressing
• 1990s, Internet Service Providers (ISPs) came into prominence. An ISP
is an organization that provides Internet access for individuals, small
businesses, and midsize organizations that
• do not want to create an Internet site and become involved in
providing Internet services (such as electronic mail) for their
employees.
• An ISP can provide these services.
• An ISP is granted a large range of addresses and then subdivides the
addresses (ingroups of 1, 2, 4, 8, 16, and so on), giving a range of
addresses to a household or a small business.
shows a block of addresses, in both binary and dotted-decimal notation, granted to a small
business that needs 16 addresses.
Soln: The addresses are contiguous. The number of addresses is a power of 2 (16 = 24), and the
first address is divisible by 16.
 Classless Addressing
• 1996, the Internet authorities announced a new architecture called classless addressing.
• classless addressing, variable-length blocks are used that belong to no classes.
• We can have a block of 1 address, 2 addresses, 4 addresses, 128 addresses, and so on.
• In classless addressing, the whole address space is divided into variable length blocks. The
prefix in an address defines the block (network); the suffix defines the node
• (device). Theoretically, we can have a block of 20, 21, 22, ..., 232 addresses.
• number of addresses in a block needs to be a power of 2.
• An organization can be granted one block of addresses.
• division of the whole address space into nonoverlapping blocks.
 Classless Addressing
• the prefix length in classless addressing is variable.
• can have a prefix length that ranges from 0 to 32.
• The size of the network is inversely proportional to the length of the
prefix.
• An address in class A can be thought of as a classless address in which
the prefix length is 8.
• An address in class B can be thought of as a classless address in which
the prefix is 16, and so on.
• classful addressing is a special case of classless addressing.
 Classless Addressing
• Prefix Length: Slash Notation
• in classless addressing is how to find the prefix length if an address is given.
• Since the prefix length is not inherent in the address,we need to separately give the length of
the prefix.
• the prefix length, n, is added to the address, separated by a slash. The notation is informally
referred to as slash notation and formally as classless interdomain routing or CIDR
(pronounced cider) strategy.
• An address in classless addressing can then be represented as shown below: slash notation

In IPv4 addressing, a block of addresses can be defined as x.y.z.t /n in which x.y.z.t defines one of the addresses and
the /n defines the mask.
Default masks for classful addressing
 Extracting Information from an Address
Three pieces of information about the block to which the address belongs:
• the number of addresses,
• the first address in the block, and
• the last address.
Since the value of prefix length, n, is given, we can easily find these three pieces of
information
1. The number of addresses in the block is found as N = 2 32- n

2. To find the first address, we keep the n leftmost bits and set the (32 − n)
rightmost bits all to 0s.

3. To find the last address, we keep the n leftmost bits and set the (32 − n)
rightmost bits all to 1s.
Extracting Information from an Address
Ex: A classless address is given as 167.199.170.82/27.
The number of addresses in the network is 2 32 − n = 2 5 = 32 addresses.
 Address Mask
• Another way to find the first and last addresses in the block is to use the
address mask.
• The address mask is a 32-bit number in which the n leftmost bits are set to 1s
and the rest of the bits (32 − n) are set to 0s.
• can easily find the address mask because it is the complement of (2 32 − n − 1).
• The reason for defining a mask in this way is that it can be used by a computer
program to extract the information in a block, using the three bit-wise
operations NOT, AND, and OR.
1. The number of addresses in the block N = NOT (mask) + 1.
2. The first address in the block = (Any address in the block) AND (mask).
3. The last address in the block = (Any address in the block) OR [(NOT (mask)].
Ex: A classless address is given as 167.199.170.82/27. find the above three pieces of information
Soln: The mask in dotted-decimal notation is
256.256.256.224. The AND, OR, and NOT operations can be applied to individual bytes

Number of addresses in the block: N = NOT (mask) + 1= 0.0.0.31 + 1 = 32 addresses

