Finish Multicast, MPLS, End-to-End Protocols, nmap

CS158a

Chris Pollett

Apr. 20, 2011

Outline

Finish Multicast
MPLS
End-to-end Protocols
nmap

Recalling Multicast so far

Last day, we started talking about IP Multicast.
We talked about how the basic IP Multicast model is many-to-many and is sometimes called Any Source Multicast (ASM).
There is also a one-to-many variant called Source-Specific-Multicast (SSM).
We said the common protocol for managing multicast groups is IGMP for IPv4 and is MDL for IPv6.
Finally, we described how the significant 28 bits of a IP multi-cast address are mapped to the significant 23 bits of an Ethernet multicast address.

Multicast Forwarding and Routing

A router's unicast forwarding table indicates for any packet destined to an IP address which link to use to forward the packet.
In the multicast setting one might have multiple entries in the forwarding table for a given IP address and the router needs to send the packet to each of them.
Thus, if we look at the set of nodes that a packet might follow in each setting, then in the unicast setting they will form a path in the network graph and in the multicast setting they will form a forest of trees.
This forest is called the multicast distribution trees.
We next look at some different routing algorithms for building multicast forwarding tables.

DVMRP (Distance Vector Multicast Routing Protocol)

This is a so-called flood and prune protocol.
When a multicast packet comes into a router with source S, the router checks if it arrived on the port that its fowarding tables says is the shortest path to S. If and only if the answer is yes, the packet is flooded out on each of the other ports.
If two or more routers are connected to the same network, each keeps a parent bit for every forwarding entry. For a given entry, if the parent bit is not set then it doesn't do the forwarding in the above.
Initially this bit is set. When table information is exchanged between routers, the router determines if anyone either has a shorter route or the same length route but smaller address. If so, the bit is turned off.
This completes the description of the flood part of the protocol.
The above mechanism essentially floods the packet to the whole internetwork. Next a pruning mechanism needs to be used to reduce this to just the next networks that have members of the multi-cast group.
If the parent router on a network is the only router on that network then it is a leaf.
Periodically, each host in the group is supposed to send a packet announcing that it is in the group.
When a parent router of a leaf, exchanges (Destination, Cost) pairs with it neighbors, it augments this with the set of groups for which it has hosts.
This information is then propagated from router to router, so that a given router knows for what groups it should forward multicast packets.

PIM-SM (Protocol-independent multicast)

PIM mean the multicast protocol is independent of the unicast routing of the network in question.
The original PIM-DM (dense mode) protocol used a flood and prune algorithm much like DVMRP.
PIM-SM (sparse mode) has become the dominant multicast routing protocol.
Unlike DVRMP, routers in PIM-SM must explicity join the multicast distribution tree using Join messages.
PIM-SM assigns each group a special router called a rendezvous point (RP).
If a router is configured to be an RP it will periodically announce this candidacy to a bootstrap router.
Groups are assigned to RP's by applying a known hash function to the Group IP address to get an RP number.
The multicast forwarding tree is built as a result of sending Join messages using unicast to the RP.
In order to get to an RP, a host looks up the RP IP address in the BSR that correspond to the RP number it got in applying the hash function to the Group IP.
PIM-SM can operate in two modes shared (anyone can send to group) and source specific.

Sending Multicast Data PIM-SM

Once the tree is built, to send to the multicast group a sender sends on its local network to a router known as the designated router (DR), this then opens a tunnel to the RP using a PIM Register message and the packet is sent there, finally the RP then sends the packet to the group.
To make the scheme more efficient the RP sends join messages back along the path to the DR, so the DR can send as native multicast rather than tunneled multicast
The need to make it easier to create so-called source specific multicast led to a variation on PIM-SM called PIM-SSM (source specific multicast), which uses a notion of a channel. A channel is a combination of the source and group address.
To send multi-cast across domains, an extension PIM-SM called Multicast Source Discovery Protocol was devised, that makes use of MSDP peers in each domain.

MPLS

To finish off our discussion of networking we are going to look at one more important protocol: Multiprotocol Label Switching (MPLS).
This protocol combines some of the properties of virtual circuits with the flexibility and robustness of datagrams.
MPLS is mainly used today for:
- To enable IP capabilities on devices that do not have the capability to forward datagrams in the usual manner.
- To forward IP packets along "explicit routes" -- explicit routes that don't necessarily match those that normal IP would select.
- To support certain types of virtual private networks.

More MPLS

The idea of MPLS is to add a label to an IP packet.
When MPLS is enabled on a router, the router allocates a label for each prefix in its routing table.
Basically, it just uses the index of that entry in the table. So if 18.1.1/24 was the 3rd row in the table, the label might be 3.
It advertises this label and network prefix to its neighbors according to the Label Distribution Protocol.
When a packet arrives at the first router in an MPLS network, a label edge router, a complete IP lookup on the packet is done, and the label of the router that the packet should be sent to is applied to that packet.
The packet is then sent to the next router that understand MPLS. This router only needs to look at the label (not the IP address) to know which port to go out on and which label to replace the current label with.
One advantage to doing this is that ATM networks can now be used to forward IP packets using MPLS rather than need to do an special tricks to try to carry the IP packets across the network.
Labels are attached between the layer 2 and layer 3 headers.

End-to-end Protocols

We next want to turn our host-to-host communication of packets ability into a process-to-process communication channel between two hosts.
This is the role of the transport layer.
The transport layer should:
- Guarantee message delivery
- Deliver messages in the same order they are sent
- Deliver at most one copy of each message
- Support arbitrary large messages
- Support synchronization between sender and receiver
- Allow the receiver to apply flow control to the sender
- Support multiple application processes on each host.

Simple Demultiplexer (UDP)

The simplest possible transport protocol is one that extends host-to-host delivery to process-to-process communication.
There are likely to be many processes running on a given host; so this extension involves support for demultiplexing packets arriving at a host and sending them to a particular process.
This is essentially what the User Datagram Protocol (UDP) does.
Processes on a given machine are identified by a port number, which is a two-byte number.
Thus, the UDP header structure is relatively simple:

160 31

Source Port Destination Port

Length Checksum

Data

160	31
Source Port	Destination Port
Length	Checksum
Data

More on Ports

There are different ways that the port might be mapped to a particular process.
The easiest is that certain well-known services live at well-known port numbers.
So the Domain Name Service (DNS) usually receives messages on port 53.
Sometimes communication starts on a well-known port and then the two communicating processes agree on some less frequented port to begin communicating.
This can be generalized by having a group of services for whom clients all initially come to a single common port number when starting communication. Then using a single service called a port mapper they agree on a less common port for the rest of communication.
It should be noted port numbers don't depend on the OS.
The checksum is computed over the UDP header, the datagram data, and a pseudoheader -- the protocol number, and source and destination IP.

Port Scanning (nmap)

It is common to want to know what ports are in use on a given machine.
You might want to do this to find out what kind of traffic is coming into or out of your machine that you are not aware of.
If you see that there seems to be an unknown service on your machine then you could analyze the traffic with tcpdump or Wireshark.
Bad guys might want to know which services are available on a machine in order to decide how to attack your system.
One common tool for checking what ports are in use is nmap http://nmap.org/.

This can be run from the command line with a line like:

nmap IP_address_or_hostname #or
nmap -v -A IP_address_or_hostname #verbose and enable OS detection

nmap supports lots of options to prevent the site you are looking at from detecting the scan as well.