First address: First = (address) AND (mask) = 167.199.170.82
Last address: Last = (address) OR (NOT mask) = 167.199.170.255
A block of addresses is granted to a small organization.
We know that one of the addresses is 205.16.37.39/28.
 Block Allocation
responsibility of block allocation is given to a global authority called the Internet Corporation for
Assigned Names and Numbers (ICANN).
It assigns a large block of addresses to an ISP
proper operation of the CIDR, two restrictions need to be applied to the allocated block.
1. The number of requested addresses, N, needs to be a power of 2. The reason is that
N = 2 32 − n or n = 32 − log2N.
If N is not a power of 2, we cannot have an integer value for n.
2. The requested block needs to be allocated where there is an adequate number of
contiguous addresses available in the address space.
there is a restriction on choosing the first address in the block.
The first address needs to be divisible by the number of addresses in the block.
The reason is that the first address needs to be the prefix followed by (32 − n) number of 0s.
The decimal value of the first address is then first address = (prefix in decimal) × 2 32 − n = (prefix in
decimal) × N.
• Example : An ISP has requested a block of 1000 addresses. Since 1000 is not a
power of 2, 1024 addresses are granted. The prefix length is calculated as n = 32 −
log21024 = 22. An available block,18.14.12.0/22, is granted to the ISP. It can be
seen that the first address in decimal is 302,910,464, which is divisible by 1024.
Designing Subnets
• assume the total number of addresses granted to the organization is N, the prefix
length is n, the assigned number of addresses to each subnetwork is N sub, and the
prefix
• length for each subnetwork is nsub. Then the following steps need to be carefully
followed
• to guarantee the proper operation of the subnetworks.
• ❑ The number of addresses in each subnetwork should be a power of 2.
• ❑ The prefix length for each subnetwork should be found using the following
formula:
nsub = 32 − log2Nsub
The starting address in each subnetwork should be divisible by the number of addresses in that subnetwork. This can be achieved if we first

assign addresses to larger subnetworks.

Special Addresses
• five specialbaddresses that are used for special purposes:
• this-host address,
• limited-broadcast address,
• loopback address,
• private addresses, and
• multicast addresses.
This-host Address
• The only address in the block 0.0.0.0/32 is called the this-host address. It is used
whenever a host needs to send an IP datagram but it does not know its own
address to use as the source address
Limited-broadcast Address
• The only address in the block 255.255.255.255/32 is called the limited-broadcast
address.
• It is used whenever a router or a host needs to send a datagram to all devices in a
network.
• The routers in the network, however, block the packet having this address as the
destination; the packet cannot travel outside the network.
Loopback Address
• The block 127.0.0.0/8 is called the loopback address.
• A packet with one of the addresses in this block as the destination address never
leaves the host; it will remain in the host.
• Any address in the block is used to test a piece of software in the machine
Private Addresses
• Four blocks are assigned as private addresses: 10.0.0.0/8, 172.16.0.0/12,
192.168.0.0/16, and 169.254.0.0/16.

Multicast Addresses
• The block 224.0.0.0/4 is reserved for multicast addresses.
 Dynamic Host Configuration Protocol
• Address assignment in an organization can be done automatically using the Dynamic Host
• Configuration Protocol (DHCP).
• DHCP is an application-layer program, using the client-server paradigm, that actually helps
TCP/IP at the network layer.
• often called a plugand-play protocol.
• A network manager can configure DHCP to assign permanent IP addresses to the host and
routers.
• DHCP can also be configured to provide temporary, on demand, IP addresses to hosts.
• The second capability can provide a temporary IP address to a traveller to connect her laptop
to the Internet
• It also allows an ISP with 1000 granted addresses to provide services to 4000 households,
assuming not more than one-forth of customers use the Internet at the same time.
• four pieces of information are normally needed: the computer address, theprefix, the address
of a router, and the IP address of a name server. DHCP can be used toprovide these pieces of
information to the host
DHCP Message Format
• DHCP is a client-server protocol in which the client sends a request message and
the server returns a response message
• The 64-byte option field has a dual purpose. It can carry either additional
information or some specific vendor information. The server uses a number,
called a magic cookie, in the format of an IP address with the value of
99.130.83.99.
• When the client finishes reading the message, it looks for this magic cookie. If
present, the next 60 bytes are options.
• An option is composed of three fields: a 1-byte tag field, a 1-byte length field, and
a variable-length value field.
• There are several tag fields that are mostly used by vendors. If the tag field is 53,
the value field defines one of the 8 message types
1. The joining host creates a DHCPDISCOVER message in which only the
transactionID field is set to a random number.
• No other field can be set because the host has no knowledge with which to do so.
• This message is encapsulated in a UDP user datagram with the source port set to
68 and the destination port set to 67.
• The user datagram is encapsulated in an IP datagram with the source address set
to 0.0.0.0 (“this host”) and the destination address set to 255.255.255.255
(broadcast address).
• The reason is that the joining host knows neither its own address nor the server
address.
2. The DHCP server or servers (if more than one) responds with a DHCPOFFER
• message in which the your address field defines the offered IP address for the
joining host and the server address field includes the IP address of the server.
• The message also includes the lease time for which the host can keep the IP
address.
• Thismessage is encapsulated in a user datagram with the same port numbers, but
in the reverse order.
• The user datagram in turn is encapsulated in a datagram with the server address
as the source IP address, but the destination address is a broadcast address, in
which the server allows other DHCP servers to receive the offer and give a better
offer if they can
• 3. The joining host receives one or more offers and selects the best of them.
• The joining host then sends a DHCPREQUEST message to the server that has
given the best offer.
• The fields with known value are set.
• The message is encapsulated in a user datagram with port numbers as the first
message.
• The user datagram is encapsulated in an IP datagram with the source address set
to the new client address, but
• the destination address still is set to the broadcast address to let the other
servers know that their offer was not accepted.
4. Finally, the selected server responds with a DHCPACK message to the client if the
offered IP address is valid.
• If the server cannot keep its offer the server sends a DHCPNACK message and the
client needs to repeat the process.
• This message is also broadcast to let other servers know that the request is
accepted or rejected.
MOBILE IP
• the extension of IP protocol that allows mobile computers to be connected to
the Internet at any location where the connection is possible.
Addressing:
 Stationary Hosts : a host in the Internet does not have an address that it can
carry with itself from one place to another.

 The address is valid only when the host is attached to the network. If the
network changes, the address is no longer valid.

 Routers use this association to route a packet; they use the prefix to deliver the
packet to the network to which the host is attached. This scheme works perfectly
with stationary hosts
Mobile Hosts
• When a host moves from one network to another, the IP addressing structure needs to
be modified
• solutions proposed.
ØChanging the Address
1. let the mobile host change its address as it goes to the new network. The host can
use DHCP to obtain a new address to associate it with the new network.
This approach has several drawbacks.
2. Configuration files would need to be changed.
3. Each time the computer moves from one network to another, it must be rebooted.
4. DNS tables need to be revised so that every other host in the Internet is aware of the
change.
5. If the host roams from one network to another during a transmission, the data
exchange will be interrupted. This is because the ports and IP addresses of the client
and the server must remain constant for the duration of the connection.
Two Addresses
• more feasible is the use of two addresses.
• The host has its original address, called the home address, and a temporary
address, called the care-of address.
• The home address is permanent; it associates the host with its home network,
the network that is the permanent home of the host. The care-of address is
temporary.
• When a host moves from one network to another, the care-of address changes;
it is associated with the foreign network, the network to which the host moves.

Home address and care-of address

Agents
• To make the change of address transparent to the rest of the Internet requires
home agent and a foreign agent.

Home Agent
The home agent is usually a router
attached to the home network of the mobile host. The
home agent acts on behalf of the mobile host when a remote host sends a packet to
the mobile host. The home agent receives the packet and sends it to the foreign
agent.
Foreign Agent
• The foreign agent is usually a router attached to the foreign network.
• The foreign agent receives and delivers packets sent by the home agent to the
mobile host.
• The mobile host can also act as a foreign agent.
• the mobile host and the foreign agent can be the same a mobile host must be able
to receive a care-of address by itself, which can be done through the use of DHCP.
• the mobile host needs the necessary software to allow it to communicate with the
home agent and to have two addresses: its home address and its care-of address.
• When the mobile host acts as a foreign agent, the care-of address is called a
collocated care-of address
• Advantage of using a collocated care-of address is that the mobile host can move to
any network without worrying about the availability of a foreign agent.
• The disadvantage is that the mobile host needs extra software to act as its own
foreign agent
Three Phases
• To communicate with a remote host, a mobile host goes through three phases:
agent, discovery, registration, and data transfer

Remote host and mobile host communication

Agent Discovery
• The first phase in mobile communication, agent discovery, consists of two subphases.
• A mobile host must discover (learn the address of) a home agent before it leaves its home network.
• A mobile host must also discover a foreign agent after it has moved to a foreign network.
• This discovery consists of learning the care-of address as well as the foreign agent’s address.
• The discovery involves two types of messages: advertisement and solicitation.
• Agent Advertisement
• When a router advertises its presence on a network using an ICMP router advertisement, it can append an agent
advertisement to the packet if it acts as an agent
❑ Type. The 8-bit type field is set to 16.
❑ Length. The 8-bit length field defines the total length of the extension message
(not the length of the ICMP advertisement message).
❑ Sequence number. The 16-bit sequence number field holds the message number.
The recipient can use the sequence number to determine if a message is lost.
❑ Lifetime. The lifetime field defines the number of seconds that the agent will
accept requests. If the value is a string of 1s, the lifetime is infinite.
❑ Code. The code field is an 8-bit flag in which each bit is set (1) or unset (0).
 Care-of Addresses. This field contains a list of addresses available for use as care of
Agent advertisement addresses. The mobile host can choose one of these addresses. The selection of
this care-of address is announced in the registration request. Note that this field is
used only by a foreign agent.
1.From Remote Host to Home Agent:
• When a remote host wants to send a packet to the mobile host, it uses its
address as the source address and the home address of the mobile host as the
destination address.
• the remote host sends a packet as though the mobile host is at its home
network. The packet, however, is intercepted by the home agent, which pretends
it is the mobile host.
2. From Home Agent to Foreign Agent
• After receiving the packet, the home agent sends the packet to the foreign agent,
using the tunneling concept.
• The home agent encapsulates the whole IP packet inside another IP packet using
its address as the source and the foreign agent’s address as the destination. Path
2
From Foreign Agent to Mobile Host

• When the foreign agent receives the packet, it removes the original packet.
• since the destination address is the home address of the mobile host, the
foreign agent consults a registry table to find the care-of address of the mobile
host.
• Otherwise, the packet would just be sent back to the home network. The packet
is then sent to the care-of address. Path 3
• From Mobile Host to Remote Host
• When a mobile host wants to send a packet to a remote host (for example, a response to
the packet it has received), it sends as it does normally.
• The mobile host prepares a packet with its home address as the source, and the address
of the remote host as the destination.
• Although the packet comes from the foreign network, it has the home address of the
mobile host. Path 4
• Transparency
• In this data transfer process, the remote host is unaware of any movement by the
mobile host.
• The remote host sends packets using the home address of the mobile host as the
destination address;
• it receives packets that have the home address of the mobile host as the source address.
• The movement is totally transparent. The rest of the Internet is not aware of the
movement of the mobile host.
Inefficiency in Mobile IP

• The inefficiency can be severe or moderate. The severe case is called double
crossing or 2X. The moderate case is called triangle routing or dog-leg routing.
• Double Crossing
• Double crossing occurs when a remote host communicates with a mobile host
that has moved to the same network (or site) as the remote.
• When the mobile host sends a packet to the remote host, there is no
inefficiency; the communication is local.
• when the remote host sends a packet to the mobile host, the packet crosses the
Internet twice.
• Since a computer usually communicates with other local computers (principle of
locality), the inefficiency from double crossing is significant.